Chat now with support
Chat with Support

Identity Manager 8.0 - LDAP Connector for CA ACF2 Reference Guide

How to initialize and configure the ACF2 LDAP connector

NOTE: The following sequence describes how you configure a synchronization project if the Synchronization Editor is in expert mode.

To set up initial synchronization project for ACF2

  1. Start the Synchronization Editor and log in.
  2. From the start page, select Start a new synchronization project

    This starts the Synchronization Editor's project wizard.

  3. Select ACF2 LDAP Connector on the Choose target system page.
  4. On the System access page, click Next.
  5. On the Create system connection page, select Create new system connection.
  6. On the system connection wizard start page, click Next.
  7. On the Network page:
    1. In the Server field, enter the DNS name or IP address of your mainframe server.
    2. In the Port field, enter the port number.
    3. Click on the Test button to make sure the server is accessible.
    4. The CA LDAP Server for z/OS supports LDAP v3. Enter the number 3 in the Protocol version
    5. If SSL is to be used, check the Use SSL box.
  8. On the Authentication page:
    1. Set the Authentication method to "Basic".
    2. In the Credentials section, enter the full DN and password of the administrator account on your ACF2 system. The account DN can take the format CN=<account id> or acf2lid=<account id>.
    3. Click Test to check that the credentials are valid.
  9. The schema will be loaded from the ACF2 system.

  10. Ignore the Define virtual classes page. Click Next.
  11. On the Search options page:
    1. In the Base DN drop-down list, select the correct base DN for your system.
    2. Ignore Use partitioned search.
  12. Ignore the Modification capabilities page. Click Next.
  13. Ignore the Auxiliary class assignment page. Click Next.
  14. On the System attributes page, in the Revision properties section, deselect the "createTimestamp" and "modifyTimestamp" entries by double clicking on them.
  15. Ignore the Select dynamic group attributes page. Click Next.
  16. Ignore the Password settings page. Click Next.
  17. Click Finish.

    This takes you back to the Synchronization Editor's project wizard.

  18. Enter the database connection data on the One Identity Manager connection page.
  19. This will load the ACF2 schema into your One Identity Manager. Wait for this to complete.
  20. On the Select project template page, select Create blank project.
  21. On the General page, enter a display name for your synchronization project and set a scripting language if required.
  22. Click Finish to complete the project wizard.
  23. Select Activate project to activate the project.
Related Topics

System Variables

The following system variables need to be defined for the attribute mappings. For more detailed information about variables, see the One Identity Manager Target System Synchronization Reference Guide.

Table 1: System variables
Name Value
IdentDomain The name of your ACF2 domain e.g. MAINFRAME2
UserLocation Parent DN of your ACF2 user container, e.g. acf2admingrp=lids,host=mainframe2,o=mycompany,c=com
Related Topics

Domain Filter Setting

A domain filter needs to be created to identify information that has been retrieved from the ACF2 database to keep it separate from other imported data.

  1. Update the One Identity Manager schema so that all entries are included.
    1. In the Synchronization Editor, open your ACF2 project.
    2. Select the category Configuration | One Identity Manager connection.
    3. Then in the "General" section on the right-hand side, click Update schema.
    4. Click on Yes in the next two dialog boxes.
    5. Click Ok when completed.
  2. In the Manager
    1. Select the category LDAP | Domains.
    2. In the result list toolbar, click .
    3. Enter at least the following general master data on the General tab.
      Table 2: Domain Master Data



      Display name Display name e.g. ACF2 Domain
      Distinguished name Distinguished name of the domain e.g. host=mainframe2,o=mycompany,c=com
      Domain Domain name e.g. MAINFRAME2
      Structural object class Structural object class representing the object type, enter DCOBJECT
    4. Save the changes.
  3. In the Synchronization Editor, open your ACF2 project.
    1. Select the category Configuration | One Identity Manager connection.

    2. Select the Scope view and click Edit scope.

    3. Select the object type LDPDomain in the Scope hierarchy list and set the Object filter to: Ident_Domain =’$IdentDomain$’.
    4. Save the changes.

For more detailed information about scopes, see the One Identity Manager Target System Synchronization Reference Guide.

Related Topics

User Mapping Information

This section shows a possible mapping between a user account in ACF2 and the standard One Identity Manager database table called LDAPAccount.

  • Set up a new mapping from LDAPAccount(all) to acf2lid(all).

For more detailed information about setting up mappings, see the One Identity Manager Target System Synchronization Reference Guide.

Detailed information about this topic
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating