Auto update of user properties in ALM whenever there is domain authentication value change in AD

Question ID: 109541
0
0

Hi,

As of now  , due to users organizational role change,if there is any change in users  domain authentication string value in AD, that change is not reflecting for that user in ALM.

In ALM , user is still having old domain authentication value.

Due to this, user is facing login issue and we are fixing it  manually by updating new domain authentication value in ALM.

We have ldap_user_search_criteria parameter setup in site configuration it’s value is name,email,phonenumber,description.

Please advise on how to automatically update domain authentication value without any manual intervention.

Regards,Srihari 

Marked as spam
Posted by (Questions: 25, Answers: 20)
Asked on May 11, 2020 6:28 pm
10 views
Answers
1
Private answer

Based on the "normal" ALM workflow "methods" (like bug_move_to, Bug_new), they are all "event-driven".
These two "methods" for example will execute when you create a new defect or "move to" an existing one in the grid.
-- BUT a user needs to do something interactively for them to "fire".  In your case, this would need to be executed on an interval.

The USER information is stored and accessed from the Site Administrator API (can be accessed via COM in 11-12.60 and 15.00 and additionally REST with 15.01). It is possible to call on this API from the workflow scripts, but what you need is to run a script from OUTSIDE QC/ALM, perhaps scheduled as a "chron-job" to execute on an interval like once a week. Your logic could use some AD/LDAP check for updates then re-populate the "DN" field for various users with the updated DN/distinguished name AD identifier corresponding to their DN/LDAP userID.
Check these methods:
GetUser
SetUserProperty - it allows you to update the SA_USER_DOM_AUTH property for an existing user based on knowing the USERNAME

The script would likely need to be executable VB (compiled) or VB-script or other scripting language.

Examples in the API guide are mostly VB/VBA, and some C++ (btw, there is a NEW REST API for the Site Admin API as well as the "old" OTA API in QC/ALM version 15.01). Look at the most used OTA (open test architecture) section which covers the more common activites like working with defects.  This link is for API refrences for 12.55 (version can be selected at upper left).

https://admhelp.microfocus.com/alm/en/12.55/online_help/Content/api_guides_main_page.htm

Also, since the DN is stored for each USER in the USERS table of qcsiteadmin, you *could* also possible accomplish the same by updating a particular user's DN string directly in the database with SQL.

OF COURSE, these solutions should be tested in a TEST instance of ALM/QC first!
BULK Direct edits of records in the database are not generally recommended/supported, but if you are careful (backup qcsiteadmin database/schema prior to edits in case something goes wrong), it may work for you.

Marked as spam
Posted by (Questions: 3, Answers: 448)
Answered on May 12, 2020 1:19 pm
Dear pt-barnum Thanks a lot for your answer!! From your explanation, I understood the approach that have to be followed to handle the users domain authentication change in ALM via API and DB update. One last clarification, can’t the domain authentication update be performed via any existing site administration parameter like LDAP_USER_SEARCH_CRITERIA or any other ALM application OOB available feature. Did any of the existing customers raise an enhancement request in ALM application for fixing this synchronization issue. Please advise. Regards,Srihari
( at May 12, 2020 3:29 pm)