IBM Support

IV59757: LOGIN MAY FAIL FOR A NIS_LDAP NETGROUP BASED USER ACCOUNT APPLIES TO AIX 7100-03

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Following client enablement steps to set up a LDAP
    netgroup
    may fail if the "registry" value is defined on the LDAP
    server.
    
    # grep "^userattrmappath" ldap.cfg
    userattrmappath:/etc/security/ldap/2307aixuser.map
    
    # grep registry 2307aixuser.map
    registry  SEC_CHAR  passwordregistry  s  na  yes
    
    # lsldap -a passwd ruser | grep passwordregistry
    passwordregistry: LDAP
    
    This shows that the "registry" value is configured on
    the LDAP server.
    

Local fix

  • # grep "^userattrmappath" ldap.cfg
    userattrmappath:/etc/security/ldap/2307aixuser.map
    
    # grep registry 2307aixuser.map
    registry  SEC_CHAR  passwordregistry  s  na  yes
    
    # lsldap -a passwd ruser | grep passwordregistry
    passwordregistry: LDAP
    
    -> the "registry" value is configured at the LDAP server
    
    - commenting the "registry" value in the map file solves
    the
      issue:
    
    # grep registry 2307aixuser.map
    #registry  SEC_CHAR  passwordregistry  s  na  yes
    
    # restart-secldapclntd
    

Problem summary

  • LDAP netgroup user unable to login to the system when LDAP
    user stanza defined with user registry attribute as LDAP.
    Login doesn't take the registry attribute which is defined in
    the /etc/security/user file on the LDAP client systems for
    netgroup user.
    

Problem conclusion

  • It provides an option for the administrator to fecth the user's
    registry either from local /etc/security/user file or from LDAP
    server based on the authcontroldomain attribute in
    /etc/security/login.cfg file.
    

Temporary fix

Comments

  • 6100-09 - use AIX APAR IV59530
    6100-09 - use AIX APAR IV59530
    7100-03 - use AIX APAR IV59757
    7100-04 - use AIX APAR IV59700
    

APAR Information

  • APAR number

    IV59757

  • Reported component name

    AIX V7.1

  • Reported component ID

    5765H4000

  • Reported release

    710

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Submitted date

    2014-04-24

  • Closed date

    2014-04-24

  • Last modified date

    2016-05-10

  • APAR is sysrouted FROM one or more of the following:

    IV45605

  • APAR is sysrouted TO one or more of the following:

    U868052

Fix information

  • Fixed component name

    AIX V7.1

  • Fixed component ID

    5765H4000

Applicable component levels

  • R710 PSY U868052

       UP14/10/29 I 1000

[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSMV87","label":"AIX Enterprise Edition"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"710","Edition":""},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSMVAX","label":"AIX Express Edition"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"710","Edition":""},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG11R","label":"APARs - AIX 7.1 environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"710","Edition":""}]

Document Information

Modified date:
10 May 2016