|
- This service is intended for use by z/OS® application
servers that are not running in a Language Environment®. It allows z/OS application servers to perform
limited LDAP queries that retrieve information from a directory information
tree (DIT). Note that Language Environment-enabled applications can
also use this service, if they choose to do so.
- The R_proxyserv service requires an instance of the LDAP Server
on each physical z/OS instance
(whether in a sysplex data sharing configuration or not) and each
of these LDAP Server instances must be configured to support PC call
and the extended operations backend. See z/OS IBM Tivoli Directory Server Administration and Use for z/OS for
information about configuring this support.
- The parameter list for this callable service is intended to be
variable length to allow for future expansion. Therefore, the last
word in the parameter list must have a 1 in the high-order (sign)
bit. If the last word in the parameter list does not have a 1 in
the high-order (sign) bit, the caller receives a parameter list error.
For function codes 1 and 2, the first parameter that can have the
high-order bit on, ending the parameter list, is the Result_entries parameter.
For function code 3, the first parameter that can have the high-order
bit on, ending the parameter list, is the LDAP_error_string parameter.
- The LDAP_host, Bind_DN, and Bind_PW parameters are all optional.
If any of the three parameters are specified, all must be specified,
or R_proxyserv will return an error. If all three parameters are
omitted, RACF® attempts to determine
this information from the PROXY segment associated with the RACF user identity of the invoker
(that is, the server's address space level ACEE). If the user profile
PROXY segment is found, but any of the corresponding segment values
(LDAPHOST, BINDDN, or BINDPW) are not defined, R_proxyserv will return
an error. If the LDAP_host, Bind_DN, and Bind_PW parameters are omitted
and the PROXY segment is not defined for the invoker's user identity, RACF will then look for the IRR.PROXY.DEFAULTS
profile in the FACILITY class. If this profile is not found or does
not have a PROXY segment or does not have values defined for LDAPHOST,
BINDDN, and BINDPW, R_proxyserv will return an error.
- The format of the Result_entries output area differs, based on
the function code specified. Mappings are provided for each format
(see Mappings for Result_entries output area). Storage will be obtained
in primary in the subpool indicated in the Result_entries output area
and it is the responsibility of the invoker to release this storage.
|