CFILE LDAP attribute mapping is needed to reconcile child data through CFILE reconciliation.
This appendix contains the following topics:
Note:
Only a user's profiles and facilities child data is reconciled through CFILE reconciliation. No other child values are reconciled.
Table D-1 lists CFILE record#, record type , LDAP attribute and the corresponding descriptions.
Table D-1 CFILE LDAP Attribute Mapping for Top Secret
CFILE RECORD # | RECORD TYPE | LDAP ATTRIBUTE | DESCRIPTION |
---|---|---|---|
NA |
ACCESSORID |
uid |
ACID Unique ID |
0100 |
NAME |
cn |
Full Name |
0200 |
TYPE |
type |
ACID Type (USER, PROFILE, and so on) |
0300 |
DEPT ACID |
deptAcid |
Department ID |
0300 |
DEPT NAME |
department |
Department Descriptive Name |
0400 |
DIV ACID |
divAcid |
Division ID |
0400 |
DIV NAME |
division |
Division Descriptive Name |
0450 |
ZONE ACID |
zoneAcid |
Zone ID |
0450 |
ZONE NAME |
zone |
Zone Description Name |
0500 |
CREATED |
createDate |
Create Date |
0500 |
LAST MOD |
lastModificationDate |
Modify Date |
0501 |
EXPIRES |
expires |
Expire Date |
0502 |
SUSPENDED |
suspendedUntilDate |
Suspend Date |
0600 |
PROFILES |
profiles, memberOf |
Profile Acids, Profile Acids Dn |
0650 |
GROUPS |
groupIds, groupOf |
Group Acids, Group Acids Dn |
0700 |
ATTRIBUTES |
attributes |
Security Attributes |
0800 |
BY PASSING |
bypassing |
Security ByPassing Attributes |
0900 |
LAST USED |
lastUsed |
Last Used Date |
1000 |
MASTER FAC |
xresource |
NA |
1100 |
LOCK TIME |
lockTime |
NA |
1200 |
LANGAUGE |
language |
Language |
2002 |
XA DATASET |
xresources |
SEE BELOW (#A) |
2005 |
XA xxxx (RESOURCE) |
xresources |
SEE BELOW (#B) |
2014 |
PRIVPGM |
xresources |
SEE BELOW |
2021 |
ACCESS |
xresources |
NA |
2016 |
ACTION |
xresources |
NA |
2100 |
FACILITY |
facilities, facilityOf |
Facility Acid, Facility Acid Dn |
2200 |
SOURCES |
sources |
Source ACID |
2300 |
OPIDENT |
cicsOpident |
CICS Operator Identification Value |
2300 |
OPPRTY |
cicsOpprty |
CICS Operator Priority |
2301 |
SITRAN |
cicsSitran, cicsSitranFacility |
CICS Transaction Following Facility Sign-In, CICS Facility Associated With Transaction |
2400 |
OPCLASS |
cicsOpclass |
CICS Operator Classes |
2500 |
SCTYKEY |
cicsSctykey |
CICS Security Keys |
2600 |
INSTDATA |
Instdata |
255 Byte Text Field |
2700 |
USER |
NA |
NA |
2800 |
ACID |
uniqueIds uniqueMember |
Acids Profile Mem, Acids Dn |
2901 |
FACILITIES |
facilitiesp |
Admin Facilities |
2902 |
ACID |
acid |
Admin Acid |
2903 |
LIST DATA |
listData |
Admin List Data |
2904 |
MISC1 |
misc1 |
Admin Authority |
2905 |
MISC9 |
misc9 |
Admin Authority |
2906 |
RESOURCES |
res |
Admin Authority |
2907 |
NA |
NA |
NA |
2908 |
MISC2 |
misc2 |
Admin Authority |
2909 |
SCOPE |
scope |
Admin Authority |
2910 |
MISC8 |
misc8 |
Admin Authority |
2911 |
ACCESS |
access |
Admin Authority |
2912 |
MISC3 |
