Before configuring LDAP authentication on the Tivoli® Enterprise Portal Server, you must create the user accounts in the Tivoli Enterprise Portal and in the authenticating LDAP registry, and have the LDAP registry configuration parameters at hand.
Parameter | Description |
---|---|
LDAP type | One of the following types of LDAP servers can
be defined to the portal server using the Tivoli Management
Services installation and configuration
utilities:
|
LDAP base | This parameter specifies distinguished name (DN) for the base entry in the LDAP registry. It is the starting point for user searches in the LDAP server. For example, for a user with a distinguished name of cn=John Doe,ou=Rochester,o=IBM,c=US, specify ou=Rochester,o=IBM,c=US for this parameter. Note: If you use the TEPS/e administration
console to configure
LDAP, this parameter is called Distinguished name of the
base entry in the repository in the TEPS/e administration
console.
|
LDAP DN base entry | The default value is o=ITMSSOEntry. However, best practice is to choose a value that is more meaningful for your organization. Typically, you set this parameter to the distinguished name of the base entry in the LDAP registry for the portal server users. For example, for a user with a distinguished name of cn=John Doe,ou=Rochester,o=IBM,c=US, specify ou=Rochester,o=IBM,c=US for this parameter. However, when multiple LDAP repositories
are being configured for the portal server, use this field to define
an additional distinguished name (DN) that uniquely identifies the
set of LDAP users from this LDAP server. For example, the LDAP1 registry
and the LDAP2 registry might both use o=ibm,c=us as
their base entry. In this case, use this parameter to uniquely specify
a different base entry for each LDAP server within the realm. For
example, specify o=ibm1,c=us when configuring the
LDAP1 registry and o=ibm2,c=us when
configuring the LDAP2 registry.
Note: If you have
multiple LDAP registries, they cannot contain any overlapping user
names.
The value of this parameter is displayed in the Tivoli Enterprise Portal Administer Users dialog when you list the distinguished names that can be mapped to Tivoli Enterprise Portal user IDs. Note: If you use the TEPS/e administration
console to configure
LDAP, this parameter is called Distinguished name of the
base entrythat uniquely identifies this set of entries in the realm in
the TEPS/e administration
console.
|
LDAP bind ID | This is the LDAP user ID for bind authentication, in LDAP notation, and must be authorized to search for LDAP users. The bind ID can be omitted if an anonymous user can search for LDAP users. |
LDAP bind password | This is the LDAP user password for LDAP bind authentication. This value can be omitted if an anonymous user can bind to your LDAP server. This value is encrypted by the installer. |
LDAP port number | This is the port number that the LDAP server is listening on. This value can be omitted if the port is 389. |
LDAP host name | This is the hostname or IP address of the LDAP server. It can be omitted if the LDAP server is on the same computer as the portal server. If you are using Microsoft Active Directory, use the hostname of a domain controller within the Active Directory Forest that is hosting the user accounts for the portal server. |
Parameter | Description |
---|---|
Domain name | This is the Internet or Intranet domain for which SSO
is configured, for example mycompany.com. Only applications available
in this domain or its sub-domains are enabled for SSO. Example:
|
Realm name | A realm identifies a set of federated repositories
in TEPS/e and other WebSphere® Application
Servers. You can choose your own realm name, but this value must be
the same across all applications that are configured for SSO within
the specified domain. Applications configured for the same domain
name, but for a different realm name, cannot work as a part of the
same SSO infrastructure. Example:
|