Re: LDAP Browser/Admin Utility
For my LDAP tree I need TLS client authentication including referral'ed binds. z/OS Unix LDAP client can do external bind using with ICSF crypto token or RACF key ring. But it fails with the second bind on the referral'ed GLDSRVR (I have z/OS V1R13, may be it will work in z/OS V2 but I do not have access to such installation). First I was playing with an open source Java based LDAP browser (JXplorer). This was doing what I need. But since I have no clue about Windows it was rather too difficult to set up. And I found support was limited. Now I was told ITDS WAT is just another packaging for the Softerra LDAP Browser V4R5. I do not know if this is correct. But I do know it works fine and was easy to set up -- neat and handy. And most important: support subscription is available. One limitation I did not solve so far: Only Windows internal certificate store is used. External certificate store like PKCS#11 crypto tokens (smart cards on external reader hardware) are not used. Cheers Michael Von:Timothy Sipples sipp...@sg.ibm.com An: IBM-MAIN@LISTSERV.UA.EDU Datum: 2014-09-18 08:23 Betreff:Re: LDAP Browser/Admin Utility Gesendet von: IBM Mainframe Discussion List IBM-MAIN@LISTSERV.UA.EDU We did/do. You can use the IBM Tivoli Directory Server Web Administration Tool to graphically browse and administer IBM Tivoli Directory Server for z/OS using your Web browser. The directory data, that is. (Server operations and base configuration -- starting/stopping, notably -- would be through whatever z/OS facilities you prefer, typically via your preferred automation tool.) Yes, IBM supports using the ITDS WAT to manage ITDS for z/OS directory data. You can host the ITDS Web Administration Tool on many different platforms. Yes, including z/OS -- and that'd be my favorite for administering ITDS for z/OS. You may need IBM WebSphere Application Server for z/OS as a prerequisite, though I'm not 100% sure about that in my (too) quick research. By the way, IBM Security Directory Server is the preferred new name, introduced quite recently. IBM is in the process of changing the name, so you'll see both names depending on what documentation you're looking at. I have no specific inside information, but I suspect ITDS will become ISDS in the next release of z/OS. That release will of course include whatever new functions and enhancements are planned, per normal. Now, on to the big question Where do you get this fabulous ISDS Web Administration Tool? Good question! I haven't immediately found an *entirely* satisfactory (to me) answer to that simple question. It seems to be one of IBM's best kept secrets, so secret that IBM didn't even mention WAT in the 2011 ITDS for z/OS redbook as far as I can tell. That's pretty secret! I'll defer to one of my colleagues (or somebody else) to answer that question (apologize?) more fully in a follow-up post. In the meantime, if you're in a rush, my 98%-satisfactory answer is that you can download ITDS/ISDS for your X86 Linux or Windows system -- such as your PC desktop or laptop -- starting from this Web site (current as I write this, and watch the wrap): http://www14.software.ibm.com/webapp/download/product.jsp?cat=fam=s=zid=SEBR-5YPMQXpf=k=ALLq=dt=v=rs=S_TACT=104AH +W42S_CMP=sb=rsr=1 Install (or at least unpack) ISDS on your PC, install/run the ISDS Web Administration Tool (specifically), and point it to your ITDS for z/OS server. Your download should include a small(ish) run-time edition of WebSphere Application Server sufficient to run the ISDS Web Administration Tool, so you shouldn't have to download anything else. That'll at least let you explore all the functionality in the ISDS Web Administration Tool to decide whether you like it. (I hope you do.) When/if you want to host the ISDS Web Administration Tool on z/OS, no problem. Of course you can move it on your own to your WAS for z/OS server (at least that) -- that should be rather straightforward -- but watch for a potential better answer in a follow-up post. Or ask your friendly IBM representative. You also have the option to host the ISDS Web Administration Tool on Linux on z, and that particular server download is also available via the Web link above. Support entitlement could potentially be a separate issue. Please ask your friendly IBM representative about that, too. Obviously you get your ITDS for z/OS support from IBM as part of your z/OS support entitlement. Make sure you clarify and, if necessary, obtain your support entitlement for ISDS WAT before you seriously rely on it. Sorry that this ISDS WAT is so well hidden. It shouldn't be. If I get a vote it'd be nice to pull the ISDS WAT into z/OS Management Facility. Timothy Sipples IT Architect Executive, zEnterprise Industry Solutions, AP/GCG/MEA E-Mail: sipp...@sg.ibm.com
Re: LDAP Browser/Admin Utility
We did/do. You can use the IBM Tivoli Directory Server Web Administration Tool to graphically browse and administer IBM Tivoli Directory Server for z/OS using your Web browser. The directory data, that is. (Server operations and base configuration -- starting/stopping, notably -- would be through whatever z/OS facilities you prefer, typically via your preferred automation tool.) Yes, IBM supports using the ITDS WAT to manage ITDS for z/OS directory data. You can host the ITDS Web Administration Tool on many different platforms. Yes, including z/OS -- and that'd be my favorite for administering ITDS for z/OS. You may need IBM WebSphere Application Server for z/OS as a prerequisite, though I'm not 100% sure about that in my (too) quick research. By the way, IBM Security Directory Server is the preferred new name, introduced quite recently. IBM is in the process of changing the name, so you'll see both names depending on what documentation you're looking at. I have no specific inside information, but I suspect ITDS will become ISDS in the next release of z/OS. That release will of course include whatever new functions and enhancements are planned, per normal. Now, on to the big question Where do you get this fabulous ISDS Web Administration Tool? Good question! I haven't immediately found an *entirely* satisfactory (to me) answer to that simple question. It seems to be one of IBM's best kept secrets, so secret that IBM didn't even mention WAT in the 2011 