Connector GuidesConnectors GuideConnecting to EndpointsCA ACF2 ConnectorLDAP Directory Services (LDS) › Configuration and Usage

Previous Topic: LDS Features

Next Topic: Implement LDS Password Syncing
Configuration and Usage

In order to configure your CA ACF2 system to drive requests through LDS to your Provisioning service, we recommend that you use the LDS Wizard provided within CA Identity Manager on the Endpoint property page, to create or modify the LDS record on your ACF2 system. This wizard is only active and usable if the appropriate version of ACF2 is running, which supports LDS.

Note: For CA Identity Manager users, you should only run this wizard from the Provisioning Manager.

If you choose not to use the wizard, then you must perform the following steps on the LDS record to invoke the LDS backend. For detailed information on LDS and setting up the LDS record, see the CA ACF2 Administrator Guide.

  1. Sign on to the mainframe CA ACF2 system and create an LDS LDAP control record with the INSERT command. Set the ADMDN (admin dn) as follows: 
    eTGlobalUserName=<user>,eTGlobalUserContainerName=Global Users, eTNamespaceName=CommonObjects,dc=XXX,dc=eta

    where eTGlobalUserName is the name of an Identity Manager global user that has full authority to the domain (DomainAdministrator). dc=XXX is the name of the Identity Manager domain for this LDAP node. The case for the domain name should be as it exists in CA Identity Manager.

  2. Set the ADMPSWD (admin password) to the correct password for the Identity Manager global user.
  3. Set the USERDNS (user dns) as follows: 
    eTACFLidName=%L,eTACFLidContainerName=Accounts,
 eTACFDirectoryName-www,
 eTNamespaceName=CA-ACF2,dc=XXX,dc=eta

    where eTACFDirectoryName=www equals the CA ACF2 directoryname and dc=XXX is the name of the Identity Manager domain for this LDAP node. The case for the domain name should be as it exists in CA Identity Manager.

  4. Set the OBJCLASS (object class) to eTGlobalUser.
  5. Set the URL (uniform resource locator) to the machine name or IP address that is running the Provisioning service. Make sure that this URL contains the correct port. 20389 is used in the following example: 
    LDAP://machine.ca.com:20389
  6. Add the appropriate XREF mappings between ACF2 fields and LDAP attributes as required.
  7. Refresh LDS by issuing the following commands: 
    F ACF2,REFRESH(LDAP),TYPE(LDS)
  8. Confirm that LDS is started on the ACF2 system.