The following attributes have been verified for synchronization with this release, in addition to the password synchronization attribute. Other attributes can be synchronized by One Identity Quick Connect provided the attribute types are maintained between platforms (see Operating constraints).
Type of attribute |
Active Directory® attribute |
IBM AS/400® attribute |
---|---|---|
User |
sAMAccountName |
os400-profile |
User |
Any string field |
os400-text |
Group |
sAMAccountName |
os400-profile |
Group |
member |
os400-groupmember |
This section describes additional points to consider when configuring the IBM AS/400® connector.
The IBM AS/400® operating system does not have any concept of groups as discrete entities. Instead, an administrator creates a user profile which is used as a group profile. Other user profiles are then linked to this using the GrpPrf or SupGrpPrf parameters of the ChgUsrPrf command. The GrpPrf value maps to the os400-grpprf attribute in the AS/400 schema, while the SupGrpPrf value maps to the os400-supgrpprf attribute. The AS/400 Quick Connect mappings must be defined for users and groups to enable full user and group synchronization.
The instructions on the following pages describe how to create an Active Directory® to AS/400 user/group synchronization workflow.
You can optionally unlock a user's IBM AS/400® account at the same time as performing a password reset. This functionality is switched off by default and can be enabled by editing the connector's configuration file as follows:
Edit the file:
<Your Program Files folder>\One Identity\Quick Connect\AS400Connector\ConnectorConfig.xml
and add the following lines just before the </ConnectorInfo> which appears on the last line of the file:
<SelfConfig>
<EnableAccount>true</EnableAccount>
</SelfConfig>
Only the value true will enable the new functionality.
The LDAP password request sent to AS/400 will then also include a request to modify the account status (os-400-status=*ENABLED).
The configuration file is read every time an LDAP connection is made to the AS/400, so the new value will be picked up for the next set of synchronizations.
|
NOTE: If you edited ConnectorConfig.xml to implement the optional unlock of a user's AS/400 account at the same time as performing a password reset in an earlier version of the connector for AS/400, then you will need to repeat that edit after installing a later version |
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center