LDS Recovery Report
The LDS recovery report (LDSRPT), lists all LDS requests stored in the LDS Recovery File. LDS recovery retrieves records containing information pertaining to administrative commands that ADD, REPLACE, and DELETE ACID fields as well as password changes that are eligible for LDS processing. There are no REPORT parameters for this program.
Only a person with SCA or AUDIT privileges is eligible to run the LDSRPT report
The following is sample JCL to run the LDSRPT report:
//LDSRPT EXEC PGM=CAS4LRPT //STEPLIB DD DSN=CAI.CAILIB,DISP=SHR //LDSRCVR DD DSN=CALDAP.LDSRCVR,DISP-SHR //SYSPRINT DD SYSOUT=*
Sample Report Output
The report title displays the date and time the report was generated. The report summary displays the total number of LDS recovery records on the LDS Recovery File. The following is a sample of the LDSRPT report output:
04.182) TIME 12.33 - Security LDS Recovery Report - PAGE 1 Date Time LDAP Node ID User LDS Recovery Data 2004121 153451 LDAP.LISLE2 LDSETA2 INS LID(LDSETA2 ) OBJECTCLASS(TSSLID), ADD Name(1534 ), ADD objectclass(AC 2004121 153451 LDAP.LISLE2 LDSETA2 F2LID) 2004121 154026 LDAP.LISLE2 LDSETA2 DEL LID(LDSETA2 ) OBJECTCLASS(TSSLID) 2004121 160905 LDAP.LISLE2 LDSETA1 MOD LID(LDSETA1 ) OBJECTCLASS(TSSLID), REP Name(1608 ) 2004121 162455 LDAP.LISLE2 LDSETA3 MOD LID(LDSETA3 ) OBJECTCLASS(TSSLID), REP Name(1624 ) 2004121 162936 LDAP.LISLE2 LDSETA2 INS LID(LDSETA2 ) OBJECTCLASS(TSSLID), ADD Name(THIRD ), ADD objectclass(AC 2004121 162936 LDAP.LISLE2 LDSETA2 F2LID) DATE 06/30/04 (04.182) TIME 12.33 - <tss> Security LDS Recovery Report - PAGE 2 - Total number of LDS records processed is 05
- DateThe date the LDS recovery record was stored on the LDS Recovery File.
- TimeThe time the LDS recovery record was stored on the LDS Recovery File.
- LDAP Node IDThe LDAP Node Record ID of the LDAP server that the LDS request was originally transmitted.
- UserThe user's logonid of the LDS request that was updated by the CA Top Secret administrator.
- LDS Recovery DataThe type of LDS request, including the list of LDAP attribute names and values to be transmitted to the LDAP server. To protect password based attribute data values from disclosure, password values are displayed as “SUPPRESSED” in this report.