In LDAP configuration, can PassTickets be used in place of dbuser and dbpasswdFile for Compliance Event Manager(CMGR). Is there other authentication method like certificate or passticket that can be used so there is no  need define a password for this ID?

Release : 15.1

Component : CA LDAP SERVER FOR Z/OS

PassTickets can be used in place of a password or password file with CA LDAP Server for Compliance Event Manager connection to DB2 for reporting.

The CA LDAP Server Compliance Manager backend connects to DB2 to query report information. You can configure the CA LDAP Server to use a PassTicket to connect to DB2. For CA Compliance Manager to generate a PassTicket to DB2, the CA Compliance Manager must have the slapd.conf dbptktappl option specified with the DB2 LINKNAME. The CA Compliance Manager also requires the ESM configuration steps listed in the following sections. The DB2 LINKNAME is the second part of the DB2 LUNAME and is used as the 'applid' in the PassTicket Configuration

Section: 'PassTicket Configuration' of the CA LDAP Server documentation provides details on CA LDAP Server slapd.conf dbptktappl option along with ACF2, Top Secret and RACF configuration of PassTickets:

Also see section: 'Database-Specific Options (CADB2)' in the CA LDP Server documentation which provides details on the use of the slapd.conf dbptktappl option in place of the dbpasswd option:

dbptktappl application ID 
Specifies the DB2 APPLID (Application ID) that is used to generate a PassTicket for CA LDAP DB2 backend operations. This value must match the LINKNAME value from the LUNAME parameter. If you do not use DDF, obtain this value from the DB2 setup job, DSNTIJUZ.

Note: When both dbpasswd and dbptktappl are specified, the dbpasswd option is used and no PassTicket generation attempt is made.

Example: dbptktappl DDFDSN9