Change Directory Server Attributes (QgldChgDirSvrA) API
Required Parameter Group:
| 1 | Input data | Input | Char(*) |
| 2 | Length of input data | Input | Binary(4) |
| 3 | Format name | Input | Char(8) |
| 4 | Error code | I/O | Char(*) |
Default Public Authority: *USE
Library Name/Service Program: QSYS/QGLDUAPI
Threadsafe: No
The Change Directory Server Attributes (QgldChgDirSvrA) API changes the directory server configuration. It can be used to change the following server properties:
- General server properties
- Suffixes served by this server
- Encrypted connection configuration. The Secure Sockets Layer (SSL) is used for encrypted communication.
- Performance settings
Authorities and Locks
*ALLOBJ and *IOSYSCFG special authority is required to use this API with formats CSVR0100, CSVR0200, CSVR0300, CSVR0400, CSVR0500, CSVR0600, CSVR0800, or CSVR0900. *AUDIT special authority is required to use this API with format CSVR0700.
Required Parameter Group
- Input data
- INPUT; CHAR(*)
A variable that contains the input data. See Format of Input Data for a description of the data associated with a specific format name.
- Length of input data
- INPUT; BINARY(4)
The length of the input data area.
- Format name
- INPUT; CHAR(8)
The format name identifying the type of information to be changed. The possible format names follow:
CSVR0100 Basic server configuration CSVR0200 Add or remove suffixes from this server CSVR0300 Add, change, or remove directory indexing rules CSVR0400 Add or change the attributes for publishing users in an LDAP directory. CSVR0500 Add or change the network server publishing attributes associated with the LDAP server. CSVR0600 Add or change referral server information CSVR0700 Server auditing information CSVR0800 IP address information CSVR0900 Server administration information See Format of Input Data for a description of these formats.
- Error code
- I/O; CHAR(*)
The structure in which to return error information. For the format of the structure, see Error code parameter.
Format of Input Data
For details about the format of the input data, see the following sections. For details about the fields in each format, see Field Descriptions.
CSVR0100 Format
This format is used to change basic server configuration information.
Starting with V6R1M0, this format is being deprecated. It is still supported with the V5R4M0 level of function but will no longer be enhanced. You should now use the CSVR0100 format of the QgldChgDirSvrInstA API.
| Offset | Type | Field | |
|---|---|---|---|
| Dec | Hex | ||
| 0 | 0 | BINARY(4) | Read only |
| 4 | 4 | BINARY(4) | Server is replica |
| 8 | 8 | BINARY(4) | Security |
| 12 | C | BINARY(4) | Nonencrypted port number |
| 16 | 10 | BINARY(4) | Encrypted port number |
| 20 | 14 | BINARY(4) | Current cipher protocols |
| 24 | 18 | BINARY(4) | Search time limit |
| 28 | 1C | BINARY(4) | Search size limit |
| 32 | 20 | BINARY(4) | Maximum connections |
| 36 | 24 | BINARY(4) | Reserved |
| 40 | 28 | BINARY(4) | Referral port |
| 44 | 2C | BINARY(4) | Password format |
| 48 | 30 | BINARY(4) | Offset to referral server |
| 52 | 34 | BINARY(4) | Length of referral server |
| 56 | 38 | BINARY(4) | Offset to administrator DN |
| 60 | 3C | BINARY(4) | Length of administrator DN |
| 64 | 40 | BINARY(4) | Offset to administrator password |
| 68 | 48 | BINARY(4) | Length of administrator password |
| 72 | 48 | BINARY(4) | Offset to update DN |
| 76 | 4C | BINARY(4) | Length of update DN |
| 80 | 50 | BINARY(4) | Offset to update password |
| 84 | 54 | BINARY(4) | Length of update password |
| 88 | 58 | BINARY(4) | Offset to key ring file |
| 92 | 5C | BINARY(4) | Length of key ring file |
| 96 | 60 | BINARY(4) | Offset to database path |
| 100 | 64 | BINARY(4) | Length of database path |
| 104 | 64 | BINARY(4) | Level indicator |
| Additional fields if level indicator is equal to 1 or greater: | |||
| 108 | 68 | BINARY(4) | SSL authentication method |
| 112 | 70 | BINARY(4) | Number of database connections |
| 116 | 74 | BINARY(4) | Schema checking level |
| 120 | 78 | BINARY(4) | Offset to master server URL |
| 124 | 7C | BINARY(4) | Length of master server URL |
| 128 | 80 | BINARY(4) | Change log indicator |
| 132 | 84 | BINARY(4) | Maximum number of change log entries |
| 136 | 88 | BINARY(4) | Terminate idle connections |
| 140 | 8C | BINARY(4) | Reserved |
| Additional fields if level indicator is equal to 2 or greater: | |||
| 144 | 90 | BINARY(4) | Kerberos authentication indicator |
| 148 | 94 | BINARY(4) | Offset to Kerberos key tab file |
| 152 | 98 | BINARY(4) | Length of Kerberos key tab file |
| 156 | 9C | BINARY(4) | Kerberos to DN mapping indicator |
| 160 | A0 | BINARY(4) | Offset to Kerberos administrator ID |
| 164 | A4 | BINARY(4) | Length of Kerberos administrator ID |
| 168 | A8 | BINARY(4) | Offset to Kerberos administrator realm |
| 172 | AC | BINARY(4) | Length of Kerberos administrator realm |
