Authenticating users by using an Active Directory database
You can authenticate IBM
Spectrum Protect users by using an Active Directory database on a Lightweight Directory Access Protocol (LDAP) server. With this method, you use the standard user accounts that are registered with the LDAP server. The same user ID can be used to authenticate to the IBM
Spectrum Protect server and to the LDAP server.
Before you begin
Verify that your system meets the following requirements:
An Active Directory database must be installed on the LDAP server.
If your storage environment includes backup-archive clients, they must be at V6.4 or later.
If your storage environment includes storage agents that will authenticate node IDs with an LDAP server, the storage agents must use a secure connection, such as Transport Layer Security (TLS) or a virtual private network.
Restriction: For some types of clients, the client node name and the administrative user ID must match. You cannot authenticate those clients by using the LDAP authentication method that is described in this section. For more information, see technote 7048963.
About this task
An overview of the configuration process is shown in the following figure:Figure 1. Configuring the IBM
Spectrum Protect server to authenticate user IDs with an Active Directory database
After you complete the configuration tasks, IBM
Spectrum Protect user IDs are authenticated against the Active Directory database.
Procedure
Complete the configuration steps:
Table 1. Configuration steps
Steps to configure authentication with an LDAP server
Where to complete the steps
1. Select an LDAP server and ensure that it is configured for TLS. Follow the instructions in Setting up an LDAP server.
LDAP server
2. Select a user ID for the IBM
Spectrum Protect server. Follow the instructions in Setting up an LDAP server.
LDAP server
3. Copy the trusted certificate on the LDAP server. Follow the instructions in Setting up an LDAP server.