Hi
I am using 8.7 Version of IIS. WAS , Engine , Metadata Tier all in same AIX 6.1 box. I am able to use the MS active directories (AD) as the authentication process. I am able to access Business Glossary , Metadata workbench, Fasttrack using LDAP authentication. The challenge , i am facing is with the Datastage. My user is created in Unix using LDAP registry. i am able to login to unix using the LDAP authentication but i am not able to login Datastage using the same authentication. Given all the IIS privilege to the AD group where my ID belongs. Looks like to me that IIS doesnt like the LDAP Authentication at Unix.
When i made the unix id to use the Local Registry ( ie create a local user account in Unix ) with same crendential , it is able to access Datastage.
Please let me know if this is how it works or i am missing some steps to use the LDAP authentication for Datastage. After reading the IBM docs i guess PAM is not required as all are in the same box.
Apprecaite your help.
Thanks
Manish
LDAP Configuration Using Active Directory on AIX
Moderators: chulett, rschirm, roy
LDAP Configuration Using Active Directory on AIX
Thanks
Manish
Manish
-
- Participant
- Posts: 54607
- Joined: Wed Oct 23, 2002 10:52 pm
- Location: Sydney, Australia
- Contact:
-
- Premium Member
- Posts: 425
- Joined: Sat Nov 19, 2005 9:26 am
- Location: New York City
- Contact:
-
- Premium Member
- Posts: 425
- Joined: Sat Nov 19, 2005 9:26 am
- Location: New York City
- Contact:
Manishk,
PAM is required only for the Engine. Basically your services tier (WAS) should be configured to used an LDAP user registry (MS Active Directory) which in your case is already done. Just configure PAM to be able to authenticate DataStage users using your LDAP user registry
Try and let us know you finding
PAM is required only for the Engine. Basically your services tier (WAS) should be configured to used an LDAP user registry (MS Active Directory) which in your case is already done. Just configure PAM to be able to authenticate DataStage users using your LDAP user registry
Try and let us know you finding
Julio Rodriguez
ETL Developer by choice
"Sure we have lots of reasons for being rude - But no excuses
ETL Developer by choice
"Sure we have lots of reasons for being rude - But no excuses
-
- Participant
- Posts: 437
- Joined: Fri Oct 21, 2005 10:00 pm
Are your LDAP and Active Directories in synch with one another? If not, this isn't going to work. If you can have one password in LDAP and another in Active Directory, it will authenticate in one tier and not in the other. I was implementing this at a client site and their user names in LDAP did not match the usernames in active directory, so we couldn't authenticate the users by enabling LDAP and Active Directory.
Keith Williams
keith@peacefieldinc.com
keith@peacefieldinc.com
Thanks to all for the help.
The issue with the registry is reolved. In my case i was using a single server architecture .
If we have to use the LDAP Regaistry for Datastage then PAM with only Engine Tier Configuration will work. Service Tier Configuration is not required. I did the same and it worked.
The issue with the registry is reolved. In my case i was using a single server architecture .
If we have to use the LDAP Regaistry for Datastage then PAM with only Engine Tier Configuration will work. Service Tier Configuration is not required. I did the same and it worked.
Thanks
Manish
Manish