Change Directory Server Attributes (QgldChgDirSvrA)


  Required Parameter Group:

1 Input data Input Char(*)
2 Length of input data Input Binary(4)
3 Format name Input Char(8)
4 Error code I/O Char(*)

  Default Public Authority: *USE

  Library Name/Service Program: QSYS/QGLDUAPI

  Threadsafe: No

The Change Directory Server Attributes (QgldChgDirSvrA) API changes the directory server configuration. It can be used to change the following server properties:


Authorities and Locks

*ALLOBJ and *IOSYSCFG special authority is required to use this API with formats CSVR0100, CSVR0200, CSVR0300, CSVR0400, CSVR0500, CSVR0600, CSVR0800, or CSVR0900. *AUDIT special authority is required to use this API with format CSVR0700.


Required Parameter Group

Input data
INPUT; CHAR(*)

A variable that contains the input data. See Format of Input Data for a description of the data associated with a specific format name.

Length of input data
INPUT; BINARY(4)

The length of the input data area.

Format name
INPUT; CHAR(8)

The format name identifying the type of information to be changed. The possible format names follow:

CSVR0100 Basic server configuration
CSVR0200 Add or remove suffixes from this server
CSVR0300 Add, change, or remove directory indexing rules
CSVR0400 Add or change the attributes for publishing users in an LDAP directory.
CSVR0500 Add or change the network server publishing attributes associated with the LDAP server.
CSVR0600 Add or change referral server information
CSVR0700 Server auditing information
CSVR0800 IP address information
CSVR0900 Server administration information

See Format of Input Data for a description of these formats.

Error code
I/O; CHAR(*)

The structure in which to return error information. For the format of the structure, see Error Code Parameter.


Format of Input Data

For details about the format of the input data, see the following sections. For details about the fields in each format, see Field Descriptions.


CSVR0100 Format

This format is used to change basic server configuration information.

Offset Type Field
Dec Hex
0 0 BINARY(4) Read only
4 4 BINARY(4) Server is replica
8 8 BINARY(4) Security
12 C BINARY(4) Nonencrypted port number
16 10 BINARY(4) Encrypted port number
20 14 BINARY(4) Current cipher protocols
24 18 BINARY(4) Search time limit
28 1C BINARY(4) Search size limit
32 20 BINARY(4) Maximum connections
36 24 BINARY(4) Reserved
40 28 BINARY(4) Referral port
44 2C BINARY(4) Password format
48 30 BINARY(4) Offset to referral server
52 34 BINARY(4) Length of referral server
56 38 BINARY(4) Offset to administrator DN
60 3C BINARY(4) Length of administrator DN
64 40 BINARY(4) Offset to administrator password
68 48 BINARY(4) Length of administrator password
72 48 BINARY(4) Offset to update DN
76 4C BINARY(4) Length of update DN
80 50 BINARY(4) Offset to update password
84 54 BINARY(4) Length of update password
88 58 BINARY(4) Offset to key ring file
92 5C BINARY(4) Length of key ring file
96 60 BINARY(4) Offset to database path
100 64 BINARY(4) Length of database path
104 64 BINARY(4) Level indicator
Additional fields if level indicator is equal to 1 or greater:
108 68 BINARY(4) SSL authentication method
112 70 BINARY(4) Number of database connections
116 74 BINARY(4) Schema checking level
120 78 BINARY(4) Offset to master server URL
124 7C BINARY(4) Length of master server URL
128 80 BINARY(4) Change log indicator
132 84 BINARY(4) Maximum number of change log entries
136 88 BINARY(4) Terminate idle connections
140 8C BINARY(4) Reserved
Additional fields if level indicator is equal to 2 or greater:
144 90 BINARY(4) Kerberos authentication indicator
148 94 BINARY(4) Offset to Kerberos key tab file
152 98 BINARY(4) Length of Kerberos key tab file
156 9C BINARY(4) Kerberos to DN mapping indicator
160 A0 BINARY(4) Offset to Kerberos administrator ID
164 A4 BINARY(4) Length of Kerberos administrator ID
168 A8 BINARY(4) Offset to Kerberos administrator realm
172 AC BINARY(4) Length of Kerberos administrator realm
176 B0 BINARY(4) Event notification registration indicator
180 B4 BINARY(4) Maximum event registrations for connection
184 B8 BINARY(4) Maximum event registrations for server
188 BC BINARY(4) Maximum operations per transaction
192 C0 BINARY(4) Maximum pending transactions
196 C4 BINARY(4) Transaction time limit
200 C8 BINARY(4) ACL model
204 CC BINARY(4) Reserved
Additional fields if level indicator is equal to 3 or greater:
208 D0 BINARY(4) Level of authority integration
212 D4 BINARY(4) Offset to projected suffix
216 D8 BINARY(4) Length of projected suffix
Additional fields if level indicator is equal to 4 or greater:
220 DC BINARY(4) Read only schema
224 E0 BINARY(4) Read only Projected suffix
228 E4 BINARY(4) Log client messages
232 E8 BINARY(4) Maximum age of change log entries
Variable length string fields:
CHAR(*) Referral server
CHAR(*) Administrator DN
CHAR(*) Administrator password
CHAR(*) Update DN
CHAR(*) Update password
CHAR(*) Key ring file
CHAR(*) Database path
CHAR(*) Master server URL
CHAR(*) Kerberos key tab file
CHAR(*) Kerberos administrator ID
CHAR(*) Kerberos administrator realm
CHAR(*) Projected suffix