| 176 | B0 | BINARY(4) | Event notification registration indicator |
| 180 | B4 | BINARY(4) | Maximum event registrations for connection |
| 184 | B8 | BINARY(4) | Maximum event registrations for server |
| 188 | BC | BINARY(4) | Maximum operations per transaction |
| 192 | C0 | BINARY(4) | Maximum pending transactions |
| 196 | C4 | BINARY(4) | Transaction time limit |
| 200 | C8 | BINARY(4) | ACL model |
| 204 | CC | BINARY(4) | Reserved |
| Additional fields if level indicator is equal to 3 or greater: | |||
| 208 | D0 | BINARY(4) | Level of authority integration |
| 212 | D4 | BINARY(4) | Offset to projected suffix |
| 216 | D8 | BINARY(4) | Length of projected suffix |
| Additional fields if level indicator is equal to 4 or greater: | |||
| 220 | DC | BINARY(4) | Read only schema |
| 224 | E0 | BINARY(4) | Read only Projected suffix |
| 228 | E4 | BINARY(4) | Log client messages |
| 232 | E8 | BINARY(4) | Maximum age of change log entries |
| Variable length string fields: | |||
| CHAR(*) | Referral server | ||
| CHAR(*) | Administrator DN | ||
| CHAR(*) | Administrator password | ||
| CHAR(*) | Update DN | ||
| CHAR(*) | Update password | ||
| CHAR(*) | Key ring file | ||
| CHAR(*) | Database path | ||
| CHAR(*) | Master server URL | ||
| CHAR(*) | Kerberos key tab file | ||
| CHAR(*) | Kerberos administrator ID | ||
| CHAR(*) | Kerberos administrator realm | ||
| CHAR(*) | Projected suffix | ||
CSVR0200 Format
This format is used to add or remove suffixes from the server. The input data consists of a header and a series of change entries. The header identifies the number of suffixes to be added or removed. Each change entry identifies a suffix and the action to be performed (add or remove the suffix).
Note: Removing a suffix from a server will result in the loss of all directory entries with that suffix.
Starting with V6R1M0, this format is being deprecated. It is still supported with the V5R4M0 level of function but will no longer be enhanced. You should now use the CSVR0200 format of the QgldChgDirSvrInstA API.
| Offset | Type | Field | |
|---|---|---|---|
| Dec | Hex | ||
| 0 | 0 | BINARY(4) | Offset to change entries |
| 4 | 4 | BINARY(4) | Number of change entries |
| Change entries | |||
| Suffix change entries: | |||
| 0 | 0 | BINARY(4) | Displacement to next entry |
| 4 | 4 | BINARY(4) | Action |
| 8 | 8 | BINARY(4) | Displacement to suffix |
| 12 | C | BINARY(4) | Length of suffix |
| CHAR(*) | Suffix | ||
CSVR0300 Format
This format is used to add, change, or remove directory indexes. Creating indexes for one or more attributes allows for faster retrieval of directory entries based on those attributes. The input data consists of a header and a series of change entries. The header identifies the number of indexes to be added, changed, or removed. Each change entry identifies an attribute and the action to be performed (add, change, or remove the indexes).
Starting with V4R5M0, this format is not supported. Database index information is to be changed using an LDAP client or the Directory Management Tool (DMT) starting with V4R5M0.
| Offset | Type | Field | |
|---|---|---|---|
| Dec | Hex | ||
| 0 | 0 | BINARY(4) | Offset to change entries |
| 4 | 4 | BINARY(4) | Number of change entries |
| Change entries | |||
| Add or change attribute index entries: | |||
| 0 | 0 | BINARY(4) | Displacement to next entry |
| 4 | 4 | BINARY(4) | Action |
| 8 | 8 | BINARY(4) | Displacement to attribute name |
| 12 | C | BINARY(4) | Length of attribute name |
| 16 | 10 | BINARY(4) | Index type |
| 20 | 14 | BINARY(4) | Reserved |
| CHAR(*) | Attribute name | ||
| Delete attribute index entries: | |||
| 0 | 0 | BINARY(4) | Displacement to next entry |
| 4 | 4 | BINARY(4) | Action |
| 8 | 8 | BINARY(4) | Displacement to attribute name |
| 12 | C | BINARY(4) | Length of attribute name |
| 16 | 10 | BINARY(4) | Reserved |
| CHAR(*) | Attribute name | ||
CSVR0400 Format
This format is used to set the attributes for publishing users in an LDAP directory. User information from the system distribution directory (SDD) can be published to an LDAP server by the Synchronize System Distribution Directory to LDAP (QGLDSSDD) API and from System i™ Navigator. The publishing attributes define how to publish user information.
| Offset | Type | Field | |
|---|---|---|---|
| Dec | Hex | ||
| 0 | 0 | BINARY(4) | Offset to the server name |
| 4 | 4 | BINARY(4) | Length of server name |
| 8 | 8 | BINARY(4) | LDAP port number |
| 12 | C | BINARY(4) | Connection type |
| 16 | 10 | BINARY(4) | Offset to parent distinguished name |
| 20 | 14 | BINARY(4) | Length of parent distinguished name |
| 24 | 18 | BINARY(4) | Reserved |
| Variable length string fields: | |||
| CHAR(*) | Server name | ||
| CHAR(*) | Parent distinguished name | ||
CSVR0500 Format
This format is used to set the network server publishing attributes associated with the server.
