|Applies To||RSA ACE/Server 5.2|
RSA ACE/Server 5.1 (no longer supported as of 7-14-2006)
Microsoft Active Directory
|Issue||ACE/Server LDAP synchronization: Recovering users that were auto-deleted by filter|
ACE/Server database contained multiple users created by LDAP synchronization. Directory Server Administrator changed container information for users. LDAP synchronization configured to auto-delete non-existent LDAP users by filter. When the sync job ran, the users were deleted. They were subsequently re-entered with different LDAP container information and no token association.
|Cause||When selecting auto-delete non-existent LDAP users by filter, the hierarchy of container information must match for the ace user. Otherwise, they will be deleted.|
|Resolution||A log file titled ldapsync.log is kept each time a job runs in the directory or folder ace/data/ldapjobs/job_#. There is also a token dump file created there of the deleted users. In this specific instance, the existing ace user must be deleted before importing the token dump file. User from token dump file will not overwrite and existing ace user. The dump file was imported with sdload -f ace/data/ldapjobs/job_#/"filename".dmp -m. Also in this instance, the LDAP information must deleted for these specific users or they would be auto-deleted once again. No group information is retained in a token dump file, so this must be entered manually.|
|Legacy Article ID||a21642|