Hi Team,
We are having having IIS 8.7.0.1 installed on LINUX 6.7 Santiago. We have Xmeta, Service Tier and Engine Tier on the same machine. Till date we were using the Internal User registry and it was not shared. So for each user we add to Datastage we have created mapping to DSADMIN id.
Now we have got a request from the client that the current process is to be replaced by Active Directory. Can you please help me with any info you have and any links that might help me to take this request forward.
Additionally I have the below questions, request you to please clarify.
1) Active Directory setting - Would it be enabled only in Service tier?
2) Any change to be made at Engine Tier level to enable Active Directory.
3) Currently we have mapped each user to DS admin and they are able to access the datastage project and through DS admin client we maintain access of each user to the project. Now once the AD is enabled what changes needs to be made to the existing Project permission set-up?
4) Should we delete all the currently set users?
5) Do we do need to do any mapping to DSADMIN id?
Thanks
Switching from local to LDAP User Registry
Moderators: chulett, rschirm, roy
-
Umeshkn1704
- Participant
- Posts: 26
- Joined: Fri Aug 01, 2014 11:47 am
Switching from local to LDAP User Registry
Thanks
Umesh
Umesh
-
ray.wurlod
- Participant
- Posts: 54607
- Joined: Wed Oct 23, 2002 10:52 pm
- Location: Sydney, Australia
- Contact:
The entire process is fully and clearly described in the documentation.
All the work you've done in the internal user registry will be lost.
You need to change the Global Security settings in WebSphere Application Server, then you need to run the AppServerAdmin script to set the new admin user (which will also become your first IIS admin user).
Engine credentials will need to be mapped against AD users, unless you are using the default mapping exclusively.
All your project permissions will need to be re-done, using AD groups/users.
All the work you've done in the internal user registry will be lost.
You need to change the Global Security settings in WebSphere Application Server, then you need to run the AppServerAdmin script to set the new admin user (which will also become your first IIS admin user).
Engine credentials will need to be mapped against AD users, unless you are using the default mapping exclusively.
All your project permissions will need to be re-done, using AD groups/users.
IBM Software Services Group
Any contribution to this forum is my own opinion and does not necessarily reflect any position that IBM may hold.
Any contribution to this forum is my own opinion and does not necessarily reflect any position that IBM may hold.
-
Umeshkn1704
- Participant
- Posts: 26
- Joined: Fri Aug 01, 2014 11:47 am
8.7 - Switching to an LDAP User Registry:
https://www-01.ibm.com/support/knowledg ... ml?lang=en
Also found in the 8.7 Administration Guide on page 46.
http://publibfp.boulder.ibm.com/epubs/pdf/c1934670.pdf
Please note you'll also have to setup PAM (Pluggable Authentication Module) for the DataStage engine - which is documented on page 42.
Also - this may come in handy:
Education Assistant: Configuring Information Server DataStage to use PAM authentication
http://www-01.ibm.com/support/docview.w ... wg27021076
https://www-01.ibm.com/support/knowledg ... ml?lang=en
Also found in the 8.7 Administration Guide on page 46.
http://publibfp.boulder.ibm.com/epubs/pdf/c1934670.pdf
Please note you'll also have to setup PAM (Pluggable Authentication Module) for the DataStage engine - which is documented on page 42.
Also - this may come in handy:
Education Assistant: Configuring Information Server DataStage to use PAM authentication
http://www-01.ibm.com/support/docview.w ... wg27021076
Last edited by asorrell on Thu Mar 03, 2016 10:37 am, edited 1 time in total.
-
ray.wurlod
- Participant
- Posts: 54607
- Joined: Wed Oct 23, 2002 10:52 pm
- Location: Sydney, Australia
- Contact:
-
Umeshkn1704
- Participant
- Posts: 26
- Joined: Fri Aug 01, 2014 11:47 am