Configuring Jazz for Service Management for a central user registry
You can configure a central user registry, such as a Lightweight Directory Access Protocol (LDAP) registry, for user management and authentication. You can then configure WebSphere® Application Server to use the LDAP user registry as a federated repository.
About this task
Note: When you add a user, you should check that the user
ID that you specify does not already exist in any of the user repositories
thereby avoid difficulties when the new user attempts to log in.
In a network environment that includes a user registry on an LDAP server, you can configure Jazz™ for Service Management to use it. These functions require a central user registry:
- Single sign-on, which authenticates users at the central repository during login and whenever they start another authorized Jazz for Service Management or Tivoli® application.
- Load balancing for Dashboard Application Services Hub, which requires that each application server instance in the cluster use the same central user repository.
Before configuring a central user registry, be sure that the user registry or registries that you plan to identify are started and can be accessed from the computer where you have set up the Jazz for Service Management application server.
For central user repositories, unique IDs are composed
of keys and values separated by a comma (,), that
is, key1=value1,key2=value2,key3=value3. For example, uid=my_name,ou=my_ou_value,dc=ibm,dc=com.
Jazz for Service
Management is
currently limited to using lower case keys in relation to unique IDs.
For example, the following unique IDs do not work:
- UID=my_name,OU=my_ou_value,DC=ibm,DC=com
- uid=my_name,ou=my_ou_value,DC=ibm,DC=com
Attention: If Jazz for Service
Management is
configured with multiple central user repositories, you cannot login
if one remote user repository becomes inaccessible from Jazz for Service
Management,
even if your user ID exists in one of the other repositories. If
you need access in this situation, you have to run WebSphere Application Server commands
to allow access when all repositories are available, or the federated
repositories will not function properly. For more information, refer
to the following links: