Author Topic: CMOD 10.1.0.4 LDAP Synch  (Read 1805 times)

SacramentoUser

  • Guest
CMOD 10.1.0.4 LDAP Synch
« on: October 24, 2019, 04:36:30 PM »
Hey all,

We are implementing LDAP synch,ARSLSYNC, that will synch users and groups from Active Directory.  We are multi-platform Linux.

So far so good until today, users previously defined in CMOD with individual user query restrictions can now see the entire report versus the pages they are limited to view.

How is that supposed to work?  The group has permissions to view the application group and folder. The queries are at the user level.  My users are seeing the whole report.

If anyone can point me in the right direction to resolve this...I'll bake you cookies!!

Thanks.

Justin Derrick

  • IBM Content Manager OnDemand Consultant
  • Administrator
  • Hero Member
  • *****
  • Posts: 2228
  • CMOD Guru for hire...
    • View Profile
    • Tenacious Consulting
Re: CMOD 10.1.0.4 LDAP Synch
« Reply #1 on: October 24, 2019, 05:35:03 PM »
I suspect you'll need to create a new group that includes a query restriction under the Application Group Permissions tab, and remove their individual access rights to that App Group.  Otherwise, it does sound like a bug, and should probably be reported to IBM as a PMR.

-JD.
IBM CMOD Professional Services: http://TenaciousConsulting.com
Call:  +1-866-533-7742  or  eMail:  jd@justinderrick.com
IBM CMOD Wiki:  https://CMOD.wiki/
FREE IBM CMOD Education & Webinars:  https://CMOD.Training/

Interests: #AIX #Linux #Multiplatforms #DB2 #TSM #SP #Performance #Security #Audits #Customizing #Availability #HA #DR

rjrussel

  • Full Member
  • ***
  • Posts: 137
    • View Profile
Re: CMOD 10.1.0.4 LDAP Synch
« Reply #2 on: October 25, 2019, 06:51:51 AM »
Sounds like permissions may have changed for the user by some other process. ARSLSYNC doesn't assign permissions it just creates users, groups and assigns group membership. I would look in the system log for message 36 to see if there are any user updates after the fact.

Thanks,
Rob

SacramentoUser

  • Guest
Re: CMOD 10.1.0.4 LDAP Synch
« Reply #3 on: October 25, 2019, 01:13:51 PM »
Thanks D and R.

R - I checked the 36 message and the only changes were some I had made to accommodate the password case sensitivity. 

It looks to me like the queries at the user level are just being ignored.  We had to cancel our implementation until we can resolve this issue.  :(

rjrussel

  • Full Member
  • ***
  • Posts: 137
    • View Profile
Re: CMOD 10.1.0.4 LDAP Synch
« Reply #4 on: October 25, 2019, 02:26:11 PM »
Sorry about that. Sounds like the process of applying the query restrictions/permissions isn't quite correct. ARSLYNC doesn't do that part.