This document speaks about the migration process w.r.t IBM SDS (Security Directory Server) version 6.4.X.X on AIX that needs to be upgraded to IBM SVD (Security Verify Directory) 10.0.0.1 as part of the AIX 2023 Fall release. The process involves a structured seven-step Pipeline Process. This transition is necessary, especially when moving from AIX 7200 Prior TLs/AIX 7300 Prior TLs (AIX 72TL2, 72TL3, 72TL4, 72TL5, 73TL0 & 73TL1 ) to AIX 73TL2, given the shift in product versions from 6.4.0.25 to 10.0.0.1.
1. Plan the Migration:
- Develop a comprehensive migration plan encompassing timelines, resource allocation, and the potential impact on users.
- Identify the specific data and configurations slated for migration.
- Account for any customizations or extensions in the current environment, planning for their migration or adaptation.
2. Prepare for the Migration:
- Back up IBM Security Directory Server data and configurations.
- Document existing server settings, including schema, replication, and access control configurations.
3. Install IBM Security Verify Directory 10.0.0.1:
- The LDAP and the dependant filesets are available in the base and the expansion media the below diagram will provide more info
- Follow the installation guide to install IBM Security Verify Directory 10.0.0.1 on the target server or servers.
- Post the installation we will see 2 versions on the LDAP installed.
# lslpp -l | grep ldap
idsldap.clt32bit100.rte 10.0.0.1 COMMITTED Verify Directory - 32 bit
idsldap.clt32bit64.rte 6.4.0.25 COMMITTED Directory Server - 32 bit
idsldap.clt64bit100.rte 10.0.0.1 COMMITTED Verify Directory - 64 bit
idsldap.clt64bit64.rte 6.4.0.25 COMMITTED Directory Server - 64 bit
idsldap.clt_max_crypto32bit100.rte
idsldap.clt_max_crypto32bit64.rte
idsldap.clt_max_crypto64bit100.rte
idsldap.clt_max_crypto64bit64.rte
idsldap.cltbase100.adt 10.0.0.1 COMMITTED Verify Directory - Base Client
idsldap.cltbase100.rte 10.0.0.1 COMMITTED Verify Directory - Base Client
idsldap.cltbase64.adt 6.4.0.25 COMMITTED Directory Server - Base Client
idsldap.cltbase64.rte 6.4.0.25 COMMITTED Directory Server - Base Client
idsldap.cltjava100.rte 10.0.0.1 COMMITTED Verify Directory - Java Client
idsldap.cltjava64.rte 6.4.0.25 COMMITTED Directory Server - Java Client
idsldap.ent64.rte 6.4.0.0 COMMITTED Directory Server - Entitlement
idsldap.license100.rte 10.0.0.1 COMMITTED Verify Directory - License
idsldap.license64.rte 6.4.0.25 COMMITTED Directory Server - License
idsldap.msg64.cs_CZ 6.4.0.25 COMMITTED Directory Server - Messages -
idsldap.msg64.de_DE 6.4.0.25 COMMITTED Directory Server - Messages -
idsldap.msg64.en_US 6.4.0.25 COMMITTED Directory Server - Messages -
idsldap.msg64.es_ES 6.4.0.25 COMMITTED Directory Server - Messages -
idsldap.msg64.fr_FR 6.4.0.25 COMMITTED Directory Server - Messages -
idsldap.msg64.hu_HU 6.4.0.25 COMMITTED Directory Server - Messages -
idsldap.msg64.it_IT 6.4.0.25 COMMITTED Directory Server - Messages -
idsldap.msg64.ja_JP 6.4.0.25 COMMITTED Directory Server - Messages -
idsldap.msg64.ko_KO 6.4.0.25 COMMITTED Directory Server - Messages -
idsldap.msg64.pl_PL 6.4.0.25 COMMITTED Directory Server - Messages -
idsldap.msg64.pt_BR 6.4.0.25 COMMITTED Directory Server - Messages -
idsldap.msg64.ru_RU 6.4.0.25 COMMITTED Directory Server - Messages -
idsldap.msg64.sk_SK 6.4.0.25 COMMITTED Directory Server - Messages -
idsldap.msg64.zh_CN 6.4.0.25 COMMITTED Directory Server - Messages -
idsldap.msg64.zh_TW 6.4.0.25 COMMITTED Directory Server - Messages -
idsldap.srv64bit100.rte 10.0.0.1 COMMITTED Verify Directory - 64 bit
idsldap.srv64bit64.rte 6.4.0.25 COMMITTED Directory Server - 64 bit
idsldap.srv_max_cryptobase64bit100.rte
idsldap.srv_max_cryptobase64bit64.rte
idsldap.srvbase64bit100.rte
idsldap.srvbase64bit64.rte
idsldap.srvproxy64bit100.rte
idsldap.srvproxy64bit64.rte
idsldap.webadmin100.rte 10.0.0.1 COMMITTED Verify Directory - Web
idsldap.webadmin64.rte 6.4.0.25 COMMITTED Directory Server - Web
idsldap.webadmin_max_crypto100.rte
idsldap.webadmin_max_crypto64.rte
idsldap.clt32bit100.rte 10.0.0.1 COMMITTED Verify Directory - 32 bit
idsldap.clt32bit64.rte 6.4.0.25 COMMITTED Directory Server - 32 bit
idsldap.clt64bit100.rte 10.0.0.1 COMMITTED Verify Directory - 64 bit
idsldap.clt64bit64.rte 6.4.0.25 COMMITTED Directory Server - 64 bit
idsldap.cltbase100.rte 10.0.0.1 COMMITTED Verify Directory - Base Client
idsldap.cltbase64.rte 6.4.0.25 COMMITTED Directory Server - Base Client
idsldap.srvbase64bit100.rte
idsldap.srvbase64bit64.rte
idsldap.srvproxy64bit100.rte
idsldap.srvproxy64bit64.rte
4. Data Migration:
- Utilize provided migration tools or scripts to migrate user data, schema, and other relevant information from IBM Security Directory Server to IBM Security Verify Directory.
- Use the below command to migrate the instance created on 6.4.X.X
# /opt/IBM/ldap/V10.0/sbin/idsimigr -I <instance_name>
In the below example the instance name is ldapdb2
# /opt/IBM/ldap/V10.0/sbin/idsimigr -I ldapdb2
GLPMIG035I Files in backup directory, '/home/ldapdb2/idsslapd-ldapdb2', are determined to be of version, '6.4'. Migration will continue based on this migration path.
Backing up schema and configuration files .....
Copying: file /home/ldapdb2/idsslapd-ldapdb2/etc/V3.ibm.at .
Copying: file /home/ldapdb2/idsslapd-ldapdb2/etc/V3.ibm.oc .
Copying: file /home/ldapdb2/idsslapd-ldapdb2/etc/V3.system.at .
Copying: file /home/ldapdb2/idsslapd-ldapdb2/etc/V3.system.oc .
Copying: file /home/ldapdb2/idsslapd-ldapdb2/etc/V3.user.at .
Copying: file /home/ldapdb2/idsslapd-ldapdb2/etc/V3.user.oc .
Copying: file /home/ldapdb2/idsslapd-ldapdb2/etc/V3.modifiedschema .
Copying: file /home/ldapdb2/idsslapd-ldapdb2/logs/perftune_stat.log .
Copying: file /home/ldapdb2/idsslapd-ldapdb2/etc/ibmslapd.conf .
Copying: file /home/ldapdb2/idsslapd-ldapdb2/etc/perftune_input.conf .
Copying: file /home/ldapdb2/idsslapd-ldapdb2/etc/ibmslapdcfg.ksf .
Copying: file /home/ldapdb2/idsslapd-ldapdb2/etc/ibmslapddir.ksf .
Copying: file /home/ldapdb2/idsslapd-ldapdb2/etc/V3.config.at .
Copying: file /home/ldapdb2/idsslapd-ldapdb2/etc/V3.config.oc .
Copying: file /home/ldapdb2/idsslapd-ldapdb2/etc/V3.ldapsyntaxes .
Copying: file /home/ldapdb2/idsslapd-ldapdb2/etc/V3.matchingrules .
GLPMIG037I The DB2 database instance, 'ldapdb2', from the backed up configuration file has been found on the system. The information for this database instance will be preserved in the migrated configuration file.
GLPMIG038I The database, 'ldapdb2', from the backed up configuration file has been found on the system. The information for this database will be preserved in the migrated configuration file.
GLPWRP123I The program '/opt/IBM/ldap/V10.0/sbin/64/idsicrt' is used with the following arguments 'idsimigr -I ldapdb2'.
You have chosen to perform the following actions:
GLPICR013I The directory server instance's port will be set to '389'.
GLPICR014I The directory server instance's secure port will be set to '636'.
GLPICR015I The directory instance's administration server port will be set to '3538'.
GLPICR016I The directory instance's administration server secure port will be set to '3539'.
GLPICR019I The description will be set to: 'IBM Security Verify Directory Instance V10.0'.
GLPICR021I Database instance 'ldapdb2' will be configured.
Do you want to....
(1) Continue with the above actions, or
(2) Exit without making any changes:1
GLPMIG028I Migrating schema and configuration files from version '6.4' to version '8.0'.
GLPMIG076W Warning : Collision detected in new and existing definition of 'ibm-aixrbacdomainobject' objectclass for attribute 'ibm-aixrbacdomainobjecttype'. Existing attribute type : 'MAY', New attribute type : 'MUST'. Existing objectclass definition is given the preference.
GLPMIG076W Warning : Collision detected in new and existing definition of 'ibm-aixrbacdomainobject' objectclass for attribute 'ibm-aixrbacdomainname'. Existing attribute type : 'MAY', New attribute type : 'MUST'. Existing objectclass definition is given the preference.
GLPMIG018I Successfully migrated the schema files from version '6.4' to version '8.0'.
GLPMIG025I Successfully migrated the configuration file from version '6.4' to version '8.0'.
GLPMIG028I Migrating schema and configuration files from version '8.0' to version '8.0.1'.
GLPMIG076W Warning : Collision detected in new and existing definition of 'ibm-aixrbacdomainobject' objectclass for attribute 'ibm-aixrbacdomainobjecttype'. Existing attribute type : 'MAY', New attribute type : 'MUST'. Existing objectclass definition is given the preference.
GLPMIG076W Warning : Collision detected in new and existing definition of 'ibm-aixrbacdomainobject' objectclass for attribute 'ibm-aixrbacdomainname'. Existing attribute type : 'MAY', New attribute type : 'MUST'. Existing objectclass definition is given the preference.
GLPMIG018I Successfully migrated the schema files from version '8.0' to version '8.0.1'.
GLPMIG025I Successfully migrated the configuration file from version '8.0' to version '8.0.1'.
GLPMIG028I Migrating schema and configuration files from version '8.0.1' to version '10.0'.
GLPMIG076W Warning : Collision detected in new and existing definition of 'ibm-aixrbacdomainobject' objectclass for attribute 'ibm-aixrbacdomainobjecttype'. Existing attribute type : 'MAY', New attribute type : 'MUST'. Existing objectclass definition is given the preference.
GLPMIG076W Warning : Collision detected in new and existing definition of 'ibm-aixrbacdomainobject' objectclass for attribute 'ibm-aixrbacdomainname'. Existing attribute type : 'MAY', New attribute type : 'MUST'. Existing objectclass definition is given the preference.
GLPMIG018I Successfully migrated the schema files from version '8.0.1' to version '10.0'.
GLPMIG036W The log file name and path information from the backed up configuration file will not be preserved by migration. Log file names and paths will be updated to be specific for a directory server instance.
GLPMIG025I Successfully migrated the configuration file from version '8.0.1' to version '10.0'.
GLPMIG008I The excluded OIDs defined for this migration path have successfully been removed from the V3.modifiedschema file in directory, '/home/ldapdb2/idsslapd-ldapdb2/etc'.
GLPMIG023W Migration has checked the V3.modifiedschema file against the base schema files for any definition collisions. If any collisions are reported, these will be automatically resolved.
GLPMIG063I Collision detected for objectclass with name 'ibm-aixAuditClass' and oid '1.3.18.0.2.6.681'.
GLPMIG063I Collision detected for objectclass with name 'ibm-aixAuditConfig' and oid '1.3.18.0.2.6.680'.
GLPMIG063I Collision detected for objectclass with name 'ibm-ipsecConfData' and oid '1.3.18.0.2.6.676'.
GLPMIG063I Collision detected for objectclass with name 'ibm-ipsecPolicy' and oid '1.3.18.0.2.6.677'.
GLPMIG064I Collision detected for attribute with name 'ibm-auditBinStanza' and oid '1.3.18.0.2.4.3651'.
