LDP0350E Initial connection to bstnjes:390 failed When Starting LDAP

Document ID : KB000123054
Last Modified Date : 14/12/2018
Show Technical Document Details
Question:
When LDAP starts, the following error is received:

LDP0350E Initial connection to node:390 failed 

What could cause this?
Answer:
LDAP does not need DSI up and running if it is running on single LPAR. We recommend commenting out the siParms line unless you are trying to communicate to a remote LPAR.
 
CA LDAP Server uses z/OS callable services to interact with the External Security Manager (ESM). Callable services are not route-able, so LDAP can only talk directly to a local ESM.
 
When trying to access the ESM database, setup of LDAP will be determined by the ESM setup.
 
For example, if you share a security db between 3 LPARs in a Plex, then LDAP only needs to be setup on 1 LPAR
 
If you do not share a security db between the 3 LPARs in a Plex, then you have 2 setup options. You can install/run LDAP on each LPAR and the application connects and uses the appropriate LDAP interface *or* you can setup LDAP on 1 LPAR and configure it to access a 'remote' security db using the provided CA DSI Server. This server would be setup on remote LPARs only, it is not setup/used for local security DB access.
 
Pro - 1 LDAP Server for the app to connect to for all data
Con - 1 LDAP Server means single point of failure
 
Single point of failure can be addressed with 2 LDAP Servers on 2 different LPARs providing a primary/secondary server and using load balancing hardware/software send traffic as appropriate. This needs 2 LDAP Servers and a DSI Server on each LPAR setup
 
Pro - 1 IP/port for the app to connect to for all data as load balancing sends to active server, no single point of failure
Con - More complex setup/config for sys prog
 
No matter the option selected, 1 or 2, the TCPIP traffic from LDAP to DSI within a plex is performed in cross memory mode by the IBM TCP/IP stack, so it never is on the network. Not only does this perform better, it makes the SSL overhead (administration and encrypt/decrypt of data packets) just that, overhead.