Issue
Cardholders are getting automatically changed from Active to Inactive (deactivated).
When the LDAP/AD integration is configured to map the Active Directory attribute UserAccountControl to Card Status in Access Expert; records that have useraccountcontrol = 512 (normal active account) are getting their cards deactivated. These records should NOT be deactivated.
An LDAP query mapped to UserAccountControl
Card(s) showing Inactive in Access Expert
Event History record showing the date and time the cardholder record was set to Inactive by LDAP
Product Line
EcoStruxure Access Expert
Environment
- Access Expert Hosted V3
- Active Directory
Cause
A version of the LDAP service less than 24.2.1
Resolution
- Manually set the cardholder to Active as a workaround
- Ensure the LDAP service installed is greater than version 24.2.1.
See the following link to a KB article showing how to "Identify which LDAP service is currently installed" : https://community.se.com/t5/Building-Automation-Knowledge/Identifying-which-Access-Expert-LDAP-integ...
If the version installed is older than 24.2.1, perform the following steps:
- Uninstall LDAP from Windows Programs and Features
- Navigate to C:\ProgramData\Feenics_LDAP and delete the .dat file
- Restart the PC
- Install an updated version of LDAP from Feenic's web site:
https://s3.amazonaws.com/download.feenics.com/ldap/Feenics.Keep.Installer.ActiveDirectory.msi
Test to ensure the issue has been resolved with the updated LDAP service
