Authenticating Tivoli Storage Manager users by using an Active Directory database

You can authenticate Tivoli® Storage Manager users by using an Active Directory database on a Lightweight Directory Access Protocol (LDAP) server. With this method, you use the standard user accounts that are registered with the LDAP server. The same user ID can be used to authenticate to the Tivoli Storage Manager server and to the LDAP server.

Before you begin

Verify that your system meets the following requirements:
  • An Active Directory database must be installed on the LDAP server.
  • If your storage environment includes Tivoli Storage Manager backup-archive clients, they must be at V6.4 or later.
  • If your storage environment includes storage agents that will authenticate node IDs with an LDAP server, the storage agents must use a secure connection, such as Transport Layer Security (TLS) or a virtual private network.

About this task

An overview of the configuration process is shown in the following figure:
Figure 1. Configuring the Tivoli Storage Manager server to authenticate user IDs with an Active Directory database
Before you authenticate user IDs with an LDAP directory server, you must configure the LDAP server and the Tivoli Storage Manager server. The graphic displays the steps that are documented in the table.

After you complete the configuration tasks, Tivoli Storage Manager user IDs are authenticated against the Active Directory database.

Procedure

Complete the configuration steps:
Table 1. Configuration steps
Steps to configure authentication with an LDAP server Where to complete the steps
1. Select an LDAP server and ensure that it is configured for TLS. Follow the instructions in Setting up an LDAP server. LDAP server
2. Select a user ID for the Tivoli Storage Manager server. Follow the instructions in Setting up an LDAP server. LDAP server
3. Copy the trusted certificate on the LDAP server. Follow the instructions in Setting up an LDAP server. LDAP server
4. Add the trusted certificate to the Tivoli Storage Manager server instance directory. Follow the instructions in Installing a trusted certificate on a Tivoli Storage Manager server. Tivoli Storage Manager server
5. Import the trusted certificate into the key database in the server instance directory. Follow the instructions in Installing a trusted certificate on a Tivoli Storage Manager server. Tivoli Storage Manager server
6. Specify a URL for the LDAP server by using the LDAPURL option. Follow the instructions in Specifying a URL for an LDAP server. Tivoli Storage Manager server
7. Specify a user ID for the Tivoli Storage Manager server by using the SET LDAPUSER command. Follow the instructions in Specifying a user ID and password for the Tivoli Storage Manager server. Tivoli Storage Manager server
8. Specify an LDAP user password to the Tivoli Storage Manager server by using the SET LDAPPASSWORD command. Follow the instructions in Specifying a user ID and password for the Tivoli Storage Manager server. Tivoli Storage Manager server
9. Update or register node and administrator IDs to authenticate with an LDAP server. Follow the instructions in Updating node and administrative IDs or Registering node and administrative IDs. Tivoli Storage Manager server