Create a login policy to define password and login parameters for users connecting to a multiplex database. Multiplex servers can only be accessed by logical servers, which can be assigned the login policy.
| Database Version | Login Policy Privileges |
|---|---|
| SAP Sybase IQ 15.3 and 15.4 | Requires one of:
|
| SAP Sybase IQ 16.0 | Requires MANAGE ANY LOGIN POLICY system privilege. |
| Option | Description |
|---|---|
| Select the server for which the login policy will be created | From the list, select the resource for which the login policy will be created. |
| What do you want to name the new login policy? | Enter a unique name for the new login policy; maximum 128 characters. |
| What would you like the comment to be for this login policy. | (Optional) Enter a comment for the login policy. |
| Option | Description |
|---|---|
| Options | Password life time – Number of days the password is
valid. The user must reset the password when the lifetime expires. Valid range
is 0 - unlimited (default). Password grace time – Number of days before password expiry that users receive warnings that the password is about to expire. Valid range is 0 (default) - unlimited. Password expiry on next login – Whether the user must reset the password at the next login. Valid values are ON and OFF (default). Locked – Whether the user account is locked when maximum number of failed login attempts is exceeded. Valid values are ON and OFF (default). Maximum connections – Number of times the same user can be logged in to the server. Valid range is 0 - unlimited (default). Maximum failed login attempts – Number of failed login attempts before the account is locked. Valid range is 0 - unlimited (default). Maximum days since login – Number of days allowed between logins before the account is locked. Valid range is 0 - unlimited (default). (16.0 only) Auto unlock time – The time period after which locked accounts are automatically unlocked. This option can be defined in any login policy, including the root login policy. Valid range is 0 - unlimited (default). (16.0 only) LDAP primary server – The name of the primary LDAP server configuration object. (16.0 only) LDAP secondary server – The name of the secondary LDAP server configuration object. (16.0 only) LDAP auto failback period – The time period, in minutes, after which automatic failback to the primary server is attempted. Valid range is 0 - unlimited. Default is 15 minutes. (16.0 only) LDAP failover to standard authentication – Permits authentication with standard authentication when authentication with the LDAP server fails due to system resources, network outage, connection timeouts, or similar system failures. However, it does not permit an actual authentication failure returned from an LDAP server to fail over to standard authentication. Valid values are ON (default) and OFF. (16.0 only) Change password dual control – Requires input from two users, each granted the CHANGE PASSWORD system privilege, to change the password of another user. Valid values are ON and OFF (default). (16.0
only)Default logical server – Sets the logical
server if the connection string omits a Logical Server parameter.
(15.3, 15.4 only) DQP Enabled – Enables or disables DQP at the connection level. Default is ON. |
| Clear All Overridden Values | Clears all override values set. |
| Restore to IQ Default | Changes all option settings back to default values. |
| Option | Description |
|---|---|
| Assignment Type | CUSTOM – Allows access to user defined logical
server(s), including OPEN. Select each logical server assignment to be
overridden. DEFAULT – Inherits logical server assignment of ROOT login policy. NONE – Disallows access to any logical server. SERVER – Allows access to every multiplex node. Connection requires ACCESS SERVER LS system privilege. |
| Assign logical servers to the login policy by selecting the check box | (For CUSTOM only): Select the logical servers to add to the login policy to. |
| Option | Description |
|---|---|
| Select a logical server and specify option overrides | Specifies the value of the Max Conn. (maximum
connection) parameter, which overrides the inherited value.
|
| Option | Description |
|---|---|
| Enable LDAP user authentication | Select to allow configuration of SAP Sybase IQ LDAP server properties in a login policy. |
| Primary LDAP server | Specify the name of the primary SAP Sybase IQ LDAP serverby name. |
| Secondary LDAP server | Specify the name of the secondary SAP Sybase IQ LDAP server by name. |
| Auto failback period | Specify the time period in minutes after which automatic failback to the primary server will be attempted. Valid range is 0 - 2147483647. Default value is 15 minutes. |
| Failover to standard authentication | Permits authentication with Standard authentication when authentication with the SAP Sybase IQ LDAP server fails due to system resources, network outage, connection timeouts, or similar system failures. However, it does not permit an actual authentication failure returned from an SAP Sybase IQ LDAP server to failover to Standard authentication. Default value is ON. |
| Record LDAP DN refresh time | At the time this login policy option is created or modified, the current time value is stored with the login policy. This is the timestamp that each user authentication compares against the value found for the user in the ISYSUSER system table. When the value in the login policy is newer than the value defined in ISYSUSER, the search for a user DN is done to refresh the value in ISYSUSER. The value NOW is the only valid value to assign to this policy option. All others result in an error. The value is stored as a string in the server’s default format. Regardless of the server’s local timezone, the value is stored in Coordinated Universal Time (UTC). Select the option to record the refresh SAP Sybase IQ LDAP server DN time. |