search cancel

AE: LDAP Login issue after DN changes

book

Article ID: 203398

calendar_today

Updated On:

Products

CA Automic Workload Automation - Automation Engine

Issue/Introduction

AWI Users can't login anymore into AE after their Distingushed Name in LDAP changes.

As workaround we need to manually sync LDAP for each user currently gets access denied on login.

The DN changes are just like these from 1 to 2:

1) CN=username,OU=Std-Users,OU=Users,OU=Client,OU=DE,DC=domain,DC=com

2) CN=username,OU=Developer,OU=Users,OU=Client,OU=DE,DC=domain,DC=com

 

Is there any modification that should be done in UC_LDAP_domain variables?

 

Environment

Release : 12.x

Component : AUTOMATION ENGINE

Cause

Configuration issue, in the UC_LDAP_domain file, the variable USE_DISTINGUISHED_NAME  was incorrectly set to Y.

Extract from the documentation:

USE_DISTINGUISHED_NAME

Access via DN (distinguished name)

Allowed values: Y and N (default)

  • Y - The connection to the LDAP system is established via DN.

  • N - DN is not used.

Resolution

Modify UC_LDAP_domain and  set USE_DISTINGUISHED_NAME to N so that the DN is retrieved every time a user connects, else the JWP will use the previous outdated one which will fail to bind to the LDAP server.