There are lots of choices, but I think I would investigate z/OS LDAP first.
Head on over to the z/OS library and look for a publication entitled "IBM Tivoli Directory Server Administration and Use for z/OS." (Current IBM publication number is SC23-5191-02.) Then take a look at Section 2.4 (Chapter 16): "Accessing RACF Information." That should be a good starting point. The IBM Tivoli Directory Server for z/OS is included with the z/OS Security Server (RACF) at no additional charge (for several years now -- it's new/improved in most recent z/OS releases). If you've got RACF, you've got the Tivoli Directory Server too. Note that this is even easier if you're running the application in WebSphere Application Server for z/OS. Java Enterprise Edition has a standard security model. WAS for z/OS can use RACF directly as the backend for supporting that security model. So if you want to do this in a less brittle/easier to maintain sort of way, without writing and maintaining even one extra line of code, that'd be an even better option -- and more secure because it's full JEE security model support that the application can fully exploit throughout its execution. (There's also no network hop.) Just run the application (or at least that part of it, such as a particular EJB) on WAS z/OS and RACF comes along for the ride. But yes, any competent Java programmer should find it quite easy to make an LDAP request to any LDAP server, including z/OS's. Java has had built-in methods to do this for many years. If the above is unclear, please let me know and I'll post a follow-up. Enjoy. - - - - - Timothy Sipples IBM Consulting Enterprise Software Architect Based in Tokyo, Serving IBM Japan / Asia-Pacific E-Mail: [email protected] ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
