I just installed Compliance Event Manager, when logging into the User Interface I am getting message 'Invalid DN Syntax Invalid DN' or 'ETLDP40I no matching suffix found', what is the cause of these errors?

Document ID : KB000013136
Last Modified Date : 14/02/2018
Show Technical Document Details
Question:

I just installed Compliance Event Manager, when logging into the User Interface I am getting message 'Invalid DN Syntax Invalid DN' or 'ETLDP40I no matching suffix found', what is the cause of these errors?

Answer:

The most likely cause of the errors are invalid or wrong LDAP Port number or host suffix.

Verify that the port and suffix values in the CUSTOM.CFGLIB library members CEMECFGX and CEMESLPC match and are valid.

The CEMECFGX in the CUSTOM.CFGLIB library contains references to port and host suffix:

<port>@LDAP_PORT@</port>
<ldapsuffix>host=@SYSNAME@_wh,c=us</ldapsuffix>
<ldapsuffix>host=@SYSNAME@_dm,c=us</ldapsuffix>  

The CEMESLPC in the CUSTOM.CFGLIB library contains references to port and host suffix:

hosturls ldap://:@LDAP_PORT@  
suffix             "host=@SYSNAME@_wh,c=us"
suffix             "host=@SYSNAME@_dm,c=us"

The port and host suffix values are specified in the Compliance Event Manager CONFIG.DATA file as LDAP_PORT and SYSNAME values:

//*                                                              
//*    Name = SYSNAME                                            
//*    Desc = LPAR Name where the security products will execute.
//*           This is the value of the &SYSNAME symbolic which  
//*           is set by the 'SYSNAME=' statement in IEASYSxx.    
//*                                                              
//*    maxLength = 8                                            
//*                                                              
// SET SYSNAME='xxxxx' 

//*                                                                
//*    Name = LDAP_PORT                                            
//*    Desc = Port number that the LDAP Server will be listening on.
//*           Use TSO command 'NETSTAT PORTLIST' to find out what  
//*           ports are in use.                                    
//*                                                                
// SET LDAP_PORT='nnn' 

The port and host suffix values can be updated/corrected by following the steps below.

  1. Edit CONFIG.DATA file, update LDAP_PORT and SYSNAME values
  2. Run the CEMCCONF job in ceme_hlq.ceme_mlq.SAMPJCL, which creates the custom libraries.
  3. Run J01160SP job in the CUSTOM.JOBLIB library 'SETUP THE USS FILES'. This Job is rerunnable. If it is run multiple times,  the ELINK step will get a RC=256 because the link already exists, this is acceptable.