AnsweredAssumed Answered

Siteminder Domain shows duplicate user directories mapped to it in the FSS/Admin UI

Question asked by sateeshcse1 on Jan 16, 2019
Latest reply on Jan 17, 2019 by sateeshcse1

We see that duplicate user directories (userdirectory1 shown twice and userdirectory2 shown twice) were tied to the domain. The policy server version we are using is 12.52 SP2 CR01 and we are using ADLDS for policy store database. To be precise we have been doing the configurations under the same domain since 2  years and we have observed yesterday from FSS/Admin UI that duplicate user directories are mapped to the domain and as per our guess it must be like that from last one week as i didn't observe such thing for this domain before one week. However when I try to see when this modification was done based on the policy store backup file (taken using xpsexport), I didn't find any recent date there (it is showing as the year 2017) and I don't see from this policystore xml backup that the duplicate userdirectories are linked to this domain. In the xml file, I see only 2 user directories links (with corresponding XID's) mapped to this domain. As there are many policies configured under this domain, we can't remove the duplicate user directory blindly as it would result in removal of user directory from the policy in which roles are mentioned. can you please answer the below questions which will help us to find the better way to fix the problem:

1) Is there a chance that the duplicate user directories links to the domain doesn't exist in the policy store database but still can be shown automatically in the FSS UI/Admin UI. Any such kind of bugs were identified till now?

2) If the duplicate user directories were created in the domain manually, how to know when these were created and possibly who created it?

3) As 4 user directories (out of which 2 are unique) are mapped to the domain, the policy is configured with these 4 user directories, out of which the 2 unique user directories were mentioned with the roles for each policy configured under this domain. In order to remove these user directories from the domain, what steps we should follow to ensure that the user directories in which roles are mentioned as part of the policy configuration are not removed.

 

Quicker response would help as the above observation is from production environment and the possible user impact can be avoided.

 

Regards,

Sateesh 

Outcomes