×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')
BMC Server Automation Command Line Interface 8.7 RBACRole

RBACRole - syncUsers_2

RBACRole - syncUsers

Description :

This command synchronizes users of a specified role with an external directory server.

Prerequisite: To run this command, the role you used to initiate this BLCLI session must have read and write access to the users in the role you want to sync. Specifically, the BLCLI role must have User.Read, User.Modify, User.ModifyProperties and User.Delete permission for any users already assigned to the role you specify using the roleName argument.

Restriction: Use this command only if you are syncronizing under 1000 users at a time. If you are synchronizing more than 1000 users, use one of the syncUsers commands listed below. These syncUsers signatures do not have 1000 user maximum restriction:

syncUsers , syncUsers , syncUsers

You can use this command as part of the setup for the Active Directory user synchronization feature. For information about this feature, see the RBAC section of the BMC BladeLogic User Guide (Managing Access).

For ldapConnection, specify a named LDAP connection that you already created by using the Ldap : createConnection command.

For automationPrincipalName, specify the name of an automation principal that you already created by using the Impersonation : createAutomationPrincipal command.

Return type : DBKey

Command Input :

Variable Name

Variable Type

Description

roleName

String

Name of the role on which you want to perform the synchronization operation.

ldapConnection

String

Name of an existing LDAP connection.

automationPrincipalName

String

Name of an existing automation principal.

baseDN

String

Base distinguished name from which to start searching for users.

ldapFilter

String

LDAP filter to query users with.

ldapAttribute

String

Name of the LDAP attribute where the username is stored.

Example

The following example synchronizes users of role DemoUS with ActiveDirectory server engw2k8x64sso8.sso.bmc.com. This is simply an additive operation; existing users of the role are kept intact. The query parameters specify how to find the users belonging to the RBAC role DemoUS in the ActiveDirectory server. The synchronization operation never affects reserved users (BLAdmin and RBACAdmin) or any users for whom the isSynchronizable property is set to false.

This example assumes that you have already created an LDAP connection and an automation principal.

Script

RBACRole syncUsers DemoUS SSO DirAdmin CN=Users,DC=sso,DC=bmc,DC=com "(&(objectClass=user)(logonCount=1))" userPrincipalName
Was this page helpful? Yes No Submitting... Thank you
Last modified by Yechezkel Schatz on Jul 19, 2016

Comments

Log in or register to comment.

RBACRole - syncUsers_1
RBACRole - syncUsers_3
© Copyright 2008 - 2017 BMC Software, Inc. © Copyright 1996 - 2017 BladeLogic, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.