Previous Topic: Firewall TechnologiesNext Topic: Integrated Cryptographic Services

z/OS Security Server SupportLDAP Server

LDAP Server

IBM provides a Lightweight Directory Access Protocol (LDAP) Server with z/OS that uses a DB2‑based file to store directory information such as email accounts.

To set up the z/OS LDAP Server with CA Top Secret

  1. Enter the commands: 
    TSS CREATE (LDAPGRP) TYPE(GROUP)
                     NAME(‘LDAP Group’)
                     DEPT(OMVSDEPT)
TSS ADD(LDAPGRP) GID(nn)

    A group definition for use with the LDAP Server is created. Any unused GID number is allowed.

  2. Enter the commands: 
    TSS CREATE(LDAPSRV) TYPE(USER)
                    NAME(‘LDAP Startup ID’)
                    DEPT(OMVSDEPT)
                    FACILITY(STC,BATCH)
                    PASS(password,0)

    TSS ADD(LDAPSRV) GROUP(LDAPGRP)
                 DFLTGRP(LDAPGRP)
                 HOME(/)
                 OMVSPGM(/bin/sh)
                 UID(0)

    TSS ADD(STC) PROCNAME(LDAPSRV)
             ACID(LDAPSRV)
TSS MODIFY(OMVSTABS)
The LDAP Server startup address space identifier is defined.
  3. Enter the commands: 
    TSS ADD(anydept)   IBMFAC(BPX.)

    TSS PERMIT(LDAPSRV) IBMFAC(BPX.DAEMON)
                    ACCESS(READ)

    TSS PERMIT(LDAPSRV) IBMFAC(BPX.SERVER)
                    ACCESS(UPDATE)

    The ACID for the LDAP server started task is granted access to the IBMFAC resources.