All accounts in the on-premise appliance are disabled within one minute of being enabled, with the exception of subscription administrator accounts.
The ldap.log shows the following entries repeatedly once every minute:
2021-03-12 15:04:06,824 INFO [LDAPUserProvisioningController] - Received provisioning reset request
2021-03-12 15:04:06,886 ERROR [LDAPUserProvisioningController] - Unable to disable all users
This can be caused when there is a user account within Rally that the LDAP synchronization routine is unable to update.
Release : 2.0+
To locate the potential user, access the user management page within Rally
Set up a filter to show the following criteria:
Disabled = No
Subscription Permission != Subscription Admin
This should reveal the user account that the routine is unable to update
Edit the user ID and try to set the account to Disabled
If there is an error, note the field that is referenced in the error
Change the value in the field referenced in the error
For example, in the following screenshot, the error indicates that the On-Premise LDAP User Name contains a non-unique value:
To resolve this, change the On-Premise LDAP User Name of janedoe01 to another value such as janedoe02