Saturday, April 25, 2009

How to use WCM Memberfixer to replace a non-existent user or group with an existing user or group

You need to have a batch tool to reassign Web Content Management item-level security settings.

For example: Your LDAP groups were consolidated, which merges multiple groups into a single group. Your Web Content Management (WCM) items are assigned group access, but you need to update thousands of WCM content items, sites, and so on, to accommondate the group changes.

Is there a way to reassign the user or group references assigned to the WCM items to match the user or group reorganization?

You can use the Memberfixer utility to make these changes. A fix was included in Web Content Management and later that allows you to edit the file with mappings to your existing DNs.

The member fixer module's "alt_dn" mode now checks for mapped alternate DNs in the file before using the configured values in the file.

Perform the following steps to map user and group DNs in the file before running the member fixer module:

1. Map the user and group DN syntax changes in the
PortalServer\wcm\shared\app\config\wcmservices\ file like so:



o EXISTING_DN_KEY is the key constructed from the existing DN by replacing all equal sign characters "=" and spaces " " with underscores "_"

o NEW_DN_SYNTAX is the replacement DN syntax.

For example, if you have a user branch with the following DN syntax:

cn=Jane Smith,ou=Portal Users,o=IBM

You construct the EXISTING_DN_KEY by replacing all "=" and " " with "_" in the DN. So in this example the EXISTING_DN_KEY will be:


If you are changing the syntax of this branch to:

cn=Jane Jones,ou=Portal,o=IBM

The NEW_DN_SYNTAX will be the new DN as is.

This gives you the following mapping entry in your file like so:

cn_Jane_Smith,ou_Portal_Users,o_IBM=cn=Jane Jones,ou=Portal,o=IBM

You can of course have mapping entries for multiple users that need to explicitly mapped to a new DN

cn_Jane_Smith,ou_Portal_Users,o_IBM=cn=Jane Jones,ou=Portal,o=IBM
cn_Mary_Jane,ou_WCM_Users,o_IBM=cn=Mary Smith,ou=WCM,o=IBM

2. You could then run the member fixer as normal using the alt_dn option:


Note: For this procedure to work, the LDAP entry for cn=Jane Smith,ou=Portal Users,o=IBM does not exist. This user only exists as seen on the WCM content. If the user actually existed in the LDAP, the Memberfixer would not have been triggered to detect there was any issue.

Important Note: Always backup your system (WCM/Portal Server and WCM/Portal Databases) before running the Memberfixer in fix mode. The Memberfixer when run in a fix mode will update your WCM data; you should have a database backup as a best practice for a backup/recovery plan.