This drawing shows how TIM and TAM are connected. Basically the feeds from the HR zone send the identities to ITIM. From there ITIM connects to applications as well as TAM via adapters to create accounts according to policy. The transaction database connected to the TIM (WebSphere App) is where all the audit tracking info is stored (who has access to what and who approved that access). The TIM LDAP is actually a TDS server(s) with all sorts of special objectclasses and attributes used by TIM. This should not be used as your enterprise LDAP and should be dedicated to ITIM. TAM is actually a managed resource as far as TIM is concerned so an adapter is used to connect TIM and TAM.