misc3 |
Admin Authority |
2913 |
MISC4 |
misc4 |
Admin Authority |
2914 |
MISC5 |
misc5 |
Admin Authority |
2921 |
ACCESS |
xresources |
See Below |
3000 |
PASSWORD |
passwordExpireDate passwordExpireInterval |
Password Info |
3500 |
TSOLPROC |
tsolproc |
TSO Logon Proc |
3501 |
TSOLACCT |
tsolacct |
TSO Logon Account |
3502 |
TSOJCLASS |
tsojclass |
TSO Job Class |
3503 |
TSOMCLASS |
tsomclass |
TSO Message Class |
3504 |
TSOLSIZE |
tsolsize |
TSO Region Size |
3505 |
TSOUDATA |
tsoudata |
TSO User Data |
3506 |
TSODEFPRFG |
tsodefprfg |
TSO Performance Group |
3507 |
TSOOPT |
tsoopt |
TSO Options |
3508 |
TSOCOMMAND |
tsocommand |
TSO Logon Command |
3509 |
TSODEST |
tsodest |
TSO Output Destination |
3510 |
TSOHCLASS |
tsohclass |
TSO Hold Class |
3511 |
TSOMSIZE |
tsomsize |
TSO Max Region Size |
3512 |
TSOSCLASS |
tsosclass |
TSO Sysout Class |
3513 |
TSOUNIT |
tsounit |
TSO Unit |
3700 |
FACILITY |
facilities |
Facility, All |
4011 and 4012 |
USER-DEFINED |
User Defined |
User Defined Field Attribute will Match Field Name |
4011 |
#APPL |
lu62#appl |
LU 6.2 #Appl |
4011 |
#ENTITY |
lu62#entity |
LU 6.2 #Entity |
4011 |
BC1CHAIN |
lu62bc1chain |
LU 6.2 Bc1chain |
4011 |
BC2CHAIN |
lu62bc2chain |
LU 6.2 Bc2chain |
4011 |
SET1DISP |
lu62set1disp |
LU 6.2 Set1disp |
4011 |
SET2DISP |
lu62set2disp |
LU 6.2 Set2disp |
4011 |
NETVCONS |
netviewConsname |
Netview Console Identifier |
4011 |
NETVCTL |
netviewControl |
Netview Security Check Type |
4011 |
NETVDMNS |
netviewDomains |
Netview Cross-Domain Sessions |
4011 |
NETVIC |
netviewInitCms |
Netview Initial Command |
4011 |
NETVMSGR |
netviewMsgrecvr |
Netview Receive Unsolicited Messages |
4011 |
NETVNGMF |
netviewNgmfadmn |
Netview Authority To Graphic Monitor Facility |
4011 |
NETVOPCL |
netviewOpclass |
Netview Scope Classes |
4401 |
UID |
omvsUid |
Omvs User ID |
4402 |
GID |
omvsGid |
Omvs Group ID |
4403 |
HOME |
omvsHome |
Omvs Home Subdirectory |
4404 |
OMVSPRGM |
omvsProgram |
Omvs Program |
4405 |
DFLTGRP |
defaultGroup |
Omvs Default Group |
4406 |
ASSIZE |
omvsAssize |
Omvs Max Address Space Size |
4407 |
MMAPAREA |
omvsMmapArea |
Omvs Max Data Space Pages |
4408 |
OECPUTM |
olecputm |
Omvs Max Cpu Time |
4409 |
OEFILEP |
omvsOefilep |
Omvs Max Files Per Process |
4410 |
PROCUSER |
omvsprocuser, procuser |
Omvs Max Processes |
4411 |
THREADS |
omvsThreads |
Omvs Max Pthreads Created |
LDAP ATTRIBUTE -> XRESOURCES
User is expected to read the xresources attribute and parse the data as needed for their application use.
:: Separates Field Name::Field Value
| Separates Different Fields
EXAMPLE DATA FOR DIFFERENT TYPES ->
acid-res::ACID|acid-auth::AMPIO#T|
rclass::$MOBIUS|rowner::DSAPP1|rres::DS.|alevel::READ|authfac::MOBIUST|authfac::MOBIUSP|
xauthclsn::DATASET|xauthdsno::DATASEX|xauthdsn::TXXXA.DUMMY4|alevel::READ|authfac::CICSPROD|authfacs::CICSTEST|