Profiles not marked as inactive with two TDI configurations

When you work with two TDI configurations, which is a very common scenario
in a setup where you also have external users, it could occur that profiles
aren’t marked as inactive anymore. Even if the account of the user
is deleted from the LDAP directory.

This could be caused by the facts that:

1. you work with two TDI configurations which requires a specific setup for
both TDI configs. This prevents that the one TDI sync process marks all the
profiles provided by the other TDI solution as inactive and visa versa.

These are the settings for profiles-tdi.properties
sync_store_source_url=true
sync_source_url_enforce=true
sync_source_url_override=true

2, in the situation that the LDAP filter or the LDAP host is changed
after the user profiles where populated.

 

In order to prevent this you should come up with a LDAP filter to rule theme all
and stick to it or update the PROF_SOURCE_URL column for all profiles to
keep it “synced” with the current LDAP host and LDAP filter in use by the TDI
configs.

The PROF_SOURCE_URL is built as follows from the following
profiles-tdi.properties values.

source_ldap_url + ‘/’ + source_ldap_search_base + ‘?’ source_ldap_search_filter

lead21-long-term-2011-vw-jetta-tdi

 

 

 

 

 

 

To make difference between the Profiles that are internal and external you can
use the PROF_MODE column. If it is set to 1 it indicates an external user profile
and 0 is for an internal user profile.

update EMPINST.EMPLOYEE
set PROF_SOURCE_URL='ldap://lcalhost:389/dc=base,dc=com?(objectClass=person)'
WHERE PROF_MODE=0;

Credits for this fix go to my colleague Remco.

 

 

 

This entry was posted in ibm connections and tagged , , . Bookmark the permalink.

One Response to Profiles not marked as inactive with two TDI configurations

  1. Sander says:

    Thank you for your very useful information and for sharing your knowledge!

Leave a Reply

Your email address will not be published. Required fields are marked *

Please leave these two fields as-is:

Protected by Invisible Defender. Showed 403 to 807,320 bad guys.