000033805 - RSA Archer Users are getting inactivated from LDAP sync after being removed from all groups and next sync does not activate them

Document created by RSA Customer Support Employee on Aug 23, 2016Last modified by RSA Customer Support on Apr 26, 2019
Version 5Show Document
  • View in full screen mode

Article Content

Article Number000033805
Applies ToRSA Product Set: Archer
RSA Version/Condition: All
  • LDAP User is not getting activated by LDAP Synch.
  • Attempts to use the Reactivation option in the LDAP Configuration is not working.
  • When a LDAP User is moved in Active Directory, the distinguished name value is not updated or causes conflict.  Clearing the distinguished_name column in the Instance database does not resolve issue either.
  • Have to manually activate an LDAP User after LDAP Synch fails to activate.
  1. Open the LDAP Configuration.
  2. From the General tab, click the Get Attributes button to get list of attributes.
  3. Select the Data Sync tab.
  4. Enable the Reactivation option.
  5. For ReactivateAttribute, select sAMAccountType.
  6. For Operator, select equals.
  7. For ReactivateValue, add 805306368.
     NOTE: The number represents a User object in Active Directory.

User-added image