Why do I see Orphaned Users in EEM? How do they become orphaned?
An orphaned user is an application user whose corresponding global user does not exist in the directory (MDB or external). A user can become orphaned under the following circumstances:-
- When EEM is connected to CA-MDB:
- When we add an application user and then switch EEM to connect to an external LDAP directory where the user does not exist in that.
- When we manually delete the user but do not delete its application details from the MDB.
- When EEM is connected to an External Directory:
- When we add an application user and then switch EEM to connect to the CA-MDB where the user does not exist in that.
- When we manually delete the user from the External Directory (LDAP), but do not delete its application details.
This happens because application user details are always stored in the MDB, irrespective of whether the EEM user store is the CA MDB or an external LDAP directory. So, when we switch references in EEM, the application details can be accessed in both the cases. However, the "global user", which the application details are referring to, might not exist in both the directories. So when we switch the reference in EEM, if the global user cannot be found in the new directory, then the user becomes orphaned.