What I learned from trying to get a Windows client running with the z/os server:
IIRC, the "cn=xxx" are arbitrary strings that must exactly match those coded in the server. A 'user not defined' would be expected unless the ID you present is defined on the server as one with LPAD privileges. Actually, I would expect a 'user not defined' kind of error from Windows upon any number of issues, to include syntax errors, password error, expired password, etc etc etc. I'm not sure, but I think Windows' 'flavor' of LDAP may expect to see a suitably privileged 'bind' ID/password along with the ID/password in question. And, of course, that may also trigger a 'user not defined' response if not done correctly :-) HTH -----Original Message----- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Mark Hammack Sent: Tuesday, April 06, 2010 2:07 PM To: IBM-MAIN@bama.ua.edu Subject: z/OS LDAP client to Windows LDAP server I searched (maybe don't know what to ask) so if this has been discussed, please point me in the right direction. I am attempting to write an LDAP client on z/OS that will bind to AD running on Windows 2003 Server using the C API. The ldap_init() returns 0 and seems to connect OK (the only problem I have with this is that I tried an invalid server name and still got a return code 0). When I issue the ldap_sasl_bind()/ldap_request(), I get an error back indicating that the user is not defined (return code 49, data 525 error). For the DN string ("who" parameter), I have tried "cn=user.name,o=company,c=US", "uid=user.name", etc. (everything I can think of anyway) in both codepage 1047 and 1252 all with the same results. BTW, when I use the invalid LDAP server name, I get a completely different error so apparently, the connection is fine. Has anyone been successful with this and if so, what the heck am I doing wrong? Thanks in advance, Mark Hammack NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information. Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html