Help > EASYCOM Server > EASYCOM behavior > EASYCOM Server configuration commands > CFGEACEIM

CFGEACEIM

 This command is designed to configure the EIM connection for Easycom. It replaces the CFGEACSSO command, which is now obsolete.

The EIM system is used to define an OS/400 user from another authentication.

EIM can be seek the OS/400 user from different sources:

o    from the Kerberos authentication. This allows single signon (SSO)

o    from SSL client certificate authentication

The CFGEACAUTH command defines which kind of authentication are valid.

 

                      Easycom EIM Configuration (CFGEACEIM)

Type choices, press Enter.

Easycom server library name . . > EASYCOM Valeur alpha

Use EIM in Easycom . . . . . . .   *YES          *YES, *NO, *SAME

EIM valid from . . . . . . . . .   *NONE         HHMM =

EIM valid to . . . . . . . . . .   *NONE         HHMM =

LDAP user for EIM  . . . . . . .   'administrator'

LDAP password for EIM . . . . .

EIM logon is mandatory . . . . .   *NO           *YES, *NO

LDAP dn for EIM . . . . . . . .

LDAP service spn . . . . . . . .

Use EIM in EASYCOM

This is the main option for enable EIM on Easycom or not. Must be *YES to enable the other options.

SSO authorized from / SSO authorized to

EIM ‘opening hours’. EIM connections are forbidden outside of those hours.

LDAP user for EIM

Local LDAP user. This username is required during a connection attempt, to retrieve the "OS/400" username associated to the "Windows" user name.

This local username is the name used when configuring EIM with iSeries Navigator (when selecting NetWork/EIM Domain Mapping/Domain Management/<yourDomain>).

You need to only put the username, not "cn=

LDAP password for EIM

This is the password for the local LDAP connection.

EIM logon is mandatory

Configures EASYCOM to deny all non-EIM connections (with username/password).

LDAP dn for EIM

This is a alternate way for giving LDAP logon name, allowing specific syntax. So this is valid only if user is left blank. A typical value is:

cn=

LDAP service spn

This allows a specific service principal name. If *DFT is specified, Easycom calculates it using "krbsvr400" and the system name.

Example of valid values (with systemi5 name for the system, testdomain.com for the domain and TESTDOMAIN.COM for the realm):

krbsvr400/systemi5

krbsvr400/systemi5@TESTDOMAIN.COM

krbsvr400/systemi5.testdomain.com@TESTDOMAIN.COM (default if *DFT is specified)

© 2023 - 2024 Aura Equipements. All rights reserved.