Question:

After copying a CA LDAP install directory that has been recently refreshed with the latest maintenance, DSI fails at startup with the following in the stderr log:

2015-12-08 10:34:43,068 1449592483067010 TGDRS /Access/Access/pdSelectApp.jsp DEBUG com.ams.cacs.security.CacsProcessLogin.processLogin - entering...
2015-12-08 10:34:43,068 1449592483067010 TGDRS /Access/Access/pdSelectApp.jsp DEBUG class com.ams.cacs.security.CacsSecurityProvider.authenticateUser() - entering ...
2015-12-08 10:34:44,075 1449592483067010 TGDRS /Access/Access/pdSelectApp.jsp ERROR class com.ams.cacs.security.TGAuthenticator.DSI_JNI_Authenticate() - User: TGDRS : Failed in DSI_JNI_Authenticate.DSI_java_open(). iRetCode: 13
2015-12-08 10:34:44,075 1449592483067010 TGDRS /Access/Access/pdSelectApp.jsp ERROR class com.ams.cacs.security.TGAuthenticator.DSI_JNI_Authenticate() - User: TGDRS : Failed in DSI_JNI_Authenticate.DSI_java_close(). iRetCode: 7

Answer:

Copying the programs from one directory to another can cause the APF authorization bit to be turned off depending on the program used to copy.

It is recommended that a program that copies the files/programs with their respective attributes so as not to lose them.

Recommend using a program that will copy the file/program with its respective attribute and not lose them. The following is an example of how to check the APF attribute and turn on the APF attribute:

From OMVS:

Change to your site's CA LDAP Server installation directory containing the dll files.

  cd /u/product/your.CA.LDAP.server.directory    

Issue the USS List file command to display the extended attributes for the dll files.

  ls -lE *.dll

The attribute APF authorized must be set to YES. If it is not, use the USS extattr command to set this attribute for each DDL file. For example:

  extattr +ap filename.dll 

Issue the USS List file command to verify the the extended attributes for the dll 
files were changed.                                          

  ls -lE *.dll