Manual Sync

You can perform a manual synchronization through the LDAP Sync page which can be accessed by clicking Administration > LDAP Sync to synchronize a single user or all LDAP users.

Note: To perform manual synchronization, you must be a super administrator.

To perform the synchronization, log into TIBCO MFT Command Center or TIBCO MFT Internet Server Administrator web pages and click Administration > LDAP Sync. On the LDAP Sync page, you can synchronize a single user or all users across all active authenticators or a selected group of authenticators.

The following figures show a sample manual synchronization:

To synchronize a single user, click the Sync User radio button, type in the user ID that you want to synchronize with in the UserId field, and then click Sync.

To synchronize all users, click the Sync All Users in These Authenticators radio button. All users and all roles for the defined authenticators will be synchronized. By selecting the default value of All, all users in all authenticators will be synchronized. Alternatively, you can select a single authenticator by clicking that authenticator. You can select multiple authenticators by pressing CTRL and clicking the authenticators. Any users defined to LDAP but not to TIBCO MFT Internet Server will be added to TIBCO MFT Internet Server. Any user defined to TIBCO MFT Internet Server but not to LDAP will be disabled. Any user whose LDAP attributes are different than the database attributes, will be synchronized. Additionally, TIBCO MFT Internet Server checks all Internet Server roles defined to LDAP to insure that they are synchronized with the Internet Server rights. When you synchronize all users, the synchronization can take a few minutes to complete when a large number of users are defined by the LDAP authenticators.

After you have selected the action that you want to perform, click Sync to start the synchronization process. The synchronization options can take a few minutes to complete. During the synchronization process, do not click the Sync button until the previous synchronization is completed.

The total amount of LDAP users and rights (if enabled) synchronized are displayed at the top of the screen. If an error occurs for one user, the synchronization continues on to the next user.

After you synchronize the LDAP users, you can see the new LDAP users added to the system on the Manage Users page which can be accessed by clicking Users > Manage Users. The following figure shows the two LDAP users added to the system:

When LDAP user IDs are synchronized, they are represented in the MFT database in the format of xxxxx-userid; where, xxxxx is the authenticator name. End users do not need this portion of the user ID to log into the system. For example, John Doe (jdoe) logs into the system with jdoe instead of AD162-jdoe.

The new users synchronized can now log into MFT using several different user ID options. John Doe from the example above can log into the system using the following user IDs:
  • jdoe
  • QA\jdoe: uses the LDAP domain.
Note: If an end user has the same LDAP user ID in multiple domains that will be synchronized, the end user must always log into the system with the specific domain and user ID to be connected with.