Synchronizing group membership by users
The groupMembershipFullUpdate and groupMembershipUpdate commands trigger synchronization of group membership by users between the WebSphere® Application Server user registry and the IBM® BPM database.
Important: These commands might result in execution times that exceed the default
timeout setting for wsadmin command execution. To change the default to allow for the execution time
required in your environment, open the
profile_root/properties/soap.client.props file and change
the value for com.ibm.SOAP.requestTimeout to 0 , which means no
timeout.
Tip: Consider executing these commands during idle time,
as they might impose a high load on the system.
You can also perform this task by using the AdminTask object of the wsadmin scripting client. For more information, see BPMGroupMembershipUpdateTask command and BPMGroupMembershipFullUpdateTask command.
To synchronize group membership by users, use the following commands, which are located in the deployment manager profile_root/bin directory and are available for both Windows and Linux environments:
- groupMembershipFullUpdate.[bat|sh] [options...] -dynamicGroupUpdate
- Updates the LDAP group membership of all users that are known to IBM Business Process Manager.
You must specify
one of the following values for the -dynamicGroupUpdate parameter:
- never to stop dynamic group updates.
- always to enforce dynamic group updates.
- groupMembershipUpdate.[bat|sh] [options...] userID1 userID2 ...userIDn -dynamicGroupUpdate
- Updates the LDAP group membership of the user or users specified with this command. If a
specified user ID is unknown to IBM Business Process Manager,
this user is created within IBM Business Process Manager.
You must specify
one of the following values for the -dynamicGroupUpdate parameter:
- never to stop dynamic group updates.
- always to enforce dynamic group updates.
Each command has the following options:
- -?, -help
- Displays the syntax of the command
- -username|-u|-user user_name
- The name of the admin user
- -password|-p password
- The password of the user (unencrypted)
- -host host_name
- The host name of the AppTarget cluster member on which the admin task should be executed (must be used with port)
- -port port
- The SOAP port of the AppTarget cluster member on which the admin task should be executed