Article Number | 000036470 |
Applies To | RSA Product Set: SecurID RSA Product/Service Type: Authentication Manager RSA Version/Condition: 8.x |
Issue | This article explains how to exclude RSA Authentication Manager from picking up disabled user accounts data from the Microsoft LDAP directory so that the clean-up of unresolvable users job will run correctly. |
Resolution | Follow the steps below:
- Login to the Operations Console of the primary Authentication Manager instance.
- Click Deployment Configuration > Identity Sources > Manage Existing.
- When prompted, enter the super admin user ID and password
- Click the context arrow for the identity source in question and select Edit.
- Click the Connection(s) tab or the Map tab to view the properties of the external identity source:
- Scroll down to the Directory Configuration - Users section and modify the default search filter from (&(objectClass=User)(objectcategory=person)) to the string below:
(&(objectClass=User)(objectcategory=person))(!(userAccountControl:1.2.840.113556.1.4.803:=2))
- Once done, click Save and Finish for the changes to take effect.
- Login to the Security Console for the primary.
- Verify that the disabled user accounts from the Microsoft LDAP Directory are filtered.
|
Notes | For steps on how to create a new identity source, please see article 000033238 - How to create an external LDAP identity source in RSA Authentication Manager 8.1. |