It's all about the answers!

Ask a question

How can users LDAP-imported user data be updated? (email ids)


Daniel Ruebush (972474) | asked Oct 16 '15, 1:11 p.m.
Rational Team Concert 5.0.2
Linux

How can user LDAP-imported user data be updated?

A while back, our corporate email address domain changed from domainA
to DomainB.  Although either domain works now, eventually the original (DomainA) will go away.

There are hundreds of older users of CLM whose email address domains are still set to the old domain (DomainA) despite the corresponding LDAP
entry correctly set to the new domain (DomainB).

We attempted to use the LDAP sync link on the JTS Server page which reported successful execution, but it did not update the email addresses.
It is called: "Synchronize Jazz Team Server Users With External User Registry" and links to: https://clm.DomainA.com/jts/admin#

We also tried "repotools-jts –syncUsers" the repository tools command to sync users with the LDAP users directory.
It provided some updates for 14 (out of 855 needing email address changes), but only two with email address updates. We waited 30 more minutes for any updates, but nothing further.           

Is there a way to re-import user data or any way to update the imported user email addresses, which are currently not editable being linked to LDAP?

One answer



permanent link
Guido Schneider (3.3k137699) | answered Oct 17 '15, 7:00 a.m.
edited Oct 17 '15, 11:10 a.m.
Hello Daniel,

My experiance over the last few years with the LDAP synch below:
- There is a big limitation with Jazz. JTS can only hold one set of LDAP configuration and so it can only import/update (synch) users, either manual or automatic with the defined LDAP registry (Advanced Properties).
If your domains are all on one LDAP registry, be sure the LDAP search base is set on a common level, where both domains can be seen.
- Generally my experience is, the LDAP synch is not the most stable application with JTS. We often saw such issues. Specially we never really where sure what will be synched when. The scheduled synch (defined in advanced properties) worked quite well. But the manual synch with the button, or the synch started with repotool were quite suspect.

My recommendation, do the import/update by yourself, based on
  • repotool-jts.bat createuser
    This is for single user handling. All information is provided on the commandline.
  • repotool-jts.bat createusers
    This is for bulk user handling based on a file
  • repotools-jts.bat archiveuser
    This is for archiving users

- You write directly into the DB.

- The LDAP settings in advanced properties are just ignored. 

- If a userId does not exist, the record is created.

- If a userId exists, the record is updated (Name and email)

- You can provide any value for name/id/email. This means you can set e.g. the name to a value combined out of different LDAP attributes. e.g. "givenname, surname, phone, department, location"

- You can automatically archive users based on the disable flag on LDAP


So best is having a script, which reads out the LDAP groups from both domain, prepare a create/update file and a archive file and run repotools.

This you can schedule with the OS scheduler or the RTC build system.


regards

Guido 


An example of a small cmd file:

set userID=admin.user@clmtest01.local
set email=admin.user@clmtest01.local   
set name="User,Admin;My Admin;Org-Dept1;Phone:1234"
rem ----
set appl=jts
set JTS_version=600
set repositoryURL=https://bt-clmtestserver01.clmtest.local/%appl%
set adminUserId=superadmin@clmtest01.local
set adminPassword=MyPWD.x1

rem ----
pushd c:\IBM\JazzTeamServer_%appl%_%JTS_version%\server

rem ----

set cmd=call repotools-%appl%.bat -createUser userID=%userID% emailAddress=%email% name=%name% repositoryURL=%repositoryURL% adminUserId=%adminUserId% adminPassword=%adminPassword%
@echo %cmd%
%cmd%


rem ----
popd
pause
exit

Help:
   -createUser --Benutzer erstellen und/oder Lizenz zuordnen. Wenn ein Benutzer mit der angegebenen ID bereits vorhanden ist, erfolgt eine Aktualisierung.
         userId=<Wert> --Die ID des Benutzers, der erstellt oder aktualisiert werden soll.
         [name={UserId}] --Der Name des Benutzers. Der Standardwert ist die Benutzer-ID.
         [emailAddress=unknown] --Die E-Mail-Adresse des Benutzers.
         [jazzGroup=<none>] --Die Gruppe, die der Benutzer angehört. Gültige Werte sind JazzAdmins, JazzProjectAdmins, JazzUsers, JazzGuests. Geben Sie eine Liste mit gültigen Werten für Gruppen, jeweils getrennt durch ein Semikolon, an.
         [licenseId=<none>] --Die ID der Lizenz, die dem Benutzer zugeordnet werden soll. Die Lizenz muss vorhanden sein. Mit dem repotools-Befehl listLicenses können Sie eine Liste der Lizenzen anzeigen.
         [generatePassword] --Für neu erstellte Benutzer automatisch Kennwörter generieren (anstatt mit der Benutzer-ID übereinstimmende Kennwörter zu verwenden)
         [repositoryURL=https://localhost:9443/jts] --Verbindungs-URL für den Server
         [adminUserId=ADMIN] --Benutzer-ID des Administrators zum Anmelden im Jazz-Repository.
         [adminPassword=********] --Kennwort des Administrators zum Anmelden im Jazz-Repository.
         [credentialsFile=credentials.properties] --Die Datei, die die Berechtigungsnachweise zur Administratoranwendung enthält.
         [certificateFile=<none>] --Datei mit dem Zertifikat für die Anmeldung des Benutzers mit Administratorberechtigung
         [smartCard=<none>] --Aliasname für die Anmeldung mit einer Smart Card oder ? für die Auflistung der verfügbaren Aliasnamen.
         [logFile=repotools-jts_createUser.log] --Pfad zur Protokolldatei
         [kerberos=<none>] --Mit Windows-Berechtigungsnachweisen bei Kerberos/SPNeGO authentifizieren.





Your answer


Register or to post your answer.