We have RACF LDAP server setup under z/OS Version 1.11. We are using SLES11-SP1 Linux. We are using LDAP to authenticate with RACF passwords and DB2 for the TDBM backend. We populated the TDBM and everything is working great with one exception. We cannot change the RACF password from Linux using the passwd command. This should work. Here is what we are seeing:
x062tst@linuxm02:~> passwd Changing password for x062tst. Enter login(LDAP) password: New password: Re-enter new password: LDAP password information update failed: Protocol error R006010 Unsupported extended operation '1.3.6.1.4.1.4203.1.11.1' (srv_process_extended_request) passwd: Permission denied I am thinking this is an ACL issue but am clueless how to setup the ldif file for the ACL permission for the ldapmodify command. This is how it looks now: # ESE Testing ID, ESE, IT, PHI dn: cn=ESE Testing ID,ou=ESE,ou=IT,o=PHI cn: ESE Testing ID aclentry: cn=this:critical:w aclentry: cn=anybody:NORMAL:RSC:SYSTEM:RSC aclpropagate: TRUE aclsource: ou=ESE, ou=IT, o=PHI entryowner: access-id:cn=ldapadm,o=PHI ownerpropagate: TRUE ownersource: ou=ESE, ou=IT, o=PHI Does anyone have experience with this or can point be in the right direction. Thanks in advance. Peter This Email message and any attachment may contain information that is proprietary, legally privileged, confidential and/or subject to copyright belonging to Pepco Holdings, Inc. or its affiliates ("PHI"). This Email is intended solely for the use of the person(s) to which it is addressed. If you are not an intended recipient, or the employee or agent responsible for delivery of this Email to the intended recipient(s), you are hereby notified that any dissemination, distribution or copying of this Email is strictly prohibited. If you have received this message in error, please immediately notify the sender and permanently delete this Email and any copies. PHI policies expressly prohibit employees from making defamatory or offensive statements and infringing any copyright or any other legal right by Email communication. PHI will not accept any liability in respect of such communications. ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/