This is an archive of the Maximo Yahoo Community. The content of this pages may be a sometimes obsolete so please check post dates.
Thanks to the community owner Christopher Wanko for providing the content.
Your Maximo site is setup with LDAP. Groovy.
So how do you test a userid if you don't know their AD password? In short, how do you impersonate users when testing or developing if LDAP (AD) is controlling things?
-C
Here is what I do.
1. Pick a user that you want to impersonate (USER)
2. Write an update query to change your USERID on GROUPUSER to USERID_OLD.
a. Update groupuser set userid = 'USERID_OLD' where userid = 'USERID';
3. Write another update query to replace user (step 1) with your userid on GROUPUSER.
a. Update groupuser set userid = 'USERID' where userid = 'USER';
4. Commit and test. Once done, reverse.
Be sure to replace USERID with your user and USER with the user you want to impersonate.
I know it is not clean, but that is the best way I've come up with. It would be nice for a support mode to allow you to directly impersonate another user, but alas, I don't know of a way.
Thank you,
Ron Bryant | Maximo Program Manager
Manufacturing IT
*:ron_bryant@cargill.com<mailto:ron_bryant@cargill.com>
From: MAXIMO@yahoogroups.com [mailto:MAXIMO@yahoogroups.com]
Sent: Friday, August 19, 2016 12:32 PM
To: MAXIMO@yahoogroups.com
Subject: [MAXIMO List] Okay, another good one.
Your Maximo site is setup with LDAP. Groovy.
So how do you test a userid if you don't know their AD password? In short, how do you impersonate users when testing or developing if LDAP (AD) is controlling things?
-C
---In MAXIMO@yahoogroups.com, <ron_bryant@cargill.com> wrote :
Here is what I do.
1. Pick a user that you want to impersonate (USER)
2. Write an update query to change your USERID on GROUPUSER to USERID_OLD.
3. Write another update query to replace user (step 1) with your userid on GROUPUSER.
4. Commit and test. Once done, reverse.
This is brutally effective. Clearly, the problem of LDAP test / service accounts should be considered before going forward with any implementation. This is excellent, thanks Ron.
-C
LDAP requires a group called maximousers. After that you can add anyone to that group. maxadmin can be a user in that group and you'd have access to that password. We don't masquerade as anyone else nor ask people for their password as that is against network security policy.