Author Topic: Trying to test CMOD LDAP on AIX with AD Windows server. (Read 2838 times)

rketterer · « **on:** August 29, 2016, 08:23:52 AM »

Two questions.
1. All of our CMOD user ID on AIX are legacy IDs from the Mainframe which don't match the AD IDs on the Windows Server.
Has anyone done a mass change/or update of CMOD IDs and passwords.
2. While testing the a connection to AD, after changing the ars.cfg file and adding an initial LDAP login to the stash file,
the connection process seems to be balking on the stash file. I there any limit, to the password length, for LDAP or AD kept in the stash file ? Thanks Rob

Justin Derrick · « **Reply #1 on:** August 29, 2016, 12:47:24 PM »

Best bet is to check the permissions on the stash file to ensure that the UserID that is running the arssockd process has the UNIX file permissions to read the stash file.

-JD.

rketterer · « **Reply #2 on:** August 29, 2016, 02:14:16 PM »

Thanks Derick, but I think the permissions are OK, it's only when I added the LADP/AD ID and password that it started having an issue. It can read the stash file, but I don't think it likes the LDAP pw or the ID .

Alessandro Perucchi · « **Reply #3 on:** September 08, 2016, 06:45:07 AM »

Quote from: rketterer on August 29, 2016, 02:14:16 PM

Thanks Derick, but I think the permissions are OK, it's only when I added the LADP/AD ID and password that it started having an issue. It can read the stash file, but I don't think it likes the LDAP pw or the ID .

Did you check that the user is correct? with all the CN=...OU=...DC=... etc??? I had sometimes problems because part of it was missing.
and did you add the LDAP user with the arsstash command with option -a 7

otherwise it will never work.
And also you need to add the stash in the ars.ini with the option SRVR_OD_STASH and restart CMOD.

Probably you did all of that! But who knows :-)

Alessandro Perucchi · « **Reply #4 on:** September 08, 2016, 06:50:05 AM »

Quote from: rketterer on August 29, 2016, 08:23:52 AM

Two questions.
1. All of our CMOD user ID on AIX are legacy IDs from the Mainframe which don't match the AD IDs on the Windows Server.
Has anyone done a mass change/or update of CMOD IDs and passwords.

Concerning your first question... you have 2 choices:

1) change the userid with ARSXML
<user name="oldName" newName="newName" />

2) You add in AD for each user a field for the OD user. Let say with the attribute cmodUser, and in CMOD ars.cfg file, you need to use the entry ARS_LDAP_MAPPED_ATTRIBUTE, something like: ARS_LDAP_MAPPED_ATTRIBUTE=cmodUser

So either you change CMOD or your change AD (with a small adaptation on CMOD). You can choose :-D

OnDemand User Group

News:

Author Topic: Trying to test CMOD LDAP on AIX with AD Windows server. (Read 2838 times)

rketterer

Trying to test CMOD LDAP on AIX with AD Windows server.

Justin Derrick

Re: Trying to test CMOD LDAP on AIX with AD Windows server.

rketterer

Re: Trying to test CMOD LDAP on AIX with AD Windows server.

Alessandro Perucchi

Re: Trying to test CMOD LDAP on AIX with AD Windows server.

Alessandro Perucchi

Re: Trying to test CMOD LDAP on AIX with AD Windows server.