Sun Identity Manager 8.1 Resources Reference

Usage Notes


TSO sessions do not allow multiple, concurrent connections. To achieve concurrency for Identity Manager RACF operations, you must create multiple administrators. Thus, if two administrators are created, two Identity Manager RACF operations can occur at the same time. You should create at least two (and preferably three) administrators.

If you are running in a clustered environment, you must define an admin for each server in the cluster. This applies even if it is the same admin. For TSO, there must be a different admin for each server in the cluster.

If clustering is not being used, the server name should be the same for each row (the name of the Identity Manager host machine).

Note –

Host resource adapters do not enforce maximum connections for an affinity administrator across multiple host resources connecting to the same host. Instead, the adapter enforces maximum connections for affinity administrators within each host resource.

If you have multiple host resources managing the same system, and they are currently configured to use the same administrator accounts, you might have to update those resources to ensure that the same administrator is not trying to perform multiple actions on the resource simultaneously.

Support for Additional Segments

The RACF LDAP adapter can be configured to support attributes that are not in the segments supported by default.

ProcedureConfiguring the RACF LDAP Resource Adapter to Support Attributes

  1. Create an AttrParse object that parses the segment. See Chapter 49, Implementing the AttrParse Object for information about defining custom AttrParse objects. Example AttrParse objects are defined in $WSHOME/web/sample/attrparse.xml.

  2. Add a ResourceAttribute element to the RACF LDAP resource object. For example:

    <ResourceAttribute name=’OMVS Segment AttrParse’ displayName=’OMVS Segment AttrParse’ 
       description=’AttrParse for OMVS Segment’ value=’Default RACF OMVS Segment AttrParse’>

    This example adds a field labeled OMVS Segment AttrParse to the Resource Parameters page. The value assigned to the name attribute must be of the form SegmentName Segment AttrParse.

  3. Add an element to the RACF LDAP resource object that defines a custom account attribute.

    <AccountAttributeType id=’32’ name=’OMVS Mem Max Area Size’ syntax=’int’ 
      mapName=’OMVS.MMAPAREAMAX’ mapType=’int’>

    The value of the mapName attribute must be of the form SegmentName.AttributeName. When the adapter detects a mapName in this format, it asks the resource for the specified segment and uses the object specified in the SegmentName Segment AttrParse field to parse it.

Resource Actions

The RACF LDAP adapter requires login and logoff resource actions. The login action negotiates an authenticated session with the mainframe. The logoff action disconnects when that session is no longer required.

See Mainframe Examples for more information about creating login and logoff resource actions.