Product data
Chapter 9. IBM Systems Director Management Console management 227
Users need only one user ID and password, as opposed to multiple accounts
for each management server.
Before LDAP authentication for a new user can be used, the LDAP client needs
to be configured. To configure an LDAP Server for the SDMC using the command
line, a user in the smadmin group can use the cfgldap command. A sample
output is shown in Example 9-9.
Example 9-9 Structure of the cfgldap command
cfgldap --operation s --server ldapserver.mycompany.com --port 389
--base ou=People,dc=ldapserver,dc=mycompany,dc=com
--searchfilter '(&(uid=%v)(objectclass=ePerson))'
--binddn cn=Administrator,dc=ldapserver,dc=mycompany,dc=com
Note: Order might matter when configuring the SDMC as an LDAP client. If
LDAP authentication and authorization is switched on, all user authentication
and authorization relies on it. To avoid unwanted effects, make sure that users
with sufficient properties exist in LDAP beforehand.
Important: You are required to gather at least the following information before
configuring LDAP authentication for SDMC. Run man cfgldap to learn more
information regarding LDAP configuration if you use the smcli cfgldap
command to configure LDAP.
LDAP server host name or IP address.
LDAP port number: Default open port =389, SSL port =636.
LDAPAdminUser or the binding distinguished name (dn) and password.
This is the user that SDMC uses to bind to the LDAP server using
non-anonymous binding. Both anonymous and non-anonymous binding
are supported on IBM Systems Director.
Search Base information
Essentially, this should be the scope of search for user accounts on an
LDAP server. Typically, it will be the root portion or the search base of the
directory hierarchy that you want to search.
For successful configuration, the attributes of search filter, user filter, group
filter, and login attribute are required, as shown in Example 9-9. The
administrator for the LDAP server in question should be able to give you the
information needed.
If you enabled SSL, refer to Implementing IBM Systems Director 6.1,
SG24-7694.