LDAP Installation Values

Determine the following LDAP values. Refer to this worksheet when you install LifeCycle Manager.

Prompt Your Value

LDAP server

Specifies the host ID (DNS name or IP address) of the LDAP server.

Example

ldap.company.com

10.20.30.40

 

LDAP port

Specifies the host port of the LDAP server.

Example

389 (LDAP) or 636 (LDAPS)

 

Bind user (distinguished name)

Specifies the distinguished name for the LifeCycle Manager Server to use when binding to the directory service.

Example

cn=root

 

Bind user password

Password for the bind user.

Note: 

The bind user password must not end with @.

 

SSL enabled

Optional. Specifies whether secure socket communication is enabled to the LDAP server.

 

Trust store

Optional: required only if SSL is enabled. Specifies the path to a JKS keystore where the public server certificate of the LDAP server (or its certificate authority) is stored.

 

Trust store password

Type the password for the keystore.

Note: 

The trust store password must not end with @.

 

User prefix

Specifies the attribute that LifeCycle Manager will use to display the user name of users in the directory service.

Tivoli or ADAM Example

cn

Active Directory Example

sAMAccountName

 

Group prefix

Specifies the attribute that LifeCycle Manager will use to display the group name of groups in the directory service.

Example

cn

 

User suffix

Specifies the base distinguished name which indicates the starting point for LDAP searches of users in the directory service.

Example

OU=Users,DC=company,DC=com

 

Group suffix

Specifies the base distinguished name which indicates the starting point for LDAP searches of groups in the directory service.

Example

OU=Groups,DC=company,DC=com

 

Group member attribute

Specifies the attribute for groups in the directory service that LifeCycle Manager will use to determine which users are members of that group.

Example

member

 

User search filter

Specifies the LDAP user filter that searches the user registry for users.

If you are installing LifeCycle Manager in an LDAP bind configuration, this search must be able to locate the same users as the search base provided during the LDAP bind procedure.

Tivoli Example

(&(uid=%v)(objectclass=inetOrgPerson))

ADAM Example

(&(cn=%v)(objectclass=inetOrgPerson))

Active Directory Example

(&(|(cn=%v)(sAMAccountName=%v)) (objectClass=user))

 

Group search filter

Specifies the LDAP user filter that searches the user registry for groups.

Tivoli Example

(&(cn=%v)(objectclass=groupOfUniqueNames))

ADAM Example

(&(cn=%v)(objectclass=groupOfUniqueNames))

Active Directory Example

(&(cn=%v)(objectClass=group))

 

LCM admin group

Specifies a group name in the user registry that point out the LifeCycle Manager Administrators group. Members of this group are allowed to perform all tasks in LifeCycle Manager.

LifeCycle Manager must be able to find this group with an LDAP search using the group search filter (specified above).

 

LCM user group

Specifies a group name in the user registry that point out the LifeCycle Manager user group. Members of this group are allowed to log on to LifeCycle Manager.

If this field is left blank, all users in LDAP (that can be found with an LDAP search using the user search filter, specified above) are allowed to log on to LifeCycle Manager. LifeCycle Manager must be able to find this group with an LDAP search using the group search filter (specified above).