All accounts being disabled within a minute of being enabled

book

Article ID: 210721

calendar_today

Updated On:

Products

CA Agile Central On Premise (Rally)

Issue/Introduction

All accounts in the on-premise appliance are disabled within one minute of being enabled, with the exception of subscription administrator accounts.

The ldap.log shows the following entries repeatedly once every minute:

2021-03-12 15:04:06,824 INFO  [LDAPUserProvisioningController] - Received provisioning reset request
2021-03-12 15:04:06,886 ERROR [LDAPUserProvisioningController] - Unable to disable all users

 

Cause

This can be caused when there is a user account within Rally that the LDAP synchronization routine is unable to update.

Environment

Release : 2.0+

Resolution

To locate the potential user, access the user management page within Rally

Set up a filter to show the following criteria:

Disabled = No

Subscription Permission != Subscription Admin

This should reveal the user account that the routine is unable to update

Edit the user ID and try to set the account to Disabled

If there is an error, note the field that is referenced in the error

Change the value in the field referenced in the error

 

For example, in the following screenshot, the error indicates that the On-Premise LDAP User Name contains a non-unique value:

To resolve this, change the On-Premise LDAP User Name of janedoe01 to another value such as janedoe02

Attachments