2 Replies Latest reply on Feb 28, 2011 8:54 PM by Pawan Kothe

    Sync RBAC with AD - issue with BLCLI RBACRole syncusers

      Hello all,


      First, I have to say that I'm a newbie with BladeLogic


      In order to ease the user management, I have a requirement to synchronize RBAC with our Active Directory.

      I read all the official documentation and try to implement this synchronization with the blcli command RBACRole syncusers.


      I have a number of users who are members of an AD groups and with the syncusers command I would like to create their accounts in RBAC and assign them a defined role.


      I think I have followed all the steps correctly but when I try to use the RBACRole syncusers command nothing happens.

      I have increase the logging level of BLCLI in order to have more information but I see nothing special.


      Here are all the command lines I executed :


      blcred cred -acquire -profile <myprofile> -username RBACAdmin -password <password>

      blcli -v <myprofile> Impersonation createAutomationPrincipal fa_blldapbnd "funtional user for bind LDAP" "CN=fa_blldapbnd,OU=Functional,OU=Operational Accounts,DC=beprod01,DC=eoc,DC=test" "" "password1*"

      blcli -v <myprofile> Ldap createConnection testbeprod01_ldpaconnect beprod01.eoc.test <Path to my crt file> "LDAP connection to testbeprod01"

      blcli -v <myprofile> RBACRole syncUsers BLAdmins testbeprod01_ldpaconnect fa_blldapbnd "CN=T_PRM_BladeLogic_BLAdmins,OU=BladeLogic,OU=Applications,OU=Resources,DC=beprod01,DC=eoc,DC=test" "(&(objectClass=user)(logonCount=1))" userPrincipalName



      Here also a screenshot of the output of the execution of the syncusers command with the debug level.

      Thanks in advance for all the help you can give me.