User in different department is deactivated by LDAPSYNC

Article Id: 84568
Status: Published
Updated On: 31-07-2020 15:26
Legacy Id: 000013971
Products:
CA Automic Workload Automation - Automation Engine
Issue/Introduction:

Error Message :
N/A

ARA users are deactivated by LDAPSYNC even if they are not configured within the LDAPSYNC scope.

If there are multiple child domains set up for specific regions (e.g. EUROPE,JAPAN, APAC) and they also have the same user defined for a different domain (e.g. USER/EUROPE or USER/JAPAN), the user in the other region may be impacted when changes are made for a different domain.

In the client configuration file we have this parameter:

<AE userDomain="EUROPE" autoDeactivateUsers="true" />

When the LDAPSync is executed with the Domain EUROPE, any user in domain JAPAN will not be able to see the Release Automation perspective.


 

Cause:

Cause type:
Defect
Root Cause: ARA users were deactivated by LDAPSYNC even if they were not configured within the LDAPSYNC scope. When removing an LDAP user connected to an ARA user and running LDAPSync afterwards, all ARA users with the same name and user group, assigned to different departments and whose AE accounts were configured to connect to LDAP were deactivated and removed from the user group.

Environment:

Release: WAASER99000-1.0-Automic Workload Automation-Services
Component:

Resolution:

Update to a fix version listed below or a newer version if available.

Fix Status: Fixed

Fix Version(s):
LDAPSync 2.2.0 - Available
LDAPSync 2.1.1 - Available
LDAPSync 2.0.4 - Available
LDAPSync 1.0.9 - Available

Additional Information:

Workaround :
In the client configuration file set:
 

<AE userDomain="EUROPE" autoDeactivateUsers="false"/>