Synchronize user identification data between Blogs and LDAP 

You can run commands that will synchronize the unique identifier (user ID) and user email addresses used in Blogs with the user information stored in LDAP. You can also remove inactive users.


Before starting

To edit configuration files, use the wsadmin client. See Starting the wsadmin client for details.


About this task

The synchronization commands synchronizes the unique identifiers (user IDs) or email addresses used in Blogs with the corresponding user IDs or email addresses used in the LDAP directory. Run these commands if LDAP information for any Blogs users changed. For example, if a user in an LDAP directory was deleted and then added back, the user would get a new user ID in the LDAP directory - even if the user was recreated with the same Login Name or email address. You would then need to run one of the synchronization commands so that the Blogs database tables can be updated with the new user ID from LDAP. If you are moving from a pilot installation to a full production environment, you would be moving to a different LDAP and would need to run this command.

Note: If the IBM Connections server has Profiles directory service extension enabled in LotusConnections-config.xml, also ensure that the Profiles component has also done a sync command with the LDAP server, so that the information stored in the Profiles database reflects the new email addresses or new user IDs. With Profiles directory service extension enabled, the other components, like Blogs, will look to the Profiles database (instead of LDAP) when making some of the membership calls.

You can also use the MemberService command to remove inactive users who no longer exist in the directory.


Procedure

  1. Open a command window and start the wsadmin command line tool. See Starting the wsadmin client for more details.

      Note: In a clustered environment, make sure you run wsadmin from the WAS Network Deployment server.

  2. Start the Blogs Jython script interpreter by entering the following command:

      execfile("<WAS_PROFILE_ROOT>/<DmgrName>/bin/blogsAdmin.py")

      For example, WebSphere\AppServer\profiles\Dmgr01\config\bin_lc_admin\blogsAdmin.py 

  3. Enter one of the following commands to synchronize user data:

      BlogsMemberService.syncAllMembersByExtId(boolean)

        Iterates through all users in the Blogs ROLLERUSER database table to compare them against the entries in the directory based on each user's external ID. This command allows you to inactivate users who no longer exist in the directory. It first checks to see if the external ID is present in the directory. If it is, then no action is performed. If the external ID does not exist in the directory, an attempt is made to match the person by email address and login name. If neither is found, then the person is marked as inactive in the Blogs ROLLERUSER database table. If the match by login and email is successful, then one of the following actions is taken:

        • If you specified true as the parameter, then the member external ID is updated.

        • If you specified false as the parameter, then the member information is appended to a log file named <file name TBD>.

        Parameters:

        true

          Specifies that you want the external ID in the Blogs ROLLERUSER database table to be updated with the name in the directory if the current external ID is incorrect, but the correct ID was found by matching the person's login name and email address.

        false

          Specifies that you want to create a log entry when the current external ID is incorrect, but the correct ID was found by matching the person's login name and email address.

      BlogsMemberService.syncMemberByExtId(newExternalID, oldExternalID)

        Determines whether a user is active or inactive by checking the directory for the external ID used in the Blogs ROLLERUSER database table to represent that user.

        Parameters:

        newExternalID

          Unique ID that represents a user. If you provide this parameter alone, the command compares the active status of the member between the Blogs ROLLERUSER database table and the directory. If the member is marked as inactive in the Blogs ROLLERUSER database table, but is found in the directory, then the record is reactivated. If the member is marked as active in the Blogs ROLLERUSER database table, but is not found in the directory, then the record is marked as inactive.

        oldExternalID

          Optional. If you provide this parameter, you are stating that you know that the same person is being represented by two different external IDs – the oldExternalID in the Blogs ROLLERUSER database table where the member is marked as inactive and the newExternalID in the your LDAP directory – and you want to use the value of the newExternalID to represent the person you want to activate. When you specify this parameter, all the data associated with both IDs is merged into a single record that is associated with the new ID only.

        CAUTION: Use this command with care. It should only be used when you are sure that the two IDs represent the same person.

