ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzalv_5.4.0.1/rzalvtestmappings.htm

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
  PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="task" />
<meta name="DC.Title" content="Test EIM mappings" />
<meta name="DC.Relation" scheme="URI" content="rzalvadmindomain.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2002, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2002, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzalvtestmappings" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Test EIM mappings</title>
</head>
<body id="rzalvtestmappings"><a name="rzalvtestmappings"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Test EIM mappings</h1>
<div><div class="section"><p>Enterprise Identity Mapping (EIM) mapping test support allows
you to issue EIM mapping <a href="rzalveservereimmaplookup.htm#rzalveservereimmaplookup">lookup
operations</a> against your EIM configuration. You can use the test to
verify that a specific source user identity maps correctly to the appropriate
target user identity. Such testing ensures that  EIM mapping lookup operations
can return the correct target user identity based on the specified  information.</p>
<p>To
use the test a mapping function to test your EIM configuration, you must be
connected to the EIM domain in which you want to work and you must have <a href="rzalveservereimauths.htm#rzalveservereimauths">EIM access control</a> at
one of these levels: </p>
<ul><li>EIM administrator</li>
<li>Identifier administrator</li>
<li>Registry administrator</li>
<li>EIM mapping lookup operations</li>
</ul>
<p>To use mapping test support to test your EIM configuration, complete
these steps:</p>
</div>
<ol><li class="stepexpand"><span>Expand <span class="uicontrol">Network &gt; Enterprise Identity Mapping &gt; Domain
Management</span>.</span></li>
<li class="stepexpand"><span>Select the EIM domain in which you want to work. </span> <ul><li>If the EIM domain you want to work with is not listed under <span class="uicontrol">Domain
Management</span>,	see <a href="rzalvadmindomainadd.htm#rzalvadmindomainadd">Add
an EIM domain to Domain Management</a>.</li>
<li>If you are not currently connected to the EIM domain in which you want
to work, see <a href="rzalvadmindomaincon.htm#rzalvadmindomaincon"> Connect
to the EIM domain controller</a>. </li>
</ul>
</li>
<li class="stepexpand"><span>Right-click the EIM domain to which you are connected and select <span class="uicontrol">Test
a Mapping...</span></span></li>
<li class="stepexpand"><span>In the <span class="uicontrol">Test a Mapping</span> dialog, specify the
following information:  </span><ol type="a"><li><span>In the <span class="uicontrol">Source registry</span> field, provide
the registry definition name that refers to the user registry that you want
to use as the source of the test mapping lookup operation.</span></li>
<li><span>In the <span class="uicontrol">Source user</span> field, provide the
user identity name that you want to use as the source of the test mapping
lookup operation.</span></li>
<li><span>In the <span class="uicontrol">Target registry</span> field, provide
the registry definition name that refers to the user registry that you want
to use as the target of the test mapping lookup operation.</span></li>
<li><span>Optional: In the <span class="uicontrol">Lookup information</span> field,
provide any lookup information defined for  the target user.</span></li>
</ol>
</li>
<li class="stepexpand"><span>Click <span class="uicontrol">Help</span>, if necessary, for more details
about what information is needed for each field in the dialog.</span></li>
<li class="stepexpand"><span>Click <span class="uicontrol">Test</span> and review the results of the
mapping lookup operation when they display.</span> <div class="note"><span class="notetitle">Note:</span> <img src="./delta.gif" alt="Start of change" />If
the mapping lookup operation returns ambiguous results, the Test a Mapping
- Results dialog is displayed indicating an error message and a list of the
target users that the lookup operation finds. <div class="p"><ol type="a"><li>To troubleshoot ambiguous results, select a target user and click <span class="uicontrol">Details</span>. </li>
<li>The Test a Mapping - Details dialog is displayed indicating information
about the mapping lookup operation results for the specified target user.
Click Help for more detailed information about the mapping lookup operation
results.</li>
<li>Click <span class="uicontrol">Close</span> to exit the <span class="uicontrol">Test a Mapping
- Results </span>dialog. </li>
</ol>
</div>
<img src="./deltaend.gif" alt="End of change" /></div>
</li>
<li class="stepexpand"><span>Continue testing your configuration, or click <span class="uicontrol">Close</span> to
exit.</span></li>
</ol>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzalvadmindomain.htm" title="This information explains how to manage your Enterprise Identity Mapping (EIM) domains and EIM domain properties.">Manage Enterprise Identity Mapping domains</a></div>
</div>
</div><div class="nested1" xml:lang="en-us" id="workingwithtestresults"><a name="workingwithtestresults"><!-- --></a><h2 class="topictitle2">Working with test results and resolving problems</h2>
<div><div class="section"><p>When the test runs, a target user identity is returned if the
test process finds an association between the source user identity and target
user registry that the administrator supplied. The test also indicates the
type of association that it found between the two user identities. When the
test process does not find an association based on the information supplied,
the test returns a target user identity of <tt>none</tt>.</p>
<p>The test,
like any EIM mapping lookup operation, searches for and returns the first
appropriate target user identity, by searching in the following order:</p>
</div>
<ol><li><span>Specific identifier association</span></li>
<li><span>Certificate filter policy association</span></li>
<li><span>Default registry policy association</span></li>
<li><span>Default domain policy association</span></li>
</ol>
<div class="section"><p>In some cases, the test returns no target user identity results
although associations are configured for the domain. Verify that you supplied
the correct information for the test. If the information is correct and the
test returns no results, then the problem may be caused by one of the following:</p>
<ul><li>Policy association support is not enabled at the domain level. You may
need to <a href="rzalvenablepoliciesfordomain.htm#enablepolicyfordomain">enable
policy associations for a domain</a>.</li>
<li>Mapping lookup support or policy association support is not enabled at
the individual registry level. You may need to <a href="rzalvenablepoliciesforregistry.htm#enable_policies_for_registry">enable
mapping lookup support and the use of policy associations for the target registry</a>. </li>
<li>A target or source association for an EIM identifier is not configured
correctly. For example, there is no source association for the Kerberos principal
(or windows user) or it is incorrect. Or, the target association specifies
an incorrect user identity. <a href="rzalvdsplyallidentassocs.htm#dsply_all_ident_assoc">Display
all identifier associations for an EIM identifier</a> to verify associations
for a specific identifier.</li>
<li>A policy association is not configured correctly. <a href="rzalvdsplyallpoliciesdomain.htm#dsply_all_policy_assoc_domain">Display
all policy associations for a domain</a> to verify source and target information
for all policy associations defined in the domain.</li>
<li>The registry definition and user identities do not match because of case
sensitivity. You can delete and re-create the registry, or delete and re-create
the association with the proper case.</li>
</ul>
<p>In other cases, the test may have ambiguous results. In such a case,
an error message indicating this displays. The test returns ambiguous results
when more than one target user identity matches the specified test criteria.
 A mapping lookup operation can return multiple target user identities when
one or more of the following situations exist:  </p>
<ul><li>An EIM identifier has multiple individual target associations to the same
target registry. </li>
<li>More than one EIM identifier has the same user identity specified in a
source association and each of these EIM identifiers has a target association
to the same target registry, although the user identity specified for each
target association may be different.</li>
<li>More than one default domain policy association specifies the same target
registry.</li>
<li>More than one default registry policy association specifies the same source
registry and the same target registry.</li>
<li>More than one certificate filter policy association specifies the same
source X.509 registry, certificate filter, and target registry.</li>
</ul>
<p>A mapping lookup operation that returns more than one target user
identity can create problems for EIM-enabled applications, including i5/OS™ applications
and products. Consequently, you need to determine the cause of the ambiguous
results and what action needs to be taken to resolve the situation. Depending
on the cause, you can do one or more of the following:</p>
<ul><li>The test returns unwanted multiple target identities. This indicates that
association configuration for the domain is not correct, due to one of the
following: <ul><li>A target or source association for an EIM identifier is not configured
correctly. For example, there is no source association for the Kerberos principal
(or windows user) or it is incorrect. Or, the target association specifies
an incorrect user identity. <a href="rzalvdsplyallidentassocs.htm#dsply_all_ident_assoc">Display
all identifier associations for an EIM identifier</a> to verify associations
for a specific identifier.</li>
<li>A policy association is not configured correctly. <a href="rzalvdsplyallpoliciesdomain.htm#dsply_all_policy_assoc_domain">Display
all policy associations for a domain</a> to verify source and target information
for all policy associations defined in the domain.</li>
</ul>
</li>
<li>The test returns multiple target user identities and these results are
appropriate for the way you configured associations, then you need to specify <a href="rzalvlookupinfodef.htm#lookup_info_def">lookup information</a> for
each target user identity. You need to define unique lookup information for
all target user identities that have the same source (either an EIM identifier
for identifier associations or a source user registry for policy associations).
