[IBM Tivoli Identity Manager learning document] 14. Tim Organizational Structure Design

Author: gnuhpc
Source: http://www.cnblogs.com/gnuhpc/

1. Organization tree

Organizations

Organization units

Business partner organizations

Locations

Administrative Domains

Itim does not allow Domain administrators to perform itim configuration operations, unless they are placed in a specific permission group through ACI.

 

2. Example:

 

3. Organizational Roles

There are two types:

• Static organizational roles-a static organizational role that is global to any user.
• Dynamic organizational roles -- automatically retrieves members from the itim profile using LDAP filter.

 

4. design considerations:

Availability: administrators use Tim management, especially person management, to consider convenience, complexity, time consumption, and other factors.

Agent Management: controls different levels of managers through ACI.

Inheritance: The Role in Tim has inheritance.

Personalized customization requirements: Tim supports personalized customization.

Batch loading: you must consider using batch loading during deployment. This function depends on a good organizational structure design.

 

5. To use TDS data in other directories or use other LDAP in itim, we must use TDI.

 

6. Directory example:

At the top of the organizational structure tree is the root node, which is set to DC = com by default during installation. Of course we can change the name, just as we use o = xyz in the figure.

Next, ou = itim on the left is interpreted as follows:

 

Ou = xyz on the right is interpreted as follows:

The two containers under ou = itim are used to store some restrictions and other password-related information of the itim application. The definitions are as follows:

Erglobalid = 0000 stores the company's specific information:

Ou = iitim on the right stores information related to the itim service.

Author: gnuhpc
Source: http://www.cnblogs.com/gnuhpc/