Thank you all for response. Our idea is to have common LDAP server running somewhere else and we want login on z/OS Ex TSO, CICS, DB2, Netview etc should be authenticate using LDAP server.
But the other option you mentioned in previous email, I could not able to understand having LDAP server running on z/OS and RACF as backend to authenticate. Can you please help in explaining the benefit of this kind of setup. Thanks once again. Regards On Thu, Nov 17, 2016 at 8:04 PM, Walt Farrell <[email protected]> wrote: > On Thu, 17 Nov 2016 14:23:42 +0530, venkat kulkarni < > [email protected]> wrote: > > >Hello, > > > >Do we have any way to implement LDAP on z/os for authentication purpose. > > Your question is unclear. > > If you mean "could we run an LDAP server on z/OS so that applications > running elsewhere can authenticate using that z/OS LDAP server," the answer > is yes, using RACF as the backend to your z/OS LDAP server. Some > application configuration adjustments might be needed, though. > > On the other hand, if you mean "could we run an LDAP server someplace else > such that logins on z/OS (e.g., TSO, CICS) would authenticate using that > LDAP server" the answer is no. Authentication on z/OS is generally via RACF. > > Of course, with a robust set of exits (and possibly some z/OS application > modifications) it might be possible for you to offload part of the RACF > authentication processing to an off-system LDAP server, but that would be a > lot of programming and would probably degrade login performance > significantly, especially for applications like CICS. > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
