LDS feed not connecting to IDM Prov Server: TSSLDS ACID defined with KEYRING CALDAP
search cancel

LDS feed not connecting to IDM Prov Server: TSSLDS ACID defined with KEYRING CALDAP

book

Article ID: 368639

calendar_today

Updated On:

Products

CA Identity Suite

Issue/Introduction

When trying to make CA TopSecret LDS feed send updates on IDM provisioning server at port 20390, the connection is failing. 

 

ERROR:

We are getting ‘LDAP Server Down’ return code when the LDS feed tries to connect.  Can you confirm that you have a CAIDM server that is up and listening on URL LDAPS://caidm-tss-dev.test,sample:20390

 

CONNECT URL(LDAPS://caidm-tss-dev.test,sample:20390),                            

CAS2372E LDS Connect failed. RC: 51 LDAP Node: IMDEVURL: LDAPS://caidm-tss-dev.test.sample:20390

 

CAS2372E RC51 = LDAP_SERVER_DOWN

 

*Connection failed with LDAP:// or LDAPS://

 

Cause

A code fix is required for Top Secret for z/OS.

 

Resolution

Apply PTF to Top Secret:

PTF LU10336

 

The following items are included in this solution:
 
1. LDS WITH AT-TLS RETURNS ZEROS FOR ENVR OBJECT
 
2. PTF LU10336 CAUSES A PROBLEM FOR RACROUTE AUTH STATUS=ACCESS
 
=============================================================================
 
LDS WITH AT-TLS RETURNS ZEROS FOR ENVR OBJECT
 
PROBLEM DESCRIPTION:
Setting up an SSL for LDS with AT-TLS fails.
 
SYMPTOMS:
TLS/SSL connect using AT-TLS fails due to an invalid empty Envir object
being returned on a RACROUTE REQUEST=EXTRACT TYPE=ENVRXTR, when issued
under the LDS address space.
 
IMPACT:
AT-TLS fails the connection.
 
CIRCUMVENTION:
N/A
 
PRODUCT(S) AFFECTED:
Top Secret for z/OS                                          Version 16.0
 
=============================================================================
 
PTF LU10336 CAUSES A PROBLEM FOR RACROUTE AUTH STATUS=ACCESS
 
PROBLEM DESCRIPTION:
With LU10336 applied, RACROUTE REQUEST=AUTH STATUS=ACCESS checks may
receive return codes that lead to resource denials through an
application's processing.  Top Secret does not output error messages
to alert you of the resource access denial.
With LU10336 applied, the application may receive RSN Code 0 (No Access)
when higher level access is actually permitted by Top Secret.
The application type and how that application reacts to the incorrect
RSN Code 0 could cause a serious problem.

Additional Information

For further support with the above issue please open a support case with the TSS/Mainframe team for the Top Secret for z/OS component.

Powered by Wolken Software