An internal customer noticed the following entry from an ACFRPTOM report that occurs several times. What does this error message mean and why it is failing?

    SERVICE      USERID    GROUP        UID         GID    SAF     RC    RSN  
      DATE          TIME    JOBNAME   SOURCE   SYSID   CPU   SECLABEL         
R_admin          USER001  TESTGRP          N/A         N/A   8     16      4 
11/26/19  19.330   13.57.12 LDAP             SYS1     SYS1                  
Failed - ESM request failed  

Release : 16.0

Component : CA ACF2 for z/OS, CA LDAP Server

Sites can find out what the invalid ACF2 sub-command was by turning on the LDAP Server debug, re-creating the LDAP call and then browsing the stderr file in the LDAP Server installation directory.

Note that an application makes a LDAP call to the LDAP server and the LDAP Server backend will make R_Admin calls. Depending on the LDAP call the LDAP Server may generate multiple R_Admin calls to fulfill the application's LDAP request, and some of these calls may fail but behind the scenes the overall application's LDAP request completes successfully. For example if an application requests a list of all logonids in the ACF2 database the LDAP Server backend will issue multiple R_Admin 'LIST LIKE(A-)' to 'LIST LIKE(Z-)' commands rather than a single 'LIST LIKE(-) to avoid too much data being returned from a single call. In doing so some of these 'LIST LIKE(A-)' commands may fail with a 'ACF02010 RECORD(S) NOT FOUND' message which will equate to the R_Admin 8/16:4 entries in the ACFRPTOM report. The ACF02010 message will appear in the stderr file when debug is active.

The LDAP Server debug can be turned on and off dynamically using console modify commands.

To turn debug on:                                                            
F LDAP,APPL=SET,DEBUG,ANY     

To turn it off:                                     
F LDAP,APPL=SET,DEBUG,0

The following table list the possible debug values that can be set.