Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

How to integrate IBM Connect:Direct authentication with AD using Centrify

11 April,19 at 11:50 AM

IBM Sterling Connect:Direct components run o Linux/Unix systems, so it's very easy to integrate with AD using Centrify because it's a PAM-aware application. This means it's able to leverage the PAM module provided by Centrify (or any other PAM module) to authenticate users.

 

if you look at page 43 on the official guide on how to implement PAM on IBM C:D (http://www-01.ibm.com/support/docview.wss?uid=swg27043021), it says:

 

Edit the initparm.cfg file and add the service name to the ndm.pam:service parameter. The service name we will be using in our test is the default service name “login”, located in /etc/pam.d directory. Make sure to bounce the Connect:Direct application to apply the change.

 

[cd4104@ironman] /home/cd4104/ndm/cfg/ironman4104 $ vi initparm.cfg

# Miscellaneous Parameters

ndm.path:path=/home/cd4104:

ndm.node:name=ironman4104:

ndm.pam:service=login:

ndm.env_vars:sanitize=n:

 

So all you need to do is to change the initparm.cfg file and specify login as the ndm.pam:service parameter. This will make IBM C:D look at the OS PAM modules to authenticate users.

 

Just make sure your users are properly set up at Centrify, i.e. have a UNIX profile and login rights assinged if needed.

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.