Synchronizing group membership by groups
The syncGroupMembershipForGroups and syncGroupMembershipForAllGroups commands trigger synchronization of group membership by groups between the WebSphere Application Server user registry and the IBM® BPM database.
To synchronize group membership by groups, use the following commands, which are located in the profile_root/bin directory, and are available for both Windows and Linux environments:
- syncGroupMembershipForGroups.[bat|sh] [options...] groupName1 groupName2 ... groupNameN
- Synchronizes group membership for the resolved (direct and indirect) user members of a set of specified groups
groupNameN is a list of group names the members of which are to be updated for membership.
- syncGroupMembershipForAllGroups.[bat|sh] [options...]
- Synchronizes group membership for the user members of all available groups
- -?, -help
- Displays the syntax of the command
- -u <username>, -username <username>
- The name of the admin user
- -p <password>, -password <password>
- The password of the user (unencrypted)
- -host <host>
- The host name of the AppTarget cluster member on which the admin task should be executed (must be used with port)
- -port <port>
- The SOAP port of the AppTarget cluster member on which the admin task should be executed
The output of the command indicates the number of synchronized groups.
- The group is not available in the user registry
- The group has a short name that occurs more than once in the user registry
- The group is already defined with the same short name in IBM BPM as a non-security group (that is, a group created using the Process Admin Console)
If federated repositories are not configured for Websphere security, the Websphere user registry interface is used for execution.
If federated repositories are configured for WebSphere Application Server security, the Virtual Member Manager (VMM) of the Websphere module is accessed directly, which results in significantly better performance. Because of this, consider employing federated repositories.
If federated repositories are configured and VMM is used along with Lightweight Directory Access Protocol (LDAP) directories, apply the configuration described in Configuring VMM and IBM Business Process Manager for optimized group membership synchronization for VMM and IBM BPM, respectively.