z/OS Security Server RACF Security Administrator's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Results for defining a filter for a full X.500 DN

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

Now, when Bob Cook authenticates his LDAP user identity at his Web-based application server and takes an action that causes a transaction to be sent to the z/OS® system, RACF® is passed the following distributed user and registry names as character strings of UTF-8 data.
  • UID=BobC,CN=Bob Cook,OU=Accounting,O=BobsMart,C=US
  • ldaps://us.bobsmarturl.com

When RACF uses these data values to search the IDIDMAP profiles for a matching filter, RACF finds an exact match to the filter labeled Accounting boss and assigns the RLCOOK user ID. The transaction executes with the authority of the RLCOOK user ID. Any audit records that are written for this transaction contain both the RACF user ID and the original distributed user and registry names that were passed to RACF when the transaction was sent.

Parent topic: Steps for defining a filter for a full X.500 DN

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014