Can IBM LDAP be used with CA Top Secret for z/VSE and z/VM?

book

Article ID: 16769

calendar_today

Updated On:

Products

CA Top Secret - VSE

Issue/Introduction

Compatibility with IBM LDAP and CA Top Secret for z/VSE and z/VSE



Can CA Top Secret for z/VSE and z/VM be configured to use IBM LDAP?

Environment

Release:
Component: TSSVSE

Resolution

From a CA Top Secret z/VSE and z/VM, IBM LDAP is just another program.

It needs to be authorized to any program, dataset and any CA Top Secret protected resource.

It is not treated any differently than any other batch program.

There is no built in functionality that allows CA Top Secret z/VSE and z/VM to communicate with IBM LDAP and update the security file.

CA has its own version of CA LDAP.

Currently, CA LDAP only runs on the z/OS platform. There arent any versions that run on z/VM/ z/VSE or z/Linux.

CA LDAP allows you to issue security checks, authenticate, extract information from the security file and make TSS administrative changes to CA Top Secret for z/OS.

CA PAM allows you to validate signons on z/Linux. It requires CA LDAP. When a signon occurs in z/Linux, CA PAM will make a call to CA LDAP and authenticate the userid and password. This means the userid and password must exist on CA Top Secret for z/OS.


If the validation is successful or unsuccessful, we let CA PAM know and it allows or fails the signon on z/Linux.

Currently there is no equivalent of CA PAM that runs on z/VM and z/VSE.