Hi,
I would like to know the steps involved while changing Custom user registry to LDAP?
Appreciate if anyone has implemented it and can share their views about it.
Thanks
IIS - LDAP authentication
Moderators: chulett, rschirm, roy
-
ray.wurlod
- Participant
- Posts: 54607
- Joined: Wed Oct 23, 2002 10:52 pm
- Location: Sydney, Australia
- Contact:
The steps are documented in detail in Chapter 10 of the installation guide.
The secret is plan, plan again, document your plan and get a second opinion.
Back up the existing, working system.
You need an LDAP user authorized to query the LDAP-compliant user registry.
Configure LDAP in WebSphere Application Server, then switch it to LDAP authentication saving the results if the test connection succeeds.
Use AppServerAdmin.sh to spread the news to all applications that need to know.
Use DirectoryAdmin.sh to clean out the internal user registry in Information Server if necessary.
Use Web Console for Information Server to grant suite and suite component roles and DataStage credentials to LDAP users. (How you do the DataStage credentials will depend on whether you're using PAM on the UNIX/Linux machine where the engine tier is installed.)
The secret is plan, plan again, document your plan and get a second opinion.
Back up the existing, working system.
You need an LDAP user authorized to query the LDAP-compliant user registry.
Configure LDAP in WebSphere Application Server, then switch it to LDAP authentication saving the results if the test connection succeeds.
Use AppServerAdmin.sh to spread the news to all applications that need to know.
Use DirectoryAdmin.sh to clean out the internal user registry in Information Server if necessary.
Use Web Console for Information Server to grant suite and suite component roles and DataStage credentials to LDAP users. (How you do the DataStage credentials will depend on whether you're using PAM on the UNIX/Linux machine where the engine tier is installed.)
IBM Software Services Group
Any contribution to this forum is my own opinion and does not necessarily reflect any position that IBM may hold.
Any contribution to this forum is my own opinion and does not necessarily reflect any position that IBM may hold.