I set this up on our HMC's last year. Works nicely. Make sure you are
current on HMC maintenance however, there was a bug if you have userids
that start with a "#" sign. The problem has been fixed.
We implemented this because it became a audit finding for not handling
these passwords according to our security standards(format, changes,
etc).
The problem with setup is that the documentation is not clear on how to
set it up. We select:
Locate by using the following name pattern
uid={0},ou=accounts,ou=b2e,dc=yourinfo,dc=yourinfo
you will have to work with your ldap folks, and come up with the proper
ou= and dc= values.
Dave
_________________________________________________________________
Dave Jousma
Assistant Vice President, Mainframe Services
[email protected]
1830 East Paris, Grand Rapids, MI 49546 MD RSCB1G
p 616.653.8429
f 616.653.8497
-----Original Message-----
From: IBM Mainframe Discussion List [mailto:[email protected]] On
Behalf Of Corjan Nota
Sent: Monday, April 06, 2009 7:25 AM
To: [email protected]
Subject: HMC and LDAP
Hello list,
With HMC 2.9.2 it's possible to protect operator logon to the HMC with
LDAP. Is anybody already using this functionality? If so, I' m very
interested in how it is setup. We are using now a standalone HMC not
connected to the LAN. Operators logon with the standard IBM passwords
and often mistakes are made.
What we like to have is that every operator must sign on to the HMC and
can be followed. For that reason we are thinking to setup a secure line
to our LDAP server residing on AIX (or is it better setting up an LDAP
server on z/OS?) and we want to arrange that our security department
defines all userids. Can you tell me which steps we have to take? Maybe
you can also tell someting about your experiences?
Thanks in advance for your reaction,
Corjan Nota
This e-mail transmission contains information that is confidential and may be
privileged. It is intended only for the addressee(s) named above. If you
receive this e-mail in error, please do not read, copy or disseminate it in any
manner. If you are not the intended recipient, any disclosure, copying,
distribution or use of the contents of this information is prohibited. Please
reply to the message immediately by informing the sender that the message was
misdirected. After replying, please erase it from your computer system. Your
assistance in correcting this error is appreciated.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
