ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzalv_5.4.0.1/rzalvlookupinfodef.htm

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
  PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Lookup information" />
<meta name="abstract" content="Use this information to learn how you can use this optional data to further identify a target user identity that Enterprise Identity Mapping (EIM) APIs can use during a mapping lookup operation to further refine the search for the target user identity that is the object of the operation." />
<meta name="description" content="Use this information to learn how you can use this optional data to further identify a target user identity that Enterprise Identity Mapping (EIM) APIs can use during a mapping lookup operation to further refine the search for the target user identity that is the object of the operation." />
<meta name="DC.Relation" scheme="URI" content="rzalveserverassoc.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2002, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2002, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzalvlookupinfodef" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Lookup information</title>
</head>
<body id="rzalvlookupinfodef"><a name="rzalvlookupinfodef"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Lookup information</h1>
<div><p>Use this information to learn how you can use this optional data
to further identify a target user identity that Enterprise Identity Mapping
(EIM) APIs can use during a mapping lookup operation to further refine the
search for the target user  identity that is the object of the operation.</p>
<p>In this release you can provide <em>optional</em> data called lookup information
to further identify a target user identity. This target user identity can
be specified either in an identifier association or in a policy association.
Lookup information is a unique character string  that either the <samp class="codeph">eimGetTargetFromSource</samp> EIM
API or the <samp class="codeph">eimGetTargetFromIdentifier</samp>  EIM API can use during
a mapping lookup operation to further refine the search for the target user
identity that is the object of the operation. Data that you specify for lookup
information corresponds to the registry users additional information parameter
for these EIM APIs. </p>
<p>Lookup information is necessary only when a mapping lookup operation can
return more than one target user identity. A mapping lookup operation can
return multiple target user identities when one or more of the following situations
exist:  </p>
<ul><li>An EIM identifier has multiple individual target associations to the same
target registry. </li>
<li>More than one EIM identifier has the same user identity specified in a
source association and each of these EIM identifiers has a target association
to the same target registry, although the user identity specified for each
target association may be different.</li>
<li>More than one default domain policy association specifies the same target
registry.</li>
<li>More than one default registry policy association specifies the same source
registry and the same target registry.</li>
<li>More than one certificate filter policy association specifies the same
source X.509 registry, certificate filter, and target registry.</li>
</ul>
<div class="note"><span class="notetitle">Note:</span> A mapping lookup operation that returns more than one target user identity
can create problems for EIM-enabled applications, including i5/OS™ applications
and products, that are not designed to handle these ambiguous results. However,
base i5/OS applications
such as iSeries™ Access
for Windows<sup>®</sup> can
not use lookup information to distinguish among multiple target user identities
returned by a lookup operation. Consequently, you might consider redefining
associations for the domain to ensure that a mapping lookup operation can
return a single target user identity to ensure that base i5/OS applications
can successfully perform lookup operations and map identities.</div>
<p>You can use lookup information to avoid situations where it is possible
for mapping lookup operations to return more than one target user identity.
To prevent mapping lookup operations from returning multiple target user identities,
you must define unique lookup information for each target user identity in
each association. This lookup information must be provided to the mapping
lookup operation to ensure that the operation can return a unique target user
identity. Otherwise, applications that rely on EIM may not be able to determine
the exact target identity to use. </p>
<p>For example, you have an EIM identifier named <samp class="codeph">John Day</samp> who
has two user profiles on System A. One of these user profiles is <samp class="codeph">JDUSER</samp> on
System A and another is <samp class="codeph">JDSECADM</samp>, which has security administrator
special authority. There are two target association for the John Day identifier.
One of these target associations is for the <samp class="codeph">JDUSER</samp> user identity
in the target registry of <samp class="codeph">System_A</samp> and has lookup information
of <samp class="codeph">user authority</samp> specified for <samp class="codeph">JDUSER</samp>.
