User in different department is deactivated by LDAPSYNC

book

Article ID: 84568

calendar_today

Updated On:

Products

CA Automic Workload Automation - Automation Engine

Issue/Introduction

Error Message :
N/A

ARA users are deactivated by LDAPSYNC even if they are not configured within the LDAPSYNC scope.

If there are multiple child domains set up for specific regions (e.g. EUROPE,JAPAN, APAC) and they also have the same user defined for a different domain (e.g. USER/EUROPE or USER/JAPAN), the user in the other region may be impacted when changes are made for a different domain.

In the client configuration file we have this parameter:
<AE userDomain="EUROPE" autoDeactivateUsers="true" />

When the LDAPSync is executed with the Domain EUROPE, any user in domain JAPAN will not be able to see the Release Automation perspective.


 

Cause

Cause type:
Defect
Root Cause: ARA users were deactivated by LDAPSYNC even if they were not configured within the LDAPSYNC scope. When removing an LDAP user connected to an ARA user and running LDAPSync afterwards, all ARA users with the same name and user group, assigned to different departments and whose AE accounts were configured to connect to LDAP were deactivated and removed from the user group.

Environment

Release: WAASER99000-1.0-Automic Workload Automation-Services
Component:

Resolution

Update to a fix version listed below or a newer version if available.

Fix Status: Fixed

Fix Version(s):
LDAPSync 2.2.0 - Available
LDAPSync 2.1.1 - Available
LDAPSync 2.0.4 - Available
LDAPSync 1.0.9 - Available

Additional Information

Workaround :
In the client configuration file set:
 
<AE userDomain="EUROPE" autoDeactivateUsers="false"/>