000016608 - LDAP failure  Selected user name is already in use with a different distinguished name.

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000016608
IssueLDAP failure, Selected user name is already in use with a different distinguished name.

Failure shows this error message, generally for multiple users.:


11/20/2011 10:47:28 PM System.Exception: Selected user name (uid2001) is already in use with a different distinguished name (CN=uid2001,OU=Users,OU=Corp,DC=mycorp,DC=com). If you would like to update this user, delete the value for distinguished name in the Archer database and run the sync again.


Sync appears to work, but the results don't show up in Archer

Resolution

To "simply fix it", you can run the following statement to blank out all of the DN's which will cause the synch process to populate them the next time it is run.


UPDATE tbluser


      SET distinguished_name = ''


        WHERE is_sysadmin = 0


          AND is_service = 0


          AND is_datafeed_service = 0


This will allow the process to basically "reset" all of the distinguished names.
===================================================================
There is also a SQL scheduled maintenance job that can be implemented (you will need to have dbo access or greater to the msdb database to implement).  The script is as follows:


DECLARE @JobID BINARY(16)


DECLARE @ReturnCode INT


DECLARE @dbName VARCHAR(250)


DECLARE @jobName VARCHAR(250)


SELECT @ReturnCode = 0,


@dbName = DB_NAME(),


@jobName = DB_NAME() + ' - ' + 'Archer Distinguished Name Maintenance'


IF (SELECT COUNT(*) FROM msdb.dbo.syscategories WHERE name = 'Archer Maintenance Tasks') < 1


BEGIN


EXECUTE msdb.dbo.sp_add_category @name = 'Archer Maintenance Tasks'


END


SELECT @JobID = job_id


FROM msdb.dbo.sysjobs


WHERE name = @jobName


IF (@JobID IS NOT NULL)


BEGIN


EXECUTE msdb.dbo.sp_delete_job @job_name = @jobName


SELECT @JobID = NULL


END


EXECUTE msdb.dbo.sp_add_job @job_id = @JobID OUTPUT , @job_name = @jobName, @owner_login_name = N'sa', @description = 'This job This job clears the distinguished names prior to the run of the LDAP synchs. ', @category_name = 'Archer Maintenance Tasks', @enabled = 1, @notify_level_email = 0, @notify_level_page = 0, @notify_level_netsend = 0, @notify_level_eventlog = 2, @delete_level= 0


EXECUTE msdb.dbo.sp_add_jobstep @job_id = @JobID, @step_id = 1, @step_name = @jobName, @command = N'UPDATE tbluser SET distinguished_name = '''';', @database_name = @dbName, @server = N'', @database_user_name = N'', @subsystem = N'TSQL', @cmdexec_success_code = 0, @flags = 0, @retry_attempts = 0, @retry_interval = 0, @output_file_name = N'', @on_success_step_id = 0, @on_success_action = 1, @on_fail_step_id = 0, @on_fail_action = 2


EXECUTE msdb.dbo.sp_update_job @job_id = @JobID, @start_step_id = 1


EXECUTE @ReturnCode = msdb.dbo.sp_add_jobschedule @job_id = @JobID, @name = @jobName, @enabled = 1, @freq_type = 8, @active_start_date = 20130413, @active_start_time = 20000, @freq_interval = 64, @freq_subday_type = 1, @freq_subday_interval = 0, @freq_relative_interval = 0, @freq_recurrence_factor = 1, @active_end_date = 99991231, @active_end_time = 235959


EXECUTE msdb.dbo.sp_add_jobserver @job_id = @JobID, @server_name = N'(local)'


GO

NotesThe sync will need to be ran twice for 5.x environments if group syncs are being used.
Legacy Article IDa58433

Attachments

Outcomes