1. Please help support our sponsors by considering their products and services.
    Our sponsors enable us to maintain high-speed Internet connection and fast webservers.
    They support this free information and knowledge exchange forum service at no cost to you.

    Please welcome our latest sponsor Tectrade . We can show our appreciation by learning more about Tectrade Solutions

LDAP integration and OC

Discussion in 'TSM Server' started by DanGiles, Jun 27, 2017.

  1. DanGiles

    DanGiles ADSM.ORG Senior Member

    Joined:
    Oct 25, 2002
    Messages:
    611
    Likes Received:
    15
    Occupation:
    Sr. Storage Admin
    Location:
    Toronto, Ont. Canada
    TSM 8.1.1.0 on RHEL 6.9
    2 TSM servers: TSMSRV1 has the OC installed; TSMSRV2 is a hub server.
    I now have both server set up for LDAP integration. I updated the admin: upd admin admin_name auth=ldap, then "notify subscriber". I can issue commands to tsmsrv1, but on tsmsrv2 I get
    TSMSRV2> q process
    ANR0454E Session rejected by server TSMBUR1, reason: 31 - SSL Required.
    Return code 1006.

    I suspect it has to do with server-to-server communications. So I want data transfer between the two servers NOT to use SSL as I suspect that would have a negative impact on replication, but I suppose that admin communications needs to be SSL. Exactly what do I set?

    Relevant options are as follows:
    AdminOnClientPort Yes NORETRIEVEDATE No
    LDAP URL ldap://xxx/ou=xx,dc=xx,dc=xx
    RunOrphanCleanup No SSLDisableLegacyTLS No
    SSLHideLegacyTLS No SSLInitTimeout 2
    TCPPort 1500 TcpAdminport 1500
    SANdiscovery Off SSLTCPPort 1542
    SSLTCPADMINPort 1543 SSLTLS12 Yes
    SSLFIPSMODE No

    tsm: TSMSRV1>q server tsmsrv2
    Server Comm. High-level Low-level Days Server Virtual Allow
    Name Method Address Address Since Password Volume Replacement
    Last Set Password
    Access Set
    -------- ------ ------------- --------- ------ ---------- ---------- -----------
    TSMBUR1 TCPIP xxx.yyy.com 1500 <1 Yes Yes No

    tsm: TSMSRV2> q server tsmsrv1
    Server Comm. High-level Low-level Days Server Virtual Allow
    Name Method Address Address Since Password Volume Replacement
    Last Set Password
    Access Set
    -------- ------ ------------- --------- ------ ---------- ---------- -----------
    TSMTRV1 TCPIP www.yyy.com 1500 <1 Yes Yes No
     
  2.  
  3. DanGiles

    DanGiles ADSM.ORG Senior Member

    Joined:
    Oct 25, 2002
    Messages:
    611
    Likes Received:
    15
    Occupation:
    Sr. Storage Admin
    Location:
    Toronto, Ont. Canada
    The servers have to be set to use the SSL port.
    So the question I have always had on this is: does that mean that node replication and protect stgpool go through SSL encryption? If so, what kind of resource/performance hit would I expect?
     

Share This Page