Re: LDAP server
Yes they match. I just tried it again to be sure. No messages appear in the console log when I issue this command. Don't know if it is supposed to or not, just an FYI. See console log below(regarding adminDN): console *TOF* DTCRUN1022I Console log will be sent to default owner ID: TCPMAINT DTCRUN1011I Server started at 15:46:39 on 10 Nov 2009 (Tuesday) DTCRUN1011I Running server command: LDAPSRV DTCRUN1011I No parameters in use DTCLDP2107I Using server configuration file: DS CONF D1 DTCLDP2107I Using environment variable file: DS ENVVARS D1 DTCLDP2107I Using server module: GLDSRV31 MODULE E2 091110 20:46:40.204800 GLD1003I LDAP server is starting. 091110 20:46:40.204997 GLD1001I LDAP server version 3.20, Service level OA24676 091110 20:46:40.205121 GLD1002I LDAP runtime version 3.20, Service level OA2467 091110 20:46:40.258341 GLD1023I Processing configuration file //DD:CONFIG. 091110 20:46:40.266991 GLD1024I Configuration file //DD:CONFIG processed. Server Configuration adminDN: cn=llAdmin, o=LLIC adminPW: *configured* allowAnonymousBinds: on armName: GLDSRVR /console -Original Message- From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Alan Altmark Sent: Tuesday, November 10, 2009 5:33 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: LDAP server On Tuesday, 11/10/2009 at 04:16 EST, Gentry, Stephen stephen.gen...@lafayettelife.com wrote: I?m trying to set up the LDAP server in VM 5.4. I?m using the redbook, ?Security on z/VM?, chap. 3, z/VM LDAP server. I?ve pretty much taken all the defaults, as shown in the chapter, except I?m not using RACF, therefore, no ESM. When I issue the following: ldapmdfy -h 10.15.1.160 -D cn=llAdmin -w x -f //USRSCHEM.LDIF -u on I get the following: ldapmdfy -h 10.15.1.160 -D cn=llAdmin -w x -f //USRSCHEM.LDIF -u on ldap_sasl_bind_s: Credentials are not valid ldap_sasl_bind_s: additional info: R004062 Credentials are not valid (process_simple_bind) What Credentials is it fussing about? That it doesn't like the combination of llAdmin and/or x. Do those match the values for AdminDN and AdminPW in DS CONF? Alan Altmark z/VM Development IBM Endicott
Re: LDAP server
On Wednesday, 11/11/2009 at 09:22 EST, Gentry, Stephen stephen.gen...@lafayettelife.com wrote: Yes they match. Server Configuration adminDN: cn=llAdmin, o=LLIC adminPW: *configured* allowAnonymousBinds: on A possibility: You have o=LLIC on the AdminDN, but you didn't provide it on your ldapmodify. Do you have o=LLIC on a SUFFIX statement in DS CONF? I don't normally see suffixes on AdminDN definitions. Alan Altmark z/VM Development IBM Endicott
Re: LDAP server
To answer your question: Do you have o=LLIC on a SUFFIX statement in DS CONF? -- yes I removed the o=LLIC option from the adminDN parameter and the command worked. I was doing what the book said to do, officer, honest. I'm a newb when it comes to LDAP stuff. Thanks for your help. onward . . . . Steve -Original Message- From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Alan Altmark Sent: Wednesday, November 11, 2009 12:58 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: LDAP server On Wednesday, 11/11/2009 at 09:22 EST, Gentry, Stephen stephen.gen...@lafayettelife.com wrote: Yes they match. Server Configuration adminDN: cn=llAdmin, o=LLIC adminPW: *configured* allowAnonymousBinds: on A possibility: You have o=LLIC on the AdminDN, but you didn't provide it on your ldapmodify. Do you have o=LLIC on a SUFFIX statement in DS CONF? I don't normally see suffixes on AdminDN definitions. Alan Altmark z/VM Development IBM Endicott
Re: LDAP server
On Tuesday, 11/10/2009 at 04:16 EST, Gentry, Stephen stephen.gen...@lafayettelife.com wrote: I?m trying to set up the LDAP server in VM 5.4. I?m using the redbook, ?Security on z/VM?, chap. 3, z/VM LDAP server. I?ve pretty much taken all the defaults, as shown in the chapter, except I?m not using RACF, therefore, no ESM. When I issue the following: ldapmdfy -h 10.15.1.160 -D cn=llAdmin -w x -f //USRSCHEM.LDIF -u on I get the following: ldapmdfy -h 10.15.1.160 -D cn=llAdmin -w x -f //USRSCHEM.LDIF -u on ldap_sasl_bind_s: Credentials are not valid ldap_sasl_bind_s: additional info: R004062 Credentials are not valid (process_simple_bind) What Credentials is it fussing about? That it doesn't like the combination of llAdmin and/or x. Do those match the values for AdminDN and AdminPW in DS CONF? Alan Altmark z/VM Development IBM Endicott