Hello Community,

one of our customers, currently in the proces of upgrade from Maximo 7.6.1.x to MAS 8.11, is using VMM user registry synchronization.
For historical reasons current LDAP to Maximo user mapping looks as follows:

<?xml version="1.0" encoding="UTF-8" ?><!DOCTYPE ldapsync  SYSTEM 'ldapuser.dtd'><ldapsync>	<user>		<basedn>[edit]</basedn>		<filter>[edit]</filter>		<scope>subtree</scope>		<attributes>			<attribute>sAMAccountName</attribute>			<attribute>extensionattribute2</attribute>			<attribute>givenName</attribute>			<attribute>sn</attribute>			<attribute>displayName</attribute>			<attribute>mobile</attribute>		</attributes>		<datamap>			<table name="MAXUSER">				<keycolumn name="USERID" type="UPPER">extensionattribute2</keycolumn>				<column name="LOGINID" type="ALN">sAMAccountName</column>				<column name="PERSONID" type="UPPER">extensionattribute2</column>			</table>			<table name="PERSON">				<keycolumn name="PERSONID" type="UPPER">extensionattribute2</keycolumn>				<column name="FIRSTNAME" type="ALN">givenName</column>				<column name="LASTNAME" type="ALN">sn</column>				<column name="DISPLAYNAME" type="ALN">displayName</column>				<column name="STATUSDATE" type="ALN">{:sysdate}</column>			</table>			<table allowdelete="true" name="PHONE">				<keycolumn name="PERSONID" type="UPPER">extensionattribute2</keycolumn>				<keycolumn name="TYPE" type="UPPER">{WORK}</keycolumn>				<keycolumn name="ISPRIMARY" type="YORN">{1}</keycolumn>				<column name="PHONENUM" required="true" type="ALN">mobile</column>			</table>		</datamap>	</user></ldapsync>

What's special about this setup is that:

1. MAXUSER.USERID and PERSON.PERSONID are being mapped to a custom LDAP attribute extensionattribute2
2. MAXUSER.LOGINID is mapped to LDAP attribute sAMAccountName.

Once upgrade process completes we have all users synchronized to MAS Core and User record/document in MongoDB is effectively populated as follows:

• id <-- MAXUSER.USERID <-- LDAP(extensionattribute2)
• username <-- MAXUSER.LOGINID <-- LDAP(sAMAccountName)

So far so good!

According to MAS 8.11 documentation of LDAP user registry synchronization (Limitations section) "The only customized mapping property is userName. Other attributes are mapped by using IBM Liberty defaults.". Yet, the same documentation states in Customizations in ScimCfg Custom Resource section that "you can change some configurations in the ScimCfg Custom Resource as the configurations are not available in the Maximo Application Suite user interface".

I must admit I'm confused... I'm new to Websphere Liberty (what are those IBM Liberty defaults?) and don't really know how the user synchronization process works under the hood in MAS.

I'm seeking in the first place for an advice whether it's somehow possible to achieve the same mapping in MAS as we had in 7.6.1.x?
If it's not supported yet then does anyone know when that is expected to be supported?
Could you think of any alternative or a workaround how to eventually avoid scripting user IDs throughout Maximo database?

Hi Andrzej,

I am in the same position. Did you find an answer to your question ?

Thanks,

Hello Community,

one of our customers, currently in the proces of upgrade from Maximo 7.6.1.x to MAS 8.11, is using VMM user registry synchronization.
For historical reasons current LDAP to Maximo user mapping looks as follows:

<?xml version="1.0" encoding="UTF-8" ?><!DOCTYPE ldapsync  SYSTEM 'ldapuser.dtd'><ldapsync>	<user>		<basedn>[edit]</basedn>		<filter>[edit]</filter>		<scope>subtree</scope>		<attributes>			<attribute>sAMAccountName</attribute>			<attribute>extensionattribute2</attribute>			<attribute>givenName</attribute>			<attribute>sn</attribute>			<attribute>displayName</attribute>			<attribute>mobile</attribute>		</attributes>		<datamap>			<table name="MAXUSER">				<keycolumn name="USERID" type="UPPER">extensionattribute2</keycolumn>				<column name="LOGINID" type="ALN">sAMAccountName</column>				<column name="PERSONID" type="UPPER">extensionattribute2</column>			</table>			<table name="PERSON">				<keycolumn name="PERSONID" type="UPPER">extensionattribute2</keycolumn>				<column name="FIRSTNAME" type="ALN">givenName</column>				<column name="LASTNAME" type="ALN">sn</column>				<column name="DISPLAYNAME" type="ALN">displayName</column>				<column name="STATUSDATE" type="ALN">{:sysdate}</column>			</table>			<table allowdelete="true" name="PHONE">				<keycolumn name="PERSONID" type="UPPER">extensionattribute2</keycolumn>				<keycolumn name="TYPE" type="UPPER">{WORK}</keycolumn>				<keycolumn name="ISPRIMARY" type="YORN">{1}</keycolumn>				<column name="PHONENUM" required="true" type="ALN">mobile</column>			</table>		</datamap>	</user></ldapsync>

What's special about this setup is that:

1. MAXUSER.USERID and PERSON.PERSONID are being mapped to a custom LDAP attribute extensionattribute2
2. MAXUSER.LOGINID is mapped to LDAP attribute sAMAccountName.

