1. Community Tip: Please Give Thanks to Those Sharing Their Knowledge.
    If you receive helpful answer on this forum, please show thanks to the poster by clicking "LIKE" link for the answer that you found helpful.
  2. Community Tip: Forum Rules (PLEASE CLICK HERE TO READ BEFORE POSTING)
    Click the link above to access ADSM.ORG Acceptable Use Policy and forum rules which should be observed when using this website. Violators may be banned from this website. This notice will disappear after you have made at least 3 posts.

LDAP integration and OC

Discussion in 'TSM Server' started by DanGiles, Jun 27, 2017.

  1. DanGiles

    DanGiles ADSM.ORG Senior Member

    Joined:
    Oct 25, 2002
    Messages:
    611
    Likes Received:
    15
    Occupation:
    Sr. Storage Admin
    Location:
    Toronto, Ont. Canada
    TSM 8.1.1.0 on RHEL 6.9
    2 TSM servers: TSMSRV1 has the OC installed; TSMSRV2 is a hub server.
    I now have both server set up for LDAP integration. I updated the admin: upd admin admin_name auth=ldap, then "notify subscriber". I can issue commands to tsmsrv1, but on tsmsrv2 I get
    TSMSRV2> q process
    ANR0454E Session rejected by server TSMBUR1, reason: 31 - SSL Required.
    Return code 1006.

    I suspect it has to do with server-to-server communications. So I want data transfer between the two servers NOT to use SSL as I suspect that would have a negative impact on replication, but I suppose that admin communications needs to be SSL. Exactly what do I set?

    Relevant options are as follows:
    AdminOnClientPort Yes NORETRIEVEDATE No
    LDAP URL ldap://xxx/ou=xx,dc=xx,dc=xx
    RunOrphanCleanup No SSLDisableLegacyTLS No
    SSLHideLegacyTLS No SSLInitTimeout 2
    TCPPort 1500 TcpAdminport 1500
    SANdiscovery Off SSLTCPPort 1542
    SSLTCPADMINPort 1543 SSLTLS12 Yes
    SSLFIPSMODE No

    tsm: TSMSRV1>q server tsmsrv2
    Server Comm. High-level Low-level Days Server Virtual Allow
    Name Method Address Address Since Password Volume Replacement
    Last Set Password
    Access Set
    -------- ------ ------------- --------- ------ ---------- ---------- -----------
    TSMBUR1 TCPIP xxx.yyy.com 1500 <1 Yes Yes No

    tsm: TSMSRV2> q server tsmsrv1
    Server Comm. High-level Low-level Days Server Virtual Allow
    Name Method Address Address Since Password Volume Replacement
    Last Set Password
    Access Set
    -------- ------ ------------- --------- ------ ---------- ---------- -----------
    TSMTRV1 TCPIP www.yyy.com 1500 <1 Yes Yes No
     
  2.  
  3. DanGiles

    DanGiles ADSM.ORG Senior Member

    Joined:
    Oct 25, 2002
    Messages:
    611
    Likes Received:
    15
    Occupation:
    Sr. Storage Admin
    Location:
    Toronto, Ont. Canada
    The servers have to be set to use the SSL port.
    So the question I have always had on this is: does that mean that node replication and protect stgpool go through SSL encryption? If so, what kind of resource/performance hit would I expect?
     

Share This Page