DB2 LDAP configuration on SLES11 SP2

Having problems with YaST wiping out your custom PAM setting for DB2 since upgrading to SLES 11 SP2??

This is a short post detailing a problem I found with the YaST method of managing manual pam/ldap configuration under SLES 11 SP2 x86_64, which is a necessary step if you want to run LDAP for DB2 authentication. I wrote a more detailed post about the additional steps to get to this point here:DB2-LDAP-Configuration

The problem seems to be that any file that gets created in /etc/pam.d that is not managed by YaST/SuSEConfig gets wiped out once you run the “yast2 ldap pam {disable/enable}” step during the LDAP client configuration. This didnt seem to be a problem on SLES 11 SP1.

I trawled around the web looking for people experiencing the same type of problem but with other installations/distributions, and found that someone had eventually used “chattr” to make their files immutable, so that its impossible for any system process to remove or alter any files that are already in place.

So heres the steps that I took to stop the problem:

chattr +i db2
chattr +i ldap.conf
chattr +i nsswitch.conf
chattr +i ldap.conf

to make those file immutable, then we ran the “yast2 ldap pam disable“, and “yast2 ldap pam enable” to test the files remained untouched.

Now when yast2 ldap pam disable and enable is run, its no longer possible for the chattr’d files to be deleted.

[amazon asin=158347367X&template=iframe image&chan=default][amazon asin=0470275871&template=iframe image&chan=default]