Random invalid users are getting created in RTC 6.0.6.1 ccm and jts
Recently we noticed that random invalid users are getting created in the repository. For example - below is one example.
Name User Id Email
|
Victor & Tom providing fixes. Need released in
|
Victor & Tom providing fixes. Need released in |
Victor & Tom providing fixes. Need released in
|
We are using LDAP as external registry and there is no such user present in LDAP as there is no valid email id above.
We are wondering how this user got created. Is there a way to debug this issue ? We as admins haven't added any such user.
One answer
You need to share more information e.g. the app server you use, if you have set up the system to synchronize the LDAP users in, if you have set up federated Realm etc.
If you have a federated realm, the server might pick up additions to the local users files.
The documentation of the application server would tell you where user additions are tracked. You could check the the JTS and CCM logs. I would also consider to check with support.
Comments
Hi Ralph,
Thanks for your quick response. We are using IBM bluegroups as ldap repo and ldap sync is enabled but LDAP doesn't have any such users. Application server used is Websphere Liberty. We don't use Federated realm. Actually I don't know when the users got created as it came to our notice recently so logs don't have any such information.
Also I had a doubt regarding user creation using RTC plain client libraries. Can a user with JAZZUser permission create user as we are suspecting if teams using automation are creating such users by mistake? My understanding is that only the JAZZAdmin can create users using RTC plain client libraries. Is that correct?
There are repotools to create users, you could try using the API to create users.
My understanding is that a user must have JazzAdmin repository role to create a user. API or UI should not be different.
I assume that the default user ADMIN/ADMIN has been disabled during setup.
If you use LDAP to manage the users, it should not be possible to create a user, only LDAP should be able to do so. Can you check if the create user button is available in the admin UI?
If you use LDAP to manage the users, it should not be possible to create a user, only LDAP should be able to do so. Can you check if the create user button is available in the admin UI?
https://rsjazz.wordpress.com/2012/10/12/changing-the-jazz-user-id-using-the-rtc-plain-java-client-libraries/ describes a way to access user data and actually do changes, but would also require JazzAdmin.
I can not remember if I have heard of any case like this in the past.
I can not remember if I have heard of any case like this in the past.
The Create User button should show and you should not be able to create a user. I am not sure if that could be circumvented using repotools or API:
The Create User button is disabled because the user registry is not writable. To create a new user, use the tools provided by the external user registry.