LDAP Bind and Unix Password Expiration

If you have that the Portal logon ID is different than the Unix logon ID, and if the Unix password expired, the user could still log on to Portal , but the ability to run jobs in Portal would likely be cut off since the job submission is still executed by the user's Unix ID. (you could see the failures logged in the job log's and probably lajs.log) I think this would also be true if the your user(s) were also using a common default environment Unix ID who's password expired.

You don't want the ID/password indicated in your CAP file to expire. But of course you need to keep it secure.

Roger

Posted By Dave on 01/08/2010 03:29 PM

Wondering if you can help with a question on security.  We run LSF9 using Lawson Security and LDAP Bind (ADAM).  For our batch users we create a non-shell account in Unix with a non-expiring password.  If the Unix passwords are set to expire, what impact would it have on the Portal sign on, authentication, and ability for the user to run lawson online or batch jobs in Portal if the Unix OS password expired?  Thanks, Dave.

 

If there is no need for your users to logon directly to the server via LID or for an FTP utility, no password is required, at all. The accounts can be setup as locked or no password accounts "*" on the unix system. The Lawson env is still able to create print directories and run jobs under the user. I have setup both aix, sun and hp/ux in this fashion with no issues. However, a word of warning, with a unix system you are most likely using TDS for your Lawson LDAP and binding to ADAM for passwords/user authentication. Make sure to NOT expire the ldapdb2 user, which TDS uses to communicate to DB2 for your Lawson repository. If this password expires you will need to do more than simply unexpire it, it will require changing the Password in TDS and on the OS for your ldapdb2 user.