      BlogsMigrationService.syncAllUserEmails()

        This command updates all email addresses in the Blogs ROLLERUSER database table. This service queries the LDAP server for each user by user ID to retrieve the updated email address, and then updates all member email addresses by user ID. Update time will vary, depending on the number of people the Blogs ROLLERUSER database table. On average, 8 minutes per 500 users is the norm. For large databases, run this process overnight.

      BlogsMemberService.syncAllMemberExtIds()

        This command will update the user's external user ID in the Blogs ROLLERUSER database table. This service queries the LDAP server for each user by login name to retrieve the updated user ID.

        Update time will vary, depending on the number of people in the Blogs database table, ROLLERUSER. On average, 8 minutes per 500 users is the norm. For large databases, run this process overnight.

      BlogsMemberService.syncMemberExtIdByEmail(emailAddr)

        This command updates the user's external user ID in the Blogs ROLLERUSER database table by the specified email address. For example,

        BlogsMemberService.syncMemberExtIdByEmail("mary_brown@renovations.com")

      BlogsMemberService.syncMemberExtIdByLogin(loginName)

        This command updates the user's external user ID in the Blogs ROLLERUSER database table by the specified login name. For example,

        BlogsMemberService.syncMemberExtIdByLogin("mary_brown")

      BlogsMemberService.syncBatchMemberExtIdsByEmail(emailFile)

        This command updates the user's external user ID in the Blogs ROLLERUSER database table by the email addresses in the specified email file. Specify the path and name of a text file that contains one or more email addresses of users to sync. Specify one email address per line in the text file. For example,

        In a stand-alone deployment, create this text file and save it in a directory local to the server where you are running the wsadmin processor. In a network deployment, the file needs to be local to the server that you connect to.

        Sample of the userEmails.txt file:

          ajones@ibm.com
          joseph_smith@ibm.com
          eric.warner@ibm.com

      BlogsMemberService.syncBatchMemberExtIdsByLogin(loginFile)

        This command updates the user's external user ID in the Blogs ROLLERUSER database table by the login names in the specified login file. Specify the path and name of a text file that contains one or more login names of users to sync. Specify one login name per line in the text file. For example,

        BlogsMemberService.syncBatchMemberExtIdsByLogin("d:/temp/userLoginNames.txt")
        In a stand-alone deployment, create this text file and save it in a directory local to the server where you are running the wsadmin processor. In a network deployment, the file needs to be local to the server that you connect to.

        Sample of the userLoginNames.txt file:

          ajones
          joseph smith
          ericwarner

      BlogsMigrationService.syncAllUserIds()

        Note: This command is being deprecated in Connections 2.5. For release 2.5, this command is being maintained for backward compatibility. We recommend you use BlogsMemberService.syncAllMemberExtIds() instead, which is the replacement for this deprecated command.

        This command updates all user IDs in the Blogs database. This service queries the LDAP server for each user by login name to retrieve the updated user ID.

        Update time will vary, depending on the number of people in your Blogs database table, ROLLERUSER. On average, 8 minutes per 500 users is the norm. For large databases, run this process overnight.

      Note: Depending on the size of data being synchronized, if the execution of one of these commands takes longer to complete than the value of the com.ibm.SOAP.requestTimeout property in the soap.client.props file in WAS_HOME\profiles\PROFILE_NAME\properties\soap.client.props, an error will display on the wsadmin console, and any return value from the method invoked will be lost. The command continues to be processed to completion, but the connection between the application and the wsadmin client that invoked it is gone. To change this behavior so that the client does not terminate the connection, increase the value of the com.ibm.SOAP.requestTimeout property or set the property to 0 for no timeout. If you reset the property restart the application server for the change to take effect.

Results

When the command completes, the result displays in the wsadmin console, including error messages and summary message. You also can see the messages that are logged by "BlogsAdmin" in the SystemOut.log file. The commands update the Blogs ROLLERUSER database table.


Related tasks


Starting the wsadmin client

+

Search Tips   |   Advanced Search