OnDemand User Group

Support Forums => Windows Client => : DDP021 August 23, 2021, 09:35:03 AM

: Duplicating users
: DDP021 August 23, 2021, 09:35:03 AM
Not sure if this is the correct forum....But here's our issue...

Currently we are using mainframe RACF password authentication for users to access CMOD. (Too long to type WHY this was done years ago by IBM)

In any event we are moving to a new server at our corporation and need to convert ALL user ids that are currently just defined in RACF to their LDAP user id.  This is approx. 800 users.

We are told we need to MANUALLY do this by bringing up their existing "old" RACF mainframe id and doing a COPY and adding their LDAP user id via the ADMINSTATOR session.  That way the keep all their current access that's now in place.

The issue we foresee is if more than one person attempts to do a copy at the same time, we will received the dreaded, "User id or UID already exists"  In this case it would be the UID because it appears if 2 people are attempting to add a new user at the same time, it tries to use the same UID number and this is the error you receive.

Does anyone know how to avoid this from happening so more than one person can be adding users at one time?

Appreciate any help or direction.
: Re: Duplicating users
: Darrell Bryant August 23, 2021, 10:53:00 AM
You might give each person adding users a range of UIDs to specify. UIDs do not have to be consecutive. Give one person 1000 thru 1399 and another 1400 thru 1799, for example.
 
: Re: Duplicating users
: Greg Ira August 26, 2021, 08:15:16 AM
Can't do it by ARSXML?  That's what I'd normally do.  The concept of adding 800 users manually is painful to me.
: Re: Duplicating users
: DDP021 August 26, 2021, 08:21:41 AM
Greg if possible above my pay grade!!! haha...

And of course our main go to guy for this kind of question is no longer working for the group who would know...Unfortunately everything is going to offshore support.....
: Re: Duplicating users
: Darrell Bryant August 26, 2021, 08:42:11 AM
The problem with arsxml, as I see it, is that the new LDAP users need to have the same permissions as the old RACF users. I tested exporting users using arsxml, and the only permissions exported are to the user itself, not the Application Group and Folder permissions.  Without the Application Group and Folder permissions, adding users using arsxml does not appear to meet the requirements.
: Re: Duplicating users
: DDP021 August 26, 2021, 09:00:02 AM
Darrell,  yep, if the group access isn't copied over does us no good....Hence doing a manual copy from existing id so we can copy the existing access over to the new LDAP user id.  We can have 4 of us doing it but the issue was doing that way running into existing UID error.  But of we manually assign the UID when adding and assign unique ones so there are no dups, we can do it that way....Just not a fan of doing anything manually if at all possible.