I am configuring OnDemand with LDAP over SSL between OnDemand on AIX and Windows AD. I am having trouble getting the LDAP SSL configuration to work.
What has been done so far:
configured /opt/IBM/ondemand/config/ars.cfg, configuration parameters can be seen further down
restarted ondemand
made sure I can reach LDAP server on port 636
credentials for bind user is ok
When starting OnDemand after SSL has been enabled in ars.cfg, it seems OnDemand dont start
ARS1106E Connection cannot be established for the >ARCHIVE< server
Error received in OnDemand System Log:
LDAP Error: The SSL library cannot be loaded. -- ldap_rc=118, -- extended_rc=-1, Unknown error -- ldap_errno=-1, extra_rc=118, File=arsldap.c, Line=1198
LDAP has been enabled through OnDemand Administrator Client
Environment Variable (I am not sure about this GSK_KEYRING_STASH. I see it mentioned for z/OS only)
GSK_KEYRING_STASH=/opt/IBM/ondemand/V10.1/config/ldap.sth
ars.cfg configuration:
###########################################
# LDAP Parameters (Library Server Only)   #
###########################################
ARS_LDAP_SERVER=hostname
ARS_LDAP_PORT=636
ARS_LDAP_USE_SSL=TRUE
ARS_LDAP_BASE_DN=OU=Service Accounts
ARS_LDAP_BIND_ATTRIBUTE=sAMAccountName
ARS_LDAP_MAPPED_ATTRIBUTE=sAMAccountName
ARS_LDAP_ALLOW_ANONYMOUS=FALSE
ARS_LDAP_OD_AUTHORITY_FALLBACK=TRUE
ARS_LDAP_KEYRING_FILE=/opt/IBM/ondemand/V10.1/config/ldap.kdb
ARS_LDAP_KEYRING_LABEL=CERTLABEL
####################################################
# LDAP SYNC Parameters (requires CMOD v10.1.0.2+)  #
####################################################
ARS_LDAP_SERVER_TYPE=AD
ARS_LDAP_USER_FILTER=(ObjectClass=USER)
ARS_LDAP_GROUP_FILTER=(ObjectClass=GROUP)
ARS_LDAP_GROUP_MAPPED_ATTRIBUTE=cn
ARS_LDAP_IGN_USERIDS=ADMIN
ARS_LDAP_IGN_GROUPS=ADMINS
System information:
Aix: v7200-05-02-2114
OnDemand: 10.1.0.5
DB2: 11.1.1.1
TSM 7.1.6.5
Thanks in advance  :)
			
			
			
				Solution:
Start /opt/IBM/ondemand/V10.1/bin/arssockd with sudo
sudo /opt/IBM/ondemand/V10.1/bin/arssockd -I ARCHIVE -S
Question is, is that the "correct" way of solving this?
			
			
			
				Hi Andreas.
Not really - you want CMOD to run as a 'non-privileged' user (like archive or odadmin) instead of root.  However, it DOES indicate that your problem is likely related to permissions, since running as root provides the highest level of authorization.  Double check file and directory permissions and your path environment variables like PATH, LIBPATH, and LD_LIBRARY_PATH to ensure they're correct.
-JD.