IDMAP Cleanup Utility (TSSCHKDN)

TSSCHKDN is a batch utility that identifies invalid distinguished names (DNs) for CA Top Secret IDMAP users implementing secondary distinguished names. Use this utility to more efficiently identify IDMAPDN values in IDMAP records that are invalid for z/OS 1.13.
JCL Requirements
Use following sample JCL or a user-written substitute for the job stream to run the TSSIDMAP report.
//REPORTS JOB 1,'TSSCHKDN REPORTS',MSGCLASS=A,CLASS=A //********************************************************************* //* * //* CREATE THE A REPORT OF INVALID DISTINGUISHED NAMES * //* * //********************************************************************* //* //* //IDMAP EXEC PGM=TSSCHKDN //MAINTOUT DD SYSOUT=A //SYSPRINT DD SYSOUT=* //*SYSPRINT DD DISP=SHR,DSN=KAUGE01.IDMAP.REPORT /*
    Specifies where report output is sent. Output is directed to a printer or to the listed data set. The record format is VBA. You can optionally specify the BLKSIZE parameter; the default for this parameter is 3665. For most reports, report generator output is 80 characters wide. This width enables convenient report browsing on an 80-character display screen. However, some reports have a wider format for use with printer-directed output. To determine the maximum record length for each format, refer to the explanation of each report generator.
Sample TSSCHKDN Output
IDMAP Records That are Invalid Because of the IDMAPDN z/OS 1.13 Normalization ------------------------------------------------------------------------------ ACCESSORID = RMAPTUA IDMAP = TESTMAB1 IDMAPDN = =UID=DaveR,CN=Dave Reddy,OU=qa,O=CaACF2,C=US ACCESSORID = RMAPTUA IDMAP = TESTMAB2 IDMAPDN = ,UID=DaveR,CN=Dave Reddy,OU=qa,O=CaACF2,C=US ACCESSORID = RMAPTUA IDMAP = TESTMAB3 IDMAPDN = ;UID=DaveR,CN=Dave Reddy,OU=qa,O=CaACF2,C=US ACCESSORID = RMAPTUB IDMAP = TESTMAB4 IDMAPDN = UID=Da+eR,CN=Dave Reddy,OU=Dev,O=CaACF2,C=US
This report displays the following information:
    Identifies the ACID that has that IDMAP record on it.
    Identifies a unique 8-byte record identifier.
    Identifies the invalid distinguished name (DN).
Return Codes
The following return codes are associated with this utility:
  • 0
    Report executed successfully
  • 4
    No IDMAP Table
  • 8
    Internal Error
  • 997
  • 998
    CA Top Secret is not active
  • 999
    Output file cannot open