For my LDAP tree I need TLS client authentication including referral'ed binds. z/OS Unix LDAP client can do external bind using with ICSF crypto token or RACF key ring. But it fails with the second bind on the referral'ed GLDSRVR (I have z/OS V1R13, may be it will work in z/OS V2 but I do not have access to such installation). First I was playing with an open source Java based LDAP browser (JXplorer). This was doing what I need. But since I have no clue about Windows it was rather too difficult to set up. And I found support was limited. Now I was told ITDS WAT is just another packaging for the Softerra LDAP Browser V4R5. I do not know if this is correct. But I do know it works fine and was easy to set up -- neat and handy. And most important: support subscription is available. One limitation I did not solve so far: Only Windows internal certificate store is used. External certificate store like PKCS#11 crypto tokens (smart cards on external reader hardware) are not used.
Cheers Michael Von: Timothy Sipples <sipp...@sg.ibm.com> An: IBM-MAIN@LISTSERV.UA.EDU Datum: 2014-09-18 08:23 Betreff: Re: LDAP Browser/Admin Utility Gesendet von: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> We did/do. You can use the IBM Tivoli Directory Server Web Administration Tool to graphically browse and administer IBM Tivoli Directory Server for z/OS using your Web browser. The directory data, that is. (Server operations and base configuration -- starting/stopping, notably -- would be through whatever z/OS facilities you prefer, typically via your preferred automation tool.) Yes, IBM supports using the ITDS WAT to manage ITDS for z/OS directory data. You can host the ITDS Web Administration Tool on many different platforms. Yes, including z/OS -- and that'd be my favorite for administering ITDS for z/OS. You may need IBM WebSphere Application Server for z/OS as a prerequisite, though I'm not 100% sure about that in my (too) quick research. By the way, "IBM Security Directory Server" is the preferred new name, introduced quite recently. IBM is in the process of changing the name, so you'll see both names depending on what documentation you're looking at. I have no specific inside information, but I suspect ITDS will become ISDS in the next release of z/OS. That release will of course include whatever new functions and enhancements are planned, per normal. Now, on to the big question.... Where do you get this fabulous ISDS Web Administration Tool? Good question! I haven't immediately found an *entirely* satisfactory (to me) answer to that simple question. It seems to be one of IBM's best kept secrets, so secret that IBM didn't even mention WAT in the 2011 ITDS for z/OS redbook as far as I can tell. That's pretty secret! I'll defer to one of my colleagues (or somebody else) to answer that question (apologize?) more fully in a follow-up post. In the meantime, if you're in a rush, my 98%-satisfactory answer is that you can download ITDS/ISDS for your X86 Linux or Windows system -- such as your PC desktop or laptop -- starting from this Web site (current as I write this, and watch the wrap): http://www14.software.ibm.com/webapp/download/product.jsp?cat=&fam=&s=z&id=SEBR-5YPMQX&pf=&k=ALL&q=&dt=&v=&rs=&S_TACT=104AH +W42&S_CMP=&sb=r&sr=1 Install (or at least unpack) ISDS on your PC, install/run the ISDS Web Administration Tool (specifically), and point it to your ITDS for z/OS server. Your download should include a small(ish) run-time edition of WebSphere Application Server sufficient to run the ISDS Web Administration Tool, so you shouldn't have to download anything else. That'll at least let you explore all the functionality in the ISDS Web Administration Tool to decide whether you like it. (I hope you do.) When/if you want to host the ISDS Web Administration Tool on z/OS, no problem. Of course you can move it on your own to your WAS for z/OS server (at least that) -- that should be rather straightforward -- but watch for a potential better answer in a follow-up post. Or "ask your friendly IBM representative." You also have the option to host the ISDS Web Administration Tool on Linux on z, and that particular server download is also available via the Web link above. Support entitlement could potentially be a separate issue. Please ask your friendly IBM representative about that, too. Obviously you get your ITDS for z/OS support from IBM as part of your z/OS support entitlement. Make sure you clarify and, if necessary, obtain your support entitlement for ISDS WAT before you seriously rely on it. Sorry that this ISDS WAT is so well hidden. It shouldn't be. If I get a vote it'd be nice to pull the ISDS WAT into z/OS Management Facility. -------------------------------------------------------------------------------------------------------- Timothy Sipples IT Architect Executive, zEnterprise Industry Solutions, AP/GCG/MEA E-Mail: sipp...@sg.ibm.com ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ______________________________________________________________________ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com ______________________________________________________________________ Basler Sachversicherungs-AG Amtsgericht Bad Homburg v.d.H., HRB 9357 | USt-ID-Nr. DE 276021973 Basler Straße 4, 61345 Bad Homburg v.d.H. Vorstand: Jan De Meulder - Vorsitzender, Markus Jost, Dr. Jürg Schiltknecht, Dr. Alexander Tourneau, Dr. Christoph Wetzel Aufsichtsratsvorsitzender: Dr. Martin Strobel Basler Lebensversicherungs-AG | Amtsgericht Hamburg, HRB 4659 | Ust-ID-Nr. DE 276021973 Ludwig-Erhard-Straße 22, 20459 Hamburg Vorstand: Jan De Meulder - Vorsitzender, Markus Jost, Dr. Jürg Schiltknecht, Dr. Alexander Tourneau, Dr. Christoph Wetzel Aufsichtsratsvorsitzender: Dr. Martin Strobel Basler Versicherung AG Direktion für Deutschland | Amtsgericht Bad Homburg v.d.H., HRB 1228 | USt-ID-Nr. DE 281452875 Basler Straße 4, 61345 Bad Homburg v.d.H. Hauptbevollmächtigter für Deutschland: Jan De Meulder Basler Leben AG Direktion für Deutschland | Amtsgericht Bad Homburg v.d.H., HRB 1229 | Ust-ID-Nr. DE 281452875 Basler Straße 4, 61345 Bad Homburg v.d.H. Hauptbevollmächtigter für Deutschland: Jan De Meulder ______________________________________________________________________ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com ______________________________________________________________________ ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN