Defining an LDAPBIND class profile
A profile defined to the LDAPBIND class that contains a PROXY segment
holds information needed by products to communicate with an LDAP directory.
That information includes:
- The LDAP server URL and port (LDAPHOST)
- The distinguished name (DN) to use when authenticating to the LDAP server
- The password to use when authenticating to the LDAP server
In the following example:
- The profile name is MY.LDAP.SERVER1
- The LDAP server URL is ldap://some.ldap.host:389
- The bind DN is cn=Joe User, ou=Poughkeepsie,o=IBM,c=US
- The bind password is MYPASS1 (which is case sensitive)
RDEFINE LDAPBIND MY.LDAP.SERVER1
PROXY(LDAPHOST(ldap://some.ldap.host:389)
BINDDN('cn=Joe User,ou=Poughkeepsie,o=IBM,c=US') BINDPW('MYPASS1'))
You can list the PROXY segment with the RLIST command. Note that
the bind password is not displayed and only an indication of whether
or not it is present (YES or NO).
RLIST LDAPBIND MY.LDAP.SERVER PROXY NORACF
CLASS NAME
-------- ------
LDAPBIND MY.LDAP.SERVER1
PROXY INFORMATION
-----------------
LDAPHOST=LDAP://SOME.LDAP.HOST:389
BINDDN=cn=Joe User,ou=Poughkeepsie,o=IBM,c=US
BINDPW=YES
To get PKI Services to use the above information, you must update the PKI Services configuration to specify the LDAPBIND class profile.
Example:
[LDAP]
NumServers=1
BindProfile1=MY.LDAP.SERVER1
Optionally, default LDAP binding information can be defined in the PROXY segment of the IRR.PROXY.DEFAULTS profile in the FACILITY class.
Example:
RDEFINE FACILITY IRR.PROXY.DEFAULTS
PROXY(LDAPHOST(ldap://some.ldap.host:389)
BINDDN('cn=Joe User,ou=Poughkeepsie,o=IBM,c=US') BINDPW('MYPASS1'))
In
this case, no BindProfile statement should appear in the PKI Services
configuration file for that server. For more information, refer to z/OS Cryptographic Services PKI Services Guide and Reference.For information on how EIM uses the above information, see z/OS Integrated Security Services EIM Guide and Reference.
For information about storing keys that encrypt LDAP bind passwords, see Storing encryption keys using the KEYSMSTR class.