Can someone please explain what the "association-ref" with a RACF group is
all about?

Page 30 of the "Novell NsureTM Identity Manager Driver for MVS* RACF* v1.0
IMPLEMENTATION GUIDE" states:
"If a DirXML-RACF-groups attribute is present.... For an add-attr,
remove-value,
or add-value element, if there is no association-ref, the value is
discarded."

What is the "association-ref" that is being referred to here?
Can I provide a dummy value or work around it some how?

I am attempting to add a group to a RACF user and then set it as the
RACF Default Group. However the value for the DirXML-RACF-Groups attribute,
is being discarded, just like the book says.
Note that we are not synchronising groups between eDirectory and RACF.

Here is what we are doing:

1. An eDir user object has a location code attribute (QZPS) which to be
used to
add an existing RACF group ($QZPS) to the associated RACF user.
(The RACF groups have a $ prefix in our environment.)

2. A destination query on the subcriber channel (ie to RACF) is issued to
check
that the RACF group exists and if it does then an attempt made to add:
- the DirXML-RACF-data attribute;
- the DirXML-RACF-groups attribute; and
- the DirXML-RACF-dfltgrp attribute.

3. The Output Transform on the subscriber channel is throwing away the
DirXML-RACF-groups value.

The input to the Output Transformation:
==========================
<?xml version="1.0" encoding="UTF-8"?><nds>
<input>
<modify class-name="User" event-id="FST655#20060607084156#1#2"
qualified-src-dn="O=Users\CN=XY99930" src-dn="\PEACH\Users\XY99930"
src-entry-id="41694" timestamp="1149728627#2">
<association state="associated">USER\XY99930</association>
<modify-attr attr-name="DirXML-RACF-data">
<remove-value>
<value timestamp="1149669716#2" type="string">GGPS</value>
</remove-value>
<add-value>
<value timestamp="1149728627#2" type="string">QZPS</value>
</add-value>
</modify-attr>
<modify-attr attr-name="DirXML-RACF-groups">
<add-value>
<value type="string">$QZPS</value>
</add-value>
</modify-attr>
<modify-attr attr-name="DirXML-RACF-dfltgrp">
<add-value>
<value type="string">$QZPS</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
=============================

The output from the Output Transformation:
=============================
RACFIDENT-May2006 : Applying XSLT policy.
RACFIDENT-May2006 : Policy returned:
RACFIDENT-May2006 :
<nds>
<input>
<modify class-name="User" event-id="FST655#20060607084156#1#2"
qualified-src-dn="O=Users\CN=XY99930" src-dn="\PEACH\Users\XY99930"
src-entry-id="41694" timestamp="1149728627#2">
<association state="associated">USER\XY99930</association>
<modify-attr attr-name="DirXML-RACF-data">
<remove-value>
<value timestamp="1149669716#2" type="string">GGPS</value>
</remove-value>
<add-value>
<value timestamp="1149728627#2" type="string">QZPS</value>
</add-value>
</modify-attr>
<modify-attr attr-name="DirXML-RACF-dfltgrp">
<add-value>
<value type="string">$QZPS</value>
</add-value>
</modify-attr>
<modify-attr attr-name="DirXML-RACF-groups">
<add-value/>
</modify-attr>
</modify>
</input>
</nds>
===================================

Cheers,
Mike.