GLPMIG064I Collision detected for attribute with name 'ibm-auditClassEvents' and oid '1.3.18.0.2.4.3654'.
GLPMIG064I Collision detected for attribute with name 'ibm-auditClassName' and oid '1.3.18.0.2.4.3655'.
GLPMIG064I Collision detected for attribute with name 'ibm-auditconfig' and oid '1.3.18.0.2.4.3647'.
GLPMIG064I Collision detected for attribute with name 'ibm-auditStartStanza' and oid '1.3.18.0.2.4.3649'.
GLPMIG064I Collision detected for attribute with name 'ibm-auditStreamStanza' and oid '1.3.18.0.2.4.3650'.
GLPMIG064I Collision detected for attribute with name 'ibm-auditTimeStamp' and oid '1.3.18.0.2.4.3648'.
GLPMIG064I Collision detected for attribute with name 'ibm-ipsecCertDN' and oid '1.3.18.0.2.4.3625'.
GLPMIG064I Collision detected for attribute with name 'ibm-ipsecOtherPolicy' and oid '1.3.18.0.2.4.3626'.
GLPMIG064I Collision detected for attribute with name 'ibm-ipsecPolicyName' and oid '1.3.18.0.2.4.3627'.
GLPMIG064I Collision detected for attribute with name 'ibm-ipsecPrimaryPolicy' and oid '1.3.18.0.2.4.3628'.
GLPMIG064I Collision detected for attribute with name 'ibm-ipsecXmlConf' and oid '1.3.18.0.2.4.3629'.
GLPMIG064I Collision detected for attribute with name 'ibm-passwordmindigit' and oid 'ibm-passwordmindigit-oid'.
GLPMIG064I Collision detected for attribute with name 'ibm-passwordminloweralphachars' and oid 'ibm-passwordminloweralphachars-oid'.
GLPMIG064I Collision detected for attribute with name 'ibm-passwordminspecialchar' and oid 'ibm-passwordminspecialchar-oid'.
GLPMIG064I Collision detected for attribute with name 'ibm-passwordminupperalphachars' and oid 'ibm-passwordminupperalphachars-oid'.
GLPMIG065I Collision detected for ibm attribute with name '' and oid '1.3.18.0.2.4.3625'.
GLPMIG065I Collision detected for ibm attribute with name '' and oid '1.3.18.0.2.4.3626'.
GLPMIG065I Collision detected for ibm attribute with name '' and oid '1.3.18.0.2.4.3627'.
GLPMIG065I Collision detected for ibm attribute with name '' and oid '1.3.18.0.2.4.3628'.
GLPMIG065I Collision detected for ibm attribute with name '' and oid '1.3.18.0.2.4.3629'.
GLPMIG065I Collision detected for ibm attribute with name '' and oid '1.3.18.0.2.4.3647'.
GLPMIG065I Collision detected for ibm attribute with name '' and oid '1.3.18.0.2.4.3648'.
GLPMIG065I Collision detected for ibm attribute with name '' and oid '1.3.18.0.2.4.3649'.
GLPMIG065I Collision detected for ibm attribute with name '' and oid '1.3.18.0.2.4.3650'.
GLPMIG065I Collision detected for ibm attribute with name '' and oid '1.3.18.0.2.4.3651'.
GLPMIG065I Collision detected for ibm attribute with name '' and oid '1.3.18.0.2.4.3654'.
GLPMIG065I Collision detected for ibm attribute with name '' and oid '1.3.18.0.2.4.3655'.
GLPICR052I Creating DB2 instance link for directory server instance: 'ldapdb2'.
GLPICR053I Created DB2 instance link for directory server instance: 'ldapdb2'.
GLPICR133I Setting the DB2 registry for database instance 'ldapdb2' to allow DB2 SELECTIVITY.
GLPICR134I The DB2 registry for database instance 'ldapdb2' has been set to allow DB2 SELECTIVITY.
GLPMIG070I Migrating services associated with the directory server instance 'ldapdb2'.
GLPICR118I Creating runtime executable for directory server instance: 'ldapdb2'.
GLPICR119I Created runtime executable for directory server instance: 'ldapdb2'.
GLPMIG071I Successfully migrated the services associated with the directory server instance 'ldapdb2'.
GLPCTL074I Starting admin server for directory server instance: 'ldapdb2'.
GLPCTL076W Failed to start admin server for directory server instance: 'ldapdb2'.
GLPMIG027I Successfully migrated the directory server instance, 'ldapdb2', to version '10.0'.
GLPDBM054I Directory server install location is '/opt/IBM/ldap/V10.0'.
GLPDBM065I Directory server instance repository file '/opt/IBM/ldap/idsinstinfo/idsinstances.ldif'.
GLPDBM055I Directory instance name is 'ldapdb2'.
GLPDBM067I Directory instance location is '/home/ldapdb2'.
GLPDBM061I The directory server instance version check succeeded.
GLPDBM069I Directory instance server configuration file is '/home/ldapdb2/idsslapd-ldapdb2/etc/ibmslapd.conf'.
GLPDBM071I Directory instance 'ldapdb2' is running as a '64' bit application.
GLPDBM057I Found the DB2 instance name 'ldapdb2' from the directory server instance configuration file.
GLPDBM059I Found the DB2 database name 'ldapdb2' from the directory server instance configuration file.
GLPDBM082I Directory instance specific ldapdb.properties file '/home/ldapdb2/idsslapd-ldapdb2/etc/ldapdb.properties'.
GLPDBM073I DB2 install location from the ldapdb.properties file is '/opt/IBM/db2/V11.5'.
GLPDBM088I DB2 install version from the ldapdb.properties file is '11.5.7.0'.
GLPDBM063I DB2 initial version check succeeded.
GLPDBM052I Found DB2 version V11.5.7.0 in the location specified by the -N option.
GLPDBM087I The DB2 instance 'ldapdb2' is already migrated to the required db2 level. No pre-migration tasks will be performed.
GLPDBM030I Starting the migration task.
GLPDBM012W The DB2 database manager is already active.
GLPDBM034I DB2 database migration succeeded for database 'ldapdb2'.
GLPDBM026I The DB2 terminate succeeded.
GLPDBM024I The DB2 force application all succeeded.
GLPDBM017I The DB2 stop database manager command succeeded.
GLPDBM031I Migration task completed successfully.
GLPDBM040I Starting the post-migration task.
GLPDBM042I DB2 rebind packages completed successfully.
GLPDBM010I The DB2 start database manager command succeeded.
GLPDBM028I The DB2 update DBM CFG succeeded.
GLPDBM013I The DB2 list database directory command succeeded.
GLPDBM015I The DB2 connect to database command succeeded.
GLPDBM026I The DB2 terminate succeeded.
GLPDBM024I The DB2 force application all succeeded.
GLPDBM017I The DB2 stop database manager command succeeded.
GLPDBM079I Update operation for '/home/ldapdb2/idsslapd-ldapdb2/etc/ldapdb.properties' file for the directory server instance succeeded.
GLPDBM041I Post-migration task completed successfully
GLPDBM081I The idsdbmigr tool ran successfully, execution log is '/var/idsldap/V10.0/idsdbmigr.log'.
Restart the server instance using the below command:
#/opt/IBM/ldap/V10.0/sbin/ibmslapd -I ldapdb2 -n
GLPWRP123I The program '/opt/IBM/ldap/V10.0/sbin/64/ibmslapd' is used with the following arguments '-I ldapdb2 -n'.
GLPSRV041I Server starting.
GLPSRV236W Premium feature activation code could not be loaded. Some features are not available.
GLPCTL113I Largest core file size creation limit for the process (in bytes): '1073741312'(Soft limit) and '-1'(Hard limit).
GLPCTL121I Maximum Data Segment(Kbytes) soft ulimit for the process was 131072 and it is modified to the prescribed minimum 262144.
GLPCTL122I Maximum File Size(512 bytes block) soft ulimit for the process is 2097151 and the prescribed minimum is 2097151.
GLPCTL122I Maximum Open Files soft ulimit for the process is 2000 and the prescribed minimum is 500.
GLPCTL121I Maximum Physical Memory(Kbytes) soft ulimit for the process was 32768 and it is modified to the prescribed minimum 262144.
GLPCTL121I Maximum Stack Size(Kbytes) soft ulimit for the process was 32768 and it is modified to the prescribed minimum 65536.
GLPCTL119I Maximum Virtual Memory(Kbytes) soft ulimit for the process is -1 and the prescribed minimum is 1048576.
