000022074 - How to set cleartrust.data.ldap.auxuser.default_private to false so RSA ClearTrust Administrators can see users outside their administrative group

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000022074
Applies ToRSA ClearTrust LDAP Data Adapter
IssueHow to set cleartrust.data.ldap.auxuser.default_private to false so RSA ClearTrust Administrators can see users outside their administrative group
ldap.auxuser.default_private parameter not effective when false
When cleartrust.data.ldap.auxuser.default_private is set to false, users who were not added through the Entitlements Manager are not visible outside of their administrative group, per the parameter's description in ldap.conf
CauseWhen the ldap.conf file parameter add_to_default_admin_group is set to false, all users not explicitly assigned to an administrative group are implicitly assigned to the Default Administrative Group. For these implicit members of the Default Administrative Group, the default_private parameter further specifies if the users are public (default_private=false, the user can be viewed by administrators of other groups) or private  (default_private=true, the user can not be viewed by administrators of other groups).

The default_private parameter value was ignored for user entries stored in an auxiliary store.
ResolutionThis issue has been resolved in a hot fix for RSA ClearTrust 5.5.3. Contact RSA Security Customer Support to obtain hot fix 5.5.3.24, or request the latest fix level (which is cumulative, and contains fixes from previous fix levels).
Legacy Article IDa26619

Attachments

    Outcomes