CA LDAP 15.1 1 CA RS 1309 Service List Description Hiper 15.1 RO60097 LDAP AND DBUSER AUTHORIZATIONS The CA RS 1309 service count for this release is 1
CA LDAP 15.0 2 CA RS 1309 Service List Description Hiper 15.0 RO48369 WEBADMIN FILTER FIX - ACF2 RO48581 DSI ABEND : INVALID ARGUMENT RO50053 CHANGE APPROVAL ROWID GRANULARITY RO51090 LDAP MEMORY USAGE GROWS WITH ACF2 LID PROCESSING RO51463 RACF BACKEND DOESN'T RETURN ETRACPROTECTED RO53747 ENABLEVERIFY DOESN'T WORK FOR PAM LOGIN RO54479 PDS MONITOR MISSING DATA/ABEND RO54515 DSNLIST SYNTAX ERROR RO55091 FETCH FIRST ROWS IN SQL RO56806 LDP6034I ERROR OCCURS WHEN RUNNING A MONITOR REPORT RO57098 PASS TICKET PASSWORD IS BROKE AND USERS WITH A + FAIL RO57774 LDAP ABENDS WHEN RUNNING SUMMARY REPORTS IN COMPLIANCE MANAG RO58011 CANNOT MODIFY ACTION WITH NO DESCRIPTION IN COMPLIANCE MGR RO58620 SET THE DEFAULT DATACOM TIMEOUTS LARGER. RO59260 PAM SERVERS CANNOT CONNECT TO ZLINUX USING SSL The CA RS 1309 service count for this release is 15
CA LDAP 14.0 3 CA RS 1309 Service List Description Hiper 14.0 NO-SRVC CA RS 1309 Contains No Service For This Release of This Product. The CA RS 1309 service count for this release is 0
CA LDAP 4 CA RS 1309 Service List for CDT9F00 FMID Service Description Hiper CDT9F00 RO48369 WEBADMIN FILTER FIX - ACF2 RO48581 DSI ABEND : INVALID ARGUMENT RO50053 CHANGE APPROVAL ROWID GRANULARITY RO51090 LDAP MEMORY USAGE GROWS WITH ACF2 LID PROCESSING RO51463 RACF BACKEND DOESN'T RETURN ETRACPROTECTED RO53747 ENABLEVERIFY DOESN'T WORK FOR PAM LOGIN RO54479 PDS MONITOR MISSING DATA/ABEND RO54515 DSNLIST SYNTAX ERROR RO55091 FETCH FIRST ROWS IN SQL RO56806 LDP6034I ERROR OCCURS WHEN RUNNING A MONITOR REPORT RO57098 PASS TICKET PASSWORD IS BROKE AND USERS WITH A + FAIL RO57774 LDAP ABENDS WHEN RUNNING SUMMARY REPORTS IN COMPLIANCE MANAG RO58011 CANNOT MODIFY ACTION WITH NO DESCRIPTION IN COMPLIANCE MGR RO58620 SET THE DEFAULT DATACOM TIMEOUTS LARGER. RO59260 PAM SERVERS CANNOT CONNECT TO ZLINUX USING SSL The CA RS 1309 service count for this FMID is 15
CA LDAP 5 CA RS 1309 Service List for CDT9F10 FMID Service Description Hiper CDT9F10 RO60097 LDAP AND DBUSER AUTHORIZATIONS The CA RS 1309 service count for this FMID is 1
CA LDAP 15.1 6 CA RS 1309 - PTF RO60097 15.1 RO60097 RO60097 M.C.S. ENTRIES = ++PTF (RO60097) LDAP AND DBUSER AUTHORIZATIONS Customer need to configure a userid for LDAP to use when it connects to DB2 and/or Datacom. This ID needs to be set up in the security product. This APAR has the jobs to create this user as well as a DBUSER. The The CDT9LID, CDT9ACMG, CDTA9DB2, CDT9ADC create these users for ACF2 and CDT9ACID, CDT9TCMG, CDTT9DB2, CDT9TDC create them for Top Secret. Security violations will prevent ldap from coming up/working correctly until the correct authority is given to the started task id/dbuser. N/A Issue the Rules/Permissions manually to ACF2 or Top Secret. PRODUCT(S) AFFECTED: ACF2 LDAP SERVER FOR Z/OS AND OS/390 Release 15.1 LDAPDV 167 Copyright (C) 2013 CA. All rights reserved. R00014-LDP151-SP1 DESC(LDAP AND DBUSER AUTHORIZATIONS). FMID (CDT9F10) SUP ( TR60097 ) ++HOLD (RO60097) SYSTEM FMID(CDT9F10) REASON (ACTION ) DATE (13171) Product: ACF2 LDAP SERVER FOR Z/OS AND OS/390 Release: 15.1 Sequence: Purpose: Relevance: Knowledge required: Access required: Steps to Perform: SMP APPLY this APAR.
