IBM Support

QMGTOOLS: EIM/SSO/LDAP Collector

Troubleshooting


Problem

The LDAP (Tivoli Directory Server) data collector (LDAPCOL) in QMGTOOLS that aids the customer in gathering data to debug LDAP server and SSO/EIM problems.

Diagnosing The Problem

The LDAP data collector in QMGTOOLS aids in gathering data to debug LDAP server problems. The data it collects includes:

  • Joblogs for QZSOSIGN, QUSRDIR, QZLSSERVER
  • Keytab listing
  • SSO analysis
  • Ldapsearches based on ldap password
  • QSQIBMCHK, DBXREF check
  • SYSSNAP Data (PTFs, TCP Config, SST dumps, etc.)
  • /QIBM/UserData/OS400/NetworkAuthentication/krb5.conf
  • /QIBM/UserData/OS400/DirSrv/
  • SAVF of {instancename}DB, {Instancename}CF, {Instancename}CL
  • NsLookup Results.

Resolving The Problem

1. If the QMGTOOLS toolkit isn't installed, refer to the following document for more information on how to download and install the QMGTOOLS toolkit on your IBM i server. Additional information is found at:

http://www-01.ibm.com/support/docview.wss?uid=nas8N1011297

Note: September 2022 now requires uploading data to ECUREP requires credentials and anonymous FTP upload is no longer allowed. Please make sure QMGTOOLS is at a build date level of at least 09/23/2022. 

https://www.ibm.com/support/pages/qmgtools-how-check-and-update-qmgtools



2. Add QMGTOOLS to your library list (ADDLIBLE QMGTOOLS) and type GO MG.

3. Take Option 7 for CTA/EWS

Image 1584

4. Take option 2 for LDAP Data Collection



5. Take option 2 for LDAP Collector



6. Enter the appropriate values. The password is the administrator password for the instance. If the password is unknown, leave it blank.  If "Include LIB" is set to Y, it includes the QUSRDIRDB, QUSRDIRCF, and QUSRDIRCL library saves. If these libraries are large, then IBM® recommends specifying N for "INCLUDE LIB"?

image-20220927092727-1


The command can be entered without a menu option:


QMGTOOLS/LDAPCOL LDAP_PW(ldappassword) INCL_LIB(Y) FTP(Y) FTPTYPE(*IBMSDDUU) IBMID(IBMIDGOESHE
RE) IBMPWD(PasswordGoesHere) CASE_NBR(TS123456789)                                               


*If the customer is Blue Diamond, the parameters are a bit different to accommodate the Blue Diamond credentials for data upload:

LDAPCOL INCL_LIB(Y) FTP(Y) FTPTYPE(*BDFTP) IBMID(BLUEDIAMONDID) IBMPWD(BLUEDIAMONDPASS)
CASE_NBR(TS123456789)                                                  





This step will zip the requested data into /tmp/collectorscripts/data/LDAPCollector.zip. If FTP is set to Y, it uploads to the PMR. If there is a problem with the FTP, the user can upload the file manually on the ecurep FTP server at:

http://www.ecurep.ibm.com/app/upload

[{"Type":"MASTER","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"ARM Category":[{"code":"a8m0z0000000CJ7AAM","label":"Single Sign On-\u003EEnterprise Identity Mapping"}],"ARM Case Number":"","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"7.2.0;7.3.0;7.4.0;7.5.0"}]

Document Information

Modified date:
27 September 2022

UID

nas8N1021196

Page Feedback