friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
6290434003
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamz_5.4.0.1/rzamztesteimidentitymappings2.htm

267 lines
16 KiB
HTML
Raw Normal View History

Add readme and dist folders
2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="task" />
<meta name="DC.Title" content="Test EIM identity mappings" />
<meta name="DC.Relation" scheme="URI" content="rzamzenablessoos400.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamzenableregistriestoparticipateinlookupoperationsandtousepolicyassociations.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamzconfigureiseriesaccess1a.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzamztesteimidentitymappings" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Test EIM identity mappings</title>
</head>
<body id="rzamztesteimidentitymappings"><a name="rzamztesteimidentitymappings"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Test EIM identity mappings</h1>
<div><div class="section"><p>Now that you have created all the associations that you need,
you must verify that EIM mapping lookup operations return the correct results
based on the configured associations. For this scenario, you must test the
mappings used for the identifier associations for each of the administrators
and you must test the mappings used for the default registry policy associations.
To test the EIM mappings, follow these steps:</p>
<p><span class="uicontrol">Test mappings
for John Day</span></p>
<p>To test that identifier mappings work as expected
for John Day, follow these steps:</p>
</div>
<ol><li class="stepexpand"><span>In <span class="keyword">iSeries™ Navigator</span>, expand <span class="menucascade"><span class="uicontrol">iSeries A</span> &gt; <span class="uicontrol">Network</span> &gt; <span class="uicontrol">Enterprise
Identity Mapping</span> &gt; <span class="uicontrol">Domain Management</span> &gt; <span class="uicontrol">MyCoEimDomain</span></span>.</span> <div class="note"><span class="notetitle">Note:</span> You may be prompted to connect to the domain
controller. In that case, the <span class="uicontrol">Connect to EIM Domain Controller</span> dialog
is displayed. You must connect to the domain before you can perform actions
in it. To connect to the domain controller, provide the following information
and click <span class="uicontrol">OK</span>:<ul><li><span class="uicontrol">User type</span>: <tt>Distinguished name</tt></li>
<li><span class="uicontrol">Distinguished name</span>: <tt>cn=administrator</tt></li>
<li><span class="uicontrol">Password</span>: <tt>mycopwd</tt><div class="note"><span class="notetitle">Note:</span> Any and all passwords
specified in this scenario are for example purposes only. To prevent a compromise
to your system or network security, you should never use these passwords as
part of your own configuration.</div>
</li>
</ul>
</div>
</li>
<li class="stepexpand"><span>Right-click <span class="uicontrol">MyCoEimDomain</span> and select <span class="uicontrol">Test
a mapping...</span>.</span></li>
<li class="stepexpand"><span>On the <span class="uicontrol">Test a mapping</span> dialog, specify or <span class="uicontrol">Browse...</span> to
select the following information, and click <span class="uicontrol">Test</span>.</span> <ul><li><span class="uicontrol">Source registry</span>: <tt>MYCO.COM</tt></li>
<li><span class="uicontrol">Source user</span>: <tt>jday</tt></li>
<li><span class="uicontrol">Target registry</span>: <tt>ISERIESA.MYCO.COM</tt></li>
</ul>
</li>
<li class="stepexpand"><span>Results will display in the <span class="uicontrol">Mapping found</span> portion
of the page, as follows:</span>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><thead align="left"><tr><th valign="top" id="d0e123">For these fields</th>
<th valign="top" id="d0e125">See these results</th>
</tr>
</thead>
<tbody><tr><td valign="top" headers="d0e123 ">Target user</td>
<td valign="top" headers="d0e125 ">JOHND</td>
</tr>
<tr><td valign="top" headers="d0e123 ">Origin</td>
<td valign="top" headers="d0e125 ">EIM Identifier: John Day</td>
</tr>
</tbody>
</table>
</div>
</li>
<li class="stepexpand"><span>Click <span class="uicontrol">Close</span>.</span> <div class="p">Repeat these
steps but select <tt>ISERIESB.MYCO.COM</tt> for the <span class="uicontrol">Target registry</span> field.
Results will display in the <span class="uicontrol">Mapping found</span> portion of
the page, as follows:
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><thead align="left"><tr><th valign="top" width="50%" id="d0e162">For these fields</th>
<th valign="top" width="50%" id="d0e164">See these results</th>
</tr>
</thead>
<tbody><tr><td valign="top" width="50%" headers="d0e162 ">Target user</td>
<td valign="top" width="50%" headers="d0e164 ">DAYJO</td>
</tr>
<tr><td valign="top" width="50%" headers="d0e162 ">Origin</td>
<td valign="top" width="50%" headers="d0e164 ">EIM Identifier: John Day</td>
</tr>
</tbody>
</table>
</div>
</div>
</li>
</ol>
<div class="section"><p><span class="uicontrol">Test mappings for Sharon Jones</span></p>
<p>To
test the mappings used for the individual associations for Sharon Jones, follow
these steps:</p>
<ol><li>In <span class="keyword">iSeries Navigator</span>, expand <span class="menucascade"><span class="uicontrol">iSeries A</span> &gt; <span class="uicontrol">Network</span> &gt; <span class="uicontrol">Enterprise
Identity Mapping</span> &gt; <span class="uicontrol">Domain Management</span> &gt; <span class="uicontrol">MyCoEimDomain</span></span>.<div class="note"><span class="notetitle">Note:</span> You may be prompted to connect to the domain controller.
In that case, the <span class="uicontrol">Connect to EIM Domain Controller</span> dialog
is displayed. You must connect to the domain before you can perform actions
in it. To connect to the domain controller, provide the following information
and click <span class="uicontrol">OK</span>:<ul><li><span class="uicontrol">User type</span>: <tt>Distinguished name</tt></li>
<li><span class="uicontrol">Distinguished name</span>: <tt>cn=administrator</tt></li>
<li><span class="uicontrol">Password</span>: <tt>mycopwd</tt><div class="note"><span class="notetitle">Note:</span> Any and all passwords
specified in this scenario are for example purposes only. To prevent a compromise
to your system or network security, you should never use these passwords as
part of your own configuration.</div>
</li>
</ul>
</div>
</li>
<li>Right-click <span class="uicontrol">MyCoEimDomain</span> and select <span class="uicontrol">Test
a mapping...</span>.</li>
<li>On the <span class="uicontrol">Test a mapping</span> dialog, specify or <span class="uicontrol">Browse...</span> to
select the following information, and click <span class="uicontrol">Test</span>:<ul><li><span class="uicontrol">Source registry</span>: <tt>MYCO.COM</tt></li>
<li><span class="uicontrol">Source user</span>: <tt>sjones</tt></li>
<li><span class="uicontrol">Target registry</span>: <tt>ISERIESA.MYCO.COM</tt></li>
</ul>
</li>
<li>Results will display in the <span class="uicontrol">Mapping found</span> portion
of the page, as follows:
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><thead align="left"><tr><th valign="top" width="50%" id="d0e283">For these fields</th>
<th valign="top" width="50%" id="d0e285">See these results</th>
</tr>
</thead>
<tbody><tr><td valign="top" width="50%" headers="d0e283 ">Target user</td>
<td valign="top" width="50%" headers="d0e285 ">SHARONJ</td>
</tr>
<tr><td valign="top" width="50%" headers="d0e283 ">Origin</td>
<td valign="top" width="50%" headers="d0e285 ">EIM Identifier: Sharon Jones</td>
</tr>
</tbody>
</table>
</div>
</li>
<li>Click <strong>Close</strong>.</li>
</ol>
<div class="p">Repeat these steps but select <tt>ISERIESB.MYCO.COM</tt> for the <span class="uicontrol">Target
registry</span> field. Results will display in the <span class="uicontrol">Mapping
found</span> portion of the page, as follows:
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><thead align="left"><tr><th valign="top" width="50%" id="d0e320">For these fields</th>
<th valign="top" width="50%" id="d0e322">See these results</th>
</tr>
</thead>
<tbody><tr><td valign="top" width="50%" headers="d0e320 ">Target user</td>
<td valign="top" width="50%" headers="d0e322 ">JONESSH</td>
</tr>
<tr><td valign="top" width="50%" headers="d0e320 ">Origin</td>
<td valign="top" width="50%" headers="d0e322 ">EIM Identifier: Sharon Jones</td>
</tr>
</tbody>
</table>
</div>
</div>
<p><strong>Test mappings used for default registry policy associations</strong></p>
<p>To
test that mappings work as expected for the users in the Order Receiving Department,
as based on the policy associations that you defined, follow these steps:</p>
<ol><li>In <span class="keyword">iSeries Navigator</span>, expand <span class="menucascade"><span class="uicontrol">iSeries A</span> &gt; <span class="uicontrol">Network</span> &gt; <span class="uicontrol">Enterprise
Identity Mapping</span> &gt; <span class="uicontrol">Domain Management</span> &gt; <span class="uicontrol">MyCoEimDomain</span></span>.<div class="note"><span class="notetitle">Note:</span> You may be prompted to connect to the domain controller.
