Bookmark and Share

Recent Posts

Implementing LDAP on AIX Offers a Few Surprises

June 3, 2013

 This past week was a surprise—and fun! Rather than a cut-and-dried performance review the customer I visited was more interested in getting Lightweight Directory Access Protocol (LDAP) working on AIX. With the repackaging of the DB2 component for IBM Tivoli Directory Server (TDS) LDAP, I have been a bit worried about whether LDAP on AIX (server and client) was still included in the base—a.k.a. no additional charges.

I’ve been playing with TDS LDAP since before it was tdsldap.* filesets (ldap.client.* and ldap.server.*) AND, importantly, the “special install” version of DB2 for the database. Since seeing the AIX 7.1 expansion DVD, I have been concerned that LDAP might not be included. However, that was just a pointless worry—about cost. The short answer to my concern:

Yes—LDAP is still included at no additional charge WHEN it is only used for AIX administration. 

As a footnote, you still must find a download of DB2. The file you’re looking for is something like tds63-aix-ppc64-db2.tar. This is a “restricted-license” version of DB2. That means it may only be used for supporting TDS. With that clarified, the customer said, “OK, let's learn how to install LDAP on AIX.”

I thought, “I have a presentation and scripts I have been using at IBM Power Technical Universities in Europe—so this should work well.” As a change from the Tech U labs, I first created a bundle to do the installation, rather than using the X11 GUI-based install used when you download everything from the IBM try and buy site. If you go that route, be sure and add the file set idsldap.ent63.* from the AIX DVD (base or expansion). We did have two surprises:

1. When using the bundle, you must load the DB2 (ismp/ppc/db2_09_07_00_04) first or one of the idsldap file sets won’t load. If you forget, just load the bundle a second time, because DB2 loads automatically on the first try).

2. When using the sudo Red Hat Package Manager (RPM)—which is an open LDAP RPM—as a prerequisite, the idsldap client file sets do not install completely because openldap has already set a symbolic link to an LDAP library, called .a library.

Other than that, it’s very simple to install and get started. And, yes, I’m not including a lot of commands here—yet. That’s because, I’m late in posting and, speaking honestly, I’m hoping to get some requests for more information. This will give me much better feedback on where to focus my next blog post—installing LDAP or integrating sudo into role-based access control (RBAC).

Posted June 3, 2013| Permalink

Post a Comment

Note: Comments are moderated and will not appear until approved

comments powered by Disqus