Connector GuidesConnectors GuideConnecting to EndpointsCA Top Secret ConnectorConnector-Specific FeaturesLDAP Directory Services (LDS) › Configuration and Usage

Previous Topic: Features

Next Topic: Implement LDS Password Syncing

Configuration and Usage

In order to configure your CA Top Secret system to drive requests through LDS to your Provisioning service, we recommend that you use the LDS Wizard provided within CA Identity Manager on the Endpoint property page, to create or modify the NDT record on your CA Top Secret system. This wizard is only active and usable if the appropriate version of CA Top Secret is running, which supports LDS.

Note: For CA Identity Manager users, you should only run this wizard from the Provisioning Manager.

If you choose not to use the wizard, then you must perform the following steps on the LDS record to invoke the LDS backend. For detailed information on LDS and setting up the LDS record, please refer to Chapter 13 of the CA Top Secret 5.3 Administrator Guide under LDAP Directory Services.

  1. Sign on to the mainframe CA Top Secret system and create an LDAP node definition with the TSS ADD(NDT) LDAPNODE(XXXXXX) command. Set the ADMDN (admin dn) as follows: 
    eTGlobalUserName=<user>,eTGlobalUserContainerName=Global Users, eTNamespaceName=CommonObjects,dc=XXX,dc=eta

    where eTGlobalUserName is the name of an Identity Manager global user that has full authority to the domain (DomainAdministrator). dc=XXX is the name of the Identity Manager domain for this LDAP node. The case for the domain name should be as it exists in CA Identity Manager.

  2. Set the ADMPSWD (admin password) to the correct password for the Identity Manager global user.
  3. Set the USERDNS (user dns) as follows: 
    eTGlobalUserName=%L,eTGlobalUserContainerName=Global Users,
eTNamespaceName=CommonObjects,dc=XXX,dc=lds

    where dc=XXX is the name of the Identity Manager domain for this LDAP node. The case for the domain name should be as it exists in CA Identity Manager.

  4. Set the OBJCLASS (object class) to eTGlobalUser.
  5. Set the URL (uniform resource locator) to the machine name or IP address that is running the Provisioning service. Make sure that this URL contains the correct port. 20389 is used in the example below: 
    LDAP://machine.ca.com:20389
  6. Add the appropriate XREF mappings between CA Top Secret fields and LDAP attributes as required.
  7. Recycle LDS and refresh the NDT by issuing the following commands: 
    TSS MODIFY(LDS(OFF))
TSS REP(NDT) ACTIVE(YES)
TSS MODIFY(LDS(ON))