IBM Support

Correct suffix for use with ISAM 8 Federated User Registry, using AD

Question & Answer


Question

When setting up federated user registry for Microsoft Active Directory within IBM Security Access Manager for Web 8, how does one determine the proper 'Suffix' to configure?

Answer

When setting up Federated User Registry for use with Active Directory, during the configuration phase, the administrator needs to configure the proper Suffix.

In the example below




The 'Suffix' is dc=lance,dc=net

To determine the correct suffix, an LDAP search can be executed.

Example:
idsldapsearch -h adsystem -p 389 -D cn=Administrator,cn=Users,dc=lance,dc=net -w <PASSWORD> -b "" -s base objectClass=*

For my example, you get output similar to this:
**NOTE** Actual output has more data

currentTime=20150330145355.0Z
subschemaSubentry=CN=Aggregate,CN=Schema,CN=Configuration,DC=lance,DC=net
dsServiceName=CN=NTDS Settings,CN=ADSYSTEM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=lance,DC=net
namingContexts=DC=lance,DC=net
namingContexts=CN=Configuration,DC=lance,DC=net
namingContexts=CN=Schema,CN=Configuration,DC=lance,DC=net
namingContexts=DC=DomainDnsZones,DC=lance,DC=net
namingContexts=DC=ForestDnsZones,DC=lance,DC=net
defaultNamingContext=DC=lance,DC=net
schemaNamingContext=CN=Schema,CN=Configuration,DC=lance,DC=net
configurationNamingContext=CN=Configuration,DC=lance,DC=net
rootDomainNamingContext=DC=lance,DC=net


The first NamingContext should be the correct suffix.

namingContexts=DC=lance,DC=net

**NOTE** This is just an example, please contact your Active Directory Administrator, if you wish to federate another context.

[{"Product":{"code":"SSPREK","label":"Tivoli Access Manager for e-business"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"WebSeal AMP Appliance","Platform":[{"code":"PF004","label":"Appliance"}],"Version":"8.0;8.0.0.2;8.0.0.4;8.0.0.5;8.0.1;8.0.1.2","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Product Synonym

ISAM8 ISAM WGA

Document Information

Modified date:
16 June 2018

UID

swg21700869

Page Feedback