IBM Support

Questions about Lightweight Directory Access Protocol and how it is used by the Content Manager Enterprise Edition resource manager.

Technote (FAQ)


Question


How is Lightweight Directory Access Protocol (LDAP) used by the Content Manager Enterprise Edition (Content Manager) resource manager?

What difference in behavior should we expect if we use LDAP for user import or authentication by the Content Manager library server, but remove the LDAP configuration properties from the RMCONFIGURATION table?

Under what circumstances is it permissible to remove the LDAP configuration properties from the RMCONFIGURATION table?

What are the valid values for the CMCOMMON_LDAP property found in the RMCONFIGURATION table in the resource manager database?

Answer

  1. How is Lightweight Directory Access Protocol (LDAP) used by the Content Manager Enterprise Edition (Content Manager) resource manager?
    1. LDAP can be used to authenticate the system administration client to the resource manager
      Note: this is not the user ID used to log on to the system administration account, but the user ID identified as the resource manager system administrator (RMADMIN by default, although this ID could have a different name in your environment).
    2. This is the only current use of LDAP by the resource manager.
  2. What difference in behavior should we expect if we use LDAP for user import or authentication by the Content Manager library server, but remove the LDAP configuration properties from the RMCONFIGURATION table?
    1. None. The library server does not read from the RMCONFIGURATION table during user import or authentication.
    2. Changes to the LDAP settings in the RMCONFIGURATION table are transparent to the library server during user import or authentication.
  3. Under what circumstances is it permissible to remove the LDAP configuration properties from the RMCONFIGURATION table?
    1. The LDAP configuration properties can be removed from the RMCONFIGURATION table at any time.
    2. If you remove the LDAP configuration properties from the RMCONFIGURATION table, you must ensure that the system administration access to the resource manager still functions; furthermore, if needed, reset the password in the RMACCESS table for ACC_USERID=0 to match the password entered in the library server resource manager properties panel in the system administration client.
  4. What are the valid values for the CMCOMMON_LDAP property found in the RMCONFIGURATION table in the resource manager database?
    1. The other LDAP configuration property values found in the RMCONFIGURATION table only apply if the CMCOMMON_LDAP property value is set to "enabled" (any value other than "enabled" for the CMCOMMON_LDAP property value is assumed to be the same as setting this value to disabled).
    2. The RMCONFIGURATION table definition, including the LDAP properties, is described here.
    3. The LDAP configuration properties and values found in the RMCONFIGURATION table are taken from the system administration client LDAP configuration and are imported into the RMCONFIGURATION table during the Content Manager version 8.4.2 resource manager configuration process to avoid having to read a properties file repeatedly from disk.
    4. The cmbcmenv.properties file entries are described here.

Related information

Configure the resource manager application
DGL5162A error when you tried to access the resource ma
Define LDAP server

Document information

More support for: Content Manager Enterprise Edition
Resource Manager

Software version: 8.4.2, 8.4.2.1

Operating system(s): AIX, Linux, Solaris, Windows

Software edition: Enterprise

Reference #: 1426730

Modified date: 23 April 2010