IBM System Storage Ideas Portal


This portal is to open public enhancement requests against IBM System Storage products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Add a new idea Subscribe
Status Future consideration
Workspace IBM TS7700 Virtual Tape Library
Created by Guest
Created on Apr 27, 2026

RELATED IDEAS

Allow customer local break-glass accounts to remain active when Direct LDAP is enabled on TS7700

Today, when Direct LDAP is enabled on TS7700, customer access depends on LDAP authentication. If LDAP becomes unavailable because of directory outage, DNS issue, certificate issue, connectivity problem, or bind account issue, customer administrative access can be lost.


IBM provides specific exception mechanisms for IBM service representatives, but customers do not have an equivalent controlled option to keep a limited number of local customer accounts active in parallel with LDAP.


We request an enhancement to support a hybrid authentication model on TS7700 with the following behavior:

- Direct LDAP remains the primary and standard authentication method

- A limited number of customer-managed local “break-glass” accounts can remain active at the same time

- These local accounts are intended only for emergency and recovery scenarios

- These accounts should be role-restricted and configurable by the customer

- Their use should be clearly audited and distinguishable from LDAP logins

- The feature should be optional and controlled by policy

 

This enhancement would improve operational resilience, reduce lockout risk, and provide a secure fallback path for customers without removing the benefits of centralized authentication.

Idea priority High
  • Admin
    Shreya Nair
    Apr 29, 2026

    Incase you are not using redundancy in your LDAP services, TS7700 supports the usage of secondary LDAP services.

    Reply

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.