立即与支持人员聊天
与支持团队交流

Identity Manager 9.2 - Administration Guide for Connecting to HCL Domino

Managing HCL Domino environments Synchronizing a Domino environment
Setting up initial synchronization of a Domino environment Domino server configuration Setting up a gateway server Creating a synchronization project for initial synchronization of a Notes domain Adjusting the synchronization configuration for Domino environments Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization Pausing handling of target system specific processes (Offline mode)
Managing Notes user accounts and identities Managing memberships in Notes groups Login credentials for Notes user accounts Using AdminP requests for handling Domino processes Mapping Notes objects in One Identity Manager
Notes domains Notes user accounts Notes groups Notes certificates Notes templates Notes policies Notes mail-in databases Notes server Reports about Notes objects
Handling of Notes objects in the Web Portal Basic data for managing a Domino environment Configuration parameters for managing a Domino environment Default project template for Domino Processing methods of Domino system objects Domino connector settings

Extension groups

If the maximum number of members in a group has been reached, Domino adds so called extension groups. These extension groups are imported into the One Identity Manager database by synchronization and cannot be edited. The connection to the dynamic group is created using the Parent Notes group property (UID_NotesGroupParent column). Excluded and additional lists are maintained exclusively for parent dynamic groups. Extension groups are only shown on the overview form.

Memberships in dynamic groups

You cannot assign members directly to dynamic groups. Members are determined over the home servers assigned to the group. All user accounts that are assigned as mail server to this server are automatically members of the dynamic group. In addition, memberships can be edited through an excluded and additional list. At the same time, user accounts that are assigned to both the excluded and additional lists cannot be members of the dynamic group. User accounts and groups can both be added to the excluded and additional lists.

When Domino is calculating effective members, it finds all the user accounts that:

  • The home server is assigned to as mail server

  • Are directly assigned to an additional list

  • Are assigned to an additional list as a member of a Notes group

  • Are assigned to an excluded list

  • Are assigned to an excluded list as a member of a Notes group.

Effective memberships in dynamic groups (table NDOUserInGroup) are not maintained in One Identity Manager, but only loaded in the One Identity Manager by synchronization. Excluded and additional lists can be edited in the Manager. Changes are immediately provisioned in the target system. Membership lists are recalculated there. After resynchronizing, the changes to the effective memberships are visible in One Identity Manager and can be taken into account by, for example, compliance checking.

If you use One Identity Manager's identity audit functionality and also check memberships in dynamic Notes groups in compliance rules, note the following:

NOTE: Changes to the excluded and additional lists in the Manager, cannot be immediately acted upon as effective memberships in dynamic groups are not updated until after resynchronization. Customize the synchronization schedule for your Domino environment such that changes to effective memberships are promptly transferred to the One Identity Manager database.

For more information about editing synchronization schedules, see the One Identity Manager Target System Synchronization Reference Guide.

Assigning home servers

You can assign home servers to dynamic groups. All user accounts, only using this server as mail server become members of the dynamic group.

To assign a home server to a dynamic group

  1. In the Manager, select the HCL Domino > Groups category.

  2. Select the dynamic group in the result list.

  3. Select the Assign home server task.

  4. In the Add assignments pane, assign the servers.

    • (Optional) To filter the servers, select a domain in the Notes domains input field.

    TIP: In the Remove assignments pane, you can remove assigned servers.

    To remove an assignment

    • Select the server and double-click .

  5. Save the changes.

Editing the excluded list

Use the excluded list to specify which objects you want to exclude from membership in a dynamic group.

To exclude user accounts from a dynamic group

  1. In the Manager, select the HCL Domino > Groups category.

  2. Select the dynamic group in the result list.

  3. Select the Edit additional list task.

  4. Select the Users tab.

  5. Assign user accounts in Add assignments.

    TIP: In the Remove assignments pane, you can remove assigned user accounts.

    To remove an assignment

    • Select the user account and double-click .

  6. Save the changes.

To exclude groups from a dynamic group

  1. In the Manager, select the HCL Domino > Groups category.

  2. Select the dynamic group in the result list.

  3. Select the Edit additional list task.

  4. Select the Groups tab.

  5. In the Add assignments pane, assign groups.

    TIP: In the Remove assignments pane, you can remove the assignment of groups.

    To remove an assignment

    • Select the group and double-click .

  6. Save the changes.

To exclude servers from a dynamic group

  1. In the Manager, select the HCL Domino > Groups category.

  2. Select the dynamic group in the result list.

  3. Select the Edit additional list task.

  4. Select the Server tab.

  5. In the Add assignments pane, assign the servers.

    TIP: In the Remove assignments pane, you can remove assigned servers.

    To remove an assignment

    • Select the server and double-click .

  6. Save the changes.

To exclude mail-in databases from a dynamic group

  1. In the Manager, select the HCL Domino > Groups category.

  2. Select the dynamic group in the result list.

  3. Select the Edit additional list task.

  4. Select the Mail-in DB tab.

  5. In the Add assignments pane, assign mail-in databases.

    TIP: In the Remove assignments pane, you can remove assigned mail-in databases.

    To remove an assignment

    • Select the mail-in database and double-click .

  6. Save the changes.
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级