Creating an Alias for a user catalog when inserting a new logonid using CA Web Administrator for ACF2 via CA LDAP Server is not being done.

Document ID:  TEC563061
Last Modified Date:  04/05/2013
{{active ? 'Hide' : 'Show'}} Technical Document Details

Products

  • CA ACF2 for z/OS
  • CA LDAP Server for z/OS
  • CA Web Administrator for ACF2 for z/OS
  • CA Web Administrator for Top Secret

Releases

  • CA LDAP Server for z/OS:Release:15.0

Components

  • CA WEB ADMINISTRATOR FOR ACF2:ACFWEB

Description:

The CAACF2_UTF backend has an option that will automatically create an alias when the TSO attribute is included with the insert of a new logonid.
This is not working for me - what is wrong?
Here is what I have in the slapd.conf file for CA LDAP Server:

CreateAlias Relate(' SYS1.MASTCAT')

The logonid is inserted in the ACF2 database, but there is no alias created.

The problem here is that the CreateAlias is being specified incorrectly.

Solution:

The correct format of the CreateAlias in the CA LDAP Server configuration file - slapd.conf is:

CreateAlias usercat mastercat

For Example: If you want to setup CA LDAP Server to create an alias for each TSO userid created in TSOZ.USERCAT you would specify the CreateAlias parameter in the CA LDAP slapd.conf file as..

CreateAlias TSOZ.USERCAT SYS1.MASTCAT

No quotes are needed around the catalog name. If you only want to use the master catalog, which is the default, then you can just code the CreateAlias statement with the user catalog name.

One other thing that is needed, is that the LDAP address space needs authority to spawn tasks, and be a superuser. That can be done by either giving the logonid record an OMVS profile with UID(0), or coding up some BPX rules in the FACILITY class to give the logonid the needed access.

Here is a sample of the needed rules:

$KEY(BPX) TYPE(FAC)        
 DAEMON UID(uid string of LDAP lidrec) SERVICE(READ) ALLOW 
 SUPERUSER UID(uid string of LDAP lidrec) ALLOW

Since the FAC rules are resident, make sure command: F ACF2,REBUILD(FAC) is issued after any rule changes.

Please help us improve!

Will this information enable you to resolve your issue?

Please tell us what we can do better.

{{feedbackText.length ? feedbackText.length : '0'}}/255

{{status}}

Not what you were looking for?

Search Again >

Product Information

Support by Product >

Communities

Join a Community >