Hi:
I have posted the following question to the RACF list with no success so far,
so i will give a try here. It is an LDAP question, as a matter of fact.
We have implemented IBM TIVOLI Directory Server with SDBM (RACF) backend (z/OS
1.11). On the other hand, we have a USER custom field defined in RACF. As
documented , I cannot see this field using the LDAP interface, because the
initial RACF schema does not include it. The documentation says I have to
modify the schema, in order to add the corresponding attributetypes and
objectclass. I am a beginner with LDAP, so even after taking a look at the
documentation it is still unclear to me what should I exactly do.
It seems I need to add something like this (example taken from the book):
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
attributetypes: (
phone-OID
NAME 'phone'
DESC 'Represents the PHONE field in the RACF user CSDATA segment'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
USAGE userApplications
)
ibmattributetypes: (
phone-OID
ACCESS-CLASS sensitive
RACFFIELD ('USER-CSDATA-PHONE' 'char')
)
objectclasses: (
racfUserCsdataSegment-OID
NAME 'racfUserCsdataSegment'
DESC 'Represents the CSDATA segment in a z/OS RACF USER profile'
SUP top
AUXILIARY
MAY ( phone $ socialSecurityNumber )
)
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
How do I extend the initial schema adding these definitions?
Do I have to use ldapmodify (or ldapadd) command? (schema does not seem to be a
file that can be directly edited within USS with say OEDIT).
Do I need to bind to the directory using the ADMINDN?
Thanks in advance for your help,
Juan G. Mautalen
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
