6.1.0.74-ISS-ITDS-WinX64-IF0074
6.1.0.74-ISS-ITDS-Win32-IF0074
6.1.0.74-ISS-ITDS-SolarisX64-IF0074
6.1.0.74-ISS-ITDS-SolarisSparc-IF0074
6.1.0.74-ISS-ITDS-Linuxz-IF0074
6.1.0.74-ISS-ITDS-LinuxX64-IF0074
6.1.0.74-ISS-ITDS-Linuxip-IF0074
6.1.0.74-ISS-ITDS-Linux32-IF0074
6.1.0.74-ISS-ITDS-HPUXPARISC-IF0074
6.1.0.74-ISS-ITDS-HPUXIA64-IF0074
6.1.0.74-ISS-ITDS-AIX-IF0074
6.1.0.73-ISS-ITDS-WinX64-IF0073
6.1.0.73-ISS-ITDS-Win32-IF0073
6.1.0.73-ISS-ITDS-SolarisX64-IF0073
6.1.0.73-ISS-ITDS-SolarisSparc-IF0073
6.1.0.73-ISS-ITDS-Linuxz-IF0073
6.1.0.73-ISS-ITDS-Linuxip-IF0073
6.1.0.73-ISS-ITDS-LinuxX64-IF0073
6.1.0.73-ISS-ITDS-Linux32-IF0073
6.1.0.73-ISS-ITDS-HPUXPARISC-IF0073
6.1.0.73-ISS-ITDS-HPUXIA64-IF0073
6.1.0.73-ISS-ITDS-AIX-IF0073
6.1.0.71-ISS-ITDS-WinX64-IF0071
6.1.0.71-ISS-ITDS-Win32-IF0071
6.1.0.71-ISS-ITDS-SolarisX64-IF0071
6.1.0.71-ISS-ITDS-SolarisSparc-IF0071
6.1.0.71-ISS-ITDS-Linuxz-IF0071
6.1.0.71-ISS-ITDS-LinuxX64-IF0071
6.1.0.71-ISS-ITDS-Linuxip-IF0071
6.1.0.71-ISS-ITDS-Linux32-IF0071
6.1.0.71-ISS-ITDS-HPUXPARISC-IF0071
6.1.0.71-ISS-ITDS-HPUXIA64-IF0071
6.1.0.71-ISS-ITDS-AIX-IF0071
6.1.0.70-ISS-ITDS-WinX64-IF0070
6.1.0.70-ISS-ITDS-Win32-IF0070
6.1.0.70-ISS-ITDS-SolarisX64-IF0070
6.1.0.70-ISS-ITDS-SolarisSparc-IF0070
6.1.0.70-ISS-ITDS-Linuxz-IF0070
6.1.0.70-ISS-ITDS-LinuxX64-IF0070
6.1.0.70-ISS-ITDS-Linuxip-IF0070
6.1.0.70-ISS-ITDS-Linux32-IF0070
6.1.0.70-ISS-ITDS-HPUXPARISC-IF0070
6.1.0.70-ISS-ITDS-HPUXIA64-IF0070
6.1.0.70-ISS-ITDS-AIX-IF0070
6.1.0.69-ISS-ITDS-WinX64-IF0069
6.1.0.69-ISS-ITDS-Win32-IF0069
6.1.0.69-ISS-ITDS-SolarisX64-IF0069
6.1.0.69-ISS-ITDS-SolarisSparc-IF0069
6.1.0.69-ISS-ITDS-Linuxz-IF0069
6.1.0.69-ISS-ITDS-LinuxX64-IF0069
6.1.0.69-ISS-ITDS-Linuxip-IF0069
6.1.0.69-ISS-ITDS-Linux32-IF0069
6.1.0.69-ISS-ITDS-HPUXPARISC-IF0069
6.1.0.69-ISS-ITDS-HPUXIA64-IF0069
6.1.0.69-ISS-ITDS-AIX-IF0069
6.1.0.68-ISS-ITDS-WinX64-IF0068
6.1.0.68-ISS-ITDS-Win32-IF0068
6.1.0.68-ISS-ITDS-SolarisX64-IF0068
6.1.0.68-ISS-ITDS-SolarisSparc-IF0068
6.1.0.68-ISS-ITDS-Linuxz-IF0068
6.1.0.68-ISS-ITDS-LinuxX64-IF0068
6.1.0.68-ISS-ITDS-Linuxip-IF0068
6.1.0.68-ISS-ITDS-Linux32-IF0068
6.1.0.68-ISS-ITDS-HPUXPARISC-IF0068
6.1.0.68-ISS-ITDS-HPUXIA64-IF0068
6.1.0.68-ISS-ITDS-AIX-IF0068
6.1.0.67-ISS-ITDS-WinX64-IF0067
6.1.0.67-ISS-ITDS-Win32-IF0067
6.1.0.67-ISS-ITDS-SolarisX64-IF0067
6.1.0.67-ISS-ITDS-SolarisSparc-IF0067
6.1.0.67-ISS-ITDS-Linuxz-IF0067
6.1.0.67-ISS-ITDS-LinuxX64-IF0067
6.1.0.67-ISS-ITDS-Linuxip-IF0067
6.1.0.67-ISS-ITDS-Linux32-IF0067
6.1.0.67-ISS-ITDS-HPUXPARISC-IF0067
6.1.0.67-ISS-ITDS-HPUXIA64-IF0067
6.1.0.67-ISS-ITDS-AIX-IF0067
6.1.0.66-ISS-ITDS-WinX64-IF0066
6.1.0.66-ISS-ITDS-Win32-IF0066
6.1.0.66-ISS-ITDS-SolarisX64-IF0066
6.1.0.66-ISS-ITDS-SolarisSparc-IF0066
6.1.0.66-ISS-ITDS-Linuxz-IF0066
6.1.0.66-ISS-ITDS-LinuxX64-IF0066
6.1.0.66-ISS-ITDS-Linuxip-IF0066
6.1.0.66-ISS-ITDS-Linux32-IF0066
6.1.0.66-ISS-ITDS-HPUXPARISC-IF0066
6.1.0.66-ISS-ITDS-HPUXIA64-IF0066
6.1.0.66-ISS-ITDS-AIX-IF0066
6.1.0.65-ISS-ITDS-WinX64-IF0065
6.1.0.65-ISS-ITDS-Win32-IF0065
6.1.0.65-ISS-ITDS-SolarisX64-IF0065
6.1.0.65-ISS-ITDS-SolarisSparc-IF0065
6.1.0.65-ISS-ITDS-Linuxz-IF0065
6.1.0.65-ISS-ITDS-LinuxX64-IF0065
6.1.0.65-ISS-ITDS-Linuxip-IF0065
6.1.0.65-ISS-ITDS-Linux32-IF0065
6.1.0.65-ISS-ITDS-HPUXPARISC-IF0065
6.1.0.65-ISS-ITDS-HPUXIA64-IF0065
6.1.0.65-ISS-ITDS-AIX-IF0065
Tivoli Directory Server, Version 6.1.0.48-ISS-ITDS-IF0048
Tivoli Directory Server, Version 6.1.0.49-ISS-ITDS-IF0049

APAR status

• Closed as program error.

Error description

• The TDS install log on Windows ({install path}
  \IBM\LDAP\V6.1\var\ldapinst.log)
  
  contains the db2 admin password in cleartext
  if the DB2 instance is configured during install.
  It occurs in 2 places:
  (Nov 30, 2009 1:08:37 PM), Setup.product.install,
  com.ibm.ldap.install.beans.LdapConfigDB2UseridPanel,
  dbg, Setting System Property DB2AdminID: ldapdb2
  (Nov 30, 2009 1:08:37 PM), Setup.product.install,
  com.ibm.ldap.install.beans.LdapConfigDB2UseridPanel,
  dbg, admin DN:ldapdb2
  Nov 30, 2009 1:08:37 PM), Setup.product.install,
  com.ibm.ldap.install.beans.LdapConfigDB2UseridPanel,
  dbg, Setting System Property DB2AdminPW: xxxxxxxsecret
  (Nov 30, 2009 1:08:37 PM), Setup.product.install,
  com.ibm.ldap.install.beans.LdapConfigDB2UseridPanel,
  dbg, leaving queryExit :: LdapConfigDB2UseridPanel Method
  ...
  (Nov 30, 2009 1:09:24 PM), Setup.product.install,
  com.installshield.wizardx.ascii.ModifyFile, msg2,
  /ADD LINE AT LINE 13/
  (Nov 30, 2009 1:09:24 PM), Setup.product.install,
  com.installshield.wizardx.ascii.ModifyFile, msg2,
  DB2.USERNAME = ldapdb2
  (Nov 30, 2009 1:09:24 PM), Setup.product.install,
  com.installshield.wizardx.ascii.ModifyFile, msg2,
  /REPLACE LINE: 14/
  (Nov 30, 2009 1:09:24 PM), Setup.product.install,
  com.installshield.wizardx.ascii.ModifyFile, msg2,
  DB2.PASSWORD = secret
  

Local fix

• No known workaround.
  

Problem summary

• Currently there are multiple loggers which adds information
  to log file.
  e.g. dbg, wrn, msg2, err, internal_error, msg1
  msg2 was logging db2 password information to log file.
  Code modifications disable msg2 logger being logged in
  ldapinst.log file.
  As a result db2 password is not logged in ldapinst.log file
  but with this change all message that are logged by msg2
  logger are prevented being logged.
  Disabling msg2 logger didn't log db2admin user password
  information.
  Modifications are done for message that are logged by msg2
  (in java files) to msg1 logger. This keeps the logs in tact.
  

Problem conclusion

• The fix for this APAR will be contained in the following
  maintenance packages:
  | interim fix | 6.1.0.4-TIV-ITDS-IF0006 |
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

  IO12990

Fix information

• Fixed component name

  IBM TIV DIR SER

• Fixed component ID

  5724J3960

Applicable component levels

• R610 PSY

     UP