To create the subcontext
cicsabcd below the legacyRoot in the
LDAP namespace, and to set suitable Access Control Lists (ACLs) for it, use
the LDIF file supplied with CICS in
utils/namespace/dfhNewCICSSubcontext.ldif.
- The LDIF file contains comments to explain the steps involved, and the
values that are likely to need altering for a particular LDAP System Name
Space configuration.
- The LDIF file can be applied to the LDAP server using the ldapadd command:
Ldapadd -h wibble.ibm.com
-p 389
-D cn=CICSUser,c=us
-w CICSUserpwd
-f dfhNewCICSSubcontext.ldif
where CICSUserpwd is the password for CICSuser established
when CICSuser was set up.
This command needs to be run with a
principal (and credentials) that can write to the legacyRoot node. In the
example we are using, that is cn=CICSUser,c=US id,
which has been created for this purpose.
- The most important line of the LDIF file to change is the distinguished
name of the node being created, assuming the LDAP System Name Space was configured
using all the default scripts supplied with CICS, the distinguished name is:
ibm-wsnName=cicsabcd,ibm-wsnName=legacyRoot,ibm-wsnName=PLEX2,
ibm-wsnName=domainRoots,ibm-wsnTree=t1,o=wasnaming,c=US
- The rest of the LDIF sets the Access Control Lists appropriately for the
new node.
- The comments in this LDIF file are important, they explain other things
that you might have to consider. For example, there might be some additional
ACL entries that are appropriate in your installation depending on which principals
currently have write access to the System Name Space.
- Once the LDIF is applied, the new node exists on the LDAP server below
the legacyRoot, and the Access Control Lists are set such that the CICS runtime
principal has write access.