Monday, June 16, 2014

... renaming users

Trying to find out how to get the activities feed and activities dashlets working for AD sync'ed mixed-case usernames ... I found some help in the property: user.name.caseSensitive

Setting it to true works for activity feeds, if you set it form the beginning, but not if on a running system ...

After playing with the alfresco-global.properties, i found AD sync'ed some users were 'moved'. EX: from userName 'LULA' to 'LULA80cb1574-7b9b-4cfb-b82f-f0c72a5ea346'. All authoritive containers were changed.

This happened because Alfresco was set with the properties:

user.name.caseSensitive=false

I changed it back, but damage was done! 

And when the user with AD-username in uppercase, EX: 'LULA', alfresco wanted to reuse it for the new username (in a different case) and renamed it.

The user was not deleted because of property:

synchronization.allowDeletions=false


 Using AE 4.1.1.3 i decided to try and recover the users changed (only ones that tryed logging in). I found out the users with changed usernames still had the correct zones (synchronization subsystem).

Lets try to rename the user. First observation was javascript console cannot change the userName (permission denied), probably need to be system user, so I found the rename User tool.

- stop Alfresco

- comment out vti module contexts: 

tomcat/webapps/alfresco/WEB-INF/classes/alfresco/module/org.alfresco.module.vti/module-context.xml file:

EX:
<beans>
<!-- <import resource="classpath:alfresco/module/org.alfresco.module.vti/context/*-context.xml"/> -->
</beans>


- go into 'tomcat/webapps/alfresco/WEB-INF'

- run RenameTool:
java -XX:MaxPermSize=512m -classpath ../../../lib/*:../../../endorsed/*:lib/*:classes:classes/alfresco/module:classes/alfresco/module/org.alfresco.module.vti:../../../shared/classes org.alfresco.tools.RenameUser -user admin -pwd admin LULA80cb1574-7b9b-4cfb-b82f-f0c72a5ea346 LULA -verbose

- Reenable VTI

- start Alfresco

- Change in Javascript console (installed?) cm_owner on user:
var person = people.getPerson("LULA");
person.properties.owner="LULA";
person.save();


- site membership should be restored :)

- Now find out which AD groups was removed :(

No comments:

Post a Comment