Determining the values for the system properties and adding them to your JVM properties files

The system properties that you can use in JVM properties files include six, described below, that relate to the use of an LDAP namespace for JNDI. The CICS® System Definition Guide has full descriptions of each of these system properties.

com.ibm.cics.ejs.nameserver
is the URL for the LDAP server being configured. In the preceding example it is ldap://wibble.ibm.com:389
com.ibm.ws.naming.ldap.containerdn
is the value specified in the dfhsns.ldif file. The default is ibm-wsnTree=t1,o=WASNaming,c=US if you did not tailor the ldif file. If you are seeking this value by browsing an existing namespace, look for a node of type ibm-wsnTree, the path to this node is a possible value for containerdn.
com.ibm.ws.naming.ldap.noderootrdn
can be determined from the domain you specified on the DFHBuildSNS call. In the example, the noderootrdn is ibm-wsnName=legacyRoot,ibm-wsnName=PLEX2,ibm-wsnName=domainRoots. If you are seeking this value by browsing an existing namespace, look for the path from the chosen containerdn to the legacyRoot entry.
java.naming.security.authentication
is set to simple if CICS must authenticate itself to LDAP in order to bind (or write) to it. Using the the defaults in the supplied scripts, authentication is necessary because the dfhsns.ldif script removed default write access for the ANYBODY group, and granted write access to the new principal cn=CICSUser,c=US that it created. If CICS does not have to authenticate itself to LDAP in order to write to it, do not set a value for this system property.
Important: If you do specify this system property, you also need to specify java.naming.security.principal and java.naming.security.credentials. Since these hold the UserID and password that CICS requires to access the secure LDAP service, you need to give particular attention to the access controls in force at your installation for the JVM properties files, and any other copies of this information that you have. You should ensure that the JVM properties files are secure, with update authority restricted to system administrators.
java.naming.security.principal
is a principal with the authority to bind to the namespace. You might choose the system principal that has write access to the entire namespace if security is not a real concern. However, it would be advisable to use at least the cn=CICSUser,c=US distinguished name specified in dfhsns.ldif, since that ID is only able to write to a particular area of the LDAP namespace (the containerdn and below).

If you want even tighter security, the principal could be cn=CICSSystems,c=US. There is extra LDAP configuration to be performed if you use this ID, see Security considerations' for a full discussion of CICS LDAP security configuration.

java.naming.security.credentials
is the password for the principal. The default if you did not tailor dfhsns.ldif. is secret.

When you have determined the values of these system properties, you need to specify them in all the JVM properties files that are used by CORBA applications or enterprise beans.

In particular, be sure to specify them in the dfjjvmcd.props properties file referenced by the DFHJVMCD JVM profile. The DFHJVMCD profile is used by CICS-defined programs, including the default request processor program and the program that CICS uses to publish and retract deployed JAR files.

You also need to specify these system properties in the JVM properties files referenced by any other JVM profiles that you choose to use for CORBA stateless objects or enterprise beans. These might be CICS-supplied sample JVM profiles or your own JVM profiles. For CORBA stateless objects and enterprise beans, the JVM profiles are named in the PROGRAM resource definitions for your request processor programs.

The only JVM properties file that never needs to include this information is a JVM properties file that you are only using for the master JVM that initializes the shared class cache, because this JVM is not used to run applications. The CICS-supplied sample JVM properties file for the master JVM is dfjjvmcc.props.

The CICS System Definition Guide tells you the rules for coding system properties in a JVM properties file.