Question & Answer
Question
For instances of IBM QRadar SOAR configured to use LDAP, what do the statuses inactive and deactivated mean?
Cause
With LDAP configured, the status of a user depends on the status of their account in Active Directory and whether they are a part of the authorized LDAP group.
![Users](/support/pages/system/files/inline-images/Screenshot%202022-12-15%20at%2010.46.21.png)
Answer
Deactivated status
- Jane Phillips' account was disabled in Active Directory.
Inactive status
- Joe Bloggs was removed from the authorized LDAP group (Administrator Settings - Organization - General - Settings - Enable LDAP Authentication).
- Peter Simmons was deleted from Active Directory.
- All LDAP users show as inactive when the option, Enable LDAP Authentication is disabled regardless of whether they were deactivated previously
Only a user deleted in Active Directory can be deleted from within IBM QRadar SOAR.
- Delete the user from Active Directory
- Remove the LDAP flag from the user account
sudo resutil resetuser -email user@domain.com -clearldap
User successfully updated: user@domain.com
- In Administrator Settings - Users you can now edit the user and select "Delete User."
You cannot delete users from IBM QRadar SOAR if the user exists in Active Directory, even if they are removed from the authorized LDAP group.
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSA230","label":"IBM Security QRadar SOAR"},"ARM Category":[{"code":"a8m0z0000001gqlAAA","label":"Authentication-\u003ELDAP"}],"ARM Case Number":"TS011529149","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
15 December 2022
UID
ibm16848249