IBM Content Manager, Version 8.5.0.3      Supports:  IBM Content Navigator     

Integrating LDAP with Content Manager EE

To integrate LDAP with your content management system, you must set up Content Manager EE to connect with LDAP, import the LDAP users to the library server, and set up LDAP user authentication.

The end-to-end process to integrate LDAP with your Content Manager EE system includes the following high-level groups of tasks:
  • Set up the LDAP configuration in the content management system.
    • Generate the properties file to contain LDAP connection information.
    • Create a test user to test the LDAP connection with the LDAP user search function in the system administration client.
    • Add the properties file to the library server and resource manager as required by your configuration.
  • Import LDAP users into the library server. To use the most efficient method, set up the LDAP user import utility to import the users and synchronize user data after the initial import action.
  • Set up LDAP user authentication.
    • Install the Content Manager EE LDAP user exit that sends LDAP user information to the LDAP server for authentication.
    • Install the IBM® Tivoli® Directory Server client on the library server machine. This client contains the libraries that the LDAP user exit requires during user authentication.
    • Optionally, set up Secure Sockets Layer (SSL) for LDAP authentication.
    • Validate an LDAP user log on action with one of the Content Manager EE clients to confirm that LDAP users can log on to the Content Manager EE clients.

To integrate and validate LDAP with your Content Manager EE system, use the following steps.

  1. Verifying the LDAP prerequisites
    Before you begin the steps to integrate LDAP with Content Manager EE, you must ensure that the prerequisite hardware and software are correctly installed.
  2. Generating the properties file
    The cmbcmenv.properties file is used by the system administration client utility program for importing users from the LDAP server. The library server and the resource manager might also require this file for user authentication, based on the configuration of your system.
  3. Testing the LDAP connection by searching for an LDAP user with the manual import function
    After you generate the LDAP properties file, test the connection to the LDAP server by searching for an LDAP user with the manual user import process.
  4. Installing the properties file on the library server
    If the library server is on a different machine than the system administration client, the library server requires the cmbcmenv.properties file for user authentication from the LDAP server.
  5. Installing the properties file on the resource manager
    If you want to manage and authenticate the resource manager administrator ID through LDAP, then you must import the contents of cmbcmenv.properties file into the RMCONFIGURATION table of the resource manager database. The default resource manager administrator ID is rmadmin.
  6. Importing and synchronizing LDAP users and user groups with the LDAP user import utility
    You use the LDAP user import utility to set up filter criteria and a schedule to import LDAP users and user groups. The schedule that you configure with the utility also synchronizes LDAP user IDs imported to the library server database with the users and user groups in the LDAP directory server.
  7. Installing the user exit for LDAP authentication
    The ICMXLSLG.DLL user exit sends user information to the LDAP server for authentication.
  8. Installing prerequisite software for LDAP user authentication
    The IBM Directory client SDK is prerequisite software for LDAP user authentication. If you plan to use Secure Sockets Layer (SSL) with your LDAP user authentication, then you must install the Global Security Kit (GSKit) as another prerequisite.
  9. Optional: Enabling SSL for LDAP server communication
    For added security, you can configure Secure Sockets Layer (SSL) for LDAP user authentication.
  10. Validating an LDAP user logon
    The final step of LDAP integration is to validate that an imported LDAP user ID can log on to one of the Content Manager EE clients.
Parent topic: Managing users with LDAP
Related reference:
Troubleshooting LDAP integration

Last updated: June 2015
mua10206.htm

© Copyright IBM Corporation 2015.