Ok thanks again Alan, we will continue to work to get that going then(TDI and LDAP)
Paul -----Original Message----- From: Linux on 390 Port [mailto:[email protected]] On Behalf Of Alan Altmark Sent: Thursday, June 04, 2009 4:35 PM To: [email protected] Subject: Re: zVM RACF database synchronization On Thursday, 06/04/2009 at 04:06 EDT, "Ayer, Paul W" <[email protected]> wrote: > So we did install the LDAP server sometime ago in zVM and have been > trying to get something with TDI going. We spoke today with our normal > LDAP folks and they asked why .. if it's just keeping some LDAP files in > sync do we just not let LDAP do that all by it self as they indicated > that LDAP most often does that all by itself? So we read some more on > the zVM LDAP server and what it can do ... it seems I could without TDI > ... Do we really need TDI? I am told that yes, you really need TDI. I believe that you cannot use normal LDAP replication because passwords are not stored as files in the LDAP database and they are not extractable in a way that would be usable to your average replication daemon. > Also you state that with TDI we can only keep the passwords in sync .. > is there no way even with LDAP and TDI to add, change and delete > userids? If TDI can perform ldap-modify operations and you engage the SDBM instead of LDBM, it can add/delete/connect users and groups. You cannot add users to the RACF database with LDBM. Alan Altmark z/VM Development IBM Endicott ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
