IBM TDS / LDAP

bash-2.05b# ps -ef | grep ldapdb2
ldapdb2 614418 1106044 0 Mar 24 - 11:28 db2acd 0
ldapdb2 1134664 1106044 0 Mar 24 - 67:01 db2sysc 0

bash-2.05b$ ps -ef | grep ldapdb2svc ==> result 0 (normal - just info)
the process is "db2sysc" which open the 3700 port (this is the ldapdb2svc port)

bash-2.05b# ps -ef | grep ibmdiradm
ldap 638978 1 0 Mar 24 - 0:45 /usr/ldap//bin/ibmdiradm -l

bash-2.05b# ps -ef | grep ibmslapd | grep -v grep
ldap 688256 1 2 Mar 24 - 623:26 /usr/bin/ibmslapd

>>>>>>>>>>>>
Usage: ibmdiradm [options]
where:
options:
-f file use file as configuration file
-h level debug level. Use in conjunction with ldtrc
-p port use port as the port to start ibmdiradm on
-s SSLport use SSLport as the port to start ibmdiradm on
-V print version information
-? this help screen

bash-2.05b# ibmdiradm -V
Directory server version is IBM Tivoli Directory Admin Server(SSL), Version 5.2 (Oct 17 2005 17:13:43)
>>>>>>>>>>

bash-2.05b# ibmslapd --help
ibmslapd: illegal option -- -
Usage:
ibmslapd [ -a | -n | -c ]
where:
-a start server in configuration only mode
-n do not start server in configuration only mode
-c run in console mode
bash-2.05b# ibmslapd -v
Directory server version is IBM Tivoli Directory (SSL), Version 5.2 (Oct 17 2005 17:08:46)

>>>>>>>>>>>>>>>>>

bash-2.05b# ibmdirctl
You must specify a command

Usage: ibmdirctl [options] command -- [ibmslapd options]
where:
command: command to issue to ibmdiradm
must be one of start/stop/restart/status/admstop

start starts the IBM Tivoli Directory Server
stop stops the IBM Tivoli Directory Server
restart stops and starts the IBM Tivoli Directory Server
status displays whether the IBM Tivoli Directory Server is running
statusreturn sets exit code 0=running, 1=starting, 2=stopped
admstop stops the IBM Tivoli Directory Server Administration Daemon


options:
-D adminDn bind DN
-h hostname ibmdiradm hostname
-K keyfile file to use for keys
-N key_name private key name to use in keyfile
-p port ibmdiradm port number
-P key_pw keyfile password
-v run in verbose mode
-w adminPw bind password or '?' for non-echoed prompt
-Y use a secure ldap connection (TLS)
-Z use a secure ldap connection (SSL)
-? this help screen

ibmslapd options are any options the ibmslapd process takes
at startup time. These are ignored if the 'stop' command was issued.

If ibmslapd options are requested, they must be preceded by the '--'.

If the 'admstop' command is issued successfully, the IBM Tivoli Directory
Server Administration Daemon must be restarted manually. (red - ibmdiradm command)

>>>>>>>>>>>>>>>>>>>>>>>>
Example :

Knowing the status of ibmslapd:
ibmdirctl -D cn=root -w xxxxxx status
ibmdirctl -D cn=root -w ? status ==> for password prompt

Note if you get "connection error", try check ibmdiradm process there or not.

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
PORTS (/etc/services/):

ldap 389/tcp # Lightweight Directory Access Protocol
ldap 389/udp # Lightweight Directory Access Protocol
ldaps 636/tcp # ldap protocol over TLS/SSL (was sldap)
ldaps 636/udp # ldap protocol over TLS/SSL (was sldap)
www-ldap-gw 1760/tcp # www-ldap-gw
www-ldap-gw 1760/udp # www-ldap-gw
ldap-admin 3407/tcp # LDAP admin server port
ldap-admin 3407/udp # LDAP admin server port
ldapdb2svc 3700/tcp
ldapdb2svci 3701/tcp
DB2_ldapdb2 60000/tcp
DB2_ldapdb2_1 60001/tcp
DB2_ldapdb2_2 60002/tcp
DB2_ldapdb2_END 60003/tcp

ibm-diradm 3538/tcp # IBM Directory Server
ibm-diradm 3538/udp # IBM Directory Server
ibm-diradm-ssl 3539/tcp # IBM Directory Server SSL
ibm-diradm-ssl 3539/udp # IBM Directory Server SSL