ITDS for z/OS redbook as far as I can tell. That's pretty secret! I'll defer to one of my colleagues (or somebody else) to answer that question (apologize?) more fully in a follow-up post. In the meantime, if you're in a rush, my 98%-satisfactory answer is that you can download ITDS/ISDS for your X86 Linux or Windows system -- such as your PC desktop or laptop -- starting from this Web site (current as I write this, and watch the wrap): http://www14.software.ibm.com/webapp/download/product.jsp?cat=fam=s=zid=SEBR-5YPMQXpf=k=ALLq=dt=v=rs=S_TACT=104AH +W42S_CMP=sb=rsr=1 Install (or at least unpack) ISDS on your PC, install/run the ISDS Web Administration Tool (specifically), and point it to your ITDS for z/OS server. Your download should include a small(ish) run-time edition of WebSphere Application Server sufficient to run the ISDS Web Administration Tool, so you shouldn't have to download anything else. That'll at least let you explore all the functionality in the ISDS Web Administration Tool to decide whether you like it. (I hope you do.) When/if you want to host the ISDS Web Administration Tool on z/OS, no problem. Of course you can move it on your own to your WAS for z/OS server (at least that) -- that should be rather straightforward -- but watch for a potential better answer in a follow-up post. Or ask your friendly IBM representative. You also have the option to host the ISDS Web Administration Tool on Linux on z, and that particular server download is also available via the Web link above. Support entitlement could potentially be a separate issue. Please ask your friendly IBM representative about that, too. Obviously you get your ITDS for z/OS support from IBM as part of your z/OS support entitlement. Make sure you clarify and, if necessary, obtain your support entitlement for ISDS WAT before you seriously rely on it. Sorry that this ISDS WAT is so well hidden. It shouldn't be. If I get a vote it'd be nice to pull the ISDS WAT into z/OS Management Facility. Timothy Sipples IT Architect Executive, zEnterprise Industry Solutions, AP/GCG/MEA E-Mail: sipp...@sg.ibm.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: LDAP Browser/Admin Utility
On Wed, 17 Sep 2014 21:02:03 +, Klein, Kevin k.kl...@gwccnet.com wrote: z/OS 1.13 using Tivoli Directory Server LDAP. This is more of a What are other companies doing? question. We started using LDAP about a decade ago when it was still under Security Server. I found a freeware version of an LDAP browser/admin tool back then and it has more or less been our company standard since. We're starting to get into heavier use of our LDAP and are starting to have some misgivings about using a freeware tool to maintain what is becoming a mission-critical database/app/repository. Not to a point, mind you, where we'd be willing to spend money on something. This post is to poll other z/OS (TDS) users to ask what you're using to for your LDAP tool(s)? I know there are several free/shareware tools out there for this type of work. Put another way, I got the following from my mgmt., I find it hard that IBM did not ship product with some user admin presentation side to administer the repository. We have been running LDAP Servers on z for quite a few years now. We started off using a freeware utility for browsing/administering the LDAP Servers but found that after each z/OS upgrade or maintenance, the freeware utility didn't handle certain things. We have now bought Softerra LDAP Administrator/Browser and have had no issues to date browsing or administering LDAP Servers on z. Roger -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
LDAP Browser/Admin Utility
z/OS 1.13 using Tivoli Directory Server LDAP. This is more of a What are other companies doing? question. We started using LDAP about a decade ago when it was still under Security Server. I found a freeware version of an LDAP browser/admin tool back then and it has more or less been our company standard since. We're starting to get into heavier use of our LDAP and are starting to have some misgivings about using a freeware tool to maintain what is becoming a mission-critical database/app/repository. Not to a point, mind you, where we'd be willing to spend money on something. This post is to poll other z/OS (TDS) users to ask what you're using to for your LDAP tool(s)? I know there are several free/shareware tools out there for this type of work. Put another way, I got the following from my mgmt., I find it hard that IBM did not ship product with some user admin presentation side to administer the repository. Attention:The information contained in this message and or attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any system and destroy any copies. (GWCC) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: LDAP Browser/Admin Utility
I'd get rid of those USS ported tools too. All of it is freeware, none of it written by commercial software. Applies to z/Linux too (except the Mainframe I/O stuff). On Wed, Sep 17, 2014 at 4:02 PM, Klein, Kevin k.kl...@gwccnet.com wrote: z/OS 1.13 using Tivoli Directory Server LDAP. This is more of a What are other companies doing? question. We started using LDAP about a decade ago when it was still under Security Server. I found a freeware version of an LDAP browser/admin tool back then and it has more or less been our company standard since. We're starting to get into heavier use of our LDAP and are starting to have some misgivings about using a freeware tool to maintain what is becoming a mission-critical database/app/repository. Not to a point, mind you, where we'd be willing to spend money on something. This post is to poll other z/OS (TDS) users to ask what you're using to for your LDAP tool(s)? I know there are several free/shareware tools out there for this type of work. Put another way, I got the following from my mgmt., I find it hard that IBM did not ship product with some user admin presentation side to administer the repository. Attention:The information contained in this message and or attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any system and destroy any copies. (GWCC) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- Mike A Schwab, Springfield IL USA Where do Forest Rangers go to get away from it all? -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN