An internal customer noticed the following entry from an ACFRPTOM report that occurs several times. What does this error message mean and why it is failing?
SERVICE USERID GROUP UID GID SAF RC RSN
DATE TIME JOBNAME SOURCE SYSID CPU SECLABEL
R_admin USER001 TESTGRP N/A N/A 8 16 4
11/26/19 19.330 13.57.12 LDAP SYS1 SYS1
Failed - ESM request failed
Release : 16.0
Component : CA ACF2 for z/OS, CA LDAP Server
Sites can find out what the invalid ACF2 sub-command was by turning on the LDAP Server debug, re-creating the LDAP call and then browsing the stderr file in the LDAP Server installation directory.
Note that an application makes a LDAP call to the LDAP server and the LDAP Server backend will make R_Admin calls. Depending on the LDAP call the LDAP Server may generate multiple R_Admin calls to fulfill the application's LDAP request, and some of these calls may fail but behind the scenes the overall application's LDAP request completes successfully. For example if an application requests a list of all logonids in the ACF2 database the LDAP Server backend will issue multiple R_Admin 'LIST LIKE(A-)' to 'LIST LIKE(Z-)' commands rather than a single 'LIST LIKE(-) to avoid too much data being returned from a single call. In doing so some of these 'LIST LIKE(A-)' commands may fail with a 'ACF02010 RECORD(S) NOT FOUND' message which will equate to the R_Admin 8/16:4 entries in the ACFRPTOM report. The ACF02010 message will appear in the stderr file when debug is active.
The LDAP Server debug can be turned on and off dynamically using console modify commands.
To turn debug on:
To turn it off:
The following table list the possible debug values that can be set.
Type of Traced Information
All levels of tracing
Entrance/Exit to functions
Arguments to routines
Configuration; including dynamic schema information
Access control list
Cipher Suites; Conversions
LDIF and attribute/Entry parsing
Log commands sent to the ESM and the return code
Debug statements from within add_entry_value()
Debugging dealing with callable services
Buffer and cache maintenance
Interface to DB2/CMGR DB2 interface
Interface to SQLITE/CMGR Policy File interface
Interface to SQLITE Callback tracing