friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
0332907f0f
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzaty_5.4.0.1/itdovereim.htm

103 lines
7.4 KiB
HTML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Interaction with an Enterprise Identity Mapping server" />
<meta name="abstract" content="Enterprise Identity Mapping (EIM) for iSeries allows administrators and application developers to solve the problem of managing multiple user registries across their enterprise." />
<meta name="description" content="Enterprise Identity Mapping (EIM) for iSeries allows administrators and application developers to solve the problem of managing multiple user registries across their enterprise." />
<meta name="DC.Relation" scheme="URI" content="itdover.htm" />
<meta name="DC.Relation" scheme="URI" content="itdadmineim.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2004, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2004, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="itdovereim" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Interaction with an Enterprise Identity Mapping server</title>
</head>
<body id="itdovereim"><a name="itdovereim"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Interaction with an Enterprise Identity Mapping server</h1>
<div><p>Enterprise Identity Mapping (EIM) for <span class="keyword">iSeries™</span> allows
administrators and application developers to solve the problem of managing
multiple user registries across their enterprise.</p>
<p>Most network enterprises face the problem of multiple user registries,
which require each person or entity within the enterprise to have a user identity
in each registry. The need for multiple user registries quickly grows into
a large administrative problem that affects users, administrators, and application
developers. Enterprise Identity Mapping (EIM) enables inexpensive solutions
for easier management of multiple user registries and user identities in your
enterprise.</p>
<p>EIM allows you to create a system of identity mappings, called associations,
between the various user identities in various user registries for a person
in your enterprise. EIM also provides a common set of APIs that can be used
across platforms to develop applications that can use the identity mappings
that you create to look up the relationships between user identities.</p>
<p>If you are a system administrator, you can configure and manage EIM through <span class="keyword">iSeries Navigator</span>, the <span class="keyword">iSeries</span> graphical
user interface. The <span class="keyword">iSeries server</span> uses
EIM to enable <span class="keyword">i5/OS™</span> interfaces
to authenticate users by means of network authentication service.</p>
<p>While <span class="keyword">iSeries Navigator</span> provides
an interface for administrators to manage all user EIM identity mappings,
it does not provide a secure interface for non-administrative users to manage
their own identities. However, the IBM<sup>®</sup> Telephone Directory V5.2 application can
be used by non-administrators (users) to manage their own identities in an
EIM domain. When configured, users sign into the IBM Telephone Directory V5.2 application to
update their directory entry and EIM identity mappings. The application only
displays EIM identity mappings if a user logs in to update his or her own
directory entry. By allowing users to manage their own EIM identity mappings,
it helps ease the workload of the EIM domain administrator.</p>
<p>When you (as a non-administrator) log in to the IBM Telephone Directory V5.2 application to
update your directory entry, a list of identity mappings currently associated
with your EIM identifier is also shown. The application shows your identity
associations in the <span class="uicontrol">EIM registries</span> table. You can then
use the application to add and remove any identity associations you have.
The application interacts with the EIM domain server to add and remove identity
associations as you request them. You can only manage your own associations.</p>
<p>The IBM Telephone
Directory V5.2 application queries the EIM domain for user registries of the IBM Telephone
Directory V5.2 application to find identity mappings associated with application
users. If a user registry is found, the identity that the user provided when
he or she logged into the application is used to find his or her EIM identifier.
The EIM identifier is used to display all identity associations for the user,
and they are displayed in the <span class="uicontrol">EIM registries</span> table.
If the EIM identifier cannot be found (because user login identity has not
been associated with the IBM Telephone Directory application's user registry), an
identifier is automatically created for the user in the EIM domain, and an
association to the IBM Telephone Directory V5.2 application's user registry
is added.</p>
<p>You can remove any identity associations that are currently mapped to your
EIM identifier, but to add an EIM association, you must first specify your
credentials to the IBM Telephone Directory V5.2 application. When you add
an EIM association, you must select a system name and enter your user ID and
password associated with that system. The IBM Telephone Directory V5.2 application authenticates
these credentials before it will add an association to the EIM domain. If
authentication fails, the association is not added.</p>
<p>Not all associations may be managed by IBM Telephone Directory V5.2. The application
is only capable of authenticating identities that use LDAP or FTP protocols.
If user registries are found that do not accept LDAP or FTP authentication,
associations with that user registry cannot be added. The application must
be able to authenticate a user's identity using LDAP or FTP before an association
for that identity can be added to the user's EIM identifier.</p>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="itdover.htm" title="This topic provides an overview of the IBM Telephone Directory V5.2 application and how it interacts with different iSeries server components and various software components.">Overview of IBM Telephone Directory V5.2</a></div>
</div>
<div class="reltasks"><strong>Related tasks</strong><br />
<div><a href="itdadmineim.htm" title="Enterprise Identity Mapping (EIM) registration and identity mapping allows users to register with the EIM domain server and manage their identity mappings online.">Set up EIM registration and identity mapping</a></div>
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink