Running the User Transformation tool to fix the distinguished name or other LDAP attributes for end users
The User Transformation tool fixes up the distinguished name (DN) stored with the content within IBM Lotus Quickr. This tool provides a way to run a data fixup utility that will reconcile inconsistencies between the user's distinguished name stored with the user's data and the user's distinguished name in the LDAP directory in the event the LDAP distinguished name has been changed.
The Lotus Quickr content store includes a user attribute as part of the data in order to maintain a mapping between the content and the users acting on the content. By default this attribute is the distinguished name. While the DN attribute is unique, it is not static and might change, which can put it out of sync with the DN attribute stored with the content. This situation can be seen in the Lotus Quickr user interface where names out of sync with their LDAP attributes return "name not found" messages, and Sametime awareness does not work.
The User Transformation tool has two separate components:
- Fixes the DN in Quickr WCM content, like wikis and blog (except for Document Library )
- Fixes the DN in Quickr Document Library
Before you begin
The User Transformation tool skips locked documents in a Quickr content library. Before running the tool, an administrator should unlock any locked items. Also, documents in an approval process cycle (workflow) should be approved or removed from the workflow.
Note: Later versions of the DNRemapper(User Transformation Tool) improved handling of locks. This task now accepts a paramter (handleLocks), so an example url for the task would now be:
http://yourhost:10038/contentapi/clb/init?action=remapDN&mode=report&handleLocks=true (for report mode)
http://yourhost:10038/contentapi/clb/init?action=remapDN&mode=update&handleLocks=true (for update mode)
The behaviour is as follows:
All documents will now be processed and dont need to be unlocked manually. Documents that are locked (and the lock owner exists in the system) will still have the same lock after the task has completed.
Documents that are locked by a user that is no longer in the system, will become unlocked.
If you have a large number of items to process, you might need to increase the session timeout setting of your server. This is changed using the WebSphere® Application Server administration console. Go to Application Servers > WebSphere_Portal > Container Settings > Web Container Settings > Session Management. See the WebSphere Application Server information center for more information.
How to install and configure of the tool
1. Follow the instructions from the ifix readme to install the tool. You can find the ifix, LO34184, on the IBM® Fix Central Web site at http://www.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.1.0-UTT-IFLO34184&productid=Lotus%20Quickr&brandid=2
2. Unzip the ifix and install using the Portal Update Installer (PUI).
a. Locate and edit the user input file as follows (or create one if doesn't exist):
- For WCM-Based List Apps (Blogs, Wikis, and so on):
b. Add the users' old
DN and new DN
replacement, for example:
DN of Old user -> DN of New user
| # comments
uid=bill,o=default organization -> uid=bill2,o=default organization
uid=John Doe,o=default organization -> uid=Mary Jane,o=default organization
3. Make sure the LDAP directory server is running.
How to run the tool
You should invoke the User Transformation tool from a special URL only as follows:
To fix DN in Lotus Quickr WCM content such as wikis and blogs (except for Document Library) :
To fix the DN in a Lotus Quickr Document Library:
Both Report and Updates show results by:
Report and Update examples
The following screens show examples of Report and Update results:
Before and After scenario
The following screen shows documents created by SMYTH9300a with editor access before the User Transformation tool has been run. Note that the share.docx document is not published:
After changing uid in DN from
this user still has access to the library, but the Share.docx file is lost and the Draft on editor1.doc is lost (original still there).
After changing all values in DN from SMYTH9300a to SMYTH9300b, the following screen shows the name is now the UID of the original user in editor1.doc and word03.doc. test.pptx was updated after the DN change:
After running the User Transformation tool, changing
the following screen shows that most documents have the correct user name associated with them, but the name associated with the locked document is still not updated.
Locked Document Workaround:
1. Revert DN to the old value, log in and unlock file.
2. Change DN to new value again.
3. Re-run the User Transformation tool. To avoid this issue, unlock all files before running tool.