Spotfire Ideas Portal
In some scenarios with temporal network connectivity issues, when using LDAP synchronization and safe-synchronization enabled, there are sync issues on WARN level, so the user sync continues and "succeeds" and, afterwards, so does the group sync. Since some users are not fetched from the LDAP server due to the issue, they are subsequently removed from the groups in Spotfire during the group sync, resulting in users not being able to open expected analysis and folders in the library.
The safe-synchronization feature only works for ERROR conditions, and follows the principle "secure by default". In other words, if the sync operation didn't get updates on any of the users, those were removed from the system to avoid any security breach. What the customer is proposing is to raise the exception type they see below from WARN to ERROR.
For more information, see: https://docs.tibco.com/pub/spotfire_server/latest/doc/html/TIB_sfire_server_tsas_admin_help/server/topics/user_synchronization.html
We would like to improve the safe-synchronization by adding any of the following behaviors:
a) configurable setting, e.g. safe-syncronization-max-retry=[0-9]: retry (max num of times, 0 =no retry) sync if non critical issues occur
b) configurable setting, e.g. safe-syncronization-level=[WARN|ERR], safe-synchronization-remove-users=[true|false]: if safe-synchronization is enabled and an error/warn occurs during user sync, continue sync and the users will NOT be removed from groups.
c) configurable setting, e.g. safe-syncronization-level=[WARN|ERR], safe-synchronization-action=[continue|abort]: if safe-synchronization is enabled and an error/warn occurs during user sync, throw an error and stop user and group sync
Please, comment on which alternative suits better your needs.
Thanks