立即与支持人员聊天
与支持团队交流

Identity Manager 9.2 - Administration Guide for Connecting to HCL Domino

Managing HCL Domino environments Synchronizing a Domino environment
Setting up initial synchronization of a Domino environment Domino server configuration Setting up a gateway server Creating a synchronization project for initial synchronization of a Notes domain Adjusting the synchronization configuration for Domino environments Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization Pausing handling of target system specific processes (Offline mode)
Managing Notes user accounts and identities Managing memberships in Notes groups Login credentials for Notes user accounts Using AdminP requests for handling Domino processes Mapping Notes objects in One Identity Manager
Notes domains Notes user accounts Notes groups Notes certificates Notes templates Notes policies Notes mail-in databases Notes server Reports about Notes objects
Handling of Notes objects in the Web Portal Basic data for managing a Domino environment Configuration parameters for managing a Domino environment Default project template for Domino Processing methods of Domino system objects Domino connector settings

Information required to set up Notes synchronization projects

Have the following information available for setting up a synchronization project.

Table 7: Information required for setting up a synchronization project

Data

Explanation

Domino server

Name of the Domino server which communicates with the gateway server.

Domino directory

Name of the Domino directory (Names.nsf).

Custom INI file

Name and path of the custom INI file. For more information, see Creating custom INI files.

ID file password

Synchronization user's ID file password. The path of this ID file must be given in the custom INI file.

The Domino connector access the target system through the synchronization user. Make a user account available with sufficient permissions. For more information, see Users and permissions for synchronizing with Domino.

Synchronization server for the Notes domain

All One Identity Manager Service actions are run against the target system environment on the synchronization server. Data entries required for synchronization and administration with the One Identity Manager database are processed by the synchronization server.

The gateway server performs the function of the synchronization server. The One Identity Manager Service with the Domino connector must be installed on the synchronization server.

The synchronization server must be declared as a Job server in One Identity Manager. Use the following properties when you set up the Job server.

Table 8: Additional properties for the Job server

Property

Value

Server function

Domino connector

Machine role

Server/Job server/Domino

For more information, see Installing the One Identity Manager Service on the gateway server.

One Identity Manager database connection data

  • Database server

  • Database name

  • SQL Server login and password

  • Specifies whether integrated Windows authentication is used

    Use of the integrated Windows authentication is not recommended. If you decide to use it anyway, ensure that your environment supports Windows authentication.

Remote connection server

To configure synchronization with a target system, One Identity Manager must load the data from the target system. One Identity Manager communicates directly with the target system to do this. Sometimes direct access from the workstation, on which the Synchronization Editor is installed, is not possible. For example, because of the firewall configuration or the workstation does not fulfill the necessary hardware and software requirements. If the Synchronization Editor cannot be started directly on the gateway server, you can set up a remote connection.

To use a remote connection

  1. Provide a workstation on which the Synchronization Editor is installed.

  2. Install the RemoteConnectPlugin on the gateway server.

    Thus the gateway server simultaneously assumes the function of the remote connection server.

The remote connection server and the workstation must be in the same Active Directory domain.

Remote connection server configuration:

  • One Identity Manager Service is started

  • RemoteConnectPlugin is installed

  • Domino connector is installed

The remote connection server must be declared as a Job server in One Identity Manager. The Job server name is required.

For more detailed information about setting up a remote connection, see the One Identity Manager Target System Synchronization Reference Guide.

Creating an initial synchronization project for Notes domains

NOTE: The following sequence describes how to configure a synchronization project if the Synchronization Editor is both:

  • Run in default mode

  • Started from the Launchpad

If you run the project wizard in expert mode or directly from the Synchronization Editor, additional configuration settings can be made. Follow the project wizard instructions through these steps.

NOTE: Just one synchronization project can be created per target system and default project template used.

To set up an initial synchronization project for a Notes domain

  1. Start the Launchpad on the gateway server and log in to the One Identity Manager database.

    NOTE: If synchronization is run by an application server, connect the database through the application server.

  2. Select the Target system type Domino entry and click Start.

    This starts the Synchronization Editor's project wizard.

  1. On the wizard's start page, click Next.

  2. On the System access page, specify how One Identity Manager can access the target system.

    • If you started the Launchpad on the gateway server, do not change any settings.

    • If you started the Launchpad on the gateway server, do not change any settings.

      Enable the Connect using remote connection server option and, under Job server, select the gateway server to use for the connection.

  1. On the Configuration data for the Domino directory page, enter the connection parameters required by the Domino connector to log in on the target system.

    Table 9: Connection data for Domino servers

    Property

    Description

    INI file

    Name and path of the custom INI file.

    Domino server

    Name of the Domino server which communicates with the gateway server.

    Domino directory

    Name of the Domino directory (Names.nsf).

    ID file password

    Synchronization user's ID file password. The path of this ID file must be given in the custom INI file.

  2. You can test the connection on the Verify connection settings page. Click on Verify project.

    One Identity Manager tries to connect to the target system.

  3. You can configure additional settings on the Configuration settings page.

    • To delete Notes objects using AdminP processes, enable Delete objects using AdminP processes. If the option is disabled, the objects are deleted directly in the system by the Domino connector.

    • Click Finish, to end the system connection wizard and return to the project wizard.
  1. On the One Identity Manager Connection tab, test the data for connecting to the One Identity Manager database. The data is loaded from the connected database. Reenter the password.

