SecurID® Knowledge Base
Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.
Article Number
000036470
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
Issue
This article explains how to exclude RSA Authentication Manager from picking up disabled user accounts data from the Microsoft LDAP directory so that the clean-up of unresolvable users job will run correctly.
Resolution
Follow the steps below:
Image description
Image description
Image description
- Login to the Operations Console of the primary Authentication Manager instance.
- Click Deployment Configuration > Identity Sources > Manage Existing.
- When prompted, enter the super admin user ID and password
- Click the context arrow for the identity source in question and select Edit.
Image description- Click the Connection(s) tab or the Map tab to view the properties of the external identity source:
Image description- Scroll down to the Directory Configuration - Users section and modify the default search filter from (&(objectClass=User)(objectcategory=person)) to the string below:
(&(objectClass=User)(objectcategory=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
Image description- Once done, click Save and Finish for the changes to take effect.
- Login to the Security Console for the primary.
- Verify that the disabled user accounts from the Microsoft LDAP Directory are filtered.
Notes
For steps on how to create a new identity source, please see article 000033238 - How to create an external LDAP identity source in RSA Authentication Manager 8.1.
In this article
