Author Topic: How to force disable local authentication when connect to LDAP  (Read 1913 times)

wan_smit

  • Newbie
  • *
  • Posts: 2
    • View Profile
Hi, we plan to upgrade from CMOD MP 9.5 to 10.1. But there have requirement abut LDAP as below.

In the case we connect CMOD with AD, we need to create the same user name on CMOD and set local password. We found that in the case of there don’t have user name in AD, CMOD will go back to do local authenticate. Customer would like to force disable local authentication if there no this user on AD. Not sure there have the way to do?


Justin Derrick

  • IBM Content Manager OnDemand Consultant
  • Administrator
  • Hero Member
  • *****
  • Posts: 2228
  • CMOD Guru for hire...
    • View Profile
    • Tenacious Consulting
Re: How to force disable local authentication when connect to LDAP
« Reply #1 on: July 15, 2019, 06:15:20 AM »
I think the reason this doesn't exist is because if the AD/LDAP server is down, then NOBODY can log in to CMOD -- not even administrators.  And that could cause all kinds of crazy failures - like failed loads, etc.

-JD.
IBM CMOD Professional Services: http://TenaciousConsulting.com
Call:  +1-866-533-7742  or  eMail:  jd@justinderrick.com
IBM CMOD Wiki:  https://CMOD.wiki/
FREE IBM CMOD Education & Webinars:  https://CMOD.Training/

Interests: #AIX #Linux #Multiplatforms #DB2 #TSM #SP #Performance #Security #Audits #Customizing #Availability #HA #DR

rjrussel

  • Full Member
  • ***
  • Posts: 137
    • View Profile
Re: How to force disable local authentication when connect to LDAP
« Reply #2 on: July 15, 2019, 09:28:26 AM »
Yes, you can. Set ARS_LDAP_OD_AUTHORITY_FALLBACK=FALSE in your CMOD config. The only user exempt is the CMOD admin ID.

If a user is not found in LDAP then authentication will fail.

Thanks,

RR

Justin Derrick

  • IBM Content Manager OnDemand Consultant
  • Administrator
  • Hero Member
  • *****
  • Posts: 2228
  • CMOD Guru for hire...
    • View Profile
    • Tenacious Consulting
Re: How to force disable local authentication when connect to LDAP
« Reply #3 on: July 15, 2019, 12:27:30 PM »
Ah!  I'm happy to be corrected and learn about a previously unknown feature...  :) 

-JD.
IBM CMOD Professional Services: http://TenaciousConsulting.com
Call:  +1-866-533-7742  or  eMail:  jd@justinderrick.com
IBM CMOD Wiki:  https://CMOD.wiki/
FREE IBM CMOD Education & Webinars:  https://CMOD.Training/

Interests: #AIX #Linux #Multiplatforms #DB2 #TSM #SP #Performance #Security #Audits #Customizing #Availability #HA #DR

rjrussel

  • Full Member
  • ***
  • Posts: 137
    • View Profile
Re: How to force disable local authentication when connect to LDAP
« Reply #4 on: July 15, 2019, 01:27:38 PM »
Here is a link that talks about many of the scenarios one might encounter when using LDAP for authentication.

http://www-01.ibm.com/support/docview.wss?uid=swg21597246

-Rob