The Situation:
IBM BPM has been successfully installed and is up and running! Also you have successfully added your active directory(s) to your federated repositories and are able to find users and groups in the WAS console. Continuing with the good news you have also successfully found users in IBM BPM ProcessAdmin and ProcessCenter consoles, however for some reason you are unable to find groups and no meaningful error in the logs.
The Problem:
By Default IBM BPM sets the max number of search results of groups returned in IBM BPM is 4500 and because IBM BPM doesn’t the objectclass=group.
The Solution:
There are two main areas to fix your, object class filter in your repository and the wimconfig.xml
Steps:
WAS Admin Console
- Login into the WAS Admin console as your administrator user, navigate to your repository and group mappings
Global security > Federated repositories > Manage repositories > LDAP1 > Federated repositories entity types to LDAP object classes mapping > Group
- Change the search filter to
*below is an example of Microsoft Active Directory – Please contact your LDAP or AD admin for a qualified string*
- At minimum
(ObjectCategory=Group)
- At ideally limiting your search results but adding a filter.
(&(ObjectCategory=Group)(|(cn=*any limiting seach*)(cn=any limiting search*)))
- Save you configuration changes to the master.
- Sync your node.
File-System.
- Navigate to this directory and back up your WimConfig.xml
/<IBM BPM install Directory>/profiles/DmgrProfile/config/cells/<yourCellName>/wim/config/wimconfig.xml
- And change this value maxSearchResults=“4500” to your total number +growth of groups you want to return
Sync your nodes.
- Shut down the server and do a Manual Sync of nodes and restart.
- You should be able to find your groups now.