To modify connection settings
- In the Synchronization Service Administration Console, open the Connections tab.
-
Click Connection Settings below the existing IBM AS/400 connection you want to modify.
-
On the Connection Settings tab, click the Specify connection settings item to expand it and use the following options and use the options they provide:
- Server. Type or select the fully qualified DNS name of the IBM AS/400 server running the LDAP service.
- Port. Type the IBM AS/400 LDAP communication port number in use by the service.
- User name. Specify the fully distinguished name (DN) of the account under which the application will access the IBM AS/400 LDAP directory service.
- Password. specify the password of the user account under which the application will access the IBM AS/400 LDAP directory service. We recommend that you select the SSL check box if synchronizing sensitive data between connectors.
- Test Connection. Click this button to verify the specified connection settings.
-
Click Save.
This expandable item provides the following options that allow you to modify the connection settings:
- Server. Type or select the fully qualified DNS name of the IBM AS/400 server running the LDAP service. You can click Refresh to get a list of available servers.
- Port. Type the IBM AS/400 LDAP communication port number in use by the service.
- User name. Specify the fully distinguished name (DN) of the account under which the application will access the IBM AS/400 LDAP directory service.
- Password. specify the password of the user account under which the application will access the IBM AS/400 LDAP directory service. We recommend that you select the SSL check box if synchronizing sensitive data between connectors.
- Test Connection. Click this button to verify the specified connection settings.
This topic briefs about the additional points to consider when configuring the IBM AS/400 connector.
Using groups with IBM AS/400
The IBM AS/400 operating system does not have any concept of groups as discrete entities. Instead, an administrator creates a user profile which is used as a group profile. Other user profiles are then linked to this using the GrpPrf or SupGrpPrf parameters of the ChgUsrPrf command. The GrpPrf value maps to the os400-grpprf attribute in the IBM AS/400 schema, while the SupGrpPrf value maps to the os400-supgrpprf attribute. The IBM AS/400 Quick Connect mappings must be defined for users and groups to enable full user and group synchronization.
Optional IBM AS/400 account unlock during password reset function
You can optionally unlock a user's IBM AS/400 account at the same time as performing a password reset. This functionality is switched off by default and can be enabled by editing the connector's configuration file as follows:
Edit the file:
<Program Files folder>\One Identity\Active Roles\8.0.1\SyncService\AS400Connector_ConnectorConfig.xml
and add the following lines just before the </ConnectorInfo> which appears on the last line of the file:
<SelfConfig>
<EnableAccount>true</EnableAccount>
</SelfConfig>
Only the value true will enable the new functionality.
The LDAP password request sent to IBM AS/400 will then also include a request to modify the account status (os400-status=*ENABLED)).
The configuration file is read every time an LDAP connection is made to the IBM AS/400, so the new value will be picked up for the next set of synchronizations.
NOTE: If you edited ConnectorConfig.xml to implement the optional unlock of a user's IBM AS/400 account at the same time as performing a password reset in an earlier version of the connector for IBM AS/400, then you will need to repeat that edit after installing a later version.
This section describes how to create or modify a connection to an OpenLDAP directory service so that could work with data in that data system.
To create a connection to an OpenLDAP directory service, you need to use in conjunction with a special connector called OpenLDAP Connector. This connector is included in the package.
The OpenLDAP directory service Connector supports the following features:
Table 65: Supported features
Bidirectional synchronization
Allows you to read and write data in the connected data system. |
Yes |
Delta processing mode
Allows you to process only the data that has changed in the connected data system since the last synchronization operation, thereby reducing the overall synchronization operation time. |
No |
Password synchronization
Allows you to synchronize user passwords from an Active Directory domain to the connected data system. |
Yes |
In this section:
For instructions on how to rename a connection, delete a connection, modify synchronization scope for a connection, or specify password synchronization settings for a connection, see Synchronization Service Administration Guide.