Chatta subito con l'assistenza
Chat con il supporto

Identity Manager 9.1 - LDAP Connector for IBM RACF Reference Guide

Object matching rules

  • DistinguishedName (primary rule) vrtEntryDN

    vrtEntryDN is a virtual property, set to the DN of the object in the connector. This forms a unique ID to distinguish individual dataset objects on the RACF system.

    To convert this mapping into an object matching rule

    1. Select the property mapping rule in the rule window.

    2. Click in the rule view toolbar.

      A message appears.

    3. Click Yes to convert the property mapping rule into an object matching rule and save a copy of the property mapping rule.

    Sample value:

    racfdataset=ABCDB.*.**,profileType=dataset,cn=mainframe1,o=mycompany,c=com

Related topics

Sample data set profile mapping

The following figure shows the data set profile mapping in operation.

Run TSO command

The RACF LDAP connector can be used to run any TSO command on the connected system if the Quest RACF TDS Exit has been installed and configured. This TSO command execution needs to be configured manually for the connector made available with One Identity Manager.

Create a custom defined process using the MFRComponent process component. Use the RACF LDAP connector server function to specify the execution server. The One Identity Manager Service is installed on this server with the RACF LDAP connector.

For more detailed information about configuring the server and creating processes, see the One Identity Manager Configuration Guide.

Auxiliary classes

The RACF user and group objects have a number of auxiliary classes available to add extra attributes. There are 13 of these auxiliary classes in total.

Auxiliary classes that can extend the RACF user object:

  • SAFTSOSegment

  • SAFDfpSegment

  • racfCicsSegment

  • racfLanguageSegment

  • racfOperparmSegment

  • racfWorkAttrSegment

  • racfUserOmvsSegment

  • racfUserOvmSegment

  • racfNetviewSegment

  • racfDCESegment

Auxiliary classes that can extend the RACF group object:

  • racfGroupOmvsSegment

  • racfGroupOvmSegment

  • SAFDfpSegment

The additional attributes that each of these makes available is listed in Auxiliary classes.

When the RACF user or group object is viewed in the Synchronization Editor, all of the attributes made available by all of the above auxiliary classes are listed by default and can be used in user or group mappings. To make use of additional attributes during a synchronization to RACF, the user or group object must contain the corresponding object class for each additional attribute or the attribute will be discarded. The object class attribute for a user is multi-valued and must contain the full list of all object classes needed for the user.

For example, the auxiliary class racfUserOvmSegment contains an attribute called racfOvmUid.

To successfully synchronize a value to this attribute for a user, the user object must contain the value racfUserOvmSegment in its object class attribute.

Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione