------
README
------

Date:   February 16, 2001


Patch:  3.2.0-SWD-0006


Component: SecureWay Directory 3.2.0 (Server Installations)


General Description:

    The E-Fix for a problem describe in APAR IR45005.  Specifically,
    if a user attempts to create an string syntax attribute whose length
    is greater that 32K (that is 32x1024), the operation is signaled as
    an error with the error text "DSA UNWILLING TO PERFORM".  By preventing
    such operations, the problem described in PMR 72041,487,000 will not
    occur.  At the time of writing, there are no APAR numbers for this
    defect.
    


Problems Fixed:


  New Fixes in 3.2.0-SWD-0006:


    FIX for IR45005

    Symptoms: Attribute can be created that has a string value syntax and
    and value greater than 32K.  Such a value is in violation of what is 
    allowed to be stored in the DB2 backend.

    Also included is an accumulation of fixes previously provided to two
    customers.  The fixes are referenced by the internal tracking number (CMVC):


    61709 -- ldap_rename fails when dn is member of large group
    61720 -- bind time membership determination for groups not utilizing
             DB2 index
    61783 -- delete/modrdn not utilizing DB2 index
    61850 -- terminate blob data from DB2 with '\0' in GetGroupEntry
    61883 -- member schema change to create index
    61899 -- Search on alias doesn't work with non-English characters
    61888 -- Some legitimate but complex searches result in operation error
    62059 -- PD: Merge Dave Bachmann's group performance enhancement
    62280 -- PD: Slapd traps on NT when modify-replace userpassword
    62317 -- PD: un-initialized rc in put_filter() causes random errors
    62356 -- HP: call pthread_key_delete() in unbind processing for HP
    62526 -- db2ldif failed to export all members in group


Platforms(s):

   -  The IBM AIX supported platforms for the SecureWay Directory V3.2 product.
   -  The Microsoft Windows NT supported platforms.


Dependencies:


    It is assumed the level of SecureWay Directory is V3.2.  If there are
    patches applied, those patches must be a subset of the set of fixes
    provided by this current patch.  The fixes are described below.


Files Replaced or Added by this Patch 


  For the IBM AIX platform:
 
    With $INSTALL_DIR representing the root of the LDAP installation (typically
    /usr/ldap) the files replaced are:

    $INSTALL_DIR/lib/libldap.a
    $INSTALL_DIR/lib/libslapi.a
    $INSTALL_DIR/lib/libback-rdbm.a
    $INSTALL_DIR/lib/libutils.a
    $INSTALL_DIR/sbin/db2ldif

  For the Microsoft Windows NT platform:
 
    With $INSTALL_DIR representing the root of the LDAP installation (typically
    \Program Files\IBM\LDAP) the files replaced are:

    $INSTALL_DIR/bin/ldap.dll
    $INSTALL_DIR/bin/libslapi.dll
    $INSTALL_DIR/bin/libback-rdbm.dll
    $INSTALL_DIR/bin/libutils.dll
    $INSTALL_DIR/bin/db2ldif.exe



Patch Contents:


    The tar archive for the AIX patch is named 3.2.0-SWD-0006.tar and 
    includes:

    - This README file
    - The file libldap.a
    - The file libslapi.a
    - The file libback-rdbm.a
    - The file libutils.a
    - The file db2ldif


    The zip archive for the Windows NT patch is named 3.2.0-SWD-0006.zip and 
    includes:

    - This README file
    - The file ldap.dll
    - The file libslapi.dll
    - The file libback-rdbm.dll
    - The file libutils.dll
    - The file db2ldif.exe


Applying the Patch:


    1)  Extract the contents of the patch archive into a temporary directory.


    2)  Make sure the directory server is stopped.


    3)  Replace the installed version of each file with the version included
        in the patch.


    4)  FOR AIX, assign the correct owner, group, and permissions to the
        replaced file.


        Assume $OWNER has the correct value for owner of the installation files,
        and $GROUP has the correct group value.  The default for both is ldap.

        # chown $OWNER $INSTALL_DIR/lib/<file>
        # chgrp $GROUP $INSTALL_DIR/lib/<file>
        # chmod 755 $INSTALL_DIR/lib/<file>


    5)  At this point the directory server can be restarted and normal operation
        can be continued.




Confirming the Patch has been applied successfully:


    If the directory server can be restarted, the patch has been applied
    successfully.


    Below is some relevant information on the replacement files:


    For AIX:

    -  Filesize for libldap.a       is  554969
    -  Filesize for libslapi.a      is  133051
    -  Filesize for libback-rdbm.a  is 1735948
    -  Filesize for libutils.a      is 5112650
    -  Filesize for db2ldif         is  247128 


    -  The command sum -r libldap.a results in:

       05927  xxxx    libldap.a 

    -  The command sum -r libslapi.a results in:

       29642  xxxx    libslapi.a 

    -  The command sum -r libback-rdbm.a results in:

       52972  xxxx    libback-rdbm.a 

    -  The command sum -r libutils.a results in:

       13149  xxxx    libutils.a 

    -  The command sum -r db2ldif results in:

       57174  xxxx    db2ldif


    For NT:

    -  Filesize for ldap.dll          is 423936
    -  Filesize for libslapi.dll      is  83968
    -  Filesize for libback-rdbm.dll  is 697856
    -  Filesize for libutils.dll      is 964608
    -  Filesize for db2ldif.exe       is 184832 


    -  The command sum -r libldap.dll results in:

       61829  xxxx    ldap.dll 

    -  The command sum -r libslapi.dll results in:

       57100  xxxx    libslapi.dll 

    -  The command sum -r libback-rdbm.dll results in:

       27232  xxxx    libback-rdbm.dll 

    -  The command sum -r libutils.dll results in:

       26232  xxxx    libutils.dll 

    -  The command sum -r db2ldif.exe results in:

       11974  xxxx    db2ldif.exe


       
       Each xxxx represents a number which is the number of blocks used by
       the file.  It is left out since this number is filesystem format 
       dependent.



-------------
END OF README
-------------