Does the LDAP interface to the mainframe ACF2 database provide capability beyond administration and authorization within the LIDs database? Can CA LDAP Server be used for provisioning or authentication of RULES or resources in INFOSTG?

book

Article ID: 14547

calendar_today

Updated On:

Products

CA-24X7 High-Availability Manager for DB2 for z/OS CA-Batch Processor Compile QQF CA Data Compressor for DB2 for z/OS Data Navigator for DB2 UDB for z/OS CA-DB Delivery for DB2 CA Unicenter NSM CA Log Compress DBA for DB2 Guide Online CA InfoRefiner Advantage InfoRefiner Advantage InfoRefiner Maint Upgrade CA InfoTransport Advantage InfoTransport Maint Upgrade Online Reorg for DB2 for z/OS CA RC/Update for DB2 for z/OS Query Analyzer RI Editor for DB2 for z/OS DB2 TOOLS- DATABASE MISC

Issue/Introduction



Does the LDAP interface to the mainframe ACF2 database provide capability beyond administration and authorization within the LIDs database? Can CA LDAP Server be used for provisioning or authentication of RULES or resources in INFOSTG? 

Environment

Release:
Component: GEN

Resolution

The CA Web Administrator for ACF2™ (CA Web Administrator) provides comprehensive CA ACF2 administration in a browser-based graphical user interface. Administration functions include: 

- Create, copy, modify, and delete logon IDs
- Add and delete Data Set, Resource, and DB2 rule lines
- Delete rules
- Create, modify, and delete the following CA ACF2 records:

  CPF, Cache, Data Profile, DCO, Entry, GSO, LDS, Scope, Shift, XREF, and Zone

- Issue native CA ACF2 commands from a command line
- The interactive command compile is not supported. 

Note: CA Web Administrator does not support digital certificates or compiled data profile records. 

CA Identify Manager allows for ACF2 Password Synchronization and Password Management. 

CA LDAP Server Resource/Dataset Authorization Checks 

You can use a CA LDAP Server search operation to perform authorization checks against the CA ACF2 Security database. Two different authorization checks are available for you to perform: 

RESCHECK
RESDATA 

The authorization checks can be done through ldapsearch command from an application
or from OMVS. 

Details can be found in the CA LDAP Server Documentation: CA System z Security Communication Servers (DSI, LDAP, PAM) - 15.1 section: "Using the Search Operation to Perform Resource Checks".