Impact of Switching LDAP Registries
First question: Is there a way to import the users (and assign them to Project Areas/Process Roles) an automated fashion such that I don't have to do this manually?
Second question: The LDAP ID format in the current LDAP registry is firstname.lastname. In the new one, it is XXX9XXX. Is there a way to map the users from the old LDAP to the users of the new LDAP? Meaning, that artifacts created by user ids under the current LDAP are switched to the new LDAP user ids?
Third question: is there a way to programmatically change the User Label to the user's name when importing from the LDAP registry? By default, it places XXX9XXX in the User Label.
We are trying to make this conversion with as little impact to the user community as possible.
Any thoughts/suggestions are most welcome!
Accepted answer
You don't want to have new users created for each new LDAP entry, you want to reuse the old users. See https://rsjazz.wordpress.com/2012/10/12/changing-the-jazz-user-id-using-the-rtc-plain-java-client-libraries/ for some ideas.
Comments
Hey, Ralph;
This worked for switching the users in JTS, however, we were unsuccessful with switching the users in the CCM and QM applications.
In our installation, we have the following: https://jts.fpl.com/jts, https://ccm.fpl.com/ccm, and https://rqm.fpl.com/qm rather than the same servername/<application>.
Any thoughts? Is there a parameter that we can use? Or do we need to modify the code?
We also found another condition...the LDAP Nightly Sync overwrites the User Name with the User ID (LDAP ID). What are the ramifications if we turn OFF the LDAP Nightly Sync?
If the Sync overwrites the name with the ID, you got the LDAP property settings wrong in the CLM setup. You want to fix that rather than switching off the nightly sync.
With respect to the other tools, have you tried to run against the other servers?
I just ran the tool in my context - all applications where up. I ran the code only against the JTS. All the changed user ID's where pushed from the JTS to all my other registered applications. It took a minute or two, however the changes propagated through the system.
As an alternative, you can run the tool against any application - they use the same API. However, if you changed the data on the JTS you might either get stale data exceptions - while JTS is distributing the changes - or the API might not find the user ID as it is already changed.