Retrieve Directory Server Attributes (QgldRtvDirSvrA)


  Required Parameter Group:

1 Receiver variable Output Char(*)
2 Length of receiver variable Input Binary(4)
3 Format name Input Char(8)
4 Error code I/O Char(*)

  Default Public Authority: *USE

  Library Name/Service Program: QSYS/QGLDUAPI

  Threadsafe: No

The Retrieve Directory Server Attributes (QgldRtvDirSvrA) API retrieves information about the directory server configuration. It can be used to retrieve information about:


Authorities and Locks

Start of change To retrieve format RSVR0700, Server auditing information, the caller of this API must have either *ALLOBJ or *AUDIT special authorities.

For all other formats, no i5/OS special authority is required.End of change


Required Parameter Group

Receiver variable
OUTPUT; CHAR(*)

The variable to receive output data. See Format of Output Data for a description of the format of the output data associated with a specific format name.

Length of receiver variable
INPUT; BINARY(4)

The length of the receiver variable area.

Format name
INPUT; CHAR(8)

The format name identifying the type of information to be retrieved. The possible format names follow:

RSVR0100 Basic server configuration
RSVR0400 Attributes for publishing users in an LDAP directory
RSVR0700 Server auditing information
RSVR0900 Server administration information

See Format of Output Data for a description of these formats.

Error code
I/O; CHAR(*)

The structure in which to return error information. For the format of the structure, see Error Code Parameter.


Format of Output Data

For details about the format of the output data, see the following sections. For details about the fields in each format, see Field Descriptions.


RSVR0100 Format

This format is used to retrieve basic server configuration information.

Offset Type Field
Dec Hex
0 0 BINARY(4) Bytes returned
4 4 BINARY(4) Bytes available
8 8 BINARY(4) Version
12 C BINARY(4) Read only
16 10 BINARY(4) Server is replica
20 14 BINARY(4) Security
24 18 BINARY(4) Unencrypted port number
28 1C BINARY(4) Encrypted port number
32 20 BINARY(4) Current cipher protocols
36 24 BINARY(4) Installed cipher protocols
40 28 BINARY(4) Search time limit
44 2C BINARY(4) Search size limit
48 30 BINARY(4) Maximum connections
52 34 BINARY(4) Reserved
56 38 BINARY(4) Referral port
60 3C BINARY(4) Password format
64 40 BINARY(4) Offset to referral server
68 44 BINARY(4) Length of referral server
72 48 BINARY(4) Offset to administrator distinguished name (DN)
76 4C BINARY(4) Length of administrator DN
80 50 BINARY(4) Offset to update DN
84 54 BINARY(4) Length of update DN
88 58 BINARY(4) Reserved
92 5C BINARY(4) Reserved
96 60 BINARY(4) Offset to database path
100 64 BINARY(4) Length of database path
104 68 BINARY(4) Reserved
108 6C BINARY(4) SSL authentication method
112 70 BINARY(4) Number of database connections
116 74 BINARY(4) Schema checking level
120 78 BINARY(4) Offset to master server URL
124 7C BINARY(4) Length of master server URL
128 80 BINARY(4) Change log indicator
132 84 BINARY(4) Maximum number of change log entries
136 88 BINARY(4) Terminate idle connections
140 8C BINARY(4) Kerberos authentication indicator
144 90 BINARY(4) Offset to Kerberos key tab file
148 94 BINARY(4) Length of Kerberos key tab file
152 98 BINARY(4) Kerberos to DN mapping indicator
156 9C BINARY(4) Offset to Kerberos administrator ID
160 A0 BINARY(4) Length of Kerberos administrator ID
164 A4 BINARY(4) Offset to Kerberos administrator realm
168 A8 BINARY(4) Length of Kerberos administrator realm
172 AC BINARY(4) Event notification registration indicator
176 B0 BINARY(4) Maximum event registrations for connection
180 B4 BINARY(4) Maximum event registrations for server
184 B8 BINARY(4) Maximum operations per transaction
188 BC BINARY(4) Maximum pending transactions
192 C0 BINARY(4) Transaction time limit
196 C4 BINARY(4) ACL model
200 C8 BINARY(4) Level of authority integration
204 CC BINARY(4) Offset to projected suffix
208 D0 BINARY(4) Length of projected suffix
212 D4 BINARY(4) Read only schema
216 D8 BINARY(4) Read only projected suffix
220 DC BINARY(4) Log client messages
224 E0 BINARY(4) Maximum age of change log entries
CHAR(*) Referral server
CHAR(*) Administrator DN
CHAR(*) Update DN
CHAR(*) Database path
CHAR(*) Master server URL
CHAR(*) Kerberos key tab file
CHAR(*) Kerberos administrator ID
CHAR(*) Kerberos administrator realm
CHAR(*) Projected suffix


RSVR0400 Format

This format is used to retrieve the attributes for publishing users in an LDAP directory. User information from the system distribution directory can be published to an LDAP server by the Synchronize System Distribution Directory to LDAP (QGLDSSDD) API and from iSeries Navigator. The publishing attributes define how to publish user information.

