Reporting Configuration: Change LDAP/AD
Revision as of 19:14, 2 August 2010 by Jkratky
Change the current LDAP (Active Directory) to a different one
|Problem Summary||To Change the current LDAP/AD to a different one causes a number of issues:|
|Error Message||Warning: You have changed the LDAP server configuration which will impact user logons, access to reports, dashboards, collections and other objects created by users not in the new LDAP server and may affect users synchronization. Are you sure you want to make the change?|
|Possible Cause|| When CUIC changes its LDAP parameters, it will change the CUIC user authentication provider. The following issues may affect the CUIC server:
1) All domain users which were authenticated by the old LDAP/AD server will not be able to log in any more. 2) All the CUIC objects created/owned by those domain users will become orphans. i.e. The objects' original owners cannot modify or delete them since they cannot log in. 3) If originally UCCE user synchronization is enabled and the old LDAP server is the one used by the original UCCE supervisors, the new LDAP server will be out of sync with the original UCCE. And all users and collections created through UCCE synchronization will be orphans as well.
|Recommended Action|| Make sure the change of LDAP server is necessary. If so, click "OK", otherwise, click "Cancel".
Once the LDAP server change is made, CUIC security admin user should "clean" up the orphan objects. Please follow this order when deleting these objects: a) All the dashboards created by those orphan users. b) All the dashboard categories created by those orphan users. c) All the collections created by those orphan users or created by UCCE synchronization. d) All the value lists created by those orphan users. e) All the reports created by those orphan users. f) All the report categories created by those orphan users. g) All the report definitions created by those orphan users. h) All the report definition categories created by those orphan users. a) All the data sources created by those orphan users and not useful any more. b) All those orphan users. Note: i) If any object that is created by those orphan users is still used or referenced by other CUIC users, you can either recreate it or by editing and save as to a different object, and you have to reset the appropriate sharing permissions. ii) You cannot delete a CUIC object if it is still referenced by any other object. iii) You cannot delete a CUIC user if any object that created by the user still exists in CUIC database. iv) When deleting a category, make sure all the subcategories, and all the objects in the category and subcategories are the ones that need be deleted. Once a CUIC object is deleted, there is no way to undelete !!
|Associated CDETS #||CSCtf76504|