search cancel

Creating an Alias for a user catalog when inserting a new logonid using CA Web Administrator for ACF2 via CA LDAP Server is not being done.


Article ID: 50072


Updated On:


ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC 24X7 High-Availability Manager for DB2 for z/OS Batch Processor Compile QQF Data Compressor for DB2 for z/OS CA Unicenter NSM RC/Update for DB2 for z/OS DB2 TOOLS- DATABASE MISC PanApt PanAudit Top Secret Top Secret - LDAP



The CAACF2_UTF backend has an option that will automatically create an alias when the TSO attribute is included with the insert of a new logonid.
This is not working for me - what is wrong?
Here is what I have in the slapd.conf file for CA LDAP Server:

CreateAlias Relate(' SYS1.MASTCAT')

The logonid is inserted in the ACF2 database, but there is no alias created.

The problem here is that the CreateAlias is being specified incorrectly.


The correct format of the CreateAlias in the CA LDAP Server configuration file - slapd.conf is:

CreateAlias usercat mastercat

For Example: If you want to setup CA LDAP Server to create an alias for each TSO userid created in TSOZ.USERCAT you would specify the CreateAlias parameter in the CA LDAP slapd.conf file as..


No quotes are needed around the catalog name. If you only want to use the master catalog, which is the default, then you can just code the CreateAlias statement with the user catalog name.

One other thing that is needed, is that the LDAP address space needs authority to spawn tasks, and be a superuser. That can be done by either giving the logonid record an OMVS profile with UID(0), or coding up some BPX rules in the FACILITY class to give the logonid the needed access.

Here is a sample of the needed rules:

$KEY(BPX) TYPE(FAC)        
 DAEMON UID(uid string of LDAP lidrec) SERVICE(READ) ALLOW 
 SUPERUSER UID(uid string of LDAP lidrec) ALLOW

Since the FAC rules are resident, make sure command: F ACF2,REBUILD(FAC) is issued after any rule changes.


Component: ACFLDP