Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

Is there a way to auto-archive a user when he/she is detected no longer on LDAP by the sync ?

Questions
Tags
Users
Badges
long TRUONG
(3654123147) Jan 22 '15, 2:02 a.m.
 As user separation is handled via removal of credentials from LDAP, is it possible to trigger an auto-archive of a user when the LDAP sync fails to find this user's existence on LDAP.

0 votes

2 answers
5,400 views
0 votes

Accepted answer

Permanent link
Jeff Care
(1.0k3833) Jan 22 '15, 8:53 a.m.
 I'm not aware of anything automatic. I ended up writing a custom program against the API that reconciles project members against our corporate LDAP & then archives them if no LDAP record can be found.
long TRUONG selected this answer as the correct answer

1 vote

Comments
long TRUONG
Jan 22 '15, 4:20 p.m.

 Thx Jeff.


Wonder if it is possible, and your custom program generic enough, for you to share it with the community.

Should this be an enhance request ?

Jeff Care
Jan 22 '15, 6:35 p.m.

 Unfortunately I can't share it publicly but if you are an IBM employee send me an internal note.

SEC Servizi
Jan 23 '15, 5:15 a.m.
 if no LDAP record can be found

Which APIs are you using to achieve that? Could you post some more info?

Thanks in advance.

Kevin Ramer
Jan 23 '15, 5:04 p.m.

My experience is probably the same as Jeff; I'll layout the process.
1) use repotools -exportUsers to send all users to a file
2) using some scripting process scan the file, ignoring those ID already archived (line ends with ,1 i think)
3) use an ldap query ( most *nix have ldapsearch ) with appropriate target and filters to verify each id exists, if not
4) repotools -archiveUser for each one not found in the ldap.
Perl works very well for #2 and one can leverage Net::LDAP to good effect for #3

long TRUONG
Jan 24 '15, 7:11 p.m.

Wonder if there is a way to capture LDAP sync nightly failures for the list to be archive. 

One other answer

Permanent link
Ralph Schoon
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER (63.9k33648) Jan 22 '15, 2:32 a.m.
There is nothing built in. I am not aware of an extension point for that either. It would be better to have some automation when retiring the user from LDAP. See https://rsjazz.wordpress.com/2013/01/08/maintaing-user-photos-with-the-plain-java-client-libraries/ for an easy way to get to that API with Java.

0 votes

Comments
long TRUONG
Jan 22 '15, 2:42 a.m.

 Thx for the quick answer Ralph.

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Ask a question
Guidelines
FAQ
Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details

Question asked: Jan 22 '15, 2:02 a.m.

Question was seen: 5,400 times

Last updated: Jan 24 '15, 7:11 p.m.

Confirmation Cancel Confirm