Copying users from Remedy ITSM into BMC Digital Workplace Catalog
For each BMC Digital Workplace self-service user who requires access to view and request services from the catalog, a user account that shares the same credentials must exist in the BMC Digital Workplace Catalog database. A server system administrator can add multiple user accounts by running the user_group_sync.sh script to copy information from the Remedy IT Service Management server that hosts the accounts that BMC Digital Workplace uses.
Before you begin
- Make sure you have set the Oracle JDK or OpenJDK home path. Specify the name of the Java home folder. For more information on other installation parameters, see BMC Digital Workplace Catalog installation parameter reference.
- Complete the tasks in Configuring BMC Remedy Single Sign-On integration for BMC Digital Workplace Catalog.
- Complete the tasks in Performing the BMC Digital Workplace Catalog installation.
- Make sure you can log in to the application server and run scripts in the installLocation folder.
Example: /opt/bmc/digitalworkplace
Details about the user_group_sync.sh script
The user_group_sync.sh script is inside the <installLocation>/artools folder. You can run the script from the command line, with options for setting the source and target databases.
After the first time you configure and run the process, you can set up a cron job to run the task automatically at specific times.
The copy process runs in a single direction from Remedy ITSM to BMC Digital Workplace Catalog. Also, the script only adds users; it does not delete users.
If many users exist in the Remedy ITSM database, the first time the user copy task is run, it might take a long time to complete. In the future, the process should take less time to complete because less data should be transferred.
User information
The script copies the information from the following fields in the User table:
- Full name
- Login name
These fields are required to request catalog services. For security reasons, when the script copies user information, the process does not transfer the passwords. Remedy Single Sign-On must be configured for authentication to enable self-service users to have the appropriate access to view and request services.
User entitlement groups
Import the users from Remedy ITSM as individual users, and create virtual marketplaces by using custom filters that read the user's information from the connected Remedy system. For more information, see Creating virtual marketplace entitlements.
To prepare the Remedy ITSM user sync utility
- As a Demo user, log in to the BMC Remedy Mid Tier configured for BMC Digital Workplace Catalog.
- In the left navigation panel, select AR System Administration > AR System Administration Console.
- Select System>General> Centralized Configuration.
- Click the Component Name field, and select arsys.server.shared.
- Change the value for Crossref-Blank-Password to T.
If the value is absent, click Add, and create a new one. - Click Apply.
- Restart the dwpcontroller.
Users may not need to configure a separate Mid Tier for BMC Digital Workplace Catalog. Instead, they can configure the ar.conf file located on the BMC Digital Workplace Catalog AR System server:
- In the ar.conf file, add
Crossref-Blank-Password: T External-Authentication-RPC-Socket: 390695 Authentication-Chaining-Mode: 1 External-Authentication-Sync-Timeout: 0
- Save the file.
- Restart the dwpcontroller.
To run the user_group_sync.sh
Tip
If you are upgrading from version 19.08 or earlier, you must rerun the sync after completing the upgrade. Use the following query to clear the last run timestamp from the tenant database before following the steps mentioned below.
Update myit_sb_TenantConfiguration set UserSyncLastRun=NULL
On the server, go to <installLocation>/artools, as shown in the following example.
Example# cd /opt/bmc/digitalworkplace/artools
In a text editor, edit the script parameters in angle brackets with values from your system.
Example./user_group_sync.sh -itsm_s <bmc-itsm-server-host> -itsm_u <bmc-itsm-sample-user> -itsm_p <bmc-itsm-sample-password> -itsm_a <bmc-itsm-sample-port> -sb_s <bmc-dwpcatalog-host> -sb_u <bmc-dwpcatalog-user>@<BMC_AR_TENANT_DOMAIN_NAME> -sb_p <bmc-dwpcatalog-password> -sb_a <BMC_AR_PORT> -sb_aw <bmc-dwpcatalog-sample-port> -sb_proto <http|https> -sb_group_creation <group-option> -skip_disabled <true|false> >> /var/log/sb_user_sync.log
Parameter Placeholder value Description itsm_s
bmc-itsm-server-host
Specify the Remedy ITSM server host name. itsm_u
bmc-itsm-sample-user
Specify the Remedy ITSM server administrative account name. itsm_p
bmc-itsm-sample-password
Specify the Remedy ITSM server administrative account password.
If the password is blank, escape the quotes (\"\"
).itsm_a
bmc-itsm-sample-port
Specify the Remedy ITSM server default port. sb_s
bmc-dwpcatalog-host
Specify the host name of the BMC Helix Digital Workplace server.
sb_u
bmc-dwpcatalog-user@BMC_AR_TENANT_DOMAIN_NAME
Specify the BMC Digital Workplace Catalog administrative account and tenant domain name.
sb_p
bmc-dwpcatalog-password
Specify the BMC Digital Workplace Catalog administrative user account password.
sb_a
BMC_AR_PORT
Specify the BMC Digital Workplace Catalog platform port number.
sb_aw
bmc-dwpcatalog-sample-port
Specify the BMC Digital Workplace Catalog application port.
sb_proto
http | https
Specify HTTP for non SSL, and HTTPS for SSL connections. sb_group_creation
group-option
Specify the preferred group creation method ( c | co | cod
), or specifynone
to not create any groups.skip_disabled
true|false
Specify true
to import only users in Enabled status,false
to import all users.ts_path
/opt/certs/catalog.jks
Specify the location of the keystore for your application server's certificate. ts_password
password
Specify the password to access the keystore of your application server's certificate.
- After you have entered the required values, copy the text into the clipboard.
While in <installLocation>/artools directory, paste the command into your terminal and press Enter to run the command.
Example./user_group_sync.sh -itsm_s bmc-itsm-sample.com -itsm_u Demo -itsm_p \"\" -itsm_a 0 -sb_s bmc-dwpcatalog-sample.com -sb_u hannah_admin@calbroservices.com -sb_p password -sb_a 9988 -sb_aw 8008 -sb_group_creation none -skip_disabled true >> /var/log/sb_user_sync.log
Important
If you are running the user sync on an application which has SSL configured, add the
-ts_path
and-ts_password
parameters to the command.
The system does not show a visible status as it exports all of the CTM:People user records from Remedy ITSM, and attempts to create new records in BMC Digital Workplace Catalog. Error messages appear on the screen as the script exits.To check the status of the copy process, open a second terminal window to log in to the same server, and view the following log file: /var/log/sb_user_sync.log
Exampletail -f /var/log/sb_user_sync.log
To configure a scheduled task to the run user_group_sync.sh process
Tip
You do not need to schedule a cron task if users do not change active status, company, organization, or department frequently. Instead, run the script manually to capture changes to the Remedy ITSM user database.
After the script has run successfully from the command line, add the command to the list of scheduled cron tasks.
Open the crontab editor.
Set the task to run on the required schedule.
Example# Example to run every 15 minutes: */15 * * * * cd /opt/bmc/digitalworkplace/artools && ./user_group_sync.sh -itsm_s bmc-itsm-sample.com -itsm_u Demo -itsm_p \"\" -itsm_a 0 -sb_s bmc-dwpcatalog-sample.com -sb_u hannah_admin@calbroservices.com -sb_p password -sb_a 9988 -sb_aw 8008 -sb_group_creation none -skip_disabled true >> /var/log/sb_user_sync.log
Save the crontab file.
To establish the connection between Remedy ITSM and BMC Digital Workplace Catalog
To make the BMC Digital Workplace Catalog options available for Remedy ITSM users, you must configure an appropriate connection:
- In BMC Digital Workplace Catalog, go to Services > Connectors, and open a Remedy connector.
- In the Connection Options panel, enter host, port, user, and password.
- Save the changes.
The connection is established.
Where to go from here
Complete the remaining procedures in Configuring after installation of BMC Digital Workplace Catalog that are required for your deployment scenario, and then perform the procedure described in Integrating Remedy applications with BMC Digital Workplace Catalog
Comments
Hello,
its mentioned that the script only adds users. Is there an elegant way to delete users? And how we can prevent certain users from being copied?
Many Thanks
Thanks for your comment, Joel.
We need some additional details to be able to answer your question. Do you want to only delete users from BMC Digital Workplace? Also, what kind of users do you want to prevent from being copied?
If you haven't already seen this topic, please see Creating and managing users.
