We are working with IBM to test connection from an LDAP to ACF2. What is the ACF2 equivalent of the RACF RACMAP command?

Document ID : KB000047974
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

The following RACF command maps an ID to a CICS ID:


 RACMAP ID(<ID>) MAP USERDIDFILTER(NAME('cn=<cn>, ou=<ou>, ou=<ou>, o=<o>'))     
 REGISTRY(NAME('*')) WITHLABEL('<label>') 
 SETROPTS RACLIST(IDIDMAP) REFRESH 

The RACMAP ACF2 equivalent is the ACF2 IDMAP User Profile Data Record.

Solution:

The IDMAP segment of the USER profile maps a distributed user to a CA ACF2 logonid. IDMAP records are used during system entry validation through the

InitACEE or RACROUTE VERIFY IDID parameter, usually when only the distributed user information is known.

Sample ACF2 IDMAP User Profile Data Record:


SET PROFILE(USER) DIVISION(IDMAP)
INSERT USER001.MAP1 IDLABEL(TEST1) IDMAPD(-    
OU=Auditing Department,O=Company Name,C=US) -                 
IDMAPRN(lpad://MyName.Test.com)                  
 
IDMAP / USER001.MAP1 LAST CHANGED BY ADMIN02 ON mm/dd/yy-hh:mm          
                    IDLABEL(TEST1)                                     
                    IDMAPDN(OU=Auditing Department,O=Company Name,C=US)
                    IDMAPRN(lpad://MyName.Test.com) 

Any changes to the IDMAP records become effective immediately. Old records are maintained in the table in a "no longer used" state. If many changes have been made, the table can be cleaned up by issuing the following console command:


 	F ACF2,IDMAP 

Details on the ACF2 IDMAP User profile record can be found in the CA ACF2 for z/OS r15 Administration Guide in Chapter 3: Maintaining Logonid Records

section 'USER Profile Records' sub-section 'IDMAP User Profile Data Records'