This guide describes the procedure to deploy the IdentityForge Advanced Adapter for IBM-i5 Series. This guide is intended for resource administrators and target system integration teams.
The IdentityForge Advanced Adapter for IBM-i5 Series provides a native interface between iSeries and any LDAPv3 supported product. The adapter functions as a trusted virtual administrator on the target system, performing tasks such as creating login IDs, suspending IDs, and changing passwords. In addition, it automates some of the functions that administrators usually perform manually.
The IBM-iSeries Versions supported include:
- IBM i5/OS v5.4 up to 7.1
LDAP Gateway
The LDAP Gateway is built on Java Technology and allows portability across various platforms and operating systems. The LDAP Gateway receives LDAPv3 protocol commands from EmpowerID and translates them to native mainframe commands. After the commands are run, LDAPv3-formatted responses are returned to the requesting application.
The LDAP Gateway requires a Windows server with the Java JDK installed. EmpowerID recommends to provide a stand-alone Windows server for this role.
To install and configure the IdentityForge LDAP Gateway please follow the installation steps included in the attached document: IdentityForge LDAP Gateway Setup and Configuration.
Voyager Provisioning and Reconciliation Agent
The Voyager Provisioning and Reconciliation Agent is registered on the AS400 system and captures native i5/OS events. These events are then processed through the appropriate exits and the data is sent to the internal meta store of the LDAP Gateway. This allows for EmpowerID to perform incremental inventory and be notified of changes to objects in the AS400 system.
To install and configure the Voyager Provisioning and Reconciliation Agent please follow the installation steps listed below.
1. Connect to the AS400 using a Terminal Emulator of your choice, such as ZOC7.
2. Create a library named LSVALGAARD by running the following AS400 command:
CRTLIB LIB(LSVALGAARD) TEXT('IDF LIB')
3. Download and extract the Advanced Adapter for IBM-i5 Series.
4. Open Windows Explorer and navigate to i5_Advanced_Adapter_5.0.0.4_Enterprise > etc > Provisioning and Reconciliation Agent. IDFEX.SAV is located in this directory.
5. Connect to the AS400 using a FTP client of your choice, such as FileZilla, and transfer the IDFEX.SAV file to /QSYS.LIB/LSVALGAARD.LIB/ on the AS400 system.
6. Return to the Terminal Emulator and view the contents of the IDFEX.SAV file by running the following AS400 command:
DSPSAVF FILE(LSVALGAARD/IDFEX)
7. Confirm that the Display Saved Objects information is correct. You should see the following objects, as indicated in the screenshot below:
8. Extract the contents of IDFEX.SAV into the LSVALGAARD library by running the following AS400 command:
RSTOBJ OBJ(*ALL) SAVLIB(LSVALGAARD) DEV(*SAVF) SAVF(LSVALGAARD/IDFEX)
RSTLIB(LSVALGAARD)
9. Return to the FTP client, refresh the directory listing and confirm that /QSYS.LIB/LSVALGAARD.LIB/ contains the files extracted from IDFEX.SAVF. This should be XUSRPWD, NOTIFY, and QCSRC.
10. Return to the Terminal Emulator and start the user exit registration program by running the following AS400 command:
WRKREGINF
11. Register XUSRPWD as 1st exit point for the following exits:
QIBM_QSY_CHG_PROFILE CHGP0100 *Change User Profile*
QIBM_QSY_CRT_PROFILE CRTP0100 *Create User Profile*
QIBM_QSY_DLT_PROFILE DLTP0200 *Delete User Profile - before*
QIBM_QSY_RST_PROFILE RSTP0100 *Restore User Profile*
QIBM_QSY_VLD_PASSWRD VLDP0100 *Validate Password*
NOTE: On IBM i5 V5R4 and up, you also register XUSRPWD as 1st exit point for the following exit:
CHK_PASSWRD
12. View system and configuration values by running the following AS400 command:
WRKSYSVAL
13. Select option 2 for QPWDVLDPGM. Confirm this value is *REGFAC. This value should not be modified.
Please feel free to contact us by e-mail at support@empowerid.com or by phone at (877) 996-4276 (Option 2) if you have any questions or concerns regarding this guide.
Comments