Configuring Jazz for Service Management for a central user registry

You can configure a central user registry, such as a Lightweight Directory Access Protocol (LDAP) registry, for user management and authentication. You can then configure WebSphere® Application Server to use the LDAP user registry as a federated repository.

About this task

Note: When you add a user, you should check that the user ID that you specify does not already exist in any of the user repositories thereby avoid difficulties when the new user attempts to log in.

In a network environment that includes a user registry on an LDAP server, you can configure Jazz™ for Service Management to use it. These functions require a central user registry:

Single sign-on, which authenticates users at the central repository during login and whenever they start another authorized Jazz for Service Management or Tivoli® application.
Load balancing for Dashboard Application Services Hub, which requires that each application server instance in the cluster use the same central user repository.

Before configuring a central user registry, be sure that the user registry or registries that you plan to identify are started and can be accessed from the computer where you have set up the Jazz for Service Management application server.

For central user repositories, unique IDs are composed of keys and values separated by a comma (,), that is, key1=value1,key2=value2,key3=value3. For example, uid=my_name,ou=my_ou_value,dc=ibm,dc=com. Jazz for Service Management is currently limited to using lower case keys in relation to unique IDs. For example, the following unique IDs do not work:

UID=my_name,OU=my_ou_value,DC=ibm,DC=com
uid=my_name,ou=my_ou_value,DC=ibm,DC=com

Attention: If Jazz for Service Management is configured with multiple central user repositories, you cannot login if one remote user repository becomes inaccessible from Jazz for Service Management, even if your user ID exists in one of the other repositories. If you need access in this situation, you have to run WebSphere Application Server commands to allow access when all repositories are available, or the federated repositories will not function properly. For more information, refer to the following links:

http://pic.dhe.ibm.com/infocenter/wasinfo/v8r5/topic/com.ibm.websphere.nd.multiplatform.doc/ae/rxml_atidmgrrealmconfig.html

Procedure

Set up an LDAP server and create an LDAP user registry for Jazz for Service Management. Ensure that WebSphere Application Server supports the LDAP user registry as a federated repository, for example, IBM Tivoli Directory Server or Microsoft Active Directory Server.
Add the LDAP user registry as a federated repository to the Jazz for Service Management application server.
Configure each Jazz for Service Management application server to use the LDAP federated repository.
Configure the connection to the LDAP server for secure communications.
If you have installed Tivoli Common Reporting, configure the reporting engine to use the LDAP user registry.
- Configuring Cognos-based Tivoli Common Reporting engine with LDAP
- Configuring Cognos-based Tivoli Common Reporting engine with Active Directory