Novell Doc: Novell Identity Manager 3.6.1 Driver for Mainframes: RACF Implementation Guide

2.5 Installing the Driver Shim

You can install the driver shim on an eDirectory server, or you can use the Java Remote Loader to install the driver shim on z/OS.

Because the driver shim uses Telnet to access the RACF Event Subsystem, we recommend that you use the Remote Loader. If your network security can ensure the privacy of the transmitted data, you can install the driver shim on an eDirectory server. This section includes the following topics:

2.5.1 Installing the Driver Shim on z/OS Using the Java Remote Loader

Before you can install the driver shim on z/OS, you must install the Java Remote Loader. The Java Remote Loader requires Java. If you have not already installed Java on z/OS, you must install it first.

Installing Java on z/OS

The Java Remote Loader requires Java. If you have not installed and configured Java on the target z/OS system, you must do so now.

To install Java on z/OS:

Obtain and install Java 2 Technology Edition from the IBM Java 2 on the z/OS Platforms Web site.

Be sure to install the prerequisite APARs, and to review the install information, restrictions, and other considerations detailed on the Web site.

Add the following lines to your /etc/profile:

#  Java installation directory
export JAVA_HOME=your_Java_Installation_Directory
export PATH=$JAVA_HOME/bin:$PATH

Substitute the name of your Java installation directory for your_Java_Installation_Directory. Example:

export JAVA_HOME=/usr/lpp/java/IBM/J1.4

Java 1.4 does not require a classpath for standard Java classes as long as the directory structure is maintained.

Java runtime options can be passed using the environment variable IBM_JAVA_OPTIONS. For example, to turn on verbose mode:

export IBM_JAVA_OPTIONS=-verbose

Installing the Driver Shim Using the Identity Manager Remote Loader for z/OS

Consult the IBM Web site to determine and, if necessary, install the correct Java software for your implementation of z/OS.
Obtain the zos_remoteloader.tar from the Identity Manager installation media and transfer it to your z/OS RACF system, using ftp. Enter the following commands:
1. ftp hostname
  
  where hostname is the name of your z/OS server.
2. Authenticate to z/OS using your user ID and password.
3. Change to the installation directory. For example:
  
  cd /usr/dirxml
4. binary
5. put zos_remoteloader.tar
6. quit

Extract the contents of zos_remoteloader.tar into your installation directory, as follows:

Change to the installation directory. For example:

cd /usr/dirxml

tar xvf zos_remoteloader.tar

This creates the following files and directories in your installation directory:

File	Contents
config.txt	sample configuration file
create_keystore	sample script to create keystore
dirxml_jremote	sample script to run Remote Loader
lib	java .jar files
doc	documentation

Set the loader and driver passwords. For example:

./dirxml_jremote -sp loaderpassword driverpassword
Configure the Remote Loader for SSL.

For more information, see the section on “Setting Up a Connected System” in the Identity Manager 3.6.1 Administration Guide.
Start the Remote Loader on z/OS.

You can start the Remote Loader either from the command line or as a started task.

If you plan on using latter method, you will first need to set up the started task as explained in Section 2.5.2, Setting Up the Remote Loader Started Task.

Once you are ready to start the Remote Loader, see Section 4.5.3, Starting the z/OS Remote Loader for more information.
Continue with “Configuring the Driver Shim.”

Configuring the Driver Shim

IMPORTANT:If you did not include the RACF driver during your Identity Manager installation, run that installation program again, ensuring that you select the RACF driver check box.

In iManager, select Identity Manager Utilities > Create Driver, and designate the driver set for the new driver.
Choose Import a Driver Configuration from the Server > RACF.xml. Respond to the prompts.

NOTE:You will be asked to enter information from the RACF Event Subsystem installation.
Start the driver in eDirectory.

NOTE:If you are upgrading from a previous version of the RACF driver, you will need to restart eDirectory before you start the driver.
Test according to your installation plan.
Customize the preconfigured starter set policies as appropriate for your deployment plan.

2.5.2 Setting Up the Remote Loader Started Task

The sample JCL for the Remote Loader Task is in LDXDRVRP. You will need to copy LDXDRVRP from the samples library to your started task procedure library. You will need to copy three more members of the samples library to your Remote Loader installation directory. Once these files are in place, you will need to customize text variables within their code as follows:

Variable	Replace It With...	Example
<directory>	The directory where the remote loader is installed.	/usr/dirxml
<loadlib>	The load library dataset name.	LDX.LOAD
<samplib>	The samples library dataset name.	LDX.SAMPLIB
<logfile>	The log file dataset name.	LDX.LOGFILE

To set up the Remote Loader started task:

Copy member LDXDRVRP from the samples library to your started task procedure library (SYS1.PROCLIB or its equivalent). You can give the Remote Loader started task a different name if necessary.

Copy the following members to your Remote Loader installation directory:

Member	File Name in Directory
STDENV	driverstc.stdenv
START	START
STOP	STOP

NOTE:File names are case-sensitive.

You can use TSO commands to make these copies. For example:

oput '<samplib>(STDENV)' '<directory>/driverstc.stdenv'

oshell chmod 644 <directory>/driverstc.stdenv

oput '<samplib>(START)' '<directory>/START'

oshell chmod 755 <directory>/START

oput '<samplib>(STOP)' '<directory>/STOP'

shell chmod 755 <directory>/STOP

Customize the text variables within the code for all of the items copied to the started task procedure library and Remote Loader installation directory, according to your specific library, file, and directory names.