Unable to pull user record from LDAP

ohhgr
Kilo Sage
Kilo Sage

‎02-17-2016 09:54 PM

Hello All,

Currently I'm facing an issue to pull an user record from LDAP. User's AD account is correct and it satisfies all the conditions pu in the OU filter. However, the record is not pulled from LDAP data source.

I updated the filter, removed all the existing filter conditions and put only sAMAccountName to be the same as that of user, and still it did not return the record. I searched on wiki and found below point.

If newly created users on the LDAP server are not imported into the instance, there might be an issue with the user attributes. The first time the user is identified, if it does not have all the attributes necessary to meet the OU filter requirements, it is flagged as being not valid. The instance ignores the user and does not create a user record.

Also, it couldn't be confirmed if the user record was created with incomplete details or not, but it seems the only possible explanation right now. I wanted to know, if anyone faced similar problem before, and how to mark the record "Valid" again?

Thanks,
Mandar

0 Helpfuls
  • 5,502 Views
16 REPLIES 16

bernyalvarado
Mega Sage
In response to ohhgr

‎02-18-2016 12:29 AM

Hi Mandar



Were you able to see the user record using the LDAP Explorer and the user's DN?



Thanks,


Berny


0 Helpfuls

ohhgr
Kilo Sage
Kilo Sage
In response to bernyalvarado

‎02-18-2016 05:24 AM

Hi Berny,



I am not able to view the user using Browse in LDAP.



Thanks,
Mandar


0 Helpfuls

bernyalvarado
Mega Sage
In response to ohhgr

‎02-18-2016 05:33 AM

Hi Mandar



On those cases, I will sit down with the person administering the AD and have them show me their screen . There needs to be an explanation



One thing you could try on your side is to remove all the attributes you have defined within your LDAP Server definition and try looking up again the user through the LDAP Server.



Thanks,


Berny


Deepak Ingale1
Mega Sage
In response to ohhgr

‎02-18-2016 01:21 AM

Hi Mandar,



Adding to what Berny has already mentioned abut the LDAP Explorer, since you are not able to see the user account in the LDAP, I can sense below possibilities.



1) User account is not yet created in the AD. I would remove this possibility since you already have the samAccountName


2) If user is newly created, it might happen that the DC (Domain Controller) against which you are querying for user account, still does not have account replicated. User account might have been created in other DC in customer network.


ohhgr
Kilo Sage
Kilo Sage
In response to Deepak Ingale1

‎02-18-2016 05:23 AM

Thanks for the reply Deepak, but our AD team confirmed that the user account is correctly created.



I'm really not sure about the point above as per wiki. Is there any way to mark that user "Valid" again? Should I have to raise a HI ticket for this?



Thanks,
Mandar


0 Helpfuls