Schema's are not available to connect ACF2 through LDAP currently nor has CA said they would provide the schema's You have to use the CA-LDAP server to even talk to ACF2 or Top Secret. The IBM ldap server will not do it directly, but can through a referral. You still need the CA-LDAP though to do that.
CA offers their own PAM module that bypasses the CA-LDAP server and connects to ACF2 through a proxy server on z/os uss. Works great! Your ACF2 system programmer should have the CD entitled CA PAM for zLinux. they provide both a binary and source on the CD. I did however find one flaw depending on your security settings that if you disallow Uppercase naming for the user/group names the PAM module adds new group as GRP#### where #### is the group ID your adding. Since our standard build for all Unixes is lower case we failed on the Group and i had to modify the source and rebuild to get it to work for us. William 'Doug' Carroll Mainframe Systems Engineer II Global Technology Infrastructure (614) 213-4954 Office (877) 899-1697 Pager (614) 244-9897 Fax http://www.bankone.com Rob van der Heij <[EMAIL PROTECTED] To: [EMAIL PROTECTED] m> cc: (bcc: William D Carroll/OH/ONE) Sent by: Linux on Subject: ACF2 LDAP (was Re: New 2.4.26 Patches) 390 Port <[EMAIL PROTECTED] IST.EDU> 09/22/2004 01:29 AM Please respond to Rob van der Heij On Tue, 21 Sep 2004 16:54:48 -0700, Ranga Nathan <[EMAIL PROTECTED]> wrote: > We will be on z/OS and soon z/VM. We run ACF2 on z/OS and I believe that > there is an LDAP server available for ACF2. I also understand that the > LDAP server is packaged with ACF2. That being the case, we should be able > to run LDAP clients on the virtual machines and centralize the security > administration. Sounds reasonable? Yes, if you want to use a central LDAP server you would install pam_ldap on your Linux servers and authenticate against the server. One of the questions though is whether you can have schemas with the right attributes to do full authentication. -- Rob van der Heij rvdheij @ gmail.com ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
