z/OS Security Server RACF Callable Services
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Usage notes

z/OS Security Server RACF Callable Services
SA23-2293-00

  1. This service is intended for use by z/OS® application servers that are not running in a Language Environment®. It allows z/OS application servers to perform limited LDAP queries that retrieve information from a directory information tree (DIT). Note that Language Environment-enabled applications can also use this service, if they choose to do so.
  2. The R_proxyserv service requires an instance of the LDAP Server on each physical z/OS instance (whether in a sysplex data sharing configuration or not) and each of these LDAP Server instances must be configured to support PC call and the extended operations backend. See z/OS IBM Tivoli Directory Server Administration and Use for z/OS for information about configuring this support.
  3. The parameter list for this callable service is intended to be variable length to allow for future expansion. Therefore, the last word in the parameter list must have a 1 in the high-order (sign) bit. If the last word in the parameter list does not have a 1 in the high-order (sign) bit, the caller receives a parameter list error. For function codes 1 and 2, the first parameter that can have the high-order bit on, ending the parameter list, is the Result_entries parameter. For function code 3, the first parameter that can have the high-order bit on, ending the parameter list, is the LDAP_error_string parameter.
  4. The LDAP_host, Bind_DN, and Bind_PW parameters are all optional. If any of the three parameters are specified, all must be specified, or R_proxyserv will return an error. If all three parameters are omitted, RACF® attempts to determine this information from the PROXY segment associated with the RACF user identity of the invoker (that is, the server's address space level ACEE). If the user profile PROXY segment is found, but any of the corresponding segment values (LDAPHOST, BINDDN, or BINDPW) are not defined, R_proxyserv will return an error. If the LDAP_host, Bind_DN, and Bind_PW parameters are omitted and the PROXY segment is not defined for the invoker's user identity, RACF will then look for the IRR.PROXY.DEFAULTS profile in the FACILITY class. If this profile is not found or does not have a PROXY segment or does not have values defined for LDAPHOST, BINDDN, and BINDPW, R_proxyserv will return an error.
  5. The format of the Result_entries output area differs, based on the function code specified. Mappings are provided for each format (see Mappings for Result_entries output area). Storage will be obtained in primary in the subpool indicated in the Result_entries output area and it is the responsibility of the invoker to release this storage.
Parent topic: R_proxyserv (IRRSPY00): LDAP interface

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014