Created users also exists in LDAP
On our installation, which is using WAS and is configured to use an external LDAP registry, a user was accidentally created using "Create User" with a userid that matches the LDAP ID. This user's name is incorrect - it was accidentally left to the default "User Name". However because we are configured to authenticate against LDAP and the user is a valid user ID in LDAP it appears that the user name is not editable.
I would have expected the LDAP nightly sync to clean this up for me. I can see that the sync is running from the log. The RSS Feed shows this:
Users updated by LDAP nightly sync task. since 5/6/08 5:16 PM
The feed doesn't list any users but we only have a small set of normally imported LDAP users and none of them have actually changed in LDAP.
I tried archiving the user and importing but the user isn't listed - I assume by design given the user ID is still in use.
I would have expected the LDAP nightly sync to clean this up for me. I can see that the sync is running from the log. The RSS Feed shows this:
Users updated by LDAP nightly sync task. since 5/6/08 5:16 PM
The feed doesn't list any users but we only have a small set of normally imported LDAP users and none of them have actually changed in LDAP.
I tried archiving the user and importing but the user isn't listed - I assume by design given the user ID is still in use.
2 answers
You are right. Only the users not present in the Jazz repository (but present in LDAP directory) are available for import in the Import dialog.
I am interested in knowing why LDAP nightly sync did not update the user name in the Jazz repository. The LDAP nightly sync is supposed to sync up the user's information between LDAP and Jazz repository. Can you try manually opening the user record in the Eclipse UI (Right click on the Repository node connection -> Administer->Open Users). If the user name does not match, it would give you an option to fix the user name to the information present in the LDAP directory.
You can view all the changes made by LDAP nightly sync using https://example.com:9443/jazz/events?provider=ldapnightlysync . This will list all the changes made by LDAP nightly sync (new users created, user information changed, ambiguous user records, errors in LDAp directory).
--- Balaji
Jazz Server Team
I am interested in knowing why LDAP nightly sync did not update the user name in the Jazz repository. The LDAP nightly sync is supposed to sync up the user's information between LDAP and Jazz repository. Can you try manually opening the user record in the Eclipse UI (Right click on the Repository node connection -> Administer->Open Users). If the user name does not match, it would give you an option to fix the user name to the information present in the LDAP directory.
You can view all the changes made by LDAP nightly sync using https://example.com:9443/jazz/events?provider=ldapnightlysync . This will list all the changes made by LDAP nightly sync (new users created, user information changed, ambiguous user records, errors in LDAp directory).
--- Balaji
Jazz Server Team
On our installation, which is using WAS and is configured to use an external LDAP registry, a user was accidentally created using "Create User" with a userid that matches the LDAP ID. This user's name is incorrect - it was accidentally left to the default "User Name". However because we are configured to authenticate against LDAP and the user is a valid user ID in LDAP it appears that the user name is not editable.
I would have expected the LDAP nightly sync to clean this up for me. I can see that the sync is running from the log. The RSS Feed shows this:
Users updated by LDAP nightly sync task. since 5/6/08 5:16 PM
The feed doesn't list any users but we only have a small set of normally imported LDAP users and none of them have actually changed in LDAP.
I tried archiving the user and importing but the user isn't listed - I assume by design given the user ID is still in use.
Hmm - the URL I was using to look up the sync events was from the documentation. I didn't realize I had copied the example that explicitly limited the results - silly me :(. Now that I am using the correct URL I can see that the cause cause of the non-update is "Ambiguous Name: Name does not match any of the available names in the LDAP directory". The userid's do match however.
I was not aware of the ability to select the name from the Eclipse UI. Thanks for this tip as that has solved the problem. When I went in to the Eclipse UI for the user it did say that the name did not match the directory entry.
I was not aware of the ability to select the name from the Eclipse UI. Thanks for this tip as that has solved the problem. When I went in to the Eclipse UI for the user it did say that the name did not match the directory entry.