In Tivoli Directory Server, different password policies may be employed to manage the passwords of your organization. A global password policy may be used to oversee all the passwords of the company. However, customers may want to customize their policies for specific individuals or groups. The customer might determine that some groups should have more access (e.g. administrators/staff) while others should be given less (e.g. vendors/external users). Custom TDS password policies may be associated to a groups and individuals for this purpose. The following shows how to associate a password policy to a group. Note that the same can be applied to an individual user by replacing the dn portion from the group dn to the individual’s dn.
Login to the TDS server as root
Run the following command:
For Non-SSL:
idsldapmodify -D <adminDN> -w <adminPW> -k
dn:cn=myGroup,cn=groups,dc=myCompany,dc=com
changetype:modify
add:ibm-pwdGroupPolicyDN
ibm-pwdGroupPolicyDN:cn=testPolicy,cn=ibmpolicies
For SSL:
idsldapmodify -D <adminDN> -w <adminPW> -h <hostname> -Z -K <keystore database location> -k
dn:cn=myGroup,cn=groups,dc=myCompany,dc=com
changetype:modify
add:ibm-pwdGroupPolicyDN
ibm-pwdGroupPolicyDN:cn=regpolicy,cn=ibmpolicies
Login to the TDS server as root
Run the following command:
For Non-SSL:
idsldapmodify -D <adminDN> -w <adminPW> -k
dn:cn=myGroup,cn=groups,dc=myCompany,dc=com
changetype:modify
add:ibm-pwdGroupPolicyDN
ibm-pwdGroupPolicyDN:cn=testPolicy,cn=ibmpolicies
For SSL:
idsldapmodify -D <adminDN> -w <adminPW> -h <hostname> -Z -K <keystore database location> -k
dn:cn=myGroup,cn=groups,dc=myCompany,dc=com
changetype:modify
add:ibm-pwdGroupPolicyDN
ibm-pwdGroupPolicyDN:cn=regpolicy,cn=ibmpolicies
No comments:
Post a Comment