IO09171: Error GLPCOM008E after migrating server from 5.2 or 6.0 to 6.1

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • If a 5.2 or 6.0 server config file contains entries of object
    class ibm-slapdAdminGroupMember (e.g.: CN=*, CN=ADMINGROUP, CN=
    CONFIGURATION), then after migration to 6.1, the server will
    fail to start, with the error:
    
      GLPCOM008E The required attribute ibm-slapdAdminRole is
                 missing for entry CN=____, CN=ADMINGROUP, CN=
                 CONFIGURATION.
    

Local fix

  • Stop the server and edit the ibmslapd.conf file to add the
    following attributes to all ibm-slapdAdminGroupMember entries
    (CN=____, CN=ADMINGROUP, CN=CONFIGURATION) which do not yet have
    an ibm-slapdAdminRole attribute:
    
        ibm-slapdAdminRole: DirDataAdmin
        ibm-slapdAdminRole: PasswordAdmin
        ibm-slapdAdminRole: SchemaAdmin
        ibm-slapdAdminRole: ServerConfigGroupMember
        ibm-slapdAdminRole: ServerStartStopAdmin
    
    This should confer equivalent privileges to a TDS 5.2 or 6.0
    admin group member. Alternatively, you can suspend all
    administrative privileges for an admin group member by adding
    the attribute:
    
        ibm-slapdAdminRole: NoAdmin
    
    For detailed information on customizing administrator roles, see
    the following topic in the Administration Guide:
    
    - Server Administration
      - Securing directory access
        - Creating the administrative group
          - Administrative Roles
    

Problem summary

  • TDS 6.1 added a new MUST attribute (ibm-slapdAdminRole) to the
    ibm-slapdAdminGroupMember objectClass, but the 6.1 migration
    design was not updated to add this missing attribute when
    migrating older servers to 6.1.
    
    The instance migration process has been fixed to add the missing
    roles when migrating older instances to 6.1.
    

Problem conclusion

  • The fix for this APAR will be contained in the following
    maintenance packages:
    | LA interim fix | 6.1.0.2-TIV-ITDS-LA0001 |
    

Temporary fix

Comments

APAR Information

  • APAR number

    IO09171

  • Reported component name

    IBM TIV DIR SER

  • Reported component ID

    5724J3960

  • Reported release

    600

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2008-07-07

  • Closed date

    2008-07-28

  • Last modified date

    2008-07-28

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    IBM TIV DIR SER

  • Fixed component ID

    5724J3960

Applicable component levels

  • R610 PSY

       UP

  • R600 PSN

       UP



Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

IBM Security Directory Server
General

Software version:

600

Reference #:

IO09171

Modified date:

2008-07-28

Translate my page

Machine Translation

Content navigation