* A suspected update to Top Secret has introduced failures within the TSS LDAP connector.
* Creating a user via the TSS LDAP now fails to add the "OMVS-Dflt-Group".
ex: TSS ADDTO(<acid?) PROFILE(PDDOEGRP)
The following TSS LDAP errors occur:
"Error while adding OMVS-Dflt-Group attribute to user 'tssacid=acid,tssadmingrp=acids,host=host,o=thebank,c=us'
Message: [LDAP: error code 80 - LDP2004E Error issuing command with R_Admin, function=1, SAF=8, RACF=16, reason=8(TSS0353E USER ALREADY ATTACHED TO PROFILE/GROUP)]"
Release : 16.0 of Top Secret
Component : LDAP SERVER FOR Z/OS
The reason for the error is someone attempted to add the same group twice. This first time as a profile, and the second time as a group.
So the second add fails since it is already there.
First added as a profile:
[01/13|18:16:14.806880|3C15880000000004] conn=1025 op=60 do_add: dn (tssproflist=group,tssacidgrp=group,tssacid=acid,tssadmingrp=acids,host=host,o=thebank,c=us)
which causes LDAP to issue:
TSS ADDTO(acid) PROFILE(profile)
Then when it is added as the default group and fails.
TSS ADDTO(acid) GROUP(group)
The solution is to contact Sailpoint for a fix. (Fix number was not provided).
The commands to add as a Profile and Group are in the Sailpoint code and the fix is needed to change them to the correct commands.