Update the IBM Security Directory Server configuration for IBMLDAP_ATTR_INCLUDE_BINARY to FALSE
After installing specific fixes for IBM Security Directory Server, the default IBM Security Directory Server configuration parameter IBMLDAP_ATTR_INCLUDE_BINARY might change to TRUE. This parameter change results in problems with LDAP adapter reconciliation or a lack of data for the Individual Accounts by Role associated with a provisioning policy report.
By installing certain fixes that address APARS on certain versions of Directory Server, these fixes change the default value for the IBMLDAP_ATTR_INCLUDE_BINARY configuration parameter from FALSE to TRUE:
IBMLDAP_ATTR_INCLUDE_BINARY=TRUEThis issue occurs with the following APARs and Directory Server versions:
- IO20253 in Version 6.1.0.59
- IO20254 in Version 6.2.0.34
- IO19599 in Version 6.3.0.26
- IO21537 in Version 6.3.1.5
See https://www.ibm.com/support/pages/node/544007.
- Change ISIM Directory Server or target Directory Server configuration, by editing the directory server ibmslapd.conf file.
Under the cn=Front End, cn=Configuration entry.
Specify the following configuration.
ibm-slapdSetenv: IBMLDAP_ATTR_INCLUDE_BINARY=FALSERestart the IBM Security Directory Server for changes to take effect.
- Upgrade IBM Security Directory Server to the following version, where the behavior is no longer the default setting.
- IO23920 in Version 6.4.0.5
If there were issues before, we can attempt to reconcile or synchronize data between IBM Security Identity Manager with IBM Security Directory Server again.
Parent topic: IBM Security Directory Server configuration
Related
Related tasks