Identity Manager 3.6.1 Driver for Mainframes: RACF Event Subsystem Installation Quick Start
1.0 RACF* Event Subsystem Installation
This Quick Start provides basic steps for installing the Event Subsystem of the Novell Identity Manager Driver for RACF on mainframes (z/OS* operating system). It condenses information from other documentation that includes more details and additional tasks required to install, configure, and deploy the driver.
Before installing driver components, obtain the latest support pack and product updates, and review the release notes and readme files. For the latest support information, see the Novell Support Web site.
1.1 Required Knowledge and Skills
This Quick Start assumes you are familiar with Identity Manager and its z/OS RACF driver, Novell eDirectory™, and the administration of the z/OS RACF platform(s) to which you plan to connect Identity Manager.
For more information about installing the driver, as well as other suggested documentation, see the Identity Manager Driver for Mainframes: RACF Implementation Guide at the Identity Manager 3.6.1 Drivers Documentation Web site.
1.2 Software Requirements
Verify you are running Identity Manager 3.6, as well as the required versions of eDirectory, iManager, z/OS and RACF. For more about these requirements, see the associated readme files on the Identity Manager Documentation Web site.
1.3 Installing the RACF Event Subsystem
Install the RACF Event Subsystem on each z/OS system that shares the RACF database.
-
Set up the libraries on your z/OS system.
The RACF Event Subsystem is packaged as TRANSMIT unloaded z/OS partitioned data sets (PDS).
-
Samples Library: ldxsamp.xmt
-
Load Library: ldxload.xmt
To prepare the samples library and load library for use, use ftp to upload these files to your z/OS system from a PC or file server. Enter the following commands:
-
ftp hostname
where hostname is the name of your z/OS server.
-
Authenticate to z/OS using your user ID and password.
-
QUOTE SITE LRECL=80 RECFM=FB
-
If you need the files to be stored on a specific disk volume, enter
QUOTE SITE VOL=volser
where volser is name of the disk volume.
-
BINARY
-
put ldxsamp.xmt
-
put ldxload.xmt
-
quit
-
-
Use the TSO RECEIVE command to unpack the samples and load library data sets.
-
Add the LDX load library to your APF list.
-
Customize and run the LOGINIT job in the samples library to allocate and initialize the Change Log data set.
-
Set up the Change Log Started Task by copying and customizing member LDXLOGRP from the samples library to your started task procedure library.
You can give the Change Log Started Task a different name if necessary.
Start the Change Log Started Task during your IPL procedure before user processing begins. Stop the Change Log Started Task during your system shutdown procedure after all user processing has ended.
-
Authorize the LDXSERV TSO command by adding LDXSERV to the list of APF authorized TSO commands in your PARMLIB IKJTSOxx member.
-
Install the LDXPROC TSO logon procedure by copying member LDXPROC from the samples library to your TSO logon procedure library.
You can give the logon procedure a different name if necessary.
-
Create an administrative user ID for the driver TSO session (once for each RACF database).
-
Define the user with the ADDUSER command.
Specify values for the various parameters as appropriate for your standards. Specify the name of the logon procedure that you prepared in Step 7. There are no restrictions placed by the driver on the name of the user ID.
The user ID used by the driver must be given the RACF SPECIAL and TSO attributes, and must have no restrictions placed on it that could prevent its intended processing.
Example:
ADDUSER LDXUSER DFLTGRP(mygroup) - NAME(’RACF DRIVER’) PASSWORD(initial) SPECIAL - TSO(PROC(LDXPROC) SIZE(32768))
-
Set the password of the user ID to never expire.
Example:
PASSWORD USER(LDXUSER) NOINTERVAL
-
Reset the password of the user ID and mark it not expired. (RACF marks the value specified on the ADDUSER command as being expired.)
Example:
ALTUSER LDXUSER NOEXPIRED PASSWORD(xxx)
When you set up the Driver object, you specify the user ID and password you create here.
-
-
Test the RACF Event Subsystem before installing the RACF exits.
-
Start the Change Log Started Task.
-
Log on to TSO using the adminsitrative ID you created for the driver.
-
Issue the command LDXSERV STATUS
Examine the output of the command. You should see information about the cross memory queue, information about the Change Log Started Task, and a valid, empty Change Log data set.
-
-
Install LDXEVX01, the Common Command exit, using the Dynamic Exit Facility.
For testing, we recommend that you set up two PROGxx members in SYS1.PARMLIB (or equivalent), to allow for easy removal of the exit if desired.
-
Edit SAMPLIB members PROGAD and PROGDL. Change <LDX load library> to your LDX load library name.
-
Copy these two members to your system PARMLIB data set. If you already have a PROGAD or PROGDL member, rename the LDX members to a PROGxx name that's not in use.
-
When ready, use the console command SET PROG=AD to activate LDXEVX01 as an IRREVX01 exit point.
-
To uninstall the LDX exit, issue SET PROG=DL as a console command.
For permanent installation, do one of the following:
-
Add the EXIT ADD statement in PROGAD to your production PROGxx PARMLIB member.
-
Add a SET PROG=AD command to CONSOL00 or an automation script, so that it is issued during your IPL procedure.
-
-
Install ICHRIX02, the RACROUTE REQUEST=VERIFY(X) (RACINIT) postprocessing exit.
-
If you do not have an existing ICHRIX02 exit, run the job in the samples library member RIX0A. This job uses SMP/E to linkedit LDXRIX02 into SYS1.LPALIB as exit ICHRIX02.
-
If you have an existing ICHRIX02 exit, update samples library member RIX0B as appropriate. RIX0B installs a router that calls the driver postprocessing exit and your existing exit.
-
-
After you have installed LDXEVX01 and ICHRIX02, IPL the z/OS system with the CLPA option.
-
Test the completed RACF Event Subsystem installation.
-
Start the Change Log Started Task.
-
Perform some actions to exercise the two RACF exits and create some sample events.
-
Change a password using the logon screen.
-
Create new user ID.
-
-
Log on to TSO using the administrative user ID you created for the driver.
-
Issue the command LDXSERV STATUS
Examine the output of the command. You should see the RACF exits loaded, information about the cross memory queue, information about the Change Log Started Task, and a valid, non-empty Change Log data set.
-
2.0 Legal Notice
Copyright © 2004, 2007-2009 Omnibond Systems, LLC. All rights reserved. Licensed to Novell, Inc. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher. For Novell trademarks, see the Novell Trademark and Service Mark list. All third-party products are the property of their respective owners. A trademark symbol (®, TM, etc.) denotes a Novell trademark; an asterisk (*) denotes a third-party trademark.