Offset Type Field
Dec Hex
0 0 BINARY(4) Bytes returned
4 4 BINARY(4) Bytes available
8 8 BINARY(4) Offset to server name
12 C BINARY(4) Length of server name
16 10 BINARY(4) LDAP port number
20 14 BINARY(4) Connection type
24 18 BINARY(4) Offset to parent distinguished name.
28 1C BINARY(4) Length of parent distinguished name.
CHAR(*) Server name
CHAR(*) Parent distinguished name.


RSVR0700 Format

This format is used to retrieve server auditing configuration information.

Offset Type Field
Dec Hex
0 0 BINARY(4) Bytes returned
4 4 BINARY(4) Bytes available
8 8 BINARY(4) Security audit option for objects


RSVR0900 Format

This format is used to retrieve server administration information.

Offset Type Field
Dec Hex
0 0 BINARY(4) Bytes returned
4 4 BINARY(4) Bytes available
8 8 BINARY(4) Offset to server administration URL
12 C BINARY(4) Length of server administration URL
CHAR(*) Server administration URL


Field Descriptions

ACL model. The ACL model that is being used. The following special values may be returned:

0 The ACL model being used supports access-class level permissions. This is the ACL model the directory server used prior to V5R1M0.
1 The ACL model being used supports both access-class level permissions and attribute-level ACL permissions.

Administrator DN. A distinguished name (DN) that has access to all objects in the directory. This field is specified in UTF-16 (CCSID 13488).

Bytes available. The number of bytes of data available to be returned. All available data is returned if enough space is provided.

Bytes returned. The number of bytes of data returned.

Change log indicator. The indicator of whether a change log exists for entries that have been added, changed and deleted. The following values may be returned:

0 No, a change log does not exist
1 Yes, a change log exists

Connection type. The type of connection to use to the LDAP server. The following values may be returned:

1 Nonsecure
2 Secured, using SSL

Current cipher protocols. The cipher protocols that the server allows when using encrypted connections. The value is the sum of zero or more of the following values:

0x0100 Triple Data Encryption Standard (DES) Secure Hash Algorithm (SHA) (U.S.)
0x0200 DES SHA (U.S)
0x0400 Rivest Cipher 4 (RC4) SHA (U.S.)
0x0800 RC4 Message Digest (MD) 5 (U.S.)
0x1000 RC2 MD5 (export)
0x2000 RC4 MD5 (export)
0x4000 Advanced Encryption Standard (AES) SHA 128 bit (U.S.)
Start of change0x8000 Advanced Encryption Standard (AES) SHA 256 bit (U.S.) End of change

Database path. The integrated file system path name of the library containing the directory database. This field is specified in UTF-16 (CCSID 13488).

Encrypted port number. The port number to use for encrypted connections. The standard port number for encrypted connections is 636.

Event notification registration indicator. Indicator of whether to allow client to register for event notification. The following special values may be returned:

0 Do not allow clients to register for event notification.
1 Allow clients to register for event notification.

Installed cipher protocols. The cipher protocols installed on the system. Refer to the current cipher protocols field for a description of the values.

Kerberos administrator ID. The name of the Kerberos administrator. This field is specified in UTF-16 (CCSID 13488). The following special value may be returned:

*NONE No value is specified.

Kerberos administrator realm. The realm in which the kerberos administrator is registered. This field is specified in UTF-16 (CCSID 13488). The following special value may be returned:

*NONE No value is specified.

Kerberos authentication indicator. The following special values may be returned:

0 Do not support Kerberos authentications.
1 Support Kerberos authentications.

Kerberos key tab file. The integrated file system path name for the key tab file that contains the server's secret key used for authentication. This field is specified in UTF-16 (CCSID 13488). The following special value may be returned:

*NONE No value is specified.

Kerberos to DN mapping indicator.

0 Map the Kerberos ID to pseudo DN. A pseudo DN can be used to uniquely identify an LDAP user object of the form 'ibm-kerberosName=principal@realm' or 'ibm-kn=principal@realm'.
1 Use associated DN in directory. The LDAP server will attempt to find an entry in the directory that contains the kerberos principle and realm as one of its attributes. Once found, this DN will then be used to determine the client's authorizations to the directory.

