IBM Support

Number of TAM users in LDAP

Question & Answer


Question

How do I determine the number of TAM users in LDAP?

Answer

A simple search for all secUser objects can be used to determine the number of TAM users.

First, determine the LDAP data model being used. Here are the steps:

1) Determine the data model,

idsldapsearch -h ldaphost -D cn=root -w **** -b "" -s sub objectClass=secAuthorityInfo
secAuthority=Default
objectclass=secAuthorityInfo
objectclass=eApplicationSystem
objectclass=eSystem
objectclass=cimLogicalElement
objectclass=cimManagedSystemElement
objectclass=cimManagedElement
objectclass=top
secAuthority=Default
version=6.0 <==================== Check this attribute.
installDate=20091015212617.0Z

If version=6.0, then the data model is Minimal.
If the version=1.0 or version=3.0, then the data model is Standard.

2) Search for secUser accounts based on model.

Minimal
This model only requires searching down the secAuthority=Default suffix. For example:

idsldapsearch -h ldaphost -D cn=root -w **** -b "secAuthority=Default" -s sub objectClass=secUser dn

The output looks similar to:

principalName=sec_master,cn=Users,secAuthority=Default
principalName=ivmgrd/master,cn=Users,secAuthority=Default
principalName=default-webseald/earth.tivlab.austin.ibm.com,cn=Users,secAuthority=Default principalName=thomas,cn=Users,secAuthority=Default
principalName=adtest,cn=Users,secAuthority=Default
principalName=tamosadm,cn=Users,secAuthority=Default
principalName=ivacld/earth,cn=Users,secAuthority=Default
....

As you can see, some of the TAM internal accounts will be displayed. These can be filtered out as needed.


Standard
This model requires searching down your actual user suffix. For example:

idsldapsearch -h ldaphost -D cn=root -w **** -b "o=level2,c=us" -s sub objectClass=secUser dn

The output looks similar to:

secAuthority=Default,cn=bill,o=level2,c=us
secAuthority=Default,cn=gso-user,o=Level2,c=us
secAuthority=Default,cn=not-gso-user,o=Level2,c=us
secAuthority=Default,cn=steve,o=level2,c=us
secAuthority=Default,cn=operator,o=Level2,c=us
...

If you have more than one user suffix search each suffix.

Note: The searches will not return any of the TAM internal accounts. If you want to search for the TAM internal accounts the search for Minimal model can be modified accordingly. For example:

idsldapsearch -h ldaphost -D cn=root -w **** -b "secAuthority=Default" -s sub objectClass=secUser dn

secAuthority=Default,cn=SecurityMaster,secAuthority=Default
secAuthority=Default,cn=ivmgrd/master,cn=SecurityDaemons,secAuthority=Default
secAuthority=Default,cn=ivacld/sumo,cn=SecurityDaemons,secAuthority=Default
secAuthority=Default,cn=default-webseald/sumo,cn=SecurityDaemons,secAuthority=Default
...

Similar searches using objectClass=secGroup can be used to determine the number of TAM groups for either data model.

[{"Product":{"code":"SSPREK","label":"IBM Security Access Manager for Web"},"Business Unit":{"code":"BU008","label":"Security"},"Component":"Base","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.0;6.1;6.1.1","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Product Synonym

TAMeB

Document Information

Modified date:
16 June 2018

UID

swg21592709