LDAP query to IM Provisioning Server does not return eTSuspended attribute of Active Directory account
search cancel

LDAP query to IM Provisioning Server does not return eTSuspended attribute of Active Directory account

book

Article ID: 223775

calendar_today

Updated On:

Products

CA Identity Suite

Issue/Introduction

When we send an LDAP query to IM Provisioning Server to find Active Directory account, eTSuspended attribute may not be returned depending on query details.

When we use subtree scope, base DN as endpoint DN, and we have a filter containing (objectClass=eTADSAccount), eTSuspened value is not reurned, even if explicitly requested.

I.e. such request:

ldapsearch -LLL -h <IMPS hostname> -p 20389 -s sub -D "eTGlobalUserName=etaadmin,eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=im,dc=eta" -W -b "eTADSDirectoryName=<AD endpoint name>,eTNamespaceName=ActiveDirectory,dc=im,dc=eta"  "(&(objectClass=eTADSAccount)(eTADSAccountName=<AD account name>))" eTSuspended

does not return eTSuspended

 

 

Environment

Release : 14.x

Component : CA IDENTITY SUITE (VIRTUAL APPLIANCE)

Resolution

Remove (objectClass=eTADSAccount) from LDAP filter.

This issue will be fixed in future IM releases.