Hi team.
Hope you're all doing fine.
We are attempting to retrieve users from Domino directory.
In Domino, customer has several Org, and user Hierarchical names are as follow:
User1 Name/Cert1
User2 Name/Cert1
User3 Name/Cert2
User4 Name/Cert3
User5 Name/Cert4
There are cross certificates between them, but there is no top level cert above them.
From Connections, when we are attempting to read the users, we use Domino LDAP bind user which can read all certs.
It can read all the users from the first Cert, but when importing the users from the second cert, it automatically delete the users already imported; so, it only keeps the user from the last cert imported.
We have checked the following link for reference and the provided script is quite outdated:
http://infolib.hcltechsw.com/ldd/lcwiki.nsf/dx/IBM_Tivoli_Directory_Integrator_solutions_for_IBM_Connections_real-world_scenarios
Is there a way to import and keep all users having this Domino users structure ?
Domino 12.0.0 (with NAB updated to latest template) on RHEL
Connections 7.0 on RHEL
Thank you very much in advance.
Sincerely,
Elvis.
Hi Elvis,
My name is Tony, and I'm with the HCL Connections Support Team.
I think the configuration that's documented here may be suitable for what you want to accomplish:
https://help.hcltechsw.com/connections/v6/admin/admin/t_admin_profiles_ldap_branch.html
Note that there's a TDI property that prevents overwrites of profiles populated using a different cert:
sync_source_url_enforce=true
I hope this is helpful.
Please let me know if you have any questions.
Tony Dezanet
HCL Connections Support
Hello Elvis,
You can achieve this by using the "source_ldap_search_base" in the TDI profiles_tdi.properties file. Refer the below link on "Manually populating the Profiles database".
https://help.hcl-software.com/connections/v7/admin/install/t_prof_populate_manual.html?hl=installing%2Ctdi
source_ldap_search_base
A portion of the LDAP DN that must be part of all entries processed. This base usually contains the expected organization (o) value, such as source_ldap_search_base=o=ibm.com. Use the following syntax to specify the value:
source_ldap_search_base=l=Bedford Falls,st=New York,c=US,
ou=Enterprise,o=Sales Division,dc=example,dc=com
Example.
source_ldap_search_base=o=cert1,cert2,cert3,cert4
Thank you
Regards
Shrikant J
Please refer to the following steps.
1. Configure and run the population wizard to import the users of the 1st Orgnization.
2. In the profiles_tdi.properties file:
Make sure: sync_store_source_url=true (this is the default)
Change: sync_source_url_enforce=true (default is false)
Note: Sync_source_url_enforce must be set to true, otherwise importing the user from the second LDAP data source deletes the user from the first LDAP data source that has been imported.
For a detailed explanation of this parameter, please refer to the following documentation:
https://help.hcltechsw.com/connections/v7/admin/admin/t_admin_profiles_sync_ldap.html
Sync_source_url_enforce: The default value is false. When set to true, synchronizes only then users where the stored source URL matches the current source URL. The current source URL is the concatenation of the source_ldap_url, source_ldap_search_base, and source_ldap_search_filter properties. That is, it limits the scope of the set of data in the database, and Skips the records that do not match the current source URL.
3. Copy the entire Wizards directory and save it as a new directory, such as Wizards2.
4. Run the population wizard under Wizards2 and modify the relevant settings in the UI interface to match that of the 2nd Orgnization.
This will modify the following parameters of the profiles_tdi.properties file under Wizards2.
Source_ldap_url
Source_ldap_search_base
Source_ldap_search_filter
Source_ldap_user_login
Source_ldap_user_password
Result: The 2nd Orgnization data source has its own wizards directory, which does not interfere with the 1st Orgnization. Users in the 2nd Orgnization are imported into the Connections database and can log in to Connections.
5. Repeat step 3~4 for other Domino Orgnizations.
6. This method can also be used for different LDAP softwares. For example, if you want to import users from both Domino LDAP and Microsoft AD.