How To Add of a GROUP and with CA

Document ID : KB000010693
Last Modified Date : 14/02/2018
Show Technical Document Details



- I took a working ldif for adding a profile as it follows: 

changetype: add 
objectClass: tssproflist 

and tried to adapt the hierachy for groups, but I had no way to be successful. 

z/OS TSS r16.0 CA Ldap r15.1



- Indeed it's quite simple. PROFILE and GROUP work the same.


- To add a GROUP or remove a GROUP, you have to use the same syntax like for the profile. 

   I.e. replace your profile name with the group name you want to add. 


- And to add a DFLTGRP to an acid, here it is a ldif file:

dn: tssacid=myacid,tssadmingrp=acids,host=myhost,o=ca,c=us 
changetype: modify 
replace: OMVS-Dflt-Group 


Additional Information:


- Per TSS doc: 

You can add a group, but there is no before/after. For this reason the GROUP attribute is not a separate object like a profile, it's an attribute on the base acid DN. 

- Per LDAP doc: 

attribute groups is to be used to add a group or groups to an acid. It's also doc'd as multi value.