Error while reading the account in ACF2 endpoint

Document ID : KB000106002
Last Modified Date : 11/07/2018
Show Technical Document Details
Issue:
Trying to edit ACF2 account properties from IM Provisioning Manager or from the IM user console,
fails with LDAP error code 80 : LDP0500E Error issuing LIST xxxx with R_Admin,
return code=17305604 failed to lookup acf2UserOMVS=xxxx,acf2lid=xxxx,acf2admingrp=lids,host=yyyy,o=zzzz,c=no
Environment:
IM 12.6.x. 
CA ACF2 v2 endpoint. 
CA LDAP r15 (slapd 15.2014.1120). 
CA ACF2 REL 16 /MVS SP7.2.1. 
Cause:
The slapd.log on USS also shows this LDP0500E error for the following couple of commands:
SET PROF(USER) DIV(OMVS)
LIST xxxx

We fail to retrieve the OMVS segment information of this user profile.
Resolution:
Out of IM product the following LDAP request also fails with LDP0500E error.
ldapsearch -LLL -h TARGET -p PORT -D "cn=PROXY_ID" -w PROXY_ID_PWD -b "acf2UserOMVS=xxxx,acf2lid=xxxx,acf2admingrp=lids,host=yyyy,o=zzzz,c=no" -s base

The PROXY_ID did not have enough rights to edit OMVS segment information of user profiles.
The mainframe team provided the Client with a stronger PROXY_ID allowing to edit OMVS data for any ACF2 IDs.
Once they changed their proxy admin ID (with the appropriate rights) and related password into the endpoint (ACF2_BV_v2) definition from IM Provisioning Manager UI, the issue was fixed.