Thanks,
Ravee
It appears that the "-lock_file" option is ignored or is no longer valid in 20.02? I just upgraded from 19.05 and having that in my command line caused issues. Its not in the list of parameters displayed in the help text displayed on the server and looking through the script, it is ignored and not used. Perhaps remove it from the docs above, or at least make mention for folks that are upgrading that it is no longer used and should be removed from any scheduled cronjobs.
Thanks for your comment, Thad.
You are right about the option not being available for version 20.02, I will update the documentation to remove it.
Thanks,
Ravee
It should be noted that the 'user_group_sync.sh' script has changed in 20.02. It appears to no longer take the '-sb_group_creation' option (or at least won't accept an argument of "none") and the '-skip_disabled' no longer accepts a "true"/"false" argument. Anyone upgrading from a previous version that has a cron job set up automatically sync ITSM users into DWP Catalog will start to experience sync errors because of these changes. Also, the "./user_group_sync.sh ..." examples provided above do not work for v20.02.
Thanks for your comment, Ezra Wise.
The -date_file and -lock_file parameters were removed in version 20.02, however, the -sb_group_creation has not changed. If you have upgraded from a previous version and need to rerun the sync, please try using this query to clear the last run timestamp first →
Update myit_sb_TenantConfiguration set UserSyncLastRun=NULL
Thanks,
Ravee
Thank you for confirming, Ravee. Because I was still using the -lock_file parameter and the -sb_group_creation and -skip_disabled parameters both followed it in my command, I suspect that is why it was complaining about those arguments. Funny that it did not, however, show any errors with the -lock_file parameter, itself. I will adjust my command accordingly.
Thanks for confirming, Ezra Wise.
Hi,
This statement "When the script reads an empty date tracking file, the script will first test that the user exists in the database to avoid creation of duplicate entries."
Please provide the location of this date tracking file as this directory /opt/bmc/sync does not seem to exist in 20.02.
Thanks.
Thanks for your comment Conrad Pereira.
The -date_file and -lock_file parameters were removed in version 20.02 - I will check if that impacts the date tracking file and get back to you.
Thanks,
Ravee
Thanks for your patience, Conrad Pereira. As mentioned earlier the parameters were removed and so were the files. All these settings are now in the database.
Thanks,
Ravee
Could you elaborate on this Tip: "You do not need to schedule a cron task if users do not change active status, company, organization, or department frequently. Instead, run the script manually to capture changes to the Remedy ITSM user database."
As I understood from this article, DWPC Database only stores Full name, Login name, Email of each user and the rest is validated against each user's values on CTM:People form. Is that correct?
Thanks for your comment, Jan. The tip refers to the user_group_sync.sh script. You are right about all the information not being copied to the DWP database, , however it is leveraged while creating entitlement groups as outlined in the User entitlement groups section above.
The cronjob doesn't work like this cause user_group_sync.sh needs JAVA_HOME to be set.
Thanks for your comment, Andreas Petraschke . It is mentioned as the first requirement under Before you begin.
Hi team BMC,
How can i sync passwords betwen Remedy and/to DWP Catalog ?
We are working in 20.02 version.
Regards Daniel Sosa
Hi Jose. Please see the User information section in this document: you cannot transfer the users' passwords. You can only copy the admin's password (see To run the user_group_sync.sh).
Hello BMC-Team,
How i can delete users in DWP Catalogue? Version 20.02
Hello Daniel Eggert
Thank you for your query. Let me check with the R&D team and get back to you.
Thanks,
Meenal
Hi Daniel Eggert,
You should disable the user (make the user disabled) in CTM:People. Then, use the user sync utility to update the status of the user in the Catalog.
You can also delete or edit a user by accessing the Catalog AR server from the User tool (or mid-tier) and make the necessary change through the user form.
Thanks,
Meenal
if the Username was changed and synched in the Catalog, than there are 2 Records for 1 User. This Article https://docs.bmc.com/docs/ars2002/creating-and-managing-users-909635189.html#Creatingandmanagingusers-Todeleteusers, not really helps.
Is there a way to delete Users directly in the Catalogue?
Hello Daniel Eggert
Thank you for your query. Let me check with the R&D team and get back to you.
Thanks,
Meenal
Hi Daniel Eggert,
The BMC Helix Digital Workplace Customer Support team can help you with this issue. To contact Customer Support, click here.
Thanks,
Meenal
Log in or register to comment.