IBM Support

IO12776: DB2 password appears twice in ldapinst.log

Direct links to fixes

6.1.0.74-ISS-ITDS-WinX64-IF0074
6.1.0.74-ISS-ITDS-Win32-IF0074
6.1.0.74-ISS-ITDS-SolarisX64-IF0074
6.1.0.74-ISS-ITDS-SolarisSparc-IF0074
6.1.0.74-ISS-ITDS-Linuxz-IF0074
6.1.0.74-ISS-ITDS-LinuxX64-IF0074
6.1.0.74-ISS-ITDS-Linuxip-IF0074
6.1.0.74-ISS-ITDS-Linux32-IF0074
6.1.0.74-ISS-ITDS-HPUXPARISC-IF0074
6.1.0.74-ISS-ITDS-HPUXIA64-IF0074
6.1.0.74-ISS-ITDS-AIX-IF0074
6.1.0.73-ISS-ITDS-WinX64-IF0073
6.1.0.73-ISS-ITDS-Win32-IF0073
6.1.0.73-ISS-ITDS-SolarisX64-IF0073
6.1.0.73-ISS-ITDS-SolarisSparc-IF0073
6.1.0.73-ISS-ITDS-Linuxz-IF0073
6.1.0.73-ISS-ITDS-Linuxip-IF0073
6.1.0.73-ISS-ITDS-LinuxX64-IF0073
6.1.0.73-ISS-ITDS-Linux32-IF0073
6.1.0.73-ISS-ITDS-HPUXPARISC-IF0073
6.1.0.73-ISS-ITDS-HPUXIA64-IF0073
6.1.0.73-ISS-ITDS-AIX-IF0073
6.1.0.71-ISS-ITDS-WinX64-IF0071
6.1.0.71-ISS-ITDS-Win32-IF0071
6.1.0.71-ISS-ITDS-SolarisX64-IF0071
6.1.0.71-ISS-ITDS-SolarisSparc-IF0071
6.1.0.71-ISS-ITDS-Linuxz-IF0071
6.1.0.71-ISS-ITDS-LinuxX64-IF0071
6.1.0.71-ISS-ITDS-Linuxip-IF0071
6.1.0.71-ISS-ITDS-Linux32-IF0071
6.1.0.71-ISS-ITDS-HPUXPARISC-IF0071
6.1.0.71-ISS-ITDS-HPUXIA64-IF0071
6.1.0.71-ISS-ITDS-AIX-IF0071
6.1.0.70-ISS-ITDS-WinX64-IF0070
6.1.0.70-ISS-ITDS-Win32-IF0070
6.1.0.70-ISS-ITDS-SolarisX64-IF0070
6.1.0.70-ISS-ITDS-SolarisSparc-IF0070
6.1.0.70-ISS-ITDS-Linuxz-IF0070
6.1.0.70-ISS-ITDS-LinuxX64-IF0070
6.1.0.70-ISS-ITDS-Linuxip-IF0070
6.1.0.70-ISS-ITDS-Linux32-IF0070
6.1.0.70-ISS-ITDS-HPUXPARISC-IF0070
6.1.0.70-ISS-ITDS-HPUXIA64-IF0070
6.1.0.70-ISS-ITDS-AIX-IF0070
6.1.0.69-ISS-ITDS-WinX64-IF0069
6.1.0.69-ISS-ITDS-Win32-IF0069
6.1.0.69-ISS-ITDS-SolarisX64-IF0069
6.1.0.69-ISS-ITDS-SolarisSparc-IF0069
6.1.0.69-ISS-ITDS-Linuxz-IF0069
6.1.0.69-ISS-ITDS-LinuxX64-IF0069
6.1.0.69-ISS-ITDS-Linuxip-IF0069
6.1.0.69-ISS-ITDS-Linux32-IF0069
6.1.0.69-ISS-ITDS-HPUXPARISC-IF0069
6.1.0.69-ISS-ITDS-HPUXIA64-IF0069
6.1.0.69-ISS-ITDS-AIX-IF0069
6.1.0.68-ISS-ITDS-WinX64-IF0068
6.1.0.68-ISS-ITDS-Win32-IF0068
6.1.0.68-ISS-ITDS-SolarisX64-IF0068
6.1.0.68-ISS-ITDS-SolarisSparc-IF0068
6.1.0.68-ISS-ITDS-Linuxz-IF0068
6.1.0.68-ISS-ITDS-LinuxX64-IF0068
6.1.0.68-ISS-ITDS-Linuxip-IF0068
6.1.0.68-ISS-ITDS-Linux32-IF0068
6.1.0.68-ISS-ITDS-HPUXPARISC-IF0068
6.1.0.68-ISS-ITDS-HPUXIA64-IF0068
6.1.0.68-ISS-ITDS-AIX-IF0068
6.1.0.67-ISS-ITDS-WinX64-IF0067
6.1.0.67-ISS-ITDS-Win32-IF0067
6.1.0.67-ISS-ITDS-SolarisX64-IF0067
6.1.0.67-ISS-ITDS-SolarisSparc-IF0067
6.1.0.67-ISS-ITDS-Linuxz-IF0067
6.1.0.67-ISS-ITDS-LinuxX64-IF0067
6.1.0.67-ISS-ITDS-Linuxip-IF0067
6.1.0.67-ISS-ITDS-Linux32-IF0067
6.1.0.67-ISS-ITDS-HPUXPARISC-IF0067
6.1.0.67-ISS-ITDS-HPUXIA64-IF0067
6.1.0.67-ISS-ITDS-AIX-IF0067
6.1.0.66-ISS-ITDS-WinX64-IF0066
6.1.0.66-ISS-ITDS-Win32-IF0066
6.1.0.66-ISS-ITDS-SolarisX64-IF0066
6.1.0.66-ISS-ITDS-SolarisSparc-IF0066
6.1.0.66-ISS-ITDS-Linuxz-IF0066
6.1.0.66-ISS-ITDS-LinuxX64-IF0066
6.1.0.66-ISS-ITDS-Linuxip-IF0066
6.1.0.66-ISS-ITDS-Linux32-IF0066
6.1.0.66-ISS-ITDS-HPUXPARISC-IF0066
6.1.0.66-ISS-ITDS-HPUXIA64-IF0066
6.1.0.66-ISS-ITDS-AIX-IF0066
6.1.0.65-ISS-ITDS-WinX64-IF0065
6.1.0.65-ISS-ITDS-Win32-IF0065
6.1.0.65-ISS-ITDS-SolarisX64-IF0065
6.1.0.65-ISS-ITDS-SolarisSparc-IF0065
6.1.0.65-ISS-ITDS-Linuxz-IF0065
6.1.0.65-ISS-ITDS-LinuxX64-IF0065
6.1.0.65-ISS-ITDS-Linuxip-IF0065
6.1.0.65-ISS-ITDS-Linux32-IF0065
6.1.0.65-ISS-ITDS-HPUXPARISC-IF0065
6.1.0.65-ISS-ITDS-HPUXIA64-IF0065
6.1.0.65-ISS-ITDS-AIX-IF0065
Tivoli Directory Server, Version 6.1.0.48-ISS-ITDS-IF0048
Tivoli Directory Server, Version 6.1.0.49-ISS-ITDS-IF0049

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • The TDS install log on Windows ({install path}
    \IBM\LDAP\V6.1\var\ldapinst.log)
    
    contains the db2 admin password in cleartext
    if the DB2 instance is configured during install.
    It occurs in 2 places:
    (Nov 30, 2009 1:08:37 PM), Setup.product.install,
    com.ibm.ldap.install.beans.LdapConfigDB2UseridPanel,
    dbg, Setting System Property DB2AdminID: ldapdb2
    (Nov 30, 2009 1:08:37 PM), Setup.product.install,
    com.ibm.ldap.install.beans.LdapConfigDB2UseridPanel,
    dbg, admin DN:ldapdb2
    Nov 30, 2009 1:08:37 PM), Setup.product.install,
    com.ibm.ldap.install.beans.LdapConfigDB2UseridPanel,
    dbg, Setting System Property DB2AdminPW: xxxxxxxsecret
    (Nov 30, 2009 1:08:37 PM), Setup.product.install,
    com.ibm.ldap.install.beans.LdapConfigDB2UseridPanel,
    dbg, leaving queryExit :: LdapConfigDB2UseridPanel Method
    ...
    (Nov 30, 2009 1:09:24 PM), Setup.product.install,
    com.installshield.wizardx.ascii.ModifyFile, msg2,
    /ADD LINE AT LINE 13/
    (Nov 30, 2009 1:09:24 PM), Setup.product.install,
    com.installshield.wizardx.ascii.ModifyFile, msg2,
    DB2.USERNAME = ldapdb2
    (Nov 30, 2009 1:09:24 PM), Setup.product.install,
    com.installshield.wizardx.ascii.ModifyFile, msg2,
    /REPLACE LINE: 14/
    (Nov 30, 2009 1:09:24 PM), Setup.product.install,
    com.installshield.wizardx.ascii.ModifyFile, msg2,
    DB2.PASSWORD = secret
    

Local fix

  • No known workaround.
    

Problem summary

  • Currently there are multiple loggers which adds information
    to log file.
    e.g. dbg, wrn, msg2, err, internal_error, msg1
    msg2 was logging db2 password information to log file.
    Code modifications disable msg2 logger being logged in
    ldapinst.log file.
    As a result db2 password is not logged in ldapinst.log file
    but with this change all message that are logged by msg2
    logger are prevented being logged.
    Disabling msg2 logger didn't log db2admin user password
    information.
    Modifications are done for message that are logged by msg2
    (in java files) to msg1 logger. This keeps the logs in tact.
    

Problem conclusion

  • The fix for this APAR will be contained in the following
    maintenance packages:
    | interim fix | 6.1.0.4-TIV-ITDS-IF0006 |
    

Temporary fix

Comments

APAR Information

  • APAR number

    IO12776

  • Reported component name

    IBM TIV DIR SER

  • Reported component ID

    5724J3960

  • Reported release

    610

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2010-07-26

  • Closed date

    2010-07-26

  • Last modified date

    2010-07-26

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    IO12990

Fix information

  • Fixed component name

    IBM TIV DIR SER

  • Fixed component ID

    5724J3960

Applicable component levels

  • R610 PSY

       UP



Document information

More support for: IBM Security Directory Server
General

Software version: 610

Reference #: IO12776

Modified date: 26 July 2010