Since we are urged by our auditors to introduce a strict password policy in our company, we established an W2003 Active Directory Server which handles the authorization requests for most our customer logins. A lot of our users still use interactive logins on a range of OpenVMS systems, which are not synchronized with Active Directory and require different passwords. We aim to authenticate non-core users on these systems external via ACME and LDAP.
To check this out we installed a DS10 alpha with OpenVMS V8.3, Update V2, TCP/IP V5.6, added VMS83A_ACMELDAP-V0200 and V83_ACMELDAP_STD, and tried to establish an ACME LDAP server.
We created a sys$manager:ldapacme.ini, had a logical ldapacme$init pointing to it and use these commands:
$ def/syst/exec ldapacme$init sys$manager:ldapacme.ini
$ def/syst/exec ldapacme$no_tls true
$ set noon
$ set server acme /exit
$ dele/nolog/noconf sys$manager:acme$server.log;*
$ set server acme /start
$ set server acme /trace=10
$ set server acme /conf=(name=VMS)
$ set server acme /conf=(name=LDAP,fac=LDAPACME,cred=VMS)
$ set server acme /enable=name=vms
$ set server acme /enable=name=ldap
$ type sys$manager:acme$server.log;*
We were only partially sucessful, since we only got this:
ACME Agent id: 2 State: Initialized
Name: "LDAP"
Image: "DISK$SYSFEP:[VMS$COMMON.SYSLIB]LDAPACME$LDAP_ACMESHR.EXE;1"
Identification: "LDAPACME Agent V1.0-BL2"
Information: "ldap_agent initialized, waiting to be enabled"
Domain of Interpretation: Yes
Execution Order: 0
The log file contains lines like
%ACME-I-TRACE, trace event from "ACME_ReadControlMBX: Enable received" on 18-AP?
-ACME-I-THREAD, thread: id = 1, type = CONTROL
%ACME-I-TRACE, trace event from "ACME_EnableServer: ERROR" on 18-APR-2007 07:18?
-ACME-I-THREAD, thread: id = 1, type = CONTROL
-ACME-I-EXITSTATUS, exiting with status = %X074ABEB2
Has somebody an idea what's possibly wrong?
