SDBM authorization
SDBM operations can be performed after several different types of binds to the LDAP server. In each of these binds, the LDAP server associates a RACF® user ID with the bound user. SDBM starts RACF commands under the context of this RACF user ID, and RACF uses its normal authorization processing to determine what this RACF user ID can do.
The supported bind mechanisms are:
- Simple bind to SDBM: The RACF user ID is specified in the bind DN. See Binding using a RACF user ID and password or password phrase for more information.
- LDBM, TDBM, or CDBM native authentication bind: The RACF user ID specified in the native authentication entry is used. See Native authentication for more information.
- Kerberos bind: The RACF user ID is mapped by SDBM from the Kerberos identity. See SDBM mapping for more information.
- Certificate bind: The RACF user ID associated with the certificate is used. See Support of certificate bind for more information.