| Article Number | 000036470 |
| Applies To | RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x |
| Issue | This article explains how to exclude RSA Authentication Manager from picking up disabled user accounts data from the Microsoft LDAP directory so that the clean up of unresolvable users job will run correctly. |
| Resolution | Follow the steps below:
- Login to the Operations Console of the primary Authentication Manager instance.
- Click Deployment Configuration > Identity Sources > Manage Existing.
- When prompted, enter the super admin user ID and password
- Click the context arrow for the the identity source in question and select Edit.
- Click the Connection(s) tab or the Map tab to view the properties of the external identity source:
- Scroll down to the Directory Configuration - Users section and modify the default search filter from (&(objectClass=User)(objectcategory=person)) to the string below:
(&(objectClass=User)(objectcategory=person))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
- Once done, click Save and Finish for the changes to take affect
- Login to the Security Console for the primary.
- Verify that the disabled user accounts from the Microsoft LDAP Directory are filtered.
|
| Notes | For steps on how to create a new identity source, please refer to article 000033238 - How to create an external LDAP identity source in RSA Authentication Manager 8.1. |
on Jul 13, 2018