| Offset | Type | Field | |
|---|---|---|---|
| Dec | Hex | ||
| 0 | 0 | BINARY(4) | Offset to change entries |
| 4 | 4 | BINARY(4) | Number of change entries |
| Change entries | |||
| Add or change publishing agent change entries: | |||
| 0 | 0 | BINARY(4) | Displacement to next entry |
| 4 | 4 | BINARY(4) | Action |
| 8 | 8 | BINARY(4) | Displacement to publishing agent name |
| 12 | C | BINARY(4) | Length of publishing agent name |
| 16 | 10 | BINARY(4) | Displacement to server name |
| 20 | 14 | BINARY(4) | Length of server name |
| 24 | 18 | BINARY(4) | Displacement to bind DN |
| 28 | 1C | BINARY(4) | Length of bind DN |
| 32 | 20 | BINARY(4) | Displacement to bind credentials |
| 36 | 24 | BINARY(4) | Length of bind credentials |
| 40 | 28 | BINARY(4) | LDAP port number |
| 44 | 2C | BINARY(4) | Connection type |
| 48 | 30 | BINARY(4) | Displacement to parent distinguished name |
| 52 | 34 | BINARY(4) | Length of parent distinguished name |
| 56 | 38 | BINARY(4) | Disable publishing agent |
| 60 | 3C | BINARY(4) | Level indicator |
| Additional fields if level indicator is equal to 1 | |||
| 64 | 40 | BINARY(4) | Kerberos authentication indicator |
| 68 | 44 | BINARY(4) | Displacement to Kerberos key tab file |
| 72 | 48 | BINARY(4) | Length of Kerberos key tab file |
| 76 | 4C | BINARY(4) | Displacement to Kerberos principal |
| 80 | 50 | BINARY(4) | Length of Kerberos principal |
| 84 | 54 | BINARY(4) | Displacement to Kerberos realm |
| 88 | 58 | BINARY(4) | Length of Kerberos realm |
| CHAR(*) | Publishing agent name | ||
| CHAR(*) | Server name | ||
| CHAR(*) | Bind DN | ||
| CHAR(*) | Bind credentials | ||
| CHAR(*) | Parent distinguished name | ||
| CHAR(*) | Kerberos key tab file | ||
| CHAR(*) | Kerberos principal | ||
| CHAR(*) | Kerberos realm | ||
| Delete publishing agent change entries: | |||
| 0 | 0 | BINARY(4) | Displacement to next entry |
| 4 | 4 | BINARY(4) | Action |
| 8 | 8 | BINARY(4) | Displacement to publishing agent name |
| 12 | C | BINARY(4) | Length of publishing agent name |
| 16 | 10 | BINARY(4) | Reserved |
| CHAR(*) | Publishing agent name | ||
CSVR0600 Format
This format is used to change referral server configuration information. The input data consists of a header and a series of change entries. The header identifies the master server information and the number of referral servers. This replaces the referral server information, if any, that is currently configured.
Starting with V6R1M0, this format is being deprecated. It is still supported with the V5R4M0 level of function but will no longer be enhanced. You should now use the CSVR0600 format of the QgldChgDirSvrInstA API.
| Offset | Type | Field | |
|---|---|---|---|
| Dec | Hex | ||
| 0 | 0 | BINARY(4) | Offset to change entries |
| 4 | 4 | BINARY(4) | Number of change entries |
| Change entries | |||
| Referral server change entries: | |||
| 0 | 0 | BINARY(4) | Displacement to next entry |
| 4 | 4 | BINARY(4) | Displacement to referral server URL |
| 8 | 8 | BINARY(4) | Length of referral server URL |
| CHAR(*) | Referral server URL | ||
CSVR0700 Format
This format is used to change the server auditing configuration information.
Starting with V6R1M0, this format is being deprecated. It is still supported with the V5R4M0 level of function but will no longer be enhanced. You should now use the CSVR0700 format of the QgldChgDirSvrInstA API.
| Offset | Type | Field | |
|---|---|---|---|
| Dec | Hex | ||
| 0 | 0 | BINARY(4) | Security audit option for objects |
| 4 | 4 | BINARY(4) | Reserved |
CSVR0800 Format
This format is used to change the IP address configuration information. The input data consists of a header and a series of change entries. The header identifies the number of IP addresses in the list. This replaces the IP address information that is currently configured. At least one IP address value must be specified for the server.
Starting with V6R1M0, this format is being deprecated. It is still supported with the V5R4M0 level of function but will no longer be enhanced. You should now use the CSVR0800 format of the QgldChgDirSvrInstA API.
| Offset | Type | Field | |
|---|---|---|---|
| Dec | Hex | ||
| 0 | 0 | BINARY(4) | Offset to change entries |
| 4 | 4 | BINARY(4) | Number of change entries |
| Change entries | |||
| IP address entries: | |||
| 0 | 0 | BINARY(4) | Displacement to next entry |
| 4 | 4 | BINARY(4) | Displacement to IP address |
| 8 | 8 | BINARY(4) | Length of IP address |
| CHAR(*) | IP address | ||
CSVR0900 Format
This format is used to change the server administration information.
