Change LDAP Node Password when Top Secret ACID Password Is Changed
Article ID: 219596
Updated On:
Products
Issue/Introduction
It is time to change the password on a service account ACID. This ACID is also used in an LDAPNODE definition in the NDT.
1) What is the difference between the account password and the LDAPNODE password?
2) Do the account and LDAPNODE passwords both need to be changed?
3) Are there any known issues with changing the LDAPNODE password?
Environment
Release : 16.0
Component : CA Top Secret for z/OS
Resolution
1) The account password is the password on the ACID.
The LDAP node password (ADMPSWD in the LDAPNODE definition in the NDT) is the password of the LDAP administrator acid that is used in when binding to the LDAP server. (The LDAP administrator is a Top Secret admin acid that needs the admin authority for the TSS command to be issued on the remote node(s). If this acid doesn’t have the proper TSS admin authority, the TSS command will fail.)
2) Yes, since the account acid is the same as the LDAP administrator acid, it can only have one password and it must be the same in both places (the ACID's password and the ADMPSWD in the LDAPNODE entry in the NDT).
3) At this time there are no reported problems when changing the LDAP node password. Any queries that specify the LDAP admin password will need to be updated with the new password. For example:
ldapsearch -x -D cn=admuser -w admpswd -h hostname -p 389 -s one -b "tssadmingrp=acids,host=xxxx,o=yyy,c=zz" (tssacid=H*)
Feedback
