Complete these tasks to get the driver installed, configured, and running. (If you are upgrading the driver, see Upgrading.)
: Most installations require some customization after installation to handle certification. Refer to Customizing the Driver for more information.
You can install the driver shim at the same time you install the DirXML engine, or after. To install the driver shim, run the Identity Manager installation program and select the DirXML Driver for eDirectory. Instructions are in "Installation" in the Novell Nsure Identity Manager 2 Administration Guide.
On Windows only, you must also do the following:
On Linux and Solaris, the package install places dsrepcfg.ntf in the /usr/lib/dirxml/rules/notes folder and creates a symbolic link for it in the /local/notesdata folder.
Without this directory in the Windows system path, the JVM* might have difficulty locating the Domino shared libraries required by Notes.jar, such as nxlsbe.dll.
After installation, you must set up the driver as explained in the next section, Importing the Driver Configuration.
Import the driver configuration file to create all necessary eDirectory objects, such as policies, style sheets, and filters, for basic driver configuration. Then you can modify the configuration to fit your specific business needs.
Import the Notes driver configuration, following the instructions in "Creating a Driver Object" in the Novell Nsure Identity Manager 2 Administration Guide.
Provide the following information, then continue with Starting the Driver.
Import Prompt | Description |
---|---|
Notes User ID |
Enter the Notes User ID this driver will use for Notes Authentication (in fully qualified canonical form: i.e. cn=Notes Driver/o=Organization). This user ID needs administrative rights to the Input database as well as the Output database. We recommend that this ID be specifically created for the driver and used only by the driver. This will prevent the driver from responding to changes made to Notes when this user is used. |
Notes User ID File |
Enter the full path (on the Domino Server) for the Notes User ID file associated with the Notes User this driver will use for Notes Authentication. |
Notes User Password |
Enter the password for the Notes User ID this driver will use when authenticating to Notes (for the above user ID file): |
Domino Server |
Enter the Name of the Domino server this driver will authenticate to (in fully qualified canonical form: i.e. cn=NotesServer/o=Organization): |
Notes Server ID File |
Enter the full path for the Notes Server ID file associated with the Notes Server this driver will authenticate to |
Default Notes Certifier ID File |
Enter the full path (on the Domino server) for the Default Notes Certifier ID file the driver will use at the default certifier. This is usually the root certifier, but can be any certifier with adequate access |
Default Notes Certifier Password |
Enter the password for the Default Notes Certifier ID this driver will use when certifying new users. This password is secured using the new Named Passwords feature. See Using Named Passwords. |
Notes Organization Name |
Enter the name of the Notes Organization (This is usually the o= at the root of the tree): |
Notes Domain |
Enter the name of the Notes Domain: |
Target Notes Database |
Enter the relative path and file name (on the Domino server) for the target Notes Database. The path should be relative to the Domino server's data directory. |
Is this database a Notes Address Book? |
This driver has the capability of interfacing with different Notes databases: |
Notes Changelog Database |
Enter the relative path and file name (on the Domino server) for the Notes Changelog Database. This file is created by NDSREP.EXE. The path should be relative to the Domino server's data directory. |
Certify new Notes Users? |
Should the driver certify users added to Notes on the subscriber channel? |
Notes ID Storage Path |
Enter the path (on the Domino server) where the driver should create new user ID files. |
Notes Certification Log Database |
Enter the relative path and file name (on the Domino server) for the Notes Certification Log Database. The path should be relative to the Domino server's data directory. |
Update Address Book with user certifications? |
Should Notes update the server entry in the Address Book when a new user is certified in Notes on the subscriber channel? |
Store User ID files in Notes Address Book? |
Should Notes store new users IDs in the address book when certifying users added to Notes on the subscriber channel? |
Is the Domino Server a North American Server? |
Is the Domino server this driver is binding to when certifying new users a North American Domino server? This affects encryption levels. Choose Yes for 128 bit encryption: |
ID File Expiration Term |
Enter the expiration term (in years) for ID files created by the driver when certifying users added on the Subscriber channel. |
Minimum Notes Password Length: |
Enter the minimum password length for new Notes user IDs (0 - 16): |
Default Notes User ID Password: |
Enter the default password for new Notes user IDs |
Default Notes HTTP Password |
Enter the default HTTP password for new Notes users |
Create Mail File? |
Should the driver create a mail file for users certified to Notes on the subscriber channel? |
Mail Database Storage Path: |
Enter the relative path where the driver should create new Mail databases. The path should be relative to the Domino Data directory. |
Notes Mail Database Template |
Enter the relative path and file name (on the Domino server) for the Notes Mail Database Template this driver will use when creating new mail databases. The path should be relative to the Domino server's data directory. |
Notes Mail Server |
Enter the Name of the Notes Mail Server this driver will create new mail databases on (in fully qualified canonical form: i.e. cn=NotesServer/o=Organization). |
Internet Mail Domain |
Enter the Internet Mail Domain to be used when generating Internet e-mail addresses |
Deny Access Group Universal Note ID |
Enter the Notes Universal ID for the Deny Access Group. This can be found on the Properties sheet for the Group in the Notes Client (32 characters long). |
Publisher Channel Poll Rate |
Enter the polling interval (in seconds) for how often the publisher channel will check the change log for updates. |
Publisher placement destination path for USERS |
Enter the eDirectory path where eDirectory users will be created. |
Publisher placement destination path for GROUPS |
Enter the eDirectory path where eDirectory groups will be created. |
Subscriber placement source path for USERS |
Enter the eDirectory path (subtree root) where user changes will be detected. |
Subscriber placement source path for GROUPS: |
Enter the eDirectory path (subtree root) where group changes will be detected. |
Detect Event Loop Back? |
Select Yes to prevent event loop back from occurring, or No to allow event loop back: |
NDSREP Schedule Units |
Enter the schedule units for the NDSREP polling interval |
NDSREP Schedule Value |
Enter the schedule value for the NDSREP polling interval |
DNFormat |
Enter the distinguished name format |
Check Attributes |
Shall all attributes be checked for each object event? |
Write Time Stamps |
Shall driver time stamps be written to each synchronized object? |
Enable Role-based Entitlement features |
Select Yes if you are using the Entitlements Driver and would like to include the role-based entitlement features provided by this driver configuration. This is a design decision. Don't choose this option unless you have reviewed the information about Role-Based Entitlements in the Novell Nsure Identity Manager 2 Administration Guide. |
Install Driver as Remote/Local |
Configure the driver for use with the Remote Loader service by selecting Remote, or select Local to configure the driver for local use. If Local is selected, skip the remaining prompts |
Remote Host Name and Port |
(Remote Driver Configuration only) Enter the Host Name or IP Address and Port Number where the Remote Loader Service has been installed and is running for this driver. The Default Port is 8090. Host Name or IP Address and Port; ###.###.###.###:#### |
Driver Password |
(Remote Driver Configuration only) The Driver Object Password is used by the Remote Loader to authenticate itself to the DirXML server. It must be the same password that is specified as the Driver Object Password on the DirXML Remote Loader. |
Remote Password |
(Remote Driver Configuration only) The Remote Loader password is used to control access to the Remote Loader instance. It must be the same password that is specified as the Remote Loader password on the DirXML Remote Loader. |
This section includes information about what must be in place when the driver is started, both the first time and subsequent times, and gives steps for how to start the driver.
The first time the driver runs, it searches for the Domino Server (specified in driver parameters at import time), and tries to open dsrepcfg.nsf to write the publisher parameters that NDSRep reads. If dsrepcfg.nsf does not exist, then the NotesDriverShim attempts to create dsrepcfg.nsf using the database template dsrepcfg.ntf that ships with the driver.
If dsrepcfg.ntf is not found, or this initial dsrepcfg.nsf creation process fails, then the Publisher channel shuts down.
If dsrepcfg.nsf is successfully created, and contains data specifying an appropriate update database file (usually named ndsrep.nsf), the NDSRep loads successfully with the following command at the Domino Console, where instance represents the name of the driver:
load ndsrep instance
A driver name (or unique instance name set up for this driver) is required to load NDSRep at the server console.
If the name of your driver includes spaces, then you must put quotes around the name.
We recommend that the notes.ini file be updated to load NDSRep automatically, after the initial configuration and start-up has been validated.
After the initial startup has been successful, the Notes driver and ndsrep can be launched in any order that is convenient for the particular configuration.
NDSRep must be launched using the driver name as a parameter:
load ndsrep mydriver1
To load NDSRep, you must use the appropriate instance name:
load ndsrep instance
load ndsrep instance
After NDSRep is loaded, all TELL commands are issued to this instance of NDSRep using the instance name.
If the name of your driver includes spaces, then you must put quotes around the name.
For Linux and Solaris, sample scripts are provided to demonstrate how to launch the driver. By default they are installed to /usr/lib/dirxml/rules/notes. The scripts are named as follows:
Also included in the same directory is a sample Remote Loader configuration file for the Notes driver. You might need to change the configuration ports that are referenced in this file.
We recommend that you copy all four files to the location where you intend to launch your driver on the Domino server, such as /local/notesdata or /home/notes.
Make sure that the scripts have file access for execution.
These sample scripts work in a variety of situations. If they do not work in your environment, you might need to edit them appropriately.
These scripts allow you to start the Remote Loader for the driver using rdxml.startnotes and stop the Remote Loader for the driver using rdxml.stopnotes.
The sample scripts produce a Remote Loader trace log for the driver that can be used for troubleshooting.
(Windows only) Make sure you have copied the necessary files, as described in Installing the Driver Shim.
In iManager, select DirXML Management > Overview.
Locate the driver in its driver set.
Click the driver status indicator in the upper right corner of the driver icon, then click Start Driver.
(Windows only) Enter the password for the Notes User that you are using for the driver, if you are prompted to do so. This prompt appears only the first time you start the driver, and whether it appears depends on your driver configuration.
Synchronization takes place on an object-by-object basis as changes are made to individual objects. If you want to have an immediate synchronization, you must initiate that process as explained in Migrating and Resynchronizing Data.
Complete the following sections to configure replication using NDSRep:
Keep in mind that NDSRep does not launch successfully unless the DirXML Driver for Lotus Notes has been started at least once.
Review the information about NDSRep and starting the driver in Starting the Driver.
(Windows only) Make sure you have copied the necessary files, as described in Installing the Driver Shim.
If you want to autoload NDSRep, add it to the ServerTasks = line in the Domino notes.ini file to have NDSRep automatically loaded on the Domino server.
For example:
ServerTasks=Update,Replica,Router,AMgr,AdminP,ndsrep notesdrv1,
CalConn,Sched,HTTP,IMAP,POP3
If the name of your driver includes spaces, then you must put quotes around the name.
(Windows only) Add c:\lotus\domino to your system path, then reboot the computer.
You always load and run NDSRep at the server console on the Domino server. NDSRep creates an output database (by default, ndsrep.nsf). NDSRep detects changes in the address book in the Domino server (or other Notes database) and copies these changes to the output database.
Loading NDSRep: Load ndsrep.exe into the Domino Server console.
Add NDSRep to the ServerTasks = statement in NOTES.INI and restart the Domino server, or type the following in the Notes Server Console window:
load ndsrep instance
For example:
ServerTasks=Update,Replica,Router,AMgr,AdminP,ndsrep notesdrv1,
CalConn,Sched,HTTP,IMAP,POP3
If the name of your driver includes spaces, then you must put quotes around the name.
Controlling NDSRep: Use the TELL commands described in the table.
The following NDSRep TELL commands allow for "on-the-fly" NDSRep parameter modification. These parameters are removed at the next auto-refresh interval:
SchVal
SchUnits
LoopDetect
LoopDetectID
OutputDB
InputDB
ISDirectory
DNFormat
SetInstance
WriteTimeStamps
Checkattrs
AutoRefresh
The following NDSRep TELL command allows for "on-the-fly" NDSRep parameter modification. It is not stored in the Driver Configuration, but stays in effect until the NDSRep instance is unloaded from the Domino Server:
DebugTrace
The following NDSRep TELL commands allow for immediate NDSRep actions. These commands are not stored; NDSRep simply executes the action.
Replicate
Suspend
Resume
ShowConfig
ShowFilter
RefreshConfig
You can run multiple instances of NDSRep to support multiple drivers running against a single Domino server. You must specify the appropriate driver instance name as a parameter when loading ndsrep. By default, this instance name is the name of the driver.
If the name of your driver includes spaces, then you must put quotes around the name.
Consider the following important issues with setting up NDSRep and multiple instances:
load ndsrep instance_name
NDSRep will be loaded and referenceable using TELL commands by the value of instance_name.
For example:
ServerTasks=Update,Replica,Router,AMgr,AdminP,
ndsrep notesdrv1,ndsrep notesdrv2,CalConn,Sched,HTTP,IMAP,POP3
Identity Manager synchronizes data as the data changes. If you want to synchronize all data immediately, you can choose from the following options:
Migrate Data from eDirectory: Allows you to select containers or objects you want to migrate from eDirectory to an application. When you migrate an object, the DirXML engine applies all of the Matching, Placement, and Create rules, as well as the Subscriber filter, to the object.
Migrate Data into eDirectory: Allows you to define the criteria Identity Manager uses to migrate objects from an application into Novell eDirectory. When you migrate an object, the DirXML engine applies all of the Matching, Placement, and Create rules, as well as the Publisher filter, to the object. Objects are migrated into eDirectory using the order you specify in the Class list.
Synchronize: The DirXML engine looks in the Subscriber class filter and processes all objects for those classes. Associated objects will be merged. Unassociated objects will be processed as Add events.
To use one of the options explained above:
Activation must be completed within 90 days of installation, or the driver will not run.
For activation information, refer to "Activating Novell Identity Manager Products" in the Novell Nsure Identity Manager 2 Administration Guide.