After adding a MFA segment to acids that are used on TSO, their signons fail when signing on to CA LDAP.
Release : 16.0
Component : CA LDAP SERVER FOR Z/OS
Ldap has an option called:
enableMultiFactor
This needs to be enabled in the slapd configuration file. Has this been turned on?
Here is the relevant info from the LDAP document.
enableMultiFactor (optional) Prohibits reuse of single use tokens by the CA LDAP Server. By default, the CA LDAP Server issues RACROUTE VERIFY calls to create ACEE’s when needed. The console F LDAP151,STATUS output displays the configuration value as “Enable MulFactor Yes” or Enable MulFactor No”. Default: Not enabled. Example: enableMultiFactor