Read the information in this section before you install the RACF LDAP Connector.
Detailed information about this topic
User and group identifier
The LDAP implementation for RACF uses the racfid attribute to store the user name in a user object and the group name in a group object. The object containing the attribute defines whether it is referring to a user or a group.
RACF system users
RACF creates three special or system users which can be listed with an LDAP call. They are called iicerta, iimulti and iisitec. These system users cannot (and must not) be altered by the connector through an LDAP call, so are filtered out by the connector, i.e. when returning a list of all users in the RACF database, these three users will not be listed.
How to initialize and configure the RACF LDAP connector
|NOTE: The following sequence describes how you configure a synchronization project if the Synchronization Editor is in expert mode.|
To set up initial synchronization project for RACF
- Start the Synchronization Editor and log in.
- From the start page, select Start a new synchronization project.
This starts the Synchronization Editor's project wizard.
- Select RACF LDAP Connector on the Choose target system page.
- On the System access page, click Next.
- On the Create system connection page, select Create new system connection.
- On the system connection wizard start page, click Next.
- On the Network page:
- In the Server field, enter the DNS name or IP address of your mainframe server.
- In the Port field, enter the port number.
- Click on the Test button to make sure the server is accessible.
- The Tivoli Directory Server for z/OS supports LDAP v3. Enter the number 3 in the Protocol version.
- If SSL is to be used, check the Use SSL box.
- On the Authentication page:
- Set the Authentication method to "Basic".
- In the Credentials section, enter the full DN and password of the administrator account on your RACF system.
- Click Test to check that the credentials are valid.
- The schema will be loaded from the RACF system.
- On the Search options page:
- In the "Base DN for searches" drop-down list, select the correct base DN for your system.
- Uncheck the "Use paged search" check box.
- In the Base DN drop-down list, select the correct base DN for your system.
- Uncheck the Use paged search check box.
- On the System attributes page, in the Revision properties section, deselect the "createTimestamp" and "modifyTimestamp" entries by double clicking on them.
- Click Finish.
This takes you back to the Synchronization Editor's project wizard.
- Enter the database connection data on the One Identity Manager connection page.
- This will load the RACF schema into your One Identity Manager. Wait for this to complete.
- On the Select project template page, select Create blank project.
- On the General page, enter a display name for your synchronization project and set a scripting language if required.
- Click Finish to complete the project wizard.
- Select Activate project to activate the project.