Professional Documents
Culture Documents
Lab requirements
The following project is required:
IBM Operational Decision Manager Standard V8.8
o Decision Server (with Sample profile created)
o Decision Center
LDAP, for example, IBM Directory Server, Apache Directory, etc.
o LDAP Administration tool, for example: Apache Directory Studio
Note: Throughout the lab, Apache Directory server is referred as LDAP server, and Apache Directory Studio is
referred as Studio in short.
IBM ODM User and Group Administration in Business Console Lab exercise Page 1 of 25
Copyright IBM Corporation 2016. All rights reserved
__ d. Enter the Bind DN and password. You can click Check Authentication to verify.
IBM ODM User and Group Administration in Business Console Lab exercise Page 2 of 25
Copyright IBM Corporation 2016. All rights reserved
The connection is established and the entries from LDAP are loaded in the LDAP Browser view.
__ h. The Partition General Details section is displayed. Enter Loan Service Co. in the ID field and
dc=loanserviceco,dc=com as the Suffix.
IBM ODM User and Group Administration in Business Console Lab exercise Page 3 of 25
Copyright IBM Corporation 2016. All rights reserved
__ k. In Studio LDAP Browser view, right click Root DSE and choose Reload Entry. New base DN is listed.
IBM ODM User and Group Administration in Business Console Lab exercise Page 4 of 25
Copyright IBM Corporation 2016. All rights reserved
__ d. The organizationalUnit and top object classes are listed in the Selected object classes bucket. Click
Next.
IBM ODM User and Group Administration in Business Console Lab exercise Page 5 of 25
Copyright IBM Corporation 2016. All rights reserved
__ e. On the Distinguished Name page, choose or enter ou as RDN attribute, and enter users as RDN
value. Click Next.
__ f. Review the attribute list, and then, click Finish. LDAP Browser shows that the users is created.
__ g. To create a user, right click ou=users entry, chose New > New Entry
__ h. Choose Create entry from scratch. Click Next.
__ i. On the Object Classes page, in the left side Available object classes filter field, type inet. Then select
inetOrgPerson in the list and click Add.
IBM ODM User and Group Administration in Business Console Lab exercise Page 6 of 25
Copyright IBM Corporation 2016. All rights reserved
__ l. On the Attributes page, cn and sn values are required. Enter Jane as cn and Doe as sn.
IBM ODM User and Group Administration in Business Console Lab exercise Page 7 of 25
Copyright IBM Corporation 2016. All rights reserved
IBM ODM User and Group Administration in Business Console Lab exercise Page 8 of 25
Copyright IBM Corporation 2016. All rights reserved
__ p. On the Password Editor, enter Jane as new password and confirm password. For simplicity, choose
Plaintext hash method.
You can also select Show new password details to see the password in clear text. Click OK.
__ q. Click Finish to close the New Entry wizard. User Jane is created in the LDAP.
IBM ODM User and Group Administration in Business Console Lab exercise Page 9 of 25
Copyright IBM Corporation 2016. All rights reserved
__ d. On the Distinguished Name page, choose ou as RDN attribute, and enter groups as RDN value.
Click Next.
__ e. Review the attribute list, and then, click Finish. LDAP Browser view shows that the groups orgUnit entry
is created.
IBM ODM User and Group Administration in Business Console Lab exercise Page 10 of 25
Copyright IBM Corporation 2016. All rights reserved
__ h. On the Object Classes page, in the ledt side Available object classes filter field, type group. Then
select groupOfNames in the list and click Add.
__ i. The groupOfNames and top object classes are selected. Click Next.
__ j. Enter cn=management as RDN. Click Next.
IBM ODM User and Group Administration in Business Console Lab exercise Page 11 of 25
Copyright IBM Corporation 2016. All rights reserved
__ m. Back to DN editor, click OK. The member attribute with Janes DN value is added to the New Entry
Attributes list. Click Finish.
__ n. Repeat Step 4.f 4.m to create another group development with John Doe as member.
IBM ODM User and Group Administration in Business Console Lab exercise Page 12 of 25
Copyright IBM Corporation 2016. All rights reserved
__ f. Select the checkbox in the rtsUser row, click the Map Special Subjects list, and select the All
Authenticated in Applications Realm option.
IBM ODM User and Group Administration in Business Console Lab exercise Page 13 of 25
Copyright IBM Corporation 2016. All rights reserved
__ g. Select the checkbox in the rtsUser row again. Then click Map Groups
__ h. On the Search and Select Groups page, choose rtsUser from the Selected list. Click the Remove
button. Then scroll the page down and click the OK button at the bottom.
