Chatta subito con l'assistenza
Chat con il supporto

Quick Connect for AS400 1.4 - Installation and Configuration Guide

Configuring the IBM AS/400® Connector attributes

Installing and configuring One Identity Quick Connect for IBM AS/400® > Configuring the IBM AS/400® Connector attributes

Configuring the IBM AS/400® Connector attributes

The following attributes have been verified for synchronization with this release, in addition to the password synchronization attribute. Other attributes can be synchronized by One Identity Quick Connect provided the attribute types are maintained between platforms (see Operating constraints).

Table 1: IBM AS/400® Connector attributes

Type of attribute

Active Directory® attribute

IBM AS/400® attribute

User

sAMAccountName

os400-profile

User

Any string field

os400-text

Group

sAMAccountName

os400-profile

Group

member

os400-groupmember

 

Additional considerations

This section describes additional points to consider when configuring the IBM AS/400® connector.

Using groups with IBM AS/400

Using groups with IBM AS/400®

The IBM AS/400® operating system does not have any concept of groups as discrete entities. Instead, an administrator creates a user profile which is used as a group profile. Other user profiles are then linked to this using the GrpPrf or SupGrpPrf parameters of the ChgUsrPrf command. The GrpPrf value maps to the os400-grpprf attribute in the AS/400 schema, while the SupGrpPrf value maps to the os400-supgrpprf attribute. The AS/400 Quick Connect mappings must be defined for users and groups to enable full user and group synchronization.

The instructions on the following pages describe how to create an Active Directory® to AS/400 user/group synchronization workflow.

Optional IBM AS/400 account unlock during password reset function

Optional IBM AS/400® account unlock during password reset function

You can optionally unlock a user's IBM AS/400® account at the same time as performing a password reset. This functionality is switched off by default and can be enabled by editing the connector's configuration file as follows:

Edit the file:

<Your Program Files folder>\One Identity\Quick Connect\AS400Connector\ConnectorConfig.xml

and add the following lines just before the </ConnectorInfo> which appears on the last line of the file:

<SelfConfig>

<EnableAccount>true</EnableAccount>

</SelfConfig>

Only the value true will enable the new functionality.

The LDAP password request sent to AS/400 will then also include a request to modify the account status (os-400-status=*ENABLED).

The configuration file is read every time an LDAP connection is made to the AS/400, so the new value will be picked up for the next set of synchronizations.

NOTE: If you edited ConnectorConfig.xml to implement the optional unlock of a user's AS/400 account at the same time as performing a password reset in an earlier version of the connector for AS/400, then you will need to repeat that edit after installing a later version
Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione