ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamz_5.4.0.1/rzamzoptionalpostconfigurationconsiderations1a.htm

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
  PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="task" />
<meta name="DC.Title" content="(Optional) Post configuration considerations" />
<meta name="DC.Relation" scheme="URI" content="rzamzenablessoos400.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamzverifynetworkauthenticationserviceandeimconfiguration2.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzamzoptionalpostconfigurationconsiderations" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>(Optional) Post configuration considerations</title>
</head>
<body id="rzamzoptionalpostconfigurationconsiderations"><a name="rzamzoptionalpostconfigurationconsiderations"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">(Optional) Post configuration considerations</h1>
<div><div class="section">Now that you finished this scenario, the only EIM user you have defined
that EIM can use is the DN for the LDAP administrator. The LDAP administrator
DN that you specified for the system user on <span class="keyword">iSeries™</span> A
has a high level of authority to all data on the directory server. Therefore,
you might consider <a href="../rzahy/rzahyrzahywelpo.htm">creating</a> one or more DNs as additional users that have
more appropriate and limited <a href="../rzalv/rzalveservereimauths.htm">access control</a> for EIM data. The number of additional
EIM users that you define depends on your security policy's emphasis on the
separation of security duties and responsibilities. Typically, you might create
at least the two following types of DNs:<ul><li><strong>A user that has EIM administrator access control</strong><p>This EIM administrator
DN provides the appropriate level of authority for an administrator who is
responsible for managing the EIM domain.  This EIM administrator DN could
be used to connect to the domain controller when managing all aspects of the
EIM domain by means of  <span class="keyword">iSeries Navigator</span>.</p>
</li>
<li><strong>At least one user that has all of the following access controls</strong>:<ul><li>Identifier administrator</li>
<li>Registry administrator</li>
<li>EIM mapping operations</li>
</ul>
This user provides the appropriate level of access control required for
the system user that performs EIM operations on behalf of the operating system.</li>
</ul>
<div class="note"><span class="notetitle">Note:</span> To use this new DN for the system user instead of the LDAP administrator
DN, you must change the <a href="../rzalv/rzalvmanageconfigprops.htm">EIM configuration properties </a> for each system. For this
scenario, you need to change  the EIM configuration properties for any <span class="keyword">iSeries</span> systems you setup. See to learn
how to change the system user DN.</div>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamzenablessoos400.htm" title="View this scenario to learn how to configure network authentication service and EIM to create a single signon environment across multiple systems in an enterprise. This scenario expands on the concepts and tasks presented in the previous scenario which demonstrates how to create a simple single signon test environment.">Scenario: Enable single signon for i5/OS</a></div>
<div class="previouslink"><strong>Previous topic:</strong> <a href="rzamzverifynetworkauthenticationserviceandeimconfiguration2.htm">Verify network authentication service and EIM configuration</a></div>
</div>
</div>
</body>
</html>
Add readme and dist folders 2024-04-02 14:02:31 +00:00			`<?xml version="1.0" encoding="UTF-8"?>`
			`<!DOCTYPE html`
			`PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">`
			`<html lang="en-us" xml:lang="en-us">`
			`<head>`
			`<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />`
			`<meta name="security" content="public" />`
			`<meta name="Robots" content="index,follow" />`
			`<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />`
			`<meta name="DC.Type" content="task" />`
			`<meta name="DC.Title" content="(Optional) Post configuration considerations" />`
			`<meta name="DC.Relation" scheme="URI" content="rzamzenablessoos400.htm" />`
			`<meta name="DC.Relation" scheme="URI" content="rzamzverifynetworkauthenticationserviceandeimconfiguration2.htm" />`
			`<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />`
			`<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />`
			`<meta name="DC.Format" content="XHTML" />`
			`<meta name="DC.Identifier" content="rzamzoptionalpostconfigurationconsiderations" />`
			`<meta name="DC.Language" content="en-us" />`
			`<!-- All rights reserved. Licensed Materials Property of IBM -->`
			`<!-- US Government Users Restricted Rights -->`
			`<!-- Use, duplication or disclosure restricted by -->`
			`<!-- GSA ADP Schedule Contract with IBM Corp. -->`
			`<link rel="stylesheet" type="text/css" href="./ibmdita.css" />`
			`<link rel="stylesheet" type="text/css" href="./ic.css" />`
			`<title>(Optional) Post configuration considerations</title>`
			`</head>`
			`<body id="rzamzoptionalpostconfigurationconsiderations"><a name="rzamzoptionalpostconfigurationconsiderations"><!-- --></a>`
			`<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>`
			`<h1 class="topictitle1">(Optional) Post configuration considerations</h1>`
			`<div><div class="section">Now that you finished this scenario, the only EIM user you have defined`
			`that EIM can use is the DN for the LDAP administrator. The LDAP administrator`
			`DN that you specified for the system user on <span class="keyword">iSeries™</span> A`
			`has a high level of authority to all data on the directory server. Therefore,`
			`you might consider <a href="../rzahy/rzahyrzahywelpo.htm">creating</a> one or more DNs as additional users that have`
			`more appropriate and limited <a href="../rzalv/rzalveservereimauths.htm">access control</a> for EIM data. The number of additional`
			`EIM users that you define depends on your security policy's emphasis on the`
			`separation of security duties and responsibilities. Typically, you might create`
			`at least the two following types of DNs:<ul><li><strong>A user that has EIM administrator access control</strong><p>This EIM administrator`
			`DN provides the appropriate level of authority for an administrator who is`
			`responsible for managing the EIM domain. This EIM administrator DN could`
			`be used to connect to the domain controller when managing all aspects of the`
			`EIM domain by means of <span class="keyword">iSeries Navigator</span>.</p>`
			`</li>`
			`<li><strong>At least one user that has all of the following access controls</strong>:<ul><li>Identifier administrator</li>`
			`<li>Registry administrator</li>`
			`<li>EIM mapping operations</li>`
			`</ul>`
			`This user provides the appropriate level of access control required for`
			`the system user that performs EIM operations on behalf of the operating system.</li>`
			`</ul>`
			`<div class="note"><span class="notetitle">Note:</span> To use this new DN for the system user instead of the LDAP administrator`
			`DN, you must change the <a href="../rzalv/rzalvmanageconfigprops.htm">EIM configuration properties </a> for each system. For this`
			`scenario, you need to change the EIM configuration properties for any <span class="keyword">iSeries</span> systems you setup. See to learn`
			`how to change the system user DN.</div>`
			`</div>`
			`</div>`
			`<div>`
			`<div class="familylinks">`
			`<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamzenablessoos400.htm" title="View this scenario to learn how to configure network authentication service and EIM to create a single signon environment across multiple systems in an enterprise. This scenario expands on the concepts and tasks presented in the previous scenario which demonstrates how to create a simple single signon test environment.">Scenario: Enable single signon for i5/OS</a></div>`
			`<div class="previouslink"><strong>Previous topic:</strong> <a href="rzamzverifynetworkauthenticationserviceandeimconfiguration2.htm">Verify network authentication service and EIM configuration</a></div>`
			`</div>`
			`</div>`
			`</body>`
			`</html>`