Starting with V6R1M0, this format is being deprecated. It is still supported with the V5R4M0 level of function but will no longer be enhanced. You should now use the CSVR0900 format of the QgldChgDirSvrInstA API.
| Offset | Type | Field | |
|---|---|---|---|
| Dec | Hex | ||
| 0 | 0 | BINARY(4) | Offset to server administration URL |
| 4 | 4 | BINARY(4) | Length of server administration URL |
| 8 | 8 | BINARY(4) | Reserved |
| CHAR(*) | Server administration URL | ||
Field Descriptions
ACL model. Indicator of the ACL model to use. The following special values may be specified:
| -1 | The value of this field does not change. |
| 1 | Use the ACL model that supports attribute-level
ACL permissions. This may cause compatibility problems with replication and
applications that manage access-class level permissions defined in releases
prior to V5R1M0. Once enabled, this capability can be disabled only by
reconfiguring your server and deleting the directory database.
Note: Starting with V5R3M0, this field is ignored for format CSVR0100. |
Action. The action to be performed for a given entry. The following values may be specified:
| 1 | Add suffix, index rule, or publishing agent |
| 2 | Change index rule or publishing agent |
| 3 | Remove suffix, index rule, or publishing agent |
Note: Change is valid only for the CSVR0300 and CSVR0500 formats.
Administrator DN. A distinguished name that has access to all objects in the directory. When either the administrator DN or the administrator password field is changed, both must be specified. This field is specified in UTF-16 (CCSID 13488). To leave the value unchanged, specify a length and offset to this field of zero.
Administrator password. The password used when connecting to the directory server using the administrator DN. When either the administrator DN or the administrator password field is changed, both must be specified. This field is specified in UTF-16 (CCSID 13488). To leave the value unchanged, specify a length and offset to this field of zero.
Attribute index entries. The list of changes to be made to the attribute indexes.
Attribute name. The name of a directory object attribute for which database indexes will be created. This field is specified in UTF-16 (CCSID 13488). The following special value may be specified:
| *DEFAULT | Specifies the index types to be created for those attributes that have no explicit rules defined. |
Note: The *DEFAULT attribute entry may be removed or added. Adding or removing *DEFAULT attribute is equivalent to not creating any indexes, or creating indexes for all attributes, depending on the index types specified.
Bind credentials. The password used when connecting to the directory server using the bind DN. When either the bind DN or the bind credentials field is changed, both must be specified. This field is specified in UTF-16 (CCSID 13488). To leave the value unchanged, specify a length and displacement to this field of zero.
Bind DN. A distinguished name to use when publishing objects to the directory. When either the bind DN or the bind credentials field is changed, both must be specified. This field is specified in UTF-16 (CCSID 13488). To leave the value unchanged, specify a length and displacement to this field of zero.
Change entry. A structure identifying a change to be made. The structure identifies the suffix, attribute, or publishing agent and the operation to be performed (add, change, or delete).
Change log indicator. The indicator of whether to have a change log for entries that are added, changed or deleted. The following values may be specified:
| 0 | No, do not have a change log |
| 1 | Yes, have a change log |
| -1 | The value remains the same |
Connection type. The type of connection to use to the LDAP server. The following values may be specified:
| 1 | Nonsecure |
| 2 | Secured, using SSL |
| -1 | The value remains the same |
Current cipher protocols. The cipher protocols that the server will allow when using encrypted connections. The following values may be specified:
| -1 | The value remains the same |
Or the sum of one or more of the following values:
| 0x0100 | Triple Data Encryption Standard (DES) Secure Hash Algorithm (SHA) (U.S.) |
| 0x0200 | DES SHA (U.S.) |
| 0x0400 | Rivest Cipher 4 (RC4) SHA (U.S.) |
| 0x0800 | RC4 Message Digest 5 (MD5) (U.S.) |
| 0x1000 | RC2 MD5 (export) |
| 0x2000 | RC4 MD5 (export) |
| 0x4000 | Advanced Encryption Standard (AES) SHA 128 bit (U.S.) |
| 0x8000 | Advanced Encryption Standard (AES) SHA 256 bit (U.S.) |
Database path. The path to an existing library containing
the directory database objects. This is an integrated file system path name,
for example, /QSYS.LIB/DIRSRV.LIB. By changing this field, you make the current
directory contents inaccessible. By changing the field back to its original
value, you restore the original directory contents.
The library 
can 
exist in a
system ASP or a basic user ASP (ASP value of 1 to 32). Also, the library can exist
in an independent ASP (ASP value greater than 32). This field is specified in UTF-16
(CCSID 13488). To leave the value unchanged, specify a length and offset to
this field of zero.
Disable publishing agent. Indicates whether or not the publishing agent is disabled. The following values may be specified:
| 0 | The publishing agent is enabled. |
| 1 | The publishing agent is disabled. |
Displacement to attribute name. The displacement, in bytes, from the start of the current entry to the attribute name field.
Displacement to bind credentials. The displacement, in bytes, from the start of the current entry to the bind credentials field.
Displacement to bind DN. The displacement, in bytes, from the start of the current entry to the bind DN field.
Displacement to IP address. The displacement, in bytes, from the start of the current entry to the IP address field.
Displacement to Kerberos key tab file. The displacement, in bytes, from the start of the current entry to the Kerberos key tab file field.
Displacement to Kerberos principal. The displacement, in bytes, from the start of the current entry to the Kerberos principal field.
Displacement to Kerberos realm. The displacement, in bytes, from the start of the current entry to the Kerberos realm field.
