Resources › LDAP Resource Class—Secure LDAP Administration

LDAP Resource Class—Secure LDAP Administration

Valid on z/OS.

Use LDAP to secure authorization roles for LDAP administration.

When used with TSS ADDTO/REMOVE, this resource class has the following format:

TSS ADDTO(acid) LDAP(server) 

Prefix length

2-26 characters

Capacity of list

1-8 prefixes per TSS command

When used with TSS PERMIT or REVOKE, this resource class has the following format:

TSS PERMIT(acid) LDAP(server) 

Prefix length

1-246 characters

Capacity of list

1-8 prefixes per TSS command

This keyword is used with:

• The commands CREATE, ADDTO, REMOVE, PERMIT, REVOKE, ADMIN, DEADMIN, WHOOWNS, and WHOHAS
• The LDAP ACID types User, Profile, Department, Division, Zone, DCA, VCA, ZCA, LSCA, SCA, and MSCA when used with TSS ADDTO or REMOVE
• The LDAP ACID types User, Profile, DCA, VCA, ZCA, LSCA, SCA, and MSCA when used with TSS PERMIT or REVOKE
• LDAP (OWN) authority to ADDTO or REMOVE ownership of LDAP resources from ACIDs
• LDAP(XAUTH) authority to permit or revoke access to LDAP resources

The administrator can use any of the following methods to control access to SERVER resources: Expiration, Facility, Program Pathing, Time/Day, and Actions.

Examples: LDAP resource class

This example protects the resource by assigning ownership to the Corporate Department. After ownership is assigned, the administrator can PERMIT access to users or profiles.

TSS ADDTO(CORPORAT) LDAP(SERVER1)

This example PERMITs a user to access the password administrative role:

TSS PERMIT(JOHN01) LDAP(GLDSEC.ADMINROLE.PASSWD) ACCESS(READ)

This example revokes access to the password administrative role:

TSS REVOKE(JOHN01) LDAP(GLDSEC.ADMINROLE.PASSWD)