While you're at it, call lab services in Rochester. They can get Tom to
help you. When he's in the room, he's the smartest guy there, hands down.
Back to Barsa's *SPENDMONEY command as Paul pointed out.
My fear with what's being suggested is the complexity of the LDAP/EIM set up
is going to monumental. Thinking about how in the world to recover from a
catastrophic failure makes me want a drink.
Another thought crossed my mind:
1) sign on with any profile
2) routing program comes up and asks you what personality you would like to
be for this job
3) routing program issues the change handle and then moves on from there.
That's going to be way more simple to maintain. The only potential problem
might be submitted batch jobs might not run under the changed handle, rather
the profile that signed on, but that could be dealt with too.
--
Jim Oberholtzer
Agile Technology Architects
-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of
Steinmetz, Paul
Sent: Friday, February 10, 2017 3:25 PM
To: 'midrange-l@xxxxxxxxxxxx'
Subject: RE: EIM - Anyone have experience inplementing with a one to many
relationship?
Marc,
< The solution is based on assigning several IPs to the IBM i partition, one
for each "application", assuming that you can "assign" each of your user
profiles to an application.>
This possibly could work.
Please send the PP if you can find it.
Thanks
Paul
-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Marc
Rauzier
Sent: Friday, February 10, 2017 4:22 PM
To: midrange-l@xxxxxxxxxxxx
Subject: Re: EIM - Anyone have experience inplementing with a one to many
relationship?
Le 10/02/2017 à 21:40, Steinmetz, Paul a écrit :
Many Accounts on One IBM I system
Example,
My Windows Domain account is psteinmetz.
My iSeries accounts are:
Pauls
Paulst
CPAPSTEI
TPAPSTEI
PPAPSTEI
BPAPSTEI
Thomas Barlen (IBM Lab Services security specialist) has described a way to
achieve this need, when I attended his session in Dublin Technical
University in 2013. I do not find his PowerPoint with google. Let me know if
you need it, I will retrieve it from my laptop at work.
The solution is based on assigning several IPs to the IBM i partition, one
for each "application", assuming that you can "assign" each of your user
profiles to an application.
Paul
-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of
DrFranken
Sent: Friday, February 10, 2017 3:33 PM
To: Midrange Systems Technical Discussion
Subject: Re: EIM - Anyone have experience inplementing with a one to many
relationship?
Many Accounts on ONE IBM i System?
*OR*
One (different) account on MANY IBM i systems?
- Larry "DrFranken" Bolhuis
www.Frankeni.com
www.iDevCloud.com - Personal Development IBM i timeshare service.
www.iInTheCloud.com - Commercial IBM i Cloud Hosting.
On 2/10/2017 3:00 PM, Steinmetz, Paul wrote:
I've been asked if we can implement EIM.
I previously implemented EIM, only as a test, with a one to one
relationship.
Our Windows accounts are different than our iSeries accounts.
Each Windows account may have many iSeries accounts (one to many).
Can this be done with EIM?
Or will take a custom solution?
https://www.helpsystems.com/how-to-guides/sequel/kerberos-single-sign
- enterprise-identity-mapping-power-i-and-http
Thank You
_____
Paul Steinmetz
IBM i Systems Administrator
Pencor Services, Inc.
462 Delaware Ave
Palmerton Pa 18071
610-826-9117 work
610-826-9188 fax
610-349-0913 cell
610-377-6012 home
psteinmetz@xxxxxxxxxx<mailto:psteinmetz@xxxxxxxxxx>
http://www.pencor.com/
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at
http://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe,
or change list options,
visit:
http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at
http://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx for any subscription related questions.
Help support midrange.com by shopping at amazon.com with our affiliate link:
http://amzn.to/2dEadiD
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe,
or change list options,
visit:
http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at
http://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx for any subscription related questions.
Help support midrange.com by shopping at amazon.com with our affiliate link:
http://amzn.to/2dEadiD
As an Amazon Associate we earn from qualifying purchases.