It's all about the answers!

Ask a question

CLM - converting "clm created accounts" to LDAP accounts

Mahari Hill (486178196) | asked May 11 '16, 8:08 a.m.
CLM 502

We are using full CLM and the following accounts were created by a previous admin during setup:


Only ccm_user is an actual LDAP user. We found that jazzrational is being used as a replacement for "rm_user" and "qm_user". My questions:

If I create dcc_user or etl_user in LDAP, will there be a problem with the current dcc_user/etl_user? Will I lose some type of connection? Does the server require a restart or configuration post change?

2 answers

permanent link
Donald Nong (14.4k313) | answered May 11 '16, 9:57 p.m.
Check out some old posts and hopefully it will bring some clarity to you, such as this one.

Some more comments regarding your particular case.
1. The "jazzrational" account may be used in some other places (interactively), so you may need to create such account on LDAP. But (see below for more details).
2. As I mentioned in the other post, these functional users (in a form <app>_user) do not need to exist in any external user repository. The fact the a "ccm_user" was created on the LDAP server can just be the result of misunderstanding the requirement. You can actually remove this user from LDAP.
3. Each functional user can be assigned one or more internal licenses by default. For example, the "rm_user" has the internal license "RM Application - Internal" by default. If a different user is used in place of a default functional user, make sure that such user is assigned with the corresponding internal license.
4. If you create these functional users on the LDAP server, and make them behave like normal users, you may not have any problems, but it's not recommended.

If you're not sure about the implication of modifying or replacing built-in functional users, you'd better keep them as default.

permanent link
Pavel Dubovitsky (2814) | answered May 11 '16, 8:44 p.m.
There is no need to create these users in LDAP.
These application users do not need interactive login capabilities, but leave them active.

Your answer

Register or to post your answer.