Skip to main content

IBM

IBM BPM 8 – Unable to search for groups in a large AD repository

by on January 14th, 2015 | ~ minute read

The Situation:

IBM BPM has been successfully installed and is up and running! Also you have successfully added your active directory(s) to your federated repositories and are able to find users and groups in the WAS console. Continuing with the good news you have also successfully found users in IBM BPM ProcessAdmin and ProcessCenter consoles, however for some reason you are unable to find groups and no meaningful error in the logs.

The Problem:

By Default IBM BPM sets the max number of search results of groups returned in IBM BPM is 4500 and because IBM BPM doesn’t the objectclass=group.

The Solution:

IBM / Red Hat - Unlock Potential App Modernization
Unlock Your Potential with Application Modernization

Application modernization is a growing area of focus for enterprises. If you’re considering this path to cloud adoption, this guide explores considerations for the best approach – cloud native or legacy migration – and more.

Get the Guide

There are two main areas to fix your, object class filter in your repository and the wimconfig.xml

Steps:

WAS Admin Console

  1. Login into the WAS Admin console as your administrator user, navigate to your repository and group mappings

Global security > Federated repositories > Manage repositories > LDAP1 >  Federated repositories entity types to LDAP object classes mapping > Group

  1. Change the search filter to
    *below is an example of Microsoft Active Directory – Please contact your LDAP or AD admin for a qualified string*
  • At minimum

(ObjectCategory=Group)

  • At ideally limiting your search results but adding a filter.

(&(ObjectCategory=Group)(|(cn=*any limiting seach*)(cn=any limiting search*)))

  1. Save you configuration changes to the master.
  2. Sync your node.

File-System.

  1. Navigate to this directory and back up your WimConfig.xml  /<IBM BPM install Directory>/profiles/DmgrProfile/config/cells/<yourCellName>/wim/config/wimconfig.xml
  2.  And change this value  maxSearchResults=“4500” to your total number +growth of groups you want to return

Sync your nodes.

  1. Shut down the server and do a Manual Sync of nodes and restart.
  2. You should be able to find your groups now.

Tags

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Graham Wallis

More from this Author

Categories
Follow Us
TwitterLinkedinFacebookYoutubeInstagram