The other target association is for the <samp class="codeph">JDSECADM</samp> user identity
in the target registry of <samp class="codeph">System_A</samp> and has lookup information
of <samp class="codeph">security officer</samp> specified for <samp class="codeph">JDSECADM</samp>. </p>
<p>If a mapping lookup operation does not specify any lookup information,
the lookup operation returns both the <samp class="codeph">JDUSER</samp> and the<samp class="codeph">JDSECADM</samp> user
identities. If a mapping lookup operation specifies lookup information of <samp class="codeph">user
authority</samp>, the lookup operation returns the <samp class="codeph">JDUSER</samp> user
identity only. If a mapping lookup operation specifies lookup information
of <samp class="codeph">security officer</samp>, the lookup operation returns the <samp class="codeph">JDSECADM</samp> user
identity only. </p>
<div class="note"><span class="notetitle">Note:</span> If you delete the last target association for a user identity (whether
it  is an identifier association or a policy association), the target user
identity and all lookup  information is deleted from the domain as well. </div>
<p>Because you can use certificate policy associations and other associations
in a variety of overlapping ways, you should have a thorough understanding
of both EIM <a href="rzalv_map_pol_support.htm#rzalv_map_pol_support">mapping policy support</a> and how <a href="rzalveservereimmaplookup.htm#rzalveservereimmaplookup">lookup operations</a> work before you create and use certificate
policy associations.</p>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzalveserverassoc.htm" title="This information explains how you can use associating identities in different user registries.">EIM associations</a></div>
</div>
</div>
</body>
</html>
Add readme and dist folders 2024-04-02 14:02:31 +00:00			`<?xml version="1.0" encoding="UTF-8"?>`
			`<!DOCTYPE html`
			`PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">`
			`<html lang="en-us" xml:lang="en-us">`
			`<head>`
			`<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />`
			`<meta name="security" content="public" />`
			`<meta name="Robots" content="index,follow" />`
			`<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />`
			`<meta name="DC.Type" content="concept" />`
			`<meta name="DC.Title" content="Lookup information" />`
			`<meta name="abstract" content="Use this information to learn how you can use this optional data to further identify a target user identity that Enterprise Identity Mapping (EIM) APIs can use during a mapping lookup operation to further refine the search for the target user identity that is the object of the operation." />`
			`<meta name="description" content="Use this information to learn how you can use this optional data to further identify a target user identity that Enterprise Identity Mapping (EIM) APIs can use during a mapping lookup operation to further refine the search for the target user identity that is the object of the operation." />`
			`<meta name="DC.Relation" scheme="URI" content="rzalveserverassoc.htm" />`
			`<meta name="copyright" content="(C) Copyright IBM Corporation 2002, 2006" />`
			`<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2002, 2006" />`
			`<meta name="DC.Format" content="XHTML" />`
			`<meta name="DC.Identifier" content="rzalvlookupinfodef" />`
			`<meta name="DC.Language" content="en-us" />`
			`<!-- All rights reserved. Licensed Materials Property of IBM -->`
			`<!-- US Government Users Restricted Rights -->`
			`<!-- Use, duplication or disclosure restricted by -->`
			`<!-- GSA ADP Schedule Contract with IBM Corp. -->`
			`<link rel="stylesheet" type="text/css" href="./ibmdita.css" />`
			`<link rel="stylesheet" type="text/css" href="./ic.css" />`
			`<title>Lookup information</title>`
			`</head>`
			`<body id="rzalvlookupinfodef"><a name="rzalvlookupinfodef"><!-- --></a>`
			`<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>`
			`<h1 class="topictitle1">Lookup information</h1>`
			`<div><p>Use this information to learn how you can use this optional data`
			`to further identify a target user identity that Enterprise Identity Mapping`
			`(EIM) APIs can use during a mapping lookup operation to further refine the`
			`search for the target user identity that is the object of the operation.</p>`
			`<p>In this release you can provide <em>optional</em> data called lookup information`
			`to further identify a target user identity. This target user identity can`
			`be specified either in an identifier association or in a policy association.`
			`Lookup information is a unique character string that either the <samp class="codeph">eimGetTargetFromSource</samp> EIM`
			`API or the <samp class="codeph">eimGetTargetFromIdentifier</samp> EIM API can use during`
			`a mapping lookup operation to further refine the search for the target user`
			`identity that is the object of the operation. Data that you specify for lookup`
			`information corresponds to the registry users additional information parameter`
			`for these EIM APIs. </p>`
