DX NetOps

  • Private Community

  • 1.  User password in MLS configuration (Spectro 9.4.4)

    Posted Oct 02, 2016 12:50 AM

    Can someone tell me what the expected behavior is for the following setup?

     

    Setup: One MLS server connecting 50+ Spectro servers, each having their own landscape.

     

    Our admins and managers log into the MLS directly to get the overview of the network. Each site has local users who log into their local instance.  When we add/delete accounts, we do it through the MLS, and eventually it will sync its way down to the landscape where it is needed.

     

    We see problems when a landscape is unavailable (network availability). If a user was deleted while their landscape was offline, it either complains, or removes it, but only until the landscape comes back up and the user is re-added to the MLS.

     

    We are trying to streamline our user password management, and the above is just making a mess of everything. The MLS should be the authority for users and all connected landscapes should sync their user database to the MLS. It would be even better if only user accounts used in the landscape were synced (maybe that is how it works, I don't know).

     

    Is there a way to force a sync of the user models across all landscapes?



  • 2.  Re: User password in MLS configuration (Spectro 9.4.4)

    Posted Oct 03, 2016 03:18 PM

    The way we do this is to make sure ldap synchronises every hour so if landscapes come back up, we can fix them.

     

    Every hour I have an LDAP script which gets the members in the specific groups and go through each landscape and make sure each user is created. If a landscape is not available it just carries on. There might be 0-60 mins that a login could not work, or if a landscape is down for a long time then that's acceptable too.

     

    Any users no longer in ldap is moved to a disabled group. We find this is the best if someone comes back still has their preferences instead of just getting a clean account!



  • 3.  Re: User password in MLS configuration (Spectro 9.4.4)

    Broadcom Employee
    Posted Oct 03, 2016 03:26 PM

    In the User’s Advanced Area there is a “Synchronize Now” button that should do the trick…You could give this a try when the unavailable server comes back up:

     

     

     

    Cheers

    Jay



  • 4.  Re: User password in MLS configuration (Spectro 9.4.4)

    Posted Oct 03, 2016 08:57 PM

    But is that going to sync just one account or all accounts? We usually push password updates in groups. Spectrum updates can be a significant number of users. The goal here is to be able to automate the password change process so we don't have to go into Spectrum at all, we just update LDAP and be done with it.



  • 5.  Re: User password in MLS configuration (Spectro 9.4.4)
    Best Answer

    Posted Oct 04, 2016 03:39 PM

    To force a sync of the user models across all landscapes:

    1. Log into the OneClick web page as an ADMIN user

    2. Click on the Administration link

    3. Click on the Landscape link

    4. Select all of the servers in the list

    5. Click on the Sync With Master button