IBM Support

IT37032: IN CERTAIN SITUATIONS, AUTHORIZATION ERROR INFORMATION MAY NOT BE LOGGED TO THE DB2DIAG.LOG

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • In certain situations, such as db2start or when updating the
    database manager configuration file, authorization errors may
    not log useful diagnostic information from security plugins to
    the db2diag.log. The only message logged may be a generic error
    message, indicating that the operation failed.
    
    Example command line error:
    
    [db2inst1@pate1 ~]$ db2start
    SQL1366N  A security plug-in "IBMLDAPauthclient" processing
    error occurred on the client. Reason code = "7".
    
    Example generic Message:
    
    2021-05-26-11.30.22.930416-420 I2228E847             LEVEL:
    Warning
    PID     : 21275                TID : 139856316467072 PROC :
    db2start
    INSTANCE: db2inst1              NODE : 000
    HOSTNAME: MYHOST1
    FUNCTION: DB2 UDB, base sys utilities, sqlestrt.C::main,
    probe:1763
    MESSAGE : Error encountered during db2start execution
    DATA #1 : unsigned integer, 4 bytes
    32
    DATA #2 : unsigned integer, 4 bytes
    0
    DATA #3 : SQLCA, PD_DB2_TYPE_SQLCA, 136 bytes
     sqlcaid : SQLCA     sqlcabc: 136   sqlcode: -1366   sqlerrml:
    20
     sqlerrmc: IBMLDAPauthclient 7
     sqlerrp : SQLESTRT
     sqlerrd : (1) 0x805C0197      (2) 0x00000197      (3)
    0x00000000
               (4) 0x00000000      (5) 0x00000000      (6)
    0x00000000
     sqlwarn : (1)      (2)      (3)      (4)        (5)       (6)
               (7)      (8)      (9)      (10)        (11)
     sqlstate:
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    * All DB2 systems on all Linux, Unix and Windows platforms at  *
    * service levels Version 11.5 GA to 11.5.6                     *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    * See Error Description                                        *
    ****************************************************************
    * RECOMMENDATION:                                              *
    * The complete fix for this problem first appears in DB2       *
    * Version 11.5.7 and all the subsequent Fix Packs.             *
    ****************************************************************
    

Problem conclusion

  • In certain situations, Db2 uses a process called "db2chkau" to
    invoke the security plugins for checking authentication and
    group membership. Prior to 11.5.7, db2chkau was not configured
    correctly to log to the Db2 diagnostic log. After upgrading to
    Db2 11.5.7 or later, additional diagnostic messages from the
    "db2chkau" process will be written, indicating the reason for a
    failure:
    
    2021-05-26-12.01.19.530591-420 I4103E1134            LEVEL:
    Error
    PID     : 14721                TID : 140056234297216 PROC :
    db2chkau
    INSTANCE: db2inst1               NODE : 000
    HOSTNAME: pate1
    FUNCTION: DB2 Common, Security Users and Groups,
    secLoadClientAuthPlugin, probe:21
    DATA #1 : String, 87 bytes
    db2ldapReadConfig: can't open config file
    '/home/db2inst1/sqllib/cfg/IBMLDAPSecurity.ini'
    CALLSTCK: (Static functions may not be resolved correctly, as
    they are resolved to the nearest symbol)
      [0] 0x00007F616D226C12
    /home/db2inst1/db2/INST/lib/libdb2osse.so.1 + 0x24BC12
      [1] 0x00007F616D2279E7 ossLog + 0x77
      [2] 0x00007F617575177E
    _Z23secLoadClientAuthPluginP19SEC_PLUGIN_HANDLE_TPcS1_i + 0x67E
      [3] 0x00007F617577B3E6
    _Z23sqlexLoadClientPWPluginP9sqlf_kcfdPc + 0x206
      [4] 0x00007F6175745C3D
    _Z24sqlex_init_client_secenvhhP5sqlcaPP19SEC_PLUGIN_HANDLE_TP9sq
    lf_kcfdP14db2UCinterface + 0xDD
      [5] 0x00007F6175755C18
    _Z23sqlex_get_user_authinfohhhiP16SQLEX_AUTHINFO_TP5sqlca +
    0x19B8
      [6] 0x000000000040205D main + 0x46D
      [7] 0x00007F616C1F3555 __libc_start_main + 0xF5
      [8] 0x000000000040239F db2chkau + 0x239F
    

Temporary fix

Comments

APAR Information

  • APAR number

    IT37032

  • Reported component name

    DB2 FOR LUW

  • Reported component ID

    DB2FORLUW

  • Reported release

    B50

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2021-05-26

  • Closed date

    2021-11-23

  • Last modified date

    2022-04-03

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    IT37042

Fix information

  • Fixed component name

    DB2 FOR LUW

  • Fixed component ID

    DB2FORLUW

Applicable component levels

[{"Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSEPGG","label":"DB2 for Linux- UNIX and Windows"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"11.5"}]

Document Information

Modified date:
04 April 2022