Error while reading the account in ACF2 endpoint

book

Article ID: 106002

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal

Issue/Introduction

Trying to edit ACF2 account properties from IM Provisioning Manager or from the IM user console,
fails with LDAP error code 80 : LDP0500E Error issuing LIST xxxx with R_Admin,
return code=17305604 failed to lookup acf2UserOMVS=xxxx,acf2lid=xxxx,acf2admingrp=lids,host=yyyy,o=zzzz,c=no

Cause

The slapd.log on USS also shows this LDP0500E error for the following couple of commands:
SET PROF(USER) DIV(OMVS)
LIST xxxx

We fail to retrieve the OMVS segment information of this user profile.

Environment

IM 12.6.x. 
CA ACF2 v2 endpoint. 
CA LDAP r15 (slapd 15.2014.1120). 
CA ACF2 REL 16 /MVS SP7.2.1. 

Resolution

Out of IM product the following LDAP request also fails with LDP0500E error.
ldapsearch -LLL -h TARGET -p PORT -D "cn=PROXY_ID" -w PROXY_ID_PWD -b "acf2UserOMVS=xxxx,acf2lid=xxxx,acf2admingrp=lids,host=yyyy,o=zzzz,c=no" -s base

The PROXY_ID did not have enough rights to edit OMVS segment information of user profiles.
The mainframe team provided the Client with a stronger PROXY_ID allowing to edit OMVS data for any ACF2 IDs.
Once they changed their proxy admin ID (with the appropriate rights) and related password into the endpoint (ACF2_BV_v2) definition from IM Provisioning Manager UI, the issue was fixed.