Managing platform users and changing passwords
The appliance administrator can manage platform users in the internal LDAP domain by using the LDAP tools. Platform users can change their own passwords using the passwd command.
The LDAP tools are located in /opt/ibm/appliance/platform/ldap/bin. Log files for the LDAP tools can be found in /var/log/appliance/ldap/ap_ldap.log
The following tools are available for user management:
- ap_ldap_user_add.pl – Creates and adds user to a specific group
- ap_ldap_user_mod.pl – Modifies the existing user attributes such as groups and/or password
- ap_ldap_user_del.pl – Deletes a particular user
- ap_ldap_list.pl – List current users (internal LDAP) and groups
For example, if a user needs to log in to the nodes of the appliance, and not to the database,
then the user ID needs to be created by the member of the ibmapadmin group (for
example, apuser) by using the tool ap_ldap_user_add. The created
user can then use ssh to log in to any node, and change their password by using
the passwd command.