We are developing a process to add and remove entries in the X(ROL) records using the CA LDAP Server. Will the enable_refresh_xref Global configuration option caus the X(ROL) records to be refreshed?
Article ID: 51028
Updated On:
Products
Issue/Introduction
The LDAP Global Configuration enable_refresh_xref Option will cause the F ACF2,NEWXREF,TYPE(ROL) command to be issued when
Cross-Reference Role Group (X-ROL) records are added or changed.
Environment
Component: ACFLDP
Resolution
In slapd.conf, there are two sections: The global options section, which affects all CAACF2_UTF databases, and the database specific section, which is configured for each security database being accessed.
You specify back-end global options after the CA LDAP Server global options but before any database specific options. The back-end keyword distinguishes back-end global options from the back-end database specific options.
The LDAP Global Configuration enable_refresh_xref option works as follows.
enable_refresh_xref
Issues an F ACF2,NEWXREF,TYPE(xxx) when configured, where xxx is SGP, RGP or ROL. This is not issued by default.
When altering XREF Cross-Reference records, CA ACF2 needs to have a modify command issued for the changes to take effect. There are three types of XREF reccords Cross-Reference Source Group (X-SGP), Cross-Reference Resource Group (X-RGP) and Cross-Reference Role Group (X-ROL) records. When changes are made to any of the three types of Cross-Reference records the NEWXREF modify command needs to be issued for the corresponding type of record, for example:
F ACF2,NEWXREF,TYPE(SGP) F ACF2,NEWXREF,TYPE(RGP) F ACF2,NEWXREF,TYPE(ROL)
If you enable this option, the CA LDAP Server issues one of the above commands for an ADD or MODIFY of one of the three types of XREF Cross-Reference records.
Details on the LDAP Global Configuration enable_refresh_xref option can be found in the CA LDAP Server for z/OS
section: CAACF2_UTF Back-end.
Feedback
