Problem
"Security role to user/group mapping" is reset after installing or uninstalling maintenance updates.
Cause
"Security role to user/group mapping" information is written in the each application's ear (ex. Blogs.ear).
When maintenance update is installed or uninstalled, the fix application process repackages the EAR, then calls to re-install the EAR. It forces the node synchronization which overwrites what's actually there in DM and Node config directory.
Environment
All Platforms
Resolving the problem
If you have customized security role mappings in the WebSphere Application Server Integrated Solutions Console for the IBM Connections applications, these customized security roles will be needed to be re-mapped.
"Security role to user/group mapping" is reset after installing or uninstalling maintenance updates.
Cause
"Security role to user/group mapping" information is written in the each application's ear (ex. Blogs.ear).
When maintenance update is installed or uninstalled, the fix application process repackages the EAR, then calls to re-install the EAR. It forces the node synchronization which overwrites what's actually there in DM and Node config directory.
Environment
All Platforms
Resolving the problem
If you have customized security role mappings in the WebSphere Application Server Integrated Solutions Console for the IBM Connections applications, these customized security roles will be needed to be re-mapped.
10 comments:
Klaus Bild shared an excellent script to automate the reconfiguration of the roll mappings.
http://kbild.ch/2012/04/add-admin-users-to-connections-security-roles-the-easy-way/
@Unknown - thanks for this, please consider sharing your real name so that I can thank you properly :-)
Does anyone know if this issue is related to only IBM Connections 3.x or does the problem also exist in Connections 4.x ?
@Jeff - according to the Technote - http://www-01.ibm.com/support/docview.wss?uid=swg21598514 - this only relates to IBM Connections 3.0.1 and 3.0.1.1
Thanks for that information. I see the article about python script to automate this, but I am still getting my feet wet with WAS and wsadmin. Thrown into the Connections fire so to speak ! ;-)
Another question somewhat related to this. Is anyone else using Active Directory as their LDAP source for connections. If so, do you know if you can use either Resource Groups or Role Groups for the group mapping? Resource Groups contail Role Groups which contain users, some software will allow a Resource Group to be used and it will do the lookup for the Role Group and User). Thanks, Jeff
@Jeff - yes, I've used Active Directory and Connections 3.0.1 together quite happily. We had eight AD domains federated in, with users accessing the site from around the globe. We also had desktop Single Sign-On going with Kerberos/SPNEGO ( I've blogged/presented about that stuff elsewhere).
As far as Resource/Role Groups, that isn't something that I've had experience of, but it *should* be achievable.
Dave
@Jeff - one more thing, there is an ongoing Skype chat for Connections practitioners. It was originally set up by a UK Business Partner, Stuart McIntyre, from Collaboration Matters, and the audience includes customers, partners and IBMers.
Check this post for details -> http://portal2portal.blogspot.co.uk/2010/10/lotus-connections-and-lotus-quickr.html
Thanks to all for their answers !
RE: AD Resource Groups, I entered one and it seems to be working, so it looks like Connections can work with either Role Groups or Resource Groups.
Also, thanks for the information on Skype Chat for Connections. I haven't ever participated in one of those. I will try and look at to see what that involves.
@Jeff - no worries, good luck. So when are you going to start a blog ?
Post a Comment