CSVR0200 Format

This format is used to add or remove suffixes from the server. The input data consists of a header and a series of change entries. The header identifies the number of suffixes to be added or removed. Each change entry identifies a suffix and the action to be performed (add or remove the suffix).

Note: Removing a suffix from a server will result in the loss of all directory entries with that suffix.

Offset Type Field
Dec Hex
0 0 BINARY(4) Offset to change entries
4 4 BINARY(4) Number of change entries
Change entries
Suffix change entries:
0 0 BINARY(4) Displacement to next entry
4 4 BINARY(4) Action
8 8 BINARY(4) Displacement to suffix
12 C BINARY(4) Length of suffix
CHAR(*) Suffix


CSVR0300 Format

This format is used to add, change, or remove directory indexes. Creating indexes for one or more attributes allows for faster retrieval of directory entries based on those attributes. The input data consists of a header and a series of change entries. The header identifies the number of indexes to be added, changed, or removed. Each change entry identifies an attribute and the action to be performed (add, change, or remove the indexes).

Starting with V4R5M0, this format is not supported. Database index information is to be changed using an LDAP client or the Directory Management Tool (DMT) starting with V4R5M0.

Offset Type Field
Dec Hex
0 0 BINARY(4) Offset to change entries
4 4 BINARY(4) Number of change entries
Change entries
Add or change attribute index entries:
0 0 BINARY(4) Displacement to next entry
4 4 BINARY(4) Action
8 8 BINARY(4) Displacement to attribute name
12 C BINARY(4) Length of attribute name
16 10 BINARY(4) Index type
20 14 BINARY(4) Reserved
CHAR(*) Attribute name
Delete attribute index entries:
0 0 BINARY(4) Displacement to next entry
4 4 BINARY(4) Action
8 8 BINARY(4) Displacement to attribute name
12 C BINARY(4) Length of attribute name
16 10 BINARY(4) Reserved
CHAR(*) Attribute name


CSVR0400 Format

This format is used to set the attributes for publishing users in an LDAP directory. User information from the System Distribution Directory (SDD) can be published to an LDAP server by the Synchronize System Distribution Directory to LDAP (QGLDSSDD) API and from iSeries Navigator. The publishing attributes define how to publish user information.

Offset Type Field
Dec Hex
0 0 BINARY(4) Offset to the server name
4 4 BINARY(4) Length of server name
8 8 BINARY(4) LDAP port number
12 C BINARY(4) Connection type
16 10 BINARY(4) Offset to parent distinguished name
20 14 BINARY(4) Length of parent distinguished name
24 18 BINARY(4) Reserved
Variable length string fields:
CHAR(*) Server name
CHAR(*) Parent distinguished name


CSVR0500 Format

This format is used to set the network server publishing attributes associated with the server.

Offset Type Field
Dec Hex
0 0 BINARY(4) Offset to change entries
4 4 BINARY(4) Number of change entries
Change entries
Add or change publishing agent change entries:
0 0 BINARY(4) Displacement to next entry
4 4 BINARY(4) Action
8 8 BINARY(4) Displacement to publishing agent name
12 C BINARY(4) Length of publishing agent name
16 10 BINARY(4) Displacement to server name
20 14 BINARY(4) Length of server name
24 18 BINARY(4) Displacement to bind DN
28 1C BINARY(4) Length of bind DN
32 20 BINARY(4) Displacement to bind credentials
36 24 BINARY(4) Length of bind credentials
40 28 BINARY(4) LDAP port number
44 2C BINARY(4) Connection type
48 30 BINARY(4) Displacement to parent distinguished name
52 34 BINARY(4) Length of parent distinguished name
56 38 BINARY(4) Disable publishing agent
60 3C BINARY(4) Level indicator
Additional fields if level indicator is equal to 1
64 40 BINARY(4) Kerberos authentication indicator
68 44 BINARY(4) Displacement to Kerberos key tab file
72 48 BINARY(4) Length of Kerberos key tab file
76 4C BINARY(4) Displacement to Kerberos principal
80 50 BINARY(4) Length of Kerberos principal
84 54 BINARY(4) Displacement to Kerberos realm
88 58 BINARY(4) Length of Kerberos realm
CHAR(*) Publishing agent name
CHAR(*) Server name
CHAR(*) Bind DN
CHAR(*) Bind credentials
CHAR(*) Parent distinguished name
CHAR(*) Kerberos key tab file
CHAR(*) Kerberos principal
CHAR(*) Kerberos realm
Delete publishing agent change entries:
0 0 BINARY(4) Displacement to next entry
4 4 BINARY(4) Action
8 8 BINARY(4) Displacement to publishing agent name
12 C BINARY(4) Length of publishing agent name
16 10 BINARY(4) Reserved
CHAR(*) Publishing agent name


