search cancel

CA LDAP Server Resource Class CALDAP

book

Article ID: 227853

calendar_today

Updated On:

Products

LDAP SERVER FOR Z/OS Top Secret - LDAP

Issue/Introduction

As part of a post audit review to document all resource classes for products, where can a description about what the CALDAP resource class protects?

Environment

Release : 15.1

Component : CA ACF2 for z/OS

Resolution

The LDAP Server search operation can be used to perform authorization checks against the ACF2 Security database. The RESCHECK authorization check is one of the two different authorization checks available.

For the CA LDAP Server product 'CALDAP' is the default class that is uses for the RESCHECK authorization check that is done to check access to use the LOG and STATUS parameters of the logged in user. The LDAP Server performs one RACROUTE AUTH check for each LOG and STATUS keyword value against the logged in user ID per connection to the LDAP Server. The default class is CALDAP and the entity HLQ is LDAP. When the resource check is made, the full entity value is HLQ.RESCHK.LOG.keyword and HLQ.RESCHK.STATUS.keyword with an access level of READ. You can change the default class and entity HLQ that is used with the acfRescheckClass and acfRescheckEntity keywords.

Details can be found in section: 'RESCHECK' of the 'System z Security Communication Servers (DSI, LDAP, PAM) 15.1' documentation.