Tivoli Directory Integrator IBM Software Group Tivoli Directory
Tivoli Directory Integrator IBM Software Group ® Tivoli Directory Integrator Bi-directional Active Directory – Domino Sync (part II – how to build it) Eddie Hartman eddie. hartman@no. ibm. com 2007. 03. 07 using TDI 6. 1. 1
Tivoli Directory Integrator IBM Software Group Bi-directional AD - Domino Sync TDI Applications Sync adds/mods/deletes to Domino AD change connector Domino Users connector Active Directory Sync change to mail address back to AD LDAP connector Applications Lotus Domino change connector In this scenario, users are managed in AD and need to be synchronized with Domino 1. All data is pushed into Domino when new Users are added in AD. 2. E-mail is ”owned” by Domino, so changes in AD will not overwrite the ”Internet Address” in Domino. 3. Changes to the internet mail address in Domino are sync’ed to AD. 4. Any of the above logic can be easily and quickly modified and extended. 2
Tivoli Directory Integrator IBM Software Group Agenda Preparation Set up the Connectors Build the AD -> Domino Assembly. Line Build the Domino -> AD Assembly. Line 3
Tivoli Directory Integrator IBM Software Group Preparation Set the System Store in network mode. Used to persist synchronization state. For Domino access via local Notes client: Give TDI access to the Notes. jar file 4
Tivoli Directory Integrator IBM Software Group Set up the Connectors Domino Users Connector Domino Change Detection Connector Active. Directory LDAP Connector AD Changelog v 2 Connector 5
Tivoli Directory Integrator IBM Software Group Build AD -> Domino AL Detect changes in AD IF change is an add or modify then update to Domino ELSE IF change is a delete then delete from Domino 6
Tivoli Directory Integrator IBM Software Group AD -> Domino AL Active Directory Change Detection Connector If delete Do not overwrite mail address in Domino No Yes Delete Mode Connector Update Mode Connector Domino 7
Tivoli Directory Integrator IBM Software Group Build Domino -> AD AL Detect changes in Domino IF change is an modify to mail address then update to AD ELSE IF change is an add or delete then what? (log it? report it? . . . ) 8
Tivoli Directory Integrator IBM Software Group AD -> Domino AL Change Detection Connector Only write changes to the mail address If modify Domino No Yes Update Mode Connector Handle this Error Active Directory 9
Tivoli Directory Integrator IBM Software Group Linking diverse data sets In order to handle deletes, we stored object. GUIDstr from AD in Domino However, object. GUIDstr is just a string representation of a binary attribute in AD. . . so we can’t search in AD using the string value we put in Domino So we need to store the directory ’pointer’ to each AD User entry (the ’dn’) as well. 10
- Slides: 10