지금 지원 담당자와 채팅
지원 담당자와 채팅

Active Roles 7.5.3 - Synchronization Service Administration Guide

Synchronization Service Overview Deploying Synchronization Service Getting started Connections to external data systems
External data systems supported out of the box
Working with Active Directory Working with an AD LDS (ADAM) instance Working with Skype for Business Server Working with Oracle Working with Exchange Server Working with Active Roles Working with One Identity Manager Working with a delimited text file Working with Microsoft SQL Server Working with Micro Focus NetIQ Directory Working with Salesforce Working with ServiceNow Working with Oracle Unified Directory Working with an LDAP directory service Working with IBM DB2 Working with IBM AS/400 Working with an OpenLDAP directory service Working with IBM RACF connector Working with MySQL database Working with an OLE DB-compliant relational database Working with SharePoint Working with Microsoft Office 365 Working with Microsoft Azure Active Directory Working with SCIM
Using connectors installed remotely Creating a connection Renaming a connection Deleting a connection Modifying synchronization scope for a connection Using connection handlers Specifying password synchronization settings for a connection
Synchronizing identity data Mapping objects Automated password synchronization Synchronization history Scenarios of use Appendix A: Developing PowerShell scripts for attribute synchronization rules Appendix B: Using a PowerShell script to transform passwords

Working with IBM RACF connector

To create a connection to IBM RACF connector, you need to use Synchronization Service in conjunction with a special connector called IBM RACF Connector. This connector is included in the Synchronization Service package.

Table 67:  Supported features

Feature

Supported

Bidirectional synchronization

Allows you to read and write data in the connected data system.

Yes

Delta processing mode

Allows you to process only the data that has changed in the connected data system since the last synchronization operation, thereby reducing the overall synchronization operation time.

No

Password synchronization

Allows you to synchronize user passwords from an Active Directory domain to the connected data system.

Yes

Prerequsites

  • The IBM mainframe must have LDAP directory services installed and configured.

  • The IBM RACF connector can be installed on Microsoft Windows Server 2008 or later.

NOTE: There is an 8 character limit for user and group names on IBM RACF. The character limit is also applicable to the passwords on IBM RACF.

Creating a IBM RACF connection

To create a new connection

  1. In the Synchronization Service Administration Console, open the Connections tab.

  2. Click Add connection, and then use the following options:

    • Connection name. Type a descriptive name for the connection.

    • Use the specified connector. Select IBM RACF Connector.

  3. Click Next.

  4. On the Specify connection settings page, use the following options:

    • Server. Type the fully qualified DNS name of the IBM RACF server running the LDAP service.type the fully qualified DNS name of the IBM RACF server running the LDAP service.

    • Port. Type the fully qualified DNS name of the IBM RACF server running the LDAP service.

    • User name. Specify the fully distinguished name (DN) of the account that the application will use to access the IBM RACF LDAP directory service

    • Password. Specify the password of the user account that the application will use to access the IBM RACF LDAP directory service.

    • Test Connection. Click this button to verify the specified connection settings.

  5. Click Next.

  6. Click Finish to create a connection to IBM RACF connector.

 

Modifying a IBM RACF connection

To create a new connection

  1. In the Synchronization Service Administration Console, open the Connections tab.

  2. Click Connection Settings below the existing IBM RACF connection you want to modify.

  3. On the Connection Settings tab, click the Specify connection settings item to expand it and use the following options and use the options they provide:

    • Server. Type the fully qualified DNS name of the IBM RACF server running the LDAP service.type the fully qualified DNS name of the IBM RACF server running the LDAP service.

    • Port. Type the fully qualified DNS name of the IBM RACF server running the LDAP service.

    • User name. Specify the fully distinguished name (DN) of the account that the application will use to access the IBM RACF LDAP directory service

    • Password. specify the password of the user account that the application will use to access the IBM RACF LDAP directory service.

    • Test Connection. Click this button to verify the specified connection settings.

  4. Click Save.

Example of Mapping for Dataset Information

The IBM RACF connector can be used to synchronize IBM RACF dataset information. The LDAPX exit must be installed and configured for this functionality to be supported.

The examples in this topic shows how IBM RACF dataset information can be synchronised. IBM RACF dataset names contain asterisk characters and as such cannot be synchronised to AD which does not allow asterisk characters in names. As such, the example shows a synchronization to a Microsoft SQL database. It is assumed that Microsoft SQL Server and Microsoft SQL Server Manager have been installed and configured.

관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택