OS/400

In general, the LDAP DB2 server that runs on OS/400 supports the LDAP V2 protocol. The server supports referrals and is capable of replicating its information to other LDAP-capable servers. Replication is done using the LDAP protocol.

Similar to the LDAP server for OS/390, there is one difference between the OS/400 and AIX implementations worth noting. Directory entry data is stored in the DB2 backing store in so-called wire format. Thus, whatever information is stored into the directory will be returned as it was entered. However, in order to support attribute-based searching, character string data is converted to code page 37, which contains the IA5 character set supported by LDAP V2. During this conversion, any characters not representable by local code page 37 are translated with some loss of information during the translation. This will affect attribute-based searches for entries where the entry data contains these characters.

The OS/400 directory server is currently based on LDAP V2 (time of writing). It utilizes DB2/400 to store LDAP information, uses a new ACL (Access Control List) design to protect LDAP entries, and uses the Operations Navigator for administration.

The OS/400 LDAP utilities include shell utilities to search, add, delete, and modify LDAP entries. Symbolic links that point to these are created so that they can be easily used in the OS/400 QShell Interpreter (qsh). It also includes interchange utilities to exchange data between the AS/400 and other servers via LDIF (LDAP Data Interchange Format).

6.4.1 System and Software Requirements

The following are the system and software requirements for LDAP server on AS/400:

• OS/400 V4R3 or later

• Option 32 of Operating System/400, OS/400 Directory Services, which includes:

• OS/400 LDAP Directory Server • OS/400 LDAP Client APIs & Utilities • Publishing APIs and GUI

• Windows 9x/NT Client

• Option 30 of Operating System/400, the OS/400 QShell Interpreter • 5769-JV1, AS/400 Developer Kit for Java to utilize Sun’s Java Naming and

Directory Interface (JNDI)

6.4.2 Installing the Server

Before you can configure the directory server, you must install the Directory Services option of OS/400. Directory services may already be installed on your AS/400. To install the Directory services option, take these steps: 1. Ensure you have both *ALLOBJ and *IOSYSCFG special authorities. 2. Insert the CD-ROM that contains OS/400.

3. TypeGO LICPGMon the AS/400 command line, then press Enter.

4. Choose option 1 from the Work with Licensed Programs menu, then press Enter.

5. Enter 1 in the Option field to the left of Option 32, OS/400 - Directory Services, then press Enter.

6. In the Installation device field, enter the name of the CD-ROM drive where you inserted the OS/400 CD-ROM.

6.4.3 Configuration

There is no command line interface for configuring the directory server. The AS/400 Directory Services provides a wizard in the Operations Navigator to assist you in configuring the LDAP directory server. Use this wizard when you initially configure the directory server. You may also use the wizard to

reconfigure the directory server.

The Operations Navigator lets you configure the LDAP server on the AS/400 system. The configuration task is one of the network server tasks. You must have both the *ALLOBJ and *IOSYSCFG special authorities to be able to run the configuration wizard. To configure the LDAP server, click Network (A) --> Servers (B) --> TCP/IP (C), as shown in Figure 29. Then, right-click on Directory (D). If this is the first time configuration is being run, the pop-up menu will appear as shown at the bottom in Figure 29. If this LDAP server had been configured before, the LDAP Administration Pop-Up menu will appear as shown in Figure 30.

Figure 29. Operations navigator LDAP administration

If this is the first time to configure the LDAP server on your AS/400, click Configure (E in Figure 29) to launch the configuration wizard as shown in

Figure 31, which will guide you through the configuration task. If the LDAP server was already configured, click Reconfigure (G in Figure 30) to change the LDAP server’s configuration.

Figure 30. LDAP administration pop-up menu

To begin the configuration process using the configuration wizard, click on Next (Figure 31).

When you use the wizard to reconfigure the directory server, you actually start from scratch. The original configuration is deleted rather than

changed. You can modify the directory server configuration by right-clicking Directory and selecting Properties. This does not delete the original configuration.

Figure 31. LDAP configuration wizard - Welcome screen

Enter the AS/400 library for the relational database in the field as shown in Figure 32. The library name must be specified using IFS naming. You should specify a library that will only be used by the directory server. Click on Next to proceed. If the library you specified does not exist, the wizard will ask you for confirmation to create this library. If you have multiple ASPs (Auxiliary Storage Pools) on your system, you will be prompted to select an ASP.

Figure 32. LDAP configuration wizard - Specify database library

Specify the distinguished name (DN) of the administrator and the password for the directory server in the fields shown in Figure 33. The name string uniquely locates the entry within your directory server directory. Type the name and password values and click Next.

Enter the directory suffixes at the next screen; an example is shown in Figure 34. You must configure at least one suffix in addition to the <cn=localhost> (for example, <O=IBM, C=US>). Type the directory suffix, then click Add to add the entry to the directory server. After you have added all the entries you need, click Next to continue.

Figure 34. LDAP configuration wizard - Choose directory suffixes

Using the check box shown in Figure 35 as an example, specify if you want the LDAP server to start when TCP/IP starts. Make your selection and click on Next to continue.

Figure 35. LDAP configuration wizard - Start server option

Review the configuration summary screen shown in Figure 36. Verify the settings for the directory server. If needed, you can go back and correct configuration mistakes by clicking Back. When all the information is correct, click Finish to complete the configuration.

This concludes the configuration of the IBM SecureWay Directory on AS/400. After you have finished the configuration, you can start and stop the directory server using the following commands. To start the LDAP server, type:

STRTCPSVR SERVER(*DIRSRV)

Similarly, to stop the LDAP server, type: ENDTCPSVR SERVER(*DIRSRV)

During the first start, all needed files are automatically created in the relational database library you specified during configuration.

6.4.4 Uninstalling the Server

If you no longer wish to run an LDAP directory server on your AS/400, you can remove it by uninstalling the AS/400 Directory Services option of OS/400. To do this, take these steps from a 5250 session to your AS/400:

1. Type GO LICPGM, then press Enter.

2. Choose option 12 from the Work with Licensed Programs menu, then press Enter.

3. Enter 4 in the Option field to the left of Option 32, OS/400 - Directory Services, then press Enter.

After you complete this procedure, the server will be uninstalled. However, both the schema files and the library that contains the server's data remain on the AS/400. This allows you to easily reinstall the AS/400 Directory Services and to begin running the server again.

If you are sure that you will not want to run the LDAP directory server in the future, you may delete these items. The schema files are located at