ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzalv_5.4.0.1/rzalveserverregistry.htm

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
  PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="EIM registry definitions" />
<meta name="abstract" content="This information explains how you can create a registry definition to hold all your user registries for a system." />
<meta name="description" content="This information explains how you can create a registry definition to hold all your user registries for a system." />
<meta name="DC.Relation" scheme="URI" content="rzalveserverdomain.htm" />
<meta name="DC.Relation" scheme="URI" content="rzalveservercncpts.htm" />
<meta name="DC.Relation" scheme="URI" content="rzalvsysregdef.htm" />
<meta name="DC.Relation" scheme="URI" content="rzalveserverracf.htm" />
<meta name="DC.Relation" scheme="URI" content="rzalvgroupregistrydef.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2002, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2002, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzalveserverregistry" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>EIM registry definitions</title>
</head>
<body id="rzalveserverregistry"><a name="rzalveserverregistry"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">EIM registry definitions</h1>
<div><p>This information explains how you can create a registry definition
to hold all your user registries for a system.</p>
<p>An Enterprise Identity Mapping (EIM) <em>registry definition</em> is an entry
within EIM that you create to represent an actual user registry that exists
on a system within the enterprise. A user registry operates like a directory
and contains a list of valid user identities for a particular system or application.
A basic user registry contains user identities and their passwords. One example
of a user registry is the z/OS<sup>®</sup> Security Server Resource Access Control Facility
(RACF<sup>®</sup>)
registry. User registries can contain other information as well. For example,
a Lightweight Directory Access Protocol (LDAP) directory contains bind distinguished
names, passwords, and access controls to data that is stored in LDAP. Other
examples of common user registries are the principals in a Kerberos realm
or user identities in an Windows<sup>®</sup> Active Directory domain, and
the i5/OS™ user
profiles registry.</p>
<p>You can also define user registries that exist within other user registries.
Some applications use a subset of user identities within a single instance
of a user registry. For example, the z/OS Security Server (RACF) registry
can contain specific user registries that are a subset of users within the
overall RACF user
registry. </p>
<p>EIM registry definitions provide information regarding those user registries
in an enterprise. The administrator defines these registries to EIM by providing
the following information:</p>
<ul><li>A unique, arbitrary EIM registry name. <span class="br">Each registry
definition represents a specific instance of a user registry. Consequently,
you should choose an EIM registry definition name that helps you to identify
the particular instance of the user registry. For example, you could choose
the TCP/IP host name for a system user registry, or the host name combined
with the name of the application for an application user registry. You can
use any combination of alphanumeric characters, mixed case, and spaces to
create unique EIM registry definition names. </span></li>
<li>The type of user registry. <span class="br">There are a number of
predefined user registry types that EIM provides to cover most operating system
user registries. These include:</span><ul><li>AIX<sup>®</sup> </li>
<li>Domino<sup>®</sup> -
long name </li>
<li><img src="./delta.gif" alt="Start of change" />Domino -
short name <img src="./deltaend.gif" alt="End of change" /></li>
<li>Kerberos </li>
<li>Kerberos - case sensitive </li>
<li>LDAP </li>
<li>- LDAP - short name </li>
<li>Linux<sup>®</sup> </li>
<li>Novell Directory Server</li>
<li><img src="./delta.gif" alt="Start of change" />- Other <img src="./deltaend.gif" alt="End of change" /></li>
<li><img src="./delta.gif" alt="Start of change" />- Other - case sensitive <img src="./deltaend.gif" alt="End of change" /></li>
<li><img src="./delta.gif" alt="Start of change" />i5/OS (or OS/400<sup>®</sup>) <img src="./deltaend.gif" alt="End of change" /></li>
<li>Tivoli<sup>®</sup> Access
Manager </li>
<li>RACF </li>
<li>Windows -
local</li>
<li>Windows domain
(Kerberos) (This type is case sensitive.)</li>
<li>X.509</li>
</ul>
<div class="note"><span class="notetitle">Note:</span> Although the predefined registry definition types cover most operating
system user registries, you may need to create a registry definition for which
EIM does not include a predefined registry type. You have two options in this
situation. You can either use an existing registry definition which matches
the characteristics of your user registry or you can <a href="rzalvadmindefinereg.htm">define a private user registry type</a>. For example in Figure
6, the administrator followed the process required and defined the type of
registry as <samp class="codeph">WebSphere LTPA</samp> for the <samp class="codeph">System_A_WAS</samp> application
registry definition.</div>
</li>
</ul>
<p>In Figure 6, the administrator created EIM system registry definitions
for user registries representing System A, System B, System C, and a Windows Active
Directory that contains users' Kerberos principals with which users log into
their desk top workstations. In addition, the administrator created an application
registry definition for WebSphere<sup>®</sup> (R) Lightweight Third-Party Authentication
(LTPA), which runs on System A. The registry definition name that the administrator
uses helps to identify the specific occurrence of the type of user registry.
