Configuring the TS7700 for RACF

Edit online

Configuration of the TS7700 to use the Resource Access Control Facility (RACF) should be performed through the management interface by a customer system administrator.

About this task

Perform steps to configure the TS7700 after the host is properly configured. Refer to the management interface help topic Add External policy (and its subtopics) for definitions and restrictions associated with LDAP configuration.

Procedure

  1. Log in to the management interface for the TS7700 Cluster attached to the IBM Z® host where RACF for LDAP has already been configured.
  2. Go to Access > Security Settings > Add External policy
  3. On the Authentication Policies table, select Add Direct LDAP policy from the Select Action menu.
  4. In the Server Settings section, create a policy name that can be identified as using RACF.
  5. Select Allow an IBM service representative to connect through physical access if available.
  6. The Primary Server URL must be the same as the LDAP server.
  7. The Base Distinguished Name must match the SDBM_SUFFIX value.
  8. In the LDAP Attributes section, enter values for all LDAP attributes and filters.
  9. In the Server Authentication section, specify a User Distinguished Name using all parameters specific to RACF and defined in the LDAP Attributes section. For example, if Username Attribute=racfid, Group Member Attribute=user, and Group Name Attribute=RACF, then this field would have a value like: racfid=RACFUSER,profiletype=user,cn=RACF.
  10. Enter a password.
  11. Click OK.

Results

After the preceding steps are complete, you can use the Modify External Policy page of the management interface to add users to the RACF external profile. Then, use the Assign authentication policy page to assign the new RACF External policy to one or more clusters.