Function

The R_usermap service enables z/OS application servers to determine the application user identity associated with a RACF® user ID, or to determine the RACF user ID associated with an application user identity or digital certificate, except for Identity Propagation in which case a user's Distinguished Name and a Registry/Realm Name will be used to determine the associated RACF user ID, but not the reverse. Examples of applications supported are RACF user ID, application user identity, application, Lotus Notes® for z/OS and Novell Directory Services (NDS).

This service can only map application user identities which have already been defined to RACF:

For Lotus Notes for z/OS, the RACF USER profile must have an LNOTES segment containing a short name. This can be added with the ADDUSER or ALTUSER command, or the R_admin callable service.
For NDS for z/OS, the RACF USER profile must have an NDS segment containing a user name. This can be added with the ADDUSER or ALTUSER command, or the R_admin callable service.
For digital certificates, the certificate must be associated with a RACF user ID through automatic registration or with the RACDCERT command.
For Security Server Network Authentication Service, local Kerberos principals require a RACF USER profile with a KERB segment containing a principal name. Foreign Kerberos principals must be defined to RACF using KERBLINK profiles.
For Identity Propagation, the distributed identity (user's Distinguished Name) must be associated with a RACF user ID. Use the RACMAP command to create the association between the distributed identity and a RACF defined user ID (this association is also known as a ‘filter’).