LDAP on AIX - the continuing tragedy... - Aix

This is a discussion on LDAP on AIX - the continuing tragedy... - Aix ; Oh fellow AIXers, A while back I reported on the success I had configuring a rather simple LDAP server on AIX. All it needs to do is spoon out passwords to everybody who asks. And for weeks on end it ...

+ Reply to Thread
Results 1 to 11 of 11

Thread: LDAP on AIX - the continuing tragedy...

  1. LDAP on AIX - the continuing tragedy...

    Oh fellow AIXers,

    A while back I reported on the success I had configuring a rather
    simple LDAP server on AIX. All it needs to do is spoon out passwords
    to everybody who asks. And for weeks on end it ran without fail,
    whereupon it shat itself afer a reboot. My Test/Dev domain has been
    without LDAP since.

    Now I do have one NON-NEGOTIABLE requirement: LDAP must keep its
    filthy mitts out of /home, because that is reserved, surprisingly, for
    users' home directories. It lives on an NFS server, and is accessed
    using the automounter. Putting a symlink there is Not Possible. I have
    also tried, and failed, to mount a local directory using the
    Automounter, so /home is a no-go area for authentication servers.
    Period.

    This rules out using mksecldap for the whole of the operation, because
    that piece of shi^H^Hoftware actually assumes not only that I want to
    put DB2 databases in ldapdb2's home directory, but also that that home
    directory is /home/ldapdb2. It is actually HARD-CODED in the script.
    After a week of installing, reinstalling, browsing the Usenet groups,
    perusing IBM-style documentation in dozens of PDFs, I want to meet the
    maker of that program. In a dark alley. With no witnesses.

    I am now turning to the Community At Large, asking what I'm doing
    wrong. This is the procedure, more or less in script form, though I
    type in the commands as you see them:

    #----------------------------------------------------------------------
    # STARTING POINT: Freshly installed AIX 5.3 system. TL5, SP5.
    #----------------------------------------------------------------------

    #----------------------------------------------------------------------
    # STAGE ONE: INSTALLING AND STARTING THE SERVER
    #----------------------------------------------------------------------

    # Make the users and groups
    mkgroup id=30006 ldap
    mkgroup id=30007 users=root dbsysadm
    mkuser id=30002 pgrp=ldap groups=ldap umask=002 home=/local/data/ldap/
    ldap \
    gecos="Lightweight Directory Access Protocol administrative
    user" ldap
    mkuser id=30003 pgrp=dbsysadm groups=ldap umask=002 \
    home=/local/data/ldap/ldapdb2 \
    gecos="LDAP DB2 database administrator" ldapdb2

    # Set passwords on non-personal accounts to p@ssw0rd
    # - security is overrated anyway.
    passwd ldap;pwdadm -c ldap
    passwd ldapdb2;pwdadm -c ldapdb2

    # Found this in a post somewhere...
    chmod 775 /local/data/ldap/ldapdb2

    # DB2 likes async I/O.
    chdev -l aio0 -a autoconfig=available
    mkdev -l aio0

    # Install the requisite software
    installp -acgXYd /data/sw/AIX/aix53/latest \
    db2_08_01.ca db2_08_01.cc db2_08_01.cj \
    db2_08_01.client db2_08_01.cnvucs db2_08_01.conn
    db2_08_01.conv \
    db2_08_01.cs.rte db2_08_01.das db2_08_01.db2.engn
    db2_08_01.db2.rte \
    db2_08_01.db2.samples db2_08_01.essg db2_08_01.icuc
    db2_08_01.icut \
    db2_08_01.jdbc db2_08_01.ldap \
    db2_08_01.msg.en_US.iso88591 db2_08_01.pext db2_08_01.repl \
    db2_08_01.sqlproc ldap.client.adt ldap.client.rte
    ldap.server.cfg \
    ldap.server.com ldap.server.java ldap.server.rte \
    X11.apps.config
    # X11.apps.config is just so I can ssh -X to the box, and run ldapxcfg

    # Reboot the server here...
    reboot
    #----------------------------------------------------------------------

    # License the DB2 server for LDAP
    /usr/opt/db2_08_01/adm/db2licm -a /usr/ldap/etc/ldap-custom-db2ese.lic

    # Pre-configure the LDAP server
    export LDAP_DBG=1
    cd /tmp

    ldapcfg \
    -u 'cn=root,dc=utopia,dc=johnguest,dc=com' \
    -p 'p@ssw0rd' \
    -n

    # Build an empty LDAP server
    ldapcfg \
    -a ldapdb2 \
    -w 'p@ssw0rd' \
    -c \
    -i \
    -o \
    -l /local/data/ldap/ldapdb2 \
    -d ldapdb2 \
    -t ldapdb2 \
    -n

    # Found this in another post and it can't hurt...
    chmod 775 /local/data/ldap/ldapdb2/ldap32kcont_ldapdb2

    # Start the empty LDAP server
    ibmslapd

    ....and hey presto, the ibmslapd starts. As far as I can tell, I now
    have a very clean, empty LDAP server. So now I need to create the
    directory tree where the users' login information goes. According to
    Yantian Tom Lu, Ph.D, in his document "Configuring an IBM Directory
    Server for User Authentication and Management in AIX"

    > There are cases when an IBM Directory server has
    > been setup and running and one wants to configure
    > the server for user authentication purpose. Still,
    > mksecldap is your friend. The mksecldap command
    > will not create new database in this case, rather, it will
    > use the existing database.


    With friends like that... I run the following command:

    mksecldap \
    -s \
    -a 'cn=root,dc=utopia,dc=johnguest,dc=com' \
    -p 'p@ssw0rd' \
    -d 'dc=utopia,dc=johnguest,dc=com' \
    -u NONE \
    -S rfc2307aix

    And this mumbles something about chmod: /home/ldapdb2 being out of
    bounds, then buggers up the LDAP server, so that it fails to connect
    to the database with the following error messages:

    ==========
    Plugin of type EXTENDEDOP is successfully loaded from libevent.a.
    Plugin of type DATABASE is successfully loaded from /lib/libback-
    config.a.
    Error code -1 from odbc string:" SQLAllocEnv " .
    Failed to initialize be_config.
    Error encountered. Server starting in configuration only mode.
    ==========

    At which point I restore a system backup and can try again. I am sure
    I'm leaving out something essential, but I cannot figure out what it
    is... HELP!!1!

    Now I have had the advice to try ITDS 6.0 instead (Hi Alex!), but I
    can't find the documentation I need and anyway it's a payable extra.
    So I'm stuck with AIX 5.3 and everything that comes with it or can be
    downloaded for free.

    And I haven't even started yet to try and make this thing play nice
    with Samba... I'm still hoping to build my AIX-based PDC so I can
    support all known operating systems from my AIX-based management
    server.

    Yours in hope,
    Menno Willemse


  2. Re: LDAP on AIX - the continuing tragedy...

    On 15 Feb., 17:56, "Menno Willemse" wrote:
    > Oh fellow AIXers,
    >
    > A while back I reported on the success I had configuring a rather
    > simple LDAP server on AIX. All it needs to do is spoon out passwords
    > to everybody who asks. And for weeks on end it ran without fail,
    > whereupon it shat itself afer a reboot. My Test/Dev domain has been
    > without LDAP since.
    >
    > Now I do have one NON-NEGOTIABLE requirement: LDAP must keep its
    > filthy mitts out of /home, because that is reserved, surprisingly, for
    > users' home directories. It lives on an NFS server, and is accessed
    > using the automounter. Putting a symlink there is Not Possible. I have
    > also tried, and failed, to mount a local directory using the
    > Automounter, so /home is a no-go area for authentication servers.
    > Period.
    >
    > This rules out using mksecldap for the whole of the operation, because
    > that piece of shi^H^Hoftware actually assumes not only that I want to
    > put DB2 databases in ldapdb2's home directory, but also that that home
    > directory is /home/ldapdb2. It is actually HARD-CODED in the script.
    > After a week of installing, reinstalling, browsing the Usenet groups,
    > perusing IBM-style documentation in dozens of PDFs, I want to meet the
    > maker of that program. In a dark alley. With no witnesses.
    >
    > I am now turning to the Community At Large, asking what I'm doing
    > wrong. This is the procedure, more or less in script form, though I
    > type in the commands as you see them:
    >
    > #----------------------------------------------------------------------
    > # STARTING POINT: Freshly installed AIX 5.3 system. TL5, SP5.
    > #----------------------------------------------------------------------
    >
    > #----------------------------------------------------------------------
    > # STAGE ONE: INSTALLING AND STARTING THE SERVER
    > #----------------------------------------------------------------------
    >
    > # Make the users and groups
    > mkgroup id=30006 ldap
    > mkgroup id=30007 users=root dbsysadm
    > mkuser id=30002 pgrp=ldap groups=ldap umask=002 home=/local/data/ldap/
    > ldap \
    > gecos="Lightweight Directory Access Protocol administrative
    > user" ldap
    > mkuser id=30003 pgrp=dbsysadm groups=ldap umask=002 \
    > home=/local/data/ldap/ldapdb2 \
    > gecos="LDAP DB2 database administrator" ldapdb2
    >
    > # Set passwords on non-personal accounts to p@ssw0rd
    > # - security is overrated anyway.
    > passwd ldap;pwdadm -c ldap
    > passwd ldapdb2;pwdadm -c ldapdb2
    >
    > # Found this in a post somewhere...
    > chmod 775 /local/data/ldap/ldapdb2
    >
    > # DB2 likes async I/O.
    > chdev -l aio0 -a autoconfig=available
    > mkdev -l aio0
    >
    > # Install the requisite software
    > installp -acgXYd /data/sw/AIX/aix53/latest \
    > db2_08_01.ca db2_08_01.cc db2_08_01.cj \
    > db2_08_01.client db2_08_01.cnvucs db2_08_01.conn
    > db2_08_01.conv \
    > db2_08_01.cs.rte db2_08_01.das db2_08_01.db2.engn
    > db2_08_01.db2.rte \
    > db2_08_01.db2.samples db2_08_01.essg db2_08_01.icuc
    > db2_08_01.icut \
    > db2_08_01.jdbc db2_08_01.ldap \
    > db2_08_01.msg.en_US.iso88591 db2_08_01.pext db2_08_01.repl \
    > db2_08_01.sqlproc ldap.client.adt ldap.client.rte
    > ldap.server.cfg \
    > ldap.server.com ldap.server.java ldap.server.rte \
    > X11.apps.config
    > # X11.apps.config is just so I can ssh -X to the box, and run ldapxcfg
    >
    > # Reboot the server here...
    > reboot
    > #----------------------------------------------------------------------
    >
    > # License the DB2 server for LDAP
    > /usr/opt/db2_08_01/adm/db2licm -a /usr/ldap/etc/ldap-custom-db2ese.lic
    >
    > # Pre-configure the LDAP server
    > export LDAP_DBG=1
    > cd /tmp
    >
    > ldapcfg \
    > -u 'cn=root,dc=utopia,dc=johnguest,dc=com' \
    > -p 'p@ssw0rd' \
    > -n
    >
    > # Build an empty LDAP server
    > ldapcfg \
    > -a ldapdb2 \
    > -w 'p@ssw0rd' \
    > -c \
    > -i \
    > -o \
    > -l /local/data/ldap/ldapdb2 \
    > -d ldapdb2 \
    > -t ldapdb2 \
    > -n
    >
    > # Found this in another post and it can't hurt...
    > chmod 775 /local/data/ldap/ldapdb2/ldap32kcont_ldapdb2
    >
    > # Start the empty LDAP server
    > ibmslapd
    >
    > ...and hey presto, the ibmslapd starts. As far as I can tell, I now
    > have a very clean, empty LDAP server. So now I need to create the
    > directory tree where the users' login information goes. According to
    > Yantian Tom Lu, Ph.D, in his document "Configuring an IBM Directory
    > Server for User Authentication and Management in AIX"
    >
    > > There are cases when an IBM Directory server has
    > > been setup and running and one wants to configure
    > > the server for user authentication purpose. Still,
    > > mksecldap is your friend. The mksecldap command
    > > will not create new database in this case, rather, it will
    > > use the existing database.

