Re: LDAP Browser/Admin Utility

2014-09-24 Thread Michael Klaeschen
For my LDAP tree I need TLS client authentication including referral'ed 
binds. z/OS Unix LDAP client can do external bind using with ICSF crypto 
token or RACF key ring. But it fails with the second bind on the 
referral'ed GLDSRVR (I have z/OS V1R13, may be it will work in z/OS V2 but 
I do not have access to such installation). First I was playing with an 
open source Java based LDAP browser (JXplorer). This was doing what I 
need. But since I have no clue about Windows it was rather too difficult 
to set up. And I found support was limited. Now I was told ITDS WAT is 
just another packaging for the Softerra LDAP Browser V4R5. I do not know 
if this is correct. But I do know it works fine and was easy to set up -- 
neat and handy. And most important: support subscription is available. One 
limitation I did not solve so far: Only Windows internal certificate store 
is used. External certificate store like PKCS#11 crypto tokens (smart 
cards on external reader hardware) are not used.

Cheers
Michael




Von:Timothy Sipples sipp...@sg.ibm.com
An: IBM-MAIN@LISTSERV.UA.EDU
Datum:  2014-09-18 08:23
Betreff:Re: LDAP Browser/Admin Utility
Gesendet von:   IBM Mainframe Discussion List IBM-MAIN@LISTSERV.UA.EDU



We did/do. You can use the IBM Tivoli Directory Server Web Administration
Tool to graphically browse and administer IBM Tivoli Directory Server for
z/OS using your Web browser. The directory data, that is. (Server
operations and base configuration -- starting/stopping, notably -- would 
be
through whatever z/OS facilities you prefer, typically via your preferred
automation tool.) Yes, IBM supports using the ITDS WAT to manage ITDS for
z/OS directory data.

You can host the ITDS Web Administration Tool on many different platforms.
Yes, including z/OS -- and that'd be my favorite for administering ITDS 
for
z/OS. You may need IBM WebSphere Application Server for z/OS as a
prerequisite, though I'm not 100% sure about that in my (too) quick
research.

By the way, IBM Security Directory Server is the preferred new name,
introduced quite recently. IBM is in the process of changing the name, so
you'll see both names depending on what documentation you're looking at. I
have no specific inside information, but I suspect ITDS will become ISDS 
in
the next release of z/OS. That release will of course include whatever new
functions and enhancements are planned, per normal.

Now, on to the big question Where do you get this fabulous ISDS Web
Administration Tool? Good question! I haven't immediately found an
*entirely* satisfactory (to me) answer to that simple question. It seems 
to
be one of IBM's best kept secrets, so secret that IBM didn't even mention
WAT in the 2011 ITDS for z/OS redbook as far as I can tell. That's pretty
secret! I'll defer to one of my colleagues (or somebody else) to answer
that question (apologize?) more fully in a follow-up post.

In the meantime, if you're in a rush, my 98%-satisfactory answer is that
you can download ITDS/ISDS for your X86 Linux or Windows system -- such as
your PC desktop or laptop -- starting from this Web site (current as I
write this, and watch the wrap):

http://www14.software.ibm.com/webapp/download/product.jsp?cat=fam=s=zid=SEBR-5YPMQXpf=k=ALLq=dt=v=rs=S_TACT=104AH

+W42S_CMP=sb=rsr=1

Install (or at least unpack) ISDS on your PC, install/run the ISDS Web
Administration Tool (specifically), and point it to your ITDS for z/OS
server. Your download should include a small(ish) run-time edition of
WebSphere Application Server sufficient to run the ISDS Web Administration
Tool, so you shouldn't have to download anything else.

That'll at least let you explore all the functionality in the ISDS Web
Administration Tool to decide whether you like it. (I hope you do.) 
When/if
you want to host the ISDS Web Administration Tool on z/OS, no problem. Of
course you can move it on your own to your WAS for z/OS server (at least
that) -- that should be rather straightforward -- but watch for a 
potential
better answer in a follow-up post. Or ask your friendly IBM
representative. You also have the option to host the ISDS Web
Administration Tool on Linux on z, and that particular server download is
also available via the Web link above.

