Ldap seems not to accept a Passphrase
search cancel

Ldap seems not to accept a Passphrase


Article ID: 232280


Updated On:


Top Secret



When using passphrases (Upper/lower case, special characters including blanks) on the mainframe.
Security system is TSS 16.0

LDAPTEST Job using a passphrase containing blanks ends with RC=2048 which is the same when password is incorrect.

Documentation says that LDAP should work with TSS settings.


Release : 16.0

Component : CA LDAP Server


Using the BPXBATCH utility and there is a way to accomplish passing a space for passphrase by modifying the syntax of the JCL.

There are 3 things that will need to change:

1. Change the JCL to use STDPARM instead of the PARM field.
2. In the STDPARM, specify SH instead of PGM
3. Create a shell script in USS to invoke the ldapsearch utility. 

For example reference the below JCL

//LDAPTST JOB (XXXXXX),'LDAP TEST',                  
//         NOTIFY=&SYSUID                               
//LDAPTST EXEC PGM=BPXBATCH                             
//STDERR   DD SYSOUT=*                                  
//STDOUT   DD SYSOUT=*                                  
//STDPARM DD *                                          
SH /u/caldap/ldptst.sh                         
-u USER01                                              
-w "This is a long phrase with space"                   
-h HOSTNAME                             
-p 389                                                  
-f /u/caldap/IVP.log                     

And for the ldptst.sh script, you will need to have the following:

export LIBPATH=/u/caldap/:$LIBPATH
./ldaptest "[email protected]"