Author Topic: LDAP IVP  (Read 5060 times)

Ed_Arnold

  • Hero Member
  • *****
  • Posts: 1199
    • View Profile
LDAP IVP
« on: January 03, 2013, 01:52:10 PM »
| fixed typo

If you run LDAP, the LDAP IVP is documented here:
   
https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.3.0/com.ibm.zos.v2r3.glpa200/tivstp.htm

Sample JCL to run the LDAP IVP in batch:

//TMP1  EXEC  PGM=IKJEFT01,                                       
//            DYNAMNBR=200                                       
//SYSPROC  DD  DSN=SYS1.SBPXEXEC,DISP=SHR                         
//*                                                               
//SYSTSPRT DD  SYSOUT=*                                           
//SYSOUT   DD  SYSOUT=*                                           
//*                                                               
//SYSTSIN  DD  *                                                 
 oshell /bin/ldapsearch -h ldaphost-p ldapport -D binddn -w passwd -s base -b "" "objectclass=*"
//STDERR   DD SYSOUT=*                                           
//STDOUT   DD SYSOUT=*                                           
//STDENV DD *                                                     
_BPXK_JOBLOG=STDERR                                               
/*
« Last Edit: December 04, 2017, 12:35:27 PM by Ed_Arnold »
#zOS #ODF

Ed_Arnold

  • Hero Member
  • *****
  • Posts: 1199
    • View Profile
LDAP Tracing
« Reply #1 on: April 17, 2013, 09:08:08 AM »
If you want to turn on LDAP tracing from the OnDemand side on z/OS, try this:

//ARSSOCKX PROC                                     
//ARSSOCKX EXEC PGM=ARSSOCKD,REGION=0M,TIME=NOLIMIT,
// PARM=('ENVAR(LDAP_DEBUG=2147483647)/-S -I ARCHIVE -v')


I don't have any real experience with this, just know that it should work.   

Ed
#zOS #ODF

Ed_Arnold

  • Hero Member
  • *****
  • Posts: 1199
    • View Profile
You can ping the LDAP server, how can you tell if the port is blocked?
« Reply #2 on: April 29, 2021, 09:15:23 AM »
Problem, LDAP isn't connecting. 

Pinging the server says connectivity is there, but is there a command where I can ping the actual port for the LDAP server - to prove there's not port blocking in place?

Yes - and it apparently works for both LDAP and CMOD:

FROM WINDOWS POWERSHELL --- a command to ping a specific port

Here's an example I ran on my system:

(yes, nnn and mmm are deliberate obscurations of actual IP addresses)

PS C:\Users\ed.arnold> test-netconnection 10.1.nnn.mmm -p 1557     <<<this is my test system, but port 1557 is invalid                                                   
WARNING: TCP connect to (10.1.nnn.mmm : 1557) failed                                                                                   
ComputerName          : 10.1.nnn.mmm
RemoteAddress         : 10.1.nnn.mmm
RemotePort            : 1557
InterfaceAlias        : Ethernet 2
SourceAddress         : 10.111.xxx.yy
PingSucceeded         : True
PingReplyDetails (RTT) : 42 ms
TcpTestSucceeded: False
PS C:\Users\ed.arnold> test-netconnection 10.1.nnn.mmm -p 1449  <<<port 1449 is the port that CMOD listens on
ComputerName     :10.1.nnn.mmm
RemoteAddress    :10.1.nnn.mmm
RemotePort       :1449
InterfaceAlias   :Ethernet 2
SourceAddress    :10.111.xxx.yy
TcpTestSucceeded : True
PS C:\Users\ed.arnold>
#zOS #ODF

Ed_Arnold

  • Hero Member
  • *****
  • Posts: 1199
    • View Profile
Common Items to check, at least for a typical LDAP set up for z
« Reply #3 on: April 29, 2021, 09:20:52 AM »
First:  First - SRVR_FLAGS_SECURITY_EXIT=n should probably be set to 0

Second - Make sure they you've added the LDAP bind user to the stash file with the arsstash command

Third - make sure you have enabled the settings in the admin client as per the attached jpg.

Ed

#zOS #ODF