In that case, the <span class="uicontrol">Connect to EIM Domain Controller</span> dialog
is displayed. You must connect to the domain before you can perform actions
in it. To connect to the domain controller, provide the following information
and click <span class="uicontrol">OK</span>:<ul><li><span class="uicontrol">User type</span>: <tt>Distinguished name</tt></li>
<li><span class="uicontrol">Distinguished name</span>: <tt>cn=administrator</tt></li>
<li><span class="uicontrol">Password</span>: <tt>mycopwd</tt><div class="note"><span class="notetitle">Note:</span> Any and all passwords
specified in this scenario are for example purposes only. To prevent a compromise
to your system or network security, you should never use these passwords as
part of your own configuration.</div>
</li>
</ul>
</div>
</li>
<li>Right-click <span class="uicontrol">MyCoEimDomain</span> and select <span class="uicontrol">Test
a mapping...</span>.</li>
<li>On the <span class="uicontrol">Test a mapping</span> dialog, specify or <span class="uicontrol">Browse...</span> to
select the following information, and click <span class="uicontrol">Test</span>:<ul><li><span class="uicontrol">Source registry</span>: <tt>MYCO.COM</tt></li>
<li><span class="uicontrol">Source user</span>: <tt>mmiller</tt></li>
<li><span class="uicontrol">Target registry</span>: <tt>ISERIESA.MYCO.COM</tt></li>
</ul>
</li>
<li>Results will display in the <span class="uicontrol">Mapping found</span> portion
of the page, as follows:
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><thead align="left"><tr><th valign="top" width="50%" id="d0e440">For these fields</th>
<th valign="top" width="50%" id="d0e442">See these results</th>
</tr>
</thead>
<tbody><tr><td valign="top" width="50%" headers="d0e440 ">Target user</td>
<td valign="top" width="50%" headers="d0e442 ">SYSUSERA</td>
</tr>
<tr><td valign="top" width="50%" headers="d0e440 ">Origin</td>
<td valign="top" width="50%" headers="d0e442 ">Registry policy association</td>
</tr>
</tbody>
</table>
</div>
</li>
<li>Click <span class="uicontrol">Close</span>.</li>
</ol>
<p><strong>To test the mappings used for the default registry policy association
that maps your users to the SYSUSERB profile on iSeries B, follow these steps:</strong></p>
<ol><li>In <span class="keyword">iSeries Navigator</span>, expand <span class="menucascade"><span class="uicontrol">iSeries A</span> &gt; <span class="uicontrol">Network</span> &gt; <span class="uicontrol">Enterprise
Identity Mapping</span> &gt; <span class="uicontrol">Domain Management</span> &gt; <span class="uicontrol">MyCoEimDomain</span></span><div class="note"><span class="notetitle">Note:</span> You may be prompted to connect to the domain controller.
In that case, the <span class="uicontrol">Connect to EIM Domain Controller</span> dialog
is displayed. You must connect to the domain before you can perform actions
in it. To connect to the domain controller, provide the following information
and click <span class="uicontrol">OK</span>:<ul><li><span class="uicontrol">User type</span>: <tt>Distinguished name</tt></li>
<li><span class="uicontrol">Distinguished name</span>: <tt>cn=administrator</tt></li>
<li><span class="uicontrol">Password</span>: <tt>mycopwd</tt><div class="note"><span class="notetitle">Note:</span> Any and all passwords
specified in this scenario are for example purposes only. To prevent a compromise
to your system or network security, you should never use these passwords as
part of your own configuration.</div>
</li>
</ul>
</div>
</li>
<li>Right-click <span class="uicontrol">MyCoEimDomain</span> and select <span class="uicontrol">Test
a mapping...</span>.</li>
<li>On the <span class="uicontrol">Test a mapping</span> dialog, specify or <span class="uicontrol">Browse...</span> to
select the following information, and click <span class="uicontrol">Test</span>:<ul><li><span class="uicontrol">Source registry</span>: <tt>MYCO.COM</tt></li>
<li><span class="uicontrol">Source user</span>: <tt>ksmith</tt></li>
<li><span class="uicontrol">Target registry</span>: <tt>ISERIESB.MYCO.COM</tt></li>
</ul>
</li>
<li>Results will display in the <span class="uicontrol">Mapping found</span> portion
of the page, as follows:
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><thead align="left"><tr><th valign="top" width="50%" id="d0e564">For these fields</th>
<th valign="top" width="50%" id="d0e566">See these results</th>
</tr>
</thead>
<tbody><tr><td valign="top" width="50%" headers="d0e564 ">Target user</td>
<td valign="top" width="50%" headers="d0e566 ">SYSUSERB</td>
</tr>
<tr><td valign="top" width="50%" headers="d0e564 ">Origin</td>
<td valign="top" width="50%" headers="d0e566 ">Registry policy association</td>
</tr>
</tbody>
</table>
</div>
</li>
<li>Click <span class="uicontrol">Close</span>.</li>
</ol>
<p>If you receive messages or errors that indicate problems with your
mappings or with communications, see <a href="../rzalv/rzalvtrblshoot.htm">Troubleshoot EIM</a> to help you find solutions to these
problems.</p>
<p>Now that you have tested the EIM identity mappings, you can
configure <span class="keyword">iSeries Access for Windows<sup>®</sup></span> applications
to use Kerberos authentication.</p>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamzenablessoos400.htm" title="View this scenario to learn how to configure network authentication service and EIM to create a single signon environment across multiple systems in an enterprise. This scenario expands on the concepts and tasks presented in the previous scenario which demonstrates how to create a simple single signon test environment.">Scenario: Enable single signon for i5/OS</a></div>
<div class="previouslink"><strong>Previous topic:</strong> <a href="rzamzenableregistriestoparticipateinlookupoperationsandtousepolicyassociations.htm">Enable registries to participate in lookup operations and to use policy associations</a></div>
<div class="nextlink"><strong>Next topic:</strong> <a href="rzamzconfigureiseriesaccess1a.htm">Configure iSeries Access for Windows applications to use Kerberos authentication</a></div>
</div>
</div>
</body>
</html>
Reference in New Issue Copy Permalink