Identity Manager 8.0.2 - LDAP Connector for IBM AS/400 Reference Guide

Initializing and Configuring the LDAP Connector for IBM AS/400

This document describes how to initialize and configure the AS/400 LDAP connector into an existing One Identity Manager system. This enables a One Identity Manager system to access, read and update data stored on an AS/400 system. 

NOTE: Although the AS/400 system has been given more recent names such as iSeries and System i, it will be referred to as AS/400 throughout this document.
Detailed information about this topic

Pre-requisites

  • The AS/400 computer must have IBM AS/400 Directory Services installed and configured.
  • A service account must be created on your AS/400 server which has the appropriate permissions to administer users and groups on this platform:
    • Security administrator (*SECADM) special authority rights;
    • Object management (*OBJMGT) rights over the user profile accounts that are to be managed;
    • Use (*USE) rights over the user profile account(s) that are to be managed;
    • The service account must be set up as a projected user.

NOTE: Before attempting to connect to the AS/400 Directory Services LDAP Server with the One Identity Manager connector, it is recommended to first check that the LDAP server is running correctly. This can be tested with any LDAP browser for example the LDP.exe tool from Microsoft. For more information, see your LDAP browser documentation.

Platform Support

  • The AS/400 LDAP connector has been verified for synchronization against os-400 V7R1 or later.

How to initialize and configure the AS/400 LDAP connector

NOTE: The following sequence describes how you configure a synchronization project if the Synchronization Editor is in expert mode.

To set up initial synchronization project for AS/400

  1. Start the Synchronization Editor and log in.
  2. From the start page, select Start a new synchronization project

    This starts the Synchronization Editor's project wizard.

  3. Select AS/400 LDAP Connector on the Choose target system page.
  4. On the System access page, click Next.
  5. On the Create system connection page, select Create new system connection.
  6. On the system connection wizard start page, click Next.
  7. On the Network page:
    1. In the Server field, enter the DNS name or IP address of your mainframe server.
    2. In the Port field, enter the port number.
    3. Click on the Test button to make sure the server is accessible.
    4. IBM AS/400 Directory Services supports LDAP v3. Enter the number 3 in the Protocol version.
    5. If SSL is to be used, check the Use SSL box.
  8. On the Authentication page:
    1. Set the Authentication method to "Basic".
    2. In the Credentials section, enter the full DN and password of the administrator account on your AS/400 system.
    3. Click Test to check that the credentials are valid.
  9. The schema will be loaded from the AS/400 system.
  10. Ignore the Define virtual classes page. Click Next.
  11. On the Search options page:
    1. In the Base DN drop-down list, select the correct base DN for your system. It should begin with OS400-SYS=.
    2. Ignore the Use paged search check box.
  12. Ignore the Modification capabilities page. Click Next.
  13. Ignore the Auxiliary class assignment page. Click Next.
  14. On the System attributes page, in the Revision properties section, deselect the "createTimestamp" and "modifyTimestamp" entries by double clicking on them.
  15. Ignore the Select dynamic group attributes page. Click Next.
  16. Ignore the Password settings page. Click Next.
  17. Click Finish.

    This takes you back to the Synchronization Editor's project wizard.

  18. Enter the database connection data on the One Identity Manager connection page.
  19. This will load the AS/400 schema into your One Identity Manager. Wait for this to complete.
  20. On the Select project template page, select Create blank project.
  21. On the General page, enter a display name for your synchronization project and set a scripting language if required.
  22. Click Finish to complete the project wizard.
  23. Select Activate project to activate the project.
Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents