User in different department is deactivated by LDAPSYNC


Article ID: 84568


Updated On:


CA Automic Workload Automation - Automation Engine


Error Message :

ARA users are deactivated by LDAPSYNC even if they are not configured within the LDAPSYNC scope.

If there are multiple child domains set up for specific regions (e.g. EUROPE,JAPAN, APAC) and they also have the same user defined for a different domain (e.g. USER/EUROPE or USER/JAPAN), the user in the other region may be impacted when changes are made for a different domain.

In the client configuration file we have this parameter:
<AE userDomain="EUROPE" autoDeactivateUsers="true" />

When the LDAPSync is executed with the Domain EUROPE, any user in domain JAPAN will not be able to see the Release Automation perspective.



Cause type:
Root Cause: ARA users were deactivated by LDAPSYNC even if they were not configured within the LDAPSYNC scope. When removing an LDAP user connected to an ARA user and running LDAPSync afterwards, all ARA users with the same name and user group, assigned to different departments and whose AE accounts were configured to connect to LDAP were deactivated and removed from the user group.


Release: WAASER99000-1.0-Automic Workload Automation-Services


Update to a fix version listed below or a newer version if available.

Fix Status: Fixed

Fix Version(s):
LDAPSync 2.2.0 - Available
LDAPSync 2.1.1 - Available
LDAPSync 2.0.4 - Available
LDAPSync 1.0.9 - Available

Additional Information

Workaround :
In the client configuration file set:
<AE userDomain="EUROPE" autoDeactivateUsers="false"/>