PQ61117: MIGRATION FROM RDBM TO TDBM DIALOG IS MISSING AN ACL UPDATE STEP | |||||||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||||||
![]() APAR status Closed as program error. Error description Migration from RDBM to TDBM dialog is missing a step. ACL entries are not update as specified in the white paper for RDBM to TDBM migration. This results in Naming Registration failure for an application. ANYBODY is trying to update LDAP and doesn't have authority to do so.Local fix If you already ran BBOMTDBM job, you need to modify export.ldif file (located in /tmp directory, unless otherwise specified) with the correct ACL entries. The ACL entries are as follows: . aclentry: group:CN=ANYBODY:normal:rsc aclentry: access-id:racfid=CBSYMCR1,profiletype=user,o=WSLPLEX: normal:rwsc:sensitive:rwsc:critical:rwsc:object:ad aclentry: access-id:racfid=CBADMIN,profiletype=user,o=WSLPLEX: normal:rwsc:sensitive:rwsc:critical:rwsc:object:ad aclentry: access-id:CN=BOSSADMIN,O=CB390_WSLPLEX:normal:rwsc: object:ad . aclentry: group:CN=ANYBODY:normal:rsc aclentry: access-id:racfid=CBSYMCR1,profiletype=user,o=WSLPLEX: normal:rwsc:sensitive:rwsc:critical:rwsc:object:ad aclentry: access-id:racfid=CBADMIN:,profiletype=user,o=WSLPLEX: normal:rwsc:sensitive:rwsc:critical:rwsc:object:ad aclentry: access-id:CN=WASADMIN,O=WAS390_WSLPLEX:normal:rwsc: object:ad . Use suffix in bboslapd.conf to replace "o=WSLPLEX" part. . Then ran the following ldapmodify command (all in one line): . ldapmodify -r -h 127.0.0.1 -p 1389 -D "cn=CBAdmin" -w secret -f /tmp/export.ldif Note: if you use a different port, password, or the export.ldifProblem summary **************************************************************** * USERS AFFECTED: All users of WebSphere Application Server * * V4.0.1 for z/OS and OS/390 * **************************************************************** * PROBLEM DESCRIPTION: The RDBM to TDBM migration instructions * * generated by the "WebSphere for z/OS * * Customization" dialog is missing a step * * The missing step is to update the ACL * * entries in the exported file. * **************************************************************** * RECOMMENDATION: * **************************************************************** The RDBM to TDBM migration instructions (BBOTMSTR) generated by by the "WebSphere for z/OS Customization" dialog is missing a step. That step is to update the ACL entries in the exported file. Without this step, Naming Registration will fail. In addition to the problem reported by APAR PQ61117, an error in one of the dialog generated jobs (BBOLDRAJ) is being addressed. In this job, an extra "DISP=SHR," is being generated for the "//RACFCMDS DD", causing a JCL error.Problem conclusion "WebSphere for z/OS Customization" dialog support will be modified to add the missing step to BBOTMSTR so that the ACL entries will be updated in the exported file before running LDAPMODIFY commands to populate the LDAP database. Support has been modified to remove the generation of the extra "DISP=SHR," in job BBOLDRAJ. APAR PQ61117 is associated with SERVICE LEVEL W401065 of WebSphere Application Server V4.0.1 for z/OS and OS/390.Temporary fix Comments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: UQ66414 Modules/Macros
|
Document Information |
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server for z/OS
Operating system(s):
Software version: 401
Software edition:
Reference #: PQ61117
IBM Group: Software Group
Modified date: Jun 6, 2002
(C) Copyright IBM Corporation 2000, 2006. All Rights Reserved.