Allow select users to authenticate using standard authentication in an environment that supports only LDAP user authentication.
When granting the select users access using standard authentication, ensure that at least one of those users has the SET ANY SECURITY OPTION or MANAGE ANY LOGIN POLICY system privileges to allow them to permanently resolve the issue. Depending on the underlying cause of the inability of any users to log in using LDAP user authentication, one or both of these system privileges might be required to permanently resolve the issue. You can specify a maximum of five user IDs, separated by semicolons, and enclosed in double quotation marks.
Grant standard authentication access only after the lockdown problem has occurred; you need not set it in advance. It does not need to be set in advance. To allow select users to log in using standard authentication, execute the start_iq utility with the –al user-id-list command line switch. Once granted, at the credentials prompt, the user enters his or her standard authentication user name and password.
Include the -al switch at either the server or database level. At the server level, the -al switch remains in effect until the next time the server is restarted. At the database level, the -al switch remains in effect until the next time the database is stopped and restarted.
Level | Statement |
---|---|
Server | start_iq -al "user1,user2,user3" server_name.cfg database-name.db |
Database | start_iq servername.cfg database_name.db -al "user1,user2,user3" |
This example assumes that login_mode is set to “LDAPUA”. This command allows users Alice, Bob, and Carol to authenticate using standard authentication on database1 on server1:
start_iq –al "alice;bob;carol" server1.cfg database1.db