For example, an IP address or host name is often sufficient for many types
of user registries. In this example, the administrator uses <samp class="codeph">System_A_WAS</samp> as
the application registry definition name to identify this specific instance
of the WebSphere LTPA
application. He also specifies that the parent system registry for the application
registry definition is the <samp class="codeph">System_A</samp> registry.</p>
<p><strong>Figure 6:</strong> EIM registry definitions for five user registries in an
enterprise</p>
<p><br /><img src="rzalv510.gif" alt="Example of EIM registry definitions" /><br /></p>
<div class="note"><span class="notetitle">Note:</span> To further reduce the need to manage user passwords, the administrator
in Figure 6 sets the i5/OS user profile passwords on System A and on System
C to *NONE. The administrator in this case is configuring a single signon
environment and the only application that his users work with are EIM-enabled
applications such as iSeries™ Navigator. Consequently, the administrator
wants to remove the passwords from their i5/OS user profiles so that both the users
and he have fewer passwords to manage.</div>
</div>
<div>
<ul class="ullinks">
<li class="ulchildlink"><strong><a href="rzalvsysregdef.htm">System registry definitions</a></strong><br />
Use this information to learn about creating a user registry for particular systems.</li>
<li class="ulchildlink"><strong><a href="rzalveserverracf.htm">Application registry definitions</a></strong><br />
Use this information to learn how to create users registries for certain applications.</li>
<li class="ulchildlink"><strong><a href="rzalvgroupregistrydef.htm">Group registry definitions</a></strong><br />
Use this information to learn about creating a group registry definition in an EIM domain that describes and represent a group of registry definitions.</li>
</ul>

<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzalveservercncpts.htm" title="Use this information learn about important EIM concepts that you need to understand to implement EIM successfully.">Enterprise Identity Mapping concepts</a></div>
</div>
<div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="rzalveserverdomain.htm" title="This information explains how to use a domain to store all your identifiers.">EIM domain</a></div>
</div>
</div>
</body>
</html>
Add readme and dist folders 2024-04-02 14:02:31 +00:00			`<?xml version="1.0" encoding="UTF-8"?>`
			`<!DOCTYPE html`
			`PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">`
			`<html lang="en-us" xml:lang="en-us">`
			`<head>`
			`<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />`
			`<meta name="security" content="public" />`
			`<meta name="Robots" content="index,follow" />`
			`<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />`
			`<meta name="DC.Type" content="concept" />`
			`<meta name="DC.Title" content="EIM registry definitions" />`
			`<meta name="abstract" content="This information explains how you can create a registry definition to hold all your user registries for a system." />`
			`<meta name="description" content="This information explains how you can create a registry definition to hold all your user registries for a system." />`
			`<meta name="DC.Relation" scheme="URI" content="rzalveserverdomain.htm" />`
			`<meta name="DC.Relation" scheme="URI" content="rzalveservercncpts.htm" />`
			`<meta name="DC.Relation" scheme="URI" content="rzalvsysregdef.htm" />`
			`<meta name="DC.Relation" scheme="URI" content="rzalveserverracf.htm" />`
			`<meta name="DC.Relation" scheme="URI" content="rzalvgroupregistrydef.htm" />`
			`<meta name="copyright" content="(C) Copyright IBM Corporation 2002, 2006" />`
			`<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2002, 2006" />`
			`<meta name="DC.Format" content="XHTML" />`
			`<meta name="DC.Identifier" content="rzalveserverregistry" />`
			`<meta name="DC.Language" content="en-us" />`
			`<!-- All rights reserved. Licensed Materials Property of IBM -->`
