How do you manage the user "tdsadmin" in IBM Rational Directory Server (RDS)?
The user tdsadmin has a very special status in Rational Directory Server (RDS) and the credentials must be managed correctly.
- Scope of this Technote: About Rational Directory Server (RDS) installation modes
- tdsadmin can refer to several unrelated user accounts
- Account tdsadmin is mandatory to manage RDS
- Account tdsadmin is not mandatory to manage your Corporate LDAP (RDS Tivoli or Apache in Corporate mode)
- About the tdsadmin OS profile
- tdsadmin password lifecycle
- Instructions to change the tdsadmin password in RDS
- Instructions to reset the tdsadmin password in RDS Tivoli
- Resetting the tdsadmin password in your IBM Rational Change installation
1. Scope of this Technote: About RDS installation modes
table 1: RDS versions and installation modes
Depending on what version and what installation mode you chose, you need to manage the credentials of usertdsadmin the appropriate way. This Technote covers all modes (Apache/Tivoli, Standalone/Corporate/OS).
2. Thetdsadmin can refer to several unrelated user accounts
The tables below show how to avoid confusion regarding accountstdsadmin.
table 2: rules for every installation mode
table 3:tdsadmin passwords
Finally, please note thattdsadmin also refers to the name of the db2 instance used by RDS (which makes it a 3rd tdsadmin for you to be aware of!). However, this is strictly internal to db2. If you're not familiar with db2, simply ignore thistdsadmin.
3. Accounttdsadmin is mandatory to manage RDS
It must to be present in every RDS installation mode, as seen in table 2. You cannot use the RDA web-based interface without it.
Technote 1445659: Using a non tdsadmin account for Rational Directory Administration states that "tdsadmin is the only appropriate user to use IBM Rational Directory Administration (RDA) for the administration of IBM Rational Directory Server (RDS)".
4. Accounttdsadmin is not mandatory to manage your Corporate LDAP (RDS Tivoli or Apache in Corporate mode)
tdsadmin is meant only to manage RDS and is not required in your Corporate LDAP, as seen in table 2.
5. About thetdsadmin OS profile
Table 2 shows that :
5.1. Atdsadmin OS user is mandatory in every RDS Tivoli installation mode.
This is required to connect to the underlying db2 database. See section 9 to know how to change it.
5.2. Atdsadmin OS user is not required in any of the RDS Apache installation modes (even in OS authentication mode!).
Every other user's information will be retrieved from the OS, but the information for usertdsadmin is stored only in RDS. If you have created atdsadmin user in the OS, it will have no impact on RDS and their passwords won't be synchronized.
The 'tdsadmin' password never expires in RDS".
This applies to all installation modes.
If you have RDS Tivoli, then, as stated in section 5.1, you also have atdsadmin user in your OS. It has been created automatically by the RDS installation. Its password's expiration policy is set by your OS settings.
7. Instructions to change the tdsadmin password in RDS
These instructions apply to every RDS version and every installation mode.
When you know the currenttdsadmin password follow the steps below, otherwise refer to the section 8 "Instructions to reset" of this Technote.
1. Login to the RDA web-based interface as usertdsadmin
(consult the RDS manual to know how to start RDA)
2. Change the password for usertdsadmin
Consult TechNote 1413301: "Change or reset tdsadmin password in RDS Tivoli" for instructions to reset thetdsadmin password in RDS Tivoli on Windows and Unix.
During the installation of Rational Change, the Admin User enters the URL for Rational Change Admin in a web browser and is first prompted to configure the RDS installation details. Here, you enter the RDS URL, and thetdsadmin username and password. This is a one time operation and this information is written to the following file:
When thetdsadmin username or password is changed or the RDS URL is changed you need to do the following:
- Delete the file
- Restart Rational Change
- Login to Rational Change as the admin user
- You will be prompted to configure RDS once again
- Enter the new RDS URL, tdsadmin username and password