Users lost favorites and their Folder '~Webintelligence' in BI-Lauchpad

Document ID : KB000047030
Last Modified Date : 14/02/2018
Show Technical Document Details

Problem:

After reconfiguration of the Authentication-LDAP Tool, user Account where deleted and recreated in CMC. Because of that, the user lost all their favorites and the rights to add objects to favorites, too.

Cause:

If something happens to the LDAP groups, or you get a weird hung state where BOXI looks at the LDAP server and thinks that all the users have been deleted, then you could be in trouble. If BOXI sees what it thinks is a legitimate LDAP graph, it will refresh its user list against it. If that graph is in a state where it has no apparent users, BOXI will do its duty and delete all the users. All of them.

And, BOXI will continue with the standard process, and delete the user folders and inboxes when it deletes the users. So, even when the LDAP graph comes back up, all of the information in those folders will be gone.

Solution:

There are a couple ways to deal with this. First, you can prevent it by giving every user an Enterprise alias in addition to their LDAP alias(es). If the user has an Enterprise alias, then they will not be deleted when the LDAP user is removed. In the above scenario, all of the LDAP aliases would still be deleted, but the users would remain in BOXI (simply unable to log in with their LDAP credentials). When the LDAP comes back up, the users will be recreated and re-associated with the existing Enterprise accounts. Do note, though, that this means that users legitimately deleted from LDAP, e.g., as a result of termination, will not be automatically removed from BOXI. Also, you cannot set BOXI to automatically create Enterprise aliases for new accounts. You have to do so manually. Fortunately, there is a very convenient script over in the BO Downloads forum for automatically adding Enterprise aliases to all users. Run that once a week, and you should be fine.

Second, you can recover from an LDAP disaster relatively easily if you have a BIAR backup. I would suggest taking a BIAR backup of the user folders and inboxes (along with the universes, obviously) once a week. You can schedule this using the command-line tool outlined in the admin guide. That way, if something catastrophic does happen, you can simply re-import the user content from the BIAR file when the LDAP comes back up. Much easier than a standard restore from backup. Do keep the file size limitations of the BIAR file in mind (I'd avoid going over 2GB). You can run out multiple BIAR files, breaking the users up by group.