Security considerations

If you specified that CICS must authenticate itself to LDAP in order to write to it, by coding the system property java.naming.security.authentication=simple in your JVM properties files, you now have a choice between
To help you decide, a very simplified view of part of the LDAP namespace is shown in Figure 1.
Figure 1. Simplified view of part of an LDAP namespace
The picture shows a containerdn above a legacyRoot, connected below that are two WAS servers, and two CICS servers. Each of these servers has two objects connected below it.

If you use security at the containerdn level, CICS has write access to containerdn and all nodes below it. This allows CICS, or a CICS application using the JNDI interfaces, to write to all these nodes, including those that belong to WebSphere Application Server for z/OS and OS/390. If you use security at the CICS region level, then CICS and CICS applications are only able to write to the specific CICS nodes in the tree.