+

Search Tips   |   Advanced Search

Set up the LDAP Server

We can use the Security Directory Server to set up a sample environment. To set up, identify a container where the object class with user ID and password is found or created.


Procedure

  1. Define the suffix.

    1. Select Start > Programs > IBM Security Directory Server x.x > Directory Configuration.
    2. Select Manage suffixes from the left pane.
    3. In the Suffix DN field add the suffix under which you store the password information. For example, o=ibm,c=us.
    4. Click Add. The new suffix is shown in the Current suffix DNs list.
    5. Click OK.
    6. Close the Directory Configuration tool.

  2. Add the suffix data.

    1. Restart the IBM Security Directory Server.
    2. From the IBM Security Directory Server Web Administration Tool, select Directory management > Manage entries.
    3. Click Add.
    4. Select organization from the structural object class list.
    5. Click Next.
    6. From the Select auxiliary object classes window, click Next.
    7. From the Enter the attributes window, clear the value in the Parent DN field.
    8. Specify the suffix name into the Relative DN field. For example, o=ibm,c=us.
    9. Enter the organization name into the o field (ibm in the previous example).
    10. Click Finish.

  3. Add the domain object.

    1. From the IBM Security Directory Server Web Administration Tool, select Directory management > Manage entries.
    2. Select the suffix that are previously created in the previous step, that is, o=ibm, c=us.
    3. Click Add.
    4. Select domain from the structural object class list.
    5. Click Next.
    6. In the Select auxiliary object classes window, click Next.
    7. Enter the domain name in the Relative DN field. For example, dc=mydomain.
    8. Enter the domain name in the dc field (mydomain in the previous example).
    9. Click Finish.

    Note: The domain and suffix entered must also be included in the pwsync.props file along with the other information. For configuration details, see Configuration of LDAP Password Store.

  4. Define the ibm-diPerson object. From a system with IBM Security Directory Server client, run the following command from the install_directory as one line:

      ldapmodify -c -h LDAP Hostname -D admin DN -w admin PW -f TDI_install_dir/pwd_plugins/etc/ibm-diPerson_oc.ldif

    Note: You might see the following messages:

    • Attribute type ’1.3.18.0.2.4.155’ already exists, add operation failed.
    • Attribute type ’0.9.2342.19200300.100.1.1’ already exists, add operation failed.

    We can ignore these messages. The messages indicate that the secretKey and uid attributes are already defined in your schema.


Parent topic:

LDAP Password Store