IKYC005I Error nnnn posting {User | CA} Certificate to LDAP for distinguished-name: error-code-description
Explanation
PKI Services is attempting to post a certificate to the LDAP directory and has encountered an error. The distinguished name for which the post was attempted and the error code encountered are displayed. A description of the error is also displayed, if known. If the error code is an LDAP return code, no error description is displayed.
System action
If the post is unsuccessful for a given certificate, retries the post at the next post interval. If the post continues to be unsuccessful after 3 attempts, the post frequency for the certificate is reduced to no more than once per hour. After 26 unsuccessful attempts, it is further reduced to no more than once per day. After 33 unsuccessful attempts, the post request for the certificate is deleted from the request database.PKI Services
System programmer response
Determine if the error occurred on the call to LDAP or within PKI Services, based on the presence of an error code description in the message. If no error code description is displayed in the message, the error occurred on the call to LDAP. If the error code is LDAP_NO_SUCH_OBJECT, the LDAP entry could not be created because the required suffix does not exist. Check the message to determine the entry that could not be created. If the entry should be posted to LDAP, you need to define the suffix in the LDAP server configuration file, and then stop and restart the LDAP server. For all other LDAP errors, follow the instructions in z/OS IBM Tivoli Directory Server Client Programming for z/OS. If an error code description is displayed in the message, the error occurred within PKI Services.
If the error code description is Missing LDAP information, then the CreateOUValue directive is missing from the LDAP section of the PKI Services configuration file. Add the directive, then stop and restart PKI Services. See Tailoring the PKI Services configuration file for LDAP for more information.
Report any other PKI Services error to the IBM® support center. If message IKYC009I is also displayed, report that information also.