Too bad you can't use the LDAP to signon to TSO.. I understand what your saying Timothy. The big trick as we have found is design.. Plan seems to be a bad 4 letter word
Scott ford www.identityforge.com On Jul 24, 2012, at 8:06 PM, Timothy Sipples <[email protected]> wrote: > Shmuel Metz writes: >> No, you answered a different question. Can you log on to a TSO >> foreground session using a long userid that is not defined in TDS but >> only in a 3rd party LDAP server. > > TSO/E unaided supports up to 7 character IDs. (Let's not call them user IDs > for now. They could be individual humans or not.) > > However, you can build and deploy whatever challenge(s) you want in front > and/or behind that. You can use the LDAP client provided with base z/OS as > the fundamental building block for that/those challenge(s). LDAP is LDAP -- > assuming your third party LDAP server is standards compliant. The TSO/E ID > could even be stored and retrieved from that LDAP server and automatically > provided to TSO/E if you wish. > > I'm not necessarily recommending (nor not not recommending) you do that. > (Conveniently IBM also provides a wonderful LDAP server in base z/OS.) But > I think you can do what you want with the ingredients in base z/OS and a > little effort above that. > > -------------------------------------------------------------------------------------------------------- > Timothy Sipples > Resident Enterprise Architect (Based in Singapore) > E-Mail: [email protected] > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
