Optional: Setting up a z/OS LDAP server with SDBM back end (RACF)

You can use a z/OS® LDAP server with an SDBM back end for Rational Team Concert™ for System z® client authentication with WebSphere® Application Server. SDBM provides native authentication on z/OS with RACF®. This task is optional and should be performed by your z/OS security administrator.
This topic describes the specific LDAP settings that would be used in this configuration. This information supplements the configuration instructions for Rational Team Concert for System z using LDAP. For more information, see RTCz: Managing users with Lightweight Directory Access Protocol (LDAP).
Note: The Bind Distinguished Name should be a RACF user ID with the AUDITOR attribute, a valid OMVS segment (specific or implied by a default segment), and no TSO segment. It is not required, so it is an easy step to avoid misuse of the BDN account.

Use a non-expiring password for the BDN user ID to prevent the WebSphere cell from halting because of internal authentication and authorization failures.

If your organization's policies require this category of user IDs to expire, ensure that you have a process in place to change the BDN password before it expires.


Feedback