Read the information in this section before you install the RACF LDAP connector.
Read the information in this section before you install the RACF LDAP connector.
The LDAP implementation for RACF uses the racfid attribute to store the user name in a user object and the group name in a group object. The object containing the attribute defines whether it is referring to a user or a group.
RACF creates three special or system users that can be listed with an LDAP call. They are iicerta, iimulti, and iisitec. These system users cannot be altered by the connector through an LDAP call, so they are filtered by the connector. For example, when returning a list of all users in the RACF database, these three users will not be listed.
NOTE: The following sequence describes how you configure a synchronization project if the Synchronization Editor is in expert mode.
To set up initial synchronization project for RACF
Start the Synchronization Editor and log in.
From the start page, select Start a new synchronization project.
This starts the Synchronization Editor project wizard.
On the Choose target system page, select RACF LDAP Connector.
On the System access page, click Next.
On the Create system connection page, select Create new system connection.
On the system connection wizard start page, click Next.
On the Network page:
In the Server field, enter the DNS name or IP address of your mainframe server.
In the Port field, enter the port number.
Click Test to ensure the server is accessible.
The Tivoli Directory Server for z/OS supports LDAP v3. Enter the number 3 in the Protocol version.
If SSL is to be used, select the Use SSL check box.
On the Authentication page:
For basic authentication, do the following:
Set the Authentication method to Basic.
In the Credentials section, enter the full DN and password of the administrator account on your RACF system.
Click Test to check that the credentials are valid.
For external (client certificate) authentication, do the following:
Set the Authentication method to External.
In the Client Certificate section, enter the 40 character SHA1 thumbprint of the locally stored client certificate to be used for authentication.
This thumbprint can be obtained from the Microsoft Management Console snap-in for managing certificates.
NOTE: The certificate must be installed in the Personal area of the Current User certificate store.
Click Test to check that the credentials are valid.
The schema is loaded from the RACF system.
On the Search options page:
In the Base DN for searches drop-down list, select the correct base DN for your system.
Clear the Use paged search check box.
On the System attributes page, in the Revision properties section, clear the createTimestamp and modifyTimestamp entries by double-clicking them.
Click Finish.
This takes you back to the Synchronization Editor project wizard.
On the One Identity Manager connection page, enter the database connection data.
This loads the RACF schema into One Identity Manager. Wait for this to complete.
On the Select project template page, select Create blank project.
On the General page, enter a display name for your synchronization project and set a scripting language if required.
Click Finish.
Select Activate project.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center