Remember
the following information when you use an LDAP server to perform SPD
Server user authentication:
-
SPD Server users can be authenticated
by an LDAP server, or by the
psmgr utility,
but not by both. The type of authentication to be performed is specified
in the server.parm file, which is read when SPD Server is invoked.
-
If you are changing from using
the LDAP server to using the
psmgr utility
for authentication, all LDAP parameters must be removed from the SPD
Server server.parm file. You must restart SPD Server so that the changes
to the server.parm file are read.
-
When you configure SPD Server to
perform user authentication using the LDAP server, the
psmgr utility is still needed. When using the LDAP server,
a password database record is required for each SPD Server user. SPD
Server uses the
psmgr utility's password
database to perform user access control tasks and other tasks that
are not related to user authentication.
-
Users that connect to an SPD Server
must have corresponding logon information on the LDAP server. The
LDAP server user ID and the SPD Server user ID formats are the same.
The logon password format is the host-operating-system format. A user
ID must be 8 characters or less.
-
Some LDAP server products might
require users to enter host logon information. In these cases, confirm
with your LDAP server administrator that the host logon information
exists in the LDAP database.
-
If you are using LDAP user authentication,
and you create a user connection that uses the NEWPASSWORD= LIBNAME
option, the user password is not changed. If you want to change a
user password, follow the operating system procedures to change a
user password, and check with your LDAP server administrator to ensure
that the LDAP database records the password changes.