IBM Support

SOAR: User cannot accept invitation to SOAR after LDAP email address was changed

Troubleshooting


Problem

When an LDAP user email is changed, the distinguished name (DN) must be changed on the SOAR server. When a user accepts the invitation email, an error occurs due to distinguished name change.

Symptom

When an administrator changes a user email address in Microsoft Windows Active Directory then performs the Invite User process in the SOAR server UI, the user receives an invitation email.
 
image-20220907072347-1

When the user clicks Accept, they receive an error message stating An error occurred.

image-20220907072522-3

Diagnosing The Problem

The following errors appear in the /usr/share/co3/logs/client.log:

[https-jsse-nio2-443-exec-8] ERROR [] o.h.engine.jdbc.spi.SqlExceptionHelper - ERROR: duplicate key value violates unique constraint "idx_muser_ldap_dn"   Detail: Key (muser_ldap_dn)=(cn=ran dom,cn=users,dc=domain,dc=com) already exists.
[https-jsse-nio2-443-exec-8] ERROR [] com.co3.web.servlet.Co3ServletFilterBase - Error processing request POST:/invite/accept_exists.jsp
java.lang.RuntimeException: org.apache.jasper.JasperException: An exception occurred processing [/invite/../WEB-INF/components/_expired.jspf] at line [18]

Resolving The Problem

  1. Open a terminal and SSH to the IBM Security QRadar SOAR server as the resadmin account.
  2. Run resutil command to reset the original LDAP user account to a local SOAR user account: 
    sudo resutil resetuser -clearldap -email <user_original_email>
    Note: Replace <user_original_email> with the user's old email.
  3. Have the user open the original email invite sent to the new email address, click the provided link, and accept the invite.

    Result
    The new email is registered, and the incidents and tasks associated with the old email can be deactivated, deleted, or reassigned.

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSA230","label":"IBM Security QRadar SOAR"},"ARM Category":[{"code":"a8m0z0000001gqlAAA","label":"Authentication-\u003ELDAP"}],"ARM Case Number":"TS010457136","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"},{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSIP9Q","label":"IBM Security SOAR"},"ARM Category":[{"code":"a8m0z0000001gqlAAA","label":"Authentication-\u003ELDAP"},{"code":"a8m0z000000cvv5AAA","label":"Email"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"},{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSTDPP","label":"IBM Cloud Pak for Security"},"ARM Category":[{"code":"a8m3p0000000rbnAAA","label":"Administration Task"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
13 September 2022

UID

ibm16618723

Page Feedback