|Applies To||RSA Authentication Manager 7.1|
|Issue||Principal with userid already exists in the realm:jsmith|
Error during addition or registration of user: the userid already exists in the realm
This error message is displayed in situations where RSA Authentication Manager (AM71) recognizes that there is a clash in userid values in the system. This can occur in a number of different ways and depending on the specific situation there are a variety of alternatives. Here are a few commonly seen examples of how this problem can occur (although not specified here all the examples are specific to a single realm configuration):
In all the above examples, the problem will occur where the user either exists or is being created in more than one single identity source; standard LDAP administration does not allow duplicate users within a single system but there is no way avoid the potential issue when accessing multiple sources (note that this can include the internal database).
This is not an actual error or fault with RSA Authentication Manager 7.1, the system is doing exactly as intended and is stopping potential security issues where, unknowingly, an administrator may give a restricted privilege to the wrong user.
|Resolution||PDF with specific LDAP filter for the userID if Clean-up cannot find. This happens when userID gets a new GUID, as when they are deleted then re-created in AD|
Depending on the particular circumstances there are a number of ways to address this type of issue.
Manually change the userids
Map users with email addresses
Allow duplicate userids (note: this is relevant for administrative logins, not for agent authentications)
Fix a wrongly created user
Run the background task to 'Synchronize with Identity Sources'
SP4 updated information
the second option is more thorough, but requires knowing the time on the Primary, and setting the cleanup to happen in the future.
See also Principal with userid already exists in the realm
|Legacy Article ID||a41797|