× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. April 2007

Re: SSO/Choosing EIM Domain Controller

EIM requires an IBM Tivoli Directory Server -- so that eliminates AD as
the repository for the ID mapping data.

It doesn't matter, though, what kind of server ITDS runs on.

Second, for the vast majority of customers, EIM is NEVER used from
windows. EIM is used by the remote system being accessed from Windows.
So, from an availability point of view, it makes more sense to have EIM
running on the remote servers being accessed from windows.

If you access multiple remote servers from windows, you have a few
choices. You can run a single instance of EIM on a single server
somewhere in your network, you can configure two or more replicas, or you
can configure a replica per server. You most likely want to use a
peer-to-peer replica set up rather than Master-replica set up. A
peer-to-peer replica allows you to update any one of the replicas and have
all the other replicas be updated automatically by LDAP. A Master-replica
set up allows you to only update the master -- the replicas are read only.




Patrick Botz


Security Architecture Consulting & Implementation

IBM Systems and Technology Group Lab Services

mail: botz@xxxxxxxxxx

phone: 507.253.0917 / mobile: 507.250.5644



ibm.com/servers/eserver/services



midrange-l-bounces@xxxxxxxxxxxx wrote on 04/19/2007 01:53:27 PM:

I've successfully configured NAS to work with our Windows 2003 domain.
We
would like to achieve SSO between the domain, 5250 emulation sessions
and
Lotus Notes.

I'm wondering if there is any collective wisdom on what platform to use
for EIM. I understand that I can use the Navigator wizard to create an

EIM domain on the iSeries. My concern is that during routine downtime
for
the iSeries (system saves, etc.) we would suddenly have users logging
into
the Windows domain and unable to use SSO because the LDAP server is
down.
These users would probably not remember their Lotus Notes passwords and
be
unable to log in without EIM.

I would prefer to have an approach where SSO worked as long as the
authenticating mechanism (Windows/Kerberos) was working. The redbook
("Windows-based Single Signon and the EIM Framework") assumes use of the

iSeries LDAP. Are there any guidelines to implementing SSO using
Active
Directory as the LDAP server?


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.