Chat now with support
Chat with Support

Identity Manager 9.2.1 - LDAP Connector for CA Top Secret Reference Guide

How to initialize and configure the Top Secret LDAP connector

NOTE: The following sequence describes how you configure a synchronization project if the Synchronization Editor is in expert mode.

To set up initial synchronization project for Top Secret

  1. Start the Synchronization Editor and log in.

  2. From the start page, select Start a new synchronization project

    This starts the Synchronization Editor's project wizard.

  3. On the Choose target system page, select Top Secret LDAP Connector.

  4. On the System access page, click Next.

  5. On the Create system connection page, select Create new system connection.

  6. On the system connection wizard start page, click Next.

  7. On the Network page:

    1. In the Server field, enter the DNS name or IP address of your mainframe server.

    2. In the Port field, enter the port number.

    3. Click the Test button to make sure the server is accessible.

    4. CA LDAP Server for z/OS supports LDAP v3. Enter the number 3 in the Protocol version.

    5. If SSL is to be used, check the Use SSL box.

  8. On the Authentication page:

    1. Set the Authentication method to Basic.

    2. In the Credentials section, enter the full DN and password of the administrator account on your Top Secret system.

    3. Click Test to check that the credentials are valid.

    The schema is loaded from the Top Secret system.

  9. Ignore the Define virtual classes page. Click Next.

  10. On the Search options page:

    1. In the Base DN drop-down, and select the correct base DN for your system.

    2. Ignore the Use partitioned search check box.

  11. Ignore the Modification capabilities page. Click Next.

  12. Ignore the Auxiliary class assignment page. Click Next.

  13. Ignore the System attributes page. Click Next.

  14. Ignore the Select dynamic group attributes page. Click Next.

  15. Ignore the Password settings page. Click Next.
  16. Click Finish.

    This takes you back to the Synchronization Editor project wizard.

  17. On the One Identity Manager connection page, enter the database connection data.

    This Top Secret schema loads into your One Identity Manager system. Wait for this to complete.

  18. On the Select project template page, select Create blank project.

  19. On the General page, enter a display name for your synchronization project and set a scripting language if required.

  20. Click Finish.

  21. Select Activate project.

System variables

The following system variables must be defined for the attribute mappings.

Table 1: System variables
Name Value

IdentDomain

The name of your Top Secret domain: for example, TOPSECRET1

UserLocation

Parent DN of your Top Secret user container: for example, tssadmingrp=acids,host=topsecret1,o=mycompany,c=com

GroupLocation

Parent DN of your Top Secret group container: for example, tssadmingrp=groups,host=topsecret1,o=mycompany,c=com

ProfileLocation

Parent DN of your Top Secret profile container: for example, tssadmingrp=profiles,host=topsecret1,o=mycompany,c=com

For more detailed information about variables, see the One Identity Manager Target System Synchronization Reference Guide.

Related topics

Domain filter setting

A domain filter must be created to identify information that has been retrieved from the Top Secret database to keep it separate from other imported data.

To create a domain filter:

  1. Update the One Identity Manager schema so that all entries are included.

    1. In the Synchronization Editor, open your Top Secret project.

    2. Select Configuration > One Identity Manager connection.

    3. In the General section, click Update schema.

    4. Click Yes in the next two dialogs.

    5. Click OK when completed.

  2. In the Manager

    1. Select LDAP > Domains.

    2. In the result list toolbar, click .

    3. On the General tab, enter the following general master data:

      Table 2: Domain master data

      Property

      Description

      Display name

      Display name: for example, Top Secret Domain

      Distinguished name

      Distinguished name of the domain: for example, host=topsecret1,o=mycompany,c=com

      Domain

      Domain name: for example, TOPSECRET1

      Structural object class

      Structural object class representing the object type: enter DCOBJECT

    4. Save the changes.
  3. In the Synchronization Editor, open your Top Secret project.

    1. Select Configuration > One Identity Manager connection.

    2. Select Scope view and click Edit scope.

    3. Select the object type LDPDomain in the Scope hierarchy list and set the Object filter to Ident_Domain =’$IdentDomain$’.

    4. Save the changes.

For more detailed information about scopes, see the One Identity Manager Target System Synchronization Reference Guide.

Related topics

User mapping information

This section shows a possible mapping between a user account in Top Secret and the standard One Identity Manager database table called LDAPAccount.

  • Set up a new mapping from LDAPAccount(all) to tssacid(all).

For more detailed information about setting up mappings, see the One Identity Manager Target System Synchronization Reference Guide.

Detailed information about this topic
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating