* A suspected update to Top Secret has introduced failures within the TSS LDAP connector.   

    * Creating a user via the TSS LDAP now fails to add the "OMVS-Dflt-Group".

          ex:   TSS ADDTO(<acid?) PROFILE(PDDOEGRP)             
   

The following TSS LDAP errors occur:
  "Error while adding OMVS-Dflt-Group attribute to user 'tssacid=acid,tssadmingrp=acids,host=host,o=thebank,c=us'
Message: [LDAP: error code 80 - LDP2004E Error issuing command with R_Admin, function=1, SAF=8, RACF=16, reason=8(TSS0353E  USER ALREADY ATTACHED TO PROFILE/GROUP)]"

Release : 16.0 of Top Secret

Component : LDAP SERVER FOR Z/OS

The reason for the error is someone attempted to add the same group twice.  This first time as a profile, and the second time as a group.
So the second add fails since it is already there.

First added as a profile:
[01/13|18:16:14.806880|3C15880000000004] conn=1025 op=60 do_add: dn (tssproflist=group,tssacidgrp=group,tssacid=acid,tssadmingrp=acids,host=host,o=thebank,c=us)

which causes LDAP to issue:
TSS ADDTO(acid) PROFILE(profile)
Then when it is added as the default group and fails.
TSS ADDTO(acid) GROUP(group)

The solution is to contact Sailpoint for a fix.  (Fix number was not provided).
The commands to add as a Profile and Group are in the Sailpoint code and the fix is needed to change them to the correct commands.