Once upgrade process completes we have all users synchronized to MAS Core and User record/document in MongoDB is effectively populated as follows:

• id <-- MAXUSER.USERID <-- LDAP(extensionattribute2)
• username <-- MAXUSER.LOGINID <-- LDAP(sAMAccountName)

So far so good!

According to MAS 8.11 documentation of LDAP user registry synchronization (Limitations section) "The only customized mapping property is userName. Other attributes are mapped by using IBM Liberty defaults.". Yet, the same documentation states in Customizations in ScimCfg Custom Resource section that "you can change some configurations in the ScimCfg Custom Resource as the configurations are not available in the Maximo Application Suite user interface".

I must admit I'm confused... I'm new to Websphere Liberty (what are those IBM Liberty defaults?) and don't really know how the user synchronization process works under the hood in MAS.

I'm seeking in the first place for an advice whether it's somehow possible to achieve the same mapping in MAS as we had in 7.6.1.x?
If it's not supported yet then does anyone know when that is expected to be supported?
Could you think of any alternative or a workaround how to eventually avoid scripting user IDs throughout Maximo database?

Hi Amir,

It's been quite some time ago when I was facing this challenge and at that time we decided to go for bespoke user synchronization tool as it turned out that we need to satisfy few more very specific requirements.

I know though that meanwhile IBM has made significant progress in the development and there might be right tools already now. Perhaps someone watching this thread can fill in what options we do have these days. That would be appreciated.

Hi Andrzej,

I am in the same position. Did you find an answer to your question ?

Thanks,

Hello Community,

one of our customers, currently in the proces of upgrade from Maximo 7.6.1.x to MAS 8.11, is using VMM user registry synchronization.
For historical reasons current LDAP to Maximo user mapping looks as follows:

<?xml version="1.0" encoding="UTF-8" ?><!DOCTYPE ldapsync  SYSTEM 'ldapuser.dtd'><ldapsync>	<user>		<basedn>[edit]</basedn>		<filter>[edit]</filter>		<scope>subtree</scope>		<attributes>			<attribute>sAMAccountName</attribute>			<attribute>extensionattribute2</attribute>			<attribute>givenName</attribute>			<attribute>sn</attribute>			<attribute>displayName</attribute>			<attribute>mobile</attribute>		</attributes>		<datamap>			<table name="MAXUSER">				<keycolumn name="USERID" type="UPPER">extensionattribute2</keycolumn>				<column name="LOGINID" type="ALN">sAMAccountName</column>				<column name="PERSONID" type="UPPER">extensionattribute2</column>			</table>			<table name="PERSON">				<keycolumn name="PERSONID" type="UPPER">extensionattribute2</keycolumn>				<column name="FIRSTNAME" type="ALN">givenName</column>				<column name="LASTNAME" type="ALN">sn</column>				<column name="DISPLAYNAME" type="ALN">displayName</column>				<column name="STATUSDATE" type="ALN">{:sysdate}</column>			</table>			<table allowdelete="true" name="PHONE">				<keycolumn name="PERSONID" type="UPPER">extensionattribute2</keycolumn>				<keycolumn name="TYPE" type="UPPER">{WORK}</keycolumn>				<keycolumn name="ISPRIMARY" type="YORN">{1}</keycolumn>				<column name="PHONENUM" required="true" type="ALN">mobile</column>			</table>		</datamap>	</user></ldapsync>

What's special about this setup is that:

1. MAXUSER.USERID and PERSON.PERSONID are being mapped to a custom LDAP attribute extensionattribute2
2. MAXUSER.LOGINID is mapped to LDAP attribute sAMAccountName.

Once upgrade process completes we have all users synchronized to MAS Core and User record/document in MongoDB is effectively populated as follows:

• id <-- MAXUSER.USERID <-- LDAP(extensionattribute2)
• username <-- MAXUSER.LOGINID <-- LDAP(sAMAccountName)

So far so good!

According to MAS 8.11 documentation of LDAP user registry synchronization (Limitations section) "The only customized mapping property is userName. Other attributes are mapped by using IBM Liberty defaults.". Yet, the same documentation states in Customizations in ScimCfg Custom Resource section that "you can change some configurations in the ScimCfg Custom Resource as the configurations are not available in the Maximo Application Suite user interface".

I must admit I'm confused... I'm new to Websphere Liberty (what are those IBM Liberty defaults?) and don't really know how the user synchronization process works under the hood in MAS.

I'm seeking in the first place for an advice whether it's somehow possible to achieve the same mapping in MAS as we had in 7.6.1.x?
If it's not supported yet then does anyone know when that is expected to be supported?
Could you think of any alternative or a workaround how to eventually avoid scripting user IDs throughout Maximo database?