Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

How to synchronize repo users with LDAP if they not belong to JazzUsers group

 According to https://jazz.net/help-dev/clm/topic/com.ibm.jazz.repository.web.admin.doc/topics/cldapsynctask.html, name and email address fields are updated in the Jazz Team Server repository if the values in repository and the LDAP user directory do not match (which is our goal) but it happens for all users in the LDAP user directory who are members of the mapped LDAP groups.

How can we update name and email address fields for users in the repository who are not members of the mapped LDAP groups anymore?
Thanks in advance.
Cheers.

1

0 votes



2 answers

Permanent link
I would try repotools -exportUsers and repotools -importUsers. You might need to change the registry type like explained in http://www-01.ibm.com/support/docview.wss?uid=swg21470141 if the import does not allow that.

Note that this might require a federated realm.  I know some customers use a mix of LDAP and local registry (e.g. for the technical users) this way.

0 votes


Permanent link
like explained in http://www-01.ibm.com/support/docview.wss?uid=swg21470141 

According to this technote we have to manually update the fields, instead we would be able to automatically update the fields via LDAP nightly sync task.

We already have our own custom async task, but we are wondering if there is any chance to use out-of-the-box solution from Jazz (i.e., LDAP nightly sync task).
Anyway, thank you Ralph for all your good info (as always).
Cheers.

0 votes

Comments

No, the technote only explains how to change the LDAP type. It might be necessary to do that in order to be able to write to the e-mail property. You could use the API I explain to set the values. Repotools -exportUsers and the import are the only OOTB ways besides using APIS to add and modify user information. In addition, it is possible to have an LDAP and a file based registry working in parallel. The Not LDAP users could be managed in the file based registry.

Repotools -exportUsers and the import are the only OOTB ways besides using APIS to add and modify user information.

We will try that, thank you.

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details
× 1,381

Question asked: Jul 02 '18, 11:37 a.m.

Question was seen: 2,937 times

Last updated: Aug 03 '18, 2:21 p.m.

Confirmation Cancel Confirm