|Applies To||RSA Product Set: SecurID|
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
|Issue||Administrators are unable to manage LDAP users, including token assignments, as the users are in a disabled state, shown here:|
|Cause||The account that is being used to bind to the external identity source does not have full read permissions on the user accounts. As a result, Authentication Manager is unable to read the userAccountControl field from the external identity source. This setting flags whether the user account is disabled or not.|
As Authentication Manager cannot determine if the account is enabled or not, for security reasons, it will interpret that the account is disabled.
|Resolution||To resolve this issue,|