Displacement to next entry. The displacement, in bytes, from the start of the current entry to the next entry in the input data.
Displacement to parent distinguished name. The displacement, in bytes, from the start of the current entry to the parent distinguished name field.
Displacement to publishing agent name. The displacement, in bytes, from the start of the current entry to the publishing agent name field.
Displacement to referral server URL. The displacement, in bytes, from the start of the current entry to the referral server URL field.
Displacement to server name. The displacement, in bytes, from the start of the current entry to the server name field.
Displacement to suffix. The displacement, in bytes, from the start of the current entry to the suffix field.
Encrypted port number. The port number to use for encrypted connections. The standard port number for encrypted connections (SSL) is 636. Valid port numbers are in the range 1 to 65535. The following special value may be specified:
| -1 | The value of this field does not change. |
Event notification registration indicator. Indicator of whether to allow client to register for event notification. The following special values may be specified:
| -1 | The value of this field does not change. |
| 0 | Do not allow clients to register for event notification. |
| 1 | Allow clients to register for event notification. |
Index type. The kind of database indexes that will be created for an attribute. Creating database indexes improved the performance of directory searches on those attributes. The following values may be specified:
| 0 | No indexes will be maintained for the specified attribute |
| 1 | Equal |
Note: For a delete request, 0 must be specified for this field.
IP address. The IPv4 or IPv6 address of the client for which the directory server will accept connections. The IP address must already exist to be specified. A value of hexadecimal zeroes and leading zeroes is not allowed. An IPv4 address is expressed in standard dotted-decimal form www.xxx.yyy.zzz; for example, 130.99.128.1. An IPv6 address always has at least one occurrence of a colon (':') in the format. Some possible IPv6 address formats would be: ::x (for example, ::1) or ::w.xxx.y.zzz (for example, ::9.130.4.169). For further IPv6 examples and explanation, refer to the Usage Notes section in the Convert IPv4 and IPv6 Addresses Between Text and Binary Form (inet_pton) API. This field is specified in UTF-16 (CCSID 13488).
The following special value may be specified:
| *ALL | All IP addresses defined on the local system will be bound to the server. |
Kerberos administrator ID. The name of the Kerberos administrator. This field is specified in UTF-16 (CCSID 13488). The following special value may be specified:
| *NONE | No value is specified. |
To leave the value unchanged, specify a length and offset to this field of zero.
Kerberos administrator realm. The realm where the kerberos administrator is registered. This field is specified in UTF-16 (CCSID 13488). The following special value may be specified:
| *NONE | No value is specified. |
To leave the value unchanged, specify a length and offset to this field of zero.
Kerberos authentication indicator. The following special values may be specified:
| -1 | The value of this field does not change. |
| 0 | Do not support Kerberos authentications. |
| 1 | Support Kerberos authentications. Ensure all Kerberos fields are specified. |
Kerberos key tab file. The integrated file system path name for the key tab file that contains the server's secret key used for authentication. The QDIRSRV user profile is given authorization to read this file. This field is specified in UTF-16 (CCSID 13488). The following special value may be specified:
| *NONE | No value is specified. |
To leave the value unchanged, specify a length and offset or displacement to this field of zero.
Kerberos principal. The principal in the key tab file to use for authentication. This field is specified in UTF-16 (CCSID 13488). The following special value may be specified:
| *NONE | No value is specified. |
To leave the value unchanged, specify a length and offset or displacement to this field of zero.
Kerberos realm. The realm where the principal is registered to use for authentication. This field is specified in UTF-16 (CCSID 13488). The following special value may be specified:
| *NONE | No value is specified. |
To leave the value unchanged, specify a length and offset or displacement to this field of zero.
Kerberos to DN mapping indicator. The following values may be specified:
| -1 | The value of this field does not change. |
| 0 | Map the Kerberos ID to pseudo DN. A pseudo DN can be used to uniquely identify an LDAP user object of the form 'ibm-kerberosName=principal@realm" or 'ibm-kn=principal@realm". |
| 1 | Use associated DN in directory. The LDAP server will attempt to find an entry in the directory that contains the kerberos principle and realm as one of its attributes. Once found, this DN will then be used to determine the client's authorizations to the directory. |
Key ring file. The path name of the SSL key ring file. A key ring file must be configured when using SSL. The following special value may be specified:
| *NONE | No value is specified. |
Note: Starting with V4R4M0, this field is ignored for format CSVR0100. This field is specified in UTF-16 (CCSID 13488).
To leave the value unchanged, specify a length and offset to this field of zero.
LDAP port number. The LDAP server's TCP/IP port. The following values may be specified:
| -1 | The value remains the same |
Length of administrator DN. The length, in UTF-16 (CCSID 13488) characters, of the administrator DN field.
Length of administrator password. The length, in UTF-16 (CCSID 13488) characters, of the administrator password field.
Length of attribute name. The length, in UTF-16 (CCSID 13488) characters, of the the attribute name field.
Length of bind credentials. The length, in UTF-16 (CCSID 13488) characters, of the bind credentials field.
Length of bind DN. The length, in UTF-16 (CCSID 13488) characters, of the bind DN field.
Length of database path. The length, in UTF-16 (CCSID 13488) characters, of the database path field.
Length of IP address. The length, in UTF-16 (CCSID 13488) characters, of the IP address field.
