search cancel

Switch user between LDAP and IAM database results in 'email already exists'


Article ID: 202533


Updated On:


CA Cloud Test Mobile CA Application Test


Switching userid between the LDAP and the Identity Access Manager (IAM) embedded database results in 'email already exists'.

The following scenario for a particular userid resulted in an error (email already exists) when trying to create the user: 
1) No LDAP integration. The user was created with email in IAM. There was no problem logging in with this user.
2) The user was deleted in IAM.
3) LDAP integration was configured. No problem logging in with the same userid that exists in LDAP.
4) LDAP integration was disabled. As expected, it is no longer possible to login with the userid.
5) Now when trying to create the userid in IAM, and clicking save, there is an error: email already exists

How can the LDAP user email be cleared such that the internal IAM user can be created.


Release : 10.6

Component : CA Service Virtualization


The user details, including email, are stored in the USER_ENTITY table. If you configure an external database for IAM like SQLServer you can use SQL Server Management Studio to inspect the table.
If you are using the embedded IAM database, this data is stored in the IdentityAccessManager/standalone/data directory.
On Linux you could use grep to verify if the email is stored in the file somewhere. Note that this is not a file that can be edited.

You can simply reset the embedded database but you will loose any previously configured users, groups, user federations etc.
To reset the embedded database:
1) Stop the IdentityAccessManagerService
2) Rename the IdentityAccessManager/standalone/data directory
3) Restart the IdentityAccessManagerService
This should recreate the data folder with subdirectories and files and include the standard default users like admin.