By defining lookup information for each target user identity, you ensure that
a lookup operation returns a single target user identity rather than all possible
target user identities. See <a href="rzalvaddlookupinfo.htm#add_lookup_info">Add
lookup information to a target user identity</a>. You must specify this
lookup information about the mapping lookup operation.<div class="note"><span class="notetitle">Note:</span> This
approach only works if the application is enabled to use the lookup information.
However, base i5/OS applications
such as iSeries™ Access
for Windows<sup>®</sup> can
not use lookup information to distinguish among multiple target user identities
returned by a lookup operation. Consequently, you might consider redefining
associations for the domain to ensure that a mapping lookup operation can
return a single target user identity to ensure that base i5/OS applications
can successfully perform lookup operations and map identities.</div>
</li>
</ul>
<p>For additional information about potential mapping problems and solutions
in additional to those described here, see <a href="rzalv_trouble_mappings.htm#rzalv_trouble_mappings">Troubleshoot EIM mapping problems</a>.</p>
</div>
</div>
</div>

</body>
</html>
Add readme and dist folders 2024-04-02 14:02:31 +00:00			`<?xml version="1.0" encoding="UTF-8"?>`
			`<!DOCTYPE html`
			`PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">`
			`<html lang="en-us" xml:lang="en-us">`
			`<head>`
			`<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />`
			`<meta name="security" content="public" />`
			`<meta name="Robots" content="index,follow" />`
			`<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />`
			`<meta name="DC.Type" content="task" />`
			`<meta name="DC.Title" content="Test EIM mappings" />`
			`<meta name="DC.Relation" scheme="URI" content="rzalvadmindomain.htm" />`
			`<meta name="copyright" content="(C) Copyright IBM Corporation 2002, 2006" />`
			`<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2002, 2006" />`
			`<meta name="DC.Format" content="XHTML" />`
			`<meta name="DC.Identifier" content="rzalvtestmappings" />`
			`<meta name="DC.Language" content="en-us" />`
			`<!-- All rights reserved. Licensed Materials Property of IBM -->`
			`<!-- US Government Users Restricted Rights -->`
			`<!-- Use, duplication or disclosure restricted by -->`
			`<!-- GSA ADP Schedule Contract with IBM Corp. -->`
			`<link rel="stylesheet" type="text/css" href="./ibmdita.css" />`
			`<link rel="stylesheet" type="text/css" href="./ic.css" />`
			`<title>Test EIM mappings</title>`
			`</head>`
			`<body id="rzalvtestmappings"><a name="rzalvtestmappings"><!-- --></a>`
			`<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>`
			`<h1 class="topictitle1">Test EIM mappings</h1>`
			`<div><div class="section"><p>Enterprise Identity Mapping (EIM) mapping test support allows`
			`you to issue EIM mapping <a href="rzalveservereimmaplookup.htm#rzalveservereimmaplookup">lookup`
			`operations</a> against your EIM configuration. You can use the test to`
			`verify that a specific source user identity maps correctly to the appropriate`
			`target user identity. Such testing ensures that EIM mapping lookup operations`
			`can return the correct target user identity based on the specified information.</p>`
			`<p>To`
			`use the test a mapping function to test your EIM configuration, you must be`
			`connected to the EIM domain in which you want to work and you must have <a href="rzalveservereimauths.htm#rzalveservereimauths">EIM access control</a> at`
			`one of these levels: </p>`
			`<ul><li>EIM administrator</li>`
			`<li>Identifier administrator</li>`
			`<li>Registry administrator</li>`
			`<li>EIM mapping lookup operations</li>`
			`</ul>`
			`<p>To use mapping test support to test your EIM configuration, complete`
			`these steps:</p>`
			`</div>`
			`<ol><li class="stepexpand"><span>Expand <span class="uicontrol">Network > Enterprise Identity Mapping > Domain`
			`Management</span>.</span></li>`
			`<li class="stepexpand"><span>Select the EIM domain in which you want to work. </span> <ul><li>If the EIM domain you want to work with is not listed under <span class="uicontrol">Domain`
			`Management</span>, see <a href="rzalvadmindomainadd.htm#rzalvadmindomainadd">Add`
			`an EIM domain to Domain Management</a>.</li>`
			`<li>If you are not currently connected to the EIM domain in which you want`
			`to work, see <a href="rzalvadmindomaincon.htm#rzalvadmindomaincon"> Connect`
			`to the EIM domain controller</a>. </li>`
			`</ul>`
			`</li>`
			`<li class="stepexpand"><span>Right-click the EIM domain to which you are connected and select <span class="uicontrol">Test`
			`a Mapping...</span></span></li>`
			`<li class="stepexpand"><span>In the <span class="uicontrol">Test a Mapping</span> dialog, specify the`
			`following information: </span><ol type="a"><li><span>In the <span class="uicontrol">Source registry</span> field, provide`