__ i. The security role mapping table is reloaded. The rtsUser role now only has special subjects set. Click the
OK button blow the table.
__ j. On the top if the page, click Save to save all the changes to the master configuration. You do NOT need
to restart the server at this time.
IBM ODM User and Group Administration in Business Console Lab exercise Page 14 of 25
Copyright IBM Corporation 2016. All rights reserved
__ b. On the Global security configuration page, under User account repository section, make sure
Federated repositories is selected as the current realm definition. Click Configure
__ c. On the Federated repositories configuration page, scroll to the repositories in the realm table. By
default, only WIM file repository is selected. Click Add repositories (LDAP, custom, etc) above the
table.
__ d. On the repository general properties setting, click New Repository > LDAP repository.
IBM ODM User and Group Administration in Business Console Lab exercise Page 15 of 25
Copyright IBM Corporation 2016. All rights reserved
__ e. Inside the LDAP server section, choose your LDAP directory type. For Apache Directory, choose
Custom. Also enter the LDAP host name and port number.
__ f. Inside the Security section, enter the binding DN and password. Update other fields to match your LDAP
settings. Click OK.
__ g. The LDAP1 repository is defined. The General Properties setting is reloaded. Now enter the base DN,
i.e. dc=loanserviceco,dc=com. Click OK.
IBM ODM User and Group Administration in Business Console Lab exercise Page 16 of 25
Copyright IBM Corporation 2016. All rights reserved
__ h. Back to the Federated repositories page, LDAP is now listed in the table. Click OK.
__ i. On the top of the Global security page, click Save in the Messages box.
__ d. In the users list table, you should see the LDAP users in the list.
IBM ODM User and Group Administration in Business Console Lab exercise Page 17 of 25
Copyright IBM Corporation 2016. All rights reserved
__ e. Click Manage Groups on the left, you can also find the LDAP groups in the groups list.
__ f. Click development group name link. The Group Properties page is displayed.
__ g. Click Members tab, you can see the LDAP group member is listed.
IBM ODM User and Group Administration in Business Console Lab exercise Page 18 of 25
Copyright IBM Corporation 2016. All rights reserved
At this moment, Jane and John can only access Decision Center as a regular rtsUser. They cannot
participant in any decision service project governance.
In the next part, you will add LDAP connection into Decision Center and import its groups and users by using
Administration feature. After assigning the proper roles to the groups, the users can participate in the
governance framework.
IBM ODM User and Group Administration in Business Console Lab exercise Page 19 of 25
Copyright IBM Corporation 2016. All rights reserved
IBM ODM User and Group Administration in Business Console Lab exercise Page 20 of 25
Copyright IBM Corporation 2016. All rights reserved
__ c. The Import Groups dialog is opened. The LDAP Groups and Users under the search baseDN are listed
in the tree. Select All groups checkbox and click Import users and groups.
__ d. Click Users tab. The users are imported too along with the groups.
IBM ODM User and Group Administration in Business Console Lab exercise Page 21 of 25
Copyright IBM Corporation 2016. All rights reserved
__ e. Under the Permissions section, click the None link to turn this field to a drop down select list.
The customized permissions can also be displayed here if they are defined in Enterprise
Console. The permission customization feature is out of scope of this lab. For more
details, visit ODM Decision Center Permissions topic on IBM Knowledge Center.
IBM ODM User and Group Administration in Business Console Lab exercise Page 22 of 25
Copyright IBM Corporation 2016. All rights reserved
__ g. Edit the management group. Assign rtsAdministrator role and Full Authoring permission. Click Done.
IBM ODM User and Group Administration in Business Console Lab exercise Page 23 of 25
Copyright IBM Corporation 2016. All rights reserved
__ h. Choose Jane as Owner and Approver, then choose John as Author. Click Create.
__ i. Jane finished creating new release and new activity as an rtsAdministrator. Jane logs out.
__ j. Now login to Business Console with Johns credential, i.e. John/John.
__ k. Click WORK tab.
__ l. The Minimum Age Update change activity is listed in Johns work items. John can participate in
governance work too.
You can continue to work on the change activity as John to complete the activity and
logout. Then, login as Jane to approve and complete the release.
The decision governance workflow is out of the scope of this lab. You can refer to
Exploring decision services in a governance workflow tutorial on IBM Knowledge Center
or watch its corresponding online education demo video.
IBM ODM User and Group Administration in Business Console Lab exercise Page 24 of 25
Copyright IBM Corporation 2016. All rights reserved
This completes the ODM User and Group Administration in Business Console lab.
IBM ODM User and Group Administration in Business Console Lab exercise Page 25 of 25