Enabling registries to participate in lookup operations and to use policy associations

EIM allows you to control how each registry participates in EIM. Because a policy association can have a large scale effect within an enterprise, you can control whether a registry can be affected by policy associations.

Also, you can control whether a registry can participate in mapping lookup operations at all. To use policy associations for a registry, you must enable their use for that registry as well as enable that registry to participate in lookup operations. To enable registries to use policy associations and participate in lookup operations, complete these steps:

To enable the MYCO.COM registry to participate in mapping lookup operations, follow these steps:

  1. In IBM® Navigator for i on System A, expand IBM i Management > Security > All Tasks > Enterprise Identity Mapping.
  2. Click Domain Management.
  3. Right-click MyCoEimDomain and select Open.
    Note: You might be prompted to connect to the domain controller. In that case, the Connect to EIM Domain Controller dialog box is displayed. You must connect to the domain before you can perform actions in it. To connect to the domain controller, provide the following information and click OK:
    • User type: Distinguished name
    • Distinguished name: cn=administrator
    • Password: mycopwd
      Note: Any and all passwords specified in this scenario are for example purposes only. To prevent a compromise to your system or network security, you should never use these passwords as part of your own configuration.
  4. Right-click User Registries and select Open.
  5. Right-click the MYCO.COM registry and select Mapping Policy.
  6. On the General page, select Enable mapping lookups for registry MYCO.COM, and click OK.

To enable the SYSTEMA.MYCO.COM registry to participate in mapping lookup operations and to use policy associations, follow these steps:

  1. In IBM Navigator for i on System A, expand IBM i Management > Security > All Tasks > Enterprise Identity Mapping
  2. Click Domain Management.
  3. Right-click MyCoEimDomain and select Open.
  4. Right-click User Registries and select Open.
  5. Right-click the SYSTEMA.MYCO.COM registry and select Mapping Policy.
  6. On the General page, select Enable mapping lookups for registry SYSTEMA.MYCO.COM, select Use policy associations, and click OK.

Repeat these steps to enable the SYSTEMB.MYCO.COM registry to participate in mapping lookup operations and to use policy associations, but on the General page, select Enable mapping lookups for registry SYSTEMB.MYCO.COM, select Use policy associations, and click OK.

Now that you have completed the EIM configuration for your registries and users, you should test the resulting mappings to ensure that they work as planned.