While using LDAPSync receive object already exists error

Document ID : KB000085104
Last Modified Date : 14/04/2018
Show Technical Document Details
Issue:
Error Message :
2017-08-30 08:52:49.113 [main] c.a.s.l.a.AEService ERROR An object named 'ABD/SBB01' already exists
com.automic.sara.ldapsync.exceptions.SynchronizationException: An object named 'ABD/SBB01' already exists

When using LDAPSync, an error similar to the one above is displayed in the log file for the LDAPSync or the report of the Job where the LDAPSync is running.

Investigation

This issue can occur when a User does not exist in the Client that you are attempting to sync (such as Client 200), but it does exist in Client 0. The reason for this is that the process of the LDAPSync software when syncing a new user from Active Directory (AD) to the Automation Engine (AE) is:
  • Create User in Client 0.
  • Then move the User to the configured client.
The message shown below when found in the log file means that there are existing user(s) with same name/department in client 0.

com.automic.sara.ldapsync.exceptions.SynchronizationException: An object named 'ABD/SBB01' already exists

In other words, the LDAPSync process to synchronize new users from AD to AE should be to: 
  • Create User from client 0. 
  • Then move user created in step 1 to a configured client, such as client 200. 
Additional Information

1) What is the responsibility of the User Cache?
  • The Primary Worker Process (PWP) is processing login's and sending updates to the Worker Processes (WP's).

2) What exactly happens during an LDAP Login?LDAP => PWP connects to LDAP server and provides credentials
  • LDAP => OK /NOK
  • LDAPS/Kerberos => Java Worker Process (JWP) processes the credentials verification
  • If 3rd party system can not be reached, the provided password (pwd) is matched against the last successful login to the AE system.
3) How can the Login Process be influenced?
  • Create a custom pwd exit
Environment:
OS Version: N/A
Cause:
Cause type:
Configuration
Root Cause: Configuration issue from within Client 0. If the user cannot be created so that it can be moved to the appropriate Client, this error message can occur.
Resolution:
Remove the user from Client 0 and re-run the LDAPSync. If this does not resolve the issue, run the following command and provide Automic support with the following information:
 
java -jar LDAPSync.jar -cl "1000" -l TRACE

Once this has been accomplished, please send Automic the latest Trace file from the LDAPSync for further investigation.

Fix Status: No Fix

Fix Version(s):
N/A
Additional Information:
Workaround :
N/A