We are developing a process to add and remove entries in the X(ROL) records using the CA LDAP Server. Will the enable_refresh_xref Global configuration option caus the X(ROL) records to be refreshed?

Document ID : KB000051028
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

The LDAP Global Configuration enable_refresh_xref Option will cause the F ACF2,NEWXREF,TYPE(ROL) command to be issued when
Cross-Reference Role Group (X-ROL) records are added or changed.

Solution:

In slapd.conf, there are two sections: The global options section, which affects all CAACF2_UTF databases, and the database specific section, which is configured for each security database being accessed.

You specify back-end global options after the CA LDAP Server global options but before any database specific options. The back-end keyword distinguishes back-end global options from the back-end database specific options.

The LDAP Global Configuration enable_refresh_xref option works as follows.

enable_refresh_xref  

Issues an F ACF2,NEWXREF,TYPE(xxx) when configured, where xxx is SGP, RGP or ROL. This is not issued by default.

When altering XREF Cross-Reference records, CA ACF2 needs to have a modify command issued for the changes to take effect. There are three types of XREF reccords Cross-Reference Source Group (X-SGP), Cross-Reference Resource Group (X-RGP) and Cross-Reference Role Group (X-ROL) records. When changes are made to any of the three types of Cross-Reference records the NEWXREF modify command needs to be issued for the corresponding type of record, for example:

F ACF2,NEWXREF,TYPE(SGP)   
F ACF2,NEWXREF,TYPE(RGP)   
F ACF2,NEWXREF,TYPE(ROL)  

If you enable this option, the CA LDAP Server issues one of the above commands for an ADD or MODIFY of one of the three types of XREF Cross-Reference records.

Details on the LDAP Global Configuration enable_refresh_xref option can be found in the CA LDAP Server for z/OS
Product Guide in Chapter 5: CAACF2_UTF Back-end.