000020263 - LDAP synchronization not deleting users imported using sdaceldap command line tool

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000020263
Applies ToLightweight Directory Access Protocol (LDAP)
sdaceldap
LDAP Synchronization job (sdldapsync)
RSA ACE/Server 5.1 (no longer supported as of 7-14-2006)
IssueLDAP synchronization not deleting users imported using sdaceldap command line tool
CauseThe new automated utility associates LDAP users with a job number while sdaceldap did not
ResolutionTo correct this issue, run sdaceldap compare once in ACE/Server 5.1 to clean up users that were deleted from LDAP. The affected users are only those deleted after the last synchronization using sdaceldap and the first synchronization using the job scheduler.

Once the job scheduler is run, any users that still exist in LDAP will be added to that job and will be maintained by that job exclusively. If the user is not found in LDAP, it is not assumed the user is deleted since they may have been added through a different query. Make sure you run sdaceldap using the original query used to import the users.

NOTE: RSA Security recommends all customers using ACE/Server 5.1 transition their LDAP synchronization jobs to the new automated utility
Legacy Article IDa15558

Attachments

    Outcomes