|
Problem IC84268
|
Status: Closed |
TRANSPARENT LDAP WITH VAS ON AIX, GETGRSET MAY RETURN A GROUP ID THAT GETGRID FAILS TO RETRIEVE FULL GROUP INFORMATION FOR |
| product: |
DB2 FOR LUW / DB2FORLUW / A10 - DB2 |
| Problem description: |
DB2 Transparent LDAP on AIX makes use of the operating system
functions getgrset and getgrid to gather a DB2 user's group
membership information. getgrset will return a list of group
IDs to which a user belongs to. getgrid will return the full
group information, such as the group name, given the group ID.
The group information is used by DB2 to determine the user's
database privileges. When the functions getgrset and getgrid
fail, DB2 may not be able to obtain the full group membership
and as a consequence, DB2 users will lose database privileges
to which they have been granted.
With LAM, customers can install third party modules, like the
ones provided by VAS, that allow customizing the behaviour of
the functions getgrset and getgrid. When the VAS LAM is
installed, the getgrset function may return a group ID which the
getgrid function will fail to retrieve the full group
information for.
DB2 was never officially tested with VAS LAM and hence can not
claim support. However, in the interest of our customers, we
will be adding code to workaround the problem described in this
APAR. |
| Problem Summary: |
****************************************************************
* USERS AFFECTED: *
* DB2 Transparent LDAP Users *
****************************************************************
* PROBLEM DESCRIPTION: *
* DB2 Transparent LDAP on AIX makes use of the operating *
* system *
* functions getgrset and getgrid to gather a DB2 user's group *
* membership information. getgrset will return a list of *
* group *
* IDs to which a user belongs to. getgrid will return the *
* full *
* group information, such as the group name, given the group *
* ID. *
* The group information is used by DB2 to determine the user's *
* database privileges. When the functions getgrset and *
* getgrid *
* fail, DB2 may not be able to obtain the full group *
* membership *
* and as a consequence, DB2 users will lose database *
* privileges *
* to which they have been granted. *
* *
* With LAM, customers can install third party modules, like *
* the *
* ones provided by VAS, that allow customizing the behaviour *
* of *
* the functions getgrset and getgrid. When the VAS LAM is *
* installed, the getgrset function may return a group ID which *
* the *
* getgrid function will fail to retrieve the full group *
* information for. *
* *
* DB2 was never officially tested with VAS LAM and hence can *
* not *
* claim support. However, in the interest of our customers, *
* we *
* will be adding code to workaround the problem described in *
* this *
* APAR. *
****************************************************************
* RECOMMENDATION: *
* Upgrade to DB2 Version V10.1 Fix Pack 1 *
**************************************************************** |
| Local Fix: |
|
| available fix packs: |
DB2 Version 10.1 Fix Pack 1 for Linux, UNIX, and Windows
DB2 Version 10.1 Fix Pack 2 for Linux, UNIX, and Windows
DB2 Version 10.1 Fix Pack 3 for Linux, UNIX, and Windows
DB2 Version 10.1 Fix Pack 4 for Linux, UNIX, and Windows
DB2 Version 10.1 Fix Pack 3a for Linux, UNIX, and Windows
DB2 Version 10.1 Fix Pack 6 for Linux, UNIX, and Windows
|
| Solution |
Problem First Fixed in DB2 Version V10.1 Fix Pack 1 |
| Workaround |
not known / see Local fix |
| Timestamps |
Date - problem reported :
Date - problem closed :
Date - last modified :
| 13.06.2012
01.11.2012
01.11.2012 |
| Problem solved at the following versions (IBM BugInfos) |
|
| Problem solved according to the fixlist(s) of the following version(s) |
| 10.1.0.1
|
 |
| 10.5.0.1
|
|
