Authenticating users by using an Active Directory database
You can authenticate IBM Spectrum Protect™ users by using an Active Directory database on a Lightweight Directory Access Protocol (LDAP) server. With this method, you use the standard user accounts that are registered with the LDAP server. The same user ID can be used to authenticate to the IBM Spectrum Protect server and to the LDAP server.
Before you begin
Verify that your system meets the following requirements:
- An Active Directory database must be installed on the LDAP server.
- If your storage environment includes backup-archive clients, they must be at V6.4 or later.
- If your storage environment includes storage agents that will authenticate node IDs with an LDAP server, the storage agents must use a secure connection, such as Transport Layer Security (TLS) or a virtual private network.
Restriction: For some types of clients, the client node name and the administrative user ID must match. You cannot authenticate those clients by using the LDAP authentication method that is described in this section. For more information, see technote 7048963.
About this task
An overview of the configuration process is shown in the following figure:
Figure 1. Configuring the IBM
Spectrum Protect server to authenticate user IDs with an Active Directory database
After you complete the configuration tasks, IBM
Spectrum Protect user IDs are authenticated against the Active Directory database.Procedure
Complete the configuration steps:
| Steps to configure authentication with an LDAP server | Where to complete the steps |
|---|---|
| 1. Select an LDAP server and ensure that it is configured for TLS. Follow the instructions in Setting up an LDAP server. | LDAP server |
| 2. Select a user ID for the IBM Spectrum Protect server. Follow the instructions in Setting up an LDAP server. | LDAP server |
| 3. Copy the trusted certificate on the LDAP server. Follow the instructions in Setting up an LDAP server. | LDAP server |
| 4. Add the trusted certificate to the IBM Spectrum Protect server instance directory. Follow the instructions in Installing a trusted certificate on an IBM Spectrum Protect server. | IBM Spectrum Protect server |
| 5. Import the trusted certificate into the key database in the server instance directory. Follow the instructions in Installing a trusted certificate on an IBM Spectrum Protect server. | IBM Spectrum Protect server |
| 6. Specify a URL for the LDAP server by using the LDAPURL option. Follow the instructions in Specifying a URL for an LDAP server. | IBM Spectrum Protect server |
| 7. Specify a user ID for the IBM Spectrum Protect server by using the SET LDAPUSER command. Follow the instructions in Specifying a user ID and password for the IBM Spectrum Protect server. | IBM Spectrum Protect server |
| 8. Specify an LDAP user password to the IBM Spectrum Protect server by using the SET LDAPPASSWORD command. Follow the instructions in Specifying a user ID and password for the IBM Spectrum Protect server. | IBM Spectrum Protect server |
| 9. Update or register node and administrator IDs to authenticate with an LDAP server. Follow the instructions in Updating node and administrative IDs or Registering node and administrative IDs. | IBM Spectrum Protect server |