IBM Tivoli Monitoring > Version 6.3 Fix Pack 2 > Administrator's Guide > Enable user authentication > LDAP user authentication using Microsoft Active Directory
IBM Tivoli Monitoring, Version 6.3 Fix Pack 2
Create and configure the portal server user accounts and permissions, if desired
Skip this step: If you do not want to use an LDAP server to authenticate Tivoli Enterprise Portal users and you do not need to configure single sign-on for integration with other products such as IBM Dashboard Application Services Hub.
Each Active Directory account previously created requires a matching Tivoli Enterprise Portal user account. The Tivoli Enterprise Portal userid must exactly match the Active Directory's TEPS User Object attribute field planned for use within the TEPS/e configuration (see Figure 3).
Configure all required permissions, applications, views, and groups for user account operations within IBM Tivoli Monitoring, see Use Tivoli Enterprise Portal user authorization for more information. (Note that these user accounts' permissions, applications, views, and groups will not be available in Active Directory, nor will they translate from Tivoli Monitoring to Active Directory; see Figure 4.)
You could update Active Directory's User Object schema to map the IBM Tivoli Monitoring user permissions, applications, views, and groups into Active Directory. Then you can leverage these new schema attributes to assist you both with user synchronization between Tivoli Monitoring and Active Directory and with Active Directory's management of portal server user properties via Active Directory scripting and the Tivoli Monitoring CLI's tacmd command.
It is not recommended that you add the default sysadmin account to your LDAP directory. The sysadmin account should be reserved for local monitoring server Security: Validate User authorization, thereby retaining a non-LDAP method for accessing the monitoring server and the portal server.
User ID and User Description are freeform, but for good form, you should attempt to match the User Name and User Description you already created in Active Directory.
The Distinguished Name is critical to binding the Tivoli Monitoring userid to the LDAP User account based on the TEPS/e LDAP configuration. This point is discussed further later; for now, select entry UID=userid,O=DEFAULTWIMITMBASEDREALM.
Parent topic:
LDAP user authentication using Microsoft Active Directory