Symantec VIP Enterprise Gateway LDAP Sync not synchronizing all users
search cancel

Symantec VIP Enterprise Gateway LDAP Sync not synchronizing all users


Article ID: 150606


Updated On:


VIP Service


LDAP % threshold settings in VIP Enterprise gateway prevents all users from updating to the VIP Cloud


VIP Enterprise Gateway


During an LDAP sync, the VIP Enterprise Gateway fetches a list of all user records in the VIP cloud and a list of all members of all User Stores, then synchronize the difference to the VIP Cloud. To reduce LDAP load and prevent potential unwanted mass changes after a User Store adjustment, the Change Threshold setting limits the number of changes to users in the VIP Cloud during an LDAP synchronization.

For example, the LDAP sync job determines that 1,000 users will be DELETED, 1,000 users UPDATED, and 1,000 users ADDED. In the screenshot above, the Change Threshold will limit the total number of changes to 10% for each operation, or 100 DELETES, 100 UPDATES, and 100 ADDS. 

The rule applies only to scheduled jobs. Clicking the RUN ONCE or SYNCHRONIZE NOW button forces a 100% synchronization of all records.

The Change Threshold does not apply to Administrator Synchronization. 100% changes  

Click Undo Changes to roll back any User Store changes (version 9.9.2 and later)

Important: Always run an LDAP Sync simulation after any User Store changes are made, then review the simulation.log file for any changes that will occur when an actual LDAP sync occurs. (VIP Enterprise Gateway 9.9.0 and later require a successful LDAP simulation prior to starting the LDAP Sync service.)