📖 ~1 min read
Table of contents
Symptom & Impact
AIX LDAP users cannot log in; lsuser -R LDAP returns ‘does not exist’.
Environment & Reproduction
secldapclntd daemon cannot reach LDAP server or schema mismatch on 7.3.
Root Cause Analysis
TLS cert expired or RFC2307aix schema not loaded on directory.
Quick Triage
Run lsldap -a passwd and ls-secldapclntd to see daemon status.
Step-by-Step Diagnosis
Use stopsrc -s secldapclntd; secldapclntd -d 4 to capture verbose log.
Solution – Primary Fix
Renew CA cert in /etc/security/ldap/ldap.cfg and restart secldapclntd.
Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.
Solution – Alternative Approaches
Fall back to LOAD compat=files temporarily in /etc/security/user.
Verification & Acceptance Criteria
lsuser -R LDAP returns expected users and id resolves UIDs.
Rollback Plan
Revert ldap.cfg from backup and restart secldapclntd.
Prevention & Hardening
Monitor cert expiry and keep nss_ldap config in source control.
Related Errors & Cross-Refs
secldapclntd not running, 3004-687 LDAP bind errors.
Related tutorial: View the step-by-step tutorial for aix-7.3.
View all aix-7.3 tutorials on the Tutorials Hub →
Browse all common problems & solutions on the Tutorials Hub.
References & Further Reading
IBM AIX LDAP client administration guide.
Need Expert Help?
If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today — we respond within one business day.
