000021223 - ACE/Server LDAP synchronization: Recovering users that were auto-deleted by filter

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000021223
Applies ToRSA ACE/Server 5.2
RSA ACE/Server 5.1 (no longer supported as of 7-14-2006)
Microsoft Active Directory
IssueACE/Server LDAP synchronization: Recovering users that were auto-deleted by filter
ACE/Server database contained multiple users created by LDAP synchronization. Directory Server Administrator changed container information for users. LDAP synchronization configured to auto-delete non-existent LDAP users by filter. When the sync job ran, the users were deleted. They were subsequently re-entered with different LDAP container information and no token association.
CauseWhen selecting auto-delete non-existent LDAP users by filter, the hierarchy of container information must match for the ace user. Otherwise, they will be deleted.
ResolutionA log file titled ldapsync.log is kept each time a job runs in the directory or folder ace/data/ldapjobs/job_#. There is also a token dump file created there of the deleted users. In this specific instance, the existing ace user must be deleted before importing the token dump file. User from token dump file will not overwrite and existing ace user. The dump file was imported with sdload -f ace/data/ldapjobs/job_#/"filename".dmp -m. Also in this instance, the LDAP information must deleted for these specific users or they would be auto-deleted once again. No group information is retained in a token dump file, so this must be entered manually.
Legacy Article IDa21642

Attachments

    Outcomes