    >
    > With friends like that... I run the following command:
    >
    > mksecldap \
    > -s \
    > -a 'cn=root,dc=utopia,dc=johnguest,dc=com' \
    > -p 'p@ssw0rd' \
    > -d 'dc=utopia,dc=johnguest,dc=com' \
    > -u NONE \
    > -S rfc2307aix
    >
    > And this mumbles something about chmod: /home/ldapdb2 being out of
    > bounds, then buggers up the LDAP server, so that it fails to connect
    > to the database with the following error messages:
    >
    > ==========
    > Plugin of type EXTENDEDOP is successfully loaded from libevent.a.
    > Plugin of type DATABASE is successfully loaded from /lib/libback-
    > config.a.
    > Error code -1 from odbc string:" SQLAllocEnv " .
    > Failed to initialize be_config.
    > Error encountered. Server starting in configuration only mode.
    > ==========
    >
    > At which point I restore a system backup and can try again. I am sure
    > I'm leaving out something essential, but I cannot figure out what it
    > is... HELP!!1!
    >
    > Now I have had the advice to try ITDS 6.0 instead (Hi Alex!), but I
    > can't find the documentation I need and anyway it's a payable extra.
    > So I'm stuck with AIX 5.3 and everything that comes with it or can be
    > downloaded for free.
    >
    > And I haven't even started yet to try and make this thing play nice
    > with Samba... I'm still hoping to build my AIX-based PDC so I can
    > support all known operating systems from my AIX-based management
    > server.
    >
    > Yours in hope,
    > Menno Willemse



    Have you read tech note:
    Technote (FAQ)
    On UNIX systems you cannot configure the database in a location other
    than /home when /home is an NFS mount

    Problem
    Steps to manually configure the database in a location other than /
    home, when /home is an NFS mount.

    http://www-1.ibm.com/support/docview...&cc=us&lang=en

    hth
    Hajo


  3. Re: LDAP on AIX - the continuing tragedy...

    On Feb 15, 10:44 pm, "Hajo Ehlers" wrote:
    > Have you read tech note:
    > Technote (FAQ)
    > On UNIX systems you cannot configure the database in a location other
    > than /home when /home is an NFS mount
    >
    > Problem
    > Steps to manually configure the database in a location other than /
    > home, when /home is an NFS mount.


    http://www-1.ibm.com/support/docview...&cc=us&lang=en

    Well, I just tried doing it their way:

    #----------------------------------------------------------------------
    # STAGE THREE-A: PRE-CONFIGURING THE DATABASE - THE WAY OF THE BARE
    HAND
    #----------------------------------------------------------------------

    /usr/ldap/db2/instance/db2icrt -u ldapdb2 ldapdb2
    cp /etc/services /etc/services.PRE-LDAP
    echo "ldapdb2svc 3700/tcp" >> /etc/services
    echo "ldapdb2svci 3701/tcp" >> /etc/services

    # SWITCH TO THE LDAPDB2 ACCOUNT HERE
    su - ldapdb2

    # Create the database and set its tuning parameters
    db2 create db ldapdb2 on ~ldapdb2 using codeset UTF-8
    db2empfa ldapdb2
    db2 update db cfg for ldapdb2 using applheapsz 4096
    db2 update db cfg for ldapdb2 using pckcachesz 720

    # Update the database for local loopback connections
    db2 update dbm cfg using SVCENAME ldapdb2svc
    db2 catalog tcpip node ldapdb2n remote localhost server ldapdb2svc
    db2 catalog db ldapdb2 as ldapdb2b at node ldapdb2n authentication
    server
    db2set DB2COMM=TCPIP

    # Restart the DB2 server to enable happiness
    db2stop
    db2start

    # Add the following to the /usr/ldap/etc/ibmslapd.conf
    # At the end of the stanza that starts:
    # dn: cn=Directory,cn=RDBM Backends

    # mrw added these
    ibm-slapdDbInstance: ldapdb2
    ibm-slapdDbAlias: ldapdb2b
    ibm-slapdDbUserId: ldapdb2
    ibm-slapdDbName: ldapdb2
    ibm-slapdDbUserPw: p@ssw0rd
    ibm-slapdDbLocation: /local/data/ldap/ldapdb2
    ibm-slapdSetEnv: DB2CP=1208
    # End of mrw additions

    Now that last line it told me to uncomment rather than add, but I
    couldn't find it. I then added the administrator account to the LDAP
    config as shown here:

    ldapcfg \
    -u 'cn=root,dc=utopia,dc=johnguest,dc=com' \
    -p 'Z@rqu0n' \
    -n

    And tried to start ibmslapd, which failed in a slightly different way
    this time:

    Plugin of type DATABASE is successfully loaded from /lib/libback-
    config.a.
    Error code -2 from odbc string:" SQLTransact " .
    Failed to initialize be_config.
    Error encountered. Server starting in configuration only mode.

    Mind you, previously I hadn't added ldap to the dbsysadm group, so
    maybe that's worth trying. Will report on any progress.

    Cheers,
    Menno


  4. Re: LDAP on AIX - the continuing tragedy...

    Well, that went up like a lead balloon.

    - Standard install of AIX 5.3.

    - mksecldap -s \
    -a 'cn=root,dc=utopia,dc=johnguest,dc=com' \
    -p 'p@ssw0rd' \
    -S RFC2307AIX \
    -d 'dc=utopia,dc=johnguest,dc=com' \
    -u NONE

    Forget about putting the database somewhere sensible. Forget about pre-
    configuring databases. The *only* thing I did was pre-create the users
    WITH the correct group memberships.

    End result:

    Plugin of type EXTENDEDOP is successfully loaded from libevent.a.
    Plugin of type DATABASE is successfully loaded from /lib/libback-
    config.a.
    Error code -1 from odbc string:" SQLAllocEnv " .
    Failed to initialize be_config.
    Error encountered. Server starting in configuration only mode.
    Plugin of type EXTENDEDOP is successfully loaded from libloga.a.
    Non-SSL port initialized to 389.

    And no working LDAP server. My opinion on this is not fit for polite
    company.


  5. Re: LDAP on AIX - the continuing tragedy...

    On 16 Feb., 17:45, "Menno Willemse" wrote:
    > Well, that went up like a lead balloon.
    >
    > - Standard install of AIX 5.3.
    >
    > - mksecldap -s \
    > -a 'cn=root,dc=utopia,dc=johnguest,dc=com' \
    > -p 'p@ssw0rd' \
    > -S RFC2307AIX \
    > -d 'dc=utopia,dc=johnguest,dc=com' \
    > -u NONE
    >
    > Forget about putting the database somewhere sensible. Forget about pre-
    > configuring databases. The *only* thing I did was pre-create the users
    > WITH the correct group memberships.
    >
    > End result:
    >
    > Plugin of type EXTENDEDOP is successfully loaded from libevent.a.
    > Plugin of type DATABASE is successfully loaded from /lib/libback-
    > config.a.
    > Error code -1 from odbc string:" SQLAllocEnv " .
    > Failed to initialize be_config.
    > Error encountered. Server starting in configuration only mode.
    > Plugin of type EXTENDEDOP is successfully loaded from libloga.a.
    > Non-SSL port initialized to 389.
    >
    > And no working LDAP server. My opinion on this is not fit for polite
    > company.


    IBM say about this error:

    http://www-1.ibm.com/support/docview...id=swg21172734

    meaning more or less you are using the wrong db2 version . Have you
    update any db2 version ?

    regards
    Hajo


  6. Re: LDAP on AIX - the continuing tragedy...

    On Feb 17, 3:56 pm, "Hajo Ehlers" wrote:
    > On 16 Feb., 17:45, "Menno Willemse" wrote:
    >
    > > Well, that went up like a lead balloon.

    >
    > > - Standard install of AIX 5.3.

    >
    > > - mksecldap -s \
    > > -a 'cn=root,dc=utopia,dc=johnguest,dc=com' \
    > > -p 'p@ssw0rd' \
    > > -S RFC2307AIX \
    > > -d 'dc=utopia,dc=johnguest,dc=com' \
    > > -u NONE

    >
    > > Forget about putting the database somewhere sensible. Forget about pre-
    > > configuring databases. The *only* thing I did was pre-create the users
    > > WITH the correct group memberships.

    >
    > > End result:

    >
    > > Plugin of type EXTENDEDOP is successfully loaded from libevent.a.
    > > Plugin of type DATABASE is successfully loaded from /lib/libback-
    > > config.a.
    > > Error code -1 from odbc string:" SQLAllocEnv " .
    > > Failed to initialize be_config.
    > > Error encountered. Server starting in configuration only mode.
    > > Plugin of type EXTENDEDOP is successfully loaded from libloga.a.
    > > Non-SSL port initialized to 389.

    >
    > > And no working LDAP server. My opinion on this is not fit for polite
    > > company.

    >
    > IBM say about this error:
    >
    > http://www-1.ibm.com/support/docview...id=swg21172734
    >
    > meaning more or less you are using the wrong db2 version . Have you
    > update any db2 version ?
    >
    > regards
    > Hajo


    apparently this is useful too
    http://www-128.ibm.com/developerwork...ndex.html#main


  7. Re: LDAP on AIX - the continuing tragedy...

    Hi Hajo and Henry,

    Help is much appreciated. (Especially since IBM has seen fit to move
    my TCP/IP course to July. It never rains, but it pours).

    On Feb 18, 8:02 pm, "Henry" wrote:
    > On Feb 17, 3:56 pm, "Hajo Ehlers" wrote:
    > > On 16 Feb., 17:45, "Menno Willemse" wrote:

    >
    > > > Well, that went up like a lead balloon.

    >
    > > > - Standard install of AIX 5.3.

    >
    > > > - mksecldap -s \
    > > > -a 'cn=root,dc=utopia,dc=johnguest,dc=com' \
    > > > -p 'p@ssw0rd' \
    > > > -S RFC2307AIX \
    > > > -d 'dc=utopia,dc=johnguest,dc=com' \
    > > > -u NONE

    >
    > > > Forget about putting the database somewhere sensible. Forget about pre-
    > > > configuring databases. The *only* thing I did was pre-create the users
    > > > WITH the correct group memberships.

    >
    > > > End result:

    >
    > > > Plugin of type EXTENDEDOP is successfully loaded from libevent.a.
    > > > Plugin of type DATABASE is successfully loaded from /lib/libback-
    > > > config.a.
    > > > Error code -1 from odbc string:" SQLAllocEnv " .
    > > > Failed to initialize be_config.
    > > > Error encountered. Server starting in configuration only mode.
    > > > Plugin of type EXTENDEDOP is successfully loaded from libloga.a.
    > > > Non-SSL port initialized to 389.

    >
    > > > And no working LDAP server. My opinion on this is not fit for polite
    > > > company.

    >
    > > IBM say about this error:

    >
    > >http://www-1.ibm.com/support/docview...id=swg21172734

    >
    > > meaning more or less you are using the wrong db2 version . Have you
    > > update any db2 version ?

    >
    > > regards
    > > Hajo

    >
    > apparently this is useful toohttp://www-128.ibm.com/developerworks/db2/library/techarticle/dm-0407...


