x

• Enhancements to iWay Adapter to support z/OS operating system. (51982506)

x

The iWay Adapter for RDBMS now supports the following features:

• Reference Cursor in Functions for Oracle Packages. (42702030)
• CLOB datatype when calling a Stored Procedure in the Oracle database. (50122507)
• Support for Progress Database.

x

Unless LDAP information is sent through Secure Sockets (SSL), all information including user and passwords, is sent in clear text using the channels configured in your service or event configuration.

x

• The LdapEntry element is the base element, which represents the LDAP request element.
• The Parent node is mandatory and is used to determine the LDAP search context.
• The LdapAttributes node is used to filter what attributes are requested for output in the result document.
• The LdapCondition node is used to specify the criteria for a method.
• Common Name is the only filter attribute that is available for events.
• Cluster and distributed LDAP nodes are not supported.

Sample LDAP operation documents can be found in the iWay Application Protocol Adapter for LDAP User's Guide. (DN3501963.0909)

x

For a list of LDAP operational error codes, refer to the following Web site:

http://wikis.sun.com/display/SunJavaSystem/LDAP+Error+Codes

x

When using LDAP as the user registry, the set of valid characters allowed within a user or group name is determined by the following Internet Engineering Task Force (IETF) Request for Comments (RFC):

• 2253 "Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names"
• 2254 "The String Representation of LDAP Search Filters"

The specific LDAP server can also dictate the validity of these characters.

In general, you can use special characters within a Distinguished Name. However, certain special characters require an additional escape character. The following special characters must be escaped when used in a Distinguished Name:

• + (plus)
• \ (backslash)
• ; (semicolon)
• , (comma)

x

For a list of Active Directory error codes, refer to the following Web site:

http://support.microsoft.com/kb/218185

x

This section lists Active Directory bind error codes.

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 525, v893 HEX: 0x525 - user not found DEC: 1317 - ERROR_NO_SUCH_USER (The specified account does not exist.) NOTE: Returns when username is invalid.

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 52e, v893 HEX: 0x52e - invalid credentials DEC: 1326 - ERROR_LOGON_FAILURE (Logon failure: unknown user name or bad password.) NOTE: Returns when username is valid but password/credential is invalid. Will prevent most other errors from being displayed as noted.

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 530, v893 HEX: 0x530 - not permitted to logon at this time DEC: 1328 - ERROR_INVALID_LOGON_HOURS (Logon failure: account logon time restriction violation.) NOTE: Returns only when presented with valid username and password/credential.

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 531, v893 HEX: 0x531 - not permitted to logon from this workstation DEC: 1329 - ERROR_INVALID_WORKSTATION (Logon failure: user not allowed to log on to this computer.) LDAP[userWorkstations: <multivalued list of workstation names>] NOTE: Returns only when presented with valid username and password/credential.

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 532, v893 HEX: 0x532 - password expired DEC: 1330 - ERROR_PASSWORD_EXPIRED (Logon failure: the specified account password has expired.) LDAP[userAccountControl: <bitmask=0x00800000>] - PASSWORDEXPIRED NOTE: Returns only when presented with valid username and password/credential.

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 533, v893 HEX: 0x533 - account disabled DEC: 1331 - ERROR_ACCOUNT_DISABLED (Logon failure: account currently disabled.) LDAP[userAccountControl: <bitmask=0x00000002>] - ACCOUNTDISABLE NOTE: Returns only when presented with valid username and password/credential.

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 701, v893 HEX: 0x701 - account expired DEC: 1793 - ERROR_ACCOUNT_EXPIRED (The user's account has expired.) LDAP[accountExpires: <value of -1, 0, or extemely large value indicates account will not expire>] - ACCOUNTEXPIRED NOTE: Returns only when presented with valid username and password/credential.

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 773, v893 HEX: 0x773 - user must reset password DEC: 1907 - ERROR_PASSWORD_MUST_CHANGE (The user's password must be changed before logging on the first time.) LDAP[pwdLastSet: <value of 0 indicates admin-required password change>] - MUST_CHANGE_PASSWD NOTE: Returns only when presented with valid username and password/credential.

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 775, v893 HEX: 0x775 - account locked out DEC: 1909 - ERROR_ACCOUNT_LOCKED_OUT (The referenced account is currently locked out and may not be logged on to.) LDAP[userAccountControl: <bitmask=0x00000010>] - LOCKOUT NOTE: Returns even if invalid password is presented.