Length of Kerberos administrator ID. The length, in UTF-16 (CCSID 13488) characters, of the Kerberos administrator ID field.
Length of Kerberos administrator realm. The length, in UTF-16 (CCSID 13488) characters, of the Kerberos administrator realm field.
Length of Kerberos key tab file. The length, in UTF-16 (CCSID 13488) characters, of the Kerberos key tab file field.
Length of Kerberos principal. The length, in UTF-16 (CCSID 13488) characters, of the Kerberos principal field.
Length of Kerberos realm. The length, in UTF-16 (CCSID 13488) characters, of the Kerberos realm field.
Length of key ring file. The length, in UTF-16 (CCSID 13488) characters, of the key ring file field.
Length of master server URL. The length, in UTF-16 (CCSID 13488) characters, of the master server URL field.
Length of parent distinguished name. The length, in UTF-16 (CCSID 13488) characters, of the parent distinguished name field.
Length of projected suffix. The length, in UTF-16 (CCSID 13488) characters, of the projected suffix field.
Length of publishing agent name. The length, in UTF-16 (CCSID 13488) characters, of the publishing agent name. The length can be at most 50 characters.
Length of referral server. The length, in UTF-16 (CCSID 13488) characters, of the referral server name.
Length of referral server URL. The length, in UTF-16 (CCSID 13488) characters, of the referral server URL field.
Length of server administration URL. The length, in UTF-16 (CCSID 13488) characters, of the server administration URL field.
Length of server name. The length, in UTF-16 (CCSID 13488) characters, of the server name field.
Length of suffix. The length, in UTF-16 (CCSID 13488) characters, of the suffix field.
Length of update DN. The length, in UTF-16 (CCSID 13488) characters, of the update DN field.
Length of update password. The length, in UTF-16 (CCSID 13488) characters, of the update password field.
Level indicator. The level indicator of the data supplied for a format. See the format descriptions for possible uses and values of this field.
Level of authority integration. The level of IBM® i authority integration to use to determine if a distinguished name (DN) can become an LDAP administrator. Allowing a user profile to become an LDAP administrator can be done by setting the value of the Level of authority integration field to 1 and then authorizing specific user profiles to the Directory Server Administrator function of the operating system through System i Navigator's Application Administration support. The Change Function Usage Information (QSYCHFUI) API, with a function ID of QIBM_DIRSRV_ADMIN, can also be used to change the list of users that are allowed to be an LDAP administator. The user profile can be mapped to a DN as a projected user (for example, for user profile 'FRED', and the projected suffix of 'systemA', the projected user's DN would be os400-profile=FRED,cn=accounts,os400-sys=systemA ).
The following special values may be specified:
| -1 | The value of this field does not change. |
| 0 | Do not apply 'Directory Server Administrator' function identifier to bound distinguished names to determine LDAP administrators. |
| 1 | Allow bound distinguished names that refer directly to user profiles to become LDAP administrators if the user profile is identified in the 'Directory Server Administrator' function identifier. |
Log client messages. Whether the directory server will log client messages in the server joblog. The following values may be specified:
| -1 | The value of this field does not change. |
| 0 | The directory server will not log client messages in the server joblog. |
| 1 | The directory server will log client messages in the server joblog. |
Master server URL. The uniform resource locator (URL) of the master server. This field is specified in UTF-16 (CCSID 13488). The following special value may be specified:
| *NONE | No value is specified. |
To leave the value unchanged, specify a length and offset to this field of zero.
Maximum connections. The maximum number of simultaneous connections that can be established with the server. The following special values may be specified:
| -1 | The value of this field does not change. |
| 0 | Do not limit the number of connections. |
Note: Starting with V5R1M0, this field is no longer supported and is ignored if a value is passed.
Maximum event registrations for connection. The following special values may be specified:
| -1 | The value of this field does not change. |
| 0 | Do not limit the number of event registrations for connection. |
Maximum event registrations for server. The following special values may be specified:
| -1 | The value of this field does not change. |
| 0 | Do not limit the number of event registrations for server. |
Maximum age of change log entries. The maximum age, in seconds, of change log entries that can be stored. If the maximum is reached, the change log entries will be deleted starting with the oldest entry. This value only used if 'Change log indicator' is set to 1. The following special values may be specified:
| -1 | The value of this field does not change. |
| 0 | Do not limit the age of change log entries. |
Maximum number of change log entries. The maximum number of change log entries that can be stored. If the maximum is reached, the change log entries will be deleted starting with the oldest entry. This value only used if 'Change log indicator' is set to 1. The following special values may be specified:
| -1 | The value of this field does not change. |
| 0 | Do not limit the number of change log entries. |
Maximum operations per transaction. The maximum number of operations that are allowed for each transaction. Transaction support allows a group of directory changes to be handled as a single transaction. The following special values may be specified:
| -1 | The value of this field does not change. |
Maximum pending transactions. The maximum number of pending transactions allowed. Transaction support allows a group of directory changes to be handled as a single transaction. The following special value may be specified:
| -1 | The value of this field does not change. |
Nonencrypted port number. The port number to be used for nonencrypted connections. The standard port number is 389. Valid port numbers are in the range 1 to 65535. The following special value may be specified:
| -1 | The value of this field does not change. |
Number of change entries. The number of change entries present in the input data.
