× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. May 2010

base os ldap

What are you using your base os ldap for, if anything?

For example, if you fire up QSH and try
ldapsearch -h yoursystemi -D os400-profile=youruserid -w yourpassword -b
"os400-sys=yoursystemi.yourdomain" -s sub objectclass=OS400-usrprf
OS400-PROFILE

Do you use that anywhere?

This is the reason that I am asking. We're a Mimix HA shop. We initiated
our backup machine by restoring our primary machine and changing a few
things. Well, this is an i now and not your father's AS400. So, there's
a lot of areas to change, like obscure stream files, etc.

So if I try searching my backup machine like
ldapsearch -h BACKUP -D os400-profile=youruserid -w yourpassword -b
"os400-sys=BACKUP.yourdomain" -s sub objectclass=OS400-usrprf
OS400-PROFILE
it fails.
But if I search it like
ldapsearch -h BACKUP -D os400-profile=youruserid -w yourpassword -b
"os400-sys=PRIMARY.yourdomain" -s sub objectclass=OS400-usrprf
OS400-PROFILE
it works.

Now I have two paths to choose.
Path 1 is to call this a good thing. So if I fail over to BACKUP and I
search ldap like it was PRIMARY it will work IOW, the -h PRIMARY will dns
resolve to -h BACKUP and the -b will be the PRIMARY.
Path 2 is to change the .conf file so that both have to be BACKUP or both
have to be PRIMARY.

Path 2 requires any application that access ldap to access both.

Not knowing what may be accessing ldap I can think of two possibilities.
My current pet project is Tivoli Identity Manager. That can be set up to
do both. Will be a duplication of effort done by Mimix but I don't think
I'll have collisions. Another ldap possibility is System i Navigator (not
to be confused with IBM iNav). If (let me stress the IF) System i
Navigator uses ldap to get hardware and software inventory I do NOT want
that to use failover. (Gee, what happened to all the hardware PRIMARY
had? Oh, we're in failover and we're really seeing what's on BACKUP.)
(How come system i navigator can never retrieve the hardware for BACKUP?
Because the base domain is wrong?)

Any ldap uses that you are using that suggests I should use path 1?

Technical data for the archives.
/QIBM/UserData/OS400/DirSrv/idsslapd-QUSRDIR/etc/ibmslapd.conf
...
ibm-slapdSuffix: dc=yoursystemi, dc=yourdomain
...
ibm-slapdSuffix: os400-sys=yoursystemi.yourdomain
...

For yoursystemi and yourdomain see also
CFGTCP
12. Change TCP/IP domain information

Rob Berendt

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.