Before you can authenticate passwords by using an LDAP directory server, you must configure Secure Sockets Layer (SSL) or Transport Layer Security (TLS) to use the directory server. You must use a trusted certificate that is verified during SSL or TLS communication.
TLS is provided by the Global Security Kit (GSKit) that is installed with the server.
If you use an LDAP directory server to authenticate passwords, you can use the SSL or TLS protocol to secure connections between the Tivoli® Storage Manager server and the LDAP server. When you configure the Tivoli Storage Manager server to work with an LDAP directory server, you must consider the directory server to use before you configure SSL or TLS.
The LDAP directory server must supply a trusted certificate to the Tivoli Storage Manager server. If the Tivoli Storage Manager server determines that the certificate is valid, an SSL or TLS connection is established. If not, the connection fails. The root certificate that is used with the LDAP Directory server certificate must be added to the key database file for the Tivoli Storage Manager server. If the root certificate is not added, the LDAP Directory server certificate cannot be used.
The directory servers that are available are IBM Tivoli Directory Server V6.2 or 6.3 or Windows Active Directory 2003 or 2008. You can configure Tivoli Directory Server with the graphical user interface or with the command-line interface.