|
|
|
CA-ACF2 provides the ability to synchronize z/OS security information management with LDAP compliant directory managed servers. The LDS component of the CA-ACF2 system sends requests through LDAP commands to the Provisioning service and is directed to the LDS backend that is located on a Windows based PC.
The module that handles LDS processing within CA Identity Manager is named back_lds.dll (dynamic link library) and is intended to augment the functionality provided within CA Identity Manager and the CA ACF2 Security product. The CA Identity Manager LDS backend allows the user of the CA ACF2 for z/OS the ability to interface directly with the CA Identity Manager database.
When a command is issued on the CA ACF2 system to add a user, a Global User is created in the local CA Identity Manager database with the specified password. Additionally, if the user is to be associated with a Provisioning Role, the CA Identity Manager inclusion will be generated to associate this user with the desired provisioning role(s).
When a command is issued to the CA ACF2 system to change the password, or any other mapped field of a user, a change results in the local CA Identity Manager database and optionally is propagated to all necessary platforms.
When a command is issued to the CA ACF2 system to delete a user, the Global User is deleted from the local CA Identity Manager database and any associated inclusions are removed. Depending upon the platform and CA Identity Manager settings, this may also result in the deletion of accounts on other platforms.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |