Review the LDAP user import utility usage notes for important
information that can help you run the LDAP user import utility more
effectively.
You must run the LDAP user import utility on the same machine on
which the system administration client is installed. The LDAP server
configuration for the system administration client is saved in the
local copy of the cmbcmenv.properties file. The
file is located on the machine where the system administration client
is installed.
Restriction: You can define only one LDAP import schedule
for each database, which is on the server that contains the system
administration client.
- When the utility runs, groups and users that satisfy the filter
criteria are added to the Content Manager EE database only if they do not exist in the database or
if the database does not reflect the same group and user mapping as
the LDAP directory.
- If you chose to maintain the LDAP groups, users are added into
groups of the same name in the database.
- If you chose to put all users in one group, all users are added
to a single group in the database.
- If you use the system administration client to modify a group
or user record in the database, the import utility does not alter
those changes. Be aware, however, that if you move a user from one
group to another in the database, the import utility re-creates the
user in a group that matches the user's association in the LDAP directory.
- If a group or user was deleted from the LDAP directory, the import
utility deletes the group or user from the Content Manager EE database.
- If an administrator uses the system administration client to delete
a user from the Content Manager EE database, the user is not deleted from the LDAP directory. Furthermore,
unless you explicitly delete the user from the LDAP directory, or
modify the user filter criteria to exclude that user, the user is
re-created the next time that the import utility runs. This same processing
occurs for groups that you delete from the Content Manager EE database and then reimport
from the LDAP directory.
- For Windows servers:
To view a list of all tasks scheduled by the LDAP user import utility,
open a command window and enter at at the prompt.
Any task created with this utility shows cmldapimpusers81.bat in its path. For Linux servers,
open a terminal and enter crontab -1. Any task
created with this utility shows cmldapimpusers81.sh in its path.
- To view information about import tasks that have already run,
see the following log files:
- Windows
- cmldapimpusers81.log.
- Linux, AIX® or Solaris
- cmldapimpusers81.stderr and cmldapimpusers81.stdout.
- If the distinguished name (DN) for a user changes later, you must
re-import the user.
