All accounts being disabled within a minute of being enabled
search cancel

All accounts being disabled within a minute of being enabled


Article ID: 210721


Updated On:


Rally On-Premise


All accounts in the on-premise appliance are disabled within one minute of being enabled, with the exception of subscription administrator accounts.

The ldap.log shows the following entries repeatedly once every minute:

2021-03-12 15:04:06,824 INFO  [LDAPUserProvisioningController] - Received provisioning reset request
2021-03-12 15:04:06,886 ERROR [LDAPUserProvisioningController] - Unable to disable all users



Release : 2.0+


This can be caused when there is a user account within Rally that the LDAP synchronization routine is unable to update.


To locate the potential user, access the user management page within Rally

Set up a filter to show the following criteria:

Disabled = No

Subscription Permission != Subscription Admin

This should reveal the user account that the routine is unable to update

Edit the user ID and try to set the account to Disabled

If there is an error, note the field that is referenced in the error

Change the value in the field referenced in the error


For example, in the following screenshot, the error indicates that the On-Premise LDAP User Name contains a non-unique value:

To resolve this, change the On-Premise LDAP User Name of janedoe01 to another value such as janedoe02