A fix is available
APAR status
Closed as program error.
Error description
When a client queries the capabilities of the z/OS LDAP TDS server via a root DSE search, it is presented with a list (among other items) of the server's supported sasl mechanisms, such as: supportedsaslmechanisms=CRAM-MD5 supportedsaslmechanisms=DIGEST-MD5 supportedsaslmechanisms=EXTERNAL However, not all of these mechanisms apply to all the backends. For SDBM, CRAM-MD5 and DIGEST-MD5 are not supported, yet there is no way to turn "off" these capabilities and a client may still be given these options as if they were valid. Note, the client in this case was Windows ldifde
Local fix
A ++usermod is available from Level2 only until ptfs are ready.
Problem summary
**************************************************************** * USERS AFFECTED: Users of IBM Tivoli Directory Server for * * z/OS. * **************************************************************** * PROBLEM DESCRIPTION: CRAM-MD5 and DIGEST-MD5 are presented * * as supported SASL mechanisms on the * * RootDSE search even when only SDBM is * * configured. * **************************************************************** * RECOMMENDATION: APPLY PTF * **************************************************************** When a client queries the capabilities of the z/OS LDAP TDS server via a RootDSE search, it is presented with a list (among other items) of the server's supported SASL mechanisms, such as: supportedsaslmechanisms=CRAM-MD5 supportedsaslmechanisms=DIGEST-MD5 supportedsaslmechanisms=EXTERNAL However, not all of these mechanisms apply to all the backends. CRAM-MD5 and DIGEST-MD5 only apply to CDBM, LDBM, or TDBM. For SDBM, CRAM-MD5 and DIGEST-MD5 are not supported, yet there is no way to turn "off" these capabilities, and a client may still be given these options as if they are valid.
Problem conclusion
The TDS for z/OS server has been updated so that the both CRAM-MD5 and DIGEST-MD5 are not listed as supported SASL mechanisms on the RootDSE search when no CDBM, LDBM, or TDBM is configured on the server. This APAR support was provided through internal defect 4473. FMIDs affected: HRSL3D0 - IBM TDS on z/OS V1.13 This APAR updates the following parts: GLDSRV31 GLDSRV64
Temporary fix
Comments
APAR Information
APAR number
OA40996
Reported component name
SECURITY SERVR
Reported component ID
565506803
Reported release
3D1
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2012-12-05
Closed date
2012-12-10
Last modified date
2016-12-08
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UA67451
Modules/Macros
GLDSRV31 GLDSRV64
Fix information
Fixed component name
SECURITY SERVR
Fixed component ID
565506803
Applicable component levels
R3D0 PSY UA67451
UP12/12/18 P F212
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3D1","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":null,"label":null},"Product":{"code":"SG19O","label":"APARs - MVS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3D1","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
08 December 2016