IBM Support

IV45605: LOGIN MAY FAIL FOR A NIS_LDAP NETGROUP BASED USER ACCOUNT

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as fixed if next.

Error description

  • Following client enablement steps to set up a LDAP
    netgroup
    may fail if the "registry" value is defined on the LDAP
    server.
    
    # grep "^userattrmappath" ldap.cfg
    userattrmappath:/etc/security/ldap/2307aixuser.map
    
    # grep registry 2307aixuser.map
    registry  SEC_CHAR  passwordregistry  s  na  yes
    
    # lsldap -a passwd ruser | grep passwordregistry
    passwordregistry: LDAP
    
    This shows that the "registry" value is configured on
    the LDAP server.
    

Local fix

  • # grep "^userattrmappath" ldap.cfg
    userattrmappath:/etc/security/ldap/2307aixuser.map
    
    # grep registry 2307aixuser.map
    registry  SEC_CHAR  passwordregistry  s  na  yes
    
    # lsldap -a passwd ruser | grep passwordregistry
    passwordregistry: LDAP
    
    -> the "registry" value is configured at the LDAP server
    
    - commenting the "registry" value in the map file solves
    the
      issue:
    
    # grep registry 2307aixuser.map
    #registry  SEC_CHAR  passwordregistry  s  na  yes
    
    # restart-secldapclntd
    

Problem summary

  • LDAP netgroup user unable to login to the system when LDAP
    user stanza defined with user registry attribute as LDAP.
    Login doesn't take the registry attribute which is defined in
    the /etc/security/user file on the LDAP client systems for
    netgroup user.
    

Problem conclusion

Temporary fix

Comments

  • This APAR is being closed FIN. This means that a solution to
    this APAR is expected to be delivered from IBM in a release
    (if any) to be available within the next 24 months.
    

APAR Information

  • APAR number

    IV45605

  • Reported component name

    AIX 610 STD EDI

  • Reported component ID

    5765G6200

  • Reported release

    610

  • Status

    CLOSED FIN

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Submitted date

    2013-07-15

  • Closed date

    2014-04-18

  • Last modified date

    2014-04-24

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    IV59530 IV59700 IV59757

Fix information

Applicable component levels

  • R610 PSY

       UP

[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSMV87","label":"AIX 6.1 Enterprise Edition"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"610","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}},{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSMVAX","label":"AIX Express Edition"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"610","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSAUMY","label":"IBM AIX Enterprise Edition"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"610","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG11Q","label":"AIX 6.1 HIPERS, APARs and Fixes"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"610","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
24 April 2014