IBM Support

ClearCase fails to use LDAP authentication on a 64-bit Linux machine

Troubleshooting


Problem

Attempts to configure LDAP for IBM® Rational® ClearCase® authentication on Linux® running 64-bit operating system results in errors "unable to get user id for current user"

Symptom

On a 64-bit Linux system using LDAP for authentication built in OS commands function correctly but ClearCase fails to properly acknowledge any credentials not found in the local passwd file.

The following errors may be seen:

  • When running any ClearCase command on the server:

    unable to get user id for current user

  • From a client system when attempting creating a view:

    The given credentials are not recognized by the remote host.

  • Credmap from a client:

    Identity on host "clearcaseserver":
     User SID: NOBODY
     Primary group SID: NOBODY

Cause

ClearCase requires 32-bit LDAP libraries.

If only the 64-bit LDAP libraries are installed ClearCase is unable to use them correctly.

Note: A system trace of the clearcase process will show ClearCase does not successfully contact LDAP, and that it is reading user information from the local /etc/passwd and /etc/groups files.

Diagnosing The Problem


System traces run against clearcase processes will confirm ClearCase in not contacting PAM successfully.

Note: Any operating system command used to check user ids or group membership on the server (such as "id") will work correctly.

Example:

As an example, to capture a system trace of oserv, you would execute the following, while the oserv was running:

strace -f -F -o ~/oserv-strace.txt oserv

The -f -F options tell strace to also trace fork(2) and vfork(2) processes respectively, in case there are any.
The -o option saves all strace output to the oserv-strace.txt file, and oserv is the program strace will run and trace.

Resolving The Problem

Install the appropriate 32-bit LDAP clients and libraries.

These libraries will be available in the 32-bit version of the Linux distribution being used.

The 32bits packages for RHEL6.2 are:


pam-1.1.1-10.el6_2.1.i686
pam_ldap-185-11.el6.i686

After installing them, a restart of ncsd may be needed:
# service nscd restart

[{"Product":{"code":"SSSH27","label":"Rational ClearCase"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Operating System Configurations","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.0;7.0.1;7.1;7.1.1;7.1.2;8.0;8.0.1","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
16 June 2018

UID

swg21254718

Page Feedback