After we moved some user from one ou to another ou in IDM 4.5.5 the authentication to the user-application fails for (some) of these users.

I found a thread in the forums with a user who had the same problem (thread is closed so i can't reply):

After some time (several days) users can login again but it would be nice if we had a workaround or solution to provide to our users (in idm 4.0.2 this was no problem)

Ldap auth seems to work (user was moved on the 13.03.2017):
2017-06-15T19:23:37Z, INFO , auth.LDAPAuthenticationRequest, {10634} authID=9698, successful ldap authentication for UserIdentity{"userDN":"cn=ABC123,ou=NEWOU,ou=Entit ies,o=Identities","ldapProfile":"default"} (69ms) type: AUTHENTICATED, using strategy BIND, using proxy connection: false, returning bind dn: cn=ABC123,ou=NEWOU,ou=Entities,o=Identities []
2017-06-15T19:23:38Z, INFO , event.AuditService, audit event: {"perpetratorID":"ABC123","perpetratorDN":"cn=ABC1 23,ou=NEWOU,ou=Entities,o=Identities","perpetrator LdapProfile":"default","sourceAddress":""," sourceHost":"","type":"USER","eventCode":"A UTHENTICATE","guid":"01f32715-9d05-4fcf-b07c-105ef848fa94","timestamp":"2017-06-15T17:23:38Z","message":"type=AUTHENTICATED, source=BASIC_AUTH","narrative":"ABC123 (cn=ABC123,ou=NEWOU,ou=Entities,o=Identities) has authenticated"}

But afterward OSP tries to use the old dn of the user:

Class: OSPPrincipalNotFoundException
Class: LoggableMessage
Level: INFO
Code: com.novell.oidp.source.ldap.LDAPAuthenticationSour ce.fromPrincipalEncoding() [2186]
Thread: http-bio-8443-exec-15
Correlation Id: 6b1e9d85-a14d-4d8b-a773-386843f387d9
Text: Unable to locate principal with identifier "cn=ABC123,ou=OLDOU,ou=Entities,o=Identities".
Root cause:

We use IDM 4.5.5 and OSP

Kind Regards