CSVR0600 Format

This format is used to change referral server configuration information. The input data consists of a header and a series of change entries. The header identifies the master server information and the number of referral servers. This replaces the referral server information, if any, that is currently configured.

Offset Type Field
Dec Hex
0 0 BINARY(4) Offset to change entries
4 4 BINARY(4) Number of change entries
Change entries
Referral server change entries:
0 0 BINARY(4) Displacement to next entry
4 4 BINARY(4) Displacement to referral server URL
8 8 BINARY(4) Length of referral server URL
CHAR(*) Referral server URL


CSVR0700 Format

This format is used to change the server auditing configuration information.

Offset Type Field
Dec Hex
0 0 BINARY(4) Security audit option for objects
4 4 BINARY(4) Reserved


CSVR0800 Format

This format is used to change the IP address configuration information. The input data consists of a header and a series of change entries. The header identifies the number of IP addresses in the list. This replaces the IP address information that is currently configured. At least one IP address value must be specified for the server.

Offset Type Field
Dec Hex
0 0 BINARY(4) Offset to change entries
4 4 BINARY(4) Number of change entries
Change entries
IP address entries:
0 0 BINARY(4) Displacement to next entry
4 4 BINARY(4) Displacement to IP address
8 8 BINARY(4) Length of IP address
CHAR(*) IP address


CSVR0900 Format

This format is used to change the server administration information.

Offset Type Field
Dec Hex
0 0 BINARY(4) Offset to server administration URL
4 4 BINARY(4) Length of server administration URL
8 8 BINARY(4) Reserved
CHAR(*) Server administration URL


Field Descriptions

ACL model. Indicator of the ACL model to use. The following special values may be specified:

-1 The value of this field does not change.
1 Use the ACL model that supports attribute-level ACL permissions. This may cause compatibility problems with replication and applications that manage access-class level permissions defined in releases prior to V5R1M0. Once enabled, this capability can be disabled only by reconfiguring your server and deleting the directory database.

Note: Starting with V5R3M0, this field is ignored for format CSVR0100.

Action. The action to be performed for a given entry. The following values may be specified:

1 Add suffix, index rule, or publishing agent
2 Change index rule or publishing agent
3 Remove suffix, index rule, or publishing agent

Note: Change is valid only for the CSVR0300 and CSVR0500 formats.

Administrator DN. A distinguished name that has access to all objects in the directory. When either the administrator DN or the administrator password field is changed, both must be specified. This field is specified in UTF-16 (CCSID 13488). To leave the value unchanged, specify a length and offset to this field of zero.

Administrator password. The password used when connecting to the directory server using the administrator DN. When either the administrator DN or the administrator password field is changed, both must be specified. This field is specified in UTF-16 (CCSID 13488). To leave the value unchanged, specify a length and offset to this field of zero.

Attribute index entries. The list of changes to be made to the attribute indexes.

Attribute name. The name of a directory object attribute for which database indexes will be created. This field is specified in UTF-16 (CCSID 13488). The following special value may be specified:

*DEFAULT Specifies the index types to be created for those attributes that have no explicit rules defined.

Note: The *DEFAULT attribute entry may be removed or added. Adding or removing *DEFAULT attribute is equivalent to not creating any indexes, or creating indexes for all attributes, depending on the index types specified.

Bind credentials. The password used when connecting to the directory server using the bind DN. When either the bind DN or the bind credentials field is changed, both must be specified. This field is specified in UTF-16 (CCSID 13488). To leave the value unchanged, specify a length and displacement to this field of zero.

Bind DN. A distinguished name to use when publishing objects to the directory. When either the bind DN or the bind credentials field is changed, both must be specified. This field is specified in UTF-16 (CCSID 13488). To leave the value unchanged, specify a length and displacement to this field of zero.