    NOTE:

    • If you use an unencrypted One Identity Manager database and have not yet saved any synchronization projects to the database, you need to enter all connection data again.

    • This page is not shown if a synchronization project already exists.

  2. The wizard loads the target system schema. This may take a few minutes depending on the type of target system access and the size of the target system.

  1. On the Restrict target system access page, specify how system access should work. You have the following options: Read-only access to target system.
    Table 10: Specify target system access
    Option Meaning

    Specifies that a synchronization workflow is only to be set up for the initial loading of the target system into the One Identity Manager database.

    The synchronization workflow has the following characteristics:

    • Synchronization is in the direction of One Identity Manager.

    • Processing methods in the synchronization steps are only defined for synchronization in the direction of One Identity Manager.

    Read/write access to target system. Provisioning available.

    Specifies whether a provisioning workflow is set up in addition to the synchronization workflow for the initial loading of the target system.

    The provisioning workflow displays the following characteristics:

    • Synchronization is in the direction of the Target system.

    • Processing methods are only defined in the synchronization steps for synchronization in the direction of the Target system.

    • Synchronization steps are only created for such schema classes whose schema types have write access.

  1. On the Synchronization server page, select the synchronization server to run the synchronization.

    If the synchronization server is not declared as a Job server for this target system in the One Identity Manager database yet, you can add a new Job server.

    1. Click to add a new Job server.

    2. Enter a name for the Job server and the full server name conforming to DNS syntax.

      TIP: You can also implement an existing Job server as the synchronization server for this target system.

      • To select a Job server, click .

      This automatically assigns the server function matching this Job server.

    3. Click OK.

      The synchronization server is declared as Job server for the target system in the One Identity Manager database.

    4. NOTE: After you save the synchronization project, ensure that this server is set up as a synchronization server.

  1. To close the project wizard, click Finish.

    This creates and allocates a default schedule for regular synchronization. Enable the schedule for regular synchronization.

    This sets up, saves and immediately activates the synchronization project.

    NOTE:

    • If enabled, a consistency check is carried out. If errors occur, a message appears. You can decide whether the synchronization project can remain activated or not.

      Check the errors before you use the synchronization project. To do this, in the General view on the Synchronization Editor‘s start page, click Verify project.

    • If you do not want the synchronization project to be activated immediately, disable the Activate and save the new synchronization project automatically option. In this case, save the synchronization project manually before closing the Synchronization Editor.

    • The connection data for the target system is saved in a variable set and can be modified in the Synchronization Editor in the Configuration > Variables category.

Related topics

Configuring the synchronization log

All the information, tips, warnings, and errors that occur during synchronization are recorded in the synchronization log. You can configure the type of information to record separately for each system connection and synchronization workflow.

To configure the content of the synchronization log for a system connection

  1. To configure the synchronization log for target system connection, in the Synchronization Editor, select the Configuration > Target system category.

    - OR -

    To configure the synchronization log for the database connection, in the Synchronization Editor, select the Configuration > One Identity Manager connection category.

  2. In the General section, click Setup.

  3. In the Synchronization log section, set Create synchronization log.

  4. Enable the data to be logged.

    NOTE: Some content generates a particularly large volume of log data. The synchronization log should only contain data required for error analysis and other analyzes.

  5. Click OK.

To configure the content of the synchronization log for a synchronization workflow

  1. In the Synchronization Editor, select the Workflows category.

  2. Select a workflow in the navigation view.

  3. In the General section, click Edit.

  4. Select the Synchronization log tab.

  5. Enable the data to be logged.

    NOTE: Some content generates a particularly large volume of log data. The synchronization log should only contain data required for error analysis and other analyzes.

  6. Click OK.

Synchronization logs are stored for a fixed length of time.

To modify the retention period for synchronization logs

  • In the Designer, enable the DPR | Journal | LifeTime configuration parameter and enter the maximum retention period.

Related topics

Adjusting the synchronization configuration for Domino environments

Having used the Synchronization Editor to set up a synchronization project for initial synchronization of a Notes domain, you can use the synchronization project to load Notes objects into the One Identity Manager database. If you manage user accounts and their authorizations with One Identity Manager, changes are provisioned in the Domino environment.

You must customize the synchronization configuration to be able to regularly compare the database with the Domino environment and to synchronize changes.

  • To use One Identity Manager as the primary system during synchronization, create a workflow with synchronization in the direction of the Target system.

  • To specify which Notes objects and database objects are included in synchronization, edit the scope of the target system connection and the One Identity Manager database connection. To prevent data inconsistencies, define the same scope in both systems. If no scope is defined, all objects will be synchronized.
  • You can use variables to create generally applicable synchronization configurations that contain the necessary information about the synchronization objects when synchronization starts. Variables can be implemented in base objects, schema classes, or processing method, for example.

  • Use variables to set up a synchronization project for synchronizing different domains. Store a connection parameter as a variable for logging in to the domain.
  • Update the schema in the synchronization project if the One Identity Manager schema or target system schema has changed. Then you can add the changes to the mapping.

  • To synchronize additional schema properties, update the schema in the synchronization project. Include the schema extensions in the mapping.

For more information about configuring synchronization, see the One Identity Manager Target System Synchronization Reference Guide.

Detailed information about this topic
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级