LDAP Sync 2.0 not syncing ARA groups

Document ID : KB000084492
Last Modified Date : 14/04/2018
Show Technical Document Details
Issue:
Affects Release version(s): 2

Error Message :
N/A

When syncing Users and User Groups from Active Directory (AD) to Automic Release Automation/Automic Workload Automation (ARA/AWA), everything seems to work fine. New users are created.  Group memberships are updated  when viewed from the Automic Web Interface (AWI).

However, when the new users login from the AWI, they do not see the ARA perspective and lack the correct permissions. Only after editing a minor detail of the user and saving it within the AWI can the user logon and see ARA, etc.  This is because the permissions are synced after the change.

Investigation

1) Set up ARA and enable LDAP authority

2) Configure LDAP sync to map ARA/AWA groups with LDAP groups

3) Execute the LDAP sync -> new users will be created, their group memberships from AD will be added to Automic.  You can verify this from the AWI.

4) Log on with a newly created User (synced AD user)

Results

Actual:  User cannot see the ARA-perspective.

Expected:  User can see ARA-perspective and has the correct permissions as indicated by their assigned user groups.



 

Environment:
OS Version: N/A
Cause:
Cause type:
Defect
Root Cause: Caused by the incorrect construction of ARA username in the LDAPSync Jar file. The incorrect username caused user mismatch between ARA and AE, so LDAPSync was not able to synchronize Active Directory (AD) with ARA.
Resolution:
Update to a fix version listed below or a newer version if available.

Fix Status: Released

Fix Version(s):
LDAPSync 2.0.4 - Available
Additional Information:
Workaround :

1) Export the ARA User Groups related to this user using the following command:

ImportExportCLI export -con URL -usr USER -pw PASSWORD -mt UserUserGroupRelation -format csv -where "system_user.system_name eq 'NEWUSER'"


2) With an Admin User in the ARA client, edit this new user object (e.g. take away the LDAP flag and add it again), then save the user object.

3) Log on with the newly created, modified user and everything works correctly.