Product data

226 IBM Systems Director Management Console: Introduction and Overview
Optionally, you can specify a user description (Description), an SSH session
timeout (the default is 0, which means no SSH session timeout), and an
password expiration (the default is 180 days).
By default, the box for membership in the smuser local OS group is checked. If
necessary, the group membership can be changed or added to by checking the
boxes for the smadmin, smmgr, and smmon local OS groups.
The mkuser command can also be used to create a user. Example 9-7 shows an
example of how to accomplish this task. For detailed information about the
command’s options, refer to Table A-31 on page 383 or run the smcli mkuser
--help command.
Example 9-7 Creating a user using the CLI
sysadmin@sdmca:~> smcli mkuser -u newUser -p newPassword -g smadmin
User created successfully
To list the newly created user and their properties using the command line, issue
the smcli lsuser command (Example 9-8).
Example 9-8 Listing a user using smcli lsuser
sysadmin@sdmca:~> smcli lsuser
newUser
pe
root
sysadmin
LDAP
SDMC can use an LDAP server to authenticate and authorize a user logging in.
LDAP is an open protocol that uses TCP/IP to provide access to directories that
support an X.500 model. Managing user information with LDAP instead of the
local operating system is particularly useful when there is a large number of
users who use the SDMC.
Additionally, there are advantages to user handling in LDAP, even if the number
of users in SDMC is small:
򐂰 Many companies already have existing LDAP directories of employees that
can be used for SDMC user management. These existing directories save the
time and effort required to create new user accounts on the management
server.
򐂰 An administrator can immediately modify or terminate a user's access on all
instances of SDMC by changing the user's LDAP group memberships or by
removing the user's LDAP entry.