000036470 - How to exclude RSA Authentication Manager 8.x from picking up disabled user account data from the Microsoft LDAP directory

Document created by RSA Customer Support Employee on Jul 13, 2018
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000036470
Applies ToRSA Product Set:  SecurID
RSA Product/Service Type:  Authentication Manager
RSA Version/Condition:  8.x
IssueThis article explains how to exclude RSA Authentication Manager from picking up disabled user accounts data from the Microsoft LDAP directory so that the clean up of unresolvable users job will run correctly.
ResolutionFollow the steps below:
  1. Login to the Operations Console of the primary Authentication Manager instance.
  2. Click Deployment Configuration > Identity Sources > Manage Existing.
  3. When prompted, enter the super admin user ID and password
  4. Click the context arrow for the the identity source in question and select Edit.

User-added image


  1. Click the Connection(s) tab or the Map tab to view the properties of the external identity source:

User-added image


  1. Scroll down to the Directory Configuration - Users section and modify the default search filter from (&(objectClass=User)(objectcategory=person)) to the string below:

(&(objectClass=User)(objectcategory=person))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
 


User-added image


  1. Once done, click Save and Finish for the changes to take affect
  2. Login to the Security Console for the primary.
  3. Verify that the disabled user accounts from the Microsoft LDAP Directory are filtered.
NotesFor steps on how to create a new identity source, please refer to article 000033238 - How to create an external LDAP identity source in RSA Authentication Manager 8.1.

Attachments

    Outcomes