000035202 - Cannot map attribute error message when trying to map LDAP Description field in RSA Authentjcation Manager 8.2

Document created by RSA Customer Support Employee on Jun 6, 2017Last modified by RSA Customer Support Employee on Jun 6, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000035202
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.2.1
IssueWhen trying to create a user authentication report that would display the Description field from Active Directory, although the attribute is configured correctly and exists in AD, when the attribute is mapped as an identity attribute, the following error displays:
Cannot map attribute description as it does not exist in the physical directory. Choose a valid attribute

User-added image
CauseThis behavior of the Description attribute is for backward compatibility with earlier operating systems because the attribute existed in the SAM APIs before AD existed.  See the Microsoft articile on the Description attribute for more information.
WorkaroundAs a workaround:
  1. Launch the Operations Console.
  2. Select Deployment Configuration > Identity Source > Manage Existing.
  3. Click on the identity source for which you want to map the attribute and from the context arrow select Edit
  4. Go to Map Tab
  5. Disable the option to Validate identity attribute definition mappings against directory schema.
User-added image