Author Topic: Duplicating users  (Read 1927 times)

DDP021

  • Sr. Member
  • ****
  • Posts: 343
    • View Profile
Duplicating users
« on: August 23, 2021, 09:35:03 AM »
Not sure if this is the correct forum....But here's our issue...

Currently we are using mainframe RACF password authentication for users to access CMOD. (Too long to type WHY this was done years ago by IBM)

In any event we are moving to a new server at our corporation and need to convert ALL user ids that are currently just defined in RACF to their LDAP user id.  This is approx. 800 users.

We are told we need to MANUALLY do this by bringing up their existing "old" RACF mainframe id and doing a COPY and adding their LDAP user id via the ADMINSTATOR session.  That way the keep all their current access that's now in place.

The issue we foresee is if more than one person attempts to do a copy at the same time, we will received the dreaded, "User id or UID already exists"  In this case it would be the UID because it appears if 2 people are attempting to add a new user at the same time, it tries to use the same UID number and this is the error you receive.

Does anyone know how to avoid this from happening so more than one person can be adding users at one time?

Appreciate any help or direction.

Darrell Bryant

  • Full Member
  • ***
  • Posts: 104
  • Sed fugit interea fugit inreparabile tempus-Virgil
    • View Profile
Re: Duplicating users
« Reply #1 on: August 23, 2021, 10:53:00 AM »
You might give each person adding users a range of UIDs to specify. UIDs do not have to be consecutive. Give one person 1000 thru 1399 and another 1400 thru 1799, for example.
 
#IBMi #iSeries #PDF #XML #400 Indexer #ASM

Greg Ira

  • Full Member
  • ***
  • Posts: 240
    • View Profile
Re: Duplicating users
« Reply #2 on: August 26, 2021, 08:15:16 AM »
Can't do it by ARSXML?  That's what I'd normally do.  The concept of adding 800 users manually is painful to me.

DDP021

  • Sr. Member
  • ****
  • Posts: 343
    • View Profile
Re: Duplicating users
« Reply #3 on: August 26, 2021, 08:21:41 AM »
Greg if possible above my pay grade!!! haha...

And of course our main go to guy for this kind of question is no longer working for the group who would know...Unfortunately everything is going to offshore support.....

Darrell Bryant

  • Full Member
  • ***
  • Posts: 104
  • Sed fugit interea fugit inreparabile tempus-Virgil
    • View Profile
Re: Duplicating users
« Reply #4 on: August 26, 2021, 08:42:11 AM »
The problem with arsxml, as I see it, is that the new LDAP users need to have the same permissions as the old RACF users. I tested exporting users using arsxml, and the only permissions exported are to the user itself, not the Application Group and Folder permissions.  Without the Application Group and Folder permissions, adding users using arsxml does not appear to meet the requirements.
#IBMi #iSeries #PDF #XML #400 Indexer #ASM

DDP021

  • Sr. Member
  • ****
  • Posts: 343
    • View Profile
Re: Duplicating users
« Reply #5 on: August 26, 2021, 09:00:02 AM »
Darrell,  yep, if the group access isn't copied over does us no good....Hence doing a manual copy from existing id so we can copy the existing access over to the new LDAP user id.  We can have 4 of us doing it but the issue was doing that way running into existing UID error.  But of we manually assign the UID when adding and assign unique ones so there are no dups, we can do it that way....Just not a fan of doing anything manually if at all possible.