Synchronizing users

The usersSync and usersFullSync commands trigger synchronization of users between the WebSphere Application Server user registry and the IBM® BPM database.

Important: These commands might result in execution times that exceed the default timeout setting for wsadmin command execution. To change the default to allow for the execution time required in your environment, open the profile_root/properties/soap.client.props file and extend the timeout or disable it by using 0.
Tip: Consider executing these commands during idle time, as they might impose a high load on the system.

To synchronize users, use the following commands, which are located in the profile_root/bin directory, and are available for both Windows and Linux environments:

usersSync.[bat|sh] [options...] userID1 userID2 ... userIDn
Synchronizes a set of specified users

The output of the command contains the number of synchronized users. Users that are not available in the user registry are skipped from synchronization.

usersFullSync.[bat|sh] [options...]
Synchronizes all users in the user registry

The output of the command contains the number of synchronized users.

Each command has the following options:
-?, -help
Displays the syntax of the command
-u <username>, -username <username>
The name of the admin user
-p <password>, -password <password>
The password of the user (unencrypted)
-host <host>
The host name of the AppTarget cluster member on which the admin task should be executed (must be used with port)
-port <port>
The SOAP port of the AppTarget cluster member on which the admin task should be executed
The execution of these commands depends on the type of user registry configured for the Websphere user registry:
  • If federated repositories are not configured for Websphere security, the Websphere user registry interface is used for execution.
  • If federated repositories are configured for WebSphere Application Server security, the federated repositories API instead of the general user registry API is accessed, which results in significantly better performance. Because of this, consider employing federated repositories.

If federated repositories are configured and VMM is used along with Lightweight Directory Access Protocol (LDAP) directories, tune your LDAP configuration in the wimconfig.xml file to allow for the retrieval of all users in one VMM query. Refer to the VMM tuning documents. Select an appropriate setting for configurationProvider->maxSearchResults and consider adapting the value for ldapServers->connectTimeout and attributesCache->cacheSize as needed.

The wimconfig.xml file is located in the profile_root/config/cells/cell/wim/config/wimconfig.xml directory. In a cluster, it is located on the deployment manager for each server of the cluster.