This utility allows inserting of new user accounts and/or updating the user information stored in accounts with additional information which could not be imported for what reason ever from LDAP (e.g. company, e-mail, phone numbers, etc.). It is stored in the bin subdirectory of the ProcMan installation. For to start it, change in the directory where ProcMan is installed (with cd command in the command window or by setting the work directory in a scheduler) and execute the command:
Windows:
Unix:
In the execution command replace the <input_file> with the file name (including an absolute or relative path) of the input file containing the user information and the <configuration_id> with a valid configuration id of the required configuration from the configuration file etc/hwm_update_accounts_config.php. Take care that the configuration id is case sensitive so it has to be tipped exactly like it is specified in the configuration file.
The input file has to be a plain text file containing the additional information for users for which the account information shall be updated. Each line of the file has to represent the information about one user and has to contain the user id. A good example for an acceptable input file is a file in a comma separated file format.
Before the utility can be started the structure of the input file has to be described in the configuration file etc/hwm_update_accounts_config.php of the ProcMan installation. Let us explain the content of the configuration file on an example:
In the mandatory section config the configurations for which the utility can be started has to be specified. There must be at least one configuration described in this section. Each configuration must have a unique configuration id specified. In the example above there are two configurations having configuration ids UPDATE_ONLY and UPDATE_INSERT. When starting the utility, the required configuration has to be selected by tipping its configuration id in the -c parameter.
In each configuration ignore and user_info sections like described above can be defined as well. The difference is that the definitions done outside of configurations take effect for all configurations, while the definitions done in a configuration take effect only for this configuration. When starting the utility, the definitions done outside of configurations (if any) and in the selected configuration (if any) are merged. Beware that there must be at least one valid user_info specification either outside of configurations or inside of the selected configuration, otherwise the utility ends with an error.
If the value of the configuration parameter update is true, for all users read from the input file already having an account in ProcMan, the accounts will be updated using the information read from the input file. If update is false, all users read from the input file already having an account in ProcMan are ignored and no update takes place.
If the value of the configuration parameter insert is true, for all users read from the input file not having an account in ProcMan yet, new accounts are being created. If insert is false, all users read from the input file not having an account in ProcMan yet are ignored and no accounts creation takes place.
At least one of the configuration parameters update and insert must be true, otherwise the utility ends with an error.
The configuration parameter client is required only if insert is true. In this parameter a name of an existing ProcMan client has to be specified. This informs the utility in which client the new accounts shall be created.
The configuration parameter case_sensitive has effect only if insert is true. If the parameter is set true, the user names tipped at the ProcMan login will be handled by the newly created accounts as case sensitive (abc ≠ ABC). If the parameter is set false, they are handled as case insensitive (abc = ABC).
The configuration parameter db_authentication has effect only if insert is true and if ldap_host is not specified. If the parameter is set true, the users of the newly created accounts will be authenticated by the database at the ProcMan login. If the parameter is set false, the passwords in all new accounts will be initialized with the user name in lowercase and users will be authenticated by ProcMan itself at the ProcMan login.
The configuration parameter ldap_host has effect only if insert is true. In this parameter the host of the LDAP system which shall authenticate the users for which new accounts are created by the utility. The value can be specified as an IP address, a DNS name or a URL (ldap://<host>:<port>, ldaps://<host>:<port>).
The configuration parameter ldap_port has effect only if insert is true and ldap_host is set and not specified as a URL. In this parameter the port number on the LDAP host defined in ldap_host has to be specified.
The configuration parameter ldap_chng_password has effect only if insert is true and ldap_host is set. It specifies whether the inserted users will be allowed to change their LDAP password from ProcMan.
The configuration parameter ldap_server_type has effect only if insert is true and ldap_host is set. It specifies the LDAP system/backend type. The value RACF (case insensitive) specifies that the inserted users will be authorized by a RACF backend via LDAP. For other LDAP servers/backends the value must be different from RACF. To specify a proper type here is important because changing of a password via LDAP works different for RACF and for other LDAP servers/backends.
The configuration parameter ldap_password_id has effect only if insert is true and ldap_host is set. If ldap_server_type is different than RACF it must be specified and not empty. Otherwise ldap_chng_password is automatically set to false. It specifies the name of the password attribute in the LDAP structure of the user data. For RACF this parameter is ignored.
The configuration parameter ldap_dn has effect only if insert is true and ldap_host is set. In this parameter the DN pattern for the new accounts created by the utility has to be specified. It must contain the place holder <USER> which is replaced with the user name for each newly created account by the utility.
The configuration parameter ldap_test_user has effect only if insert is true and ldap_host is set. This parameter is optional and can contain a user name which (if specified) is used by the utility to verify the connection to the LDAP system specified in the previous LDAP parameters.
The configuration parameter ldap_test_password has effect only if insert is true, ldap_host is set and ldap_test_user is set. In this parameter the encrypted password (generated by the encryption tool in the ProcMan’s administration dialog) for the user defined in ldap_test_user can be specified.
The configuration parameter zos_name has effect only if insert is true. In this parameter the name of the z/OS authentication system configuration which shall be used for the user authentication can be specified. If a configuration with this name is not defined yet, the utility creates the definition.
The configuration parameter zos_host has effect only if insert is true and zos_name is set. In this parameter the host of the z/OS system which shall authenticate the users for which new accounts are created by the utility. The value can be specified as an IP address or a DNS name.
The configuration parameter zos_port has effect only if insert is true and zos_name is set. In this parameter the port number of the HORIZONT z/OS utilities service (also known as HORILST) on the authentication z/OS system has to be specified.
The configuration parameter zos_member has effect only if insert is true and zos_name is set. In this parameter the member name of the HORIZONT z/OS utilities handler (also known as HORJSRV) on the authentication z/OS system has to be specified.
In the optional section ignore patterns of lines which shall be ignored form the update can be specified. Such lines are typically headers which do not represent any real user. The patterns have to be specified in a form of a regular expression (for detailed information about the syntax of the regular expressions see ). There can be specified more than one pattern in the ignore section by adding further array('pattern' => '…'), statements.
In the optional section user_info patterns of lines which contain the user information can be specified. The patterns have to be specified in a form of a regular expression (for detailed information about the syntax of the regular expressions see ). There can be specified more than one pattern in the user_info section by adding further array('pattern' => '…', 'user' => '…', …), statements. Further for each pattern an assignment of parts of a user line read from the input file to the account data items user (user id), description, company, department, telephone, mobile and email has to be specified in the user_info section. Not all account data items must be filled (except the item user which is mandatory). In the case that the user lines in the input file does not contain some information the assignment to the corresponding account data items can be omitted or commented out like in the case of the item mobile in the example above. The assignment of a part of a read user line to an account data item is done by specifying an integer index of the sub-pattern representing the account data item in the input user line. Sub-patterns are specified by parentheses in the input user line pattern. First sub-pattern has the index 1, the second one the index 2, etc. In the example above the user id is in the matching user line represented by the 6th sub-pattern so in the configuration file it is specified as ‘user’ => array(6). Moreover the assignment can be specified as a concatenation of parts of the user line represented by more than one sub-pattern and string literals. In the example above the item description is made of the title (sub-pattern 2), forename (sub-pattern 3) and surname (sub-pattern 1) delimited by a space (' ') which is specified as 'description' => array(2, ' ', 3, ' ', 1).