			`<!-- US Government Users Restricted Rights -->`
			`<!-- Use, duplication or disclosure restricted by -->`
			`<!-- GSA ADP Schedule Contract with IBM Corp. -->`
			`<link rel="stylesheet" type="text/css" href="./ibmdita.css" />`
			`<link rel="stylesheet" type="text/css" href="./ic.css" />`
			`<title>EIM registry definitions</title>`
			`</head>`
			`<body id="rzalveserverregistry"><a name="rzalveserverregistry"><!-- --></a>`
			`<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>`
			`<h1 class="topictitle1">EIM registry definitions</h1>`
			`<div><p>This information explains how you can create a registry definition`
			`to hold all your user registries for a system.</p>`
			`<p>An Enterprise Identity Mapping (EIM) <em>registry definition</em> is an entry`
			`within EIM that you create to represent an actual user registry that exists`
			`on a system within the enterprise. A user registry operates like a directory`
			`and contains a list of valid user identities for a particular system or application.`
			`A basic user registry contains user identities and their passwords. One example`
			`of a user registry is the z/OS<sup>®</sup> Security Server Resource Access Control Facility`
			`(RACF<sup>®</sup>)`
			`registry. User registries can contain other information as well. For example,`
			`a Lightweight Directory Access Protocol (LDAP) directory contains bind distinguished`
			`names, passwords, and access controls to data that is stored in LDAP. Other`
			`examples of common user registries are the principals in a Kerberos realm`
			`or user identities in an Windows<sup>®</sup> Active Directory domain, and`
			`the i5/OS™ user`
			`profiles registry.</p>`
			`<p>You can also define user registries that exist within other user registries.`
			`Some applications use a subset of user identities within a single instance`
			`of a user registry. For example, the z/OS Security Server (RACF) registry`
			`can contain specific user registries that are a subset of users within the`
			`overall RACF user`
			`registry. </p>`
			`<p>EIM registry definitions provide information regarding those user registries`
			`in an enterprise. The administrator defines these registries to EIM by providing`
			`the following information:</p>`
			`<ul><li>A unique, arbitrary EIM registry name. <span class="br">Each registry`
			`definition represents a specific instance of a user registry. Consequently,`
			`you should choose an EIM registry definition name that helps you to identify`
			`the particular instance of the user registry. For example, you could choose`
			`the TCP/IP host name for a system user registry, or the host name combined`
			`with the name of the application for an application user registry. You can`
			`use any combination of alphanumeric characters, mixed case, and spaces to`
			`create unique EIM registry definition names. </span></li>`
			`<li>The type of user registry. <span class="br">There are a number of`
			`predefined user registry types that EIM provides to cover most operating system`
			`user registries. These include:</span><ul><li>AIX<sup>®</sup> </li>`
			`<li>Domino<sup>®</sup> -`
			`long name </li>`
			`<li><img src="./delta.gif" alt="Start of change" />Domino -`
			`short name <img src="./deltaend.gif" alt="End of change" /></li>`
			`<li>Kerberos </li>`
			`<li>Kerberos - case sensitive </li>`
			`<li>LDAP </li>`
			`<li>- LDAP - short name </li>`
			`<li>Linux<sup>®</sup> </li>`
			`<li>Novell Directory Server</li>`
			`<li><img src="./delta.gif" alt="Start of change" />- Other <img src="./deltaend.gif" alt="End of change" /></li>`
			`<li><img src="./delta.gif" alt="Start of change" />- Other - case sensitive <img src="./deltaend.gif" alt="End of change" /></li>`
			`<li><img src="./delta.gif" alt="Start of change" />i5/OS (or OS/400<sup>®</sup>) <img src="./deltaend.gif" alt="End of change" /></li>`
			`<li>Tivoli<sup>®</sup> Access`
			`Manager </li>`
			`<li>RACF </li>`
			`<li>Windows -`
			`local</li>`
			`<li>Windows domain`
			`(Kerberos) (This type is case sensitive.)</li>`
