vrtEntryDN is a virtual property, set to the DN of the object in the connector. This forms a unique ID to distinguish individual dataset objects on the RACF system.
To convert this mapping into an object matching rule
A message appears.
The following figure shows the above data set profile mapping in operation.
The RACF LDAP Connector can be used to execute any TSO command on the connected system if the Quest RACF TDS Exit has been installed and configured. This TSO command execution needs to be configured manually for the connector made available with One Identity Manager.
Create a custom defined process using the process component "MFRComponent". Use the server function "RACF LDAP connector" to specify the execution server. The One Identity Manager Service is installed on this server with the RACF LDAP connector.
For more detailed information about configuring the server and creating processes, see the One Identity Manager Configuration Guide.
The RACF user and group objects have a number of auxiliary classes available to add extra attributes. There are 12 of these auxiliary classes in total.
Auxiliary classes that can extend the RACF user object:
Auxiliary classes that can extend the RACF group object:
The list of the additional attributes that each of these makes available is given in Appendix: Auxiliary Classes.
When the RACF user or group object is viewed in the Synchronization Editor, all of the attributes made available by all of the above auxiliary classes are listed by default and can be used in user or group mappings. In order to make use of the additional attributes during a synchronization to RACF, the user or group object must contain the corresponding object class for each additional attribute, otherwise the attribute will be discarded. The object class attribute for a user is multi-valued and must contain the full list of all object classes needed for the user.
For example, the auxiliary class racfUserOvmSegment contains an attribute called racfOvmUid.
To successfully synchronize a value to this attribute for a user, the user object must contain the value racfUserOvmSegment in its object class attribute.