This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.

Unable to add or manage user in RSA Authentication Manager; getting the error: The specified ID is already in use by unresolveable user within this realm

Article Number

000011632

Applies To

RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 7.1 SP4, 8.x

 

Issue

When an RSA administrator tries to manage a user (for example, when assigning a token), one the following errors display: 
The specified ID is already in use by an unresolvable user within this realm
The specified ID is already in use by un-resolvable user within this realm
Principal with userid already exists in the realm: <username>
Cannot add or manage a user with user ID <UserID>. User IDs must be unique within a deployment. 
This user ID is already in use.
Account is locked out of emergency authentication Error 
This is a read only external LDAP identity Source read-only


 

Resolution

There could be multiple reasons for these errors to display.
  1. There are multiple entries for the same user in different identity sources.  To check this, run a search for the specific user ID across all identity sources:
    1. Login to to the Security Console.
    2. Select Identity > Users > Manage Existing.
    3. Under Search Criteria, click on Search for users across all identity sources.
    4. Enter the user ID and run the search.
    5. If you get multiple results for the same user, delete all of them except for the required user entry.
  2. An issue with an unresolvable user in the LDAP.  To check this, 
    1. Generate a report of Users and Groups No Longer in Identity Source (Reporting > Reports > Add New > Users and Groups No Longer in Identity Source), selecting the correct external identity source when configuring the report. 
    2. Confirm the users listed in the report. 
    3. If using RSA SecurID Appliance 3.0 SP4, select Setup > Identity Sources > Clean Up Unresolvable Users.
    4. If using RSA SecurID Appliance 3.0 SP2, select  Setup > General > Component Configuration.
    5. If using Authentication Manager 8.1, select Setup >  Identity SourcesClean Up Unresolvable Users.
    6. Synchronize with Identity Source field.
    7. Select Force system to delete all users and groups from the internal database that no longer exist in the external identity source.
  3. If the cleanup does not remove the unresolvable user, modify the LDAP identity source mapping to exclude the user.  If you had a user named Jane Smith in your external identity source whom you could not manage or delete, do the following:
    1. Open the Operations Console and navigate to Deployment Configuration > Identity Sources > Manage Existing.  
    2. From the drop down next to the affected identity source name, choose Edit.  
    3. Click on the Map tab.  
    4. Scroll to the Directory Configuration - Users section.
    5. Change the default search filter from what is shown here:
(&(objectClass=User)(objectcategory=person))
to this:
(&(objectClass=User)(objectcategory=person)(!(samAccountName=<user name>)))
where, <user name> is the name of the affected user.  For example,
(&(objectClass=User)(objectcategory=person)(!(samAccountName=Jane.Smith)))
  1. Redo the steps in Item 2, to run the cleanup for unresolveable users and remove or clean up any entries for Jane Smith that you could not remove before.  When done, remove the filter in your LDAP map, changing it back to:
(&(objectClass=User)(objectcategory=person))
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2020-12-12 07:00 PM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.