search cancel

Can IBM LDAP be used with CA Top Secret for z/VSE and z/VM?


Article ID: 16769


Updated On:


Top Secret - VSE


Compatibility with IBM LDAP and CA Top Secret for z/VSE and z/VSE

Can CA Top Secret for z/VSE and z/VM be configured to use IBM LDAP?


Component: TSSVSE


From a CA Top Secret z/VSE and z/VM, IBM LDAP is just another program.

It needs to be authorized to any program, dataset and any CA Top Secret protected resource.

It is not treated any differently than any other batch program.

There is no built in functionality that allows CA Top Secret z/VSE and z/VM to communicate with IBM LDAP and update the security file.

CA has its own version of CA LDAP.

Currently, CA LDAP only runs on the z/OS platform. There arent any versions that run on z/VM/ z/VSE or z/Linux.

CA LDAP allows you to issue security checks, authenticate, extract information from the security file and make TSS administrative changes to CA Top Secret for z/OS.

CA PAM allows you to validate signons on z/Linux. It requires CA LDAP. When a signon occurs in z/Linux, CA PAM will make a call to CA LDAP and authenticate the userid and password. This means the userid and password must exist on CA Top Secret for z/OS.

If the validation is successful or unsuccessful, we let CA PAM know and it allows or fails the signon on z/Linux.

Currently there is no equivalent of CA PAM that runs on z/VM and z/VSE.