Change entry. A structure identifying a change to be made. The structure identifies the suffix, attribute, or publishing agent and the operation to be performed (add, change, or delete).

Change log indicator. The indicator of whether to have a change log for entries that are added, changed or deleted. The following values may be specified:

0 No, do not have a change log
1 Yes, have a change log
-1 The value remains the same

Connection type. The type of connection to use to the LDAP server. The following values may be specified:

1 Nonsecure
2 Secured, using SSL
-1 The value remains the same

Current cipher protocols. The cipher protocols that the server will allow when using encrypted connections. The following values may be specified:

-1 The value remains the same

Or the sum of one or more of the following values:

0x0100 Triple Data Encryption Standard (DES) Secure Hash Algorithm (SHA) (U.S.)
0x0200 DES SHA (U.S.)
0x0400 Rivest Cipher 4 (RC4) SHA (U.S.)
0x0800 RC4 Message Digest 5 (MD5) (U.S.)
0x1000 RC2 MD5 (export)
0x2000 RC4 MD5 (export)
0x4000 Advanced Encryption Standard (AES) SHA 128 bit (U.S.)
Start of change0x8000 Advanced Encryption Standard (AES) SHA 256 bit (U.S.) End of change

Database path. The path to an existing library containing the directory database objects. This is an integrated file system path name, for example, /QSYS.LIB/DIRSRV.LIB. By changing this field, you make the current directory contents inaccessible. By changing the field back to its original value, you restore the original directory contents. The library must exist in a system ASP or a basic user ASP (ASP value of 1 to 32). The library cannot exist in an independent ASP (ASP value greater than 32). This field is specified in UTF-16 (CCSID 13488). To leave the value unchanged, specify a length and offset to this field of zero.

Disable publishing agent. Indicates whether or not the publishing agent is disabled. The following values may be specified:

0 The publishing agent is enabled.
1 The publishing agent is disabled.

Displacement to attribute name. The displacement, in bytes, from the start of the current entry to the attribute name field.

Displacement to bind credentials. The displacement, in bytes, from the start of the current entry to the bind credentials field.

Displacement to bind DN. The displacement, in bytes, from the start of the current entry to the bind DN field.

Displacement to IP address. The displacement, in bytes, from the start of the current entry to the IP address field.

Displacement to Kerberos key tab file. The displacement, in bytes, from the start of the current entry to the Kerberos key tab file field.

Displacement to Kerberos principal. The displacement, in bytes, from the start of the current entry to the Kerberos principal field.

Displacement to Kerberos realm. The displacement, in bytes, from the start of the current entry to the Kerberos realm field.

Displacement to next entry. The displacement, in bytes, from the start of the current entry to the next entry in the input data.

Displacement to parent distinguished name. The displacement, in bytes, from the start of the current entry to the parent distinguished name field.

Displacement to publishing agent name. The displacement, in bytes, from the start of the current entry to the publishing agent name field.

Displacement to referral server URL. The displacement, in bytes, from the start of the current entry to the referral server URL field.

Displacement to server name. The displacement, in bytes, from the start of the current entry to the server name field.

Displacement to suffix. The displacement, in bytes, from the start of the current entry to the suffix field.

Encrypted port number. The port number to use for encrypted connections. The standard port number for encrypted connections (SSL) is 636. Valid port numbers are in the range 1 to 65535. The following special value may be specified:

-1 The value of this field does not change.

Event notification registration indicator. Indicator of whether to allow client to register for event notification. The following special values may be specified:

-1 The value of this field does not change.
0 Do not allow clients to register for event notification.
1 Allow clients to register for event notification.

Index type. The kind of database indexes that will be created for an attribute. Creating database indexes improved the performance of directory searches on those attributes. The following values may be specified:

0 No indexes will be maintained for the specified attribute
1 Equal

Note: For a delete request, 0 must be specified for this field.

IP address. The IPv4 or IPv6 address of the client for which the directory server will accept connections. The IP address must already exist to be specified. A value of hexadecimal zeroes and leading zeroes is not allowed. An IPv4 address is expressed in standard dotted-decimal form www.xxx.yyy.zzz; for example, 130.99.128.1. An IPv6 address always has at least one occurrence of a colon (':') in the format. Some possible IPv6 address formats would be: ::x (for example, ::1) or ::w.xxx.y.zzz (for example, ::9.130.4.169). For further IPv6 examples and explanation, refer to the Usage Notes section in the Convert IPv4 and IPv6 Addresses Between Text and Binary Form (inet_pton) API. This field is specified in UTF-16 (CCSID 13488).

The following special value may be specified:

*ALL All IP addresses defined on the local system will be bound to the server.

Kerberos administrator ID. The name of the Kerberos administrator. This field is specified in UTF-16 (CCSID 13488). The following special value may be specified:

*NONE No value is specified.

To leave the value unchanged, specify a length and offset to this field of zero.

Kerberos administrator realm. The realm where the kerberos administrator is registered. This field is specified in UTF-16 (CCSID 13488). The following special value may be specified:

*NONE No value is specified.

To leave the value unchanged, specify a length and offset to this field of zero.

Kerberos authentication indicator. The following special values may be specified:

-1 The value of this field does not change.
0 Do not support Kerberos authentications.
1 Support Kerberos authentications. Ensure all Kerberos fields are specified.

Kerberos key tab file. The integrated file system path name for the key tab file that contains the server's secret key used for authentication. The QDIRSRV user profile is given authorization to read this file. This field is specified in UTF-16 (CCSID 13488). The following special value may be specified:

*NONE No value is specified.

To leave the value unchanged, specify a length and offset or displacement to this field of zero.

Kerberos principal. The principal in the key tab file to use for authentication. This field is specified in UTF-16 (CCSID 13488). The following special value may be specified:

*NONE No value is specified.

To leave the value unchanged, specify a length and offset or displacement to this field of zero.

Kerberos realm. The realm where the principal is registered to use for authentication. This field is specified in UTF-16 (CCSID 13488). The following special value may be specified:

*NONE No value is specified.

To leave the value unchanged, specify a length and offset or displacement to this field of zero.

Kerberos to DN mapping indicator.

-1 The value of this field does not change.
0 Map the Kerberos ID to pseudo DN. A pseudo DN can be used to uniquely identify an LDAP user object of the form 'ibm-kerberosName=principal@realm" or 'ibm-kn=principal@realm".
1 Use associated DN in directory. The LDAP server will attempt to find an entry in the directory that contains the kerberos principle and realm as one of its attributes. Once found, this DN will then be used to determine the client's authorizations to the directory.

Key ring file. The path name of the SSL key ring file. A key ring file must be configured when using SSL. The following special value may be specified:

*NONE No value is specified.

Note: Starting with V4R4M0, this field is ignored for format CSVR0100. This field is specified in UTF-16 (CCSID 13488).

To leave the value unchanged, specify a length and offset to this field of zero.

LDAP port number. The LDAP server's TCP/IP port. The following values may be specified:

-1 The value remains the same

Length of administrator DN. The length, in UTF-16 (CCSID 13488) characters, of the administrator DN field.

Length of administrator password. The length, in UTF-16 (CCSID 13488) characters, of the administrator password field.

Length of attribute name. The length, in UTF-16 (CCSID 13488) characters, of the the attribute name field.

Length of bind credentials. The length, in UTF-16 (CCSID 13488) characters, of the bind credentials field.

Length of bind DN. The length, in UTF-16 (CCSID 13488) characters, of the bind DN field.

Length of database path. The length, in UTF-16 (CCSID 13488) characters, of the database path field.

Length of IP address. The length, in UTF-16 (CCSID 13488) characters, of the IP address field.

Length of Kerberos administrator ID. The length, in UTF-16 (CCSID 13488) characters, of the Kerberos administrator ID field.

Length of Kerberos administrator realm. The length, in UTF-16 (CCSID 13488) characters, of the Kerberos administrator realm field.

Length of Kerberos key tab file. The length, in UTF-16 (CCSID 13488) characters, of the Kerberos key tab file field.

Length of Kerberos principal. The length, in UTF-16 (CCSID 13488) characters, of the Kerberos principal field.

Length of Kerberos realm. The length, in UTF-16 (CCSID 13488) characters, of the Kerberos realm field.

Length of key ring file. The length, in UTF-16 (CCSID 13488) characters, of the key ring file field.

Length of master server URL. The length, in UTF-16 (CCSID 13488) characters, of the master server URL field.

Length of parent distinguished name. The length, in UTF-16 (CCSID 13488) characters, of the parent distinguished name field.

Length of projected suffix. The length, in UTF-16 (CCSID 13488) characters, of the projected suffix field.

Length of publishing agent name. The length, in UTF-16 (CCSID 13488) characters, of the publishing agent name. The length can be at most 50 characters.

Length of referral server. The length, in UTF-16 (CCSID 13488) characters, of the referral server name.

Length of referral server URL. The length, in UTF-16 (CCSID 13488) characters, of the referral server URL field.

Length of server administration URL. The length, in UTF-16 (CCSID 13488) characters, of the server administration URL field.

