How to configure the zosConnectAccess role with an LDAP user registry
Assign LDAP users and groups to the zosConnectAccess
role to control which users can access IBM® z/OS® Connect.
This task is applicable when IBM z/OS Connect is used as an API provider.
Before you begin
- You should be familiar with the information in API provider authorization.
- You need to know the users and groups that are to be granted access to IBM z/OS Connect.
- You must have completed the task How to configure basic authentication with an LDAP user registry, unless you have authenticated using an alternative method which resulted in the authenticated user ID being an LDAP user ID. For example, using a JWT where the identity in the claim is an LDAP user ID, or client certificate authentication where the client certificate subject's distinguished name has been mapped to an LDAP user ID.
- You must have write access to the server.xml configuration file.
About this task
Now you have configured the IBM z/OS Connect server
to require authentication by setting the attribute
requireAuth="true"
, you assign LDAP registry users and groups
to the zosConnectAccess
role.
Procedure
Results
zosConnectAccess
role now have authorization to access IBM z/OS Connect.