ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Adding Profile with LDAP No Longer Work with LDAP r14.0

book

Article ID: 51282

calendar_today

Updated On:

Products

ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC 24X7 High-Availability Manager for DB2 for z/OS Batch Processor Compile QQF Data Compressor for DB2 for z/OS CA Unicenter NSM RC/Update for DB2 for z/OS DB2 TOOLS- DATABASE MISC Top Secret Top Secret - LDAP

Issue/Introduction

Description:

Using the same LDAP command with the same LDIF file to add a profile to an acid works with CA LDAP r12.0 and fails with CA LDAP r14.0

The LDAP command is as follows:

ldapmodify -x -D cn=User_Authorized -w Password -v -h Ip_Address p Port_Number -f Ldif_File

The LDIF file is as follows:

dn:tssproflist=#PROFID,tssacidgrp=proflist,tssacid=ACIDNAME,tssadmingrp=acids,host=hostname
changetype: add
Profile-Names: #PROFID

Solution:

A number of changes to CA LDAP Server in r14 have been made in order to better conform to the LDAP protocol specifications.
The LDAP protocol requires that the following characters be escaped when they appear in DNs:

, \ # + < > ; " =

In LDAP r12 we largely ignored this requirement, so the LDIF, while technically invalid, was accepted without complaint.
LDAP r14 does much stricter checking on the content of the DN, and so it rejects this request.

You can escape special characters by prefixing them with the \ character.
LDIF file needs to be changed from:

dn: tssproflist=#PROFID,tssacidgrp=proflist,... (snipped)

to

dn: tssproflist=\#PROFID,tssacidgrp=proflist,... (snipped)

Environment

Release:
Component: TSSLDP