It's all about the answers!

Ask a question

Changing user IDs in 4.0.1


Mike Shkolnik (9657146143) | asked Mar 22 '13, 12:42 p.m.
So we can now change user IDs! Excellent. Unfortunately, I am having a problem doing so. I followed the following instructions found elsewhere here:

1.    Go to the jts admin page: https://[OURSERVER]:9443/jts/admin
2.    Click "Server" on the top menu, then "Advanced Properties" on the left menu.
3.    Change "Ability to Modify User IDs" from false to true (if it wasn't already).
4.    Change "User Registry Type" from DETECT to UNSUPPORTED.
5.    Click "Save" in the upper right.
6.    Load the user profile and edit the ID. Save.
7.    Change "User Registry Type" from UNSUPPORTED back to DETECT.
8.    Click "Save" in the upper right.

What happens is the new user ID does not work. The old user ID works to login but then gets the error:

Error!

You are not authorized to view this page.

Forbidden

We do not use LDAP, if that matters. User IDs are created in RTC.

Accepted answer


permanent link
Ralph Schoon (55.3k23642) | answered Mar 25 '13, 3:07 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
edited Mar 25 '13, 3:07 a.m.
I just did the following and it worked for me.

CLM 4.0.1, Windows, Tomcat, Derby test system.

  1. Log in as admin
  2. Set to UNSUPPORTED, Allow changing User ID, save
  3. Open a User, change the ID, save
  4. Opened tomcat-users.xml, found original user ID, changed that to the desired ID for the user I changed.
  5. Shut down server
  6. Start up server
  7. Login with changed user ID - password unchanged - worked
Mike Shkolnik selected this answer as the correct answer

Comments
Ralph Schoon commented Mar 25 '13, 3:35 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER

I updated my blog post.

For Tomcat I would also suggest to shut down tomcat before changing the username property in tomcat-users.xml. This would prevent issues concurrent server and user write operations on the tomcat-users.xml and caching.


Mike Shkolnik commented Mar 25 '13, 2:53 p.m.

This did the trick. The missing step was restarting the server.  :) Unfortunately any time we have to restart the server we have to get involved with change control and approvals, so we will likely continue our old process of creating a new ID and changing the name of the old account to include "(BAD ID)". Now to learn how to purge accounts with bad IDs...


Ralph Schoon commented Mar 26 '13, 3:04 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER

Mike, changing user ID's should be a rare thing. Typically one time only, because of a typo or because of changing the registry. If this is common in your case, I would be interested what could cause this. I would consider reviewing my processes. Or consider to use a free LDAP system such as Apache Directory Studio.

Shutting down and restarting the server should not be so complex that it prevents doing it for the right reasons. If it is, that is a clear indicator to me, that the process needs adjustments.

I am however aware of the distressing fact that sometimes wrong processes can't be changed to be right due to factors out of ones control.

One other answer



permanent link
Ralph Schoon (55.3k23642) | answered Mar 22 '13, 12:56 p.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
 Mike, I have done that with 4.0 and it works with Tomcat. See https://rsjazz.wordpress.com/2012/10/12/changing-the-jazz-user-id-using-the-rtc-plain-java-client-libraries/ 

Are the ID's in Tomcat changed in the tomcat-users.xml.
If you use WAS you would have to use the user ID's in WAS manually since they can't be written by the JTS.

Comments
Mike Shkolnik commented Mar 22 '13, 1:12 p.m.

Tomcat.

I think that linked article is where I originally got the instructions and they aren't working, as described above. The only thing I am doing different is I skipped the step "Change property Ability to Modify User IDs back to false" as I am pretty sure that is not necessary.

Of course those instructions were specifically for LDAP and we're not using LDAP. Are you saying that in addition to those instructions we need to edit tomcat-users.xml? Can this be done while the server is live and without restarting? If not, it's a huge deal that involves change control and approvals for us and would take two weeks to get a user ID changed. Any server restart is considered a "change" here.

One thing I noticed is that the ccm admin page has the same "Ability to Modify User IDs" setting and it does not automatically change to match the jts admin setting. Is this relevant?


Mike Shkolnik commented Mar 22 '13, 7:36 p.m.

I tried updating the tomcat-users.xml file as you suggested (in addition to the above instructions in the OP), but that did not change anything. Still only the old ID worked and still got the same error.

Your answer


Register or to post your answer.