Updating the IBM Security Directory Server configuration for IBMLDAP_ATTR_INCLUDE_BINARY to FALSE

Edit online

After installing specific fixes for IBM® Security Directory Server, the default IBM Security Directory Server configuration parameter IBMLDAP_ATTR_INCLUDE_BINARY might change to TRUE. This parameter change results in problems with LDAP adapter reconciliation or a lack of data for the Individual Accounts by Role associated with a provisioning policy report.

About this task

By installing certain fixes that address APARS on certain versions of Directory Server, these fixes change the default value for the IBMLDAP_ATTR_INCLUDE_BINARY configuration parameter from FALSE to TRUE:

IBMLDAP_ATTR_INCLUDE_BINARY=TRUE

This issue occurs with the following APARs and Directory Server versions:

IO20253 in Version 6.1.0.59
IO20254 in Version 6.2.0.34
IO19599 in Version 6.3.0.26
IO21537 in Version 6.3.1.5

For more information, see https://www.ibm.com/support/pages/node/544007.

Procedure

Change the IBM Verify Identity Governance Directory Server or target Directory Server configuration, by editing the directory server ibmslapd.conf file.
Under the cn=Front End, cn=Configuration entry:

Specify the following configuration:
```
ibm-slapdSetenv: IBMLDAP_ATTR_INCLUDE_BINARY=FALSE
```
Restart the IBM Security Directory Server for changes to take effect.
Upgrade IBM Security Directory Server to the following version, where the behavior is no longer the default setting.
- IO23920 in Version 6.4.0.5

What to do next

If there were issues before, you can attempt to reconcile or synchronize data between IBM Verify Identity Governance with IBM Security Directory Server again.