Copying users from Remedy ITSM into BMC Digital Workplace Catalog
For each BMC Digital Workplace self-service user who requires access to view and request services from the catalog, a user account that shares the same credentials must exist in the BMC Digital Workplace Catalog database. A server system administrator can add multiple user accounts by running the user_group_sync.sh script to copy information from the Remedy IT Service Management server that hosts the accounts that BMC Digital Workplace uses.
Before you begin
- Make sure you have set the Oracle JRE or OpenJDK home path. Specify the name of the Java home folder. For more information on other installation parameters, see BMC Digital Workplace Catalog installation parameter reference.
- Make sure the Remedy system is licensed with enough user licenses.
- Complete the tasks in Configuring BMC Remedy Single Sign-On integration for BMC Digital Workplace Catalog.
- Complete the tasks in Performing the BMC Digital Workplace Catalog installation.
- Make sure you can log in to the application server and run scripts in the installLocation folder.
Details about the user_group_sync.sh script
The user_group_sync.sh script is inside the <installLocation>/artools folder. You can run the script from the command line, with options for setting the source and target databases.
After the first time you configure and run the process, you can set up a cron job to run the task automatically at specific times.
The copy process runs in a single direction from Remedy ITSM to BMC Digital Workplace Catalog. Also, the script only adds users; it does not delete users.
If many users exist in the Remedy ITSM database, the first time the user copy task is run, it might take a long time to complete. In the future, the process should take less time to complete because less data should be transferred.
The script copies the information from the following fields in the User table:
- Full name
- Login name
These fields are required to request catalog services. For security reasons, when the script copies user information, the process does not transfer the passwords. Remedy Single Sign-On must be configured for authentication to enable self-service users to have the appropriate access to view and request services.
User entitlement groups
When you run the user_group_synch.sh script, specify one of four recognized values for the
-sb_group_creation parameter to direct the script to create up to three levels of user entitlement groups, or not create any groups. The groups are used only when creating virtual marketplaces as a quick way to entitle multiple users at once, and are not linked to existing Remedy groups.
You do not need to create groups when copying users from Remedy ITSM. Instead, you can import the users as individual users, and create virtual marketplaces by using custom filters that read the user's information from the connected Remedy system. For more information, see Creating virtual marketplace entitlements.
Users are added to the groups as they are created. The following table shows the options you can specify for the
-sb_group_creation switch and the levels of groups that are created.
The default value for this parameter is set to
|Parameter value||Group name||Example based on pattern|
|Company - Organization||Calbro Services - Finance and administration|
|Company - Organization - Department||Calbro Services - Finance and administration - Accounts receivable|
|(Not applicable)||(Not applicable)|
To prepare the Remedy ITSM user sync utility
- As Demo user, log in to the BMC Remedy Mid Tier configured for BMC Digital Workplace Catalog.
- Select AR System Administration Console.
- Open the Common Server Configuration panel.
- Select Centralized Configuration.
- Click Component Name, and select arsys.server.shared.
- For the arsys.server.shared component type, select shared from the Component Name list.
- Change the value for Crossref-Blank-Password to T.
- Save the changes.
- Restart the dwpcontroller.
To prepare to run the user_group_sync.sh script
The script requires two system-level files: one to lock the database during the routine, and one to store the last time the task was run. The scheduled cron task also uses the files.
- Open a terminal window and log on to the BMC Digital Workplace Catalog application server.
Create the date tracking and lock files in the root folder.Commands to create the tracking files
# mkdir /src # touch /src/data.time # touch /src/sb.lock
If you cannot or do not want to create the tracking files in the root folder, or if you want to use a different file name, follow the preceding steps to create the files in a custom folder. Then, when you run the user_group_sync.sh script, specify the custom folder and file name as the parameter value. For example, if you created a tracking file named usersync.date in the folder /opt/bmc/sync, specify the following parameter and value:Option to specify a custom file name in the -date_file option
To run the user_group_sync.sh
You must rerun the sync after an upgrade. Use the following query to clear the last run timestamp from the tenant database before following the steps mentioned below.
Update myit_sb_TenantConfiguration set UserSyncLastRun=NULL
When you run the script for the first time, the date tracking file will be empty. When the script reads an empty date tracking file, the script will first test that the user exists in the database to avoid creation of duplicate entries.
On the server, go to <installLocation>/artools, as shown in the following example.
# cd /opt/bmc/digitalworkplace/artools
In a text editor, edit the script parameters in angle brackets with values from your system.Example
./user_group_sync.sh -itsm_s <bmc-itsm-server-host> -itsm_u <bmc-itsm-sample-user> -itsm_p <bmc-itsm-sample-password> -itsm_a <bmc-itsm-sample-port> -sb_s <bmc-dwpcatalog-host> -sb_u <bmc-dwpcatalog-user>@<BMC_AR_TENANT_DOMAIN_NAME> -sb_p <bmc-dwpcatalog-password> -sb_a <BMC_AR_PORT> -sb_aw <bmc-dwpcatalog-sample-port> -sb_proto <http|https> -date_file <tracking-file-date> -lock_file <tracking-file-lock> -sb_group_creation <group-option> -skip_disabled <true|false> >> /var/log/sb_user_sync.log
Parameter Placeholder value Description
Specify the Remedy ITSM server host name.
Specify the Remedy ITSM server administrative account name.
Specify the Remedy ITSM server administrative account password.
If the password is blank, escape the quotes (
Specify the Remedy ITSM server default port.
Specify the host name of the BMC Helix Digital Workplace server.
Specify the BMC Digital Workplace Catalog administrative account and tenant domain name.
Specify the BMC Digital Workplace Catalog administrative user account password.
Specify the BMC Digital Workplace Catalog platform port number.
Specify the BMC Digital Workplace Catalog application port.
http | https
Specify HTTP for non SSL, and HTTPS for SSL connections.
The empty file is created upon the first run of the script. It stores the timestamp of the last time the task was run.
The empty file is created upon the first run of the script. It locks the database during the execution.
Specify the preferred group creation method (
c | co | cod), or specify
noneto not create any groups.
trueto import only users in Enabled status,
falseto import all users.
- After you have entered the required values, copy the text into the clipboard.
While in <installLocation>/artools directory, paste the command into your terminal and press Enter to run the command.Example
./user_group_sync.sh -itsm_s bmc-itsm-sample.com -itsm_u Demo -itsm_p \"\" -itsm_a 0 -sb_s bmc-dwpcatalog-sample.com -sb_u email@example.com -sb_p password -sb_a 9988 -sb_aw 8008 -date_file /src/data.time -lock_file /src/sb.lock -sb_group_creation none -skip_disabled true >> /var/log/sb_user_sync.log
The system does not show a visible status as it exports all of the CTM:People user records from Remedy ITSM, and attempts to create new records in BMC Digital Workplace Catalog. Error messages appear on the screen as the script exits.
To check the status of the copy process, open a second terminal window to log in to the same server, and view the following log file: /var/log/sb_user_sync.logExample
tail -f /var/log/sb_user_sync.log
To configure a scheduled task to the run user_group_sync.sh process
You do not need to schedule a cron task if users do not change active status, company, organization, or department frequently. Instead, run the script manually to capture changes to the Remedy ITSM user database.
After the script has run successfully from the command line, add the command to the list of scheduled cron tasks.
Open the crontab editor.
Set the task to run on the required schedule.Example
# Example to run every 15 minutes: */15 * * * * cd /opt/bmc/digitalworkplace/artools && ./user_group_sync.sh -itsm_s bmc-itsm-sample.com -itsm_u Demo -itsm_p \"\" -itsm_a 0 -sb_s bmc-dwpcatalog-sample.com -sb_u firstname.lastname@example.org -sb_p password -sb_a 9988 -sb_aw 8008 -date_file /src/data.time -lock_file /src/sb.lock -sb_group_creation none -skip_disabled true >> /var/log/sb_user_sync.log
Save the crontab file.
To establish the connection between Remedy ITSM and BMC Digital Workplace Catalog
To make the BMC Digital Workplace Catalog options available for Remedy ITSM users, you must configure an appropriate connection:
- In BMC Digital Workplace Catalog, go to Services > Connectors, and open a Remedy connector.
- In the Connection Options panel, enter host, port, user, and password.
- Save the changes.
The connection is established.
To configure the user_group_sync.sh script to run with native SSL
To add the required SSL parameters to the user_group_sync.sh script for preventing errors while running the script with the enabled native SSL, perform the following steps:
Open and edit the user_group_sync.sh script to include the extract below with your own JRE path (if needed) in addition to the keystore path and password as highlighted below:
/opt/jdk1.8.0_121/bin/java -cp dependency/*:com.bmc.myservice.tools-1.0.00-SNAPSHOT.jar -Dsb_base_url="https://$sb_server:$sb_web_port/" -Dtenant_admin_user="$sb_user" -Dtenant_admin_password=$sb_password -Dgroup_format="$group_format" -Dinput_file=People.arx -Djavax.net.ssl.trustStore=/opt/bmc/ARSystem/jetty/etc/keystore -Djavax.net.ssl.trustStorePassword=changeit -Duser_input_file=User.arx com.bmc.myservice.tools.etl.Main
You need to edit only the following two lines:
(Optional) To verify the version of Java, run the following command:
alternatives --config java
The following is the example of the possible output:
1 java-1.7.0-openjdk.x86_64 (/usr/lib/jvm/java-1.7.0-openjdk-188.8.131.52-184.108.40.206.el7_6.x86_64/jre/bin/java) *2 java-1.8.0-openjdk.x86_64 (/usr/lib/jvm/java-1.8.0-openjdk-220.127.116.11.b09-0.el7_6.x86_64/jre/bin/java) +3 /usr/java/jre1.8.0_181-amd64/bin/java ---THIS ONE
The Java version that is being used is displayed in the line that starts with a + symbol.
- Save the changes and close the script.
- Run the script.
Where to go from here
Complete the remaining procedures in Configuring after installation of BMC Digital Workplace Catalog that are required for your deployment scenario, and then perform the procedure described in Integrating Remedy applications with BMC Digital Workplace Catalog