Configuring LDAP security

IBM Dynamic Infrastructure for mySAP relies on IBM WebSphere and Tivoli 

Directory Server for authentication and authorization services, and requires the 

definition of various groups and user IDs. 

Users first provide credential information using a login panel. IBM WebSphere 

checks the user's credentials against definitions in LDAP. The user's rights will be 

based on the groups the user is assigned to.

Users and groups definitions for IBM Dynamic Infrastructure for mySAP can be 

stored in the same LDAP server used for Tivoli Provisioning Manager. This can 

be performed as follows:

User ID definitions using the Tivoli Provisioning Manager graphical user 

interface

Group definitions using a Lightweight Directory Interchange Format (LDIF) file

User ID definitions

The definitions of user IDs must be planned for prior to IBM Dynamic 

Infrastructure for mySAP installation. For our case study scenario, we defined the 

following user IDs: dexteradmin, dexterservicemanager, dexterodadmin, 

dexteremea, dexterap, and dexteramericas. 

To define the user IDs in Tivoli Provisioning Manager, perform these steps:

1. On the Tivoli Provisioning Manager user interface, access the 

Systems 

configuration and workflows management

 tab and select 

Users

. 

2. On the right panel, select 

Edit

Add User

. Fill out the required fields.

Group definitions

IBM Dynamic Infrastructure for mySAP uses the following four groups:

OfferingProviderAdministrator

OfferingServiceManager

OfferingSubscriber

ODSProviderAdministrator

For details about each group's privileges, refer to 

IBM Dynamic Infrastructure 

Enterprise Edition for mySAP Business Suite Installation and Customization,

BOEE EUIN 00.

After the LDIF file is created, its definitions can be loaded into the LDAP 

database by either specifying the location of the file during the IBM Dynamic 

14 

Dynamic Provisioning of SAP Environments using IBM DI for mySAP and Tivoli Provisioning