LDAP user authentication through the portal server

Prerequisites for configuring LDAP authentication on the portal server
Before configuring LDAP authentication on the Tivoli Enterprise Portal Server, you must create the user accounts in the Tivoli Enterprise Portal and in the authenticating LDAP registry, and have the LDAP registry configuration parameters at hand.

About single sign-on
The single sign-on (SSO) feature provides users with the ability to start other Tivoli web-based or web-enabled applications from the Tivoli Enterprise Portal, or to start the Tivoli Enterprise Portal from other applications, without having to re-enter their credentials. It is also used when IBM Dashboard Application Services Hub retrieves monitoring data from the portal server or the IBM Tivoli Monitoring charting web service is being used by another application.

Roadmap for setting up the portal server to use an LDAP user registry and single sign-on
After the user IDs available for single sign-on (SSO) have been established in the LDAP user registry, enable SSO by completing the tasks in this topic.

Using Manage Tivoli Enterprise Monitoring Services to configure the portal server for LDAP authentication
You can use Manage Tivoli Enterprise Monitoring Services to enable LDAP user authentication and single sign-on in the portal server, and optionally, to configure the LDAP server connection details.

Using the Linux or UNIX command line to configure the portal server for LDAP authentication
If the Tivoli Enterprise Portal Server is on Linux or UNIX, you can enable LDAP user authentication and single sign-on in the portal server, and optionally, configure the LDAP server connection details, by using the itmcmd command line interface.

Using the TEPS/e administration console
The Tivoli Enterprise Portal Server extended services (TEPS/e) has an administrative console (ISCLite) that you can access for configuring an LDAP registry that is not supported by the IBM Tivoli Monitoring installation programs: Manage Tivoli Enterprise Monitoring Services and itmcmd command line configuration utilities.

Mapping Tivoli Enterprise Portal user IDs to LDAP distinguished names
When the portal server is configured to authenticate users using the LDAP user registry, the user logs into the portal server using the unique identifier (UID) value of the relative distinguished name. This name is not necessarily the same as the user ID known to the Tivoli Enterprise Portal. For this reason, Tivoli Enterprise Portal user IDs must be mapped to LDAP distinguished names (which include the UID).

Reconfiguring the browser client for SSO
Reconfigure the browser client to specify the fully-qualified name of the Tivoli Enterprise Portal Server if you want to have SSO capability when you log on to the Tivoli Enterprise Portal from the same computer.

Importing and exporting LTPA keys
Authenticated credentials are shared among participating applications using LTPA keys.

Managing new LDAP users
Whenever new users are added to the portal server's LDAP user registry and those users need to have login access to Tivoli Enterprise Portal or other participating SSO application such as, IBM Dashboard Application Services Hub, you must create a Tivoli Enterprise Portal user ID for the user and map it to their LDAP distinguished name.

Disabling LDAP authentication on the portal server
You might need to disable LDAP authentication to the portal server if errors occur.