Synchronize user identification data between Communities and the LDAP directory 

Use administrative commands to synchronize member records in the Communities database with the LDAP directory.


Before starting

To use administrative commands, use the wsadmin client. See Starting the wsadmin client for details.

If you are using the Profiles directory service, first synchronize the ExtId values in the Profiles database with the LDAP directory before you can run the commands that synchronize member IDs described in this topic. See Synchronize user data between Profiles and the LDAP directory for more details.


About this task

When you run the synchronization commands for Communities, internally the commands update two database tables: MEMBERPROFILE, which holds member names and information for users who have been added to Communities as members or owners, and DF_MEMBERPROFILE, which holds member information for the discussion forums that are contained in the various communities. The synchronization commands write output to the SystemOut.log file. After running the commands, be sure to check this file because the login names of community users that were not successfully updated are logged in the file.

You can see information being logged about the MEMBERPROFILE and DF_MEMBERPROFILE database tables as they are being updated by the synchronization commands. The information being logged by Communities begins with the prefix CLFRM, and the information being logged by discussion forums is prefixed with CLFRV. Here is an example of each: 

CLFRM0148I: Updated member identified by login name: ajones =>  [Display Name Alan Jones -> Alan Jones],  [Directory UUID 8E9FEEB4-6843-C96C-8525-7346003D2222 -> 8E9FEEB4-6843-C96C-8525-7346003DC434],  [Email address ajones@test.company.com -> ajones@test.company.com]

CLFRV0234I: The member profile "Jason_Nesbit" matches the directory service with external id 6A10B973-025F-35F7-8525-74020078147B.

Note: Communities use an internal identifier to manage access control. This identifier is different from the person identifier used in the LDAP directory. When the LDAP identifier changes, the mapping of it to the internal identifier for each member needs to be changed. Commands are provided for manipulating the internal ID of community members.


Procedure

To synchronize member IDs between Communities and the LDAP directory...

  1. Start the wsadmin client so that you can access Communities configuration files.

    1. Access the Communities configuration files: 

        execfile("communitiesAdmin.py")

        If prompted to specify a service to connect to, type 1 to pick the first node in the list. Most commands can run on any node. If the command writes or reads information to or from a file using a local file path, pick the node where the file is stored.

  2. Use the following commands to change the internal IDs of community members:

      CommunitiesMemberService.syncAllMemberExtIds()

        Synchronizes all member directory IDs in the Communities member database table with the LDAP directory ID. For each member, this service queries the LDAP server by login name (or names) stored as part of the Communities member profile to retrieve the updated directory ID (unique interapplication identifier). The member's login names, display name, and email address are updated if necessary.

        Use this command when a change occurs in the deployment LDAP system. For example, if people have been deleted from the LDAP directory or personal information has changed.

        The update time varies depending on the number of people in the Communities database. On average, it takes approximately eight minutes to update 500 users. For large databases, run this process overnight.

        This command does not take any parameters.

      CommunitiesMemberService.syncMemberExtIdByLogin(String loginName)

        Synchronizes a single member's directory ID in the Communities member database table. This command is essentially the same as syncAllMemberExtIds() but applied to a single member. The member's login names, display name, and email address are updated if necessary.

        This command takes loginName as a parameter. This parameter is a single, valid user login name.

        For example: 

        CommunitiesMemberService.syncMemberExtIdByLogin("John Smith")

      CommunitiesMemberService.syncBatchMemberExtIdsByLogin(String loginFile)

        Synchronizes a list of member's directory IDs in the Communities member database table. The list is specified in a text file specified by the parameter. This command is essentially the same as syncAllMemberExtIds() but applied to a list of members, and the LDAP server is queried by the specified login names. The members' login names, display names, and email address are updated if necessary.

        This command takes loginFile as a parameter. This is a text file name with a single, valid login name per line. You must create this text file and save it in a directory that is local to the server that you connect to.

        Example:
        CommunitiesMemberService.syncBatchMemberExtIdsByLogin("/opt/Communities/update.txt")

      CommunitiesMemberService.syncMemberExtIdByEmail(String emailAddr)

        Synchronizes a single member's directory ID in the Communities member database table. The command is essentially the same as syncAllMemberExtIds(), but applied to a single member, who is identified by the specified email address. The member's login names and display name are updated if necessary.

        This command is used when a change occurs in the deployment LDAP system or when a person identifier in the LDAP directory changes in some respect. This change might occur when an LDAP record is updated.

        This command takes a string as a parameter, emailAddr. This string is a valid email address.

        For example: 

        CommunitiesMemberService.syncMemberExtIdByEmail( "jdoe@example.com")

      CommunitiesMemberService.syncBatchMemberExtIdsByEmail(String emailFile)

        Synchronizes a list of member's directory IDs in the Communities member database table. The list is specified in a text file specified by the parameter. This command is essentially the same as syncAllMemberExtIds() but applied to a list of members, and the LDAP server is queried by the specified email addresses. The members' login names and display names are updated if necessary.

        This command takes emailFile as a parameter. This parameter is a text file name with a single, valid email address per line. You must create this text file and save it in a directory that is local to the server that you connect to.

        For example: 

        CommunitiesMemberService.syncBatchMemberExtIdsByEmail("c:/Communities/email_file.txt")

      Note: Depending on the size of data being synchronized, if the execution of one of the synchronization commands takes longer to complete than the value of the com.ibm.SOAP.requestTimeout property in the soap.client.props file in <WAS_HOME>\profiles\PROFILE_NAME\properties\soap.client.props, a "SOAP timeout" error displays on the wsadmin console, and any return value from the method invoked is lost. This means that the connection between the wsadmin command processor and the server is lost. However, the server continues to process the command and you can view additional messages being logged by the command in the SystemOut.log file. To change this behavior so that the client does not terminate the connection, increase the value of the com.ibm.SOAP.requestTimeout property or set the property to 0 for no timeout. If you reset the property, restart the application server for the change to take effect.

Related tasks
Synchronize user data between Profiles and the LDAP directory

+

Search Tips   |   Advanced Search