			`<li>X.509</li>`
			`</ul>`
			`<div class="note"><span class="notetitle">Note:</span> Although the predefined registry definition types cover most operating`
			`system user registries, you may need to create a registry definition for which`
			`EIM does not include a predefined registry type. You have two options in this`
			`situation. You can either use an existing registry definition which matches`
			`the characteristics of your user registry or you can <a href="rzalvadmindefinereg.htm">define a private user registry type</a>. For example in Figure`
			`6, the administrator followed the process required and defined the type of`
			`registry as <samp class="codeph">WebSphere LTPA</samp> for the <samp class="codeph">System_A_WAS</samp> application`
			`registry definition.</div>`
			`</li>`
			`</ul>`
			`<p>In Figure 6, the administrator created EIM system registry definitions`
			`for user registries representing System A, System B, System C, and a Windows Active`
			`Directory that contains users' Kerberos principals with which users log into`
			`their desk top workstations. In addition, the administrator created an application`
			`registry definition for WebSphere<sup>®</sup> (R) Lightweight Third-Party Authentication`
			`(LTPA), which runs on System A. The registry definition name that the administrator`
			`uses helps to identify the specific occurrence of the type of user registry.`
			`For example, an IP address or host name is often sufficient for many types`
			`of user registries. In this example, the administrator uses <samp class="codeph">System_A_WAS</samp> as`
			`the application registry definition name to identify this specific instance`
			`of the WebSphere LTPA`
			`application. He also specifies that the parent system registry for the application`
			`registry definition is the <samp class="codeph">System_A</samp> registry.</p>`
			`<p><strong>Figure 6:</strong> EIM registry definitions for five user registries in an`
			`enterprise</p>`
			`<p><br /><img src="rzalv510.gif" alt="Example of EIM registry definitions" /><br /></p>`
			`<div class="note"><span class="notetitle">Note:</span> To further reduce the need to manage user passwords, the administrator`
			`in Figure 6 sets the i5/OS user profile passwords on System A and on System`
			`C to *NONE. The administrator in this case is configuring a single signon`
			`environment and the only application that his users work with are EIM-enabled`
			`applications such as iSeries™ Navigator. Consequently, the administrator`
			`wants to remove the passwords from their i5/OS user profiles so that both the users`
			`and he have fewer passwords to manage.</div>`
			`</div>`
			`<div>`
			`<ul class="ullinks">`
			`<li class="ulchildlink"><strong><a href="rzalvsysregdef.htm">System registry definitions</a></strong><br />`
			`Use this information to learn about creating a user registry for particular systems.</li>`
			`<li class="ulchildlink"><strong><a href="rzalveserverracf.htm">Application registry definitions</a></strong><br />`
			`Use this information to learn how to create users registries for certain applications.</li>`
			`<li class="ulchildlink"><strong><a href="rzalvgroupregistrydef.htm">Group registry definitions</a></strong><br />`
			`Use this information to learn about creating a group registry definition in an EIM domain that describes and represent a group of registry definitions.</li>`
			`</ul>`

			`<div class="familylinks">`
			`<div class="parentlink"><strong>Parent topic:</strong> <a href="rzalveservercncpts.htm" title="Use this information learn about important EIM concepts that you need to understand to implement EIM successfully.">Enterprise Identity Mapping concepts</a></div>`
			`</div>`
			`<div class="relconcepts"><strong>Related concepts</strong><br />`
			`<div><a href="rzalveserverdomain.htm" title="This information explains how to use a domain to store all your identifiers.">EIM domain</a></div>`
			`</div>`
			`</div>`
			`</body>`
			`</html>`