1. Home
  2. Archive
  3. Hypersocket Prime
  4. Configuration
  5. System Configuration
  6. User Databases
  7. Creating an AS/400 Realm

Creating an AS/400 Realm

Can't find what you're looking for?
Request Supporthere

admin 8 January, 2019

Introduction

This article shows you how to connect and authenticate via IBM OS/400 and i5/OS servers as well as create new user profiles on your OS/400 servers from Hypersocket.

 

Pre-requisite

The AS400 Connector extension must be installed.

 

Configuring

To configure this connector, in the User Realms page, click Create. Give the new realm a name and select OS/400 and i5/OS as the Realm Type.

The first tab, Connection, is where the details for the server you are connecting to is held.

 

The options on this tab are:

  • Hostname: The hostname or IP address of the OS/400 server.
  • Username: The user profile which will be used to list or edit users (generally the *SECOFR account).
  • Password: The password for the above user.
  • Proxy server: The name of any middle tier server which may be used to proxy connections.
  • Read Only: Should users be only be read or should updates be allowed for creating/editing users? (defaults to OFF).

 

The second tab is Hosts. If more than one realm is being set up it is advised to configure the settings in this tab. 

  • Restrict Hosts: if this option is turned on, then users from another realm will not be able to authenticate to the Hypersocket server when accessing via the defined Realm Host. This can be especially useful in a Managed Service Provider environment. If Restrict Hosts is off, then a user from another realm will be able to authenticate as long as their username is not a duplicate of one on this realm.
  • Realm Hosts: It is strongly advised to configure this setting. Type in the hostname that your users will be using to access the Hypersocket server for this realm. The Hypersocket server then will know to send authentication attempts to this host to the correct User Database. A different hostname should be used for each realm, which requires you are able to configure your domain’s DNS settings so that these hostnames point to the Hypersocket server.

Type in the realm host and press enter to add the host. Multiple hostnames can be configured on a realm.

Without a Realm Host setting, Hypersocket will attempt to authenticate a user on the Default realm first, before trying to find that user on other realms. This can lead to unpredictable behavior in a multi-realm environment.

 

The third tab, Filter, allows you to restrict which user objects are cached by the server. Individual Users and/or Groups can be defined to exclude them.

Type in the user or group you wish to exclude then press enter to add it to the list.

 

The fourth tab, Reconcile, contains settings relating to how the users are cached in Hypersocket. Hypersocket connects to the remote user database periodically to update its list of cached users and then performs an update (reconcile) of this cache by either adding new users, deleting users that no longer exist or updating existing users.

 

The reconcile settings are:

  • Reconcile Every (mins): The number of minutes between each successive user re-caching periods. Defaults to 60 minutes.
  • Retry on Failure (mins): If a connection attempt fails during the reconcile, the number of minutes to wait before retrying. Defaults to 5 minutes.
  • Rebuild Cache: On next reconcile, delete the cache and import all user objects from scratch. This takes more time than a normal reconcile. Defaults to OFF.
  • Purge Duplicates: On rare occasions an out of date cache can cause duplicate users to be created in the cache. If that happens, this option can force removal of these duplicate users and rebuilds the cache. Defaults to OFF.
  • Cache Passwords: Hypersocket will generate a one-way hash of the users’ passwords the next time they log on and cache this. Subsequent authentication attempts do not need to contact the domain controller for authentication until the Hypersocket server is restarted. Defaults to OFF.
  • Reconcile at Login: Performs a reconcile of the user’s account at login. This can ensure that the latest information for that user (such as group membership and AD attributes) are perfectly up to date each login. Generally this is not needed as user accounts do not change very often. Defaults to OFF.

 

There is one more tab that only appears after editing the Realm after it has been created. This tab is Status and contains information relating to the reconcile status:

  • Status: Contains the status of the last reconcile, which can be Completed or Failed.
  • Next Due: The date and time that the next reconcile is due to run.
  • Last Performed: The date and time that the last reconcile was performed.
  • Last Error: If the last reconcile failed, any errors appear in this field.

 

Click Create when all of the information has been entered to create the new realm, after which you should be able to see your users in Hypersocket by navigating to Access Control.