Is it possible for the user associated to the CALDAP started task be a UID of non-zero in ACF2? What rules are necessary to implement a user with a non-zero UID?

Release : 16.0

Component : CA LDAP Server for z/OS

ACF2 highly recommends using UID(0) for the started task user. With that said, it is possible to use another UID value. The following are a sample of rules needed to allow access for LDAP functions. 

SET RULE                                                          
RECKEY TCPIP ADD(-  UID(uidstring) R(A))                          
RECKEY slapd ADD(env.steplib  UID(uidstring) R(A))                
SET R(FAC)                                                        
RECKEY BPX ADD(DAEMON.HFSCTL UID(uidstring) SERVICE(READ) ALLOW)  
RECKEY BPX ADD(CONSOLE UID(uidstring) SERVICE(READ) ALLOW)        
RECKEY BPX ADD(FILE UID(uidstring) SERVICE(READ) ALLOW)           
RECKEY BPX ADD(SERVER UID(uidstring) SERVICE(READ) ALLOW)         
RECKEY BPX ADD(STOR.SWAP UID(uidstring) SERVICE(READ) ALLOW)      
RECKEY IARRSM ADD(LRGPAGES UID(uidstring) SERVICE(READ) ALLOW)    
SET R(SER)                                                        
RECKEY EZB ADD(STACKACCESS.- UID(uidstring) SERVICE(READ) ALLOW)  
RECKEY EZB ADD(PORTACCESS.- UID(uidstring) SERVICE(READ) ALLOW)   
RECKEY EZB ADD(NETACCESS.- UID(uidstring) SERVICE(READ) ALLOW)    

Every LDAP environment is unique. In order to ensure that all accesses are granted, run a SECTRACE on a test system for a while. This will show what possible attempts LDAP is making and resource(s) it may needed greater authority to.