000017308 - How to remove LDAP DN information from tblUser when RSA Archer accounts are being deactivated because of a DN change in the source LDAP/AD

Document created by RSA Customer Support Employee on Nov 11, 2016Last modified by RSA Customer Support on Nov 10, 2017
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000017308
Applies ToRSA Product Set: Archer
RSA Version/Condition: All
How do you remove LDAP DN information from tblUser when accounts are being deactivated due to a DN change from the source LDAP/AD
Sample error from Failure Detail:

System.Exception: Selected user name (jdoe) is already in use with a different distinguished name (CN=Doe\, John,OU=US Users,DC=corp,DC=emc,DC=com).
If you would like to update this user, delete the value for distinguished name in the Archer database and run the sync again.

NOTE:  As of Archer version 6.2 P5 and later, an option has been added to the Manage LDAP Configuration page, under the Data Sync tab, to clear user DNs before each LDAP sync:
User-added image
ResolutionPeform the steps below.
  1. Go to Manage LDAP Configurations.
  2. Hover the mouse over the LDAP Configuration Name.
  3. Take note of the ID displayed in the lower-right corner.
  4. Run the following SQL command against the Instance database to clear the distinguished_name value for LDAP users. Replace # with ID from step 3.

    UPDATE tblUser SET distinguished_name='' WHERE ldap_config_id = #

Legacy Article IDa65106