Chapter 7. Portal security 293
7.4.3 IBM LDAP Data Management Tool (DMT)
The IBM SecureWay Directory Server has an LDAP client tool called Directory
Management Tool (DMT). The DMT is shipped on CD-ROMs as a part of
WebSphere Portal Server for z/OS and OS/390 development environment. DMT
is a Java client graphical user interface that allows an administrator to manage
LDAP directories on multiple LDAP servers. DMT supports the following
Displaying server properties and rebinding to the server
Listing, adding, editing and deleting schema attributes and object classes
Listing, adding, editing and deleting directory entries, for example users
Modifying directory entry ACLs
Searching the directory tree
Adding, modifying and deleting users in the LDAP is also supported from the
Portal server using the Portal Administration portlets.
The DMT can be installed from CD-ROMs 20 and 21 to the distributed platform of
choice. To install only the DMT client, select the custom install option, and
de-select options to install the LDAP server and DB2 database. After starting the
DMT, if the LDAP server is not local then you must click on Add server to connect
to the directory server. You then would need to enter the server name and LDAP
port number, which in our case was wtsc58.itso.ibm.com and 2389 respectively.
To add a new entry, for example a new user for Portal Server, first you need to
connect, or rebind to the server using an ID that has LDAP administrative
privilege. Then browse the directory tree, select the users attribute cn=users and
click on the Add button as shown in Figure 7-8 on page 294.
296 WebSphere Portal on z/OS
Figure 7-10 Add an LDAP User
For Portal Server the minimum attributes that need to be completed are:
sn: Last name
cn Common name
After providing values for these parameters click on the Add shown in Figure 7-11
on page 297 button to proceed.
Chapter 7. Portal security 297
Figure 7-11 Adding a LDAP user
Other attributes, for example, email and interests as shown in Figure 7-3 on
page 288 for self registration, need not be added to LDAP. This is because the
CUR implementation performed by Portal Server only uses LDAP for
authentication where it is checking for the existence of a user and the correct
password. Anything other than userid and password information are part of the
user profile which is stored in the Portal database and not LDAP.
Note: The IBM SecureWay Directory Management Tool used in this redbook
project, and provided on the CD-ROM is part of IBM Directory Server V4.1.