Configuring the VMMSYNC cron task to synchronize users and groups

The VMMSYNC cron task synchronizes users and groups between the database and the federated VMM repository in WebSphere® Application Server Network Deployment. If you use WebSphere Application Server Network Deployment, then you must configure the VMMSYNC cron task to include the connection information for your environment.

Procedure

  1. In the Cron Task Setup application, open the definition for the VMMSYNC cron task.
  2. In the Cron Task Instances section, select Active and Keep History, and then specify the maximum number of history records.
  3. Update the XML for the UserMapping parameter.
    1. In the Parameters tab, open the details for the UserMapping parameter.
    2. In the Value field, modify the basedn attribute to match your environment. For example, update the default value of ou=users,ou=SWG,o=IBM,c=US to match the specific OU structure that is defined in your LDAP repository to host user information, such as ou=myusers,o=myorg.org.
    3. Add or modify attributes to match attribute names that are defined for each user record in the LDAP repository. Attributes must be defined before they can be used in data mapping. Refer to the database schema to determine whether an attribute is required. Columns in the MAXUSER table that are specified as NOT NULL are required.
    4. Map new or changed attributes to specific columns in the database.
  4. Update the XML for the GroupMapping parameter.
    1. In the Parameters tab, open the details for the GroupMapping parameter.
    2. In the Value field, modify the basedn attribute to match your environment.
    3. Add or modify attributes to match group attributes that are defined for group records in the LDAP repository.
    4. Map new or changed attributes to specific columns in the database.
    5. Map members into defined groups. The member attribute must match the group member attribute that is defined in the LDAP repository.
  5. Set a user ID and password for the cron task to use to access the LDAP repository. This user ID must be defined in the LDAP repository, but does not require any sort of update access.
    1. In the Parameters tab, open the details for the Principal parameter.
    2. In the Value field, modify the value to match the fully qualified name value from the LDAP repository, for example cn=wasadmin,ou=myusers,o=myorg.org.
    3. In the Parameters tab, open the details for the Credential parameter.
    4. In the Value field, modify the value to match the password of the user ID that is specified in the Principal parameter.
  6. In the Parameters tab, open the details for the UserSearchAttribute parameter and modify the value to match the LDAP attribute that is used to query user records.
  7. In the Parameters tab, open the details for the GroupSearchAttribute parameter and modify the value to match the LDAP attribute that is used to query group records.
  8. Save the changes to the VMMSYNC cron task.


Feedback