You can install the driver shim on an eDirectory server, or you can use the Java Remote Loader to install the driver shim on z/OS.
Because the driver shim uses Telnet to access the RACF Event Subsystem, we recommend that you use the Remote Loader. If your network security can ensure the privacy of the transmitted data, you can install the driver shim on an eDirectory server. This section includes the following topics:
Before you can install the driver shim on z/OS, you must install the Java Remote Loader. The Java Remote Loader requires Java. If you have not already installed Java on z/OS, you must install it first.
The Java Remote Loader requires Java. If you have not installed and configured Java on the target z/OS system, you must do so now.
To install Java on z/OS:
Obtain and install Java 2 Technology Edition from the IBM Java 2 on the z/OS Platforms Web site.
Be sure to install the prerequisite APARs, and to review the install information, restrictions, and other considerations detailed on the Web site.
Add the following lines to your /etc/profile:
# Java installation directory
export JAVA_HOME=your_Java_Installation_Directory
export PATH=$JAVA_HOME/bin:$PATH
Substitute the name of your Java installation directory for your_Java_Installation_Directory. Example:
export JAVA_HOME=/usr/lpp/java/IBM/J1.4
Java 1.4 does not require a classpath for standard Java classes as long as the directory structure is maintained.
Java runtime options can be passed using the environment variable IBM_JAVA_OPTIONS. For example, to turn on verbose mode:
export IBM_JAVA_OPTIONS=-verbose
Consult the IBM Web site to determine and, if necessary, install the correct Java software for your implementation of z/OS.
Obtain the zos_remoteloader.tar from the Identity Manager installation media and transfer it to your z/OS RACF system, using ftp. Enter the following commands:
ftp hostname
where hostname is the name of your z/OS server.
Authenticate to z/OS using your user ID and password.
Change to the installation directory. For example:
cd /usr/dirxml
binary
put zos_remoteloader.tar
quit
Extract the contents of zos_remoteloader.tar into your installation directory, as follows:
Change to the installation directory. For example:
cd /usr/dirxml
tar xvf zos_remoteloader.tar
This creates the following files and directories in your installation directory:
Set the loader and driver passwords. For example:
./dirxml_jremote -sp loaderpassword driverpassword
Configure the Remote Loader for SSL.
For more information, see the section on “Setting Up a Connected System” in the Identity Manager 3.6.1 Administration Guide.
Start the Remote Loader on z/OS.
You can start the Remote Loader either from the command line or as a started task.
If you plan on using latter method, you will first need to set up the started task as explained in Section 2.5.2, Setting Up the Remote Loader Started Task.
Once you are ready to start the Remote Loader, see Section 4.5.3, Starting the z/OS Remote Loader for more information.
Continue with “Configuring the Driver Shim.”
IMPORTANT:If you did not include the RACF driver during your Identity Manager installation, run that installation program again, ensuring that you select the RACF driver check box.
In iManager, select
> , and designate the driver set for the new driver.Choose
> . Respond to the prompts.NOTE:You will be asked to enter information from the RACF Event Subsystem installation.
Start the driver in eDirectory.
NOTE:If you are upgrading from a previous version of the RACF driver, you will need to restart eDirectory before you start the driver.
Test according to your installation plan.
Customize the preconfigured starter set policies as appropriate for your deployment plan.
The sample JCL for the Remote Loader Task is in LDXDRVRP. You will need to copy LDXDRVRP from the samples library to your started task procedure library. You will need to copy three more members of the samples library to your Remote Loader installation directory. Once these files are in place, you will need to customize text variables within their code as follows:
To set up the Remote Loader started task:
Copy member LDXDRVRP from the samples library to your started task procedure library (SYS1.PROCLIB or its equivalent). You can give the Remote Loader started task a different name if necessary.
Copy the following members to your Remote Loader installation directory:
NOTE:File names are case-sensitive.
You can use TSO commands to make these copies. For example:
oput '<samplib>(STDENV)' '<directory>/driverstc.stdenv'
oshell chmod 644 <directory>/driverstc.stdenv
oput '<samplib>(START)' '<directory>/START'
oshell chmod 755 <directory>/START
oput '<samplib>(STOP)' '<directory>/STOP'
shell chmod 755 <directory>/STOP
Customize the text variables within the code for all of the items copied to the started task procedure library and Remote Loader installation directory, according to your specific library, file, and directory names.