CA LDAP signons fail that have MFA credentials
search cancel

CA LDAP signons fail that have MFA credentials

book

Article ID: 136927

calendar_today

Updated On:

Products

Top Secret Top Secret - LDAP

Issue/Introduction

After adding a MFA segment to acids that are used on TSO, their signons fail when signing on to CA LDAP.

Environment

Release : 16.0

Component : CA LDAP SERVER FOR Z/OS

Resolution

Ldap has an option called: 


 enableMultiFactor 


 This needs to be enabled in the slapd configuration file. Has this been turned on?  


Here is the relevant info from the LDAP document. 


 enableMultiFactor (optional) Prohibits reuse of single use tokens by the CA LDAP Server. By default, the CA LDAP Server issues RACROUTE VERIFY calls to create ACEE’s when needed. The console F LDAP151,STATUS output displays the configuration value as “Enable MulFactor Yes” or Enable MulFactor No”. Default: Not enabled. Example: enableMultiFactor