IBM AD Connect for Mainframe Prerequisites

IBM® AD Connect for Mainframe can be installed on:
  • z/OS® 2.3 or later.
    Note: There is no dependency for IBM AD Connect for Mainframe to run on z/OS 2.5. IBM AD Connect for Mainframe is compatible with IBM z/OS 2.5 and IBM z16 platform.
  • The maximum storage space is 5 cylinders.
Before installing IBM AD Connect for Mainframe on the host machine (mainframe), the following authorizations are required. IBM AD Connect for Mainframe does not update any mainframe resources. All the following authorizations are for READ access only.
  1. Authorization to add the load library of IBM AD Connect for Mainframe to APF.
  2. Authorization for running the listener of IBM AD Connect for Mainframe.
  3. Authorization to access all libraries specified in the STEPLIB card (see Configuring the Listener PROC).
  4. Authorization to access TCP connections to IBM AD Connect for Mainframe. As part of this requirement, the RACF® user ID assigned to the IBM AD Connect for Mainframe started task must contain an OMVS segment.
  5. Additional required authorizations according to analyzed area:
    Analyzed Area Required Authorization
    Adabas Authorization to issue an ADAREP command.
    Control-M Access to the libraries that contains the control M data.
    DB2® Rights to read from the Db2® system tables (SYSIBM).
    SMF Access to the SMF dump files.
    Libraries and Members Access to the libraries.
    Natural Authorization to issue a Natural batch command and read Access to all Natural libraries (LOGON).
    Operator commands Normal RACF security to allow the user to issue those commands.
    WebSphere® MQ Authorization to perform PUT and GET from command and reply queues.
    PDS libraries Read-only access to the source libraries (for members not stored in Endevor)
    CA Endevor Authorization to use the CA Endevor API, used only for reading the list of members and retrieving a copy of those members. Authorization to access CA Endevor libraries and control files that are used during API processing.
    CA-7 Read-only access the CA-7 initialization parameters member, Authorization to execute the commands: LJOB,JOB=*,LIST=ALL – lists all Jobs information, LGVAR,JOB=*,LIST=ALL – lists all global variables for Jobs.