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

bash-2.05b$ db2 list node directory

Node Directory

Number of entries in the directory = 2

Node 1 entry:

Node name = IDSINODE
Comment =
Directory entry type = LOCAL
Protocol = LOCAL
Instance name = ldapdb2

Node 2 entry:

Node name = LDAPDB2N
Comment =
Directory entry type = LOCAL
Protocol = TCPIP
Hostname = localhost
Service name = ldapdb2svc

>>>>>>>>>>>>>>>>>>>>>>>>>>

Getting the config of DB2:
bash-2.05b$ db2 get dbmconfig

>>>>>>>>>>>>>>>>>
TROUBLE SHOOTING:

1. check the ldap db2 instance:
bash-2.05b$ db2 connect to ldapdb2 (ensure the set : DB2INSTANCE=ldapdb2)
Database Connection Information
Database server = DB2/AIX64 9.5.5
SQL authorization ID = LDAPDB2
Local database alias = LDAPDB2

2. db2 => LIST DATABASE DIRECTORY

System Database Directory

Number of entries in the directory = 2

Database 1 entry:

Database alias = LDAPDB2B
Database name = LDAPDB2
Node name = LDAPDB2N
Database release level = c.00
Comment =
Directory entry type = Remote
Catalog database partition number = -1
Alternate server hostname =
Alternate server port number =

Database 2 entry:

Database alias = LDAPDB2
Database name = LDAPDB2
Local database directory = /ldapdb2/data
Database release level = c.00
Comment =
Directory entry type = Indirect
Catalog database partition number = 0
Alternate server hostname =
Alternate server port number =

3. ldapsearch -p 389 -b "" -s base objectclass=*

namingcontexts=CN=SCHEMA
namingcontexts=CN=LOCALHOST
namingcontexts=CN=PWDPOLICY
namingcontexts=CN=IBMPOLICIES
namingcontexts=SECAUTHORITY=DEFAULT
namingcontexts=DC=AMM,DC=XX,DC=NL
subschemasubentry=cn=schema
supportedextension=1.3.18.0.2.12.1
.......
supportedextension=1.3.18.0.2.12.37
supportedcontrol=2.16.840.1.113730.3.4.2
......
supportedcontrol=1.3.18.0.2.10.18
security=none
port=389
supportedsaslmechanisms=CRAM-MD5
supportedsaslmechanisms=DIGEST-MD5
supportedldapversion=2
supportedldapversion=3
ibmdirectoryversion=5.2
ibm-ldapservicename=deehqws011oxixm
ibm-serverId=8d6c19c0-30ea-102a-9241-8d6a2b010899
ibm-supportedacimechanisms=1.3.18.0.2.26.3
ibm-supportedacimechanisms=1.3.18.0.2.26.4
ibm-supportedacimechanisms=1.3.18.0.2.26.2
vendorname=International Business Machines (IBM)
vendorversion=5.2
ibm-sslciphers=N/A
ibm-slapdisconfigurationmode=FALSE
ibm-slapdSizeLimit=500
ibm-slapdTimeLimit=900
ibm-slapdDerefAliases=always
ibm-supportedAuditVersion=2
ibm-sasldigestrealmname=xxxxxxxxx----(red:hostname)

4. ldapsearch -b dc=amm,dc=xx,dc=nl '(uid=at*)'
ldapsearch -b dc=amm,dc=xx,dc=nl '(uid=at*)' dn

???????????????????????????????????????????????????????????????