In this case, synchronization is manually executed by Super Administrator. To synchronize, log into
TIBCO MFT Command Center or
TIBCO MFT Internet Server Administratior web page and go to the
Administration > LDAP Sync page. This form gives two options for synchronizing. The administrator can sync a single user or all users across all active authenticators or a selected group of authenticators.
To synchronize a particular user, Click
Sync User, enter the user ID of the user that you want to sync and then click
Sync.
Sync All Users in These Autheticators
To synchronize all users and all roles for the defined authenticators, click
Sync All Users in These Authenticators. By selecting
All, all users in all authenticators will be synced. Alternatively, you can select a single authenticator by clicking that authenticator. You can also select multiple authenticators. Any users defined to LDAP but not to Internet Server will be added to Internet Server. Any user defined to Internet Server but not to LDAP will be disabled. Any user whose LDAP attributes are different than the database attributes, will be synchronized. Additionally, Internet Server will check all Internet Server roles defined to LDAP to ensure that they are synchronized with the Internet Server rights.
Note: This option can take a few minutes to complete when a large number of users are defined by the LDAP authenticators.
When you have selected the action that you want to perform, click
Sync to start the synchronization process.
Note: The synchronization options can take a few minutes to complete. Do not click
Sync until the previous sync has completed.
The total amount of LDAP users and rights (if enabled) synchronized will be displayed at the top of the page.
Note: If an error occurs for one user, the sync will continue on to the next user.
When you have synchronized the LDAP users, the administrator can go to the
Manage Users page where they will see the new LDAP users added to the system. The following figure shows two LDAP users added to the system:
Note: When LDAP user IDs are synchronized,, they will be represented in the MFT database in the format of
AuthenticatorName-userid. End users will not need the authenticator name to login to the system. For example, John Doe (jdoe) would login with jdoe and not AD162-jdoe.
The new users synchronized can now login to MFT using several different user Id options. For example, jdoe and QA\jdoe, which is using the LDAP domain.
Note: If an end user has the same LDAP user ID in multiple domains that will be synchronized, the end user needs to always login with the specific domain\user ID that they want to connect with.
Copyright © 2021. Cloud Software Group, Inc. All Rights Reserved.
