- Problem when testing the Top Secret control option NEWPW setting SC with the Top Secret option PASSCHAR()
- Our password options are:
TSS9661I CA Top Secret PASSWORD Status
NEWPW(MIN=08,MAX=008,WARN=03,MINDAYS=01,FA,FN,MC,SC)
HPBPW(002) MSUSPEND(NO) NPWRTHRESH(2)
PWEXP(090) PWHIST(05) PTHRESH(005)
PWVIEW(NO) PASSCHAR(&,*,à,:,$,=,!,-,%,.,£,?,_)
PWVERIFY(NO) PWENC(DES3) PWADMIN(NO)
- Use the French keyboard and the IBM-1147 code page. The Top Secret option PASSCHAR() as defined in our shop does not work.
- From our SSO tool, when signing in with a password containing the character "!", the password is converted with a "§" e.g. below:
TSS REPLACE(myacid) PASSWORD(Anypwd§)
- Must have your LDAP maintenance level at RO93183. This level allows the new ldap option "enable_cmd_dump" in the slapd.conf file.
This option enables us to see exactly what is passed to the ldap server and what the characters look like.
e.g.: see the following excerpt of a slapd.conf file
###############################################################
# catss_utf database specific definition
#
# This definition is NOT for Identity Manager
# or Web Admin
##############################################################
database catss_utf
suffix "host=usi252me,o=ca,c=us"
enable_cmd_dump
codeset IBM-1147
naming_mode tss
*** End Of Data ***
This is very useful when dealing with a code page other than the IBM-037 for debugging purposes.
You do not have to set this parameter on standard usage (running in production).
Other LDAP parameters must be set in your slapd.conf to get complete results. See below for the additional parameters (highlighted in bold):
###############################################################
# code page France
###############################################################
authCodeset IBM-1147
and in the following section
###############################################################
# catss_utf database specific definition
#
# This definition is NOT for Identity Manager
# or Web Admin
##############################################################
database catss_utf
suffix "host=usi252me,o=ca,c=us"
codeset IBM-1147
naming_mode tss
*** End Of Data ***
The last thing to be aware of is when using an ldap command and ldif file in console mode.
You have to set language environment variable (if not already done) to use the right code page by issuing the following command:
export LC_ALL=Fr_FR.IBM-1147
To check how this variable is set, issue a "printenv" , e.g. see below:
# printenv
_BPX_TERMPATH=OMVS
PATH=/usr/lpp/java/J7.0/bin:.:/bin
SHELL=/bin/sh
COLUMNS=80
_=/bin/printenv
STEPLIB=GSK.SGSKLOAD:DB2.DB2810.SDSNEXIT:DB2.DB2810.SDSNLOAD:CEE.SCEERUN:CEE.SCEERUN2
LOGNAME=hulja01
LIBPATH=/usr/lpp/java/J7.0/bin:/lib:/usr/lib:
TERM=dumb
HOME=/u/hulja01
LINES=39
DSNAOINI=/cai/caldap/caldap.odbcini.xe52
LC_ALL=Fr_FR.IBM-1147
JAVA_HOME=/usr/lpp/java/J7.0
TZ=UTC0
#
This way your ldif file will be correctly converted as the LDAP is expecting UTF8 code.