authentication system definition

Document ID : KB000074031
Last Modified Date : 11/06/2018
Show Technical Document Details
Question:
If 'server url' is modified does DSERIES require a restart ?
If so, application only ? or agents as well ?
What log captures the signon process ?
Are the LDAP url details displayed ? 
Answer:
Anytime you make a configuration change to the LDAP definition in dSeries, you are required to recycle the dSeries application in order for those changes to take effect. The agents are independent of this process and do not require a restart. The tracelog will capture signon attempts with the following messages:

20180316 12:20:25.834 [ldap] [INFO] WSS_cmd_executor_2: [2018-03-16_12:20:25.834] This user 'XXXXXXX' is part of directory CN=XXXXXXX,OU=USERS,OU=NORTH AMERICA,DC=CA,DC=COM
20180316 12:20:25.843 [ldap] [DEBUG] WSS_cmd_executor_2: [2018-03-16_12:20:25.843] User XXXXXXX successfully authenticated against LDAP server: LdapServerConfiguration[configurationName=CALDAP, url=ldap://ldapserver:389, adminId=CN=XXXXXXX,OU=Users,OU=North America,DC=ca,DC=com, SSLEnabled=false, index=1]


LDAP url details are not displayed with every restart of the dSeries product. You can increase logging to see this information at product restart if you like. The default logging profile for LDAP is set to INFO. You can toggle this to ALL within the Desktop Client under the Admin perspective by navigating to the Topology item and right clicking on the server. Here you can click on Configure Logging. Locate LDAP in the listing and change the threshold to your choosing.