Configure the Identity external user registry

Use the Identity External User Registry Configuration page to configure, reconfigure, or unconfigure the external user registry for the IBM Security Identity Manager virtual appliance.

Make sure to add the required users to the Identity external user registry before you work from the Identity External User Registry Configuration page.

See Add required users to the external user registry.

Configure, reconfigure, or unconfigure the external user registry options. See Table 1.

Button Identity external user registry options
Configure

External registry type
Select an external registry type from the list:
  • IBM Security Directory Server
  • Oracle Directory Server
  • Microsoft Active Directory

Host name
Name of the server hosting the directory server.

The acceptable formats for the host name are FQDN, IPv4, and IPv6. For example, isimldap.example.com.

Port
Directory service port.

For example, 389.

We can select or clear the SSL check box to manage the secure connection.

Principal DN
Principal distinguished name.

For example, cn=root.

Password
Password for the principal distinguished name.

External registry DN location
Location of the external registry DN.

For example, dc=com.

Identity Manager system user
Name for ISIM system user.

For example, isimsystem.

Identity Manager system user password
Password for ISIM system user.

User Filter
Filters the registry for ISIM user. Specify the LDAP filter that is based on the directory server attributes.

For example.

For Directory Server, (&(uid=%v)(objectclass=inetOrgPerson)) utilizes user IDs (uid) and the inetOrgPerson object class to find the users..

At run time, %v is replaced with the uid attribute of user, which must be a unique key within the same object class in LDAP and uid must be part of the DN. DN might be in the following form dn:uid=isimsystem, dc=com.

Reconfigure

External registry type
Select an external registry type from the list:
  • IBM Security Directory Server
  • Microsoft Active Directory
  • Oracle Directory Server

Host name
Name of the server hosting the directory server.

The acceptable formats for the host name are FQDN, IPv4, and IPv6. For example, isimldap.example.com.

Port
Directory service port.

For example, 389.

We can select or clear the SSL check box to manage the secure connection.

Principal DN
Principal distinguished name.

For example, cn=root.

Password
Password for the principal distinguished name.

External registry DN location
Location of the external registry DN.

For example, dc=com.

Identity Manager system user
Name for ISIM system user.

For example, isimsystem.

Identity Manager system user password
Password for ISIM system user.

User Filter
Filters the registry for ISIM system user. Specify the LDAP filter that is based on the directory server attributes.

For example.

For Directory Server, (&(uid=%v)(objectclass=inetOrgPerson)) utilizes user IDs (uid) and the inetOrgPerson object class to find the users..

At run time, %v is replaced with the uid attribute of user, which must be a unique key within the same object class in LDAP and uid must be part of the DN. DN might be in the following form dn:uid=isimsystem, dc=com.

  1. From the top-level menu of the Appliance Dashboard, click Configure > Manage Server Setting > Identity External User Registry Configuration. The Identity External User Registry Configuration page displays the Identity External User Registry Configuration table.

  2. Click Configure.

  3. In the Identity External User Registry Configuration Details window, specify the expected variable values. See Table 1.

  4. Click Save Configuration to complete this task.

    A window with certificate information is displayed if we selected the SSL check box during configuration.

  5. Click Yes to confirm. The external user registry configuration takes some time. Do not refresh or close the page. Wait for the configuration process to complete. A message in the Notifications widget indicates you to restart ISIM Server.

  6. From the Server Control widget, do these steps.

    1. Select Security Identity Manager server.

    2. Click Restart.
    See View the Server Control widget.
  7. Synchronize the member nodes of the cluster with the primary node. See Synchronizing a member node with a primary node.

  8. From the Server Control widget, restart ISIM Server again on the primary node.

  9. Log on to ISIM Console from the primary node using the Identity external user registry user credentials.

  10. Optional: To reconfigure an existing Identity external user registry, do these steps: Before reconfiguring, create a snapshot to recover from any configuration failures. See Manage the snapshots.

    1. From the Identity External User Registry Configuration table, select a record. For example, IBM Security Identity Manager User Registry.

    2. Click Reconfigure.

    3. In the Edit Identity External User Registry Configuration Details window, edit the configuration variables. See Table 1.

    4. Click Save Configuration to complete this task. A window opens that displays the certificate information.

    5. Click Yes to confirm. The external user registry reconfiguration takes some time. Do not refresh or close the page. Wait for the reconfiguration process to complete.

  11. Optional: To unconfigure an existing external user registry, do these steps:

    1. From the Identity External User Registry Configuration table, select a record.

    2. Click Unconfigure.

    3. Click Yes to confirm.

Parent topic: Virtual appliance configuration