Synchronizing group membership by users

The groupMembershipFullUpdate and groupMembershipUpdate commands trigger synchronization of group membership by users between the WebSphere® Application Server user registry and the IBM® BPM database.

Important: These commands might result in execution times that exceed the default timeout setting for wsadmin command execution. To change the default to allow for the execution time required in your environment, open the profile_root/properties/soap.client.props file and change the value for com.ibm.SOAP.requestTimeout to 0 , which means no timeout.
Tip: Consider executing these commands during idle time, as they might impose a high load on the system.

You can also perform this task by using the AdminTask object of the wsadmin scripting client. For more information, see BPMGroupMembershipUpdateTask command and BPMGroupMembershipFullUpdateTask command.

To synchronize group membership by users, use the following commands, which are located in the deployment manager profile_root/bin directory and are available for both Windows and Linux environments:

groupMembershipFullUpdate.[bat|sh] [options...] -dynamicGroupUpdate
Updates the LDAP group membership of all users that are known to IBM Business Process Manager. You must specify one of the following values for the -dynamicGroupUpdate parameter:
  • never to stop dynamic group updates.
  • always to enforce dynamic group updates.
Omitting this option or specifying default or any other value will result in updates to dynamic groups only if a group membership change was detected.
groupMembershipUpdate.[bat|sh] [options...] userID1 userID2 ...userIDn -dynamicGroupUpdate
Updates the LDAP group membership of the user or users specified with this command. If a specified user ID is unknown to IBM Business Process Manager, this user is created within IBM Business Process Manager. You must specify one of the following values for the -dynamicGroupUpdate parameter:
  • never to stop dynamic group updates.
  • always to enforce dynamic group updates.
Omitting this option or specifying default or any other value will result in updates to dynamic groups only if a group membership change was detected.
Each command has the following options:
-?, -help
Displays the syntax of the command
-username|-u|-user user_name
The name of the admin user
-password|-p password
The password of the user (unencrypted)
-host host_name
The host name of the AppTarget cluster member on which the admin task should be executed (must be used with port)
-port port
The SOAP port of the AppTarget cluster member on which the admin task should be executed
Parent topic: Synchronizing users and groups