Re: HMC and LDAP
Thank you for asking. Yes I did, tested and verified. We're going to migrate all user HMC accounts to LDAP authentication next week. Mark Jacobs Sent from ProtonMail, Swiss-based encrypted email. GPG Public Key - https://api.protonmail.ch/pks/lookup?op=get=markjac...@protonmail.com --- Original Message --- On Thursday, January 19th, 2023 at 9:50 AM, Dave Jousma <01a0403c5dc1-dmarc-requ...@listserv.ua.edu> wrote: > On Fri, 13 Jan 2023 19:58:32 +, Mark Jacobs markjac...@protonmail.com > wrote: > > > Has anyone setup their HMC to authenticate users to an ldap server? I'm not > > having much luck constructing the search filter that selects the user's > > entry in the directory. > > > > Mark Jacobs > > > Mark, > > did you get an answer to this? we've been doing it for years now to AD/ED. > HTH. > > Directory Entry Location > How to locate a user's directory entry: Use a DN pattern > Distinguished name pattern: uid={0},ou=accounts,ou=b2e,dc=53,dc=com > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: HMC and LDAP
On Fri, 13 Jan 2023 19:58:32 +, Mark Jacobs wrote: >Has anyone setup their HMC to authenticate users to an ldap server? I'm not >having much luck constructing the search filter that selects the user's entry >in the directory. > >Mark Jacobs > Mark, did you get an answer to this? we've been doing it for years now to AD/ED. HTH. Directory Entry Location How to locate a user's directory entry: Use a DN pattern Distinguished name pattern: uid={0},ou=accounts,ou=b2e,dc=53,dc=com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: HMC and LDAP
On 1/17/23 6:25 AM, Carmen Vitullo wrote: all the local accounts are still available, line sysprog, and acsadmin, sysprog is probobly the only account you can use remotely Thank you for clarification Carmen. :-) -- Grant. . . . unix || die -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: HMC and LDAP
I'll get this and send the format to you to your email Carmen On 1/15/2023 10:26 AM, Mark Jacobs wrote: Perfect, Thank you very much. Mark Jacobs Sent from ProtonMail, Swiss-based encrypted email. GPG Public Key - https://api.protonmail.ch/pks/lookup?op=get=markjac...@protonmail.com --- Original Message --- On Sunday, January 15th, 2023 at 11:11 AM, Pete Vit wrote: I can send you the format for our binder account next week if you like We authenticate a windows AD Carmen Sent from my iPad On Jan 14, 2023, at 2:47 PM, Mark Jacobs 0224d287a4b1-dmarc-requ...@listserv.ua.edu wrote: Hmm. That's good to know. I didn't even think to use a z/OS LDAP server. I'm not sure whether we're running it. I was attempting to authenticate to our active directory server, but I'm getting an authentication error. I was hoping that someone else is doing the same and could assist on how to specify search filter. Mark Jacobs Sent from ProtonMail, Swiss-based encrypted email. GPG Public Key - https://api.protonmail.ch/pks/lookup?op=get=markjac...@protonmail.com --- Original Message --- On Saturday, January 14th, 2023 at 3:18 PM, Roger Lowe roger_l...@bigpond.com wrote: On Fri, 13 Jan 2023 19:58:32 +, Mark Jacobs markjac...@protonmail.com wrote: Has anyone setup their HMC to authenticate users to an ldap server? I'm not having much luck constructing the search filter that selects the user's entry in the directory. I have setup our System z HMCs to authenticate users to a zOS LDAP Server using RACF as the backend and has been working successfully for a number of years. The DN pattern used in the HMC for RACF is - racfid={0},profiletype=user,sysplex= (the '' is the suffix you specify in the DSCONF file) Roger -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- Carmen -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: HMC and LDAP
all the local accounts are still available, line sysprog, and acsadmin, sysprog is probobly the only account you can use remotely Carmen On 1/14/2023 8:18 PM, Grant Taylor wrote: On 1/14/23 1:18 PM, Roger Lowe wrote: I have setup our System z HMCs to authenticate users to a zOS LDAP Server using RACF as the backend and has been working successfully for a number of years. I like the self hosted nature. But what happens when you need to get into the HMC when the LDAP server is unreachable for some reason? Is there a local fall back account that is used? -- Carmen -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: HMC and LDAP
Perfect, Thank you very much. Mark Jacobs Sent from ProtonMail, Swiss-based encrypted email. GPG Public Key - https://api.protonmail.ch/pks/lookup?op=get=markjac...@protonmail.com --- Original Message --- On Sunday, January 15th, 2023 at 11:11 AM, Pete Vit wrote: > I can send you the format for our binder account next week if you like > We authenticate a windows AD > Carmen > > Sent from my iPad > > > On Jan 14, 2023, at 2:47 PM, Mark Jacobs > > 0224d287a4b1-dmarc-requ...@listserv.ua.edu wrote: > > > > Hmm. That's good to know. I didn't even think to use a z/OS LDAP server. > > I'm not sure whether we're running it. I was attempting to authenticate to > > our active directory server, but I'm getting an authentication error. I was > > hoping that someone else is doing the same and could assist on how to > > specify search filter. > > > > Mark Jacobs > > > > Sent from ProtonMail, Swiss-based encrypted email. > > > > GPG Public Key - > > https://api.protonmail.ch/pks/lookup?op=get=markjac...@protonmail.com > > > > --- Original Message --- > > > > > On Saturday, January 14th, 2023 at 3:18 PM, Roger Lowe > > > roger_l...@bigpond.com wrote: > > > > > > > On Fri, 13 Jan 2023 19:58:32 +, Mark Jacobs > > > > markjac...@protonmail.com wrote: > > > > > > > > Has anyone setup their HMC to authenticate users to an ldap server? I'm > > > > not having much luck constructing the search filter that selects the > > > > user's entry in the directory. > > > > > > I have setup our System z HMCs to authenticate users to a zOS LDAP Server > > > using RACF as the backend and has been working successfully for a number > > > of years. > > > > > > The DN pattern used in the HMC for RACF is - > > > racfid={0},profiletype=user,sysplex= (the '' is the suffix you > > > specify in the DSCONF file) > > > > > > Roger > > > > > > -- > > > For IBM-MAIN subscribe / signoff / archive access instructions, > > > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > > > -- > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: HMC and LDAP
I can send you the format for our binder account next week if you like We authenticate a windows AD Carmen Sent from my iPad > On Jan 14, 2023, at 2:47 PM, Mark Jacobs > <0224d287a4b1-dmarc-requ...@listserv.ua.edu> wrote: > > Hmm. That's good to know. I didn't even think to use a z/OS LDAP server. I'm > not sure whether we're running it. I was attempting to authenticate to our > active directory server, but I'm getting an authentication error. I was > hoping that someone else is doing the same and could assist on how to specify > search filter. > > Mark Jacobs > > Sent from ProtonMail, Swiss-based encrypted email. > > GPG Public Key - > https://api.protonmail.ch/pks/lookup?op=get=markjac...@protonmail.com > > > --- Original Message --- >> On Saturday, January 14th, 2023 at 3:18 PM, Roger Lowe >> wrote: >> >> >>> On Fri, 13 Jan 2023 19:58:32 +, Mark Jacobs markjac...@protonmail.com >>> wrote: >>> >>> Has anyone setup their HMC to authenticate users to an ldap server? I'm not >>> having much luck constructing the search filter that selects the user's >>> entry in the directory. >> >> I have setup our System z HMCs to authenticate users to a zOS LDAP Server >> using RACF as the backend and has been working successfully for a number of >> years. >> >> The DN pattern used in the HMC for RACF is - >> racfid={0},profiletype=user,sysplex= (the '' is the suffix you >> specify in the DSCONF file) >> >> Roger >> >> -- >> For IBM-MAIN subscribe / signoff / archive access instructions, >> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: HMC and LDAP
On 1/14/23 1:18 PM, Roger Lowe wrote: I have setup our System z HMCs to authenticate users to a zOS LDAP Server using RACF as the backend and has been working successfully for a number of years. I like the self hosted nature. But what happens when you need to get into the HMC when the LDAP server is unreachable for some reason? Is there a local fall back account that is used? -- Grant. . . . unix || die -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: HMC and LDAP
Hmm. That's good to know. I didn't even think to use a z/OS LDAP server. I'm not sure whether we're running it. I was attempting to authenticate to our active directory server, but I'm getting an authentication error. I was hoping that someone else is doing the same and could assist on how to specify search filter. Mark Jacobs Sent from ProtonMail, Swiss-based encrypted email. GPG Public Key - https://api.protonmail.ch/pks/lookup?op=get=markjac...@protonmail.com --- Original Message --- On Saturday, January 14th, 2023 at 3:18 PM, Roger Lowe wrote: > On Fri, 13 Jan 2023 19:58:32 +, Mark Jacobs markjac...@protonmail.com > wrote: > > > Has anyone setup their HMC to authenticate users to an ldap server? I'm not > > having much luck constructing the search filter that selects the user's > > entry in the directory. > > I have setup our System z HMCs to authenticate users to a zOS LDAP Server > using RACF as the backend and has been working successfully for a number of > years. > > The DN pattern used in the HMC for RACF is - > racfid={0},profiletype=user,sysplex= (the '' is the suffix you > specify in the DSCONF file) > > Roger > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: HMC and LDAP
On Fri, 13 Jan 2023 19:58:32 +, Mark Jacobs wrote: >Has anyone setup their HMC to authenticate users to an ldap server? I'm not >having much luck constructing the search filter that selects the user's entry >in the directory. > I have setup our System z HMCs to authenticate users to a zOS LDAP Server using RACF as the backend and has been working successfully for a number of years. The DN pattern used in the HMC for RACF is - racfid={0},profiletype=user,sysplex= (the '' is the suffix you specify in the DSCONF file) Roger -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: HMC and LDAP
We use Active directory LDAP for authentication. We needed a binder account to access the LDAP sever that account and format is needed for authentication Carmen Sent from my iPad > On Jan 13, 2023, at 1:59 PM, Mark Jacobs > <0224d287a4b1-dmarc-requ...@listserv.ua.edu> wrote: > > Has anyone setup their HMC to authenticate users to an ldap server? I'm not > having much luck constructing the search filter that selects the user's entry > in the directory. > > Mark Jacobs > > Sent from [ProtonMail](https://protonmail.com), Swiss-based encrypted email. > > GPG Public Key - > https://api.protonmail.ch/pks/lookup?op=get=markjac...@protonmail.com > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
HMC and LDAP
Has anyone setup their HMC to authenticate users to an ldap server? I'm not having much luck constructing the search filter that selects the user's entry in the directory. Mark Jacobs Sent from [ProtonMail](https://protonmail.com), Swiss-based encrypted email. GPG Public Key - https://api.protonmail.ch/pks/lookup?op=get=markjac...@protonmail.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN