OnDemand User Group
Tips and Tricks => Tips and Tricks => Topic started by: Ed_Arnold on January 03, 2013, 01:52:10 PM
-
| fixed typo
If you run LDAP, the LDAP IVP is documented here:
https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.3.0/com.ibm.zos.v2r3.glpa200/tivstp.htm (https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.3.0/com.ibm.zos.v2r3.glpa200/tivstp.htm)
Sample JCL to run the LDAP IVP in batch:
//TMP1 EXEC PGM=IKJEFT01,
// DYNAMNBR=200
//SYSPROC DD DSN=SYS1.SBPXEXEC,DISP=SHR
//*
//SYSTSPRT DD SYSOUT=*
//SYSOUT DD SYSOUT=*
//*
//SYSTSIN DD *
oshell /bin/ldapsearch -h ldaphost-p ldapport -D binddn -w passwd -s base -b "" "objectclass=*"
//STDERR DD SYSOUT=*
//STDOUT DD SYSOUT=*
//STDENV DD *
_BPXK_JOBLOG=STDERR
/*
-
If you want to turn on LDAP tracing from the OnDemand side on z/OS, try this:
//ARSSOCKX PROC
//ARSSOCKX EXEC PGM=ARSSOCKD,REGION=0M,TIME=NOLIMIT,
// PARM=('ENVAR(LDAP_DEBUG=2147483647)/-S -I ARCHIVE -v')
I don't have any real experience with this, just know that it should work.
Ed
-
Problem, LDAP isn't connecting.
Pinging the server says connectivity is there, but is there a command where I can ping the actual port for the LDAP server - to prove there's not port blocking in place?
Yes - and it apparently works for both LDAP and CMOD:
FROM WINDOWS POWERSHELL --- a command to ping a specific port
Here's an example I ran on my system:
(yes, nnn and mmm are deliberate obscurations of actual IP addresses)
PS C:\Users\ed.arnold> test-netconnection 10.1.nnn.mmm -p 1557 <<<this is my test system, but port 1557 is invalid
WARNING: TCP connect to (10.1.nnn.mmm : 1557) failed
ComputerName : 10.1.nnn.mmm
RemoteAddress : 10.1.nnn.mmm
RemotePort : 1557
InterfaceAlias : Ethernet 2
SourceAddress : 10.111.xxx.yy
PingSucceeded : True
PingReplyDetails (RTT) : 42 ms
TcpTestSucceeded: False
PS C:\Users\ed.arnold> test-netconnection 10.1.nnn.mmm -p 1449 <<<port 1449 is the port that CMOD listens on
ComputerName :10.1.nnn.mmm
RemoteAddress :10.1.nnn.mmm
RemotePort :1449
InterfaceAlias :Ethernet 2
SourceAddress :10.111.xxx.yy
TcpTestSucceeded : True
PS C:\Users\ed.arnold>
-
First: First - SRVR_FLAGS_SECURITY_EXIT=n should probably be set to 0
Second - Make sure they you've added the LDAP bind user to the stash file with the arsstash command
Third - make sure you have enabled the settings in the admin client as per the attached jpg.
Ed