Question
You need to have a batch tool to reassign Web Content Management item-level security settings.
For example: Your LDAP groups were consolidated, which merges multiple groups into a single group. Your Web Content Management (WCM) items are assigned group access, but you need to update thousands of WCM content items, sites, and so on, to accommondate the group changes.
Is there a way to reassign the user or group references assigned to the WCM items to match the user or group reorganization?
Answer
You can use the Memberfixer utility to make these changes. A fix was included in Web Content Management 6.0.1.1 and later that allows you to edit the WCMConfigService.properties file with mappings to your existing DNs.
The member fixer module's "alt_dn" mode now checks for mapped alternate DNs in the WCMConfigServices.properties file before using the configured values in the wpconfig.properties file.
Perform the following steps to map user and group DNs in the WCMConfigServices.properties file before running the member fixer module:
1. Map the user and group DN syntax changes in the
PortalServer\wcm\shared\app\config\wcmservices\WCMConfigServices.properties file like so:
EXISTING_DN_KEY=NEW_DN_SYNTAX
where:
o EXISTING_DN_KEY is the key constructed from the existing DN by replacing all equal sign characters "=" and spaces " " with underscores "_"
o NEW_DN_SYNTAX is the replacement DN syntax.
For example, if you have a user branch with the following DN syntax:
cn=Jane Smith,ou=Portal Users,o=IBM
You construct the EXISTING_DN_KEY by replacing all "=" and " " with "_" in the DN. So in this example the EXISTING_DN_KEY will be:
cn_Jane_Smith,ou_Portal_Users,o_IBM
If you are changing the syntax of this branch to:
cn=Jane Jones,ou=Portal,o=IBM
The NEW_DN_SYNTAX will be the new DN as is.
This gives you the following mapping entry in your WCMConfigServices.properties file like so:
cn_Jane_Smith,ou_Portal_Users,o_IBM=cn=Jane Jones,ou=Portal,o=IBM
You can of course have mapping entries for multiple users that need to explicitly mapped to a new DN
cn_Jane_Smith,ou_Portal_Users,o_IBM=cn=Jane Jones,ou=Portal,o=IBM
cn_Mary_Jane,ou_WCM_Users,o_IBM=cn=Mary Smith,ou=WCM,o=IBM
2. You could then run the member fixer as normal using the alt_dn option:
http://[HOST]:[PORT]/wps/wcm/connect?MOD=MemberFixer&library=[LIBRARY_NAME]&alt_dn=UPDATE&fix=true
Note: For this procedure to work, the LDAP entry for cn=Jane Smith,ou=Portal Users,o=IBM does not exist. This user only exists as seen on the WCM content. If the user actually existed in the LDAP, the Memberfixer would not have been triggered to detect there was any issue.
Important Note: Always backup your system (WCM/Portal Server and WCM/Portal Databases) before running the Memberfixer in fix mode. The Memberfixer when run in a fix mode will update your WCM data; you should have a database backup as a best practice for a backup/recovery plan.