Enterprise Identity Mapping (EIM) for iSeries™ allows administrators and application developers to solve the problem of managing multiple user registries across their enterprise.
Most network enterprises face the problem of multiple user registries, which require each person or entity within the enterprise to have a user identity in each registry. The need for multiple user registries quickly grows into a large administrative problem that affects users, administrators, and application developers. Enterprise Identity Mapping (EIM) enables inexpensive solutions for easier management of multiple user registries and user identities in your enterprise.
EIM allows you to create a system of identity mappings, called associations, between the various user identities in various user registries for a person in your enterprise. EIM also provides a common set of APIs that can be used across platforms to develop applications that can use the identity mappings that you create to look up the relationships between user identities.
If you are a system administrator, you can configure and manage EIM through iSeries Navigator, the iSeries graphical user interface. The iSeries server uses EIM to enable i5/OS™ interfaces to authenticate users by means of network authentication service.
While iSeries Navigator provides an interface for administrators to manage all user EIM identity mappings, it does not provide a secure interface for non-administrative users to manage their own identities. However, non-administrators (users) can manage their own identities in an EIM domain when EIM is configured by the IBM® Welcome Page V1.1 application. Once configured, users can sign into the IBM Telephone Directory V5.2 application to update their directory entry and EIM identity mappings. The application only displays EIM identity mappings if a user logs in to update his or her own directory entry. By allowing users to manage their own EIM identity mappings, it helps ease the workload of the EIM domain administrator.
Not all associations can be set up by IBM Welcome Page V1.1 and managed by IBM Telephone Directory V5.2. The applications are only capable of authenticating identities that use LDAP or FTP protocols. If user registries are found that do not accept LDAP or FTP authentication, associations with that user registry cannot be added. The applications must be able to authenticate a user's identity using LDAP or FTP before an association for that identity can be added to the user's EIM identifier.
See Enterprise Identity Mapping (EIM) in the Security and Directory server topic for more information.