Use the member fixer tool with IWWCM

 

+
Search Tips   |   Advanced Search

 

Overview

Use the member fixer tool to check whether any Member Manager users or groups referenced in IWWCM items have been renamed or deleted.

The member fixer tool will not work if there are any locked items in a Web content library.

For a large number of items, use the WAS Admin console to increase the session timeout setting of the server...

Application Servers | WebSphere_Portal | Container Settings | Web Container Settings | Session Management

Run the Member Fixer Module if any of the following conditions have occurred:

  • A user or group has been permanently removed from WebSphere Portal.

  • If WebSphere Portal security has been enabled or disabled.

  • If syndication has occurred from another server with different WebSphere Portal security settings.

  • If the LDAP structure has been modified

  • If you have moved your data to a Portal server and WMM is configured to use its default auto-generated ID (rather than a unique attribute from each users LDAP record).

  • A user or group has been removed and then re-added to WebSphere Portal, and WMM is configured to use its default auto-generated ID (rather than a unique attribute from each users LDAP record).

If the Principal Information Cache is enabled (available with PK32457 but not enabled by default), run the Member Cache Manager Module as described in the iFix read-me before running the Member Fixer

 

Usage

  1. View a report of Member Manager users and groups...

    http://host:port/wps/wcm/connect?MOD=MemberFixer&library=libname

  2. Update referenced items...

    http://host:port/wps/wcm/connect?MOD=MemberFixer&library=libname&fix=true

  3. If the member fixer tool indicates that certain mismatched member conditions exist, enter the specified URL to correct the conditions.

    For nonexistent users or groups have alternate distinguished names (DNs) available. Either update WCMConfigServices.properties with new DNs, or update MemberFixerModules.properties before running any tasks involving new DNs. MemberFixerModules.properties technically is for WAS v6.1, but it should run with Portal v6.0.

    • Update the items that reference the nonexistent users or groups:

      http://host:port/wps/wcm/connect?MOD=MemberFixer&library=libname&fix=true&alt_dn=update

    • Remove the members that reference the users or groups:

      http://host:port/wps/wcm/connect?MOD=MemberFixer&library=libname&fix=true&alt_dn=remove

    For Users or groups have been found with mismatched external IDs in Member Manager.

    • Update the external IDs in Member Manager with correct external IDs:

      http://host:port/wps/wcm/connect?MOD=MemberFixer&library=libname&fix=true&mismatched_id=update

      Remove users and groups with mismatched external IDs:

      http://host:port/wps/wcm/connect?MOD=MemberFixer&library=libname&fix=true&mismatched_id=remove

    These URL options can be combined when the conditions occur at the same time. For example, if alternate DNs are available for nonexistent users and groups and there are mismatched external IDs in Member Manager, we might use the following URL:

    http://host:port/wps/wcm/connect?MOD=MemberFixer&library=libname&fix=true&alt_dn=update&mismatched_id=update


Parameters available with the member fixer tool

The member fixer tool runs as a single thread from start to finish.

The member fixer tool writes to the browser and to the systemout.log file.

To set member fixer to write ONLY to the systemout.log file, edit

    <wps_home>/wcm/shared/app/config/wcmservices/WCMConfigService.properties

...and add the following parameter...

    utility.module.browser.output=false

This parameter is useful when performance or memory are an issue in your environment.

The member fixer tool has several parameters that can be utilized when necessary. The parameters can be added to the URL by adding the string...

    &<parameter name

Multiple parameters may be combined to be used in conjunction with each other for the same MemberFixer command run.

Some of the parameters for MemberFixer include...

&library=library name Library to run the module against.

If nothing is supplied on the URL, will default to the default WCM library

&realm= realmname Realm in which to run the module.

Specified from the value of WmmDefaultRealm wpconfig.properties.

Default: portal

&fix=true Run the tool in fix mode. Absence of this parameter indicates that the tool will run in report mode only.
&restrictOn=content item Item type to run against. Valid values are:

  • Content
  • Cmpnt
  • Template
  • Site
  • SiteArea
  • Style
  • Taxonomy
  • Category
  • Workflow
  • WorkflowStage
  • WorkflowAction

In most cases Content represents the largest set of content items.In some cases this option can be used to restrict the number of items being processed and hence prevent long runs of the memberfixer tool.

