Administrative user names and passwords

IBM® Sametime® includes common user names for components to communicate in authenticated mode.

Sametime requires that you use administrative user names for components to communicate in an authenticated mode. Best practice is that these accounts should be configured so that the password never expires and never needs to be changed.
  • Domino® Administrator

    This user is created during installation of IBM Domino for the Sametime Community Server. It is a best practice to not use an existing administrative account because it is the account that the IBM Sametime System Console uses to communicates with the Community Server.

  • db2admin
    This user is created during installation of the DB2® server in the operating system. Do not create db2admin in advance. It is the user for all IBM Sametime related components using DB2 to access their databases. Be sure to match the password policy requirements of the operating system. The db2admin account that is created by the DB2 installation has full admin privileges. Change the db2admin username to something else. The db2admin account is equal to a root account for DB2 and that is not acceptable for security reasons.
    Note: Do not assign any other user the user name db2admin. Doing so will result in problems using Sametime with DB2.

    The db2admin account requires administrative privileges during Sametime server installation and upgrade.

    The db2admin account requires basic privileges such as read, write, update, and delete data during runtime, that is, when users are using the product.

  • WebSphere® Application Server administrator

    This is the user to access the WebSphere Application Server components such as a Sametime System Console and to administer the system. This user must not exist in your LDAP directory. You create a WebSphere Application Server user name during WebSphere Application Server installation in a local file repository. You can use the same user name and password for all components or different names and passwords. But again, the user name will not work if this user exists in the LDAP. You can use the account to assign other users from LDAP administrative rights to the Sametime System Console, hosted in the Integrated Solutions Console.

  • LDAP Bind user

    This is a user account in your LDAP directory. This account is used to connect in authenticated mode to the LDAP server to get all required attributes. It is possible to connect anonymously to the LDAP but then it does not work with some LDAP systems or the LDAP server requires special configuration to allow anonymous bind.

  • Sametime Video Manager

    You can assign any user name and password for the Sametime Video Manager. However, if you select admin as the username, the password will be admin as well.

Sametime passwords

Passwords and parameters used in IBM Sametime deployments are case sensitive, so it is important to type them exactly right.

Passwords may be stored in several different locations, and each time you provide the password, it must match the stored version exactly. If your company requires you to change passwords on a periodic basis, you may need to update the stored versions of the passwords before using features that will access them.

In addition, Sametime sometimes encounters problems with passwords including the following characters, therefore, you should avoid using them in your passwords (even if they are supported elsewhere):
  • !
  • @
  • (space)

For example, WebSphere Application Server allows the use of the @ character in passwords, but Sametime may encounter errors if your password includes that character.