TDS/SDS Blogs

So....just how many entries is under that LDAP Branch??

How To Turn on SDS Password Policy

User Rating: 0 / 5

Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive
 

 SDS/TDS Password Policy:

This will be very simple and concise.   If you work with TDS or SDS (Security Directory Server) - from time to time you NEED to apply or activiate Password Policy or rules. To do this is simple.  Just following the 1-2-3 process below:

 

Step 1:

Goto the IBM support website and search for your version of SDS/TDS and get the latest /recommended fixes - download them.  Yes you need to have appropriate access via a login ID.

Fix will look like this (example):

6.4.0.12-ISS-ISDS-Linux-IF0012.zip

Step #2:

After you have downloaded the fix patch code and applied (for vulnerabilities) you can start to formulate and shape up your LDIF file with the policy. Below is what a listing will look like.

Then enter into the resulting folder - generally the same as the zip file name.

 

Create and LDIF file and add everything in the "LEFT" column to the file.  Will serve as input data....call it "setupGlobal_Policy.ldif".

Step #3:

Then run the ldap command line utility to update SDS/LDAP.  *Special note you must use the -k parameter.

 

==>    idsldapmodify -D cn=root -w yourPassword -i setupGlobal_Policy.ldif -k

You should get a return like this if all when well...

Operation 0 modifying entry cn=pwdpolicy,cn=ibmpolicies

 

Ibmslap.log will show something like this below:

*see the log file: /tmp/idsinstall_07-10-16-08-20-26.log  for more details

 

There is no way to specify password policy explicitly on a container/subtree/branch. But if this is really required, can be achieved via a group based password policy using a dynamic group. The dynamic group must be defined with a sub scope on that container/subtree/branch with an appropriate filter to match all valid user entries.

For Individual Policy, you can setup and ldif like this one (and as many as you need) and implement like we did above.

LDIF EXAMPLE for "individual_Policy"

---------------------------------------------------------

dn: cn=individual_Policy,cn=ibmpolicies

dn: cn=individual_Policy,cn=ibmpolicies

objectclass: containerobjectclass: pwdPolicy

objectclass: ibm-pwdPolicyExt

objectclass: topcn: individual_Policypwd

Attribute: userPasswordpwd

GraceLoginLimit: 3

pwdLockoutDuration: 10

pwdMaxFailure: 3

pwdFailureCountInterval: 7

pwdMaxAge: 500pwdExpireWarning: 0

pwdMinLength: 5pwdLockout: true

pwdAllowUserChange: true

pwdMustChange: false

ibm-pwdpolicy: true

--------------------------------------------------

 

About zFlex Software

zFlex Software have over of 25 years experience working with the IT field.  Over 15 years working directly with IBM products and projects in Enterprise System Environments.  We focus on IBM product installation, Infrastructure Setup and Solution Design in the Mainframe (z/OS), Linux, Solaris and Window platforms.   Knowledge of these various platforms makes our consulting very flexible for Integration tasks around these various platforms, enabling zFlex to meet your business needs.

© 2016 zFlex Software,LLC. All Rights Reserved. Designed By zFlex Software

Search