Before the installation of ProcMan can be started the DB2 Client (the official name of the product is IBM Data Server Client) must be installed on the server where ProcMan shall run. The database client must be installed and configured in a way that client applications can access the database server and the ProcMan database on it from the ProcMan server.
ProcMan communicates with the DB2 database server via CLI interface. The connection information must be known for further configuration. A detailed guide how to install the DB2 client can be found here DB2 Client Installation and configuration
The HWF software package includes a Web Server (Apache), the PHP interpreter and tools required by ProcMan. The installation of HWF for ProcMan is described here Step 2: Installation of HWF (HORIZONT Web Framework)
If the communication between the user PCs and the ProcMan server shall run via HTTPS protocol (encrypted communication), the certification authority (CA) of the customer has to provide a X.509 certificate and a key file for the ProcMan server.
For the generation of the certificate the CA will need the DNS (domain name system) name or the IP address of the ProcMan server which will be used in the URL (uniform system locator) requests in the browsers on the user PCs to access the ProcMan server (e.g. for URL=https://procman.my_company.com:11443/index.php, DNS=procman.my_company.com).
ProcMan also provides a tool (hwm_cert_request) for generation of a certificate request and the key file. The generated request can then be sent (without the key file) to the CA, which has only to sign the request and send back the final certificate. For more information about the tool, please see Encryption
ProcMan allows user authentication against one or several LDAP capable systems (RACF, Active Directory, OpenLDAP, etc.). Such users can be imported into ProcMan either directly from the LDAP systems, or from CSV files.
For a detailed description of the LDAP user import see the documentation Importing accounts via LDAP.
In the case, that the users shall be imported directly from some LDAP systems, a user which is authorized to read the users list via LDAP is required for each such a LDAP system.
Such a user and he’s authorization has to be provided by the administrators of the LDAP system. For example in RACF, the user used for the LDAP user import needs the ROAUDIT (read-only auditor) attribute, to be able to read the users list via LDAP. It allows to read (but not change) all RACF profiles, and can be set either in ISPF RACF dialog or by the command:
ALU userid ROAUDIT