If I am using a Federated Repository and imported full-users, how can I change these users to become basic users?
If I am using a Federated Repository and imported basic-users, and now I need to change these users to full-users what should I do?

If I have multiple Repositories, I believe it is not an option to delete all users and import them all over again. Even making a back up, deleting the ones I need from the ldif file, and restoring the backup again, and the importing the users (basic or full) from the Federated repository is also not a good option!

Basically I would like to know if there is a simple process to do this!

------------------------------
Joao Goncalves
Pyxis, Lda.
Sintra
+351 91 721 4994
------------------------------

Hi Joao,

A "full" user (a user that has been imported to ISAM) has two LDAP entries:
  1. the inetorgperson object (which contains public user information including password).  Could be in any directory.
  2. the secUser object (which is private ISAM entry under cn=users,secAuthority=Default).  Always in primary directory.

A "basic" user has only the inetorgperson entry.
----

If you have a "basic" user, you can convert it to a full user by performing an "user import" operation.  This will create the secUser object for the user.

If you have a "full" user, you can convert it to a basic user by performing a "user delete" operation.  This will delete the secUser object for the user but, by default, will NOT delete the inetorgperson entry.   (to fully delete a "full" user you can to use the "user delete -registry" operation instead).

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM
------------------------------

Original Message:
Sent: Mon October 12, 2020 06:41 AM
From: Joao Goncalves
Subject: Switch from Basic to Full users and vice-versa

If I am using a Federated Repository and imported full-users, how can I change these users to become basic users?
If I am using a Federated Repository and imported basic-users, and now I need to change these users to full-users what should I do?

If I have multiple Repositories, I believe it is not an option to delete all users and import them all over again. Even making a back up, deleting the ones I need from the ldif file, and restoring the backup again, and the importing the users (basic or full) from the Federated repository is also not a good option!

Basically I would like to know if there is a simple process to do this!

------------------------------
Joao Goncalves
Pyxis, Lda.
Sintra
+351 91 721 4994
------------------------------

Thanks for the information, but I have a additional questions:

• I am using a local directory (but even if I used a remote one, the problem would be the same). When I click "User Import" do you mean using the option Secure Web Settings -> policy Administration, then login to LDAP, and selection the option Users -> Import User? This way I can only import 1 user at a time, and there are hundreds of users to apply this procedure which is unfeasible
• When you tell me to do "user delete" do you mean listing the user, filtering and selecting the users and then delete them? This option would be better if we can find a filter to select the users from the correct Federated Repository, otherwise will also be painfully long process!
  
  • 

Another thing that I would like to understand is how easy is it from identifying easily the Full users and Basic Users.
When I use the Policy Administration I don't see much difference.
When I use Apache Directory Studio, and connect to ISAM local ldap, I cannot find users that are found in the Policy Administration! Am I missing some type of filter to view the basic users?
Here is what I get from Apache Directory Studio. Where are the Basic Users?

------------------------------
Joao Goncalves
Pyxis, Lda.
Sintra
+351 91 721 4994
------------------------------

Original Message:
Sent: Mon October 12, 2020 06:57 AM
From: Jon Harry
Subject: Switch from Basic to Full users and vice-versa

Hi Joao,

A "full" user (a user that has been imported to ISAM) has two LDAP entries:
  1. the inetorgperson object (which contains public user information including password).  Could be in any directory.
  2. the secUser object (which is private ISAM entry under cn=users,secAuthority=Default).  Always in primary directory.

A "basic" user has only the inetorgperson entry.
----

If you have a "basic" user, you can convert it to a full user by performing an "user import" operation.  This will create the secUser object for the user.

If you have a "full" user, you can convert it to a basic user by performing a "user delete" operation.  This will delete the secUser object for the user but, by default, will NOT delete the inetorgperson entry.   (to fully delete a "full" user you can to use the "user delete -registry" operation instead).

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Mon October 12, 2020 06:41 AM
From: Joao Goncalves
Subject: Switch from Basic to Full users and vice-versa

If I am using a Federated Repository and imported full-users, how can I change these users to become basic users?
If I am using a Federated Repository and imported basic-users, and now I need to change these users to full-users what should I do?

If I have multiple Repositories, I believe it is not an option to delete all users and import them all over again. Even making a back up, deleting the ones I need from the ldif file, and restoring the backup again, and the importing the users (basic or full) from the Federated repository is also not a good option!

Basically I would like to know if there is a simple process to do this!

------------------------------
Joao Goncalves
Pyxis, Lda.
Sintra
+351 91 721 4994
------------------------------

Original Message:
Sent: 10/12/2020 7:09:00 AM
From: Joao Goncalves
Subject: RE: Switch from Basic to Full users and vice-versa

Thanks for the information, but I have a additional questions:

• I am using a local directory (but even if I used a remote one, the problem would be the same). When I click "User Import" do you mean using the option Secure Web Settings -> policy Administration, then login to LDAP, and selection the option Users -> Import User? This way I can only import 1 user at a time, and there are hundreds of users to apply this procedure which is unfeasible
• When you tell me to do "user delete" do you mean listing the user, filtering and selecting the users and then delete them? This option would be better if we can find a filter to select the users from the correct Federated Repository, otherwise will also be painfully long process!
  
  • 

Another thing that I would like to understand is how easy is it from identifying easily the Full users and Basic Users.
When I use the Policy Administration I don't see much difference.
When I use Apache Directory Studio, and connect to ISAM local ldap, I cannot find users that are found in the Policy Administration! Am I missing some type of filter to view the basic users?
Here is what I get from Apache Directory Studio. Where are the Basic Users?

------------------------------
Joao Goncalves
Pyxis, Lda.
Sintra
+351 91 721 4994
------------------------------

Original Message:
Sent: Mon October 12, 2020 06:57 AM
From: Jon Harry
Subject: Switch from Basic to Full users and vice-versa

Hi Joao,

A "full" user (a user that has been imported to ISAM) has two LDAP entries:
  1. the inetorgperson object (which contains public user information including password).  Could be in any directory.
  2. the secUser object (which is private ISAM entry under cn=users,secAuthority=Default).  Always in primary directory.

A "basic" user has only the inetorgperson entry.
----

If you have a "basic" user, you can convert it to a full user by performing an "user import" operation.  This will create the secUser object for the user.

If you have a "full" user, you can convert it to a basic user by performing a "user delete" operation.  This will delete the secUser object for the user but, by default, will NOT delete the inetorgperson entry.   (to fully delete a "full" user you can to use the "user delete -registry" operation instead).

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Mon October 12, 2020 06:41 AM
From: Joao Goncalves
Subject: Switch from Basic to Full users and vice-versa

If I am using a Federated Repository and imported full-users, how can I change these users to become basic users?
If I am using a Federated Repository and imported basic-users, and now I need to change these users to full-users what should I do?

If I have multiple Repositories, I believe it is not an option to delete all users and import them all over again. Even making a back up, deleting the ones I need from the ldif file, and restoring the backup again, and the importing the users (basic or full) from the Federated repository is also not a good option!

Basically I would like to know if there is a simple process to do this!

------------------------------
Joao Goncalves
Pyxis, Lda.
Sintra
+351 91 721 4994
------------------------------