Optional: Setting up a z/OS LDAP server with SDBM backend (RACF)

If you have z/OS® running in your setup, you have the option of using a z/OS LDAP server with an SDBM backend. SDBM provides native authentication on z/OS with RACF®. This task is optional and should be performed by your z/OS security administrator.
Note: The Bind Distinguished Name should be a RACF user ID with the AUDITOR attribute, a valid OMVS segment (specific or implied by a default segment), and no TSO segment. It is not required, so it is an easy step to avoid misuse of the BDN account.

Use a non-expiring password for the BDN user ID to prevent the WebSphere cell from halting because of internal authentication and authorization failures.

If your organization's policies require this category of user IDs to expire, ensure that you have a process in place to change the BDN password before it expires.


Feedback

Did this help? You can provide feedback at Jazz.net (registration required): Comment in the forums or submit a bug