Chat now with support
Chat mit Support

Identity Manager 9.1 - LDAP Connector for CA ACF2 Reference Guide

How to initialize and configure the ACF2 LDAP connector

NOTE: The following sequence describes how you configure a synchronization project if the Synchronization Editor is in expert mode.

To set up initial synchronization project for ACF2

  1. Start the Synchronization Editor and log in.

  2. From the start page, select Start a new synchronization project

    This starts the Synchronization Editor project wizard.

  3. On the Choose target system page, select ACF2 LDAP Connector.

  4. On the System access page, click Next.

  5. On the Create system connection page, select Create new system connection.

  6. On the system connection wizard start page, click Next.

  7. On the Network page:

    1. In the Server field, enter the DNS name or IP address of your mainframe server.

    2. In the Port field, enter the port number.

    3. Click Test ensure the server is accessible.

    4. The CA LDAP server for z/OS supports LDAP v3. Enter the number 3 in the Protocol version

    5. If SSL is used, select the Use SSL check box.

  8. On the Authentication page:

    1. Set the Authentication method to Basic.

    2. In the Credentials section, enter the full DN and password of the administrator account on your ACF2 system. The account DN can take the format CN=<account id> or acf2lid=<account id>.

    3. Click Test to check that the credentials are valid.

    The schema is loaded from the ACF2 system.

  9. Ignore the Define virtual classes page. Click Next.

  10. On the Search options page:

    1. In the Base DN drop-down list, select the correct base DN for your system.

    2. Ignore Use partitioned search.

  11. Ignore the Modification capabilities page. Click Next.

  12. Ignore the Auxiliary class assignment page. Click Next.

  13. On the System attributes page, in the Revision properties section, clear the createTimestamp and modifyTimestamp entries by double-clicking them.

  14. Ignore the Select dynamic group attributes page. Click Next.

  15. Ignore the Password settings page. Click Next.

  16. Click Finish.

    This takes you back to the Synchronization Editor project wizard.

  17. On the One Identity Manager connection page, enter the database connection data.

    This loads the ACF2 schema into your One Identity Manager. Wait for this to complete.

  18. On the Select project template page, select Create blank project.

  19. On the General page, enter a display name for your synchronization project and set a scripting language if required.

  20. Click Finish.

  21. Select Activate project.

Related topics

System variables

The following system variables need to be defined for the attribute mappings. For more detailed information about variables, see the One Identity Manager Target System Synchronization Reference Guide.

Table 1: System variables
Name Value

IdentDomain

The name of your ACF2 domain, for example, MAINFRAME2

UserLocation

Parent DN of your ACF2 user container, for example, acf2admingrp=lids,host=mainframe2,o=mycompany,c=com

Related topics

Domain filter setting

A domain filter must be created to identify information that has been retrieved from the ACF2 database to keep it separate from other imported data.

  1. Update the One Identity Manager schema so that all entries are included.

    1. In the Synchronization Editor, open your ACF2 project.

    2. Select Configuration > One Identity Manager connection.

    3. In the General section, click Update schema.

    4. Click Yes in the next two dialogs.

    5. Click OK when complete.

  2. In the Manager

    1. Select LDAP > Domains.

    2. In the result list toolbar, click .

    3. On the General tab, enter the following general master data.

      Table 2: Domain master data

      Property

      Description

      Display name

      Display name, for example, ACF2 Domain

      Distinguished name

      Distinguished name of the domain, for example, host=mainframe2,o=mycompany,c=com

      Domain

      Domain name, for example, MAINFRAME2

      Structural object class

      Structural object class representing the object type; enter DCOBJECT

    4. Save the changes.

  3. In the Synchronization Editor, open your ACF2 project.

    1. Select Configuration > One Identity Manager connection.

    2. Select the Scope view and click Edit scope.

    3. Select the object type LDPDomain in the Scope hierarchy list and set the Object filter to Ident_Domain =’$IdentDomain$’.

    4. Save the changes.

For more detailed information about scopes, see the One Identity Manager Target System Synchronization Reference Guide.

Related topics

User mapping information

This section shows a possible mapping between a user account in CA ACF2 and the standard One Identity Manager database table called LDAPAccount.

  • Set up a new mapping from LDAPAccount(all) to acf2lid(all).

For more detailed information about setting up mappings, see the One Identity Manager Target System Synchronization Reference Guide.

Detailed information about this topic
Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen