IBM Tivoli Monitoring > Version 6.3 Fix Pack 2 > Administrator's Guide > Enable user authentication > LDAP user authentication through the portal server

IBM Tivoli Monitoring, Version 6.3 Fix Pack 2


Manage new LDAP users

Whenever new users are added to the portal server's LDAP user registry and those users need to have login access to Tivoli Enterprise Portal or other participating SSO application such as, IBM Dashboard Application Services Hub, you must create a Tivoli Enterprise Portal user ID for the user and map it to their LDAP distinguished name.

The Tivoli Enterprise Portal user ID should also be assigned Tivoli Enterprise Portal permissions and the monitoring applications that can be accessed. See Manage user IDs and Administer Users. The only Tivoli Enterprise Portal users who do not need any permissions or monitoring application assignments, are monitoring dashboard users who do not use the Tivoli Enterprise Portal client when authorization policies are used.

The first time a dashboard user accesses monitoring data, a Tivoli Enterprise Portal user ID is automatically created for the user if there is not already a user ID mapped to the user's LDAP distinguished name. In this case, the Tivoli Enterprise Portal user ID is a randomly generated ID and the user is not assigned any permissions. If Tivoli Enterprise Portal permissions are being used to control access to monitored resources in the dashboards instead of authorization policies, or if the dashboard user can launch the Tivoli Enterprise Portal, assign the user ID permissions and the monitored applications that can be accessed.

Scripting can be employed to maintain automated synchronization of LDAP user registry and Tivoli Enterprise Portal users. Scripts for managing the LDAP server's user accounts can ensure that modifications to user accounts (for example, users added or deleted) are also made for the corresponding Tivoli Enterprise Portal user ID via the tacmd createuser and tacmd deleteuser commands. Run your user synchronization script as a scheduled action as frequently as your environment requires to ensure the Tivoli Enterprise Portal and LDAP user registry users remain synchronized.


Parent topic:

LDAP user authentication through the portal server

+

Search Tips   |   Advanced Search