It's all about the answers!

Ask a question

How to synchronize repo users with LDAP if they not belong to JazzUsers group


0
1
SEC Servizi (94622546) | asked Jul 02 '18, 11:37 a.m.
retagged Aug 03 '18, 2:21 p.m. by Ken Tessier (84117)

 According to https://jazz.net/help-dev/clm/topic/com.ibm.jazz.repository.web.admin.doc/topics/cldapsynctask.html, name and email address fields are updated in the Jazz Team Server repository if the values in repository and the LDAP user directory do not match (which is our goal) but it happens for all users in the LDAP user directory who are members of the mapped LDAP groups.

How can we update name and email address fields for users in the repository who are not members of the mapped LDAP groups anymore?
Thanks in advance.
Cheers.

2 answers



permanent link
Ralph Schoon (57.7k23642) | answered Jul 02 '18, 1:23 p.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
edited Jul 02 '18, 1:25 p.m.
I would try repotools -exportUsers and repotools -importUsers. You might need to change the registry type like explained in http://www-01.ibm.com/support/docview.wss?uid=swg21470141 if the import does not allow that.

Note that this might require a federated realm.  I know some customers use a mix of LDAP and local registry (e.g. for the technical users) this way.


permanent link
SEC Servizi (94622546) | answered Jul 03 '18, 3:36 a.m.
like explained in http://www-01.ibm.com/support/docview.wss?uid=swg21470141 

According to this technote we have to manually update the fields, instead we would be able to automatically update the fields via LDAP nightly sync task.

We already have our own custom async task, but we are wondering if there is any chance to use out-of-the-box solution from Jazz (i.e., LDAP nightly sync task).
Anyway, thank you Ralph for all your good info (as always).
Cheers.


Comments
Ralph Schoon commented Jul 03 '18, 4:37 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER

No, the technote only explains how to change the LDAP type. It might be necessary to do that in order to be able to write to the e-mail property. You could use the API I explain to set the values. Repotools -exportUsers and the import are the only OOTB ways besides using APIS to add and modify user information. In addition, it is possible to have an LDAP and a file based registry working in parallel. The Not LDAP users could be managed in the file based registry.


SEC Servizi commented Jul 03 '18, 4:41 a.m. | edited Jul 03 '18, 4:46 a.m.
Repotools -exportUsers and the import are the only OOTB ways besides using APIS to add and modify user information.

We will try that, thank you.

Your answer


Register or to post your answer.