Chat now with support
Chat mit Support

Identity Manager 8.1.4 - Administration Guide for Connecting to IBM Notes

Managing IBM Notes environments Setting up IBM Notes synchronization Basic configuration data Notes domains Notes certificates Notes templates Notes policies Notes user accounts Notes groups Mail-in databases Notes server Using AdminP requests for handling IBM Notes processes Reports about Notes domains Configuration parameters for synchronizing a Notes domain Default project template for IBM Notes

Managing IBM Notes environments

IBM Notes objects such as user accounts, groups, mail-in databases, servers, policies, and certificates can be administrated with One Identity Manager. By defining Notes domains in One Identity Manager, you are able to manage several productive IBM Notes environments in parallel with a One Identity Manager database. Notes users and employee documents are managed as user accounts in One Identity Manager.

One Identity Manager provides company employees with the necessary user accounts. You may use different mechanisms for connecting employees to their Notes user accounts. These user accounts can also be managed separately from employees and therefore administrative user accounts can be set up.

When you certify a new user, a series of user specific files are generated, which must be available to the user for working with IBM Notes. When you add a user with the IBM Notes connector, the user ID file for authentication, the mailbox file, and the user’s personal address book are created.

Groups and mail-in databases are managed by One Identity Manager along side user accounts. Groups are used to provide users the access permissions they need or they can be used for email distribution lists. Users can send or receive messages through shared mail-in databases. Users can access these mail-in databases when access permissions have been granted. If you add a mail-in database using One Identity Manager, the necessary mailbox file is created.

Server documents, certificates, policies, and templates for mailbox files are only loaded into the One Identity Manager database so they can be referenced when you set up user accounts and groups. One Identity Manager access lists can be defined for server documents in order to specify who has access to a server for what reason.

Architecture overview

In One Identity Manager, the image of part of an operational IBM Notes system is mapped to a Notes domain. One Identity Manager needs access to this IBM Notes's Domino Directory for synchronization.

A server is defined within the One Identity Manager environment to execute all administrative task effecting the IBM Notes environment. This server is named the gateway server in the rest of this chapter. The gateway server performs the function of the synchronization server. It is not a productive Domino server. An IBM Notes client, the One Identity Manager Service, and the IBM Notes connector are installed on the gateway server.

All IBM Notes connector actions are executed from the gateway server. The gateway server communicates with the productive environment's Domino server when actions are running in the target system. This Domino server is a selected server with a good network connection to the gateway server. The IBM Notes connection requires access to the Domino Directory, preferably therefore, you should use a directory server.

For synchronization, provide an ID file with sufficient administrative permissions for accessing the productive IBM Notes environment. If you want to work with a Certification Authority process (CA process), a certifier ID file must be provided. Both files must be available on the gateway server.

The gateway server executes One Identity Manager Service actions, like certifications, adding, modifying, and deleting document in the Domino Directory. In addition to this, databases can be also added to servers for users, mailbox files or mail-in databases on Domino servers. The One Identity Manager Service provides an IBM Notes client context using the IBM Domino COM library and processes all necessary function for exchanging data with the Domino server in it (access to Domino objects, running Notes agents, creating administrative processes (AdminP), error handling).

Figure 1: IBM Notes Connectors communication with IBM Notes

The objects in IBM Notes are mapped as follows in the One Identity Manager database:

Table 1: Mapping object types from this IBM Notes installation in the One Identity Manager
IBM Domino One Identity Manager
Domino server Notes server
Domino domain No direct mapping
 

Notes domain

Properties of Notes objects to assign them to different IBM Notes environments.

User Notes user account
Group Notes group
Mail-in DB Notes mail-in database
Notes certificate Notes certificate
Template Notes template
Policy Notes policy

One Identity Manager users for managing IBM Notes

The following users are used for setting up and administration of IBM Notes.

Table 2: Users
User Tasks
Target system administrators

Target system administrators must be assigned to the Target systems | Administrators application role.

Users with this application role:

  • Administer application roles for individual target system types.

  • Specify the target system manager.

  • Set up other application roles for target system managers if required.

  • Specify which application roles for target system managers are mutually exclusive.

  • Authorize other employees to be target system administrators.

  • Do not assume any administrative tasks within the target system.

Target system managers

Target system managers must be assigned to the Target systems | IBM Notes application role or a child application role.

Users with this application role:

  • Assume administrative tasks for the target system.

  • Create, change, or delete target system objects like user accounts or groups.

  • Edit password policies for the target system.

  • Prepare groups to add to the IT Shop.

  • Can add employees who have an other identity than the Primary identity.

  • Configure synchronization in the Synchronization Editor and define the mapping for comparing target systems and One Identity Manager.

  • Edit the synchronization's target system types and outstanding objects.

  • Authorize other employees within their area of responsibility as target system managers and create child application roles if required.

One Identity Manager administrators
  • Create customized permissions groups for application roles for role-based login to administration tools in the Designer as required.

  • Create system users and permissions groups for non role-based login to administration tools in the Designer as required.

  • Enable or disable additional configuration parameters in the Designer as required.

  • Create custom processes in the Designer as required.

  • Create and configure schedules as required.

  • Create and configure password policies as required.

Administrators for the IT Shop

Administrators must be assigned to the Request & Fulfillment | IT Shop | Administrators application role.

Users with this application role:

  • Assign groups to IT Shop structures.

Administrators for organizations

Administrators must be assigned to the Identity Management | Organizations | Administrators application role.

Users with this application role:

  • Assign groups to departments, cost centers, and locations.

Business roles administrators

Administrators must be assigned to the Identity Management | Business roles | Administrators application role.

Users with this application role:

  • Assign groups to business roles.

Setting up IBM Notes synchronization

One Identity Manager supports synchronization with IBM Notes in the following versions:

  • IBM Domino Server versions 8, 9, and 10
  • HCL Domino Server version 11
  • IBM Notes Client version 8.5.3 or 10.0
  • HCL Notes Client version 11.0.1

To load IBM Notes objects into the One Identity Manager database for the first time

  1. In IBM Notes, prepare a user with sufficient permissions for synchronization.
  2. One Identity Manager components for managing IBM Notes environments are available if "TargetSystem | NDO" is set.
    • In the Designer, check if the configuration parameter is set. Otherwise, set the configuration parameter and compile the database.

    • Other configuration parameters are installed when the module is installed. Check the configuration parameters and modify them as necessary to suit your requirements.
  3. Install and configure the gateway server.
  4. Create a synchronization project with the Synchronization Editor.
  5. If user accounts in IBM Notes are to be registered by the IBM Notes connector, modify the required certificates in One Identity Manager. Enter the path for the certifier's ID file or the name of the CA database.
Detailed information about this topic
Self-Service-Tools
Knowledge Base
Benachrichtigungen und Warnmeldungen
Produkt-Support
Software-Downloads
Technische Dokumentationen
Benutzerforen
Videoanleitungen
RSS Feed
Kontakt
Unterstützung bei der Lizenzierung
Technische Support
Alle anzeigen
Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen