LDAP - Synchronize New and Changed Users activates and modifies locked users who do not have the External Authenticaiton box checked

Document ID : KB000055104
Last Modified Date : 14/02/2018
Show Technical Document Details


When the 'LDAP - Synchronize New and Changed Users' job is executed, it activates and modifies users who do not have the external authentication box checked and are locked.

Steps to Reproduce:
1. Turn on LDAP with the Allow non-ldap users option switched on.
2. Create a user in Clarity who exists in the Clarity group.
3. Lock that user and ensure that the External authentication box is not checked.
4. Remove the row from the CMN_DIRECTORY_SERVER table if this is not the first time you are running the job.
5. Modify a field for the user on the ldap side. Choose a field like last name, first name, or email address that is mapped to a PPM field.
6. Run the LDAP - Synchronize New and Changed Users job.

Expected Result: Since the user's External Authentication box is unchecked, the user should not be modified nor activated.
Actual Result: The user in the application is modified and activated.


'LDAP - Synchronize New and Changed Users job' job synchronizes LDAP records with CA PPM records by synchronizing the users you add to the LDAP "CA PPM" group and making them active on the CA PPM server. 

Refer to the current Installation Guide - 'LDAP Synchronization' section for more information on this job.