An internal customer noticed the following entry from an ACFRPTOM report that occurs several times. What does this error message mean and why it is failing?
SERVICE USERID GROUP UID GID SAF RC RSN
DATE TIME JOBNAME SOURCE SYSID CPU SECLABEL
R_admin USER001 TESTGRP N/A N/A 8 16 4
11/26/19 19.330 13.57.12 LDAP SYS1 SYS1
Failed - ESM request failed
Release : 16.0
Component : CA ACF2 for z/OS, CA LDAP Server
Sites can find out what the invalid ACF2 sub-command was by turning on the LDAP Server debug, re-creating the LDAP call and then browsing the stderr file in the LDAP Server installation directory.
Note that an application makes a LDAP call to the LDAP server and the LDAP Server backend will make R_Admin calls. Depending on the LDAP call the LDAP Server may generate multiple R_Admin calls to fulfill the application's LDAP request, and some of these calls may fail but behind the scenes the overall application's LDAP request completes successfully. For example if an application requests a list of all logonids in the ACF2 database the LDAP Server backend will issue multiple R_Admin 'LIST LIKE(A-)' to 'LIST LIKE(Z-)' commands rather than a single 'LIST LIKE(-) to avoid too much data being returned from a single call. In doing so some of these 'LIST LIKE(A-)' commands may fail with a 'ACF02010 RECORD(S) NOT FOUND' message which will equate to the R_Admin 8/16:4 entries in the ACFRPTOM report. The ACF02010 message will appear in the stderr file when debug is active.
The LDAP Server debug can be turned on and off dynamically using console modify commands.
To turn debug on:
F LDAP,APPL=SET,DEBUG,ANY
To turn it off:
F LDAP,APPL=SET,DEBUG,0
The following table list the possible debug values that can be set.
Text | Hex Value | Decimal Value | Type of Traced Information |
0 | 0 | OFF/None | |
ANY | -1 | All levels of tracing | |
TRACE | 0x00000001 | 1 | Entrance/Exit to functions |
PACKETS | 0x00000002 | 2 | Packet dumps |
ARGS | 0x00000004 | 4 | Arguments to routines |
CONNS | 0x00000008 | 8 | Connection information |
BER | 0x00000010 | 16 | BER structures |
FILTER | 0x00000020 | 32 | Filter information |
CONFIG | 0x00000040 | 64 | Configuration; including dynamic schema information |
ACL | 0x00000080 | 128 | Access control list |
STATS | 0x00000100 | 256 | Timings |
STATS2 | 0x00000200 | 512 | Cipher Suites; Conversions |
PARSE | 0x00000800 | 2048 | LDIF and attribute/Entry parsing |
CACHE | 0x00001000 | 4096 | Caching |
SYNC | 0x00004000 | 16384 | Log commands sent to the ESM and the return code |
ENTRY | 0x00010000 | 65536 | Debug statements from within add_entry_value() |
CS | 0x00020000 | 131072 | Debugging dealing with callable services |
BUFS | 0x00040000 | 262144 | Buffer and cache maintenance |
MUTEX | 0x00080000 | 524288 | mutex lock/unlock/init/delete |
DB2 | 0x00100000 | 1048576 | Interface to DB2/CMGR DB2 interface |
POLICY | 0x00200000 | 2097152 | Interface to SQLITE/CMGR Policy File interface |
CALLBACK | 0x00400000 | 4194304 | Interface to SQLITE Callback tracing |