An identity mapping profile maps an application user name to a RACF® user ID if you are using generic ID mapping. If your RACF database is at application identity mapping stage 1 or higher, see Recovering from errors with application identity mapping. Applications such as Lotus Notes for z/OS and Novell Directory Services for OS/390 that support RACF application identity mapping can determine the RACF user ID for a user who has been authenticated with an application user name or a digital certificate, and use the RACF user ID for authorization checking when accessing z/OS® resources. Identity mapping profiles for Lotus Notes for z/OS are in the NOTELINK class, and profiles for Novell Directory Services for OS/390 are in the NDSLINK class. RACF maintains these profiles during ADDUSER, ALTUSER, and DELUSER command processing. For each identity mapping profile, RACF maintains a corresponding identity segment in the USER profile: an NDS segment for Novell Directory Services for OS/390 and an LNOTES segment for Lotus Notes for z/OS. However, it is possible that an application identity mapping profile might be inadvertently deleted, or modified so that it does not match the corresponding USER profile. To correct these problems, you must administer the mapping profiles directly using RACF commands, as described in the following sections.

For more information on identity mapping profiles, see z/OS Security Server RACF Security Administrator's Guide.