LDAP sync button error after upgrade to v21 | No SYNC_LOGIN entry
search cancel

LDAP sync button error after upgrade to v21 | No SYNC_LOGIN entry

book

Article ID: 240136

calendar_today

Updated On:

Products

CA Automic Workload Automation - Automation Engine CA Automic One Automation Automic SaaS

Issue/Introduction

Clicking on the 'Synchronize' button on a user object shows the following message:

Client '0000': LDAP variable 'UC_LDAP_DOMAIN' does not contain a 'SYNC_LOGIN' entry.

Environment

Release : 21.x and above

Component : AUTOMATION ENGINE

Cause

Configuration. Change in behavior in version 21.0.

Resolution

This is a planned change in behavior and the SYNC_LOGIN is now needed in order to utilize the 'Synchronize' button.

Link to the documentation

LDAP Service Availability for Login
In previous versions, the last valid LDAP password was saved in the AE DB to enable a login even if the service was not available at the time. The user passwords saved were also used for the synchronization available in the User object. This behavior is seen as a security issue and is therefore no longer supported.

Now, the LDAP service must be available for the login. Also, to use the Synchronize button in the User object for manual synchronization, a Login object must be assigned. If the LDAP service is not available, the access is denied. For more information, see UC_LDAP_EXAMPLE - LDAP Connection Variable.

Additional Information

Additionally, make sure that the variable DOMAIN_ALIAS is also set in the UC_LDAP_* file in case the Domain is not the same as the Department.

This is also needed on v21 and above

In v21 and above the LDAP settings once correctly specified, should automatically synchronize without the need to run the LDAP Synchronize button.

It's also important to note that when an LDAP user logs in to the AWI, their user information is also synchronized at that time.