The system properties that you can use in JVM properties files include
six, described below, that relate to the use of an LDAP namespace for JNDI. The CICS® System Definition Guide has
full descriptions of each of these system properties.
- com.ibm.cics.ejs.nameserver
- is the URL for the LDAP server being configured. In the preceding example
it is ldap://wibble.ibm.com:389
- com.ibm.ws.naming.ldap.containerdn
- is the value specified in the dfhsns.ldif file. The default is ibm-wsnTree=t1,o=WASNaming,c=US if
you did not tailor the ldif file. If you are seeking this value by browsing
an existing namespace, look for a node of type ibm-wsnTree, the path to this
node is a possible value for containerdn.
- com.ibm.ws.naming.ldap.noderootrdn
- can be determined from the domain you specified on the DFHBuildSNS call.
In the example, the noderootrdn is ibm-wsnName=legacyRoot,ibm-wsnName=PLEX2,ibm-wsnName=domainRoots.
If you are seeking this value by browsing an existing namespace, look for
the path from the chosen containerdn to the legacyRoot entry.
- java.naming.security.authentication
- is set to simple if CICS must authenticate itself
to LDAP in order to bind (or write) to it. Using the the defaults in the supplied
scripts, authentication is necessary because the dfhsns.ldif script
removed default write access for the ANYBODY group, and granted write access
to the new principal cn=CICSUser,c=US that it created. If
CICS does not have to authenticate itself to LDAP in order to write to it,
do not set a value for this system property.
Important: If you
do specify this system property, you also need to specify java.naming.security.principal and java.naming.security.credentials. Since these hold the UserID and password that CICS requires to access the
secure LDAP service, you need to give particular attention to the access controls
in force at your installation for the JVM properties files, and any other
copies of this information that you have. You should ensure that the JVM properties
files are secure, with update authority restricted to system administrators.
- java.naming.security.principal
- is a principal with the authority to bind to the namespace. You might
choose the system principal that has write access to the entire namespace
if security is not a real concern. However, it would be advisable to use
at least the cn=CICSUser,c=US distinguished name
specified in dfhsns.ldif, since that ID is only able to write
to a particular area of the LDAP namespace (the containerdn and below).
If
you want even tighter security, the principal could be cn=CICSSystems,c=US.
There is extra LDAP configuration to be performed if you use this ID, see Security considerations' for a full discussion of CICS LDAP security
configuration.
- java.naming.security.credentials
- is the password for the principal. The default if you did not tailor dfhsns.ldif.
is secret.
When you have determined the values of these system properties, you need
to specify them in all the JVM properties files that are used by CORBA applications
or enterprise beans.
In particular, be sure to specify them in the dfjjvmcd.props properties
file referenced by the DFHJVMCD JVM profile. The DFHJVMCD profile is used
by CICS-defined programs, including the default request processor program
and the program that CICS uses to publish and retract deployed JAR files.
You also need to specify these system properties in the JVM properties
files referenced by any other JVM profiles that you choose to use for CORBA
stateless objects or enterprise beans. These might be CICS-supplied sample
JVM profiles or your own JVM profiles. For CORBA stateless objects and enterprise
beans, the JVM profiles are named in the PROGRAM resource definitions for
your request processor programs.
The only JVM properties file that never needs to include this information
is a JVM properties file that you are only using for the master JVM that initializes
the shared class cache, because this JVM is not used to run applications.
The CICS-supplied sample JVM properties file for the master JVM is dfjjvmcc.props.
The CICS System
Definition Guide tells you the rules for coding system properties
in a JVM properties file.