|
Problem IC80417
|
Status: Closed |
TRANSPARENT LDAP WITH VAS ON AIX, GETGRSET MAY RETURN A GROUP ID THAT GETGRID FAILS TO RETRIEVE FULL GROUP INFORMATION FOR |
| product: |
DB2 FOR LUW / DB2FORLUW / 970 - DB2 |
| Problem description: |
DB2 Transparent LDAP on AIX makes use of the operating system
functions 'getgrset' and 'getgrid' to gather a DB2 user's group
membership information. 'getgrset' will return a list of group
IDs to which a user belongs. 'getgrid' will return the full
group information, such as the group name. The group information
is used by DB2 to determine the user's database privileges.
When the functions 'getgrset' and 'getgrid' fail, DB2 may not be
able to obtain the full group membership and as a consequence,
DB2 may not recognize the database privileges the User has been
granted via group membership.
With LAM customers can install third party modules, like the
ones provided by VAS, that allow customizing of the behaviour of
the functions 'getgrset' and 'getgrid'. When the VAS LAM is
installed, the 'getgrset' function may return a group ID which
the 'getgrid' function will fail to retrieve the full group
information for.
DB2 was never officially tested with VAS LAM and hence can not
claim support. However, in the interest of our customers, we
will be adding code to workaround the problem described in this
APAR. |
| Problem Summary: |
****************************************************************
* USERS AFFECTED: *
* DB2 Transparent LDAP Users *
****************************************************************
* PROBLEM DESCRIPTION: *
* DB2 Transparent LDAP on AIX makes use of the operating *
* system *
* functions getgrset and getgrid to gather a DB2 user's group *
* membership information. getgrset will return a list of *
* group *
* IDs to which a user belongs to. getgrid will return the *
* full *
* group information, such as the group name, given the group *
* ID. *
* The group information is used by DB2 to determine the user's *
* database privileges. When the functions getgrset and *
* getgrid *
* fail, DB2 may not be able to obtain the full group *
* membership *
* and as a consequence, DB2 users will lose database *
* privileges *
* to which they have been granted. *
* *
* With LAM, customers can install third party modules, like *
* the *
* ones provided by VAS, that allow customizing the behaviour *
* of *
* the functions getgrset and getgrid. When the VAS LAM is *
* installed, the getgrset function may return a group ID which *
* the *
* getgrid function will fail to retrieve the full group *
* information for. *
* *
* DB2 was never officially tested with VAS LAM and hence can *
* not *
* claim support. However, in the interest of our customers, *
* we *
* will be adding code to workaround the problem described in *
* this *
* APAR. *
****************************************************************
* RECOMMENDATION: *
* Upgrade to DB2 V9.7 FP6 *
**************************************************************** |
| Local Fix: |
|
| available fix packs: |
DB2 Version 9.7 Fix Pack 6 for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 7 for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 8 for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 9 for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 9a for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 10 for Linux, UNIX, and Windows
|
| Solution |
Problem First Fixed in DB2 Version 9.7 Fix Pack 6 |
| Workaround |
not known / see Local fix |
| BUG-Tracking |
forerunner : APAR is sysrouted TO one or more of the following: IC84268 IC88082
follow-up : |
| Timestamps |
Date - problem reported :
Date - problem closed :
Date - last modified :
| 14.12.2011
11.07.2012
11.07.2012 |
| Problem solved at the following versions (IBM BugInfos) |
9.7.FP6
|
| Problem solved according to the fixlist(s) of the following version(s) |
| 9.7.0.6
|
 |
