CA Identity Manager Account Synchronization with Account Template produces error
Article ID: 92802
Updated On:
Products
CA Identity Manager
CA Identity Governance
CA Identity Portal
Issue/Introduction
We noticed that the account template synchronization is failing and we need to determine how to fix it. We've attempted to sync from the Provisioning Manager and from the Identity Manager UI. Both resulting in the same issue.
Environment
Release:
Component: IDMGR
Component: IDMGR
Resolution
There can be multiple reasons for this error message. To verify further you need to review either the ETATrans logs or the View Submitted Tasks from the Identity Manager User Interface. Usually the cause is that it's looking for something that doesn't exist on the endpoint.
For Example:
Under the View Submitted tasks you may see an error message like this:
Unable to set Group Membership Attribute: memberOf
Reason:
Group-Membership modification error.
ADD (rc=32) Group: GroupName
Which explains which group it's looking for that is no longer valid. Once the AD team resolves the issue with the missing group the sync should work correctly.
For Example:
Under the View Submitted tasks you may see an error message like this:
Unable to set Group Membership Attribute: memberOf
Reason:
Group-Membership modification error.
ADD (rc=32) Group: GroupName
Which explains which group it's looking for that is no longer valid. Once the AD team resolves the issue with the missing group the sync should work correctly.
Feedback
Yes
No
Powered by
