LDAP synchronization

The batch file y-ldapsync.bat can be used to synchronize the ARIS Administration with LDAP. Enter the tool name followed by /? or -? to see the usage instructions, for example y-ldapsync.bat -?.

You must redirect, redirect the ports in case of a Linux operating system.

Procedure

  1. Open a command prompt (Start > Run > cmd).

  2. Enter y-ldapsync.bat -s <http://host_url:<port number other than default port 80 or 1080, 1080>> -t <tenant name> <command> -u <user name> -p <password>

Users are synchronized or imported from an LDAP system.

General usage

Options

Description

-?, -h, --help

Show help

-u

User name of the relevant user.

-p

Password of the relevant user.

-f

LDAP search filter

-s, --server

URL of the server, for example, http://my_host_url:<port number other than default port 80 or 1080, 1080>

-t, --tenant

Tenant name

Default: default

Commands

Description

importUsers

Imports users from an LDAP system, the spelling is case sensitive.

* -f, --filter

Search filter for LDAP as defined in RFC 2254, for example, '(cn=*)'. The filter will be combined with the configured import filters.

-p, --password

Password of the executor

Default: superuser

-u, --user

User name of the executor

Default: superuser

importGroups

Imports a hierarchy from an LDAP system, the spelling is case sensitive.

* -f, --filter

Search filter for LDAP as defined in RFC 2254, for example, '(cn=*)'. The filter will be combined with the configured import filters.

-p, --password

Password of the executor

Default: superuser

-u, --user

User name of the executor

Default: superuser

removeUserAttribute

Deletes an attribute of a user in the ARIS Administration.

-au,--affectedUser

User name of affected user

-aa,-affectedAttribute

Attribute of affected user

syncUser

Synchronizes a specific existing user with an LDAP system, the spelling is case sensitive.

syncUsers

Synchronizes existing users with an LDAP system, the spelling is case sensitive.

* -au, --affectedUser

User name of affected user

-p, --password

Password of the executor

Default: superuser

-u, --user

User name of the executor

Default: superuser

syncGroup

Synchronizes a specific existing group with an LDAP system, the spelling is case sensitive.

* -ag, --affectedGroup

Name of the affected user group

-p, --password

Password of the executor

Default: superuser

-u, --user

User name of the executor

Default: superuser

syncGroups

Synchronizes existing groups with an LDAP system, the spelling is case sensitive.

-p, --password

Password of the executor

Default: superuser

-u, --user

User name of the executor

Default: superuser

Example 1

y-ldapsync.bat -s http://my_aris_host.com -t default importUsers -u system -p manager -f (cn=userID)

[CLI] Setting verbosity level... [VALUE: 0=OFF]

[CLI] Importing users... [TENANT: 30ff3081-aa9e-33e7-a7d7-5f9d00ae89ee, FILTER: (cn=userID)]

[CLI] Users successfully imported. [TENANT: 30ff3081-aa9e-33e7-a7d7-5f9d00ae89ee, COUNT: 1]

[CLI] CN=myuser,OU=Users,DC=mydomain

Example 2

Import all users from an LDAP system.

y-ldapsync.bat -s http://my_aris_host.com:81 -t default importUsers -u system -p manager -f (cn=*)