Identity Manager 3.6.1 Driver for Mainframes: RACF Driver Shim Installation Quick Start

June 5, 2009

1.0 RACF* Driver Shim Installation

This Quick Start provides basic steps for installing the driver shim of the Novell Identity Manager Driver for RACF on mainframes (z/OS* operating system). It condenses information from other documentation that includes more details and additional tasks required to install, configure, and deploy the driver.

Before installing driver components, obtain the latest support pack and product updates, and review the release notes and readme files. For the latest support information, see the Novell Support Web site.

1.1 Required Knowledge and Skills

This Quick Start assumes you are familiar with Identity Manager and its z/OS RACF driver, Novell eDirectory™, and the administration of the z/OS RACF platform(s) to which you plan to connect Identity Manager.

For more information about installing the driver, as well as other suggested documentation, see the Identity Manager 3.6.1 Driver for Mainframes: RACF Implementation Guide at the Identity Manager 3.6.1 Drivers Documentation Web site.

1.2 Software Requirements

Verify you are running Identity Manager 3.6.1 and required versions of eDirectory, iManager, z/OS and RACF. For more on these requirements, see the related readme files on the Identity Manager Documentation Web site.

1.3 Installing and Configuring the Driver Shim

The RACF Event Subsystem must be installed before you install the driver shim.You can install the driver shim on an eDirectory server that has the Identity Manager engine installed, or you can use the Java Remote Loader to install the driver shim on z/OS.

Because the driver shim uses Telnet to access the RACF Event Subsystem, we recommend that you use the Remote Loader. If your network security can ensure the privacy of the transmitted data, you can install the driver shim on an eDirectory server.

Installing the Driver Shim Using the Identity Manager Remote Loader for z/OS

  1. Consult the IBM Web site to determine and, if necessary, install the correct Java* software for your implementation of z/OS.

  2. Obtain the zos_remoteloader.tar from the Identity Manager installation media and transfer it to your z/OS RACF system, using ftp. Enter the following commands:

    1. ftp hostname

      where hostname is the name of your z/OS server.

    2. Authenticate to z/OS using your user ID and password.

    3. Change to the installation directory. For example:

      cd /usr/dirxml

    4. binary

    5. put zos_remoteloader.tar

    6. quit

  3. Extract the contents of zos_remoteloader.tar into your installation directory, as follows:

    Change to the installation directory and enter the command to extract. For example:

    cd /usr/dirxml

    tar xvf zos_remoteloader.tar

    This creates the following files and directories in your installation directory:

    File

    Contents

    config.txt

    sample configuration file

    create_keystore

    sample script to create keystore

    dirxml_jremote

    sample script to run Remote Loader

    lib

    java .jar files

    doc

    documentation

  4. Set the loader and driver passwords. For example:

    ./dirxml_jremote -sp loaderpassword driverpassword

  5. Configure the Remote Loader for SSL.

    For more information, see the section on “Setting Up a Connected System“ in the Identity Manager 3.6.1 Administration Guide.

  6. Start the Remote Loader on z/OS.

    You can start the Remote Loader either from the command line or as a started task.

    If you plan on using the latter method, you will first need to set up the started task.

    For more information on setting up a started task and starting the Remote Loader, see the Identity Manager 3.6.1 Driver for Mainframes: RACF Implementation Guide.

  7. Continue with “Configuring the Driver Shim.”

Configuring the Driver Shim

IMPORTANT:If you did not include the RACF driver during your Identity Manager installation, run that installation program again, ensuring that you select the RACF driver check box.

  1. In iManager, select Identity Manager Utilities > Create Driver, and designate the driver set for the new driver.

  2. Choose Import a Driver Configuration from the Server > RACF.xml. Respond to the prompts.

    NOTE:You will be asked to enter information from the RACF Event Subsystem installation.

  3. Start the driver in eDirectory.

    NOTE:If you are upgrading from a previous version of the RACF driver, you will need to restart eDirectory before you start the driver.

  4. Test according to your installation plan.

  5. Customize the preconfigured starter set policies as appropriate for your deployment plan.

2.0 Legal Notice

Copyright © 2004, 2007-2009 Omnibond Systems, LLC. All rights reserved. Licensed to Novell, Inc. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher. For Novell trademarks, see the Novell Trademark and Service Mark list. All third-party products are the property of their respective owners. A trademark symbol (®, TM, etc.) denotes a Novell trademark; an asterisk (*) denotes a third-party trademark.