|Applies To||RSA ClearTrust LDAP Data Adapter|
|Issue||How to set cleartrust.data.ldap.auxuser.default_private to false so RSA ClearTrust Administrators can see users outside their administrative group|
ldap.auxuser.default_private parameter not effective when false
When cleartrust.data.ldap.auxuser.default_private is set to false, users who were not added through the Entitlements Manager are not visible outside of their administrative group, per the parameter's description in ldap.conf
|Cause||When the ldap.conf file parameter add_to_default_admin_group is set to false, all users not explicitly assigned to an administrative group are implicitly assigned to the Default Administrative Group. For these implicit members of the Default Administrative Group, the default_private parameter further specifies if the users are public (default_private=false, the user can be viewed by administrators of other groups) or private (default_private=true, the user can not be viewed by administrators of other groups).|
The default_private parameter value was ignored for user entries stored in an auxiliary store.
|Resolution||This issue has been resolved in a hot fix for RSA ClearTrust 5.5.3. Contact RSA Security Customer Support to obtain hot fix 188.8.131.52, or request the latest fix level (which is cumulative, and contains fixes from previous fix levels).|
|Legacy Article ID||a26619|