000022235 - How to view users in multiple OUs within RSA ClearTrust

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000022235
Applies ToMicrosoft Active Directory
Microsoft Windows Server 2003
RSA ClearTrust 5.5
IssueHow to view users in multiple OUs within RSA ClearTrust
Trying to manage RSA ClearTrust user objects located in different organization units (OU's). Only users within a single OU are listed in RSA ClearTrust Entitlements Manager (Admin GUI).
CauseUsing Microsoft Active Directory native tools, RSA ClearTrust users are created into a particular OU. Using the RSA ClearTrust Entitlements Manager (Admin GUI), users are created in a different OU as defined within the associated ldap.conf's .baseDN configuration parameter.
ResolutionAlternately, if your user location consists of only one other OU, you can refer to the RSA ClearTrust Installation and Configuration Guide and leverage aux store functionality to configure all users to be viewed within the ClearTrust Entitlements Manager (Admin GUI). Aux store functionality allows new users created within the Admin GUI to be added to the OU as set within the ldap.conf's .baseDN configuration parameters. It also allows users in other OUs created with the Microsoft Active Directory native tools to be seen in the Admin GUI.

Change the value of the cleartrust.data.ldap.user.basedn so it points to an LDAP structure sufficient levels up in the hierarchy tree until all the desired OUs' users are contained. Note that including multiple OU's in the base DN will adversely affect performance.
Legacy Article IDa27577