Length of server name. The length, in UTF-16 (CCSID 13488) characters, of the server name field.

Length of suffix. The length, in UTF-16 (CCSID 13488) characters, of the suffix field.

Length of update DN. The length, in UTF-16 (CCSID 13488) characters, of the update DN field.

Length of update password. The length, in UTF-16 (CCSID 13488) characters, of the update password field.

Level indicator. The level indicator of the data supplied for a format. See the format descriptions for possible uses and values of this field.

Level of authority integration. The level of i5/OS authority integration to use to determine if a distinguished name (DN) can become an LDAP administrator. Allowing a user profile to become an LDAP administrator can be done by setting the 'Level of authority integration' to '1' and then authorizing specific user profiles to the 'Directory Server Administrator' function of the operating system through iSeries Navigator's Application support. The Change Function Usage Information (QSYCHFUI) API, with a function ID of QIBM_DIRSRV_ADMIN, can also be used to change the list of users that are allowed to be an LDAP administator. The user profile can be mapped to a DN as a projected user (for example, for user profile 'FRED', and the projected suffix of 'systemA', the projected user's DN would be os400-profile=FRED,cn=accounts,os400-sys=systemA ).

The following special values may be specified:

-1 The value of this field does not change.
0 Do not apply 'Directory Server Administrator' function identifier to bound distinguished names to determine LDAP administrators.
1 Allow bound distinguished names that refer directly to user profiles to become LDAP administrators if the user profile is identified in the 'Directory Server Administrator' function identifier.

Log client messages. Whether the directory server will log client messages in the server joblog. The following values may be specified:

-1 The value of this field does not change.
0 The directory server will not log client messages in the server joblog.
1 The directory server will log client messages in the server joblog.

Master server URL. The uniform resource locator (URL) of the master server. This field is specified in UTF-16 (CCSID 13488). The following special value may be specified:

*NONE No value is specified.

To leave the value unchanged, specify a length and offset to this field of zero.

Maximum connections. The maximum number of simultaneous connections that can be established with the server. The following special values may be specified:

-1 The value of this field does not change.
0 Do not limit the number of connections.

Note: Starting with V5R1M0, this field is no longer supported and is ignored if a value is passed.

Maximum event registrations for connection. The following special values may be specified:

-1 The value of this field does not change.
0 Do not limit the number of event registrations for connection.

Maximum event registrations for server. The following special values may be specified:

-1 The value of this field does not change.
0 Do not limit the number of event registrations for server.

Maximum age of change log entries. The maximum age, in seconds, of change log entries that can be stored. If the maximum is reached, the change log entries will be deleted starting with the oldest entry. This value only used if 'Change log indicator' is set to 1. The following special values may be specified:

-1 The value of this field does not change.
0 Do not limit the age of change log entries.

Maximum number of change log entries. The maximum number of change log entries that can be stored. If the maximum is reached, the change log entries will be deleted starting with the oldest entry. This value only used if 'Change log indicator' is set to 1. The following special values may be specified:

-1 The value of this field does not change.
0 Do not limit the number of change log entries.

Maximum operations per transaction. The maximum number of operations that are allowed for each transaction. Transaction support allows a group of directory changes to be handled as a single transaction. The following special values may be specified:

-1 The value of this field does not change.

Maximum pending transactions. The maximum number of pending transactions allowed. Transaction support allows a group of directory changes to be handled as a single transaction. The following special value may be specified:

-1 The value of this field does not change.

Nonencrypted port number. The port number to be used for nonencrypted connections. The standard port number is 389. Valid port numbers are in the range 1 to 65535. The following special value may be specified:

-1 The value of this field does not change.

Number of change entries. The number of change entries present in the input data.

Number of database connections. The number of database connections used by the server. Valid numbers are in the range 4 to 32. The following special value may be specified:

-1 The value of this field does not change.

Offset to administrator DN. The offset, in bytes, from the start of the input data area to the administrator DN field.

Offset to administrator password. The offset, in bytes, from the start of the input data area to the administrator password field.

Offset to change entries. The offset, in bytes, from the start of the input data area to the the first change entry.

Offset to database path. The offset, in bytes, from the start of the input data area to the database path field.

Offset to Kerberos administrator ID. The offset, in bytes, from the start of the input data area to the Kerberos administrator ID field.

Offset to Kerberos administrator realm. The offset, in bytes, from the start of the input data area to the Kerberos administrator realm field.

Offset to Kerberos key tab file. The offset, in bytes, from the start of the input data area to the Kerberos key tab file field.

Offset to key ring file. The offset, in bytes, from the start of the input data area to the key ring file field.

