Thursday, 7 January 2010

Using Tivoli Directory Integrator to populate Lotus Connections Profiles from a Domino group

As per a previous blog post , I've recently worked out how to use TDI to populate the Lotus Connections Profiles database from a Domino group.

The "problem" is that Domino does not support the memberOf attribute that other LDAP servers support, meaning that there is no simple way to identify members of a Domino group via a LDAP search filter.

As is probably well known by now, Lotus Connections includes TDI as a  mechanism for integrating data from various systems, including LDAP directories, into the Profiles database.

The Connections product includes a set of scripts ( known as the Profiles Population Wizard ) that use TDI for this, and other related purposes. The wizard actually invokes one or two TDI processes, known as Assembly Lines. In my particular scenario, there are two Assembly Lines involved: -


This Assembly Line iterates through the LDAP specified in, and then writes dn into the collect.dns file.


This Assembly Line runs after collecting dns in the collect.dns file. It iterates over the collect.dns file, fetches data from the LDAP, and syncs the database with details of the employees. This Assembly Line is invoked while running the script.

The LC Wiki outlines this in far more detail here.

My solution replaces the collect_ldap_dns Assembly Line, and uses consists of three elements: -

##{PropertiesConnector} savedBy=root, saveDate=Fri Jan 01 11:57:23 GMT 2010


#! /bin/sh
rm collect.dns
/opt/IBM/TDI/V6.1.1/ibmdisrv -s . -c Domino_Group_Members_into_Profiles.xml -r Domino_Group_Members_into_Profiles


This is "Blue Glue" that joins the two together - the shell script invokes the TDI server ( ibmdisrv ) which reads the properties file AND the XML file, which contains the details of the Assembly Line ( called Domino_Group_Members_into_Profiles - yeah, I know my naming convention isn't the best ... ).

This Assembly Line uses an LDAP Connector to read the members of the group, specified by source_ldap_search_filter=CN=LC25, via iteration, and parse the user name ( Distinguished Name ) to remove everything apart from the preceding CN= and the closing O= . This list of user names is then written, line by line, to a text file, collect.dns.

That's it, simple as that.

Now if I was REALLY smart, I'd work out how to (a) amend the out-of-the-box Assembly Line ( collect_ldap_dns ) or (b) invoke the Populate_from_dns_file Assembly Line from my own version.

However, that'll do for the time being ...

With thanks and kudos to many, including: -

Eddie Hartman
Keith Brooks
Mitch Cohen
Sjaak Ursinus

and three  awesome products; Lotus Domino and Tivoli Directory Integrator and Lotus Connections.

No comments:

Grokking grep

A colleague was tinkering with grep  and, thanks to him, I discovered a bit more about the trusty little utility. I had not really explored ...