DSXchange

A short text to describe your forum
http://dsxchange.com./

LDAP Configuration Using Active Directory on AIX

http://dsxchange.com./viewtopic.php?f=72&t=145038

Page 1 of 1

LDAP Configuration Using Active Directory on AIX

Posted: Mon Mar 19, 2012 7:43 pm
by manishk
Hi

I am using 8.7 Version of IIS. WAS , Engine , Metadata Tier all in same AIX 6.1 box. I am able to use the MS active directories (AD) as the authentication process. I am able to access Business Glossary , Metadata workbench, Fasttrack using LDAP authentication. The challenge , i am facing is with the Datastage. My user is created in Unix using LDAP registry. i am able to login to unix using the LDAP authentication but i am not able to login Datastage using the same authentication. Given all the IIS privilege to the AD group where my ID belongs. Looks like to me that IIS doesnt like the LDAP Authentication at Unix.
When i made the unix id to use the Local Registry ( ie create a local user account in Unix ) with same crendential , it is able to access Datastage.

Please let me know if this is how it works or i am missing some steps to use the LDAP authentication for Datastage. After reading the IBM docs i guess PAM is not required as all are in the same box.

Apprecaite your help.
Thanks
Manish

Posted: Mon Mar 19, 2012 7:53 pm
by ray.wurlod
Looks to me like you've missed the Engine Credentials step.

Posted: Mon Mar 19, 2012 8:07 pm
by manishk
ray.wurlod wrote:Looks to me like you've missed the Engine Credentials step. ...
Thanks Ray .. but i used the Shared option there. "Share User Registry". So there is no other option to map.

Posted: Mon Mar 19, 2012 9:29 pm
by JRodriguez
Manish,

PAM is required even all tiers are hosted in same box

Regards

Posted: Tue Mar 20, 2012 6:22 am
by manishk
Thanks Rodriguez

Do we need service tier PAM configuration along with engine tier pam configuration or only engine tier Pam configuration will work ?

Posted: Tue Mar 20, 2012 8:12 am
by JRodriguez
Manishk,

PAM is required only for the Engine. Basically your services tier (WAS) should be configured to used an LDAP user registry (MS Active Directory) which in your case is already done. Just configure PAM to be able to authenticate DataStage users using your LDAP user registry

Try and let us know you finding

Posted: Tue Mar 20, 2012 8:55 am
by kwwilliams
Are your LDAP and Active Directories in synch with one another? If not, this isn't going to work. If you can have one password in LDAP and another in Active Directory, it will authenticate in one tier and not in the other. I was implementing this at a client site and their user names in LDAP did not match the usernames in active directory, so we couldn't authenticate the users by enabling LDAP and Active Directory.

Posted: Tue Mar 20, 2012 11:29 am
by manishk
Thanks to all for the help.

The issue with the registry is reolved. In my case i was using a single server architecture .

If we have to use the LDAP Regaistry for Datastage then PAM with only Engine Tier Configuration will work. Service Tier Configuration is not required. I did the same and it worked.
All times are UTC-06:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited