LDAP server selection

There is a wide selection of commercial and free LDAP servers available. One example is the IBM® Security Directory Server (http://www-01.ibm.com/software/tivoli/products/directory-server/). There is also a wide selection of command-line and GUI-based tools to manage an LDAP server.

As mentioned in LDAP schema, each user must be defined to the LDAP server. To reduce management effort, it is best to place the push-to-client schema on an LDAP server that already has access to all user definitions. For example, you can use IBM Security Directory Server active on z/OS® using an SDBM database (which is a wrapper for your security database).

Depending on site policies, the push-to-client schema on the LDAP server might be managed by the client administrator. This arrangement reduces collaboration needs, and possible delays and communication errors.

An argument in favor of LDAP management by the client administrator is that the push-to-client schema does not hold anything confidential or security-related. When user definitions are available to the LDAP server through other schemas, the z/OS Explorer LDAP objects just determine which choices a developer has in selecting a workspace layout and automatic z/OS Explorer client product upgrades.