Fixes are available
Closed as program error.
TDS LDAP client times out before the actual timeout value specified in the search request. Specifically, the ldap_result() API with both a timeout value and LDAP_MSG_ALL option may timeout prematurely. The behavior has been observed using the AIX lsuser command when requesting group membership of users. Executing the following sequence may sometimes return incomplete results. flush-secldapclntd lsuser -a groups <username> For example: > flush-secldapclntd > lsuser -a groups nolmr nolmr groups=usr ( Above output shows incomplete group list for the user ) > flush-secldapclntd > lsuser -a groups nolmr nolmr groups=usr,dgaakmo3,dgaakmo2,dgassig1,pgabbig3,pgabbg2...etc ( Above output show complete group list for the user ) In above case, the default timeout value for LDAP client is set to 60 seconds but connection gets closed prematurely.
Set LDAP client timeout value to unlimited (i.e.: 0)
The empty search result, and closing of the connection to the LDAP server, is due to a problem in the calculation of time- remaining, while waiting for all of the search entries to be returned. The time-remaining calculation is performed whenever there are delays between any of the search entries, which requires waiting for the next entry. Occasionally, the calculation of time-remaining will return a negative usec value, which will cause any wait-with-timeout routine, such as select(), to fail due to an invalid timeout value.
The fix for this APAR will be contained in the following maintenance packages: | interim fix | 22.214.171.124-ISS-ITDS-IF0057 |
Reported component name
IBM TIV DIR SER
Reported component ID
Last modified date
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fixed component name
IBM TIV DIR SER
Fixed component ID
Applicable component levels