GLPCOM024I The extended Operation plugin is successfully loaded from libevent.a.
GLPCOM024I The extended Operation plugin is successfully loaded from libtranext.a.
GLPCOM024I The extended Operation plugin is successfully loaded from libldaprepl.a.
GLPSRV155I The DIGEST-MD5 SASL Bind mechanism is enabled in the configuration file.
GLPCOM021I The preoperation plugin is successfully loaded from libDigest.a.
GLPCOM024I The extended Operation plugin is successfully loaded from libevent.a.
GLPCOM024I The extended Operation plugin is successfully loaded from libtranext.a.
GLPCOM023I The postoperation plugin is successfully loaded from libpsearch.a.
GLPCOM024I The extended Operation plugin is successfully loaded from libpsearch.a.
GLPCOM025I The audit plugin is successfully loaded from libldapaudit.a.
GLPCOM025I The audit plugin is successfully loaded from /usr/ccs/lib/libsecldapaudit64.a(shr.o).
GLPCOM024I The extended Operation plugin is successfully loaded from libevent.a.
GLPCOM023I The postoperation plugin is successfully loaded from libpsearch.a.
GLPCOM024I The extended Operation plugin is successfully loaded from libpsearch.a.
GLPCOM022I The database plugin is successfully loaded from libback-config.a.
GLPCOM024I The extended Operation plugin is successfully loaded from libevent.a.
GLPCOM024I The extended Operation plugin is successfully loaded from libtranext.a.
GLPCOM023I The postoperation plugin is successfully loaded from libpsearch.a.
GLPCOM024I The extended Operation plugin is successfully loaded from libpsearch.a.
GLPCOM022I The database plugin is successfully loaded from libback-rdbm.a.
GLPCOM010I Replication plugin is successfully loaded from libldaprepl.a.
GLPSRV189I Virtual list view support is enabled.
GLPCOM021I The preoperation plugin is successfully loaded from libpta.a.
GLPSRV194I The Record Deleted Entries feature is disabled. Deleted entries are immediately removed from the database.
GLPSRV207I Group conflict resolution during replication is disabled.
GLPSRV221I Replication of security attributes feature is disabled.
GLPSRV200I Initializing primary database and its connections.
GLPRDB126I The directory server will not use DB2 selectivity.
GLPCOM024I The extended Operation plugin is successfully loaded from libloga.a.
GLPCOM024I The extended Operation plugin is successfully loaded from libidsfget.a.
GLPSRV232I Pass-through authentication is disabled.
GLPSRV234I Pass-through support for compare operations is disabled.
GLPCOM003I Non-SSL port initialized to 389.
- Verify the integrity of the migrated data.
- Start the SERVER instances using the
5. Test and Validate:
- Conduct thorough testing to ensure the migrated data functions correctly.
- Execute idsldapsearch on the hierarchy.
- Verify that user authentication, authorization, and other directory-related functionalities work as expected.
- Login using ssh to verify the login.
(base) localsystem:~$ ssh jon@<hostname>
jon@<hostname> password:
*******************************************************************************
* *
* *
* Welcome to AIX Version 7.3! *
* *
* *
* Please see the README file in /usr/lpp/bos for information pertinent to *
* this release of the AIX Operating System. *
* *
* *
*******************************************************************************
$
6. Update Applications and Integrations:
- Update applications, scripts, or integrations interacting with the directory to align with the new IBM Security Verify Directory settings.
- Use
/opt/IBM/ldap/V10.0/bin/idslink command to set the links to the directory server command-line utilities and libraries.
- The link to the command usage : https://www.ibm.com/docs/en/svd/10.0?topic=utilities-idslink
- NOTE: before setting the softlinks using the idslink command make sure to stop the server instance.
7. Decommission Old Directory Server:
- Once confirmed that the migration was successful and all systems are functioning correctly, decommission the old IBM Security Directory Server.
- To decommission the old IBM Security Directory Server at 6.4 version use the
install -u <6.4 fileset1> <6.4 fileset2>
- For Eg:
installp -u idsldap.srv64bit64.rte idsldap.srv_max_cryptobase64bit64.rte idsldap.srvbase64bit64.rte
- The above will remove only some of the filesets to list all the 6.4 filesets use the follow command: lslpp -l | grep ldap | grep 6.4