To check that the connection is secure you run the ECIDateTime application.
LDAP names and RACF® names have not yet been mapped using RACMAP. As a result, the application returns various error messages. The appearance of these messages at this stage is to be expected and is normal. If some messages do not appear, their nonappearance might indicate a problem such as security setting SEC=NO, a default user ID that has too much authority, or RACF mapping that has already been defined.
app_server_root/bin/launchClient filepath/ECIDateTime.ear
Where filepath is the path to the ECIDateTime
.ear file.javax.resource.spi.SecurityException: CTG9631E Error occurred during interaction with CICS:
ECI_ERR_SECURITY_ERROR, error code: -27
11.36.45 JOB09604 ICH408I USER(TESTID ) GROUP(TSOUSER ) NAME(TEST )
113 113 DISTRIBUTED IDENTITY IS NOT DEFINED:
113 uid=CTGuser1,ou=TMS,dc=CTGTest,o=COMPANYCTG ctg-test-registry.ibm.com:389
11.36.45 JOB09604 IRR012I VERIFICATION FAILED. USER PROFILE NOT FOUND
The CICS user message log contains
this message:DFHIS1027 10/26/2009 11:36:45 IY24CTGC Security violation has been detected using IPCONN
IPCONN IPICIP and transaction id CSMI by userid BADLINK
If these messages appear, this is not an indication of a problem. On the contrary, the messages are expected because although the connection to CICS was established, the application failed because the LDAP identity was not propagated through to CICS. In the next step Configuring identity propagation on RACF, you configure the mapping between LDAP and RACF identities.