search cancel

We are developing a process to add and remove entries in the X(ROL) records using the CA LDAP Server. Will the enable_refresh_xref Global configuration option caus the X(ROL) records to be refreshed?


Article ID: 51028


Updated On:


ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC 24X7 High-Availability Manager for DB2 for z/OS Batch Processor Compile QQF Data Compressor for DB2 for z/OS CA Unicenter NSM RC/Update for DB2 for z/OS DB2 TOOLS- DATABASE MISC PanApt PanAudit



The LDAP Global Configuration enable_refresh_xref Option will cause the F ACF2,NEWXREF,TYPE(ROL) command to be issued when
Cross-Reference Role Group (X-ROL) records are added or changed.


In slapd.conf, there are two sections: The global options section, which affects all CAACF2_UTF databases, and the database specific section, which is configured for each security database being accessed.

You specify back-end global options after the CA LDAP Server global options but before any database specific options. The back-end keyword distinguishes back-end global options from the back-end database specific options.

The LDAP Global Configuration enable_refresh_xref option works as follows.


Issues an F ACF2,NEWXREF,TYPE(xxx) when configured, where xxx is SGP, RGP or ROL. This is not issued by default.

When altering XREF Cross-Reference records, CA ACF2 needs to have a modify command issued for the changes to take effect. There are three types of XREF reccords Cross-Reference Source Group (X-SGP), Cross-Reference Resource Group (X-RGP) and Cross-Reference Role Group (X-ROL) records. When changes are made to any of the three types of Cross-Reference records the NEWXREF modify command needs to be issued for the corresponding type of record, for example:


If you enable this option, the CA LDAP Server issues one of the above commands for an ADD or MODIFY of one of the three types of XREF Cross-Reference records.

Details on the LDAP Global Configuration enable_refresh_xref option can be found in the CA LDAP Server for z/OS
Product Guide in Chapter 5: CAACF2_UTF Back-end.


Component: ACFLDP