Tivoli, Directory, Server – IBM 51 User Manual

The

output

should

return

the

following

entries:

tioldap

,

tiointernal

,

and

tioappadmin

.

c.

Confirm

that

a

particular

user

or

group

has

been

imported:

ldapsearch

-v

-h

<

ldapserver

>

-D

cn=root

-w

<password>

-p

389

-b

"dc=ibm,dc=com"

cn=<username>

This

should

return

the

full

output

of

the

specified

user.

d.

Ensure

the

proper

functionality

with

the

wasadmin

user:

ldapsearch

-v

-h

<

ldapserver

>

-w

wasadmin

-D

"cn=wasadmin,dc=ibm,dc=com"

-p

389

-b

"dc=ibm,dc=com"

cn=tio*

The

output

should

return

the

following

entries:

tioldap

,

tiointernal

,

tioappadmin

.

6.

Check

for

proper

tree

ownership,

to

ensure

that

Tivoli

Intelligent

Orchestrator

is

able

to

navigate

the

user

and

group

structure

accordingly:

ldapsearch

-v

-h

<ldapserver>

-p

389

-D

cn=root

-w

<password>

-b

"dc=ibm,dc=com"

-s

base

"objectclass=*"

entryowner

ownerpropagate

The

output

should

return

the

following:

ownerpropagate=TRUE

,

and

entryowner=access-id:CN=TIOLDAP,DC=IBM,DC=COM

7.

Search

the

knowledge

bases

and,

if

necessary,

contact

Support.

For

more

information,

refer

to

Appendix

B,

“Support

information,”

on

page

225.

IBM

Tivoli

Directory

Server

connection

verification:

The

following

steps

are

required:

1.

Check

Tivoli

Intelligent

Orchestrator’s

connection

to

the

IBM

Tivoli

Directory

Server:

a.

Check

the

user-factory.xml

file

for

changes

that

were

made

during

the

Tivoli

Intelligent

Orchestrator

installation.

The

user-factory.xml

file

is

Tivoli

Intelligent

Orchestrator’s

configuration

file

for

accessing

the

IBM

Tivoli

Directory

Server,

and

is

located

in

the

following

directory:

v

Windows:

%TIO_HOME%\config

v

UNIX

or

Linux:

$TIO_HOME/config

Changes

to

the

server

name,

port,

root

suffix,

principal

user,

internal

user,

encrypted

passwords,

and

SSL-binding

are

shown

as

follows:

<server>todaix03.think.lab.austin.ibm.com</server>

<ldap-port>389</ldap-port>

<root>dc=ibm,dc=com</root>

<principal>tioldap</principal>

<internal-user>tiointernal</internal-user>

2.

In

the

WebSphere

administrative

console,

go

to

Security

–>

User

Registries

–>

LDAP

,

to

check

the

WebSphere

Application

Server

connection

to

the

IBM

Tivoli

Directory

Server.

3.

Verify

the

IBM

Tivoli

Directory

Server

connection:

a.

Check

the

IBM

Tivoli

Directory

Server

basic

functionality

using

the

following

command:

ldapsearch

-v

-h

<ldapserver>

-p

389

-D

cn=root

-w

<password>

-b

""

-s

base

objectclass=*

b.

If

the

ldapsearch

search

returns

a

command

not

found

,

install

the

IBM

Tivoli

Directory

Server

Client,

following

the

instructions

provided

in

the

Tivoli

Intelligent

Orchestrator

Installation

Guide.

20

Tivoli

Intelligent

Orchestrator

Problem

Determination

and

Troubleshooting

Guide