LDAP object storage problems
Policies can be defined on an LDAP server using the appropriate definitions, known as schemas. The policies are defined as object classes with certain attributes, which are a superset of the attributes that can be defined in a local file using the PolicyAction and PolicyRule statements. Policy Agent acts as an LDAP client to communicate with and retrieve policies from an LDAP server. Policy Agent uses an LDAP DLL to perform its LDAP client functions.
Before you begin, if you are having problems initializing the LDAP server with the Policy Agent schema definitions or adding policy objects to the server, perform the following steps to diagnose LDAP object storage problems.
Problem | Cause/action | Symptom |
---|---|---|
Unable to add the Policy Agent schema definitions to an LDAPv3 server | The Policy Agent LDAPv3 schema
definition files are shipped as the following sample files:
These files need to be installed on the LDAP server in the
proper order as an object in the server's database, rather than as
configuration information. This process is known as schema publication.
See RFCs 1804 and 2251. The files need to be specified on ldapmodify commands to modify the cn:schema entry in the
server's database, in the order as specified in z/OS Communications Server: IP Configuration Guide. Verify that the <suffix> value on the
first noncomment line of these files has been changed to the suffix
value defined for your LDAP server, as explained in the prologues
in these files.
For more information about installing the schema definition files, see z/OS Communications Server: IP Configuration Guide. |
Symptoms can include error messages issued by the server. Because server implementations are different, check the documentation for your server for the types and locations of error or log messages. |
Unable to add policy objects to an LDAP server | Check the following:
|
Symptoms can include error messages
issued by the server. Since server implementations are different,
check the documentation for your server for the types and locations
of error or log messages. A typical error message might indicate object
class violation. There are several possible reasons for an LDAP server
rejecting a policy object. The following symptoms correspond to the numbered actions in the cause and action column.
|