Description:
When opening the Mainframe Security endpoint property tabs (of CA-ACF2 or CA-Top Secret), and then clicking on "Get Suffixes" button the system does not retrieve values into the combo list, but returns the following message box:
"Searching the mainframe LDAP Server failed, rc=0. Please verify that the IP and port information is correct. Also ensure you have the latest LDAP server and maintenance installed and re-try."
Explanation:
With CA LDAP Server for z/OS R14 installed , to get suffixes, IM Mainframe connector performs an anonymous one level search against the LDAP server. It is searching using "cn=config" as Base DN with "objectClass=olcDatabaseConfig" search filter, it then loops through attributes to find the "olcSuffix" value when the naming mode is "im".
Here, the request has not failed (rc=0) but no object, with a suffix value and a naming mode set to "im", has been found.
Troubleshooting:
Try running this LDAP request against IMPS from command line as shown on the example below:: (ACF2 e.g.)
CA\Identity Manager\Provisioning Server\bin>ldapsearch -LLL -h <HOST> -p <PORT>
-D cn=<USER> -w <PASWORD> -b cn=config -s one
(objectClass=olcDatabaseConfig) olcSuffix acfHostNamingMode
Note: (For TSS: change acfHostNamingMode to tssHostNamingMode)
Check if you have one resulting record with acfHostNamingMode set to im (ACF2 e.g.)
Note: the second entry deals with the "im" naming mode.
If this entry is missing you will receive the error previously described.
The search request should return lines as following:
dn: olcDatabase={1} caacf2_utf,cn=config
olcSuffix: host=xxxxxxxx,o=yyyyyyyy,c=zzzzzzzz
dn: olcDatabase={2} caacf2_utf,cn=config
olcSuffix: host= xxxxxxxx _im,o=yyyyyyyy,c=zzzzzzzz
acfHostNamingMode: im
Note: Running slapd in debug mode (e.g. : slapd -d 5 -f ./slapd.conf) will not provide pertinent info since there is no failure(slapd returns code 0).
Solution:
Configure the database statement for the CA LDAP Server to run as CA Web Administrator mode.
To do that please follow this 2 steps procedure below:
(Documentation references here come from CA LDAP Server for z/OS Product Guide r14)