000014957 - 'Users with fixed passcodes' report takes a long time and does not complete - AM 8.1

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000014957
Applies ToRSA Authentication Manager (AM) 8.1
Users with fixed passcodes.
IssueReport on users with fixed passcodes takes a long time and does not complete.
List all user report takes a long time and does not complete.
CauseThe report on users with fixed passcode is failing due to unnecessary group look up in AD.
Resolution

This issue has been reported in defect AM-28399 and it is resolved in patch 4 for AM 8.1


Please use below given workaround as a temporary solution.


Workaround 1: Run Token Expiration Report and select the option ?Users with Fixed passcodes? and set it to ?yes? from pull down menu.


Workaround 2:
1.Uncheck the box "Enable the use of the MemberOf attribute" in /Identity source/Mapping tab in Operations Console.
   Unchecking the box "Enable the use of the MemberOf attribute" in Operations Console, switches from using memberof, to using the member attribute.
        Membership Attribute. The attribute that contains the DNs of all the users and user groups that are members of a user group.
        User MemberOf Attribute. Enables the system to resolve membership queries by using the value specified for the MemberOf attribute.
        MemberOf Attribute. The attribute of users and user groups that contains the DNs of the user groups to which they belong.


2. Identity source connection configuration: Change the User group Base DN 
    
    from User Group Base DN: DC=Company,DC=net 
    to     User Group Base DN: OU=GROUPS,OU=Development,DC=Company,DC=net   Example: CN=Users,DC=Company,DC=net

3. Launch Operations Console --- > Navigate to Maintenance ---- > Flush cache ---- > Flush cache for all objects
4. Run report on Users with fixed passcode.


Note: In its simplest implementation, Round-robin DNS works by responding to DNS requests not only with a single IP address, but a list of IP addresses of several servers that host identical services. The order in which IP addresses from the list are returned is the basis for the term round robin. RSA Identity Source should be configured with an IP address of a single domain controller. The IP address belonging round robin DNS cannot be used in Identity Source connection configuration.

NotesDefect AM-28399
Legacy Article IDa67398

Attachments

    Outcomes