Tivoli® Storage Manager requires the server to identify authorized administrator IDs and nodes by using a password. You can authenticate administrator and node passwords with a Lightweight Directory Access Protocol (LDAP) directory server.
Steps to authenticate passwords with an LDAP directory server | Where to complete the steps |
---|---|
1. Set up an LDAP directory server | LDAP server |
2. Create the Base DN (distinguished name) | LDAP server |
3. Create a user ID or identify an existing user ID that the Tivoli Storage Manager server can use | LDAP server |
4. Grant the user ID access to the Base DN | LDAP server |
5. Copy the trusted certificate from the LDAP directory server to the Tivoli Storage Manager server | LDAP server |
6. Import the trusted certificate from the LDAP directory server to the Tivoli Storage Manager server. If you already have a certificate on the LDAP directory server, you do not have to generate a new certificate. You can use the existing certificate to secure communication between the LDAP directory server and the Tivoli Storage Manager server. | Tivoli Storage Manager server |
7. Configuring the LDAPURL option | Tivoli Storage Manager server |
8. Define the user ID that administers node and administrator passwords with the LDAP directory server | Tivoli Storage Manager server |
9. Define the password for the user ID that administers node and administrator passwords | Tivoli Storage Manager server |
10. Update or register node or update or register administrator IDs to authenticate with an LDAP directory server | Tivoli Storage Manager server |
The LDAP directory server interprets letters differently from the Tivoli Storage Manager server. The LDAP directory server distinguishes the case that is used, either uppercase or lowercase. For example, the LDAP directory server can distinguish between secretword and SeCretwOrd. The Tivoli Storage Manager server interprets all letters for LOCAL passwords as uppercase.
uid=jackspratt,ou=users,o=ibm.com,c=us
uid=cbukowski,ou=marketing,o=ibm.com,c=us
uid=abbysmith,ou=sales,o=ibm.com,c=us
In this example, the value of user ID is jackspratt. The organizational unit (users), organization (ibm.com), and country (us) comprise the DN.cn=Jack Spratt,cn=users,dc=storage,dc=us,dc=ibm,dc=com
In this example, the value of the first cn is for a user ID with a common name of Jack Spratt. The DN consists of the common names and the domain names.set ldapuser "cn=Jack Spratt,cn=users,dc=storage,dc=us,dc=ibm,dc=com"
then uid=jackspratt,ou=media,cn=security is the bind DN for the LDAP directory server.