Support entitlement could potentially be a separate issue. Please ask your
friendly IBM representative about that, too. Obviously you get your ITDS
for z/OS support from IBM as part of your z/OS support entitlement. Make
sure you clarify and, if necessary, obtain your support entitlement for
ISDS WAT before you seriously rely on it.

Sorry that this ISDS WAT is so well hidden. It shouldn't be. If I get a
vote it'd be nice to pull the ISDS WAT into z/OS Management Facility.


Timothy Sipples
IT Architect Executive, zEnterprise Industry Solutions, AP/GCG/MEA
E-Mail: sipp...@sg.ibm.com

Re: LDAP Browser/Admin Utility

2014-09-18 Thread Timothy Sipples
We did/do. You can use the IBM Tivoli Directory Server Web Administration
Tool to graphically browse and administer IBM Tivoli Directory Server for
z/OS using your Web browser. The directory data, that is. (Server
operations and base configuration -- starting/stopping, notably -- would be
through whatever z/OS facilities you prefer, typically via your preferred
automation tool.) Yes, IBM supports using the ITDS WAT to manage ITDS for
z/OS directory data.

You can host the ITDS Web Administration Tool on many different platforms.
Yes, including z/OS -- and that'd be my favorite for administering ITDS for
z/OS. You may need IBM WebSphere Application Server for z/OS as a
prerequisite, though I'm not 100% sure about that in my (too) quick
research.

By the way, IBM Security Directory Server is the preferred new name,
introduced quite recently. IBM is in the process of changing the name, so
you'll see both names depending on what documentation you're looking at. I
have no specific inside information, but I suspect ITDS will become ISDS in
the next release of z/OS. That release will of course include whatever new
functions and enhancements are planned, per normal.

Now, on to the big question Where do you get this fabulous ISDS Web
Administration Tool? Good question! I haven't immediately found an
*entirely* satisfactory (to me) answer to that simple question. It seems to
be one of IBM's best kept secrets, so secret that IBM didn't even mention
WAT in the 2011 ITDS for z/OS redbook as far as I can tell. That's pretty
secret! I'll defer to one of my colleagues (or somebody else) to answer
that question (apologize?) more fully in a follow-up post.

In the meantime, if you're in a rush, my 98%-satisfactory answer is that
you can download ITDS/ISDS for your X86 Linux or Windows system -- such as
your PC desktop or laptop -- starting from this Web site (current as I
write this, and watch the wrap):

http://www14.software.ibm.com/webapp/download/product.jsp?cat=fam=s=zid=SEBR-5YPMQXpf=k=ALLq=dt=v=rs=S_TACT=104AH
+W42S_CMP=sb=rsr=1

Install (or at least unpack) ISDS on your PC, install/run the ISDS Web
Administration Tool (specifically), and point it to your ITDS for z/OS
server. Your download should include a small(ish) run-time edition of
WebSphere Application Server sufficient to run the ISDS Web Administration
Tool, so you shouldn't have to download anything else.

That'll at least let you explore all the functionality in the ISDS Web
Administration Tool to decide whether you like it. (I hope you do.) When/if
you want to host the ISDS Web Administration Tool on z/OS, no problem. Of
course you can move it on your own to your WAS for z/OS server (at least
that) -- that should be rather straightforward -- but watch for a potential
better answer in a follow-up post. Or ask your friendly IBM
representative. You also have the option to host the ISDS Web
Administration Tool on Linux on z, and that particular server download is
also available via the Web link above.

Support entitlement could potentially be a separate issue. Please ask your
friendly IBM representative about that, too. Obviously you get your ITDS
for z/OS support from IBM as part of your z/OS support entitlement. Make
sure you clarify and, if necessary, obtain your support entitlement for
ISDS WAT before you seriously rely on it.

Sorry that this ISDS WAT is so well hidden. It shouldn't be. If I get a
vote it'd be nice to pull the ISDS WAT into z/OS Management Facility.


Timothy Sipples
IT Architect Executive, zEnterprise Industry Solutions, AP/GCG/MEA
E-Mail: sipp...@sg.ibm.com
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


Re: LDAP Browser/Admin Utility

2014-09-18 Thread Roger Lowe
On Wed, 17 Sep 2014 21:02:03 +, Klein, Kevin k.kl...@gwccnet.com wrote:

z/OS 1.13 using Tivoli Directory Server LDAP.

This is more of a What are other companies doing? question.   We started 
using LDAP about a decade ago when it was still under Security Server.  I 
found a freeware version of an LDAP browser/admin tool back then and it has 
more or less been our company standard since.

We're starting to get into heavier use of our LDAP and are starting to have 
some misgivings about using a freeware tool to maintain what is becoming a 
mission-critical database/app/repository.  Not to a point, mind you, where 
we'd be willing to spend money on something.

This post is to poll other z/OS (TDS) users to ask what you're using to for 
your LDAP tool(s)?  I know there are several free/shareware tools out there 
for this type of work.

Put another way, I got the following from my mgmt., I find it hard that IBM 
did not ship product with some user admin presentation side to administer the 
repository.

We have been running LDAP Servers on z for quite a few years now. We started 
off using a freeware utility for browsing/administering the LDAP Servers but 
found that after each z/OS upgrade or maintenance, the freeware utility didn't 
handle certain things. We have now bought  Softerra LDAP Administrator/Browser 
and have had no issues to date browsing or administering LDAP Servers on z.

Roger

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


LDAP Browser/Admin Utility

2014-09-17 Thread Klein, Kevin
z/OS 1.13 using Tivoli Directory Server LDAP.

This is more of a What are other companies doing? question.   We started 
using LDAP about a decade ago when it was still under Security Server.  I found 
a freeware version of an LDAP browser/admin tool back then and it has more or 
less been our company standard since.

We're starting to get into heavier use of our LDAP and are starting to have 
some misgivings about using a freeware tool to maintain what is becoming a 
mission-critical database/app/repository.  Not to a point, mind you, where we'd 
be willing to spend money on something.

This post is to poll other z/OS (TDS) users to ask what you're using to for 
your LDAP tool(s)?  I know there are several free/shareware tools out there for 
this type of work.

Put another way, I got the following from my mgmt., I find it hard that IBM 
did not ship product with some user admin presentation side to administer the 
repository.


Attention:The information contained in this message and or attachments is 
intended only for the person or entity to which it is addressed and may contain 
confidential and/or privileged material.  Any review, retransmission, 
dissemination or other use of, or taking of any action in reliance upon, this 
information by persons or entities other than the intended recipient is 
prohibited. If you received this in error, please contact the sender and delete 
the material from any system and destroy any copies.  (GWCC)

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


Re: LDAP Browser/Admin Utility

2014-09-17 Thread Mike Schwab
I'd get rid of those USS ported tools too.  All of it is freeware,
none of it written by commercial software.  Applies to z/Linux too
(except the Mainframe I/O stuff).

On Wed, Sep 17, 2014 at 4:02 PM, Klein, Kevin k.kl...@gwccnet.com wrote:
 z/OS 1.13 using Tivoli Directory Server LDAP.

 This is more of a What are other companies doing? question.   We started 
 using LDAP about a decade ago when it was still under Security Server.  I 
 found a freeware version of an LDAP browser/admin tool back then and it has 
 more or less been our company standard since.

 We're starting to get into heavier use of our LDAP and are starting to have 
 some misgivings about using a freeware tool to maintain what is becoming a 
 mission-critical database/app/repository.  Not to a point, mind you, where 
 we'd be willing to spend money on something.

 This post is to poll other z/OS (TDS) users to ask what you're using to for 
 your LDAP tool(s)?  I know there are several free/shareware tools out there 
 for this type of work.

 Put another way, I got the following from my mgmt., I find it hard that IBM 
 did not ship product with some user admin presentation side to administer the 
 repository.


 Attention:The information contained in this message and or attachments is 
 intended only for the person or entity to which it is addressed and may 
 contain confidential and/or privileged material.  Any review, retransmission, 
 dissemination or other use of, or taking of any action in reliance upon, this 
 information by persons or entities other than the intended recipient is 
 prohibited. If you received this in error, please contact the sender and 
 delete the material from any system and destroy any copies.  (GWCC)

 --
 For IBM-MAIN subscribe / signoff / archive access instructions,
 send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN



-- 
Mike A Schwab, Springfield IL USA
Where do Forest Rangers go to get away from it all?

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN