000011667 - Fields required by SecurID contain invalid characters in Active Directory causing a read only error.

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000011667
Applies ToFields required by SecurID contain invalid characters in Active Directory causing a read only error.
IssueThere was a problem processing your request.
The specified identity source is defined as read-only
The specified identity source is defined as read-only
IA== in an LDAP dump file
 Active directory field contains a valid entry with a trailing space.
CauseActive directory field contains a space and no other value.
Default SecurID required fields in an Identity source:   givenName, initials, sn, samAccountName, mail, comment, unicodePwd, cn

Third party tools have been seen to add entries into Active directory where a field is added with a trailing space or a space value.
This can be seen in Active Directory Users and Computers by clicking in the field. Sometimes there is a space after the value or just a space.

LDAP dump shows a space as IA==   

For example if a users initials field in AD contains just a space character, an LDAP dump will display the initials as: IA==

ResolutionCorrect the field in Active Directory by removing the space.
Legacy Article IDa53352

Attachments

    Outcomes