It's all about the answers!

Ask a question

Is there a way to auto-archive a user when he/she is detected no longer on LDAP by the sync ?


long TRUONG (363487129) | asked Jan 22 '15, 2:02 a.m.
 As user separation is handled via removal of credentials from LDAP, is it possible to trigger an auto-archive of a user when the LDAP sync fails to find this user's existence on LDAP.

Accepted answer


permanent link
Jeff Care (1.0k3233) | answered Jan 22 '15, 8:53 a.m.
 I'm not aware of anything automatic. I ended up writing a custom program against the API that reconciles project members against our corporate LDAP & then archives them if no LDAP record can be found.
long TRUONG selected this answer as the correct answer

Comments
long TRUONG commented Jan 22 '15, 4:20 p.m.

 Thx Jeff.


Wonder if it is possible, and your custom program generic enough, for you to share it with the community.

Should this be an enhance request ?


Jeff Care commented Jan 22 '15, 6:35 p.m.

 Unfortunately I can't share it publicly but if you are an IBM employee send me an internal note.


SEC Servizi commented Jan 23 '15, 5:15 a.m.
 if no LDAP record can be found

Which APIs are you using to achieve that? Could you post some more info?

Thanks in advance.


Kevin Ramer commented Jan 23 '15, 5:04 p.m.

My experience is probably the same as Jeff; I'll layout the process.
1) use repotools -exportUsers to send all users to a file
2) using some scripting process scan the file, ignoring those ID already archived (line ends with ,1 i think)
3) use an ldap query ( most *nix have ldapsearch ) with appropriate target and filters to verify each id exists, if not
4) repotools -archiveUser for each one not found in the ldap.
Perl works very well for #2 and one can leverage Net::LDAP to good effect for #3


long TRUONG commented Jan 24 '15, 7:11 p.m.

Wonder if there is a way to capture LDAP sync nightly failures for the list to be archive. 

One other answer



permanent link
Ralph Schoon (55.5k23642) | answered Jan 22 '15, 2:32 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
There is nothing built in. I am not aware of an extension point for that either. It would be better to have some automation when retiring the user from LDAP. See https://rsjazz.wordpress.com/2013/01/08/maintaing-user-photos-with-the-plain-java-client-libraries/ for an easy way to get to that API with Java.

Comments
long TRUONG commented Jan 22 '15, 2:42 a.m.

 Thx for the quick answer Ralph.

Your answer


Register or to post your answer.