On Wed, 18 Jan 2023 22:35:36 +0000, Benik, John E <[email protected]> wrote:
>I saw several comments about HMC and LDAP, and I am curious is anybody using >LDAP with their TS7700's or just using the management interface for >authentication? I would also be curious if anybody has explored this option, >or is using it on the disk side but not the tape? It seems overly complicated >on the tape side, and adds another layer that we have to manage given the fact >that we have to setup a separate support ID, but I could be wrong. > > Again, we have setup our TS7700's to authenticate to zOS LDAP Servers using RACF as the backend and have been running like that for a couple of years without any issues. The documentation for the setup of this is poor and it did take a few tries to get it going. We did have to setup a 'service' account - this id has the RACF ROAUDIT attribute but no TSO/CICS segment, so it cant logon to a zOS system. We also then have a "VTS Group" defined to RACF, where all users who need access to the MI of the TS7700s gets connected to. There is DS8K support for a LDAP Sever for authentication but not for a zOS LDAP Server, so we are waiting for the day when IBM will provide that as well ........ ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
