I haven't read the docs but we have lots of applications that perform LDAP
auth to our eDirectory and most apps need no more than the LDAP server(s)
name, some application ID that has authority to perform lookups (and
perhaps updates) and the proper tree/container structure in which to do the
lookups.  I am guessing it might need its own schema changes/extensions for
attributes it needs to replicate that are currently inside the TSM DB.

Once all my servers are at 6.3.4, I plan to look into it for Administrators

What are your concerns?


On Thu, Jul 11, 2013 at 2:59 PM, Allen S. Rout <asr AT ufl DOT edu> wrote:

> I got all excited about the V6 LDAP password thing, and then I read the
> docs... Ugh.  So I wanted to see if anyone's doing it, to validate or
> falsify my conclusion:  You can maybe _use_ the active directory
> database to store your data, but it is explicitly not authenticating
> admins or nodes "against" AD.  It's using LDAP as a general purpose
> database in which to store facts like password hashes and usernames.
>
> Right?
>
> IBM's been talking about authentication exits for TSM since at least
> 1998.  _ANY_ database outside the server is at least a step in the right
> direction.  But oy, and also vey.
>
> - Allen S. Rout
>



--
*Zoltan Forray*
TSM Software & Hardware Administrator
Virginia Commonwealth University
UCC/Office of Technology Services
zforray AT vcu DOT edu - 804-828-4807
Don't be a phishing victim - VCU and other reputable organizations will
never use email to request that you reply with your password, social
security number or confidential personal information. For more details
visit http://infosecurity.vcu.edu/phishing.html