The following users are involved in synchronizing One Identity Manager with IBM Notes.
|One Identity Manager Service user account||
The user account for the One Identity Manager Service requires access rights to carry out operations at file level (issuing user rights, adding directories and files to be edited).
The user account must belong to the group "Domain Users".
The user account must have the extended access right "Log on as a service".
The user account requires access rights to the internal web service.
The user account needs full access to the One Identity Manager Service installation directory in order to automatically update the One Identity Manager.
In the default installation the One Identity Manager is installed under:
|User for accessing the target system (synchronization user)||The user who accesses the system required sufficient administrative permissions to the Domino Directory (names.nsf). The minimum requirements are:
The access function "Editor" is also required for the following databases:
|User for accessing the One Identity Manager database||
The default system user "SynchronizationThe process of comparing data between One Identity Manager and a target system. Objects and their properties are compared by fixed rules. Synchronization results in the identical data situation in the target system and One Identity Manager database." is available to run synchronization over an application server.
Configure the following settings on the Domino server that the gateway server communicates with:
Set up a full-text index for the Domino directory.
Set FT_MAX_SEARCH_RESULTS = 2147483000 in the file Notes.ini.
If you apply filters in the Domino Directory, a maximum of 5000 filtered values are returned. To obtain a complete result list of the elements which satisfy the filter condition, you must overwrite this value in the Domino server's Notes.ini file with the value given here.
For more detailed information, see your IBM Notes documentation.
The gateway server administrates the functionality of the synchronization server. To set up a gateway server, a computer has to be available with the following software installed:
Following versions are supported:
Microsoft .NET Framework Version 4.5.2 or later
|NOTE: Microsoft .NET Framework version 4.6 is not supported.|
|NOTE: Take the target system manufacturer's recommendations into account.|
||NOTE: A real installation must be run. IBM Domino COM class libraries are registered during installation. These require the IBM Notes connector.|
The following versions of the IBM Notes and IBM Domino components are required for synchronizing a IBM Domino version 8.5 or 9 environment as a minimum.
To set up a gateway server
Enter the IBM Notes install path, that means the path where Notes.exe can be found, in the default search path for the operating system (PATH variable). Also add the path you selected for the Notes data directory when you installed the IBM Notes client, to the PATH variable.
A separate ID file must be provided for this user. The path to this ID file is entered later into the custom INI file. User ID files with multiple passwords are not supported.
NOTE: The administrator ID file that is created when the Notes server is installed may not be used because it is used for other administrative tasks.
Set up all certifier ID files for registering users on the gateway server. Certifier ID files with multiple passwords are not supported.
This causes the configuration entries to be made on the computer. The access rights can be checked by calculating a new user with the ID file as a test.
The path of the synchronization user's ID file must be entered in this INI file.
NOTE: If you did not install the IBM Notes client in the default install directory, modify the default search path and data directory in the PATH variables as well as the path entries in Notes.ini and your custom ini file to your install directory path.
When you are configuring the gateway server ensure that the certification documents are copied from the Domino Directory into the synchronization user's personal address book. This is necessary to enable the IBM Notes connector to add, rename or move user accounts in the target system.
|TIP: Copy new certificates regularly from the Domino Directory into the synchronization user's personal address book. For more detailed information about copying certificate documents, see your IBM Notes documentation.|