DocuSign Insight - Error updating LDAP groups: Entity id 'null' of type 'class com.seal.module.user.domain.User' does already exist

Issue

When syncing LDAP groups with Insight, the group/users are not updated and the following error is seen in the seal-ws log:
Error updating LDAP groups: Entity id 'null' of type 'class com.seal.module.user.domain.User' does already exist
 

Cause

The error indicates that a user being synced to a group already exists in the Insight database.
 

Solution

When the error is encountered, it may not be obvious which user is causing the issue so you will want to enable debug logging.

Version 5:

Edit the logback.xml under <seal_home>\web\conf\seal\

1. Locate the following which is typically on line 2:
<configuration scan="true" debug="false">

Change debug to true:
<configuration scan="true" debug="true">

2. Locate the following - usually line 74:
 <logger name="com.seal" level="INFO" additivity="false">
                <appender-ref ref="default"/>
            </logger>
            
Change level from INFO to DEBUG:
 <logger name="com.seal" level="DEBUG" additivity="false">
                <appender-ref ref="default"/>
            </logger>

3. Save the file and restart "Seal Web" service.
Logging information will be recorded in <seal_home\log\seal-ws.log

Version 6 and 7:
Edit the logback.xml under <seal_home>\service\seal-ws\config.

1. Locate the following which is typically on line 2:
<configuration scan="true" debug="false">

Change debug to true:
<configuration scan="true" debug="true">

2. Locate the following - usually line 87 for version 6 or line 109 for version 7:
    <logger name="com.seal" level="INFO" additivity="false">
        <appender-ref ref="default"/>
    </logger>
            
Change level from INFO to DEBUG:
    <logger name="com.seal" level="DEBUG" additivity="false">
        <appender-ref ref="default"/>
    </logger>

3. Save the file and restart "Seal Web Services" service.
Logging information will be recorded in <seal_home\log\seal-ws.log

Run the LDAP Sync or select the group in the ScD UI and click Update. The seal-ws log should include the queries for updating users. The last user in the update would need to be checked for accuracy.
View the user in Active Directory and confirm that the following attributes match what is in Insight:
username - User's Principal Name
email - User's mail address
ldap_id - User's objectGUID in hexidecimal format

If any of these do not match, the user will need to be manually updated in the seal database to provide a match and allow the sync to complete.