Offset to master server URL. The offset, in bytes, from the start of the input data area to the master server URL field.

Offset to parent distinguished name. The offset, in bytes, from the start of the input data area to the parent distinguished name field.

Offset to projected suffix. The offset, in bytes, from the start of the input data area to the projected suffix field.

Offset to referral server. The offset, in bytes, from the start of the input data area to the referral server field.

Offset to server administration URL. The offset, in bytes, from the start of the input data to the server administration URL field.

Offset to server name. The offset, in bytes, from the start of the input data to the server name field.

Offset to suffix. The offset, in bytes, from the start of the input data area to the suffix field.

Offset to update DN. The offset, in bytes, from the start of the input data area to the update DN field.

Offset to update password. The offset, in bytes, from the start of the input data area to the update password field.

Parent distinguished name. The parent distinguished name for published objects. For example, if the parent distinguished name is "ou=rochester, o=ibm, c=us", a published directory object for user John Smith might be "cn=john smith, ou=rochester, o=ibm, c=us". This field is specified in UTF-16 (CCSID 13488). To leave the value unchanged, specify a length and offset to this field of zero.

Password format. The format of the encrypted password. The following values may be specified:

-1 The value of this field does not change.
1 Unencrypted. The clear text password is stored in a validation list and can be returned by searches or used for DIGEST-MD5 SASL authentication.
2 SHA. (Default)
3 MD5.
4 Crypt (The password is one-way hashed using a modified DES algorithm. The "crypt" algorithm originally was used by many Unix operating systems for password protection.)

Projected suffix. The suffix under which all projected objects for this server reside including user and group profiles. This field is specified in UTF-16 (CCSID 13488).

Publishing agent name. The agent that will publish information to a directory server and parent distinguished name. This field is specified in UTF-16 (CCSID 13488).

The following publishing agent names are predefined by the operating system:

*AS400_COMPUTERS This agent name is used for publishing system information such as the system and printers.
*AS400_PRINTSHARES This agent name is used for publishing print shares to an Active Directory server.
*AS400_USERS This agent name is used for publishing System Distribution Directory users.
*OS400_TC1_QOS This agent name is used for publishing TCP/IP Quality of Service policy information.

Read only. Whether the directory server will allow updates to be made to the directory contents. The following values may be specified:

-1 The value of this field does not change.
0 Places the directory server into update mode to allow directory updates. This is the normal mode of operation.
1 Places the directory server into read-only mode.

Read only projected suffix. Whether the directory server will allow updates to be made to the projected suffix. The following values may be specified:

-1 The value of this field does not change.
0 Places the directory server projected suffix into update mode to allow updates. This is the normal mode of operation.
1 Places the directory server projected suffix into read-only mode.

Read only schema. Whether the directory server will allow updates to be made to the directory schema. The following values may be specified:

-1 The value of this field does not change.
0 Places the directory server schema into update mode to allow updates. This is the normal mode of operation.
1 Places the directory server schema into read-only mode.

Referral port. An optional port number to be returned to a client when a request is made for a directory object that does not reside on this server. The referral port and referral server together are used to form a referral URL. The referral server and port fields must be configured when changing the Server is replica field to make this server a replica. Valid port numbers are in the range 1 to 65535.

Starting with V4R5M0, this field is ignored for format CSVR0100. Referral server information can be changed using the CSVR0600 format of the QgldChgDirSvrA API. The following special values may be specified:

0 No port number is returned as part of the referral.
-1 The value of this field does not change.

Referral server. The IP name or address of a server to return to a client when a request is made for a directory object that does not reside on this server. The referral port and referral server are used together to form a referral URL. The referral server and port fields must be configured when changing the Server is a replica field to make this server a replica. In this case, the referral is typically to the master server. The following special value may be specified:

*NONE No value is specified.

Note: Starting with V4R5M0, this field is ignored for format CSVR0100. This field is specified in UTF-16 (CCSID 13488). To leave the value unchanged, specify a length and offset to this field of zero.

Referral server URL. The uniform resource locator (URL) of the referral server. This field is specified in UTF-16 (CCSID 13488).

Reserved. A reserved field. This field must be set to zero.

Schema checking level. The level of schema checking performed by the server. The following values may be specified:

-1 The value does not change.
0 None.
1 LDAP version 2.
2 LDAP version 3 strict.
3 LDAP version 3 lenient.

Search size limit. The maximum number of entries that the server will return for a given search request. The following special values may be specified:

-1 The value of this field does not change.
0 Do not limit the number of entries returned.

Search time limit. The maximum time, in seconds, that the server will spend performing a given search request. The following special values may be specified:

-1 The value of this field does not change.
0 Do not limit the search time.

