IBM Support

IT43685: LDAP SEARCH FILTER QUERY DOESN'T CHANGE TO "OBJECTCLASS=GROUPOFNAMES" FROM "OBJECTCLASS=GROUPS" WHEN LDAP TYPE IS OPENLDAP

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • The LDAP search filter is not functioning correctly when LDAP
    type is openLDAP, leading to configuration errors in Spectrum
    Protect Plus. This may be due to a mismatch between the required
    object class (objectclass=groupofnames) and the object class
    being used by Spectrum Protect Plus (objectclass=group). The
    issue arises when LDAP type is openLDAP, the code expects
    "openLDAProotDSE" attribute to be passed in the LDAP context,
    which indicates the objectClass=group search filter to be
    replaced with objectClass=groupofnames. For this issue attribute
    (openLDAProotDSE) is not available in the context passed by
    openLdap server, which is expected. So the objectClass=group
    search filter does not get replaced with
    objectClass=groupofnames.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    * IBM Spectrum Protect Plus level 10.1.13, and 10.1.14         *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    * See ERROR DESCRIPTION                                        *
    ****************************************************************
    * RECOMMENDATION:                                              *
    * Apply fixing level when available. This problem is currently *
    * projected to be fixed in IBM Spectrum Protect Plus level     *
    * 10.1.14.1 and 10.1.15. Note that this is subject to change   *
    * at the discretion of IBM                                     *
    ****************************************************************
    

Problem conclusion

  • IBM Spectrum Protect Plus has been fixed to better support
    OpenLDAP.   For customer environments using OpenLDAP, the
    customer will need to uncomment the "ldap.type" parameter in the
    following properties file and restart the IBM Spectrum Protect
    Plus appliance:
    /etc/config/com.syncsort.dp.xsb.api.ldap.properties
    

Temporary fix

Comments

APAR Information

  • APAR number

    IT43685

  • Reported component name

    SP PLUS

  • Reported component ID

    5737SPLUS

  • Reported release

    A1D

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2023-05-02

  • Closed date

    2023-05-08

  • Last modified date

    2023-05-08

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Modules/Macros

  • Other
    

Fix information

  • Fixed component name

    SP PLUS

  • Fixed component ID

    5737SPLUS

Applicable component levels

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSNQFQ","label":"IBM Spectrum Protect Plus"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"A1D","Line of Business":{"code":"LOB26","label":"Storage"}}]

Document Information

Modified date:
01 February 2024