Disabling Active Directory authentication

If you choose to disable external LDAP support with Windows Active Directory, ensure you either delete or back up all the user directories. Ensure none of the existing Active Directory users are logged in.

About this task

Attention: Once you disable Active Directory support from IAS, you may need to re-create the required users as local appliance users.

Procedure

  1. Log in to the first (node0101) or second (node0102) node of IAS as apuser.
  2. All users must be removed from the ibmapusers and ibmapadmin groups. For example, run the following command to remove a user named user1:
    ap_external_ldap.pl usermod --group none user1
  3. Run the following command to disable external LDAP authentication with Active Directory for platform users:
    ap_external_ldap.pl disable