CA LDAP 15.0 7 CA RS 1309 - PTF RO48369 15.0 RO48369 RO48369 M.C.S. ENTRIES = ++PTF (RO48369) WEBADMIN FILTER FIX - ACF2 Searches from Web Admin and LDAP that contain complex filters are not resolving correctly. Any search that has a wildcard is performing as it should. Searches for intial any and final are causing an Abend searches in question are in the form of: QWERTY* *QWERTY* *QWERTY Any complex search going through the LDAP ACF2 backend will be impacted Use simple fitlers, not complex LDAPDV 130 Copyright (C) 2013 CA. All rights reserved. R00126-LDP150-SP1 DESC(WEBADMIN FILTER FIX - ACF2). SUP ( RO18728 RO25704 TR17964 TR18728 TR25258 TR25704 TR48369 TR56810 ) ++HOLD (RO48369) SYSTEM FMID(CDT9F00) REASON (ACTION ) DATE (13172) SMP/E apply and restart of LDAP required to install this APAR LINK('../back_caacf2_utf.dll')
CA LDAP 15.0 8 CA RS 1309 - PTF RO48581 15.0 RO48581 RO48581 M.C.S. ENTRIES = ++PTF (RO48581) DSI ABEND : INVALID ARGUMENT When an application continues to open connections to the DSI Server without cleaning up unused ones, the file descriptor table can become exhausted. When the 2048th connection is attempted, this exceeds the the max of 2047 and when DSI passes this handle to the LE runtime, it throws an exception. When this occurs, DSI will abend and in the console log you can see: STC01448 SECIN01I CA DSI Server R15.2012.0104 has ended daemon_task: select failed (121): EDC5121I Invalid argument. ch_free(23e9b0f8,sidaemon.c,696)... daemon_task: abnormal condition, shutdown The DSI STC will abend and shutdown. Make sure that any applications using the DSI SDK 1. Create a connection 2. Perform whatever function(s) are needed 3. Destroy the connection created in 1 Before creating a new connection. PRODUCT(S) AFFECTED: DSI SERVER FOR Z/OS AND OS/390 Release 15.0 LDAPDV 133 Copyright (C) 2013 CA. All rights reserved. R00130-LDP150-SP1 DESC(DSI ABEND : INVALID ARGUMENT). PRE ( RO19994 RO29536 RO41879 RO41901 RO45706 ) SUP ( TR48581 ) ++HOLD (RO48581) SYSTEM FMID(CDT9F00) REASON (ACTION ) DATE (13172) SMP APPLY AND RESTART OF DSI SERVER IS REQUIRED. LINK('../rmtauthz') PARM(PATHMODE(0,7,5,5),APF,PROGCTL,SHAREAS).
