Helping us help you - ITM Bitesize Edition - Long Usernames on the TEP?
ShaunR 2700005SW1 Visits (4069)
So this is the first of a series we hope to be doing looking at archived technotes/DCFs that we still think are of value to our customers and re-publishing them as blog posts. Today we're going to look at one where we investigate how to use usernames of more than ten characters to login to the TEP.
You need to start by enabling LDAP on the TEPS. Ensure that the same user does not exist in two different repositories. It is recommended that you leave sysadmin out of the LDAP repository. The TEPS database stores information about users in the KFWUSER table, and the usernames cannot be longer than 10 characters. To get around this you need to follow these steps:
(1) Let a user 'longusername1' be defined in LDAP directory.
(2) Login to TEP as sysadmin and define a new user account. In this example, enter the user id as 'longuser1' (i.e. containing less than 10 characters)
(3) Select the DN corresponding to the following entry and set and save the permissions as below:
(4) There will now be an entry in KFWUSERALIAS which maps this longer DN to the short username
(5) By default, we use the value within the uid attribute within the LDAP repository. This means that when the user wishes to log in they must enter the value of uid which is specified for cn=l
(6) Then the following occurs:
(i) TEPS sends eWAS the login ID ("longusername1")
(iv) It verifies that the password entered matches that of the matched entry
(v) It consults the KFWUSERALIAS table to find the USERID that corresponds to the DN and uses this to determine what privileges are available for the TEP session, as defined in KFWUSER
(7) Once past the last step, the TEPS then treats the USERID as any other account and does not care whether it is an LDAP account or not.
I hope you find this content useful, please let me know if you do!