Issue:

1. While doing the LDAP sync of the users in SEN manager the timestamp does not get updated and sync doesn't complete properly.

As we can see that the last updated timestamp is not updated.

2. Default learner role does not get assigned to the new  users.

3. Error seen in the manager log as below

error: unique constraint violated

Solution:

1. Since we are here focusing on if the SSO is based on Kerberos authentication then it makes sense to check  service user at the AD side. 

       a) If SEN manager has the SAML setup enabled with Kerberos authentication then check the service user whether the password is set to Expired or not. It should be set to "Never expire"  like the one below

2. Next important thing is to check for the duplicate user/s in the database. If there are duplicate users or inactive user in Enable manager then we might get the same unique constraint violation issue

         a) Login with schema user 

Run below command

select auth_user, count(auth_user) as usercount, a.ou_id, parent.name as parent_ou from actor as a

inner join ws_user on ws_user_id = a.identity_id

inner join actor as parent on parent.identity_id = a.ou_id

group by auth_user, a.ou_id, parent.name

having count(auth_user) > 1

If there are some duplicate entries seen then analyze it if they can be renamed/deleted or not and run the command again.

b) Do the housekeeping in SEN and delete the inactive users.

    --> go to administration--server housekeeping

select the current and check for the inactive users

we can delete the history entries and the inactive users if shown.

Once done try to do a manual sync of users again to check for the timestamp and role assignment.

That's it ,hope you guys find it useful. Keep sharing 😊

Thanks

Sid