CA LDAP 15.0 9 CA RS 1309 - PTF RO50053 15.0 RO50053 RO50053 M.C.S. ENTRIES = ++PTF (RO50053) CHANGE APPROVAL ROWID GRANULARITY The CHGROWID field in the CHGAPPROVED table needs to be more granular that one second to ensure uniqueness of the field. Possibility exists that the CHGROWID value will not be unique. Incorrect information could be displayed if CHGROWID is not unique. None. PRODUCTS AFFECTED: CA LDAP R15 LDAPDV 140 Copyright (C) 2013 CA. All rights reserved. R00135-LDP150-SP1 DESC(CHANGE APPROVAL ROWID GRANULARITY). SUP ( TR48087 RO48087 TR49434 RO49434 RO46099 RO48652 TR32743 TR42085 TR45172 TR45433 TR45434 TR46099 TR48652 TR50053 ) ++HOLD (RO50053) SYSTEM FMID(CDT9F00) REASON (ACTION ) DATE (13162) SMP APPLY, and restart of LDAP required to install this APAR. LINK('../back_cmdc_utf.dll') LINK('../back_cmgr_utf.dll')
CA LDAP 15.0 10 CA RS 1309 - PTF RO51090 15.0 RO51090 RO51090 M.C.S. ENTRIES = ++PTF (RO51090) LDAP MEMORY USAGE GROWS WITH ACF2 LID PROCESSING When performing IdM Explore and Correlate, there is a memory leak that causes the LDAP Server memory usage to grow quickly. LDAP address space takes a lot of memory and can fill page datasets. The LDAP Server needs to be recycled. None LDAPDV 144 Copyright (C) 2013 CA. All rights reserved. R00140-LDP150-SP1 DESC(LDAP MEMORY USAGE GROWS WITH ACF2 LID PROCESSING). SUP ( RO18728 RO25704 RO48369 TR17964 TR18728 TR25258 TR25704 TR48369 TR51090 TR56810 ) ++HOLD (RO51090) SYSTEM FMID(CDT9F00) REASON (ACTION ) DATE (13172) SMP APPLY and restart the LDAP STC required to install this apar. LINK('../back_caacf2_utf.dll')
CA LDAP 15.0 11 CA RS 1309 - PTF RO51463 15.0 RO51463 RO51463 M.C.S. ENTRIES = ++PTF (RO51463) RACF BACKEND DOESN'T RETURN ETRACPROTECTED When requesting the etracprotected attribute, its not returned as part of the etracuserid object when accessing a RACF repository. There is missing information being returned by the LDAP Server without any message or failure that it occurred. This doesn't stop the LDAP Server from returning the remaining attributes and does not cause an abend. None LDAPDV 146 Copyright (C) 2013 CA. All rights reserved. R00141-LDP150-SP1 DESC(RACF BACKEND DOESN'T RETURN ETRACPROTECTED). SUP ( TR51463 ) ++HOLD (RO51463) SYSTEM FMID(CDT9F00) REASON (ACTION ) DATE (13182) SMP APPLY, and restart of LDAP required to install this APAR. LINK('../back_racf_utf.dll')
CA LDAP 15.0 12 CA RS 1309 - PTF RO53747 15.0 RO53747 RO53747 M.C.S. ENTRIES = ++PTF (RO53747) ENABLEVERIFY DOESN'T WORK FOR PAM LOGIN When a PAM login issue the authentication call to the DSI Server, DSI issues a RACROUTE VERIFYX, not VERIFY when the enableverify option is set in dsi.conf. Last used/login date/time is not updated on the user id. The user id becomes suspended due to 'no login activity' recorded by the ESM. None PRODUCT(S) AFFECTED: LDAP SERVER FOR Z/OS AND OS/390 Release 14.0 SP1 Release 15.0 LDAPDV 150 Copyright (C) 2013 CA. All rights reserved. R00145-LDP150-SP1 DESC(ENABLEVERIFY DOESN'T WORK FOR PAM LOGIN). PRE ( RO19994 RO29536 RO41879 RO41901 RO45706 ) SUP ( RO48581 TR48581 TR53747 ) ++HOLD (RO53747) SYSTEM FMID(CDT9F00) REASON (ACTION ) DATE (13178) SMP APPLY and restart the DSI STC required to install this apar. LINK('../rmtauthz') PARM(PATHMODE(0,7,5,5),APF,PROGCTL,SHAREAS).
CA LDAP 15.0 13 CA RS 1309 - PTF RO54479 15.0 RO54479 RO54479 M.C.S. ENTRIES = ++PTF (RO54479) PDS MONITOR MISSING DATA/ABEND When using CA Compliance Manager with CA Datacom there are two problems: 1. The data showing the delta from a PDS Monitor change is missing. 2. Viewing multiple PDS Monitor events via reports can result in an abend (0C4) when trying to allocate memory. In the case of the missing data, the report area showing the delta will be missing. An abend can also be possible when viewing multiple PDS Monitor reports. The user is unable to view all data in a PDS Monitor report. The other issue is an 0C4 and the LDAP server will abend. None. PRODUCTS AFFECTED: CA Compliance Manager 2.0 with CA Datacom. CA LDAP Server R15.0. LDAPDV 151 Copyright (C) 2013 CA. All rights reserved. R00146-LDP150-SP1 DESC(PDS MONITOR MISSING DATA/ABEND). PRE ( RO46099 RO48652 RO50053 ) SUP ( TR54479 ) ++HOLD (RO54479) SYSTEM FMID(CDT9F00) REASON (ACTION ) DATE (13164) SMP APPLY, and restart of LDAP required to install this APAR. LINK('../back_cmdc_utf.dll')
CA LDAP 15.0 14 CA RS 1309 - PTF RO54515 15.0 RO54515 RO54515 M.C.S. ENTRIES = ++PTF (RO54515) DSNLIST SYNTAX ERROR When a user creates a DSNLIST, an SQL Syntax error shows up on the UI along with the create success message. This is not right. When a DSNLIST is created, the code sends a search to check if the DSNLIST name exists in the database as they should be unique. That is where the error was coming from. Timeout for SQL_LOGIN in Datacom is low. When the DSNLIST is created, following error comes up on the UI along with the success message: LDP6514E Unable to compile SELECT SQL sqlite statement errcode=(1) errmsg=(near "*": syntax error CCI timeout message while LDAP Startup. User can create a DSNLIST, but may be runnign into errors when they have the same name in the database. LDAP cannot connect to database. Make sure the DSNLIST name is unique. LDAPDV 152 Copyright (C) 2013 CA. All rights reserved. R00147-LDP150-SP1 DESC(DSNLIST SYNTAX ERROR). SUP ( TR42085 TR45172 TR45433 TR45434 TR46099 TR48087 RO48087 TR49434 RO46099 RO49434 RO48652 RO50053 RO54479 TR32743 TR48652 TR50053 TR54479 TR54515 ) ++HOLD (RO54515) SYSTEM FMID(CDT9F00) REASON (ACTION ) DATE (13164) SMP APPLY, and restart of LDAP required to install this APAR. LINK('../back_cmdc_utf.dll') LINK('../back_cmgr_utf.dll')
CA LDAP 15.0 15 CA RS 1309 - PTF RO55091 15.0 RO55091 RO55091 M.C.S. ENTRIES = ++PTF (RO55091) FETCH FIRST ROWS IN SQL When there are many results in the database, Datacom times out with a rec/conv (-5049) timeout error. Even if LDAP has a limit on number of DB results to be returned, Datacom wasn't honoring the value. This will be a short term solution while we wait for Datacom to fix this. Sending a search from the UI will timeout resulting in (-5049) error. User cannot run reports in the UI. N/A LDAPDV 154 Copyright (C) 2013 CA. All rights reserved. R00148-LDP150-SP1 DESC(FETCH FIRST ROWS IN SQL). SUP ( RO46099 RO48087 RO48652 RO49434 RO50053 RO54479 RO54515 TR32743 TR42085 TR45172 TR45433 TR45434 TR46099 TR48087 TR48652 TR49434 TR50053 TR54479 TR54515 TR55091 ) ++HOLD (RO55091) SYSTEM FMID(CDT9F00) REASON (ACTION ) DATE (13170) SMP APPLY, and restart of LDAP required to install this APAR. LINK('../back_cmdc_utf.dll') LINK('../back_cmgr_utf.dll')
CA LDAP 15.0 16 CA RS 1309 - PTF RO56806 15.0 RO56806 RO56806 M.C.S. ENTRIES = ++PTF (RO56806) LDP6034I ERROR OCCURS WHEN RUNNING A MONITOR REPORT The user is getting LDP6034I errors periodically. These occur when running a Monitor Report from the Compliance Manager GUI. User selects Monitor Reports and tries to run one. An LDAP error LDP6034I error is seen. User should not be able to run these reports from the Data mart nodes so the impact is mostly confusion as to why the Monitor Report option is available. Don't run the Monitor Reports against a Data mart node. LDAPDV 157 Copyright (C) 2013 CA. All rights reserved. R00150-LDP150-SP1 DESC(LDP6034I ERROR OCCURS WHEN RUNNING A MONITOR REPORT). SUP ( RO46099 RO48087 RO48652 RO49434 RO50053 RO54479 RO54515 RO55091 TR32743 TR42085 TR45172 TR45433 TR45434 TR46099 TR48087 TR48652 TR49434 TR50053 TR54479 TR54515 TR55091 TR56806 ) ++HOLD (RO56806) SYSTEM FMID(CDT9F00) REASON (ACTION ) DATE (13170) SMP APPLY, and restart of LDAP required to install this APAR. LINK('../back_cmdc_utf.dll') LINK('../back_cmgr_utf.dll')
CA LDAP 15.0 17 CA RS 1309 - PTF RO57098 15.0 RO57098 RO57098 M.C.S. ENTRIES = ++PTF (RO57098) PASS TICKET PASSWORD IS BROKE AND USERS WITH A + FAIL When the user tries to use pass tickets to get a password to connect to the DB, it fails. This occurs when LDAP is trying to connect. This also fixes an issue where a user name with a "+" in it fails when getting event summary reports. User gets TSS7102E message Password Missing errors when trying to connect to the database via LDAP. User cannot connect to the database. Use passwords for database access via LDAP. LDAPDV 161 Copyright (C) 2013 CA. All rights reserved. R00153-LDP150-SP1 DESC(PASS TICKET PASSWORD IS BROKE AND USERS WITH A + FAIL). SUP ( RO46099 RO48087 RO48652 RO49434 RO50053 RO54479 RO54515 RO55091 RO56806 TR32743 TR42085 TR45172 TR45433 TR45434 TR46099 TR48087 TR48652 TR49434 TR50053 TR54479 TR54515 TR55091 TR56806 TR57098 ) ++HOLD (RO57098) SYSTEM FMID(CDT9F00) REASON (ACTION ) DATE (13170) Product: LDAP SERVER FOR Z/OS AND OS/390 Release: 15.0 SMP APPLY, and restart of LDAP required to install this APAR. LINK('../back_cmdc_utf.dll') LINK('../back_cmgr_utf.dll')
CA LDAP 15.0 18 CA RS 1309 - PTF RO57774 15.0 RO57774 RO57774 M.C.S. ENTRIES = ++PTF (RO57774) LDAP ABENDS WHEN RUNNING SUMMARY REPORTS IN COMPLIANCE MANAG When running a summary report from compliance manager, LDAP abends. The reason this occurred is because a table name was null and thus it failed during an assert where the table name was needed. Run a summary report from compliance manager, and LDAP will crash. User cannot run summary reports. Don't run any summary reports. PRODUCT(S) AFFECTED: LDAP SERVER FOR Z/OS AND OS/390 Release 15.1 LDAPDV 164 Copyright (C) 2013 CA. All rights reserved. R00155-LDP150-SP1 DESC(LDAP ABENDS WHEN RUNNING SUMMARY REPORTS IN COMPLIANCE MANAG). SUP ( RO46099 RO48087 RO48652 RO49434 RO50053 RO54479 RO54515 RO55091 RO56806 RO57098 TR32743 TR42085 TR45172 TR45433 TR45434 TR46099 TR48087 TR48652 TR49434 TR50053 TR54479 TR54515 TR55091 TR56806 TR57098 TR57774 ) ++HOLD (RO57774) SYSTEM FMID(CDT9F00) REASON (ACTION ) DATE (13170) SMP APPLY, and restart of LDAP required to install this APAR. LINK('../back_cmdc_utf.dll') LINK('../back_cmgr_utf.dll')
