LSF portal password expiration

Sort:
You are not authorized to post a reply.
Author
Messages
seant
New Member
Posts: 3
New Member
    I am wondering if you are going to talk about LSF portal password expiration. I would like to know how you think it should work. Do you have any thoughts on the best way to control it? Should we take advantage of websphere/ldap authentication if our ldap is setup for password criteria? Or somehow update Lawson's code to display ldap messages?
    Thanks
    John Henley
    Senior Member
    Posts: 3348
    Senior Member
      Yes, I do plan on talking about it at some point...(although I'd much rather have Alex Tsekhansky to do it instead!)

      What LDAP are you using? Are you live yet, and/or have you installed LSF9 yet?
      Thanks for using the LawsonGuru.com forums!
      John
      seant
      New Member
      Posts: 3
      New Member
        We are using IBM Tivoli Directory Server. We are not live, but we have installed and are testing LSF9.
        John Henley
        Senior Member
        Posts: 3348
        Senior Member
          Are you using a directory service (e.g. Active Directory or NDS or what?)in addition to the Tivoli DS you installed with Lawson?

          What platform is Lawson running on (i.e. Windows, Unix, iSeries)?

          Are you upgrading/migrating from v8 or are you a new customer?

          Thanks for using the LawsonGuru.com forums!
          John
          seant
          New Member
          Posts: 3
          New Member
            No, we are not using a directory service.
            We are running on Unix.
            We are upgrading/migrating from v8.
            John Henley
            Senior Member
            Posts: 3348
            Senior Member
              The short answer is this:

              - If you're using "standard" Lawson 9.0, you're storing your Portal (SSOP) password within Lawson's LDAP container. You can configure Lawson Single-Sign On [SSO] to give your users the ability to change their passwords. However you CANNOT force any expiration or "strong" password rules.

              - You can "bind" the SSOP password to another LDAP (i.e. Active Directory or perhaps another [i.e. non-Lawson] Tivoli DS), which can enforce password expiration and password rules.

              - You can ONLY bind the SSOP password--not the environment password. For UNIX clients, this is pretty much status quo. For Windows clients, this is a step backwards.

              I will expand on this in more detail in future postings/articles.

              Are you *sure* you're not using a directory service? What do you use for your email?
              Thanks for using the LawsonGuru.com forums!
              John
              Peter Barnes
              New Member
              Posts: 2
              New Member
                Good morning John,
                This area of password changing is becoming an extremely hot topic, it would seem!
                We are about to go-live in November on GL and AP(version 9.0.0.4 - new Lawson Client), and would like to enforce standard password change functionality (obviously not in November, but as soon as possible thereafter).
                All in all, it would appear that we are unable (at this point) to invoke forced password updates within Lawson, but as we are an Iseries shop, and it would seem that we will be breaking new ground in trying to integrate Lawson and Active Directory binding.
                Could you possibly point us in the right/ANY direction for expertise/knowledge in this area?
                Your guidance would be oh so much appreciated.
                Regards,
                Peter
                John Henley
                Senior Member
                Posts: 3348
                Senior Member
                  I have not done an ldapbind on iSeries, but it should work OK--just as it does on UNIX/Windows.
                  Thanks for using the LawsonGuru.com forums!
                  John
                  You are not authorized to post a reply.