Configuring two directory servers

Two directory servers can be configured for the deployment.

About this task

You can configure the Virtual Member Manager to use two separate directory servers to authenticate users that log in to Maximo® Asset Management. You might choose this approach if you already have more than one directory server in your environment, or if you do not want to include systems users such as wasadmin in your enterprise directory server. You can use any combination of supported directory servers: two instances of IBM® Tivoli® Directory Server, two instances of Microsoft Active Directory, or one of each.

The two directory servers must be defined in the same realm. There must not be any user name that appears in both directory servers. If, after performing this configuration, you create users using the WebSphere® interface, they will be defined in the first directory server that you configure the Virtual Member Manager to use.

The following procedure assumes that both directory servers have been installed. If you choose to have Maximo Asset Management configure a directory server during the installation process, then you can consider it your first directory server and configure the Virtual Member Manager to add a second directory server. If you are reusing existing directory servers, or if you have installed a new directory server but did not configure it using Maximo Asset Management installation program, then you must complete all the steps to configure both servers.

To use two separate directory servers to authenticate Maximo Asset Management users, you must configure the Virtual Member Manager to federate both directory servers, and you must configure cron tasks to synchronize the Maximo user directory with both directory servers. To accomplish these tasks, follow these steps:

Procedure

  1. Configure the Virtual Member Manager to use the first directory server. If you choose to have Maximo Asset Management configure a directory server during the installation process, skip this step.
  2. Follow the same set of steps to configure the Virtual Member Manager to use the second directory server. Be sure that the Realm name value is the same as the value for the first directory server. Give the second directory server a different Repository identifier.
  3. After the installation of Maximo Asset Management is complete, log in to the Maximo Asset Management interface, and navigate to the System Configuration > Platform Configuration > Cron Task Setup application.
  4. Type VMM in the Cron Task field, and press Enter.
  5. Locate the VMMSYNC cron task, and click it.
  6. Set the task to active. This task completes the configuration of the cron task for the first directory server.
  7. Duplicate the existing VMMSYNC cron task and modify these fields:
    • Group Mapping
    • User Mappings

    Ensure that the BaseDN for both group mappings and user mappings parameters is provided correctly. The BaseDN value instructs the VMMSync crontask to search for users and groups in a particular location in the directory server. The BaseDN value for user and group always ends with the base entry value provided when federating the directory server under Virtual Member Manager.

    The principal and credential values must remain the same as the first directory server.

  8. Schedule the task to run every 5 minutes (or a different interval if you prefer), set it to active, and set it to keep history records.
  9. Save the task.
  10. After 5 minutes, check whether the task has run and restart it if it has not.
  11. After both cron tasks have run, in the Users application verify that users from both directory servers appear in the list.


Feedback