LDAP

 View Only

  • 1.  Can I pass any cmd via XEQCMD?

    Posted Oct 23, 2023 09:33 AM

    I would like to start a program instead of passing command to the ESM such as TSS. For example, I would like to execute the TSS command in a Rexx program and parse the output to XML q Json. It will allow me more granularity by creating a program per process instead of performing parsing by a client. It this possible? 



  • 2.  RE: Can I pass any cmd via XEQCMD?

    Broadcom Employee
    Posted Oct 23, 2023 09:39 AM

    The short answer is no. XEQCMD of LDAP invokes the R_admin() callable service and the ESM command processor that is behind the R_admin() service. The ESM command processors only access ACF2, TSS, or RACF commands.

    If you want to run programs/scripts, there are other options. For example, you can submit JCL to execute programs and/or scripts via FTP. Zowe has capabilities.

    I hope this helps.

    Mitch



    ------------------------------
    [JobTitle]
    [CompanyName]
    ------------------------------

    Original Message


  • 3.  RE: Can I pass any cmd via XEQCMD?

    Posted Oct 23, 2023 11:07 AM
    Thanks Mitch,

    The alternatives offered require ZOWE (which the client doesn;t have) and
    FTP which lack the ability to send a response.

    ITschak

    *| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
    Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
    and IBM I **| *

    *|* *Email**: i_mugzach@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
    *Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il **|*





    On Mon, Oct 23, 2023 at 4:39 PM Mitchell Rozonkiewiecz via Broadcom <
    Mail@broadcom.com> wrote:

    > The short answer is no. XEQCMD of LDAP invokes the R_admin() callable
    > service and the ESM command processor that is behind the R_admin()
    > service.... -posted to the "LDAP" community
    > [image: Broadcom] <https: community.broadcom.com="">
    > LDAP
    > <https: community.broadcom.com/mainframesoftware/communities/community-home/digestviewer?communitykey="228dfeac-dc73-4e12-8e57-05f70c3e15ea">
    > Post New Message <broadcom-caldap@connectedcommunity.org>
    > Re: Can I pass any cmd via XEQCMD?
    > <https: community.broadcom.com/mainframesoftware/discussion/can-i-pass-any-cmd-via-xeqcmd#bmd374b0d8-f181-49e3-a0af-5a57f9181788="">
    > Reply to Group
    > <broadcom_caldap_d374b0d8-f181-49e3-a0af-5a57f9181788@connectedcommunity.org?subject=re:+can+i+pass+any+cmd+via+xeqcmd> Reply
    > to Sender
    > <https: community.broadcom.com/mainframesoftware/communities/all-discussions/postreply?messagekey="d374b0d8-f181-49e3-a0af-5a57f9181788&ListKey=83fb4faf-f42a-4528-a3bb-e5bf5a05c5d5&SenderKey=af4699d6-8bd2-43a5-8adf-a8b3b4534b28">
    > [image: Mitchell Rozonkiewiecz]
    > <https: community.broadcom.com/network/members/profile?userkey="af4699d6-8bd2-43a5-8adf-a8b3b4534b28">
    > Oct 23, 2023 9:39 AM
    > Mitchell Rozonkiewiecz
    > <https: community.broadcom.com/network/members/profile?userkey="af4699d6-8bd2-43a5-8adf-a8b3b4534b28">
    >
    > The short answer is no. XEQCMD of LDAP invokes the R_admin() callable
    > service and the ESM command processor that is behind the R_admin() service.
    > The ESM command processors only access ACF2, TSS, or RACF commands.
    >
    > If you want to run programs/scripts, there are other options. For example,
    > you can submit JCL to execute programs and/or scripts via FTP. Zowe has
    > capabilities.
    >
    > I hope this helps.
    >
    > Mitch
    >
    >
    > ------------------------------
    > [JobTitle]
    > [CompanyName]
    > ------------------------------
    > *Reply to Group Online
    > <https: community.broadcom.com/mainframesoftware/communities/all-discussions/postreply?messagekey="d374b0d8-f181-49e3-a0af-5a57f9181788&ListKey=83fb4faf-f42a-4528-a3bb-e5bf5a05c5d5">*
    > *Reply to Group via Email
    > <broadcom_caldap_d374b0d8-f181-49e3-a0af-5a57f9181788@connectedcommunity.org?subject=re:+can+i+pass+any+cmd+via+xeqcmd>*
    > *View Thread
    > <https: community.broadcom.com/mainframesoftware/discussion/can-i-pass-any-cmd-via-xeqcmd#bmd374b0d8-f181-49e3-a0af-5a57f9181788="">*
    > *Recommend
    > <https: community.broadcom.com:443/mainframesoftware/discussion/can-i-pass-any-cmd-via-xeqcmd?messagekey="d374b0d8-f181-49e3-a0af-5a57f9181788&cmd=rate&cmdarg=add#bmd374b0d8-f181-49e3-a0af-5a57f9181788">*
    > *Forward
    > <https: community.broadcom.com/mainframesoftware/communities/all-discussions/forwardmessages?messagekey="d374b0d8-f181-49e3-a0af-5a57f9181788&ListKey=83fb4faf-f42a-4528-a3bb-e5bf5a05c5d5">*
    > *Flag as Inappropriate
    > <https: community.broadcom.com/mainframesoftware/discussion/can-i-pass-any-cmd-via-xeqcmd?markappropriate="d374b0d8-f181-49e3-a0af-5a57f9181788#bmd374b0d8-f181-49e3-a0af-5a57f9181788">*
    >
    > -------------------------------------------
    > Original Message:
    > Sent: Oct 23, 2023 07:04 AM
    > From: Itschak Mugzach
    > Subject: Can I pass any cmd via XEQCMD?
    >
    > I would like to start a program instead of passing command to the ESM such
    > as TSS. For example, I would like to execute the TSS command in a Rexx
    > program and parse the output to XML q Json. It will allow me more
    > granularity by creating a program per process instead of performing parsing
    > by a client. It this possible?
    >
    >
    >
    >
    > You are subscribed to "LDAP" as i_mugzach@securiteam.co.il. To change
    > your subscriptions, go to My Subscriptions
    > <http: community.broadcom.com/preferences?section="Subscriptions">. To
    > unsubscribe from this community discussion, go to Unsubscribe
    > <http: community.broadcom.com/higherlogic/egroups/unsubscribe.aspx?userkey="9e7c91e6-33fc-4d82-89e1-018b5c2fc70c&sKey=KeyRemoved&GroupKey=83fb4faf-f42a-4528-a3bb-e5bf5a05c5d5">.
    >
    >
    > Copyright © 2005-2023 Broadcom. All Rights Reserved. The term "Broadcom"
    > refers to Broadcom Inc. and/or its subsidiaries.
    >
    > Hosted by Higher Logic, LLC on the behalf of Broadcom - Privacy Policy
    > <https: www.broadcom.com/company/legal/privacy-policy=""> | Cookie Policy
    > <https: www.higherlogic.com/legal/privacy=""> | Supply Chain Transparency
    > <https: www.broadcom.com/company/citizenship/governance-and-ethics#supply="">
    > | Terms of Use <http: termsandconditions="">
    >


