Home

 

Synchronize user identification data between Communities and the LDAP directory


Overview

Use administrative commands to synchronize member records in the Communities database with the LDAP

To use administrative commands, use wsadmin.

If you are using the Profiles service, first synchronize the ExtId values in the Profiles database with the LDAP before you can run the commands that synchronize member IDs described in this topic.

When you run the synchronization commands for Communities, internally the commands update two database tables:

The synchronization commands write output to the SystemOut.log file. After running the commands, be sure to check this file because the login names of community users that were not successfully updated are logged in the file. You can see information being logged about the MEMBERPROFILE and DF_MEMBERPROFILE database tables as they are being updated by the synchronization commands. The information being logged by Communities begins with the prefix CLFRM, and the information being logged by discussion forums is prefixed with CLFRV. Here is an example of each:

Communities use an internal identifier to manage access control. This identifier is different from the person identifier used in the LDAP When the LDAP identifier changes, the mapping of it to the internal identifier for each member needs to be changed. Commands are provided for manipulating the internal ID of community members.


Synchronize member IDs between Communities and the LDAP

  1. Start wsadmin so that you can access Communities configuration files.

    1. Access the Communities configuration files:

      If you are asked to select a server, you can select any server.

  2. Change the internal IDs of community members.

    Option Description
    CommunitiesMemberService.syncAllMemberExtIds() Synchronizes all member IDs in the Communities member database table with the LDAP ID.

    For each member, this service queries the LDAP server by login name (or names) stored as part of the Communities member profile to retrieve the updated ID (unique interapplication identifier). In addition, the member's login names, display name, and e-mail address are updated if necessary.

    Use this command when a change occurs in the deployment LDAP system. For example, if people have been deleted from the LDAP or personal information has changed.

    Update time varies depending on the number of people in the Community database. On average, it takes approximately eight minutes to update 500 users. For large databases, run this process overnight.

    This command does not take any parameters. For example:

      CommunitiesMemberService.syncAllMemberExtIds()

    CommunitiesMemberService.syncMemberExtIdByLogin(String loginName) Synchronizes a single member's ID in the Communities member database table.

    This command is essentially the same as syncAllMemberExtIds() but applied to a single member. Thus, the member's login names, display name, and e-mail address are updated.

    This command takes loginName as a parameter. This parameter is a single, valid user login name. For example:

      CommunitiesMemberService.syncMemberExtIdByLogin("John Smith")
    CommunitiesMemberService.syncBatchMemberExtIdsByLogin(String loginFile) Synchronizes a list of member's IDs in the Communities member database table.

    The list is specified in a text file specified by the parameter. This command is essentially the same as syncAllMemberExtIds() but applied to a list of members, and the LDAP server is queried by the specified login names. Thus, the members' login names, display names, and e-mail address are updated.

    This command takes loginFile as a parameter. This is a text file name with a single, valid login name per line. In a stand-alone deployment, create this text file and save it in a local to the server where you are running the wsadmin processor. In a network deployment, the file needs to be local to the server that you connect to. Example:

      CommunitiesMemberService.syncBatchMemberExtIdsByLogin("/opt/Communities/update.txt")

    CommunitiesMemberService.syncMemberExtIdByEmail(String emailAddr) Synchronizes a single member's ID in the Communities member database table.

    The command is essentially the same as syncAllMemberExtIds(), but applied to a single member, who is identified by the specified e-mail address. In addition, the member's login names and display name are updated if necessary.

    This command is used when a change occurs in the deployment LDAP system or when a person identifier in the LDAP changes in some respect. This change might occur when an LDAP record is updated.

    This command takes a string as a parameter, emailAddr. This string is a valid e-mail address.

    For example:

      CommunitiesMemberService.syncMemberExtIdByEmail("jdoe@example.com")
    CommunitiesMemberService.syncBatchMemberExtIdsByEmail(String emailFile) Synchronizes a list of member's IDs in the Communities member database table.

    The list is specified in a text file specified by the parameter. This command is essentially the same as syncAllMemberExtIds() but applied to a list of members, and the LDAP server is queried by the specified e-mail addresses. Thus, the members' login names and display names are updated.

    This command takes emailFile as a parameter. This parameter is a text file name with a single, valid e-mail address per line. In a stand-alone deployment, create this text file and save it in a local to the server where you are running the wsadmin processor. In a network deployment, the file needs to be local to the server that you connect to. Example:

      CommunitiesMemberService.syncBatchMemberExtIdsByEmail("c:/Communities/email_file.txt")

    Depending on the size of data being synchronized, if the execution of one of the synchronization commands takes longer to complete than the value of the property...

      com.ibm.SOAP.requestTimeout

    ..in...

      WAS_HOME\profiles\PROFILE_NAME\properties\soap.client.props

    ..a "SOAP timeout" error displays on the wsadmin console, and any return value from the method invoked is lost. This means that the connection between the wsadmin command processor and the server is lost. However, the server continues to process the command and you can view additional messages being logged by the command in the SystemOut.log file. To change this behavior so that the client does not terminate the connection, increase the value of the com.ibm.SOAP.requestTimeout property or set the property to 0 for no timeout. If you reset the property, restart the application server for the change to take effect.

 

Related tasks

Administer Communities
Synchronize user data between Profiles and the LDAP directory
Synchronize IDs between LDAP and the feature databases

+

Search Tips   |   Advanced Search