ICTX plug-in

The ICTX plug-in provides centralized remote resource management. This allows resource managers that do not reside on z/OS® to centralize authorization decisions and security event logging by using RACF® through the ICTX plug-in. These services are provided through two LDAP extended operations: Remote authorization and Remote auditing. These extended operations allow any remote application that has access to an LDAP client, the ability to query z/OS for authorization decisions and for logging security events. The Remote authorization extended operation uses the RACROUTE REQUEST=AUTH SAF service while the Remote auditing extended operation uses the r_auditx (IRRSAX00) RACF callable service. See z/OS Security Server RACROUTE Macro Reference for more information about the RACROUTE REQUEST=AUTH service. See z/OS Security Server RACF Callable Services for more information about the r_auditx (IRRSAX00) RACF callable service.

The Enterprise Identity Mapping (EIM) product provided the ICTX plug-in or backend since z/OS V1.8. The ICTX plug-in that is shipped with the z/OS LDAP server contains the following enhancements or features that are not provided in the EIM ICTX plug-in.

Support for running the plug-in and LDAP server in 64-bit addressing mode.
The ability to perform simple binds to the SDBM backend, LDBM or TDBM native authentication binds, SASL EXTERNAL binds where the certificate is mapped to a SAF or RACF user, and Kerberos binds.

Note: The ICTX plug-in or backend that is shipped with EIM is no longer being enhanced. Only the ICTX plug-in that is shipped with the z/OS LDAP server is updated or enhanced.