    Original Message


  • 4.  RE: Can I pass any cmd via XEQCMD?

    Broadcom Employee
    Posted Oct 23, 2023 12:03 PM

    When using FTP to submit JCL, all joblog output, which should include responses, can be redirected to a PC file. You can then parse this text output looking for the response. It will not be interactive, but if you are trying to verify if something worked or not, I think it'd be possible. 

    Mitch



    ------------------------------
    [JobTitle]
    [CompanyName]
    ------------------------------

    Original Message


  • 5.  RE: Can I pass any cmd via XEQCMD?

    Broadcom Employee
    Posted Oct 23, 2023 02:30 PM

    Here's a sample snippet of FTP script to upload JCL to the mainframe, submit it to JES, and route the output to the PC (see pc_dir_name/sample_jcl.log below). Maybe this can help you.

    Mitch

    put ./SAMPLE.jcl "public.sample.jcl"
quote site filetype=jes
get "public.sample.jcl" pc_dir_name/sample_jcl.log
quote site filetype=seq
delete "public.sample.jcl"


    ------------------------------
    [JobTitle]
    [CompanyName]
    ------------------------------

    Original Message


  • 6.  RE: Can I pass any cmd via XEQCMD?

    Broadcom Employee
    Posted Oct 24, 2023 01:14 PM

    While you cannot pass a command via XEQCMD, you can place messages out to the Syslog at specific points in the processing of the LDAP request to TSS. This may allow you to use automation to intercept the message, grab some data out of it, and start a batch job or do some REXX processing.

    See the LDAP TechDocs /Mainframe Software / Security / System z Security Communications Servers (DSI, LDAP, PAM) 15.1 / Configuring / Configure the LDAP Server / Configure the CATSS_UTF Backend / Top Secret Configuration Options / Database-Specific Option (Top Secret)

    URL is here;

    https://techdocs.broadcom.com/us/en/ca-mainframe-software/security/ca-system-z-security-communication-servers-dsi-ldap-pam/15-1/configuring/configure-the-ca-ldap-server/configure-the-catss-utf-backend/ca-top-secret-configuration-options/database-specific-options-ca-top-secret.html

    On this page, see the options for preAddAcidMessage or postADDAcidMessage as well as other message points.


    Original Message