			`the registry definition name that refers to the user registry that you want`
			`to use as the source of the test mapping lookup operation.</span></li>`
			`<li><span>In the <span class="uicontrol">Source user</span> field, provide the`
			`user identity name that you want to use as the source of the test mapping`
			`lookup operation.</span></li>`
			`<li><span>In the <span class="uicontrol">Target registry</span> field, provide`
			`the registry definition name that refers to the user registry that you want`
			`to use as the target of the test mapping lookup operation.</span></li>`
			`<li><span>Optional: In the <span class="uicontrol">Lookup information</span> field,`
			`provide any lookup information defined for the target user.</span></li>`
			`</ol>`
			`</li>`
			`<li class="stepexpand"><span>Click <span class="uicontrol">Help</span>, if necessary, for more details`
			`about what information is needed for each field in the dialog.</span></li>`
			`<li class="stepexpand"><span>Click <span class="uicontrol">Test</span> and review the results of the`
			`mapping lookup operation when they display.</span> <div class="note"><span class="notetitle">Note:</span> <img src="./delta.gif" alt="Start of change" />If`
			`the mapping lookup operation returns ambiguous results, the Test a Mapping`
			`- Results dialog is displayed indicating an error message and a list of the`
			`target users that the lookup operation finds. <div class="p"><ol type="a"><li>To troubleshoot ambiguous results, select a target user and click <span class="uicontrol">Details</span>. </li>`
			`<li>The Test a Mapping - Details dialog is displayed indicating information`
			`about the mapping lookup operation results for the specified target user.`
			`Click Help for more detailed information about the mapping lookup operation`
			`results.</li>`
			`<li>Click <span class="uicontrol">Close</span> to exit the <span class="uicontrol">Test a Mapping`
			`- Results </span>dialog. </li>`
			`</ol>`
			`</div>`
			`<img src="./deltaend.gif" alt="End of change" /></div>`
			`</li>`
			`<li class="stepexpand"><span>Continue testing your configuration, or click <span class="uicontrol">Close</span> to`
			`exit.</span></li>`
			`</ol>`
			`</div>`
			`<div>`
			`<div class="familylinks">`
			`<div class="parentlink"><strong>Parent topic:</strong> <a href="rzalvadmindomain.htm" title="This information explains how to manage your Enterprise Identity Mapping (EIM) domains and EIM domain properties.">Manage Enterprise Identity Mapping domains</a></div>`
			`</div>`
			`</div><div class="nested1" xml:lang="en-us" id="workingwithtestresults"><a name="workingwithtestresults"><!-- --></a><h2 class="topictitle2">Working with test results and resolving problems</h2>`
			`<div><div class="section"><p>When the test runs, a target user identity is returned if the`
			`test process finds an association between the source user identity and target`
			`user registry that the administrator supplied. The test also indicates the`
			`type of association that it found between the two user identities. When the`
			`test process does not find an association based on the information supplied,`
			`the test returns a target user identity of <tt>none</tt>.</p>`
			`<p>The test,`
			`like any EIM mapping lookup operation, searches for and returns the first`
			`appropriate target user identity, by searching in the following order:</p>`
			`</div>`
			`<ol><li><span>Specific identifier association</span></li>`
			`<li><span>Certificate filter policy association</span></li>`
			`<li><span>Default registry policy association</span></li>`
			`<li><span>Default domain policy association</span></li>`
			`</ol>`
			`<div class="section"><p>In some cases, the test returns no target user identity results`
			`although associations are configured for the domain. Verify that you supplied`
			`the correct information for the test. If the information is correct and the`
			`test returns no results, then the problem may be caused by one of the following:</p>`
			`<ul><li>Policy association support is not enabled at the domain level. You may`
			`need to <a href="rzalvenablepoliciesfordomain.htm#enablepolicyfordomain">enable`
			`policy associations for a domain</a>.</li>`
			`<li>Mapping lookup support or policy association support is not enabled at`
			`the individual registry level. You may need to <a href="rzalvenablepoliciesforregistry.htm#enable_policies_for_registry">enable`
			`mapping lookup support and the use of policy associations for the target registry</a>. </li>`
			`<li>A target or source association for an EIM identifier is not configured`
			`correctly. For example, there is no source association for the Kerberos principal`
			`(or windows user) or it is incorrect. Or, the target association specifies`
			`an incorrect user identity. <a href="rzalvdsplyallidentassocs.htm#dsply_all_ident_assoc">Display`
			`all identifier associations for an EIM identifier</a> to verify associations`
			`for a specific identifier.</li>`
			`<li>A policy association is not configured correctly. <a href="rzalvdsplyallpoliciesdomain.htm#dsply_all_policy_assoc_domain">Display`
			`all policy associations for a domain</a> to verify source and target information`
			`for all policy associations defined in the domain.</li>`
			`<li>The registry definition and user identities do not match because of case`
			`sensitivity. You can delete and re-create the registry, or delete and re-create`
			`the association with the proper case.</li>`
			`</ul>`
			`<p>In other cases, the test may have ambiguous results. In such a case,`
			`an error message indicating this displays. The test returns ambiguous results`
			`when more than one target user identity matches the specified test criteria.`
			`A mapping lookup operation can return multiple target user identities when`
			`one or more of the following situations exist: </p>`
			`<ul><li>An EIM identifier has multiple individual target associations to the same`
			`target registry. </li>`
			`<li>More than one EIM identifier has the same user identity specified in a`
			`source association and each of these EIM identifiers has a target association`
			`to the same target registry, although the user identity specified for each`
			`target association may be different.</li>`
			`<li>More than one default domain policy association specifies the same target`
			`registry.</li>`
			`<li>More than one default registry policy association specifies the same source`
			`registry and the same target registry.</li>`
			`<li>More than one certificate filter policy association specifies the same`
			`source X.509 registry, certificate filter, and target registry.</li>`
			`</ul>`
			`<p>A mapping lookup operation that returns more than one target user`
			`identity can create problems for EIM-enabled applications, including i5/OS™ applications`
			`and products. Consequently, you need to determine the cause of the ambiguous`
			`results and what action needs to be taken to resolve the situation. Depending`
			`on the cause, you can do one or more of the following:</p>`
			`<ul><li>The test returns unwanted multiple target identities. This indicates that`
			`association configuration for the domain is not correct, due to one of the`
			`following: <ul><li>A target or source association for an EIM identifier is not configured`
			`correctly. For example, there is no source association for the Kerberos principal`
			`(or windows user) or it is incorrect. Or, the target association specifies`
			`an incorrect user identity. <a href="rzalvdsplyallidentassocs.htm#dsply_all_ident_assoc">Display`
			`all identifier associations for an EIM identifier</a> to verify associations`
			`for a specific identifier.</li>`
			`<li>A policy association is not configured correctly. <a href="rzalvdsplyallpoliciesdomain.htm#dsply_all_policy_assoc_domain">Display`
			`all policy associations for a domain</a> to verify source and target information`
			`for all policy associations defined in the domain.</li>`
			`</ul>`
			`</li>`
			`<li>The test returns multiple target user identities and these results are`
			`appropriate for the way you configured associations, then you need to specify <a href="rzalvlookupinfodef.htm#lookup_info_def">lookup information</a> for`
			`each target user identity. You need to define unique lookup information for`
			`all target user identities that have the same source (either an EIM identifier`
			`for identifier associations or a source user registry for policy associations).`
			`By defining lookup information for each target user identity, you ensure that`
			`a lookup operation returns a single target user identity rather than all possible`
			`target user identities. See <a href="rzalvaddlookupinfo.htm#add_lookup_info">Add`
			`lookup information to a target user identity</a>. You must specify this`
			`lookup information about the mapping lookup operation.<div class="note"><span class="notetitle">Note:</span> This`
			`approach only works if the application is enabled to use the lookup information.`
			`However, base i5/OS applications`
			`such as iSeries™ Access`
			`for Windows<sup>®</sup> can`
			`not use lookup information to distinguish among multiple target user identities`
			`returned by a lookup operation. Consequently, you might consider redefining`
			`associations for the domain to ensure that a mapping lookup operation can`
			`return a single target user identity to ensure that base i5/OS applications`
			`can successfully perform lookup operations and map identities.</div>`
			`</li>`
			`</ul>`
			`<p>For additional information about potential mapping problems and solutions`
			`in additional to those described here, see <a href="rzalv_trouble_mappings.htm#rzalv_trouble_mappings">Troubleshoot EIM mapping problems</a>.</p>`
			`</div>`
			`</div>`
			`</div>`

			`</body>`
			`</html>`