Number of database connections. The number of database connections used by the server. Valid numbers are in the range 4 to 32. The following special value may be specified:
| -1 | The value of this field does not change. |
Offset to administrator DN. The offset, in bytes, from the start of the input data area to the administrator DN field.
Offset to administrator password. The offset, in bytes, from the start of the input data area to the administrator password field.
Offset to change entries. The offset, in bytes, from the start of the input data area to the the first change entry.
Offset to database path. The offset, in bytes, from the start of the input data area to the database path field.
Offset to Kerberos administrator ID. The offset, in bytes, from the start of the input data area to the Kerberos administrator ID field.
Offset to Kerberos administrator realm. The offset, in bytes, from the start of the input data area to the Kerberos administrator realm field.
Offset to Kerberos key tab file. The offset, in bytes, from the start of the input data area to the Kerberos key tab file field.
Offset to key ring file. The offset, in bytes, from the start of the input data area to the key ring file field.
Offset to master server URL. The offset, in bytes, from the start of the input data area to the master server URL field.
Offset to parent distinguished name. The offset, in bytes, from the start of the input data area to the parent distinguished name field.
Offset to projected suffix. The offset, in bytes, from the start of the input data area to the projected suffix field.
Offset to referral server. The offset, in bytes, from the start of the input data area to the referral server field.
Offset to server administration URL. The offset, in bytes, from the start of the input data to the server administration URL field.
Offset to server name. The offset, in bytes, from the start of the input data to the server name field.
Offset to suffix. The offset, in bytes, from the start of the input data area to the suffix field.
Offset to update DN. The offset, in bytes, from the start of the input data area to the update DN field.
Offset to update password. The offset, in bytes, from the start of the input data area to the update password field.
Parent distinguished name. The parent distinguished name for published objects. For example, if the parent distinguished name is "ou=rochester, o=ibm, c=us", a published directory object for user John Smith might be "cn=john smith, ou=rochester, o=ibm, c=us". This field is specified in UTF-16 (CCSID 13488). To leave the value unchanged, specify a length and offset to this field of zero.
Password format. The format of the encrypted password. The following values may be specified:
| -1 | The value of this field does not change. |
| 1 | Unencrypted. The clear text password is stored in a validation list and can be returned by searches or used for DIGEST-MD5 SASL authentication. |
| 2 | SHA. (Default) |
| 3 | MD5. |
| 4 | Crypt (The password is one-way hashed using a modified DES algorithm. The "crypt" algorithm originally was used by many Unix operating systems for password protection.) |
Projected suffix. The suffix under which all projected objects for this server reside including user and group profiles. This field is specified in UTF-16 (CCSID 13488).
Publishing agent name. The agent that will publish information to a directory server and parent distinguished name. This field is specified in UTF-16 (CCSID 13488).
The following publishing agent names are predefined by the operating system:
| *AS400_COMPUTERS | This agent name is used for publishing system information such as the system and printers. |
| *AS400_PRINTSHARES | This agent name is used for publishing print shares to an Active Directory server. |
| *AS400_USERS | This agent name is used for publishing System Distribution Directory users. |
| *OS400_TC1_QOS | This agent name is used for publishing TCP/IP Quality of Service policy information. |
Read only. Whether the directory server will allow updates to be made to the directory contents. The following values may be specified:
| -1 | The value of this field does not change. |
| 0 | Places the directory server into update mode to allow directory updates. This is the normal mode of operation. |
| 1 | Places the directory server into read-only mode. |
Read only projected suffix. Whether the directory server will allow updates to be made to the projected suffix. The following values may be specified:
| -1 | The value of this field does not change. |
| 0 | Places the directory server projected suffix into update mode to allow updates. This is the normal mode of operation. |
| 1 | Places the directory server projected suffix into read-only mode. |
Read only schema. Whether the directory server will allow updates to be made to the directory schema. The following values may be specified:
| -1 | The value of this field does not change. |
| 0 | Places the directory server schema into update mode to allow updates. This is the normal mode of operation. |
| 1 | Places the directory server schema into read-only mode. |
Referral port. An optional port number to be returned to a client when a request is made for a directory object that does not reside on this server. The referral port and referral server together are used to form a referral URL. The referral server and port fields must be configured when changing the Server is replica field to make this server a replica. Valid port numbers are in the range 1 to 65535.
Starting with V4R5M0, this field is ignored for format CSVR0100. Referral server information can be changed using the CSVR0600 format of the QgldChgDirSvrA API. The following special values may be specified:
| 0 | No port number is returned as part of the referral. |
| -1 | The value of this field does not change. |
Referral server. The IP name or address of a server to return to a client when a request is made for a directory object that does not reside on this server. The referral port and referral server are used together to form a referral URL. The referral server and port fields must be configured when changing the Server is a replica field to make this server a replica. In this case, the referral is typically to the master server. The following special value may be specified:
| *NONE | No value is specified. |
Note: Starting with V4R5M0, this field is ignored for format CSVR0100. This field is specified in UTF-16 (CCSID 13488). To leave the value unchanged, specify a length and offset to this field of zero.
Referral server URL. The uniform resource locator (URL) of the referral server. This field is specified in UTF-16 (CCSID 13488).
Reserved. A reserved field. This field must be set to zero.
