Authenticating Tivoli Storage Manager users by using an Active Directory database
You can authenticate Tivoli® Storage Manager users by using an Active Directory database on a Lightweight Directory Access Protocol (LDAP) server. With this method, you use the standard user accounts that are registered with the LDAP server. The same user ID can be used to authenticate to the Tivoli Storage Manager server and to the LDAP server.
Before you begin
Verify that your system meets the following requirements:
- An Active Directory database must be installed on the LDAP server.
- If your storage environment includes Tivoli Storage Manager backup-archive clients, they must be at V6.4 or later.
- If your storage environment includes storage agents that will authenticate node IDs with an LDAP server, the storage agents must use a secure connection, such as Transport Layer Security (TLS) or a virtual private network.
About this task
An overview of the configuration process is shown in the following figure:
Figure 1. Configuring the Tivoli Storage
Manager server to authenticate user IDs with an Active Directory database
After you complete the configuration tasks, Tivoli Storage
Manager user IDs are authenticated against the Active Directory database.Procedure
Complete the configuration steps:
Steps to configure authentication with an LDAP server | Where to complete the steps |
---|---|
1. Select an LDAP server and ensure that it is configured for TLS. Follow the instructions in Setting up an LDAP server. | LDAP server |
2. Select a user ID for the Tivoli Storage Manager server. Follow the instructions in Setting up an LDAP server. | LDAP server |
3. Copy the trusted certificate on the LDAP server. Follow the instructions in Setting up an LDAP server. | LDAP server |
4. Add the trusted certificate to the Tivoli Storage Manager server instance directory. Follow the instructions in Installing a trusted certificate on a Tivoli Storage Manager server. | Tivoli Storage Manager server |
5. Import the trusted certificate into the key database in the server instance directory. Follow the instructions in Installing a trusted certificate on a Tivoli Storage Manager server. | Tivoli Storage Manager server |
6. Specify a URL for the LDAP server by using the LDAPURL option. Follow the instructions in Specifying a URL for an LDAP server. | Tivoli Storage Manager server |
7. Specify a user ID for the Tivoli Storage Manager server by using the SET LDAPUSER command. Follow the instructions in Specifying a user ID and password for the Tivoli Storage Manager server. | Tivoli Storage Manager server |
8. Specify an LDAP user password to the Tivoli Storage Manager server by using the SET LDAPPASSWORD command. Follow the instructions in Specifying a user ID and password for the Tivoli Storage Manager server. | Tivoli Storage Manager server |
9. Update or register node and administrator IDs to authenticate with an LDAP server. Follow the instructions in Updating node and administrative IDs or Registering node and administrative IDs. | Tivoli Storage Manager server |