Tivoli® Access Manager trust association interceptors require the creation of a trusted user account in the shared LDAP user registry.
pdadmin> user create webseal_userid webseal_userid_DN firstname
surname password
pdadmin> user modify webseal_userid account-valid yes