Additional required configuration

Additional configuration is required for RACF® to be able to log changes to a RACF user, group, connection, or resource profile:

• The SDBM backend must be configured. The SDBM suffix is needed to create a DN for the change log entry for a modification to a RACF user, group, connection, or resource profile. SDBM is also needed to retrieve the RACF user's new password or other changed fields. The following option must be specified in the SDBM section of the configuration file to allow change log entries to be created for changes to resource profiles:

  enableResources on

• LDAP Program Call support must be enabled in the LDAP server containing the change log. To do this, add the following option to either the global section of the configuration file or to the command used to start the LDAP server:

  listen ldap://:pc

  Note: This listen parameter for LDAP Program Call support is in addition to any other listen parameters you have specified.

There is no additional configuration needed to log changes to a TDBM, LDBM, or CDBM entry or to the LDAP server schema entry. If you do not want to create change log entries for changes to entries within a TDBM, LDBM, or CDBM backend, add the following configuration option to that backend section. You can add the same option to the GDBM section of the configuration file to stop the creation of change log entries for changes to the LDAP server schema entry:

changeLoggingParticipant off