Previous Topic: Sybase Server Connection Information

Next Topic: VMware ESX/ESXi Connection Information

Enterprise Administration GuideImplementing Privileged AccountsPUPM Endpoint and Privileged Account CreationCreate an EndpointRACF Connection Information

RACF Connection Information

The RACF endpoint type lets you manage privileged RACF accounts.

When you create the RACF endpoint, provide the following information to connect Enterprise Management Server to the endpoint:

User Login

Defines the name of an administrative user of the endpoint. PUPM uses this account to perform administrative tasks on the endpoint, for example, to connect to the endpoint, discover accounts, and change passwords.

Note the following points:

Important! If you specify the Use IBM LDAP option, enter the IBM LDAP user login.

Example: (CA LDAP) cn=user1,host=RACF,o=company,c=com

Example: (IBM LDAP) racfid=user1,profiletype=user,host=RACF,o=company,c=com

Important! Verify that the administrative user account has the NOEXPIRES operand with PASSWORD or PHRASE options assigned.

Password

Defines the password of the administrative user of the endpoint.

URL

Defines the URL that CA Access Control Enterprise Management can use to connect to the endpoint. The URL specifies a particular type of database server.

Example: (CA LDAP) ldap://host_name.company.com:1589

Example: (IBM LDAP) ldap://host_name.company.com:389

Use IBM LDAP

Specify if IBM LDAP manages RACF.

Note: If you specify the Use IBM LDAP option, then enter the IBM LDAP user login, password, and URL respectively.

Advanced

Specifies whether you want to use a privileged administrative account to perform administrative tasks on the endpoint, for example, to connect to the endpoint, discover accounts, and change passwords. For example, you can specify a privileged domain account that can perform administrative tasks on multiple endpoints.

If you specify this option, PUPM does not use the User Login account to perform administrative tasks.

Note: Specify a user account with administrative privileges on both itself and other users accounts.

Configure SSL Communication to the RACF Connector

We recommend that you secure the connection between RACF and CA Access Control over SSL. Using SSL you can encrypt data and can reduce security risks. You can configure the Enterprise Management Server to communicate with the RACF endpoint over SSL by installing the RACF certificate in the Enterprise Management Server.

Note: This procedure assumes that you have set up SSL on the RACF endpoint and acquired your RACF certificate.

Important! In environments that are configured for high availability, perform this procedure on all the Distribution and Connector Servers (Primary, Secondary, and Distribution servers).

Follow these steps:

  1. Click Windows Start Menu, Settings, Control Panel, Services.

    The Windows Services dialog appears.

  2. Stop CA Identity Manager - Connector Server (Java) service.
  3. Copy the RACF certificate to the following location: 
    CA_home\AccessControlServer\Connector Server\conf
    CA_home

    Specifies the directory where you have installed CA products.

  4. Open a command prompt window.
  5. Navigate to CA_home\AccessControlServer\Connector Server\conf
  6. Run the following command: 
    keytool -importcert -trustcacerts -file your_RACF_certificate -keystore ssl.keystore

    Note: When prompted for a password enter the communication password.

    The RACF certificate is registered with JCS.

  7. Open the Windows Services dialog.
  8. Start CA Identity Manager - Connector Server (Java) service.

You have successfully secured the connection between RACF and CA Access Control.