DSXchange

Hi I will me configuring LDAP Authentication on Linux for IIS 11.3.

I am wondering if Active directories comes in to picture how do I give super operator , ds developer, project manager roles ?

Any suggestions are highly appreciated

Still done via the DS Console.
Assigne Suite User to group. Assign DataStage/Quality Stage tool access.
Then go into Administrator tool and add Group to project and assign role.

You will find it beneficial (essential) to use the Filter capability to isolate the Active Directory group or user names to which you need to assign Information Server roles, whether suite roles, product/component roles or project roles.

Thank you for responding

So basically once I configure PAM and LDAP authentication (WAS console).

When sure is created on Active directory .I should be able to use filter capability in IIS console to find the user by user name .

Open user and give roles on IIS console.

then in Admin client provide role .
Does Linux (OS admin) has to do any configurations between OS and Active directory ?

Is that all. Please correct me if I am wrong .

If Linux (through PAM) is using the same Active Directory instance that you're using for Information Server, then you can simply record that the user registry is "shared" and you don't do anything at all with engine credentials.

If, on the other hand, Information Server is using LDAP but Linux is not, then you will need to set up engine credentials - at least for the "default" user, and possibly for specific individuals who have logins on Linux to which they want to map for some reason.

you must have provided valuiable info.since I am not premium user I am able to see after "share"...

but thats fine..

Looks after I set up PAM ,AD should take care of creating users.

In IIS console and Admin client I have to set roles.

Curious. You are marked as Premium User. Has your subscription expired?

yes now I see it expired.
May be I have to reactivate it ...



I am still in process in setting up Active directory on LINUX RedHat

I am using 64bit (datastage and oslevel)

/lib/security/pam_stack.so file is missing .
/lib64/security/pam_stack.so file is missing .
How to get this file? will sysadmin installs it ?

read IBM doc to create dsepam file in /etc/pam.d/

since this is linux

I see two entries
1) #%PAM-1.0
# for engine PAM authentication
auth include system-auth
account include system-auth
password include system-auth
session include system-auth

2)#%PAM-1.0
auth required /lib64/security/pam_stack.so service=system-auth
password required /lib64/security/pam_stack.so service=system-auth
account required /lib64/security/pam_stack.so service=system-auth

which one should I follow?

Thanks,
Peep

for ldap authentication IBM has information in parts wise
one document talks about PAM and share registries
another document talks about configuring with PAM file by creating pam.d
another document guides to log into web console->global security -->change authentication type
really confusing ....


basically I am try to have single ID creating thats it .
so I know mofidying uvconfig and regen-ing the dsengine
In IIS console check share registries

looks like OS should be configured with ldap server (AD) right ?
if yes ..any insight on it ?
please share ...

It'd certainly be easier. That's what "shared" registry means - both IIS and the OS are using the same user registry.