CA LDAP 15.0 19 CA RS 1309 - PTF RO58011 15.0 RO58011 RO58011 M.C.S. ENTRIES = ++PTF (RO58011) CANNOT MODIFY ACTION WITH NO DESCRIPTION IN COMPLIANCE MGR When a user selects the Modify an Action option in Compliance Manager, actions that have no description cannot be selected for modification. Select the Modify an Action from the Compliance Manager. Note you can't select any action that doesn't have a description. User cannot modify the action. Delete the action and create a new one with a description. In the future, all new actions will require a description. PRODUCT(S) AFFECTED: LDAP SERVER FOR Z/OS AND OS/390 Release 15.1 LDAPDV 165 Copyright (C) 2013 CA. All rights reserved. R00156-LDP150-SP1 DESC(CANNOT MODIFY ACTION WITH NO DESCRIPTION IN COMPLIANCE MGR). SUP ( RO46099 RO48087 RO48652 RO49434 RO50053 RO54479 RO54515 RO55091 RO56806 RO57098 RO57774 TR32743 TR42085 TR45172 TR45433 TR45434 TR46099 TR48087 TR48652 TR49434 TR50053 TR54479 TR54515 TR55091 TR56806 TR57098 TR57774 TR58011 ) ++HOLD (RO58011) SYSTEM FMID(CDT9F00) REASON (ACTION ) DATE (13170) SMP APPLY, and restart of LDAP required to install this APAR. LINK('../back_cmdc_utf.dll') LINK('../back_cmgr_utf.dll')
CA LDAP 15.0 20 CA RS 1309 - PTF RO58620 15.0 RO58620 RO58620 M.C.S. ENTRIES = ++PTF (RO58620) SET THE DEFAULT DATACOM TIMEOUTS LARGER. When a timeout occurs talking to the Datacom DB, the connection gets closed and LDAP can no longer communicate with Datacom. CA Top Secret results in LDP6022E a few seconds after initiating the search. LDP6034I UNABLE TO COMPLETE DATABASE OPERATION, CA ODBC 391 CA-Datacom/DB Driver CA-DATACOM/DB MAINFRAME SERVER ERROR: NO CONNECTION HANDLE (-5074) Run a report with a lot of data records. You may get: SERVER ERROR: NO CONNECTION HANDLE User cannot talk to Datacom. Set timeouts in configuration file large enough so the timeout does not occur, or limit the number of records returned in one request. PRODUCT(S) AFFECTED: LDAP SERVER FOR Z/OS AND OS/390 Release 15.1 LDAPDV 169 Copyright (C) 2013 CA. All rights reserved. R00157-LDP150-SP1 DESC(SET THE DEFAULT DATACOM TIMEOUTS LARGER.). SUP ( RO46099 RO48087 RO48652 RO49434 RO50053 RO54479 RO54515 RO55091 RO56806 RO57098 RO57774 RO58011 TR32743 TR42085 TR45172 TR45433 TR45434 TR46099 TR48087 TR48652 TR49434 TR50053 TR54479 TR54515 TR55091 TR56806 TR57098 TR57774 TR58011 TR58620 ) ++HOLD (RO58620) SYSTEM FMID(CDT9F00) REASON (ACTION ) DATE (13178) SMP APPLY, and restart of LDAP required to install this APAR. LINK('../back_cmdc_utf.dll') LINK('../back_cmgr_utf.dll')
CA LDAP 15.0 21 CA RS 1309 - PTF RO59260 15.0 RO59260 RO59260 M.C.S. ENTRIES = ++PTF (RO59260) PAM SERVERS CANNOT CONNECT TO ZLINUX USING SSL PAM Servers cannot connect to ZLinux machines. This uses DSI for communication. PAM servers get connection errors. The following messages are shown in the PAM logs: rmtauthzý196996 : sock_starttls: can't populate the ssl connection. rmtauthzý196996 : ==> Handle is in the incorrect state PAM Servers can not communicate to the ZLinux machines. NA PRODUCT(S) AFFECTED: LDAP SERVER FOR Z/OS AND OS/390 Release 15.1 LDAPDV 173 Copyright (C) 2013 CA. All rights reserved. R00159-LDP150-SP1 DESC(PAM SERVERS CANNOT CONNECT TO ZLINUX USING SSL). PRE ( RO19994 RO29536 RO41879 RO41901 RO45706 ) SUP ( RO48581 RO53747 TR48581 TR53747 TR59260 ) ++HOLD (RO59260) SYSTEM FMID(CDT9F00) REASON (ACTION ) DATE (13178) SMP APPLY, and restart of DSI required to install this APAR. LINK('../rmtauthz') PARM(PATHMODE(0,7,5,5),APF,PROGCTL,SHAREAS).