Re: HMC user authentication via LDAP server

We are authenticating with a distinquished name pattern that looks similar to this(masked). Your security team should be able to provide you with the proper name pattern for your shop. uid={0},ou=accounts,ou=bbb,dc=yourorg,dc=com

Re: DAIR error 0470 allocating internal reader

On Wed, 9 Nov 2016 11:51:59 -0500, Tony Harminc wrote: >On 8 November 2016 at 22:04, Jim Mulder wrote: >> The OA50565 fix changed the TSO/E environment service to turn on PSCBJCL >> when running in an APF authorized jobstep (i.e. when JCSBAUTH is on). >>

Re: DAIR error 0470 allocating internal reader

On 8 November 2016 at 22:04, Jim Mulder wrote: > The OA50565 fix changed the TSO/E environment service to turn on PSCBJCL > when running in an APF authorized jobstep (i.e. when JCSBAUTH is on). > IDCAMS is linked in SYS1.LINKLIB with AC(1), so an EXEC PGM=IDCAMS jobstep > is

Re: DAIR error 0470 allocating internal reader

Upon further investigation of the code, APF authorization by itself is not sufficient. There is also an internal undocumented part of the IKJTSOEV interface which IDCAMS uses. There is no way to remove the environment created by IKJTSOEV (other than job step termination). There is no

Re: DAIR error 0470 allocating internal reader

I was only trying to answer the question of how OA50565 allows this to work for IDCAMS. I don't know if there was any "rational for newly restricting JCL permission in a batch job". I would guess that the original design of IKJTSOEV did not consider PSCBJCL or PSCBVMNT, so they always were

Re: DAIR error 0470 allocating internal reader

Jim- Thanks, so we need to apply the PTF. I will changes my code to check for PSCBJCL and only force it on if necessary. Cheers Robin -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Jim Mulder Sent: 09 November 2016 10:05 To: