This may be a question that you have pondered in the past. Wouldn't it be nice if there was a way to remotely manage your RACF (Remote Access Control Facility) data on z/OS while on your Linux or Windows machine? The great thing is that it is possible to do this today by configuring an IBM Tivoli Directory Server for z/OS.
The IBM Tivoli Directory Server for z/OS is an LDAP (Lightweight Directory Access Protocol) server which can communicate with a client that supports LDAP protocol. LDAP is an industry standard protocol that has been around for a number of years and is defined in IETF (Internet Engineering Task Force) RFCs (Request for Comments). RFCs are industry standard documents that define many of the Internet standards that are in use today.
An LDAP server or directory provides an easy way to maintain directory information in a central location for storage, update, retrieval, and exchange. A directory is very similar to a database however the information is much more descriptive. Attributes describe the entries that reside within an LDAP server or directory. The information in a directory is organized in a tree-like manner where the root entry branches into subordinate entries (or different trunks).
The IBM Tivoli Directory Server for z/OS supports different data repository types or what are referred to as backends. The SDBM backend in the IBM Tivoli Directory Server for z/OS provides access to the RACF data that resides on your system. If your LDAP server is listening on an IP address and/or port that is externally available, you can remotely login to the system with your RACF password or credentials via an LDAP client. This allows you to remotely administer RACF data such as users, groups, and general resource profiles (however not DATASET profiles) that reside in your RACF database. If you have the RACF authority to do so, you could add new users, groups, or general resource profiles. You may also be able to reset a user's password or permit users or groups to your general resource profiles.
To take advantage of this support, you need to have access to an LDAP client on your Windows or Linux machine. You can install a version of the IBM Tivoli Directory Server that runs on either Linux, zLinux, or Windows that will also provide an LDAP client. Most LDAP clients provide simple utilities that allow you to quickly add, delete and modify entries. If you need more robust support, most LDAP clients provide C/C++ APIs (Application Programming Interfaces) which enable you to code your own LDAP client applications.
For more information about IBM Tivoli Directory Server for z/OS and the SDBM backend, see the IBM Tivoli Directory Server for z/OS Administration and Use manual.