OnDemand User Group
Support Forums => MP Server => Topic started by: wan_smit on July 15, 2019, 12:42:33 AM
-
Hi, we plan to upgrade from CMOD MP 9.5 to 10.1. But there have requirement abut LDAP as below.
In the case we connect CMOD with AD, we need to create the same user name on CMOD and set local password. We found that in the case of there don’t have user name in AD, CMOD will go back to do local authenticate. Customer would like to force disable local authentication if there no this user on AD. Not sure there have the way to do?
-
I think the reason this doesn't exist is because if the AD/LDAP server is down, then NOBODY can log in to CMOD -- not even administrators. And that could cause all kinds of crazy failures - like failed loads, etc.
-JD.
-
Yes, you can. Set ARS_LDAP_OD_AUTHORITY_FALLBACK=FALSE in your CMOD config. The only user exempt is the CMOD admin ID.
If a user is not found in LDAP then authentication will fail.
Thanks,
RR
-
Ah! I'm happy to be corrected and learn about a previously unknown feature... :)
-JD.
-
Here is a link that talks about many of the scenarios one might encounter when using LDAP for authentication.
http://www-01.ibm.com/support/docview.wss?uid=swg21597246 (http://www-01.ibm.com/support/docview.wss?uid=swg21597246)
-Rob