IBM Support

OA47787: R010007 INVALID IA5 CHARACTER FOUND IN STRING VALUE

A fix is available

Obtain the fix for this APAR.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • This error:
LDAP: error code 21 - R010007 Invalid IA5 character found in
string value ... (srv_normalize_string:1792)

occurs when trying to create an SDBM user with special Croatian
characters in the racfprogrammername field; or when trying to
modify the racfprogrammername field when an existing RACF user
profile already contains Croatian characters in its
corresponding Name field.  (LDAP is able to display the correct
characters in this case, but cannot change them.)

Environment variable LANG is set to Hr_HR.IBM-870
   In LDAP's initial (base) schema, the syntax for the
racfProgrammerName attribute is defined with IA5 string
characters (7-bit ASCII).  The Croatian characters are outside
this range, hence the error message results.

Local fix

  • Create and modify users via RACF commands for user profiles.

Problem summary

  • ****************************************************************
* USERS AFFECTED: Users of the SDBM backend on the IBM Tivoli  *
*                 Directory Server for z/OS.                   *
****************************************************************
* PROBLEM DESCRIPTION: Only IA5 strings are allowed as input   *
*                      for 14 RACF fields through the SDBM     *
*                      backend.                                *
****************************************************************
* RECOMMENDATION: APPLY PTF                                    *
****************************************************************
In the SDBM backend, there are 14 LDAP attributes whose syntax
are defined as IA5 strings in the schema, but the associated
RACF fields can accept non-IA5 characters. If the input string
includes non-IA5 characters for these attributes, it cannot pass
the schema syntax checking and the add or modify request fails.
The 14 attributes are listed below:

racfProgrammerName
racfInstallationData
SAFDefaultCommand
racfOmvsHome
racfOmvsInitialProgram
racfNetviewInitialCommand
racfDCEPrincipal
racfDCEHomeCell
racfOvmHome
racfOvmInitialProgram
racfOvmFileSystemRoot
racfLDAPBindDN
racfLDAPHost
racfApplData

Problem conclusion

  • Change the schema syntax from IA5 string to Directory string for
the following 14 attributes:

racfProgrammerName
racfInstallationData
SAFDefaultCommand
racfOmvsHome
racfOmvsInitialProgram
racfNetviewInitialCommand
racfDCEPrincipal
racfDCEHomeCell
racfOvmHome
racfOvmInitialProgram
racfOvmFileSystemRoot
racfLDAPBindDN
racfLDAPHost
racfApplData

This APAR support was provided through internal defect 4851.

FMIDs affected:
  HRSL3D0 - IBM TDS on z/OS V1.13
  HRSL410 - IBM TDS on z/OS V2.1

This APAR updates the following parts:
  GLDSRV31
  GLDSRV64
  GLDUTS31
  GLDUTS64
  GLDAE041

The following documentation updates are made for this APAR:

Title: z/OS IBM Tivoli Directory Server Administration and Use
       for z/OS

Document Number: SC23-5191-XX
                 SC23-6788-XX

Appendix A. Initial LDAP server schema

Change the SYNTAX from "1.3.6.1.4.1.1466.115.121.1.26" to
"1.3.6.1.4.1.1466.115.121.1.15" for the following 14 RACF
attributes:

racfProgrammerName
racfInstallationData
SAFDefaultCommand
racfOmvsHome
racfOmvsInitialProgram
racfNetviewInitialCommand
racfDCEPrincipal
racfDCEHomeCell
racfOvmHome
racfOvmInitialProgram
racfOvmFileSystemRoot
racfLDAPBindDN
racfLDAPHost
racfApplData

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    OA47787
    • 

  • Reported component name
    SECURITY SERVR
    • 

  • Reported component ID
    565506803
    • 

  • Reported release
    3D0
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2015-05-08
    • 

  • Closed date
    2015-06-30
    • 

  • Last modified date
    2015-08-03
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    
UA77810 UA77811
    

    • 



Modules/Macros


    

  • GLDAE041 GLDSRV31 GLDSRV64 GLDUTS31 GLDUTS64

    




Publications Referenced


SC235191XXSC236788XX   





Fix information


    

  • Fixed component name
    SECURITY SERVR
    • 

  • Fixed component ID
    565506803
    • 



Applicable component levels


    

  • R3D0  PSY  UA77810
       UP15/07/10  P  F507
    • 

  • R410  PSY  UA77811
       UP15/07/10  P  F507
    • 



Fix is available


    

  • Select the PTF appropriate for your component level.
You will be required to sign in. Distribution on physical
media is not available in all countries.
    








      
              
                            

              

              [{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3D0","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":null,"label":null},"Product":{"code":"SG19O","label":"APARs - MVS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3D0","Edition":"","Line of Business":{"code":"","label":""}}]
              

                                                                    

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            03 August 2015
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback