Additional required configuration
Additional configuration is required for RACF® to be able to log changes to a RACF user, group, connection, or
resource profile:
- The SDBM backend must be configured. The SDBM suffix is needed
to create a DN for the change log entry for a modification to a RACF user, group, connection, or
resource profile. SDBM is also needed to retrieve the RACF user's new password or other changed fields.
The following option must be specified in the SDBM section of the
configuration file to allow change log entries to be created for changes
to resource profiles:
enableResources on
- LDAP Program Call support must be enabled in the LDAP server containing
the change log. To do this, add the following option to either the
global section of the configuration file or to the command used to
start the LDAP server:
listen ldap://:pc
Note: This listen parameter for LDAP Program Call support is in addition to any other listen parameters you have specified.
There is no additional configuration needed to log changes to a TDBM, LDBM, or CDBM entry or to
the LDAP server schema entry. If you do not want to create change log entries for changes to entries
within a TDBM, LDBM, or CDBM backend, add the following configuration option to that backend
section. You can add the same option to the GDBM section of the configuration file to stop the
creation of change log entries for changes to the LDAP server schema
entry:
changeLoggingParticipant off