How To
Summary
This document covers MustGather information for AIX native LDAP client / secldapclntd issues.
If you are having issues with LDAP server software, a case should be opened with the Security Verify Directory / Directory Server support team. Likewise, commands like ldapsearch / ldapmodify / ldapadd work independently of secldapclntd, and would be handled by the SVD / DS support team.
Steps
Describe the problem
Answer all the applicable questions.
General:
- Is the system newly installed or configured?
- Has this configuration ever worked?
- Were any changes recently made to the system, network, or application?
- When did the problem begin?
- What were the error messages and symptoms, if any?
- Does the problem exist on other AIX LPARs?
- Is the problem intermittent or can be reproduced at will?
Specific to LDAP:
- Are LDAP user logins failing?
- Is lsuser not finding LDAP users, or lsgroup not finding LDAP groups?
- Is lsuser finding users, but not listing the groups they belong to?
- Are all LDAP users affected, or only some of them?
- Is secldapclntd going down / core dumping?
Collect Data:
Steps:
1. Remove the existing snap, if any.
snap -r
2. Create a directory for collecting test case data.
mkdir -p /tmp/ibmsupt/testcase
3. Start a script session.
script /tmp/ibmsupt/testcase/`hostname`.ldap.script.out
4. Run these commands to gather data.
ls-secldapclntd
lsuser -R LDAP <affected username>'
or
'lsgroup -R LDAP <affected groupname>'
5. Get LDAP debug while recreating the problem. This involves restarting secldapclntd - so if the problem goes away with a restart, we will have to wait until the problem occurs again.
Enable debug with:
export LDAP_DEBUG=65535
export LDAP_DEBUG_FILE=/tmp/ibmsupt/testcase/ldap.debug
stop-secldapclntd
start-secldapclntd
<recreate problem>
unset LDAP_DEBUG
unset LDAP_DEBUG_FILE
restart-secldapclntd
Note that the output file will stop growing if it hits 2GB in size. If it takes a while for the problem to recreate, monitor the size of the output file, and if it is approaching 2GB in size, clear it with:
echo > /tmp/ibmsupt/testcase/ldap.debug
6. If 'errpt -a' shows a core dump has occurred, gather it with snapcore:
snapcore -d /tmp/ibmsupt/testcase <full path to core file> /usr/sbin/secldapclntd
7. Exit the script session.
exit
8. Create a snap.For comprehensive snap, collect:
snap -aZc
If there is any need to reduce the amount of data collected further, for LDAP client issues, it's useful to collect:
snap -gStnkfc
9. Refer to steps #2 and #3 in Working with IBM AIX Support: Collecting snap data to upload the data.
Related Information
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB08","label":"Cognitive Systems"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG10","label":"AIX"},"ARM Category":[{"code":"a8m3p000000hBBEAA2","label":"Communication Applications-\u003ELDAP"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
25 February 2024
UID
ibm17016019