Novell Doc: Identity Manager Driver 3.5.1 for Lotus Notes: Implementation Guide

1.2 Notes Driver Concepts

Identity Manager fundamentals are explained in the Overview of the Identity Manager Architecture in the Novell Identity Manager 3.5.1 Administration Guide . The Overview discusses the driver architecture in general, and the Guide contains a section on Managing Identity Manager Drivers.

1.2.1 Default Data Flow

A channel is a combination of rules, policies, and filters that are used to synchronize data between two systems. The Subscriber and Publisher channels describe the direction in which the data flows. The Subscriber channel takes the event from Identity Vault (eDirectory) and sends that event to the receiving system (Lotus Notes). The Publisher channel takes the event from Lotus Notes, and sends that event to the Identity Vault. The Subscriber and Publisher channels act independently; actions in one channel are not affected by what happens in the other.

Subscriber Channel

The Subscriber channel is the channel of communication from the Identity Vault to Lotus Notes. The following illustration shows this data flow:

Figure 1-1 Data Flow Through the Subscriber Channel

The driver can be configured to work with Notes databases other than the Public Address Book, names.nsf.

Publisher Channel

The Publisher channel represents the channel of communication from Lotus Notes to the Identity Vault. The following illustration shows how this data is published:

Figure 1-2 Data Flow Through the Publisher Channel

1.2.2 Policies

Policies are used to control the synchronization of data between the Identity Vault and the application, database, or directory. Policies transform an event on a channel input into a set of commands on the channel output. The Lotus Notes driver includes the following set of preconfigured policies:

Schema Mapping: Mappings have been defined for the Notes address book.
Creation: The default Creation policy logic for the Publisher channel and the Subscriber channel is the same. To create a User object requires a Given name and a Surname. To create a Group object requires Description, Membership, and Owner attributes. You can modify these elements to meet your business policies.
Matching: The default Matching policy logic for the Publisher channel and the Subscriber channel is the same. An eDirectory User object is considered to be the same object in Notes when Given name and Surname match in both directories. An eDirectory Group object is considered to be the same object in Notes when the CN is the same in both directories. It is recommended that you modify these policies to meet your business policies. Matching policies are typically more specific than this generic Given name/Surname match.
Placement: The default Placement policy on the Subscriber channel places all User objects from a specified Identity Vault container in a specified Notes Organizational Unit, and all Group objects from a specified Identity Vault container in a specified Organizational Unit in Notes. The same relationship is typically maintained on the Publisher channel. The container names and OU names for this default Placement policy are collected from the user when importing the default driver configuration. It is recommended that you modify or add additional Placement policies and policy rules to meet your business needs.