This document describes how to initialize and configure the AS/400 LDAP connector into an existing One Identity Manager system. This enables a One Identity Manager system to access, read, and update data stored on an AS/400 system.
NOTE: Although the AS/400 system has been given more recent names, such as iSeries and System i, it will be referred to as AS/400 throughout this document.
Detailed information about this topic
-
The AS/400 computer must have IBM AS/400 Directory Services installed and configured.
-
A service account must be created on your AS/400 server that has the appropriate permissions to administer users and groups on this platform:
-
Security administrator (*SECADM) special authority rights
-
Object management (*OBJMGT) rights over the user profile accounts that are to be managed
-
Use (*USE) rights over the user profile accounts that are to be managed
-
Service account set up as a projected user
NOTE: Before attempting to connect to the AS/400 Directory Services LDAP server with the One Identity Manager connector, first check that the LDAP server is running correctly. This can be tested with any LDAP browser, for example, the LDP.exe tool from Microsoft. For more information, see your LDAP browser documentation.
The AS/400 LDAP connector has been verified for synchronization against os-400 V7R1 or later.
NOTE: The following sequence describes how you configure a synchronization project if the Synchronization Editor is in expert mode.
To set up initial synchronization project for AS/400
-
Start the Synchronization Editor and log in.
-
From the start page, select Start a new synchronization project.
This starts the Synchronization Editor project wizard.
-
On the Choose target system page, select AS/400 LDAP Connector.
-
On the System access page, click Next.
-
On the Create system connection page, select Create new system connection.
-
On the system connection wizard start page, click Next.
-
On the Network page:
-
In the Server field, enter the DNS name or IP address of your mainframe server.
-
In the Port field, enter the port number.
-
Click Test to make sure the server is accessible.
-
IBM AS/400 Directory Services supports LDAP v3. Enter the number 3 in the Protocol version.
-
If SSL is to be used, select the Use SSL check box.
-
On the Authentication page:
-
Set the Authentication method to Basic.
-
In the Credentials section, enter the full DN and password of the administrator account on your AS/400 system.
-
Click Test to check that the credentials are valid.
The schema is loaded from the AS/400 system.
-
Ignore the Define virtual classes page. Click Next.
-
On the Search options page:
-
In the Base DN drop-down list, select the correct base DN for your system. It should begin with OS400-SYS=.
-
Ignore the Use paged search check box.
-
Ignore the Modification capabilities page. Click Next.
-
Ignore the Auxiliary class assignment page. Click Next.
-
On the System attributes page, in the Revision properties section, clear the createTimestamp and modifyTimestamp entries by double-clicking them.
-
Ignore the Select dynamic group attributes page. Click Next.
-
Ignore the Password settings page. Click Next.
-
Click Finish.
This takes you back to the Synchronization Editor project wizard.
-
On the One Identity Manager connection page, enter the database connection data.
This loads the AS/400 schema into your One Identity Manager. Wait for this to complete.
-
On the Select project template page, select Create blank project.
-
On the General page, enter a display name for your synchronization project and set a scripting language if required.
-
Click Finish.
-
Select Activate project.