IBM Support

IT22066: SOME USERS WITH LDAP AUTHENTICATION ARE NOT FOUND IN ACTIVE DIRECTORY AND CAUSES ANS8023E FOR LOGIN

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • In some cases, server users defined with LDAP authentication on
    Windows Active Directory are not found.
    
    Administrative client dsmadmc will report the following error:
    
    IBM Tivoli Storage Manager
    Command Line Administrative Interface - Version 7, Release 1,
    Level 6.3
    (c) Copyright by IBM Corporation and other(s) 1990, 2016. All
    Rights
    Reserved.
    
    Enter your user id:  jdoe
    
    Enter your password:
    
    ANS1017E Session rejected: TCP/IP connection failure.
    ANS8023E Unable to establish session with server.
    
    ANS8002I Highest return code was -50.
    
    
    The "jdoe" user is a valid user in Active Directory and can
    successfully login in Windows environment.
    
    The LDAP LDAPCACHE trace will show error similar to the
    following:
    
    7:27:40.556 [483993][ldapintr.c][5362][LdapCheckEntry]:Exit: dn
    = (JDOE@EXAMPLE.COM) does not exist
    
    
    This is an issue with LDAP search. A domain name is attached to
    the SAMAccountName, and if the resulting value does not match
    the UPName, the search fails.
    
    For example:
    
    UPName: john.doe@example.com
    SAMAccountName: jdoe
    
    In this case LDAP search for user "jdoe" will fail.
    
    
    IBM Spectrum Protect Versions Affected:
    IBM Spectrum Protect server 8.1 on all platforms
    
    
    Initial Impact:
    Medium
    
    
    Additional Keywords:
    Spectrum Protect; TSM; LDAP; Active Directory; UPName;
    SAMAccountName
    

Local fix

  • Change user part of the UPName to match SAMAccountName for
    affected user.
    
    For example:
    
    UPName: jdoe@example.com
    SAMAccountName: jdoe
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    * All Tivoli Storage Manager and IBM Spectrum Protect server   *
    * users                                                        *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    * See error description.                                       *
    ****************************************************************
    * RECOMMENDATION:                                              *
    * Apply fixing level when available. This problem is currently *
    * projected to be fixed in levels 7.1.9 and 8.1.4. Note that   *
    * this is subject to change at the discretion of IBM.          *
    ****************************************************************
    

Problem conclusion

  • This problem was fixed.
    Affected platforms:  AIX, HP-UX, Solaris, Linux, and Windows.
    Platforms fixed:  AIX, HP-UX, Solaris, Linux, and Windows.
    

Temporary fix

Comments

APAR Information

  • APAR number

    IT22066

  • Reported component name

    TSM SERVER

  • Reported component ID

    5698ISMSV

  • Reported release

    81L

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2017-08-29

  • Closed date

    2017-09-12

  • Last modified date

    2017-09-12

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    TSM SERVER

  • Fixed component ID

    5698ISMSV

Applicable component levels

  • R71A PSY

       UP

  • R71H PSY

       UP

  • R71L PSY

       UP

  • R71S PSY

       UP

  • R71W PSY

       UP

  • R81A PSY

       UP

  • R81L PSY

       UP

  • R81W PSY

       UP



Document information

More support for: Tivoli Storage Manager

Software version: 81L

Reference #: IT22066

Modified date: 12 September 2017