Tivoli Directory Server (TDS) is used to manage LDAP attributes for different systems. Among these services provided by TDS is password management. By default, Tivoli Directory Server has a global password policy which is called pwdpolicy. It controls the policy of the attribute userPassword. However, some systems require additional password policies to manage certain groups/individuals in their organization.
On default this is not enabled in TDS. The TDS password policy is disabled for group and individual specific policies. These must be configured in the TDS server to be used.
The following shows how to enable Tivoli Directory Server group and individual password policies.
Login to the Tivoli Directory Server server command line as root
Run the following command:
For non SSL configurations:
idsldapmodify -D <adminDN> -w <adminPW> -h <hostname> -k
dn: cn=pwdpolicy,cn=ibmPolicies
ibm-pwdpolicy:true
ibm-pwdGroupAndIndividualEnabled:true
For SSL configurations:
idsldapmodify -D <adminDN> -w <adminPW> -h <hostname> -Z -K <keystore database location> -k
dn: cn=pwdpolicy,cn=ibmPolicies
ibm-pwdpolicy:true
ibm-pwdGroupAndIndividualEnabled:true
On default this is not enabled in TDS. The TDS password policy is disabled for group and individual specific policies. These must be configured in the TDS server to be used.
The following shows how to enable Tivoli Directory Server group and individual password policies.
Login to the Tivoli Directory Server server command line as root
Run the following command:
For non SSL configurations:
idsldapmodify -D <adminDN> -w <adminPW> -h <hostname> -k
dn: cn=pwdpolicy,cn=ibmPolicies
ibm-pwdpolicy:true
ibm-pwdGroupAndIndividualEnabled:true
For SSL configurations:
idsldapmodify -D <adminDN> -w <adminPW> -h <hostname> -Z -K <keystore database location> -k
dn: cn=pwdpolicy,cn=ibmPolicies
ibm-pwdpolicy:true
ibm-pwdGroupAndIndividualEnabled:true
No comments:
Post a Comment