The ldapsearch 'RESCHECK' authorization check can be used to perform a resource rule check or dataset rule check. This example ldapsearch is being done by logonid USER002 which has a password USER002, performing a dataset access check for dataset SYS1.PARMLIB by logonid usrtest.The file rescheck.inp is created in USS, and executed from OMVS.
LDAPSEARCH RESCHECK Example
EDIT /u/users/ldapr151/rescheck.inp Columns0000100072
Command ===> Scroll ===>PAGE
*********************************** Top of Data ******************************
==MSG>-Warning- The UNDO command is not available until you change
==MSG> your edit profile using the command RECOVERY ON.
000001./ldapsearch -x -D cn=USER002 -w USER002 -h SYS1234 -p 389 -s base -b \
000002 host=SYS1234.CA.COM,o=TEST,c=us \
000003 rescheck=usrtest,update,dataset,SYS1.PARMLIB,NONE
********************************** Bottom of Data ****************************
Note: "\" is the continuation character for the above command.
* ==================================================================*
* Example RESCHECK deny
* ==================================================================*
To invoke, Go to OMVS, change directory and execute the rescheck.inp file:
$ cd /u/users/ldapr151/
$ rescheck.inp
ldap_bind: Success (0)
additional info: ACF01137 USER002 LAST SYSTEM ACCESS 08.52-09/11/14 FROM 8DCA2485
# extended LDIF
#
# LDAPv3
# base <host=SYS1234.CA.COM,o=TEST,c=us> with scope baseObject
# filter: rescheck=usrtest,update,dataset,SYS1.PARMLIB,NONE
# requesting: ALL
#
# search result
search: 2
result: 50 Insufficient access
text: LDP1105E Access denied
# numResponses: 1
$
* ==================================================================*
* Example RESCHECK allow(change logonids from usrtest to usrsuper)
* ==================================================================*
To invoke, Go to OMVS, change directory and execute the rescheck.inp file:
$ cd /u/users/ldapr151/
$ rescheck.inp
ldap_bind: Success (0)
additional info: ACF01137 USER002 LAST SYSTEM ACCESS 09.30-09/18/14 FROM
A28LO903
# extended LDIF
#
# LDAPv3
# base <host=SYS1234.CA.COM,o=TEST,c=us> with scope baseObject
# filter: rescheck=usrsuper,update,dataset,SYS1.PARMLIB,NONE
# requesting: ALL
#
# search result
search: 2
result: 0 Success
# numResponses: 1
For details on ldapsearch parameters see the CA LDAP Server for z/OS Product Guide Release 15.1.00, Appendix A: z/OS UNIX System Services Command Line Utilities section 'ldapsearch–Search LDAP Objects'.