VIP Enterprise Gateway LDAP sync error: User is already owned by another SyncGroup. Therefore the current LDAPSync will not synchronize this User.
search cancel

VIP Enterprise Gateway LDAP sync error: User is already owned by another SyncGroup. Therefore the current LDAPSync will not synchronize this User.

book

Article ID: 256027

calendar_today

Updated On:

Products

VIP Service

Issue/Introduction

The VIP Enterprise Gateway LDAP sync fails to synchronize a user with the error: "User [email protected] is already owned by another SyncGroup. Therefore the current LDAPSync will not synchronize this User."

Cause

The user already was previously synchronized to the VIP Cloud by a VIP Enterprise Gateway with a different LDAP sync group cluster name. When another VIP Enterprise Gateway LDAP sync runs, it will only update users that match the user store criteria on that VIP EG, and users (1) with a matching sync cluster name attribute or (2) without an assigned sync cluster name attribute. 

Resolution

Important: To prevent accidental changes during an LDAP sync, always run an LDAP Sync simulation after any changes are made to the VIP EG, then review the simulation.log file to see what changes will happen when an actual LDAP Sync occurs. 

To view the cluster ID assigned to a user, put the LDAP sync service logging level into DEBUG mode, then run an LDAP Sync Simulation. All VIP Users and attributes (including the VIP EG cluster ID attribute name and value) are fetched from the VIP Cloud and written to the simulation.log file. Users are separated with brackets { }. Sample:

{\"user\":{\"_id\":\"51234567892A\"\,\"userId\":\"[email protected]\"\,\"userStatus\":\"ACTIVE\"\,\"userAttributes\":[{\"_id\":\"ABFCB4F7E2874269\"\,\"attributeName\":\"_guid\"\,\"attributeValue\":\"VIP_EG\"}

A blank value indicates the user has not been synchronized by an LDAP synchronization. This may be expected for users not validating with VIP through a VIP Enterprise Gateway, such as Azure, ADFS, API calls, etc.  

To update or change the Cluster ID, modify the VIP EG Sync Cluster name to match the value for that user. During the next LDAP sync, that VIP EG will take ownership of VIP users that match the Sync Cluster name and User Store filter criteria. Once complete, change the Sync Cluster ID on the VIP EG to the desired value. During the next LDAP sync, users will be updated with this value. (Use the Synchronize Now button to synchronize 100% of the users in one session. A scheduled LDAP sync will update only the % of users indicated in the LDAP Sync settings.) 

For additional information, see: Configuring multiple instances of the LDAP Directory Sync Service  

 

Powered by Wolken Software