We have pointed our UME to the LDAP (i.e. AD) to pull out the user records. We did not know to make that into effect, we have to restart the Application Server (i.e. J2EE). So we were not able to see the LDAP as a possible data source in UME.
Meanwhile, we created some test users in UME, which have the same userID as that in LDAP and SAP. So for example, we have Baldwin01 in UME, in SAP, and also in LDAP. This seems to allow the email to be sent out successfully during the various provisioning process in ERM, CUP.
However, recently, our administrator account in UME got locked out due to password lock-out. To solve this, we activated the emergency account SAP* to unlock the administrator account. and as part of this process, the Application server was restarted.
This restart seem to have an impact on the UME, as now, we can now see the LDAP as a data source, when previously we were not able to. and we could also see all LDAP users. However, we are now not able to log on to those users that was previously created in UME (i.e. the Baldwin01 example above), as the UME now seems to detect 2 Baldwin01, one created in UME and one pulled from LDAP. To add on to the problems, every single LDAP pulled record has this "Entity is inconsistent" issue pegged to the user account.
We tried to run a consistency check, and accepted the interactive repairs, but the "Entity is inconsistent" issue remains.
In GRC, from the launchpad, because it is authenticating against the UME, none of the accounts can log on, except the Administrator account. The only time we can use the UME users is when we request access in CUP (where we are prompted to logon using my network ID (i.e. LDAP) and pw).
We really appreciate help on how to resolve this "Entity is inconsistent" issue. Many thanks!