Environment
Filr 4
Situation
In some cases, an employee may leave the organization, and the user object is then removed from eDirectory. If the employee then returns to the organization, the system administrator will add a new user object for the returning employee. In this case, the user will appear as disabled in the Filr administrator's view of Filr users.
A problem arises because the user object, while removed and recreated in eDirectory, was never removed from the Filr appliance, and the Filr LDAP import process will not import the "new" user because the user already exists in the Filr database.
Examining the Filr server's appserver.log, an error is genereated during the LDAP syncronization, such as:
Cannot create user 'JDoe" with dn='cn=JDoe,o=novell' and ldapGuid='aa436e3004016f4ca2a0aa436e300401' because a user with the same name already exists in the database.
Resolution
1. In your browser, open the Filr 9443 interface and login as user "vaadmin".
2. Under the "Filr Appliance Tools" section, click on the PostgreSQL "Configuration" icon to open the pgpPgAdmin tool.
3. Login to PostgreSQL using the "postgres" username and password.
4. Expand the "filr" Database.
5. Click on the "Tables" button.
6. Click on the "ss_principles" table.
Optionally, click on the "Browse" tab to more easily find the user object.
Optionally, click on the "name" column to sort the users by name, to more easily find the user object.
7. Locate the user and click on "Edit" button in the "Actions" column.
8. Locate the "ldapguid" field, and delete the value.
9. Scroll to the bottom of the page and click on the "Save" button.
10. Exit the PostgreSQL tool.
11. Return to the port 8443 administration console and run the LDAP synchronization again. The user will be imported as expected.
Cause
Filr LDAP import of the user fails due to a mismatch between the user's GUID in Filr and their GUID in eDirectory.