z/OS HCD User's Guide
Previous topic | Next topic | Contents | Index | Contact z/OS | Library | PDF


Operational behavior

z/OS HCD User's Guide
SC34-2669-00

Operational behavior

The operational behavior of the HCD LDAP backend is basically the same as that for the RACF backend with some small differences. Information about the RACF Backend can be obtained from the z/OS IBM Tivoli Directory Server Administration and Use for z/OSz/OS IBM Tivoli Directory Server Administration and Use for z/OS.

The following gives an overview of the functional behavior of the HCD LDAP backend:

  1. The HCD LDAP backend does not participate in extended group membership searching on a client request.
  2. It is possible to run several HCD LDAP backends on one IBM Tivoli Directory Server for z/OS simultaneously.
  3. The root of a subtree (see Figure 148) is denoted by a suffix in the configuration file. You can specify only one suffix per HCD LDAP backend. Suffix names must be unique if you are running multiple HCD LDAP backends.
  4. The HCD LDAP backend does not support Access Control Lists (ACLs) which are normally used to protect information stored in an LDAP directory from unauthorized access. The reason for this is that the DIT portions managed by the HCD LDAP backend are based on IODF data sets for which all access control is performed by RACF.
  5. The HCD LDAP backend does not support the following LDAP request types and will answer these requests with the return code "Unwilling to Perform":
    • Bind
    • ModifyDN (also called ModifyRDN, or ModRdn)
    • Compare
    • Abandon
    • Extended Request
  6. The following LDAP request types are supported by the HCD LDAP backend:
    • Add
    • Delete
    • Modify
    • Search
    The following table shows how the HCD LDAP backend behaves during these LDAP operations:
    Target DNSearchAddDeleteModify
    suffixError: Inappropriate MatchingError: Inappropriate MatchingError: Inappropriate MatchingError: Inappropriate Matching
    hcdIodfId= IodfDsn,suffixPerform the appropriate search request. See SearchError: Inappropriate MatchingError: Inappropriate MatchingPerform the appropriate modify request. See Modify
    ...,hcdIodfId= IodfDsn,suffixPerform the appropriate search request. See SearchPerform the appropriate add request. See AddPerform the appropriate delete request. See DeletePerform the appropriate modify request. See Modify
  7. Multi-server or replication is not supported by the HCD LDAP backend

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014