LDAP and MIMS Security on Unix

[Glen]

Is anyone using a MIMS system under Unix while authenticating their users in the LDAP universe? I can see that there is a lot of code in MIMS which should allow this, but it may not be complete or available to HP-UX TP systems. It sure would be nice for my users to only need one ID and password....

Thanks,
Glen


Glen Colbert
gcolbert@rag-american.com

 

[mrmad]

I partially investigated the use of LDAP with Ellipse. The solution that seemed most likely was the implementation of DCE. A portion of DCE is installed with CICS. However this by itself does not provide the necessary integration. IBM's DCE v3.2 does provide LDAP integration though the documentation is aimed at AIX and Solaris.

Earlier releases of DCE do not appear to support LDAP.
I have a few PDF's covering various aspects of the product.

Jerome Green
jerome.green@westernpower.com.au

 

[blakej]

Mincom has told me that they will support LADP, with TXSeries 5 ( but requires patches/new PTF from IBM),
in an up coming Ellipse release.
So I guess the news is that it will not be backfitted to TP.

 

[sjwales]

Have you got any details on this yet? We're in the process of implementing Ellipse 5.2.1.5 on TX Series 5 and my last enquiry to Mincom a month or so ago didn't have much more to add than that. (CICS 5 and a few patches etc).

If you have any more information, I'd love to see it.

Steve Wales
stephen.wales@riotinto.com

 

[mrmad]

Speaking with Mincom a couple of weeks ago I raised the question of LDAP integration and Ellipse 5.2.3.
The response was that they were only now starting to look at it. Certainly not available(out of the box) for 5.2.3.

Jerome Green
jerome.green@westernpower.com.au

 

[gch66]

We are in the process of finalising LDAP, active directory and enhanced external security into Ellipse. These changes are being targeted for service pack 5. The changes are also built upon TXseries Version 5 plus some additional ptfs to enable an external security exit.

The security will be for authentication only. The preferred model for unix customers is to implement LDAP underneath PAM as this offers the most flexibility in terms of plugging other security infrastructure. It will be possible however to make a direct link to LDAP if required.

Feel free to ask if more details if required.

Regards
Craig Hurst

 

[Glen]

Thanks Craig. Any idea what version this will make it into?

Glen

Glen Colbert
gcolbert@rag-american.com

 

[KT027Q]

"Service Pack 5" is shorthand for Ellipse 5.2.3 Service Pack 5.

 

[mrmad]

Craig,

Is there anything on the cards with regard to LDAP integration on OS/390 and 5.2.3?

Jerome Green
jerome.green@westernpower.com.au

 

[gch66]

Jerome,

RACF i believe has hooks into LDAP and host authentication via racf is already in MIMS and Ellipse. I will have a look at the extent of this but the thinking is that given RACF has these hooks just be setting this up you would get LDAP integration straight away. In short I think this can happen already.

Regards
Craig