000012602 - Authentication Manager 7.1.4 and APP 3.0.4: Unable to link an AD ldap group to a restricted agent  'Operation failed because data was updated concurrently by another user. Reload data and try again'

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000012602
IssueAuthentication Manager 7.1.4 and APP 3.0.4: Unable to link an AD ldap group to a restricted agent, "Operation failed because data was updated concurrently by another user. Reload data and try again"
When trying to add an AD ldap group to a restricted agent, the following error appears:

There was a problem processing your request.

Operation failed because data was updated concurrently by another user.  Reload data and try again.
CauseWhile the data could be legitimately locked in the backend identity source, in this instance, when the group in question has been dragged and dropped from one ou to another ou,  the guid that the ldap group contains is incorrect, thus orphaning the guid in oracle. In this instance, the guid must be purged and recreated (this happens automatically when the old guid is removed).
ResolutionTo check for this occurance, run the report "Users and user groups missing from the identity source" report (Reporting->reports->add new, locate the "Users and user groups missing from the identity source template, assigning the report an appropriate and unique name, and also selecting the AD identity source in question for criteria, then run the report).  Once the report completes, look for the groups distinguished name that is causing issues, and compare it to the actual distinguished name in AD. If they differ, run the Identity source clean up job.

To correct this issue, in the security console, select Setup->Identity Sources->Schedule cleanup, select all criteria to run the job, insuring to select the proper identity source where the   Once the cleanup is complete, rerun the report to insure it does not appear on the orphaned guid report.  Once cleared, you can add the group to the restricted agents access list.
Legacy Article IDa60126

Attachments

    Outcomes