We have RACF LDAP server setup under z/OS Version 1.11. We are using
SLES11-SP1 Linux. We are using LDAP to authenticate with RACF passwords
and DB2 for the TDBM backend. We populated the TDBM and everything is
working great with one exception. We cannot change the RACF password from
Linux using the passwd command. This should work. Here is what we are
seeing:
x062tst@linuxm02:~> passwd
Changing password for x062tst.
Enter login(LDAP) password:
New password:
Re-enter new password:
LDAP password information update failed: Protocol error
R006010 Unsupported extended operation '1.3.6.1.4.1.4203.1.11.1'
(srv_process_extended_request)
passwd: Permission denied
I am thinking this is an ACL issue but am clueless how to setup the ldif
file for the ACL permission for the ldapmodify command. This is how it
looks now:
# ESE Testing ID, ESE, IT, PHI
dn: cn=ESE Testing ID,ou=ESE,ou=IT,o=PHI
cn: ESE Testing ID
aclentry: cn=this:critical:w
aclentry: cn=anybody:NORMAL:RSC:SYSTEM:RSC
aclpropagate: TRUE
aclsource: ou=ESE, ou=IT, o=PHI
entryowner: access-id:cn=ldapadm,o=PHI
ownerpropagate: TRUE
ownersource: ou=ESE, ou=IT, o=PHI
Does anyone have experience with this or can point be in the right
direction. Thanks in advance.
Peter
This Email message and any attachment may contain information that is
proprietary, legally privileged, confidential and/or subject to copyright
belonging to Pepco Holdings, Inc. or its affiliates ("PHI"). This Email is
intended solely for the use of the person(s) to which it is addressed. If
you are not an intended recipient, or the employee or agent responsible for
delivery of this Email to the intended recipient(s), you are hereby notified
that any dissemination, distribution or copying of this Email is strictly
prohibited. If you have received this message in error, please immediately
notify the sender and permanently delete this Email and any copies. PHI
policies expressly prohibit employees from making defamatory or offensive
statements and infringing any copyright or any other legal right by Email
communication. PHI will not accept any liability in respect of such
communications.
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
----------------------------------------------------------------------
For more information on Linux on System z, visit
http://wiki.linuxvm.org/
