Setting up for SDBM

The LDAP server can provide remote LDAP access to the user, group, connection, and general resource profile information stored in RACF®. It also supports setting RACF options that affect classes. See Accessing RACF information for details about how you can use this RACF information. When creating change log records for changes to RACF data, SDBM is required.

In order to configure your LDAP server to run with the SDBM backend of the LDAP server:

  • If you have not already done this, copy the configuration files from the /usr/lpp/ldap/etc directory to the /etc/ldap directory (see Copying the configuration files).
  • You must use the following lines in your ds.conf file:
    database sdbm GLDBSD31/GLDBSD64
suffix "your_suffix"
    where your_suffix is any valid DN (distinguished name). Be sure to provide a meaningful value for the suffix. Note that it is no longer required that the sysplex attribute be present in the suffix. For example, a valid suffix line is: 
    suffix "cn=RACFA,o=IBM,c=US"
Note:
  1. Only one SDBM backend can be defined in any given LDAP server.
  2. The attributes and object classes used by SDBM are always in the LDAP server schema, except for any attributes needed for RACF custom fields.
  3. The enableResources configuration option must be specified in your ds.conf file if you intend to display or manage RACF resource profiles and class options. This configuration option is also required if you want to create change log entries for changes to RACF resource profiles. See Configuration file options for more information.