I found out yesterday that we will also be exploring using Windows AD for this and not zOS LDAP so any information that can be shared would be helpful. I believe somebody said they were getting an authentication error on their initial setup, and right now I have a lot of questions, as I was out of the office when this was initially brought up, but do know that we are looking at it for this year.
Regards, John Benik Senior Systems Management Analyst – zSeries Storage Delivery 11000 Optum Circle MN102 Eden Prairie, MN 55344 w)952-833-7765 c)612-616-3984 -----Original Message----- From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf Of Benik, John E Sent: Monday, January 23, 2023 8:48 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: LDAP with TS7700 and/or DS8K's I imagine HMC and LDAP would be for AOS access on the DS8K's, but it also sounds like setting up the TS7700 would be a little more involved and a little more complicated. I'd be curious as to the reasons you decided to go the LDAP direction, and any pros or cons you may have found. Regards, John Benik Senior Systems Management Analyst – zSeries Storage Delivery 11000 Optum Circle MN102 Eden Prairie, MN 55344 w)952-833-7765 c)612-616-3984 -----Original Message----- From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf Of Roger Lowe Sent: Thursday, January 19, 2023 5:03 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: LDAP with TS7700 and/or DS8K's On Wed, 18 Jan 2023 22:35:36 +0000, Benik, John E <john_e_be...@optum.com> wrote: >I saw several comments about HMC and LDAP, and I am curious is anybody using >LDAP with their TS7700's or just using the management interface for >authentication? I would also be curious if anybody has explored this option, >or is using it on the disk side but not the tape? It seems overly complicated >on the tape side, and adds another layer that we have to manage given the fact >that we have to setup a separate support ID, but I could be wrong. > > Again, we have setup our TS7700's to authenticate to zOS LDAP Servers using RACF as the backend and have been running like that for a couple of years without any issues. The documentation for the setup of this is poor and it did take a few tries to get it going. We did have to setup a 'service' account - this id has the RACF ROAUDIT attribute but no TSO/CICS segment, so it cant logon to a zOS system. We also then have a "VTS Group" defined to RACF, where all users who need access to the MI of the TS7700s gets connected to. There is DS8K support for a LDAP Sever for authentication but not for a zOS LDAP Server, so we are waiting for the day when IBM will provide that as well ........ ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN This e-mail, including attachments, may include confidential and/or proprietary information, and may be used only by the person or entity to which it is addressed. If the reader of this e-mail is not the intended recipient or intended recipient’s authorized agent, the reader is hereby notified that any dissemination, distribution or copying of this e-mail is prohibited. If you have received this e-mail in error, please notify the sender by replying to this message and delete this e-mail immediately. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN This e-mail, including attachments, may include confidential and/or proprietary information, and may be used only by the person or entity to which it is addressed. If the reader of this e-mail is not the intended recipient or intended recipient’s authorized agent, the reader is hereby notified that any dissemination, distribution or copying of this e-mail is prohibited. If you have received this e-mail in error, please notify the sender by replying to this message and delete this e-mail immediately. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN