Question & Answer
Question
Answer
The IBM AIX documentation Setting up an LDAP client states:
"To set up a client to use LDAP for authentication and user/group information, make sure that each client has the LDAP client package installed. If the Secure Sockets Layer (SSL) is required, the GSKit must be installed."
This document provides more details to guide you through the installation of the LDAP client file sets on AIX.
OVERVIEW:
In order to communicate with an LDAP server an LDAP client system has to follow the definitions of the LDAP (Lightweight Directory Access) protocol according to RFC (Request for Comments) 4510. The code to implement the LDAP protocol is not part of the AIX operation system. Therefore such code has to be installed separately prior to being able to use LDAP server data.
The AIX process to manage LDAP communication is the secldapclntd daemon.
It cannot be started until the LDAP client file sets have been installed:
# start-secldapclntd
Starting the secldapclntd daemon.
exec(): 0509-036 Cannot load program /usr/sbin/secldapclntd because of the following errors:
0509-150 Dependent module libibmldap.a could not be loaded.
0509-022 Cannot load module libibmldap.a.
0509-026 System error: A file or directory in the path name does not exist.
The secldapclntd daemon failed to start.
About LDAP client file sets:
Depending on the version these file sets originate from IBM Tivoli Directory Server (ITDS), IBM Security Directory Server (ISDS) or IBM Security Directory Suite (ISDS).
The referenced versions are currently in use: 6.1, 6.2, 6.3 and 6.4.
|
6.1
|
6.2
|
6.3
|
6.4
|
|
idsldap.clt32bit61.rte
idsldap.cltbase61.adt idsldap.cltbase61.rte |
idsldap.clt32bit62.rte idsldap.cltbase62.adt idsldap.cltbase62.rte
|
idsldap.clt32bit63.rte idsldap.cltbase63.adt idsldap.cltbase63.rte
|
idsldap.clt32bit64.rte idsldap.cltbase64.adt idsldap.cltbase64.rte
|
In case SSL is needed the following file sets have to be installed additionally:
|
6.1
|
6.2
|
6.3
|
6.4
|
|
idsldap.clt_max_crypto32bit61.rte gskta.rte
|
idsldap.clt_max_crypto32bit62.rte gskta.rte
|
idsldap.clt_max_crypto32bit63.rte GSKit8.gskcrypt32.ppc.rte GSKit8.gskssl32.ppc.rte
|
idsldap.clt_max_crypto32bit64.rte GSKit8.gskcrypt32.ppc.rte GSKit8.gskssl32.ppc.rte
|
2. Sources for LDAP client file sets:
A) AIX installation DVD
- Although the LDAP client file sets are not part of the AIX operating system, they can be found on the AIX installation DVD
- The version of the LDAP client file sets provided is supported as long as the according AIX version is supported
- The subset of the available file sets varies depending on the version of AIX
- If the available version of the LDAP client file sets is the same as a newer version or technology level of AIX the according migration or upgrade operation also updates the LDAP client file sets
- In SSL setups, the GSK file set is not available
B) AIX Expansion Pack
- The Expansion Pack should correspond with the AIX version installed
- The version of the LDAP client file set should be equal to or greater than the one provided with the AIX installation DVD
- in case of an SSL setup, the according GSK file set is also available
Starting with LDAP client file set version 6.3 you must accept the license agreement before you can install the according file sets.
- Mount the DVD (Volume 2 in most versions of the installation DVD)
- Locate and run the idsLicense command
- Accept the license agreement interactively
- Note: there is a quiet option "-q", which can be used for automated installation
Example of commands to install the file sets needed for version 6.4 without SSL:
# lsfs /cd0
Name Nodename Mount Pt VFS Size Options Auto Accounting
/dev/cd0 -- /cd0 cdrfs -- ro no no
# mount /cd0
# find /cd0 -name idsLicense
/cd0/license/idsLicense
# /cd0/license/idsLicense
... license text ...
Press Enter to continue viewing the license agreement, or, Enter "1" to accept the agreement, "2" to decline
it or "99" to go back to the previous screen, "3" Print.
Accept the license with "1".
In case the preceding command fails with
ksh: /cd0/license/idsLicense: cannot execute
the write permission is missing. Follow on with
# cp -r /cd0/license /tmp
# chmod +x /tmp/license/idsLicense /tmp/license/lapc
# /tmp/license/idsLicense
Tip: You can use a different working directory besides /tmp.
# installp -d /cd0 -acYXg idsldap.clt32bit64.rte idsldap.cltbase64.adt idsldap.cltbase64.rte
| SUPPORT |
|---|
|
If you require more assistance, use the following step-by-step instructions to contact IBM to open a case for software with an active and valid support contract. 1. Document (or collect screen captures of) all symptoms, errors, and messages related to your issue. 2. Capture any logs or data relevant to the situation. 3. Contact IBM to open a case: -For electronic support, see the IBM Support Community: 4. Provide a clear, concise description of the issue. - For more information, see: Working with IBM AIX Support: Describing the problem. 5. If the system is accessible, collect a system snap, and upload all of the details and data for your case. - For more information, see: Working with IBM AIX Support: Collecting snap data |
Related Information
Was this topic helpful?
Document Information
Modified date:
29 December 2022
UID
isg3T1027447