5 Replies Latest reply on Aug 16, 2013 8:07 AM by Dan Good

    Questions on switching which LDAP group runs BladeLogic jobs

      We currently have a very large number of Blade jobs that run with an execution override (running as ROOT) on some of our more locked down boxes. The LDAP account that was being used for all of our Blade jobs is no longer able to be used (a former manager, no longer with the team - and yes I know that was a poor decision from the start) and we have created a service account and are needing to execute all of our jobs as this new service account.


      My question is this, can we update that setting inside of the existing ROLE that we are using without causing permissions nightmares and having to reset all of the overrides? We have tried creating a whole new role in Blade created with the new service account, but the jobs that were created with the first role all had to be opened up in the ACL permissions to allow the second role, and once we unlocked and updated those in the first role the overrides were all reset and required opening each job up and resetting those to prevent those jobs from failing.


      Has anyone had experience with switching the account used for a role in Blade before? Are there any pointers, or do we just need to switch it over and deal with the fallout after the fact?