We are developing a process to add and remove entries in the X(ROL) records using the CA LDAP Server. Will the enable_refresh_xref Global configuration option caus the X(ROL) records to be refreshed?

book

Article ID: 51028

calendar_today

Updated On:

Products

CA ACF2 CA ACF2 - DB2 Option CA ACF2 for zVM CA ACF2 - z/OS CA ACF2 - MISC CA-24X7 High-Availability Manager for DB2 for z/OS CA-Batch Processor Compile QQF CA Data Compressor for DB2 for z/OS Data Navigator for DB2 UDB for z/OS CA-DB Delivery for DB2 CA Unicenter NSM CA Log Compress DBA for DB2 Guide Online CA InfoRefiner Advantage InfoRefiner Advantage InfoRefiner Maint Upgrade CA InfoTransport Advantage InfoTransport Maint Upgrade Online Reorg for DB2 for z/OS CA RC/Update for DB2 for z/OS Query Analyzer RI Editor for DB2 for z/OS DB2 TOOLS- DATABASE MISC CA PanApt CA PanAudit

Issue/Introduction

Description:

The LDAP Global Configuration enable_refresh_xref Option will cause the F ACF2,NEWXREF,TYPE(ROL) command to be issued when
Cross-Reference Role Group (X-ROL) records are added or changed.

Solution:

In slapd.conf, there are two sections: The global options section, which affects all CAACF2_UTF databases, and the database specific section, which is configured for each security database being accessed.

You specify back-end global options after the CA LDAP Server global options but before any database specific options. The back-end keyword distinguishes back-end global options from the back-end database specific options.

The LDAP Global Configuration enable_refresh_xref option works as follows.

enable_refresh_xref  

Issues an F ACF2,NEWXREF,TYPE(xxx) when configured, where xxx is SGP, RGP or ROL. This is not issued by default.

When altering XREF Cross-Reference records, CA ACF2 needs to have a modify command issued for the changes to take effect. There are three types of XREF reccords Cross-Reference Source Group (X-SGP), Cross-Reference Resource Group (X-RGP) and Cross-Reference Role Group (X-ROL) records. When changes are made to any of the three types of Cross-Reference records the NEWXREF modify command needs to be issued for the corresponding type of record, for example:

F ACF2,NEWXREF,TYPE(SGP)   
F ACF2,NEWXREF,TYPE(RGP)   
F ACF2,NEWXREF,TYPE(ROL)  

If you enable this option, the CA LDAP Server issues one of the above commands for an ADD or MODIFY of one of the three types of XREF Cross-Reference records.

Details on the LDAP Global Configuration enable_refresh_xref option can be found in the CA LDAP Server for z/OS
Product Guide in Chapter 5: CAACF2_UTF Back-end.

Environment

Release:
Component: ACFLDP