    Responding to both:

    ldapsearch -h ldap.acme.com "objectClass=*"
    # lslpp -L |grep db2
    db2_08_01.ca 8.1.1.16 C F Configuration
    Assistant
    db2_08_01.cc 8.1.1.16 C F Control Center
    db2_08_01.ch.en_US.iso88591
    db2_08_01.cj 8.1.1.16 C F Java Common files
    db2_08_01.client 8.1.1.16 C F Base Client
    Support
    db2_08_01.cnvucs 8.1.1.16 C F Code Page
    Conversion Tables -
    db2_08_01.conn 8.1.1.16 C F Connect Support
    db2_08_01.conv 8.1.1.16 C F Code Page
    Conversion Tables
    db2_08_01.cs.rte 8.1.1.16 C F Communication
    Support - TCP/IP
    db2_08_01.das 8.1.1.16 C F Administration
    Server
    db2_08_01.db2.engn 8.1.1.16 C F Base DB2 UDB
    Support
    db2_08_01.db2.rte 8.1.1.16 C F Run-time
    Environment
    db2_08_01.db2.samples 8.1.1.16 C F Sample Database
    Source
    db2_08_01.essg 8.1.1.16 C F Product Signature
    for DB2 UDB
    db2_08_01.icuc 8.1.1.16 C F ICU Collation
    db2_08_01.icut 8.1.1.16 C F ICU Utilities
    db2_08_01.jdbc 8.1.1.16 C F Java Support
    db2_08_01.jhlp.en_US.iso88591
    db2_08_01.ldap 8.1.1.16 C F DB2 LDAP Support
    db2_08_01.msg.en_US.iso88591
    db2_08_01.pext 8.1.1.16 C F Parallel Extension
    db2_08_01.repl 8.1.1.16 C F Replication
    db2_08_01.sqlproc 8.1.1.16 C F SQL Procedures

    This is what came with AIX 5.3, TL5, SP5. I could try to find a more
    recent one, but this one is pretty high up already. The move database
    utility could be useful, but only if I can't create the database in
    the right place in the first place.

    As far as I can tell with ldapsearch, I do get a functional LDAP
    server, all that needs doing is to populate it with my domain
    information. But when I try doing that with mksecldap the database
    ceases to function. I could try upgrading my DB2 to a more recent
    version if there is one. Will tell you if this has any good results.

    Cheers,
    Menno.


  8. Re: LDAP on AIX - the continuing tragedy...

    Hello World,

    Right. Did a fresh install again - this time with DB2 8.1.1.80. Same
    result. I get a running empty ldap server, then mksecldap buggers it
    up and it won't start anymore. Same messages as above.

    Theoretically, It might be something to do with my installation, so I
    could try a reinstall from BOS rather than from my standard mksysb.
    But I don't believe that is it.

    This should just work, dammit!

    Cheers,
    Menno


  9. Re: LDAP on AIX - the continuing tragedy...

    Hello World,

    Okay... I've just found an efix that could solve the problem because
    one of the APARs in it describes the problem accurately enough:

    http://www-1.ibm.com/support/docview...=utf-8&lang=en

    Unfortunately the install script that comes with it... doesn't work
    properly. So now I'll reinstall the machine yet again, install the
    requisite software, then BEFORE configuring it any further or even
    rebooting, apply the efix. This should keep the file free. Will report
    on progress.

    So where would one normally download ldap.server PTFs? They aren't in
    the Quick Links for AIX Fixes page.

    Cheers,
    Menno "Seriously considering NIS" Willemse


  10. Re: LDAP on AIX - the continuing tragedy...

    On Feb 19, 5:05 pm, "Menno Willemse" wrote:
    > Hello World,
    >
    > Okay... I've just found an efix that could solve the problem because
    > one of the APARs in it describes the problem accurately enough:


    Aaaand...

    Error code -1 from odbc string:" SQLAllocEnv " .

    Bugger this for a lark. LDAP was never meant to work on AIX. Does
    anyone have an idea on how to add the aix bit in rfc2307aix to
    OpenLDAP?



  11. Re: LDAP on AIX - the continuing tragedy...

    On Feb 19, 5:37 pm, "Menno Willemse" wrote:
    > Bugger this for a lark. LDAP was never meant to work on AIX. Does
    > anyone have an idea on how to add the aix bit in rfc2307aix to
    > OpenLDAP?


    Post-script - Just installed a server fresh with no modifications at
    all. AIX up to the max level. I let mksecldap set everything up
    itself.

    It bombed.

    I think this one is over to IBM - go fix your program.

    And I used to *LIKE* IBM software.

    CHeers,
    Menno


+ Reply to Thread