LDAP port number. The LDAP server's TCP/IP port.

Length of administrator DN. The length, in UTF-16 (CCSID 13488) characters, of the administrator DN field.

Length of database path. The length, in UTF-16 (CCSID 13488) characters, of the database path field.

Length of Kerberos administrator ID. The length, in UTF-16 (CCSID 13488) characters, of the Kerberos Administrator ID field.

Length of Kerberos administrator realm. The length, in UTF-16 (CCSID 13488) characters, of the Kerberos administrator realm field.

Length of Kerberos key tab file. The length, in UTF-16 (CCSID 13488) characters, of the Kerberos key tab file field.

Length of master server URL. The length, in UTF-16 (CCSID 13488) characters, of the master server URL field.

Length of parent distinguished name. The length, in UTF-16 (CCSID 13488) characters, of the parent distinguished name field.

Length of projected suffix. The length, in UTF-16 (CCSID 13488) characters, of the projected suffix field

Length of server administration URL. The length, in UTF-16 (CCSID 13488) characters, of the server administration URL field.

Length of server name. The length, in UTF-16 (CCSID 13488) characters, of the server name field.

Length of referral server. The length, in UTF-16 (CCSID 13488) characters, of the referral server field.

Length of update DN. The length, in UTF-16 (CCSID 13488) characters, of the update DN field.

Level of authority integration. The level of i5/OS authority integration to use to determine if a distinguished name (DN) can become an LDAP administrator. The following special values may be specified:

0 Do not apply 'Directory Server Administrator' (QIBM_DIRSRV_ADMIN) function identifier to bound distinguished names to determine LDAP administrators.
1 Allow bound distinguished names that refer directly to user profiles to become LDAP administrators if the user profile is identified in the 'Directory Server Administrator' (QIBM_DIRSRV_ADMIN) function identifier.

Log client messages. Whether the directory server will log client messages in the server joblog. The following values may be returned:

0 The directory server will not log client messages in the server joblog.
1 The directory server will log client messages in the server joblog.

Master server URL. The uniform resource locator (URL) of the master server. This field is specified in UTF-16 (CCSID 13488). The following special value may be returned:

*NONE No value is specified.

Maximum connections. Returns the maximum number of simultaneous connections that can be established with the server.

Starting with V5R1M0, this field is no longer supported and the value returned is 0. The following special value may be returned:

0 Do not limit the number of connections.

Maximum event registrations for connection. The following special values may be returned:

0 Do not limit the number of event registrations for connection.

Maximum event registrations for server. The following special values may be returned:

0 Do not limit the number of event registrations for server.

Maximum age of change log entries. The age, in seconds, of change log entries that can be stored. If the maximum is reached, the change log entries will be deleted starting with the oldest entry. This value only valid if 'Change log indicator' is set to 1. The following special values may be returned:

0 The age of change log entries is not limited.

Maximum number of change log entries. The maximum number of change log entries that can be stored. If the maximum is reached, the change log entries will be deleted starting with the oldest entry. This value only valid if 'Change log indicator' is set to 1. The following special values may be returned:

0 The number of change log entries is not limited.

Maximum operations per transaction. The maximum number of operations that are allowed for each transaction. Transaction support allows a group of directory changes to be handled as a single transaction.

Maximum pending transactions. The maximum number of pending transactions allowed. Transaction support allows a group of directory changes to be handled as a single transaction.

Number of database connections. The number of database connections used by the server.

Offset to administrator DN. The offset, in bytes, from the start of the receiver variable to the administrator DN field.

Offset to database path. The offset, in bytes, from the start of the receiver variable to the database path field.

Offset to Kerberos administrator ID. The offset, in bytes, from the start of the input data area to the Kerberos administrator ID field.

Offset to Kerberos administrator realm. The offset, in bytes, from the start of the input data area to the Kerberos administrator realm field.

Offset to Kerberos key tab file. The offset, in bytes, from the start of the input data area to the Kerberos key tab file field.

Offset to master server URL. The offset, in bytes, from the start of the receiver variable to the master server URL field.

Offset to parent distinguished name. The offset, in bytes, from the start of the receiver variable to the parent distinguished name field.

Offset to projected suffix. The offset, in bytes, from the start of the input data area to the projected suffix field.

Offset to referral server. The offset, in bytes, from the start of the receiver variable to the referral server field.

Offset to server administration URL. The offset, in bytes, from the start of the receiver variable to the server administration URL field.

Offset to server name. The offset, in bytes, from the start of the receiver variable to the server name field.

Offset to update DN. The offset, in bytes, from the start of the receiver variable to the update DN field.

