サポートと今すぐチャット
サポートとのチャット

Identity Manager 9.2 - Administration Guide for Connecting to HCL Domino

Managing HCL Domino environments Synchronizing a Domino environment
Setting up initial synchronization of a Domino environment Domino server configuration Setting up a gateway server Creating a synchronization project for initial synchronization of a Notes domain Adjusting the synchronization configuration for Domino environments Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization Pausing handling of target system specific processes (Offline mode)
Managing Notes user accounts and identities Managing memberships in Notes groups Login credentials for Notes user accounts Using AdminP requests for handling Domino processes Mapping Notes objects in One Identity Manager
Notes domains Notes user accounts Notes groups Notes certificates Notes templates Notes policies Notes mail-in databases Notes server Reports about Notes objects
Handling of Notes objects in the Web Portal Basic data for managing a Domino environment Configuration parameters for managing a Domino environment Default project template for Domino Processing methods of Domino system objects Domino connector settings

Synchronizing a Domino environment

One Identity Manager supports synchronization with Domino in the following versions:

  • IBM Domino Server versions 8, 9, and 10

  • HCL Domino Server versions 11 and 12

  • IBM Notes Client version 8.5.3 or 10.0

  • HCL Notes Client versions 11.0.1 and 12.0

    The 64-bit variant of Notes Client 12.0.1 is currently not supported.

Ensure that the same major version is used for the HCL Domino Server and HCL Notes Client.

NOTE: Since managing objects in One Identity Manager is independent of whatever version the target system environment has, One Identity Manager references the target system uniformly as Domino.

The One Identity Manager Service is responsible for synchronizing data between the One Identity Manager database and Domino.

This sections explains how to:

  • Set up synchronization to import initial data from Domino domains in to the One Identity Manager database.
  • Adjust a synchronization configuration, for example, to synchronize different Notes domains with the same synchronization project.
  • Start and deactivate the synchronization.
  • Evaluate the synchronization results.

TIP: Before you set up synchronization with a Domino domain, familiarize yourself with the Synchronization Editor. For more information about this tool, see the One Identity Manager Target System Synchronization Reference Guide.

Detailed information about this topic

Setting up initial synchronization of a Domino environment

The Synchronization Editor provides a project template that can be used to set up the synchronization of Notes user accounts and groups. You use these project templates to create synchronization projects with which you import the data from Domino into your One Identity Manager database. In addition, processes are created that are required to provision changes to target system objects from the One Identity Manager database into the target system.

To load Domino objects into the One Identity Manager database for the first time

  1. In HCL Domino, prepare a user with sufficient permissions for synchronization.
  2. One Identity Manager components for managing Domino environments are available if the TargetSystem | NDO configuration parameter is set.
    • In the Designer, check if the configuration parameter is set. Otherwise, set the configuration parameter and compile the database.

      NOTE:If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

    • Other configuration parameters are installed when the module is installed. Check the configuration parameters and modify them as necessary to suit your requirements.
  3. Install and configure the gateway server.
  4. Create a synchronization project with the Synchronization Editor.
  5. If user accounts in Domino are to be registered by the Domino connector, modify the required certificates in One Identity Manager. Enter the path for the certifier's ID file or the name of the CA database.
Detailed information about this topic

Users and permissions for synchronizing with Domino

The following users play a role in synchronizing One Identity Manager with HCL Domino.

Table 3: Users for synchronization
User Permissions
One Identity Manager Service user account

The user account for the One Identity Manager Service requires user permissions to carry out operations at file level (adding and editing directories and files).

The user account must belong to the Domain users group.

The user account must have the Login as a service extended user permissions.

The user account requires permissions for the internal web service.

NOTE: If the One Identity Manager Service runs under the network service (NT Authority\NetworkService), you can grant permissions for the internal web service with the following command line call:

netsh http add urlacl url=http://<IP address>:<port number>/ user="NT AUTHORITY\NETWORKSERVICE"

The user account needs full access to the One Identity Manager Service installation directory in order to automatically update One Identity Manager.

In the default installation, One Identity Manager is installed under:

  • %ProgramFiles(x86)%\One Identity (on 32-bit operating systems)

  • %ProgramFiles%\One Identity (on 64-bit operating systems)

User for accessing the target system (synchronization user) The user who accesses the system required sufficient administrative permissions to the Domino Directory (names.nsf). The minimum requirements are:
  • Editor access function on the primary Domino directory
  • Permissions for deleting documents
  • UserCreator in addition to the default permissions
  • Remote console access
  • Administrative access to a Domino server (server on which new user can be registered and AdminP tasks created)

Editor is also required for the following databases:

  • certlog.nsf
  • admin4.nsf

(Optional) If you want mailbox files to be created when Notes users register, the following permissions are required for the Domino connector to have read access to the new mailbox files.

  • Permissions for the synchronization user to transfer the template on the Domino server (*.ntf) that is used to create the mailbox files
User for accessing the One Identity Manager database

The Synchronization default system user is provided to run synchronization using an application server.

Related topics

Domino server configuration

Configure the following settings on the Domino server that the gateway server communicates with:

  • Set up a full-text index for the Domino Directory.

  • In the Notes.ini file, set FT_MAX_SEARCH_RESULTS=2147483000.

    If you apply filters in the Domino Directory, a maximum of 5,000 filtered values are returned. To obtain a complete result list of the elements that satisfy the filter condition, you must overwrite this value in the Domino server's Notes.ini file with the value given here.

For more information, see your Domino documentation.

関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択