PQ73174: WEBSPHERE INSTALLATION AND CUSTOMIZATION BOOK NEEDS TO BE UPDATED TO REFLECT ACL LDAP COMMAND CHANGE FOR Z/OS 1.4. | |||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||
APAR status Closed as documentation error. Error description Installation and Customization book -> Chapter 4 ->"Adding a new Administrator for the Administration Application." -> "Steps for updating the Access Control List for ldap", . Step 3 in this section should be updated as follows: . Extract the current access control list with the ldapcp command In case you are using z/OS 1.4 please use the ldapsearch command documented in Security Server LDAP Server Administration and Use, chapter 23, SC24-5923. . For example the ldapsearch command to use for z/OS 1.4 would be: ldapsearch -p 1389 -h 127.0.0.1 -D "cn=<adminid>" -w <password> -b "o=WASNaming,c=us" -s base "objectclass=*" aclEntry aclPropagate aclSource entryOwner ownerPropagate ownerSource . where the <adminid> is the value of the entry owner access id and <password> is the value of the userpassword value.Local fix Problem summary **************************************************************** * USERS AFFECTED: All users of WebSphere Application Server * * V4.0.1 for z/OS and OS/390 * **************************************************************** * PROBLEM DESCRIPTION: The WebSphere for z/OS: Installation * * and Customization publication should * * be updated to include correct * * distinction between the ldapcp and * * ldapsearch commands. * **************************************************************** * RECOMMENDATION: * **************************************************************** The WebSphere for z/OS: Installation and Customization publication should be updated to include correct distinction between the ldapcp and ldapsearch commands.Problem conclusion APAR PQ73174 requires changes to documentation. A change to V4.0.1 WebSphere for z/OS: Messages and Diagnosis GA22-7837-06 will be available in the next refresh of the documentation. To access the latest online documentation, go to the product library page at: www.ibm.com/software/webservers/appserv/zos_os390/library/ The following change appears in the book on page 223: 3. Extract the current access control list. - If you are running z/OS 1.3 or earlier, extract the current access control list with the ldapcp command. Example: /u/myself-> ldapcp -p 1389 -h 127.0.0.1 -d "cn=CBAdmin" -w ***** GLD6019I Communicating with server on port 1389. ldapcp> acl q ob "o=boss,c=us" object = o=boss,c=us aclSource = O=BOSS,C=US aclPropagate = TRUE acl = access-id:CBADMIN:object:ad:normal:rwsc acl = access-id:CBSYMCR1:object:ad:normal:rwsc acl = group:CN=ANYBODY:normal:rsc acl = access-id:CN=BOSSAdmin,O=BOSS,C=US:object:ad:normal:rwsc ldapcp>quit - If you are running z/OS 1.4, use the ldapsearch command. Example: ldapsearch -p 1389 -h 127.0.0.1 -D "cn=<adminid>" -w <password> -b "o=WASNaming,c=us" -s base "objectclass=*" aclEntry aclPropagate aclSource entryOwner ownerPropagate ownerSource where <adminid> is the value of the entry owner access id and <password> is the value of the userpassword value. Note: See Chapter 23 of Security Server LDAP Server Administration and Use, SC24-5923, for more information about the ldapsearch command.Temporary fix Comments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: Modules/Macros
|
Document Information |
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server for z/OS
Operating system(s):
Software version: 401
Software edition:
Reference #: PQ73174
IBM Group: Software Group
Modified date: Jul 22, 2003
(C) Copyright IBM Corporation 2000, 2006. All Rights Reserved.