000035202 - Cannot map attribute error message when trying to map LDAP Description field in RSA Authentication Manager 8.2

Document created by RSA Customer Support Employee on Jun 6, 2017Last modified by RSA Customer Support on Mar 11, 2019
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000035202
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.2.1

IssueWhen trying to create a user authentication report that would display the Description field from Active Directory, although the attribute is configured correctly and exists in AD, when the attribute is mapped as an identity attribute, the following error displays:
Cannot map attribute description as it does not exist in the physical directory. Choose a valid attribute


User-added image
CauseThis behavior of the Description attribute is for backward compatibility with earlier operating systems because the attribute existed in the SAM APIs before AD existed.  See the Microsoft article on the Description attribute for more information.
WorkaroundAs a workaround:
  1. Launch the Operations Console.
  2. Select Deployment Configuration > Identity Source > Manage Existing.
  3. Click on the identity source for which you want to map the attribute and from the context arrow select Edit.
  4. Click on the Map tab.
  5. Disable the option to Validate identity attribute definition mappings against directory schema.
  6. Click Save when done.

User-added image