Maintaining users via LDAP

[Database Administrator]

HI!

Disclaimer: I'm not a Domino/Notes expert. My task is to investigate
possibilities to synchronize the Notes Addressbook with a HR database.

Does anybody here have experience with maintaining Notes users via LDAP?
I already read that there are some restrictions regarding LDAP writes
and the Administration Process.

Is it possible to create Notes users via LDAP? At least registering the
basic attributes leaving mailbox and Notes-ID creation to a second step
conducted manually by the service desk?

Are there other possibilities? How about DIIOP?
This is all on Domino 7.0.3.

Thanks in advance.

Ciao, Michael.

[Database Administrator]

The way we did it was to do a text dump from the HR db.

then do an import of the data to a notes db

then do a lookup on each record from the nab and import the data phone
address ect.

Then wipe the dump database every data and repeat.

we are a company of 6000 users.

We have an LDAP product that does account creations... different dept.
I can find out what it is but it doesn't mirge the HR info. and it is
limited.

[Database Administrator]

Michael Ströder schrieb:
> HI!
>
> Disclaimer: I'm not a Domino/Notes expert. My task is to investigate
> possibilities to synchronize the Notes Addressbook with a HR database.
>
There are a lot of possibilities and best practices to to this, which of
course ;-) depend on your company IT strategy.

> Does anybody here have experience with maintaining Notes users via LDAP?
> I already read that there are some restrictions regarding LDAP writes
> and the Administration Process.
>
Maintaining Lotus Domino by LDAP IMHO is not the best way, because there
are a lot of automatic tasks in Lotus Domino that have to be done manually.

> Is it possible to create Notes users via LDAP? At least registering the
> basic attributes leaving mailbox and Notes-ID creation to a second step
> conducted manually by the service desk?
>
A way I would prefer is to

1st - define a company person registry (maybe LDAP) as a meta directory,
which can be used by nearly all applications for instance as a source
for authentication (SSO).

2nd - define interfaces for maintaining connections to all relevant
services (HR, Domino, AD, other LDAPs, databases, text files, etc)

3rd - in relation to Lotus Domino develop an Interface which connects to
the userregistry database, which can be filled with user relevant
information from the LDAP and, with starting the user registration tool
in Domino, generates all Users based on provided LDAP attributes.

4rd - define syncronisation between Domino Directory and the meta directory

All this syncronisation and integration can be done, for example, with
Tivoly Directory Integrator, which is by default bundled to the Lotus
Domino 8 License. For bundling with Domino 7 please contact your IBM
sales representative or partner.

> Are there other possibilities? How about DIIOP?
> This is all on Domino 7.0.3.
>
> Thanks in advance.
>
> Ciao, Michael.

[Database Administrator]

charlie wrote:
> The way we did it was to do a text dump from the HR db.
>
> then do an import of the data to a notes db

With which tool?

> then do a lookup on each record from the nab and import the data phone
> address ect.

How?

> We have an LDAP product that does account creations... different dept.
> I can find out what it is but it doesn't mirge the HR info. and it is
> limited.

It would be nice to know how it works. I know of meta-directory products
which mainly run a Notes client and call that libs.

Ciao, Michael.

[Database Administrator]

Michael Richerzhagen wrote:
>> Does anybody here have experience with maintaining Notes users via LDAP?
>> I already read that there are some restrictions regarding LDAP writes
>> and the Administration Process.
>>
> Maintaining Lotus Domino by LDAP IMHO is not the best way, because there
> are a lot of automatic tasks in Lotus Domino that have to be done manually.

Indeed it's not the best way. I've tried to add person entries to the
address book which worked. But I didn't even manage to manually register
these address book entries as new Notes users. Or is there a solution
where I could do this manually?

Ciao, Michael.

[Database Administrator]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Michael Ströder schrieb:
> Michael Richerzhagen wrote:
>>> Does anybody here have experience with maintaining Notes users via LDAP?
>>> I already read that there are some restrictions regarding LDAP writes
>>> and the Administration Process.
>>>
>> Maintaining Lotus Domino by LDAP IMHO is not the best way, because there
>> are a lot of automatic tasks in Lotus Domino that have to be done manually.
>
> Indeed it's not the best way. I've tried to add person entries to the
> address book which worked. But I didn't even manage to manually register
> these address book entries as new Notes users. Or is there a solution
> where I could do this manually?
>
> Ciao, Michael.
The way to get people from any registry into notes-people, with related
keys and person documents) is to get your person information into the
certreq database, which is the registration queue for the registration
process.

This process to register people from file is completely written in the
Lotus Notes Administrator Help.

Of course there are a lot of additional third party tools (e.g. the BCC
Admin tool) which are able to automate this.

Kind regards

Michael
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFI6kCbgCugu5GMTOkRAr4IAKDpnuVbv/3DfMGnB3P8WXbyhuWv8QCgwY1I
XpXQlScInSDkEkafLn+MxFk=
=k0XM
-----END PGP SIGNATURE-----