This section explains how to maintain user information.

For details on how to perform backup and restore in the directory service including the user information, refer to the manuals of the used directory services.

After restoration, use the following procedure to reflect the user operations (user registration or user deletion) in Resource Orchestrator to the directory service.
The user password change cannot be reflected. Request an administrator of the directory service to re-configure the password.

1. Output the user list information for Resource Orchestrator.

   Example

   [Windows]

   >Installation_folder\SVROR\Manager\bin\rcxadm user list -outfile myusers.txt <RETURN>

   [Linux]

   # /opt/FJSVrcvmr/bin/rcxadm user list -outfile myusers.txt <RETURN>

2. Compare the user information for directory service and the user information for Resource Orchestrator output in 1.

3. Check any users in the user information for Resource Orchestrator output in 1, who are not in the directory service.

4. Use the following procedure for the users confirmed in 3.

   1. Check the operations after the time of backup of directory service, based on the "operation time" registered in audit logs.

   2. As described in a., extract the userid relevant to the following:

      • For the operation type, there are "createUser", "updateUser", and "moveUser"

      • The last operation type is not "deleteUser"

   3. Register the users extracted in b., in the directory service.

   4. When the last operation type in b. is "deleteUser", delete the relevant users from the directory service if necessary.

      Note

      Delete users, after checking that the user is not necessary for other system operations.

5. Exclude the users restored in 4. from the users checked in 3.

   Register the other users in the directory service.

6. Register an infrastructure administrator and a dual-role administrator as a reviewer for an application process from the users registered in the directory service in 5.

   For details on how to register as a reviewer for an application process, refer to "6.5.1.2 Adding an infrastructure administrator/dual-role administrator to IflowUsers Group" in the "Setup Guide CE".

7. Check any users not in the user information for Resource Orchestrator output in 1, who are in the directory service.

8. Exclude the users deleted in d. in 4. from the users checked in 7.

   The other users may be an infrastructure administrator, an infrastructure operator, an infrastructure monitor, an administrator, an operator, or a monitor for Resource Orchestrator.
   In the directory service, delete a user if necessary.

   Note

   Delete the user, by checking that the user is not necessary for the other system operations.

   
   

Change the password for the directory service administrative user using the following procedure.

1. Change the administrative password for the directory service.

2. Execute the rcxadm authctl modify command to change the administrative user password of the directory service to be retained as the connection information.

   
   

When the directory service is stopped due to an error, use the following procedure to perform switchover to the internal authentication function, and restoration.

1. Stop the Resource Orchestrator manager.

   For details on how to stop the manager, refer to "7.2 Starting and Stopping the Manager" of the "Setup Guide CE".

2. The directory service registration is released.

   Execute the rcxadm authctl unregister command to unregister the directory service.
   For details on the rcxadm authctl unregister command, refer to "1.7.10 rcxadm authctl" of the "Reference Guide (Resource Management) CE".

3. Start the Resource Orchestrator manager.

   For details on how to start the manager, refer to "7.2 Starting and Stopping the Manager" of the "Setup Guide CE".

4. The directory service is restored.

5. Stop the Resource Orchestrator manager.

   For details on how to stop the manager, refer to "7.2 Starting and Stopping the Manager" of the "Setup Guide CE".

6. The directory service is registered.

   Execute the rcxadm authctl register command to register the directory service.
   For details on the rcxadm authctl register command, refer to "1.7.10 rcxadm authctl" of the "Reference Guide (Resource Management) CE".

7. Start the Resource Orchestrator manager.

   For details on how to start the manager, refer to "7.2 Starting and Stopping the Manager" of the "Setup Guide CE".

   
   

Use the following procedure to perform restoration after Resource Orchestrator stops due to an error:

1. Restore the backup data of Resource Orchestrator.

   For details on how to restore, refer to "Chapter 8 Backup and Restoration of Admin Servers".

2. Start the Resource Orchestrator manager.

   For details on how to start the manager, refer to "7.2 Starting and Stopping the Manager" of the "Setup Guide CE".