Optimize user authentication to an Active Directory database

IBM Spectrum Protect™ Version 8.1 optimizes the process of authenticating users to an Active Directory database on a Lightweight Directory Access Protocol (LDAP) server.

The process is optimized because of a change in the way that nodes are registered:
  • With IBM Spectrum Protect V7.1.7, when you registered a node, an administrative user ID with the same name was created automatically. This feature caused potential complications for users of the LDAP authentication method that was introduced in IBM Spectrum Protect V7.1.7. With that authentication method, sometimes known as integrated mode, a matching node name and administrative user ID resolve to a single LDAP ID. As a result, automatic password changes could change the same password twice, causing the password to become unknown to the administrative user ID. Alternatively, password update operations could fail.
  • With IBM Spectrum Protect V8.1, when you register a node, no administrative user ID is created automatically. If you want to specify an administrative user ID, you can use the USERID parameter on the REGISTER NODE command. If you use integrated mode for LDAP authentication, ensure that the node name and administrative user ID do not match.
Related tasks:
Authenticating IBM Spectrum Protect users by using an Active Directory database
Registering clients
Related reference:
REGISTER NODE (Register a node)
REGISTER NODE command no longer creates an administrative user ID by default