It's all about the answers!

Ask a question

Can we remove functional users from LDAP?


Erik Mats (10511025) | asked Sep 21 '15, 6:27 a.m.
We have accidentally added functional users to our LDAP registry.

For example: ccm_user now refers to a user in the LDAP domain.

As a consequence, our organization's password requirements now apply to our functional users, an undesired effect.

We are thinking of reverting this change,
  1) moving the users back into the JTS registry (may not be needed?) and
  2) removing them from LDAP.

Questions:
1. What would we need to do to accomplish this?
2. Any gotchas to look out for?

We have: Distributed CLM servers, WAS single sign-on and LDAP.

2 answers



permanent link
William Chen (31215) | answered Sep 21 '15, 2:42 p.m.
Hi Erik,

Your LDAP administrators can delete those functional users under User Management in Active Directory. Then you can archive them from JTS repository. However, you should check if those users are being used in friend relationships between CLM applications or they are assigned with OAuth Consumer keys for ETL jobs.

If your distributed environment do not use those functional users, they can be archived in JTS repository.

Regards,
Will

permanent link
Donald Nong (14.5k414) | answered Sep 21 '15, 8:17 p.m.
The functional users do not need to present in any external user registries, such as LDAP or Tomcat User Management, as you don't use these user accounts interactively. Adding or removing these user accounts in the external user registry should not have any effects on the functioning of the application.
Note that archiving the functional users in JTS can too often cause unexpected behaviors, so I strongly suggest you leave them as is in JTS.

Your answer


Register or to post your answer.