IBM Support

Console LDAP operators cannot login after moving the users to new OUs and groups

Technote (FAQ)


How to get Console LDAP operators to be able to login after moving the users to new OUs and groups


Functionality not yet available.


Work-around is listed below:

1. Backup the database.

2. Using SQL Server Management Studio by querying for the current LDAP distinguished name. The following query can obtain this information, replace "USERTOCHANGEDN" with the name of the user in the database table. Copy the data that results from the running of the query by right clicking and copying it to a text file.

use BFEnterprise
select LdapDN from dbo.USERINFO where Username = 'USERTOCHANGEDN'

3. Obtain the new distinguished name using LDAP Explorer or Active Directory.

4. Using SQL Management Studio click the New Query button and use the following query replacing the "NEWLDAPDN" with the new distinguished name obtained in step Replace the "OLDLDAPDN" with the results

use BFEnterprise
update userinfo set LdapDN = 'NEWLDAPDN' where LdapDN =

5. On the TEM Server do the following:
a.Go to a command prompt and navigate to your BES Server directory (C:\Program Files\Bigfix Enterprise\BES Server by default.)
b. Run the following command "besadmin.exe /resignsecuritydata"

Product Alias/Synonym

Tivoli Endpoint Manager

Document information

More support for: IBM BigFix family

Software version: 8.2

Operating system(s): Windows, Windows 2000, Windows 2003 server, Windows 2008 server, Windows 64bit, Windows 7, Windows Vista, Windows XP

Reference #: 1605241

Modified date: 18 May 2015

Translate this page: