I haven't read the docs but we have lots of applications that perform LDAP auth to our eDirectory and most apps need no more than the LDAP server(s) name, some application ID that has authority to perform lookups (and perhaps updates) and the proper tree/container structure in which to do the lookups. I am guessing it might need its own schema changes/extensions for attributes it needs to replicate that are currently inside the TSM DB.
Once all my servers are at 6.3.4, I plan to look into it for Administrators What are your concerns? On Thu, Jul 11, 2013 at 2:59 PM, Allen S. Rout <a...@ufl.edu> wrote: > I got all excited about the V6 LDAP password thing, and then I read the > docs... Ugh. So I wanted to see if anyone's doing it, to validate or > falsify my conclusion: You can maybe _use_ the active directory > database to store your data, but it is explicitly not authenticating > admins or nodes "against" AD. It's using LDAP as a general purpose > database in which to store facts like password hashes and usernames. > > Right? > > IBM's been talking about authentication exits for TSM since at least > 1998. _ANY_ database outside the server is at least a step in the right > direction. But oy, and also vey. > > - Allen S. Rout > -- *Zoltan Forray* TSM Software & Hardware Administrator Virginia Commonwealth University UCC/Office of Technology Services zfor...@vcu.edu - 804-828-4807 Don't be a phishing victim - VCU and other reputable organizations will never use email to request that you reply with your password, social security number or confidential personal information. For more details visit http://infosecurity.vcu.edu/phishing.html
