Synchronizing users who are available in the IBM BPM database

The syncExistingUsers command triggers synchronization of users who are already stored in the IBM® Business Process Manager (BPM) database. It updates information for the existing users but avoids importing additional users from the WebSphere® Application Server user registry into the database.

This feature requires the latest service level and fixes for your version of IBM BPM.

Important: These commands might result in execution times that exceed the default timeout setting for wsadmin command execution. To change the default to allow for the execution time required in your environment, open the profile_root/properties/soap.client.props file and change the value for com.ibm.SOAP.requestTimeout to 0, which means no timeout.

Tip: Consider running these commands during idle time, as they might impose a high load on the system.

To synchronize users, run the syncExistingUsers script. It is in the profile_root/bin directory and is available for both Windows and Linux environments:

syncExistingUsers.[bat|sh] [options...]: Synchronizes all users in the database.

The output of the command contains the number of synchronized users.

Each command has the following options:

-?, -help: Displays the syntax of the command
-u <username>, -username <username>: The name of the admin user
-p <password>, -password <password>: The password of the user (unencrypted)
-host <host>: The host name of the AppTarget cluster member on which the admin task should be executed (must be used with port)
-port <port>: The SOAP port of the AppTarget cluster member on which the admin task should be executed

Note: In a cluster, the script must trigger execution on a cluster member. If you start the script on the deployment manager, the host parameter must denote one of the cluster members.

Running the script depends on the type of user registry that is configured for the WebSphere Application Server user registry:

If federated repositories are not configured for WebSphere Application Server security, the WebSphere Application Server user registry interface is used to run the script.
If federated repositories are configured for WebSphere Application Server security, the federated repositories API instead of the general user registry API is accessed, which results in significantly better performance. Because of this, consider using federated repositories.

If federated repositories are configured along with Lightweight Directory Access Protocol (LDAP) directories, and more than 1000 users are in the IBM BPM database, tune your LDAP configuration in the wimconfig.xml file so that all the users can be retrieved in one VMM query. Refer to the VMM tuning documents. Select an appropriate setting for configurationProvider->maxSearchResults and consider adapting the value for ldapServers->connectTimeout and attributesCache->cacheSize as needed.

The wimconfig.xml file is located in the profile_root/config/cells/cell/wim/config/wimconfig.xml directory. In a cluster, it is located on the deployment manager for each server of the cluster.