Synchronizing group membership by users

The groupMembershipFullUpdate and groupMembershipUpdate commands trigger synchronization of group membership by users between the WebSphere® Application Server user registry and the IBM® BPM database.

Important: These commands might result in execution times that exceed the default timeout setting for wsadmin command execution. To change the default to allow for the execution time required in your environment, open the profile_root/properties/soap.client.props file and change the value for com.ibm.SOAP.requestTimeout to 0 , which means no timeout.
Tip: Consider executing these commands during idle time, as they might impose a high load on the system.

To synchronize group membership by users, use the following commands, which are located in the profile_root/bin directory, and are available for both Windows and Linux environments:

groupMembershipFullUpdate -username [options] -dynamicGroupUpdate [required value]
Updates the LDAP group membership of all users that are known to IBM Business Process Manager. At the end of the group membership update, dynamic groups are updated once. You must specify one of the following values for the -dynamicGroupUpdate parameter:
  • never to stop dynamic group updates.
  • always to enforce dynamic group updates.
Omitting this option or specifying default or any other value will result in updates to dynamic groups only if a group membership change was detected.
groupMembershipUpdate -username [options] userID1 userID2 ...userIDn -dynamicGroupUpdate [required value]
Updates the LDAP group membership of the user or users specified with this command. If a specified user ID is unknown to IBM Business Process Manager, this user is created within IBM Business Process Manager. At the end of the group membership update, dynamic groups are updated once. You must specify one of the following values for the -dynamicGroupUpdate parameter:
  • never to stop dynamic group updates.
  • always to enforce dynamic group updates.
Omitting this option or specifying default or any other value will result in updates to dynamic groups only if a group membership change was detected.
Each command has the following options:
-username
The name of the user
-password
The password of the user
-host
The host name of the AppTarget cluster member on which the admin task should be executed
-port
The SOAP port of the AppTarget cluster member on which the admin task should be executed
Parent topic: Synchronizing users and groups