&numberOfJcrOperationsPerLogin=number Number of operations for one JCR login.

Used to help with memory consumption. This value is set to 10 by default but can be changed by adding this parameter.

&preserve_dates=true/false Whether or not to maintain the current last modified date on the object.

One of the side effects of using this parameter is that the none of the items retrieved by the MemberFixer Module will be cached, thereby improving memory usage

&alt_dn=update
&alt_dn=remove
Used when running the tool in fix mode.

Used for non-existent members who have alternate DNs available, as detected when running the tool in report mode.

For example: The non existent user has the dn...

    cn=wpsadmin,o=zzz

...while the alternate dn available is...

    cn=wpsadmin, o=yyy

The update option updates nonexistent members with the alternate DN.

The remove option removes nonexistent members, even though they have alternate DNs.

&invalid_dn=update
&invalid_dn=remove
Used when running the tool in fix mode. This is used when some nonexistent members have no alternate DNs available is detected when running the tool in report mode.

The update option updates nonexistent members with the wcm administrators group.

The remove option removes nonexistent members entirely.

&mismatched_id=update
&mismatched_id=remove
Used when running the tool in fix mode. This is used when some members with mismatched WMM External Ids is detected when running the tool in report mode.

The update option updates WMM External Ids of the members with mismatched WMM External Ids.

The remove option removes members that have mismatched WMM External Ids.


Replace a non-existent user or group with an existing user or group

A fix was included in Web Content Management 6.0.1.1 and later that allows you to edit the WCMConfigService.properties file with mappings to your existing DNs.

The member fixer module's "alt_dn" mode now checks for mapped alternate DNs in the WCMConfigServices.properties file before using the configured values in the wpconfig.properties file.

Perform the following steps to map user and group DNs in the WCMConfigServices.properties file before running the member fixer module:

  1. Map the user and group DN syntax changes in...

      PortalServer\wcm\shared\app\config\wcmservices\WCMConfigServices.properties

    ...like so...

      EXISTING_DN_KEY=NEW_DN_SYNTAX

    ...where...

    • EXISTING_DN_KEY is the key constructed from the existing DN by replacing all equal sign characters "=" and spaces " " with underscores "_"
    • NEW_DN_SYNTAX is the replacement DN syntax.

    For example, if you have a user branch with the following DN syntax:

      cn=Jane Smith,ou=Portal Users,o=IBM

    You construct the EXISTING_DN_KEY by replacing all "=" and " " with "_" in the DN. So in this example the EXISTING_DN_KEY will be:

      cn_Jane_Smith,ou_Portal_Users,o_IBM

    If you are changing the syntax of this branch to:

      cn=Jane Jones,ou=Portal,o=IBM

    The NEW_DN_SYNTAX will be the new DN as is.

    This gives you the following mapping entry in your WCMConfigServices.properties file like so:

      cn_Jane_Smith,ou_Portal_Users,o_IBM=cn=Jane Jones,ou=Portal,o=IBM

    We can of course have mapping entries for multiple users that need to explicitly mapped to a new DN

      cn_Jane_Smith,ou_Portal_Users,o_IBM=cn=Jane Jones,ou=Portal,o=IBM
      cn_Mary_Jane,ou_WCM_Users,o_IBM=cn=Mary Smith,ou=WCM,o=IBM

  2. You could then run the member fixer as normal using the alt_dn option:

      http://[HOST]:[PORT]/wps/wcm/connect?MOD=MemberFixer&library=[LIBRARY_NAME]&alt_dn=UPDATE&fix=true
Note: For this procedure to work, the LDAP entry for cn=Jane Smith,ou=Portal Users,o=IBM does not exist. This user only exists as seen on the WCM content. If the user actually existed in the LDAP, the Memberfixer would not have been triggered to detect there was any issue. Important Note: Always backup your system (WCM/Portal Server and WCM/Portal Databases) before running the Memberfixer in fix mode. The Memberfixer when run in a fix mode will update your WCM data; you should have a database backup as a best practice for a backup/recovery plan.