friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
14ed2849c6
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamz_5.4.0.1/rzamzcreatedefaultregistrypolicyassociations.htm

105 lines
7.4 KiB
HTML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="task" />
<meta name="DC.Title" content="Create default registry policy associations" />
<meta name="DC.Relation" scheme="URI" content="rzamzenablessoos400.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamzcreateidentifierassociationsforsharonjones.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamzenableregistriestoparticipateinlookupoperationsandtousepolicyassociations.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzamzcreatedefaultregistrypolicyassociations" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Create default registry policy associations</title>
</head>
<body id="rzamzcreatedefaultregistrypolicyassociations"><a name="rzamzcreatedefaultregistrypolicyassociations"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Create default registry policy associations</h1>
<div><div class="section"><p>You want to have all your Microsoft<sup>®</sup> Active Directory users on
the <span class="keyword">Windows<sup>®</sup> 2000</span> server map to
the user profile, SYSUSERA, on <span class="keyword">iSeries™</span> A
and to the user profile, SYSUSERB, on <span class="keyword">iSeries</span> B. </p>
<p>Fortunately,
you can use policy associations to create mappings directly between a group
of users and a single target user identity. In this case, you can create a
default registry policy association the maps all the user identities (for
which no identifier associations exist) in the MYCO.COM Kerberos registry
to a single <span class="keyword">i5/OS™</span> user
profile on iSeriesA.</p>
<div class="p">You need two policy associations to accomplish
this goal. Each policy association uses the MYCO.COM user registry definition
as the source of the association. However, each policy association maps user
identities in this registry to different target user identities, depending
on which <span class="keyword">iSeries</span> system the
Kerberos user accesses:<ul><li> One policy association maps the Kerberos principals in the MYCO.COM user
registry to a target user of SYSUSERA in the target registry of ISERIESA.MYCO.COM. </li>
<li>The other policy association maps the Kerberos principals in the MYCO.COM
user registry to a target user of SYSUSERB in the target registry of ISERIESB.MYCO.COM.</li>
</ul>
</div>
<p>Use the information from your planning works sheets to create
two default registry policy associations.</p>
<div class="p"><div class="note"><span class="notetitle">Note:</span> Before you can use policy
associations, however, you must first ensure that you enable the domain to
use policy associations for mapping lookup operations. You can do this as
part of the process for creating your policy associations, as follows:</div>
</div>
</div>
<ol><li><span>In <span class="keyword">iSeries Navigator</span>,
expand <span class="menucascade"><span class="uicontrol">iSeries A</span> &gt; <span class="uicontrol">Network</span> &gt; <span class="uicontrol">Enterprise Identity Mapping</span> &gt; <span class="uicontrol">Domain Management</span></span>.</span></li>
<li><span>Right-click <span class="uicontrol">MyCoEimDomain</span>, and select <span class="uicontrol">Mapping
policy...</span>.</span></li>
<li><span>On the <span class="uicontrol">General</span> page, select the <span class="uicontrol">Enable
mapping lookups using policy associations for domain MyCoEimDomain</span>. </span></li>
</ol>
<div class="section"><p>Follow these steps to create the default registry policy association
for the users to map to the SYSUSERA user profile on <span class="keyword">iSeries</span> A:</p>
<ol><li>On the <span class="uicontrol">Registry</span> page, click <span class="uicontrol">Add</span>.</li>
<li>In the <span class="uicontrol">Add Default Registry Policy Association</span> dialog,
specify or <span class="uicontrol">Browse...</span> to select the following information,
and click <span class="uicontrol">OK</span>:<ul><li><span class="uicontrol">Source registry</span>: <tt>MYCO.COM</tt></li>
<li><span class="uicontrol">Target registry</span>: <tt>ISERIESA.MYCO.COM</tt></li>
<li><span class="uicontrol">Target user</span>: <tt>SYSUSERA</tt></li>
</ul>
</li>
<li>Click <span class="uicontrol">OK</span> to close the <span class="uicontrol">Mapping Policy</span> dialog.<p>Follow
these steps to create the default registry policy association for the users
to map to the SYSUSERB user profile on <span class="keyword">iSeries</span> B:</p>
</li>
<li>On the <span class="uicontrol">Registry</span> page, click <span class="uicontrol">Add</span>.</li>
<li>In the <span class="uicontrol">Add Default Registry Policy Association</span> dialog,
specify or <span class="uicontrol">Browse...</span> to select the following information,
and click <span class="uicontrol">OK</span>:<ul><li><span class="uicontrol">Source registry</span>: <tt>MYCO.COM</tt></li>
<li><span class="uicontrol">Target registry</span>: <tt>ISERIESB.MYCO.COM</tt></li>
<li><span class="uicontrol">Target user</span>: <tt>SYSUSERB</tt></li>
</ul>
</li>
<li>Click <span class="uicontrol">OK</span> to close the <span class="uicontrol">Mapping Policy</span> dialog.</li>
</ol>
<p>Now that you have created the default registry policy associations,
you can enable the registries to participate in lookup operations and to use
the policy associations.</p>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamzenablessoos400.htm" title="View this scenario to learn how to configure network authentication service and EIM to create a single signon environment across multiple systems in an enterprise. This scenario expands on the concepts and tasks presented in the previous scenario which demonstrates how to create a simple single signon test environment.">Scenario: Enable single signon for i5/OS</a></div>
<div class="previouslink"><strong>Previous topic:</strong> <a href="rzamzcreateidentifierassociationsforsharonjones.htm">Create identifier associations for Sharon Jones</a></div>
<div class="nextlink"><strong>Next topic:</strong> <a href="rzamzenableregistriestoparticipateinlookupoperationsandtousepolicyassociations.htm">Enable registries to participate in lookup operations and to use policy associations</a></div>
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink