IBM Tivoli Monitoring > Version 6.3 Fix Pack 2 > Administrator's Guide > Enable user authentication

IBM Tivoli Monitoring, Version 6.3 Fix Pack 2

Migrate LDAP authentication from the monitoring server to the portal server

If your environment has already been configured for LDAP authentication using the hub monitoring server and you now want to configure the portal server to use an LDAP user registry for single sign-on, complete the steps in this topic.

Make sure that all users log off the Tivoli Enterprise Portal before you begin the procedure and do not log on again until the procedure is completed.


Complete these steps to temporarily disable security validation on the hub monitoring server, configure the portal server to use an LDAP user registry, map Tivoli Enterprise Portal user IDs to the distinguished name of the LDAP user registry, and then re-enable security validation on the hub monitoring server.


Procedure

  1. Temporarily disable Tivoli Enterprise Monitoring Server security validation:

    • Use the Manage Tivoli Enterprise Monitoring Servicesutility to reconfigure the hub monitoring server:

      1. Right-click the Tivoli Enterprise Monitoring Server and click Reconfigure .

      2. On the Tivoli Enterprise Monitoring Server Configuration window, disable Security: Validate User and click OK.

      3. Click OK to accept the existing settings on the next window.

      4. Restart the hub monitoring server.

    • From the command line:

      1. Change to the /opt/IBM/ITM/bin directory (or the directory where you installed Tivoli Management Services).

      2. Run the following command, where tems_name is the name of your monitoring server (for example, HUB_itmdev17):

      3. Press Enter to accept the existing values until you see the prompt for Security: Validate User.

      4. Enter NO to disable security.

      5. Continue to press Enter until the configuration is complete.

      6. Restart the hub monitoring server.

  2. Rename the sysadmin UID in the LDAP registry (for example, sysadmin_tems).

  3. Configure LDAP authentication and single sign-on for portal server. Use the Manage Tivoli Enterprise Monitoring Services utility, the itmcmd command line interface on Linux and UNIX, or the TEPS/e administration console to configure the portal server. For instructions, see LDAP user authentication through the portal server.

  4. Start the Tivoli Enterprise Portal Server and log on to the Tivoli Enterprise Portal as sysadmin.

  5. Adjust all user mappings to LDAP user IDs:

    1. Click Administer Users to open the Administer Users window.

    2. Right-click the row of the user ID to remap and click Modify User.

    3. Click Find to locate the LDAP distinguished name to be associated with the portal server.

    4. Select the distinguished name for the user. If you see multiple entries, select the one with the correct LDAP suffix (parent entry). Examples: UID=TIVOLIUSER,O=MYCOMPANY and uid=myname, dc=tivoli, dc=ibm, dc=us. If you see an entry with one of these organization values, do not choose it: O=DEFAULTWIMITMBASEDREALM is the default suffix for user IDs that authenticate through the hub monitoring server; and o=defaultWIMFileBasedRealm is the default for the TEPS/e user registry.

    5. Click OK to save the mapping and return to the Administer Users window, then continue to modify the DN for each user ID.

  6. Before logging out of the Tivoli Enterprise Portal, have the LDAP administrator rename the LDAP sysadmin account back to sysadmin, then map the Tivoli Enterprise Portal sysadmin user account to the LDAP sysadmin DN.

  7. Save your changes and log out of the Tivoli Enterprise Portal.

  8. Re-enable Tivoli Enterprise Monitoring Server security validation by performing step 1 again, but this time enable security validation.


Results

At this point, the migration is complete.


What to do next

Verify the authentication changes by performing these steps:

  1. Use the tacmd login command to verify that hub monitoring server security is enabled. Try logging in with a valid username and password and with a username or password that is not valid.

  2. Login to the Tivoli Enterprise Portal using the sysadmin user.

  3. Login to the Tivoli Enterprise Portal using a user from the LDAP user registry configured for the portal server.


Parent topic:

Enable user authentication

+

Search Tips   |   Advanced Search