Security. Whether the server should use encrypted connections. The following values may be specified:

-1 The value does not change
1 Allow nonencrypted connections only
2 Allow encrypted connections only
3 Allow both encrypted and nonencrypted connections

Security audit option for objects. When the QAUDCTL system value is set to *OBJAUD, then object auditing can be done in the directory. See the iSeries Security Reference Link to PDFbook for information about Directory Server auditing. The following special values may be specified:

-1 The value of this field does not change.
0 Do not do object auditing of the directory objects.
1 Audit changes to directory objects.
2 Audit all access to directory objects. This includes search, compare and change.

Server is replica. Whether the server is a master server or a replica server. When this field is changed to make the server a replica, the update DN, update password, and referral fields must be specified. The following values may be specified:

-1 The value of this field does not change.
0 The server is a master for the directory suffixes present on the server.
1 The server is a replica server for the directory suffixes present on the server.

Server administration URL. The server administration URL. This field is specified in UTF-16 (CCSID 13488). To leave the value unchanged, specify a length and offset to this field of zero.

Server name. The name of the server. This field is specified in UTF-16 (CCSID 13488). To leave the value unchanged, specify a length and offset to this field of zero.

SSL authentication method. The method used during SSL authentication. The following values may be specified:

-1 The value does not change.
1 Server authentication.
3 Server and client authentication.

Suffix. The name of the directory suffix to be added or removed from the server. This field is specified in UTF-16 (CCSID 13488).

Suffix change entries. The list of suffixes to be added or deleted.

Terminate idle connections. The server will terminate idle connections when necessary.

Starting with V5R1M0, this field is no longer supported and is ignored if a value is passed. The following values may be specified:

0 Do not terminate idle connections.
1 Terminate idle connections.

Transaction time limit. The maximum time, in seconds, that the server will spend performing a transaction request. Transaction support allows a group of directory changes to be handled as a single transaction. The following special values may be specified:

-1 The value of this field does not change.

Update DN. The distinguished name that the master server must use when propagating directory updates to this replica server. This field may be specified only when the server is a replica. When either the update DN or the update password field is changed, both must be specified. This field is specified in UTF-16 (CCSID 13488). The following special value may be specified:

*NONE No value is specified.

To leave the value unchanged, specify a length and offset to this field of zero.

Update password. The password used when connecting to this server using the update DN. This field may be specified only when the server is a replica. When either the update DN or the update password field is changed, both must be specified. This field is specified in UTF-16 (CCSID 13488). To leave the value unchanged, specify a length and offset to this field of zero. The following special value may be specified:

*NONE No value is specified.


Error Messages

Message ID Error Message Text
CPF2209 E Library &1 not found.
CPFA0A9 E Object not found.
CPFA0DB E Object name not a QSYS object.
CPFA314 E Memory allocation error.
GLD0204 E Attribute name not valid.
GLD0205 E Administrator DN not valid.
GLD0208 E Key ring file name not valid.
GLD0209 E Update DN not valid.
GLD020A E Suffix not valid.
GLD020B E Referral server name not valid.
GLD020D E Index rule already defined for attribute.
GLD020E E Index rule not found for attribute.
GLD0211 E Value &1 specified at offset &2 in input format &3 is not valid.
GLD0212 E Field &1 required when server is using SSL.
GLD0215 E IBM Directory Server for iSeries server has not been configured.
GLD0217 E A value was specified in list entry &1 that is not valid. Reason code &2.
GLD0219 E Administrator DN and password both required.
GLD021A E Field not allowed when server is not a replica.
GLD021B E Field is required when server is a replica.
GLD021C E The caller of the API must have *ALLOBJ and *IOSYSCFG special authority to configure the server.
GLD021D E Error occurred when processing the input list of entries.
GLD021E E &1 password is not valid.
GLD021F E The caller of the API must have *AUDIT special authority to set the server auditing information.
GLD0221 E Offset &1 specified in input data is not valid.
GLD0222 E Length &1 specified in input data is not valid.
GLD0223 E Database path not valid.
GLD0227 E Distinguished names cannot be modified while the server is active.
GLD0229 E Validation list not found.
GLD022D E Publishing &1 agent not found.
GLD022E E Publishing agent &1 is already configured.
GLD022F E Format not supported.
GLD0231 E Cannot set the password for a projected user.
GLD0232 E Configuration contains overlapping suffixes.
GLD0233 E Cannot set database library to /QSYS.LIB/QUSRDIRCL.LIB.
GLD0235 E IP address is not valid.
GLD0236 E Database library must be in system ASP or basic user ASP.


API introduced: V4R3
Top | UNIX-Type APIs | APIs by category