Topic
  • 5 replies
  • Latest Post - ‏2014-01-03T17:26:54Z by QTW1_sherif_hosney
SystemAdmin
SystemAdmin
5842 Posts

Pinned topic LDAP authentication - Set password

‏2012-12-06T10:22:42Z |
We use Maximo 7.5.0.0

When installing we choose option for security: Use application server and LDAP for authentication only

I don't understand where I should set password for users created in Maximo. In document Planning for Deployment Guide.pdf (Page 7) stands: "With this option, you can create your users and groups in the directory (LDAP) server or in Maximo .... Information entered in Maximo is never propagated to your directory".

If I create user in Maximo do I also need to create user in LDAP to set his password?

If need to create user in LDAP what is the point of creating user in Maximo?

Thnx!
Updated on 2013-03-13T19:23:51Z at 2013-03-13T19:23:51Z by swkim90049
  • amir_samir
    amir_samir
    158 Posts

    Re: LDAP authentication - Set password

    ‏2012-12-06T12:22:48Z  
    Hi ,
    Using LDAP integration , you should not create the users in maximo ,just run the VMMSYNC or LDAPSYNC for grapping the users from the LDAP.

    for the password , the user will use the password configured in LDAP and you don't have any kind of configuration for the password in maximo as this is the goal for using LDAP that let it authenticate the user.

    I'm using max 7.1.1.9 but i think the concept is the same

    BR,
    Amir Anwar
    Senior Software Engineer
    Beshay Steel Egypt
  • SystemAdmin
    SystemAdmin
    5842 Posts

    Re: LDAP authentication - Set password

    ‏2012-12-06T12:41:52Z  
    Hi ,
    Using LDAP integration , you should not create the users in maximo ,just run the VMMSYNC or LDAPSYNC for grapping the users from the LDAP.

    for the password , the user will use the password configured in LDAP and you don't have any kind of configuration for the password in maximo as this is the goal for using LDAP that let it authenticate the user.

    I'm using max 7.1.1.9 but i think the concept is the same

    BR,
    Amir Anwar
    Senior Software Engineer
    Beshay Steel Egypt
    Hi Amir! Thank you for your answer!

    At installation 7.5.0 you have three options:

    • Use application server and LDAP for authentication and user/group management
    • Use application server and LDAP for authentication only
    • Use Maximo internal authentication

    We choose second option - Use application server and LDAP for authentication only

    For these option doc says:

    "With this option, you can create your users and groups in the directory (LDAP) server or in Maximo. The information from the directory server is updated in your Maximo database by using a cron task. With this option, you can create additional users, security groups and assign group
    memberships in Maximo. Information entered in Maximo is never propagated to your directory."
    When I create user in Maximo, Maximo doesn't allow me to set up password. I don't know where should I set up password when user in Maximo is created . In WebSphere or LDAP or somewhere else?

    Thnx!
  • amir_samir
    amir_samir
    158 Posts

    Re: LDAP authentication - Set password

    ‏2012-12-06T14:15:25Z  
    Hi Amir! Thank you for your answer!

    At installation 7.5.0 you have three options:

    • Use application server and LDAP for authentication and user/group management
    • Use application server and LDAP for authentication only
    • Use Maximo internal authentication

    We choose second option - Use application server and LDAP for authentication only

    For these option doc says:

    "With this option, you can create your users and groups in the directory (LDAP) server or in Maximo. The information from the directory server is updated in your Maximo database by using a cron task. With this option, you can create additional users, security groups and assign group
    memberships in Maximo. Information entered in Maximo is never propagated to your directory."
    When I create user in Maximo, Maximo doesn't allow me to set up password. I don't know where should I set up password when user in Maximo is created . In WebSphere or LDAP or somewhere else?

    Thnx!
    This is little different from 7.1.1.9 as you can't add users in maximo unless you work around with the some property, and no propagation support from maximo database to the LDAP.
    As i told you before you should create the users in LDAP where you configure their password and grap them to maximo using cron task.
    my experience tell that no password saved in maximo database as long as LDAP authentication is used and when you change user password in LDAP , he must use the new one without even re-sync with maximo.
    this my experience in 7.1..19 , don know if 7.5 offers more flexible configuration and i think this scenario is more rational than what the document says.

    hope that is help

    BR,
    Amir
  • swkim90049
    swkim90049
    287 Posts

    Re: LDAP authentication - Set password

    ‏2013-03-13T19:23:51Z  
    Hi Amir! Thank you for your answer!

    At installation 7.5.0 you have three options:

    • Use application server and LDAP for authentication and user/group management
    • Use application server and LDAP for authentication only
    • Use Maximo internal authentication

    We choose second option - Use application server and LDAP for authentication only

    For these option doc says:

    "With this option, you can create your users and groups in the directory (LDAP) server or in Maximo. The information from the directory server is updated in your Maximo database by using a cron task. With this option, you can create additional users, security groups and assign group
    memberships in Maximo. Information entered in Maximo is never propagated to your directory."
    When I create user in Maximo, Maximo doesn't allow me to set up password. I don't know where should I set up password when user in Maximo is created . In WebSphere or LDAP or somewhere else?

    Thnx!
    If you are using option two - the user and password is created in LDAP. Then you create that user separately in Maximo. No password is created in Maximo. The loginid uses the password that was assigned to them in LDAP.
  • QTW1_sherif_hosney
    QTW1_sherif_hosney
    6 Posts

    Re: LDAP authentication - Set password

    ‏2014-01-03T17:26:54Z  
    If you are using option two - the user and password is created in LDAP. Then you create that user separately in Maximo. No password is created in Maximo. The loginid uses the password that was assigned to them in LDAP.

    Hello,

    First Of All I'd Like To Say Happy New Year

    Secondly, If You Don't Mind To Help Me Resolving My Issue I have a Customer Need For Regarding The LDAP Integration

    The Environment Is SCCD 7.5.1 Win2008 and The MSAD2008

    I've Implemented a Federated Repository On WAS 7 and Every Thing Is OK in Addition To Mapping All Users To All Authenticated In APP Realm

    My Issue Is I Need To SYNC The Users Only Members From Maximousers Group

    The Users Exists in many OU's Like (HR, IT..etc) under the Domain

    I've Been Used VMMsync and I know The Limitations of The Filter So I tried many scenarios and Finally I Can Sync All Users

    But My Issue Is To Sync The Members From The Maximo Users Group Only, Something  Like (Memberof=maximousers)

    I also Tried To Use LDAPsync But I Get Nothing

    Can u PLS Help Me

    Thanks In Advance