You can authenticate passwords with an LDAP directory server
only after you configure the server.
Procedure
Complete the following steps on the Tivoli® Storage
Manager server to
authenticate passwords with an LDAP directory server:
- Import the key database file from the LDAP directory server.
You can use any method to copy the file from the LDAP directory server
to the Tivoli Storage
Manager server.
- Open the dsmserv.opt file and specify
the LDAP directory server with the LDAPURL option.
Specify the LDAP directory server URL and the base distinguished name
(Base DN) on the LDAPURL option.
Tip: The following options are entered on one line, but are displayed here on multiple lines for readability.
For example, in the dsmsrv.opt file, specify the following values:ldapurl
ldap://server1.storage.us.ibm.com/ou=tsm,
dc=storage,dc=us,dc=ibm,dc=com
The default port is 389. If you want to use a different port number, specify it as part of the LDAPURL option. For example, specify a port of 222 with the following LDAPURL option:ldapurl
ldap://server1.storage.us.ibm.com:222/ou=tsm,
dc=storage,dc=us,dc=ibm,dc=com
- Restart the Tivoli Storage
Manager server.
- Issue the SET LDAPUSER command
to specify the ID of the user who can administer Tivoli Storage
Manager operations
on the LDAP directory server. This user ID must have full administrative
authority over the Base DN and be able to add, delete, and modify
all Base DN entries. For example, issue the following SET LDAPUSER command for LDAP Directory Servers:
set ldapuser "uid=jackspratt,ou=users,o=ibm.com,c=us"
For example, issue the following
SET LDAPUSER command for Windows Active Directory servers and other directory servers:
set ldapuser "cn=Jack Spratt,cn=users,dc=storage,dc=us,dc=ibm,dc=com"
- Issue the SET LDAPPASSWORD command to
define the password for the user ID that is defined in the LDAPUSER option. For example, issue the following SET LDAPPASSWORD command:
set ldappassword "boX=T^p$"