IBM Support

Complete LDAP / Directory Server Cleanup and Reconfigure

Troubleshooting


Problem

In some LDAP/Directory Server error recovery scenarios it is necessary to perform a complete cleanup and reconfigure. The steps below will provide complete cleanup of LDAP/Directory Server.

Resolving The Problem

A complete cleanup of the LDAP/Directory Server is many times required when other recovery / reconfigure option are unavailable or ineffective.

Notes:
1. If LDAP / Directory Server had been previously used, a restore from backup will be needed to restore data.
2. This procedure does not support cleanup of a single LDAP instance in a Multiple LDAP instance configuration.
Automatic Cleanup and Reconfigure:
Run the following commands to first remove the existing LDAP instance, then reconfigure it (replace password with the password you would like to set the 'cn=Administrator' LDAP administrative ID to):
 
  RMVDIRINST INSTANCE(QUSRDIR) DLTLIB(*YES)
ADDDIRINST INSTANCE(QUSRDIR) ADMIN('cn=administrator' password) SUFFIX('DC=mysystem,DC=mycompany,DC=com')
Video Walkthrough
We have a video going through this cleanup process.

 
Manual Cleanup and Reconfigure:
1. If currently active, end the directory server and publishing agents. On the operating system command line, type the following command:

ENDTCPSVR *DIRSRV

Press the Enter key. Then, type the following command:

WRKUSRJOB QDIRSRV

Press the Enter key.

End the QGLDPUBA and QGLDPUBE jobs
2. Clear the library used by LDAP/ Directory Server:

CLRLIB QUSRDIRDB

Delete the libraries used by LDAP/ Directory Server:

DLTLIB QUSRDIRDB
DLTLIB QUSRDIRCF
DLTLIB QUSRDIRCL
3. Clear the IFS directory used by LDAP/ Directory Server:

On the IBM i command line issue the STRQSH command. Then type the following command:

rm -rf /qibm/userdata/os400/dirsrv
4. To delete objects in QUSRSYS that store configuration information (QGLDCFG *USRSPC, and QGLDVLDL *VLDL), on the operating system command line type the following:

DLTUSRSPC QUSRSYS/QGLDCFG

DLTVLDL QUSRSYS/QGLDVLDL
5. There is a *USRQ in QDIRSRV2 that must be removed. On the operating system command line, type the following:

DLTUSRQ USRQ(QDIRSRV2/QGLDPUBQ)
6. Re-run the Directory Services ss03 exit program before starting the Configure from the GUI, where VnRnMn is the Version, Release, Modification for your operating system.

CALL QSYSDIR/QGLD03EX 'VnRnMn'

LDAP is now no longer configured.

To configure LDAP choose one of the following options:
 
  • Configure LDAP using IBM Access for Windows



    A) If System i Navigator is open, close it and open it again.

    B) Expand 'Network' --> 'Servers' --> 'TCP/IP'.

    picture of iNav tree structure

    C) Right click on 'IBM Tivoli Directory Server for i5/OS' and click on 'Configure'

    LDAP TCP option in iNav

    D) One the Welcome screen accept the default 'Instance ID' and click Next.
    Screen 1 of LDAP configuration wizard

    E) Select No when asked to configure with the default settings and click Next.

    Screen 2 of LDAP configuration wizard

    F) Accept all the defaults on the next panel and click Next

    Screen 3 of LDAP configuration wizard

    G) Click Next accepting the default Disk Pool.

    Screen 4 of LDAP configuration wizard

    H) On the 'Specify Administrator DN' uncheck the 'System-generated' box and set the password for 'cn=Administrator' and set a password. Then click Next.

    Screen 5 of LDAP configuration wizard

    I) On the 'Specify Suffixes' screen accept all the defaults and click Next.
    Screen 6 of LDAP configuration wizardScreen 1 of LDAP configuration wizard

    J) Accept all the defaults for the ports and click Next.
    Screen 7 of LDAP configuration wizard

    K) Select Yes use all IP addresses or No and check which IP address you want the server to listen on and click Next.

    Screen 8 of LDAP configuration wizard

    L) On the 'Specify TCP/IP Preference' accept the default and click Next.

    Screen 9 of LDAP configuration wizard

    M) On the Summary screen review and click Finish.

    Screen 10 of LDAP configuration wizard


    The server will then be configured and after it is completed you should be able to start the LDAP server.
     

 
  • Configure LDAP using IBM Navigator for i Web Admin GUI



    A) To access the Navigator for i Web GUI open a browser on your PC and direct it to
    http://server:2001 where server is the name of the IBM i system log in and navagate to the TCP/IP servers on the left panel

    *Note If you are unable to access the page or get an error when accessing it please see technical doc N1018538 for requirements and solutions to the ADMIN server.


    B) Right click on IBM Tivoli Directory Server for IBM i and select Configure, this will bring up the Configuration Wizard. Take the defaults on this panel and click Next.

    C) Select No when asked to configure with the default settings and click Next.

    D) Accept all the defaults on the next panel and click Next

    E) Click Next accepting the default Disk Pool

    F) On the 'Specify Administrator DN' uncheck the 'System-generated' box and set the password for 'cn=Administrator' and set a password. Then click Next.

    G) On the 'Specify Suffixes' screen accept all the defaults and click Next.

    H) Accept all the defaults for the ports and click Next.

    I) Select Yes use all IP addresses or No and check which IP address you want the server to listen on and click Next.

    J) On the 'Specify TCP/IP Preference' accept the default and click Next.

    K) On the Summary screen review and click Finish.


    The server will then be configured and after it is completed you should be able to start the LDAP server.
     

[{"Type":"MASTER","Line of Business":{"code":"LOB08","label":"Cognitive Systems"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"Platform":[{"code":"PF012","label":"IBM i"}],"Version":"7.1.0"}]

Historical Number

539158915

Document Information

Modified date:
27 January 2021

UID

nas8N1012689