			`<p>Lookup information is necessary only when a mapping lookup operation can`
			`return more than one target user identity. A mapping lookup operation can`
			`return multiple target user identities when one or more of the following situations`
			`exist: </p>`
			`<ul><li>An EIM identifier has multiple individual target associations to the same`
			`target registry. </li>`
			`<li>More than one EIM identifier has the same user identity specified in a`
			`source association and each of these EIM identifiers has a target association`
			`to the same target registry, although the user identity specified for each`
			`target association may be different.</li>`
			`<li>More than one default domain policy association specifies the same target`
			`registry.</li>`
			`<li>More than one default registry policy association specifies the same source`
			`registry and the same target registry.</li>`
			`<li>More than one certificate filter policy association specifies the same`
			`source X.509 registry, certificate filter, and target registry.</li>`
			`</ul>`
			`<div class="note"><span class="notetitle">Note:</span> A mapping lookup operation that returns more than one target user identity`
			`can create problems for EIM-enabled applications, including i5/OS™ applications`
			`and products, that are not designed to handle these ambiguous results. However,`
			`base i5/OS applications`
			`such as iSeries™ Access`
			`for Windows<sup>®</sup> can`
			`not use lookup information to distinguish among multiple target user identities`
			`returned by a lookup operation. Consequently, you might consider redefining`
			`associations for the domain to ensure that a mapping lookup operation can`
			`return a single target user identity to ensure that base i5/OS applications`
			`can successfully perform lookup operations and map identities.</div>`
			`<p>You can use lookup information to avoid situations where it is possible`
			`for mapping lookup operations to return more than one target user identity.`
			`To prevent mapping lookup operations from returning multiple target user identities,`
			`you must define unique lookup information for each target user identity in`
			`each association. This lookup information must be provided to the mapping`
			`lookup operation to ensure that the operation can return a unique target user`
			`identity. Otherwise, applications that rely on EIM may not be able to determine`
			`the exact target identity to use. </p>`
			`<p>For example, you have an EIM identifier named <samp class="codeph">John Day</samp> who`
			`has two user profiles on System A. One of these user profiles is <samp class="codeph">JDUSER</samp> on`
			`System A and another is <samp class="codeph">JDSECADM</samp>, which has security administrator`
			`special authority. There are two target association for the John Day identifier.`
			`One of these target associations is for the <samp class="codeph">JDUSER</samp> user identity`
			`in the target registry of <samp class="codeph">System_A</samp> and has lookup information`
			`of <samp class="codeph">user authority</samp> specified for <samp class="codeph">JDUSER</samp>.`
			`The other target association is for the <samp class="codeph">JDSECADM</samp> user identity`
			`in the target registry of <samp class="codeph">System_A</samp> and has lookup information`
			`of <samp class="codeph">security officer</samp> specified for <samp class="codeph">JDSECADM</samp>. </p>`
			`<p>If a mapping lookup operation does not specify any lookup information,`
			`the lookup operation returns both the <samp class="codeph">JDUSER</samp> and the<samp class="codeph">JDSECADM</samp> user`
			`identities. If a mapping lookup operation specifies lookup information of <samp class="codeph">user`
			`authority</samp>, the lookup operation returns the <samp class="codeph">JDUSER</samp> user`
			`identity only. If a mapping lookup operation specifies lookup information`
			`of <samp class="codeph">security officer</samp>, the lookup operation returns the <samp class="codeph">JDSECADM</samp> user`
			`identity only. </p>`
			`<div class="note"><span class="notetitle">Note:</span> If you delete the last target association for a user identity (whether`
			`it is an identifier association or a policy association), the target user`
			`identity and all lookup information is deleted from the domain as well. </div>`
			`<p>Because you can use certificate policy associations and other associations`
			`in a variety of overlapping ways, you should have a thorough understanding`
			`of both EIM <a href="rzalv_map_pol_support.htm#rzalv_map_pol_support">mapping policy support</a> and how <a href="rzalveservereimmaplookup.htm#rzalveservereimmaplookup">lookup operations</a> work before you create and use certificate`
			`policy associations.</p>`
			`</div>`
			`<div>`
			`<div class="familylinks">`
			`<div class="parentlink"><strong>Parent topic:</strong> <a href="rzalveserverassoc.htm" title="This information explains how you can use associating identities in different user registries.">EIM associations</a></div>`
			`</div>`
			`</div>`
			`</body>`
			`</html>`