LDAP Authentication

rosecity · Post by **rosecity** » Wed Apr 04, 2012 3:20 pm

Hello,

I had a few questions regarding LDAP authentication in DataStage 8.7 running on Linux. I was able to switch DataStage and WebSphere from the internal user registry to LDAP and am able to view LDAP users and groups in the Information Server Web Console.

1) Are there are differences with the credential mapping once you switch to LDAP?

2) I am able to add user Suite and Suite Component roles via the "Add Roles to Multiple Users" option. How do I remove Suite/Suite Component roles?

3) IBM documentation shows it is possible to switch back to the internal registry after LDAP has been set up.

http://publib.boulder.ibm.com/infocente ... ernal.html

Does this require developing the custom registry? As described here:

http://publib.boulder.ibm.com/infocente ... tbucs.html

I encountered an error in the WebSphere Admin Console when trying to switch from LDAP back to Standalone Custom Registry.

Thanks you.

rosecity · Post by **rosecity** » Thu Apr 05, 2012 8:32 am

1) The documentation says that Linux should be configured for PAM before switching the user registry to LDAP. Would I have to switch back to the internal registry, configure PAM, and then go back to LDAP for proper configuration?

2) Thank you. I hadn't noticed that the First and Last name are required before being able to delete roles from users.

3) For this step I did not run the following command:

/opt/IBM/InformationSesrver/ASBServer/bin/DirectoryAdmin.sh -user -userid was_admin_username -password was_admin_password -admin

This solved the error I was receiving in the WebSphere Admin Console which was telling me that the administrative user I was providing did not exist.