Automic Workload Automation

 View Only
  • 1.  Automic LDAP autoDeactivateUsers property

    Posted Sep 29, 2020 12:45 PM
    We are currently running Automic Automation Engine 12.3.3 on a RHEL host with an Oracle database.  Our system is configured with LDAPSync, which we have been using for about 4 years.  All new users are given Automic Access through membership in an Active Directory Group.  We execute ldap-sync-2.3.0.jar twice a day to keep AD users in sync with Automic.

    I am having a problem when removing users with LDAP Sync.  The documentation seems to indicate that if you run ldap-sync-2.3.0.jar with autoDeactivateUsers="true",  user objects not found within the specified domain and search filter will be deactivated.  We are not seeing that to be the case.  I have about 50 unique users in several different clients that should be marked as inactive because they are no longer in Active Directory.  LDAP Sync is not identifying these users.

    Anyone else have experience with using autoDeactivateUsers="true" and know how it is supposed to work?

    Thank you,

    -Steve


  • 2.  RE: Automic LDAP autoDeactivateUsers property

    Broadcom Employee
    Posted Sep 30, 2020 06:08 AM
    Hi @conomikessj, AE users are only deactivated when they cannot be found at all in the specified search filter (not when they are removed from all synced groups).

    ------------------------------
    Product Manager - Automation
    CA Technologies, A Broadcom Company
    ------------------------------



  • 3.  RE: Automic LDAP autoDeactivateUsers property

    Posted Sep 30, 2020 12:15 PM
    Thank you Tatjana.  The users I am referring to are not found in the specified search filter.  These users have been removed from AD all together.  It is my understanding these users should be marked as "inactive".


  • 4.  RE: Automic LDAP autoDeactivateUsers property

    Posted Oct 02, 2020 02:37 PM
    I have a new case opened with Automic Support.  I will report back what I find.