I resurrected LDAP at our shop from work a previous sysprog had done--biggest challenge for me was all the parm comments so I blasted all of those so I could see the parms clearly. Second, there is an order to the parms and if you don't get it right, LDAP won't come up properly. Next was sizing the database consistent with my security teams' needs. Finally, working with the Security Application team, I found debug options hugely helpful, just don't turn on too much or LDAP will not run well.
Here are some manuals you might find useful: https://www.ibm.com/docs/en/zos/2.4.0?topic=tivoli-directory-server-zos -----Original Message----- From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf Of Dave Jousma Sent: Thursday, May 19, 2022 2:25 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: EXTERNAL: IBM LDAP question Any IBM mainframe LDAP users out there? Using SDBM (RACF backend)? I am illiterate in LDAP protocols/configuration, etc. We are trying to configure IBM LDAP so that our Beyond Trust password safe can communicate and manage its accounts in the MF space. However, we are having a problem with LDAP attributes (keywords). With SDBM backend - all the ldap attributes are prefixed racf...... such as racfPassword, yet the openldap attribute name is userpassword. So LDAP calls from password safe to mainframe LDAP are failing with: ERROR buildKeywordArray()915: No table entry for attribute 'userpassword' It cannot be this hard....but alas is, because none of us here are ldap literate at the moment. I read about creating alias's, but having hard time figuring out how to create an alias of racfPassword and calling it userpassword. If I am barking up the wrong tree, please someone point it out. If anyone can assist, I'd be grateful! we do have ticket open with IBM, but not getting a lot of traction. Thanks, Dave ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