Schema checking level. The level of schema checking performed by the server. The following values may be specified:
| -1 | The value does not change. |
| 0 | None. |
| 1 | LDAP version 2. |
| 2 | LDAP version 3 strict. |
| 3 | LDAP version 3 lenient. |
Search size limit. The maximum number of entries that the server will return for a given search request. The following special values may be specified:
| -1 | The value of this field does not change. |
| 0 | Do not limit the number of entries returned. |
Search time limit. The maximum time, in seconds, that the server will spend performing a given search request. The following special values may be specified:
| -1 | The value of this field does not change. |
| 0 | Do not limit the search time. |
Security. Whether the server should use encrypted connections. The following values may be specified:
| -1 | The value does not change |
| 1 | Allow nonencrypted connections only |
| 2 | Allow encrypted connections only |
| 3 | Allow both encrypted and nonencrypted connections |
Security audit option for objects. When the QAUDCTL system value is set to *OBJAUD, then object auditing can be done in the directory. See the Security reference topic collection for information about Directory Server auditing. The following special values may be specified:
| -1 | The value of this field does not change. |
| 0 | Do not do object auditing of the directory objects. |
| 1 | Audit changes to directory objects. |
| 2 | Audit all access to directory objects. This includes search, compare and change. |
Server is replica. Whether the server is a master server or a replica server. When this field is changed to make the server a replica, the update DN, update password, and referral fields must be specified. The following values may be specified:
| -1 | The value of this field does not change. |
| 0 | The server is a master for the directory suffixes present on the server. |
| 1 | The server is a replica server for the directory suffixes present on the server. |
Server administration URL. The server administration URL. This field is specified in UTF-16 (CCSID 13488). To leave the value unchanged, specify a length and offset to this field of zero.
Server name. The name of the server. This field is specified in UTF-16 (CCSID 13488). To leave the value unchanged, specify a length and offset to this field of zero.
SSL authentication method. The method used during SSL authentication. The following values may be specified:
| -1 | The value does not change. |
| 1 | Server authentication. |
| 3 | Server and client authentication. |
Suffix. The name of the directory suffix to be added or removed from the server. This field is specified in UTF-16 (CCSID 13488).
Suffix change entries. The list of suffixes to be added or deleted.
Terminate idle connections. The server will terminate idle connections when necessary.
Starting with V5R1M0, this field is no longer supported and is ignored if a value is passed. The following values may be specified:
| 0 | Do not terminate idle connections. |
| 1 | Terminate idle connections. |
Transaction time limit. The maximum time, in seconds, that the server will spend performing a transaction request. Transaction support allows a group of directory changes to be handled as a single transaction. The following special values may be specified:
| -1 | The value of this field does not change. |
Update DN. The distinguished name that the master server must use when propagating directory updates to this replica server. This field may be specified only when the server is a replica. When either the update DN or the update password field is changed, both must be specified. This field is specified in UTF-16 (CCSID 13488). The following special value may be specified:
| *NONE | No value is specified. |
To leave the value unchanged, specify a length and offset to this field of zero.
Update password. The password used when connecting to this server using the update DN. This field may be specified only when the server is a replica. When either the update DN or the update password field is changed, both must be specified. This field is specified in UTF-16 (CCSID 13488). To leave the value unchanged, specify a length and offset to this field of zero. The following special value may be specified:
| *NONE | No value is specified. |
Error Messages
| Message ID | Error Message Text |
|---|---|
| CPF2209 E | Library &1 not found. |
| CPFA0A9 E | Object not found. |
| CPFA0DB E | Object name not a QSYS object. |
| CPFA314 E | Memory allocation error. |
| GLD0204 E | Attribute name not valid. |
| GLD0205 E | Administrator DN not valid. |
| GLD0208 E | Key ring file name not valid. |
| GLD0209 E | Update DN not valid. |
| GLD020A E | Suffix not valid. |
| GLD020B E | Referral server name not valid. |
| GLD020D E | Index rule already defined for attribute. |
| GLD020E E | Index rule not found for attribute. |
| GLD0211 E | Value &1 specified at offset &2 in input format &3 is not valid. |
| GLD0212 E | Field &1 required when server is using SSL. |
| GLD0215 E | IBM Tivoli® Directory Server server has not been configured. |
| GLD0217 E | A value was specified in list entry &1 that is not valid. Reason code &2. |
| GLD0219 E | Administrator DN and password both required. |
| GLD021A E | Field not allowed when server is not a replica. |
| GLD021B E | Field is required when server is a replica. |
| GLD021C E | The caller of the API must have *ALLOBJ and *IOSYSCFG special authority to configure the server. |
| GLD021D E | Error occurred when processing the input list of entries. |
| GLD021E E | &1 password is not valid. |
| GLD021F E | The caller of the API must have *AUDIT special authority to set the server auditing information. |
| GLD0221 E | Offset &1 specified in input data is not valid. |
| GLD0222 E | Length &1 specified in input data is not valid. |
| GLD0223 E | Database path not valid. |
| GLD0227 E | Distinguished names cannot be modified while the server is active. |
| GLD0229 E | Validation list not found. |
| GLD022D E | Publishing &1 agent not found. |
| GLD022E E | Publishing agent &1 is already configured. |
| GLD022F E | Format not supported. |
| GLD0231 E | Cannot set the password for a projected user. |
| GLD0232 E | Configuration contains overlapping suffixes. |
| GLD0233 E | Cannot set database library to /QSYS.LIB/QUSRDIRCL.LIB. |
| GLD0235 E | IP address is not valid. |
API introduced: V4R3