Native LDAP with z/OS RACF
You can use IBM's Resource Access Control Facility (RACF) to manage access profiles and services for Lightweight Directory Access Protocol (LDAP) in a System z environment, including a host attached to a TS7700.
The RACF security server functions as a layer in the operating system to verify user
authentication and authorization to system resources. RACF provides:
- Identification, classification, and protection of assets.
- Control of access to protected assets.
- User authentication through identification and verification of user IDs and passwords.
- User authorization through maintenance of access rights to protected resources.
- Access audits by logging instances of access to protected assets.
While RACF can address
all secure access needs for System z servers and operating systems,
it does not provide a direct interface for external storage devices
that can be used to tie those together. When RACF is connected to
an LDAP server through a Secured Database Manager (SDBM), the LDAP
server can provide access to the user and group information stored
in RACF. The SDMB acts as an LDAP front end for the RACF database.
You can use SDBM with RACF and an LDAP server to:
- Add users and groups to RACF.
- Add users to groups.
- Modify RACF user and group information.
- Retrieve RACF user and group information.
- Delete users and groups from RACF.
- Remove users from groups.
- Retrieve an RACF user password.