Parent distinguished name. The parent distinguished name for published objects. For example, if the parent distinguished name is 'ou=rochester, o=ibm, c=us', a published directory object for user John Smith might be 'cn=john smith, ou=rochester, o=ibm, c=us'. This field is specified in UTF-16 (CCSID 13488).

Password format. The format of the encrypted password. The following values may be returned:

1 Unencrypted. The clear text password is stored in a validation list and can be returned by searches or used for DIGEST-MD5 SASL authentication.
2 SHA. (Default)
3 MD5.
4 Crypt (The password is one-way hashed using a modified DES algorithm. The 'crypt' algorithm originally was used by many UNIX operating systems for password protection.)

Projected suffix. The suffix under which all projected objects for this server reside including user and group profiles. This field is specified in UTF-16 (CCSID 13488).

Read only. Whether the directory server allows changes to be made to the directory contents. The following values may be returned:

0 The directory server is not read only. Updates are allowed to the directory.
1 The directory server is read only. Updates are not allowed to the directory.

Read only projected suffix. Whether the directory server will allow updates to be made to the projected suffix. The following values may be returned:

0 The directory server projected suffix is not read only. Updates are allowed to the projected suffix.
1 The directory server projected suffix is read only. Updates are not allowed to the projected suffix.

Read only schema. Whether the directory server will allow updates to be made to the directory schema. The following values may be returned:

0 The directory server schema is not read only. Updates are allowed to the schema.
1 The directory server schema is read only. Updates are not allowed to the schema.

Referral port. An optional port number to be returned to a client when a request is made for a directory object that does not reside on this server. The referral port and referral server together are used to form a referral URL. The following special value may be returned:

0 The LDAP port is not specified, the client should use the default LDAP port.

Referral server. The IP name of a server to return to a client when a request is made for a directory object that does not reside on this server. This field is specified in UTF-16 (CCSID 13488). The referral port and referral server are used together to form a referral URL. The following special value may be returned:

*NONE No value is specified.

Reserved. A reserved field. This field must be set to zero.

Schema checking level. The level of schema checking performed by the server. The following values may be returned:

0 None.
1 LDAP version 2.
2 LDAP version 3 strict.
3 LDAP version 3 lenient.

Search size limit. The maximum number of entries that the server will return for a given search request. The following special value may be returned:

0 Do not limit the number of entries returned.

Search time limit. The maximum time, in seconds, that the server will spend performing a given search request. The following special value may be returned:

0 Do not limit the search time.

Security. Whether the server is to use encrypted connections. The following values may be returned:

0 Allow unencrypted connections only.
1 Allow encrypted connections only.
2 Allow both encrypted and unencrypted connections.

Note: SSL is used for encrypted connections to the server.

Security audit option for objects. When the QAUDCTL system value is set to *OBJAUD, then object auditing can be done in the directory. See the iSeries Security Reference Link to PDFbook for information about Directory Server auditing. The following special values may be returned:

0 Do not do object auditing of the directory objects.
1 Audit changes to directory objects.
2 Audit all access to directory objects. This includes search, compare and change.

Server is replica. Whether the server is a master server or a replica server. The following values may be returned:

0 The server is a master server for the directory suffixes present on the server.
1 The server is a replica server for the directory suffixes present on the server.

Server administration URL. The server administration URL. This field is specified in UTF-16 (CCSID 13488).

Server name. The name of the server. This field is specified in UTF-16 (CCSID 13488).

SSL authentication method. The method used during SSL authentication. The following values may be returned:

1 Server authentication.
3 Server and client authentication.

Terminate idle connections. The server will terminate idle connections when necessary. The following values may be returned:

0 Do not terminate idle connections.
1 Terminate idle connections.

Note: Starting with V5R1M0, this field is no longer supported and the value returned is 0.

Transaction time limit. The maximum time, in seconds, that the server will spend performing a transaction request. Transaction support allows a group of directory changes to be handled as a single transaction.

Unencrypted port number. The port number to be used for unencrypted connections. The standard port number is 389.

Update DN. The distinguished name that the master server must use when propagating directory updates to this replica server. This field is specified in UTF-16 (CCSID 13488). The following value may be returned:

*NONE No value is specified.

Use encrypted connections. Whether this server should use encrypted connections when making updates to the replica server. The following values may be returned:

0 Use unencrypted connections.
1 Use encrypted connections.

Version. Returns the version of the LDAP server.


Error Messages

Message ID Error Message Text
CPFA314 E Memory allocation error.
Start of changeGLD016E E *ALLOBJ or *AUDIT special authority required. End of change
GLD0215 E Server has not been configured.


API introduced: V4R3
Top | UNIX-Type APIs | APIs by category