Authenticating IBM Storage Protect users by using an LDAP server
Within an IBM Storage Protect system, users must authenticate to the server by providing a user ID and password. If your organization uses a Lightweight Directory Access Protocol (LDAP) server to manage user IDs, you can use the LDAP server to authenticate IBM Storage Protect user IDs.
You can use one of the following methods to authenticate users with an LDAP server:
- Method that is preferred for IBM Tivoli Storage Manager 7.1.7 and later, and for IBM Storage Protect 8.1 and later servers
- To use this method, sometimes known as integrated mode, user IDs must be registered
in an Active Directory database on an LDAP server. Then, you register the same users with the
IBM
Storage Protect server. When a registered user ID accesses
the IBM
Storage Protect server, the credentials are
authenticated against the Active Directory database. Tip: You can use an external directory service, such as an Active Directory database on an LDAP server, to provide complex password rules and other password management capabilities beyond the capabilities of IBM Storage Protect. In this way, you can provide an extra layer of protection for your system.
To use this method, follow the instructions in Authenticating users by using an Active Directory database.
- Method that is used for servers earlier than version 7.1.7, and by IBM® Security Directory Server users
- To use this method, user IDs must be registered in an Active Directory database on an LDAP server. Alternatively, user IDs can be registered in an IBM Security Directory Server (formerly IBM Tivoli® Directory Server) database on an LDAP server. With this method, you cannot use the standard user accounts that are registered with the LDAP server. You must create separate user accounts that are associated with a specific organizational unit. To use this method, follow the instructions in Managing passwords and logon procedures (version 7.1.1).