Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

AIX 6.1 LDAP client for naming services

701 views
Skip to first unread message

Bernd Nies

unread,
Sep 11, 2009, 6:57:43 AM9/11/09
to
Hi,

We have AIX 5.3 systems using LDAP client for naming services. I
configured them as follows:

# geninstall -I Y -d /mnt/5.3/5300-05/cd4 I:ldap.client
# mksecldap -c \
-h ldapserver.example.com \
-a cn=proxyagent,dc=example,dc=com \
-p secret \
-d dc=example,dc=com
# vi /etc/security/user

default:
[...]
SYSTEM = LDAP
[...]

root:
admin = true
SYSTEM = files
registry = files
loginretries = 0
account_locked = false
[...]

# lsuser bernd
bernd id=3031 pgrp=staff groups=staff,syseng home=/home/bernd shell=/
bin/bash gecos=Bernd Nies login=true su=true rlogin=true daemon=true
admin=false sugroups=ALL admgroups= tpath=nosak ttys=ALL expires=0
auth1=SYSTEM auth2=NONE umask=22 registry=LDAP SYSTEM=compat
logintimes= loginretries=0 pwdwarntime=0 account_locked=false minage=0
maxage=0 maxexpired=-1 minalpha=0 minother=0 mindiff=0 maxrepeats=8
minlen=0 histexpire=0 histsize=0 pwdchecks= dictionlist=
default_roles= fsize=2097151 cpu=-1 data=262144 stack=65536
core=2097151 rss=65536 nofiles=2000 roles=

This worked fine so far.

In AIX 6.1 things seem to have changed. There is no ldap.client
fileset any more. I tried to install the IDS LDAP client.

# geninstall -I Y -d /mnt/6.1/6100-03-01/cd5 I:idsldap.cltbase61 #
AIX 6.1
# geninstall -I Y -d /mnt/6.1/6100-03-01/cd5 I:idsldap.clt64bit61 #
AIX 6.1
# /opt/IBM/ldap/V6.1/bin/idslink -i -l 64

But then mksecldap complains for missing fileset:

# mksecldap -c \
-h ldapserver.example.com \
-a cn=proxyagent,dc=example,dc=com \
-p secret \
-d dc=example,dc=com
mksecldap: ldap.client.rte version 3.2 or higher is not installed.
Client presetup check failed.

The IBM doc for AIX 6.1 seems not be updated in this part. [1,2] They
still talk about AIX 5.3:
The "IBM AIX Version 6.1 Differences Guide" [3] also doesn't give a
clue about how LDAP client initialization should work. However, I
could install the fileset from the AIX 5.3 CD's and see the LDAP users
but I doubt that this is the correct solution.

Any ideas? We have AIX support from IBM but they are unable to find
our contract so I cannot bug an IBM technician for this. ;-)

Best regards and thanks in advance.
Bernd


[1] http://publib.boulder.ibm.com/infocenter/systems/index.jsp?topic=/com.ibm.aix.security/doc/security/ldap_client_setup.htm
[2] http://www-01.ibm.com/support/docview.wss?uid=isg1IZ52554
[3] http://www.redbooks.ibm.com/abstracts/SG247559.html?Open

Uwe Auer

unread,
Sep 11, 2009, 1:02:21 PM9/11/09
to
Bernd Nies schrieb:

Hi

did you go to AIX 6.1 level by migrating from AIX 5.3 ?
If yes - do you have some remainders of old ldap.client which has been
neither migrated nor deinstalled (lslpp -Lc ldap.client.\* )?


Regards,
Uwe Auer

Message has been deleted

Bernd Nies

unread,
Sep 14, 2009, 1:22:00 AM9/14/09
to
Hi Uwe,

> did you go to AIX 6.1 level by migrating from AIX 5.3 ?
> If yes - do you have some remainders of old ldap.client which has been
> neither migrated nor deinstalled  (lslpp -Lc ldap.client.\* )?

No, it's a plain fresh install of AIX 6.1 TL 6100-03-1 in a new LPAR
from CD.

bash-3.2# lslpp -l | grep -i ldap
idsldap.clt64bit61.rte 6.1.0.17 COMMITTED Directory Server - 64
bit
idsldap.cltbase61.adt 6.1.0.17 COMMITTED Directory Server -
Base Client
idsldap.cltbase61.rte 6.1.0.17 COMMITTED Directory Server -
Base Client
idsldap.clt64bit61.rte 6.1.0.17 COMMITTED Directory Server - 64
bit
idsldap.cltbase61.rte 6.1.0.17 COMMITTED Directory Server -
Base Client

Regards,
Bernd

Uwe Auer

unread,
Sep 14, 2009, 12:45:32 PM9/14/09
to
Bernd Nies schrieb:

Hi,

do not see "idsldap.clt32bit61.rte"; secldapclntd is a 32 bit application.

Please install 32bit client and check whether message is gone.

Regards,
Uwe Auer

Bernd Nies

unread,
Sep 15, 2009, 2:50:44 AM9/15/09
to
Hi Uwe,

Thanks. It works now.

Confusing that a 32bit client version is required on a 64bit system. I
thought this package should only be chosen on 32bit platforms.

bash-3.2# bootinfo -K
64
bash-3.2# lslpp -l | grep ldap
idsldap.clt32bit61.rte 6.1.0.17 COMMITTED Directory Server - 32
bit


idsldap.clt64bit61.rte 6.1.0.17 COMMITTED Directory Server - 64
bit
idsldap.cltbase61.adt 6.1.0.17 COMMITTED Directory Server -
Base Client
idsldap.cltbase61.rte 6.1.0.17 COMMITTED Directory Server -
Base Client

idsldap.clt32bit61.rte 6.1.0.17 COMMITTED Directory Server - 32
bit


idsldap.clt64bit61.rte 6.1.0.17 COMMITTED Directory Server - 64
bit
idsldap.cltbase61.rte 6.1.0.17 COMMITTED Directory Server -
Base Client

Best regards,
Bernd

0 new messages