• Please help support our sponsors by considering their products and services.
    Our sponsors enable us to serve you with this high-speed Internet connection and fast webservers you are currently using at ADSM.ORG.
    They support this free flow of information and knowledge exchange service at no cost to you.

    Please welcome our latest sponsor Tectrade . We can show our appreciation by learning more about Tectrade Solutions
  • Community Tip: Please Give Thanks to Those Sharing Their Knowledge.

    If you receive helpful answer on this forum, please show thanks to the poster by clicking "LIKE" link for the answer that you found helpful.

  • Community Tip: Forum Rules (PLEASE CLICK HERE TO READ BEFORE POSTING)

    Click the link above to access ADSM.ORG Acceptable Use Policy and forum rules which should be observed when using this website. Violators may be banned from this website. This notice will disappear after you have made at least 3 posts.

LDAP integration and OC

DanGiles

ADSM.ORG Senior Member
#1
TSM 8.1.1.0 on RHEL 6.9
2 TSM servers: TSMSRV1 has the OC installed; TSMSRV2 is a hub server.
I now have both server set up for LDAP integration. I updated the admin: upd admin admin_name auth=ldap, then "notify subscriber". I can issue commands to tsmsrv1, but on tsmsrv2 I get
TSMSRV2> q process
ANR0454E Session rejected by server TSMBUR1, reason: 31 - SSL Required.
Return code 1006.

I suspect it has to do with server-to-server communications. So I want data transfer between the two servers NOT to use SSL as I suspect that would have a negative impact on replication, but I suppose that admin communications needs to be SSL. Exactly what do I set?

Relevant options are as follows:
AdminOnClientPort Yes NORETRIEVEDATE No
LDAP URL ldap://xxx/ou=xx,dc=xx,dc=xx
RunOrphanCleanup No SSLDisableLegacyTLS No
SSLHideLegacyTLS No SSLInitTimeout 2
TCPPort 1500 TcpAdminport 1500
SANdiscovery Off SSLTCPPort 1542
SSLTCPADMINPort 1543 SSLTLS12 Yes
SSLFIPSMODE No

tsm: TSMSRV1>q server tsmsrv2
Server Comm. High-level Low-level Days Server Virtual Allow
Name Method Address Address Since Password Volume Replacement
Last Set Password
Access Set
-------- ------ ------------- --------- ------ ---------- ---------- -----------
TSMBUR1 TCPIP xxx.yyy.com 1500 <1 Yes Yes No

tsm: TSMSRV2> q server tsmsrv1
Server Comm. High-level Low-level Days Server Virtual Allow
Name Method Address Address Since Password Volume Replacement
Last Set Password
Access Set
-------- ------ ------------- --------- ------ ---------- ---------- -----------
TSMTRV1 TCPIP www.yyy.com 1500 <1 Yes Yes No
 

DanGiles

ADSM.ORG Senior Member
#2
The servers have to be set to use the SSL port.
So the question I have always had on this is: does that mean that node replication and protect stgpool go through SSL encryption? If so, what kind of resource/performance hit would I expect?
 

Advertise at ADSM.ORG

If you are reading this, so are your potential customer. Advertise at ADSM.ORG right now.

UpCloud high performance VPS at $5/month

Get started with $25 in credits on Cloud Servers. You must use link below to receive the credit. Use the promo to get upto 5 month of FREE Linux VPS.

The Spectrum Protect TLA (Three-Letter Acronym): ISP or something else?

  • Every product needs a TLA, Let's call it ISP (IBM Spectrum Protect).

    Votes: 7 23.3%
  • Keep using TSM for Spectrum Protect.

    Votes: 16 53.3%
  • Let's be formal and just say Spectrum Protect

    Votes: 4 13.3%
  • Other (please comement)

    Votes: 3 10.0%

Forum statistics

Threads
30,888
Messages
131,415
Members
21,194
Latest member
jamesmacd40