Notes

  1. Ensure that LDAP authentication is configured and working before attempting to use ARSLSYNC. See LDAP (Lightweight Directory Access Protocol) authentication support for detailed instructions on how to configure LDAP authentication.
  2. On AIX and Linux, ARSLSYNC uses the following parameters in the ARS.CFG configuration file. Windows implementations use the OnDemand Configurator, clicking the Parameters button from the Instance Properties tab to add the parameters.
    • ARS_LDAP_SERVER_TYPE (required)
    • ARS_LDAP_USER_FILTER (required)
    • ARS_LDAP_GROUP_FILTER (required if ARS_LDAP_SYNC_USERS_ONLY=FALSE)
    • ARS_LDAP_GROUP_MAPPED_ATTRIBUTE (required)
    • ARS_LDAP_IGN_GROUPS
    • ARS_LDAP_IGN_USERIDS
    • ARS_LDAP_USER_FULL_NAME_ATTRIBUTE
    • ARS_LDAP_USER_DESCRIPTION_ATTRIBUTE
    • ARS_LDAP_GROUP_DESCRIPTION_ATTRIBUTE
    • ARS_LDAP_GROUP_USER_FILTER_USE_DN
    • ARS_LDAP_USER_RESULT_BEGIN
    • ARS_LDAP_USER_RESULT_END
    • ARS_LDAP_GROUP_USER_FILTER
    • ARS_LDAP_GROUP_USER_RESULT_BEGIN
    • ARS_LDAP_GROUP_USER_RESULT_END
    • ARS_LDAP_SYNC_USERS_ONLY
    • ARS_LDAP_GM_ATTRIBUTE

    For details on these parameters, see the topic titled Specifying the ARS.CFG file for the instance in the IBM Content Manager OnDemand for Multiplatforms: Installation and Configuration Guide.

    Once the parameters have been entered, you must restart the ARSSOCKD process for the changes to take effect.

    The following example shows the ARS.CFG file parameters and values for an LDAP configuration with ARSLSYNC parameters specified for Active Directory: 
         ARS_LDAP_SERVER=adserver.yourcompany.com 
     ARS_LDAP_PORT=3268 
     ARS_LDAP_USE_SSL=FALSE 
     ARS_LDAP_BASE_DN=dc=ondemand,dc=yourdomain,dc=local 
     ARS_LDAP_BIND_ATTRIBUTE=sAMAccountName 
     ARS_LDAP_MAPPED_ATTRIBUTE=sAMAccountName 
     ARS_LDAP_ALLOW_ANONYMOUS=FALSE 
     ARS_LDAP_BIND_MESSAGES_FILE= 
     ARS_LDAP_IGN_USERIDS=ADMIN
     ARS_LDAP_SERVER_TYPE=AD
     ARS_LDAP_USER_FILTER=(objectclass=user)
     ARS_LDAP_GROUP_FILTER=(objectclass=group)
     ARS_LDAP_GROUP_MAPPED_ATTRIBUTE=CN
     ARS_LDAP_IGN_GROUPS=CMOD_ADMINS,CMOD_USERADMINS
  3. The ARSLSYNC program must be run as the instance owner.
  4. The command requires the use of either the sync (-s) or preview (-t) parameter. In preview mode, no changes are made to the server. This should be used during the configuration of ARSLSYNC. Once you are satisfied that your filters are set correctly, you can proceed to run the command in sync mode.
  5. The ARSLSYNC program issues status messages which are sent to the system log. The messages contain a manifest of any changes made to the system.
    • ARS0460I - LDAP Synchronization Success
    • ARS0461E - LDAP Synchronization Failed
  6. ARSLSYNC includes a verbose option (-v) which displays all changes, and lists any users or groups that already exist in Content Manager OnDemand. The existing users and groups will remain unchanged.