4.4 Using Driver Parameters

To change driver parameters, edit the Driver Parameters page.

  1. In iManager, click Identity Manager > Identity Manager Overview.

  2. Find the driver in its driver set.

  3. Click the driver icon to display the Driver Overview page.

  4. Click the driver icon again to display the Modify Object page.

  5. Click Driver Configuration.

  6. Use the information in the tables that follow to upgrade driver parameters.

4.4.1 Driver Options

The third column of the following table contains XML text that you can paste into the Driver Parameters XML Editor. The XML text represents exactly what is necessary to display the parameters. You can also place the information that you see under the Description heading within the < description> </ description> parameters.

Table 4-1 Driver Parameters

Parameter

Description

XML to Define Driver Parameters

Default Certifier ID file

The default Notes Certifier ID file that is used to register user objects in the Notes Address Book. The full path of the file should be represented with respect to the operating system hosting Domino.

< definition display-name="Default Certifier ID File" name="cert-id-file" type="string"> < description> </ description>

< value>c:\lotus654\domino\data\ids\people\ndriver.id</ value> </ definition>

Default Certifier ID password

The default Notes Certifier ID file password that is used to register user objects in the Notes Address Book.

When using the type=“password-ref” attribute of this parameter, the password is encrypted and securely stored with the Driver Configuration. When securely stored in this fashion, the password can then be referenced by the Metadirectory engine or a driver using the key name specified. (In this example, defaultCertPwd.)

< definition display-name="Default Certifier Password" is-sensitive="true" name="cert-id-password" type="password-ref"> < description> </ description>

< value>defaultCertPwd</ value> < pwd-value removePwd="false"> </ pwd-value></ definition>

Directory File or Input Database

The file name of the database to be synchronized with the Identity Vault. Specify this item without full path information.

< definition display-name="Directory File" name="directory-file" type="string"> < description> </ description>

< value>names.nsf</ value> </ definition>

Notes Address Book

Specify True if the input database (directory file) is a Notes Address book; otherwise, specify False.

< definition display-name="Notes Address Book?" name="is-directory" type="boolean"> < description> </ description>

< value>true</ value> </ definition>

Notes Domain Name

The name of the Notes domain the driver is running against. It might be different from the Notes Organization name, and therefore can’t be derived from the server name.

< definition display-name="Notes Domain Name" name="notes-domain" type="string"> <description> </description>

< value>PROVO1</ value> </ definition>

Server ID File

The Notes Server ID file associated with the Notes Server this driver authenticates to (This is optional). The full path of the file should be represented with respect to the operating system hosting Domino. This ID file need not be the server ID file. It can actually be an ID file that has no password (and need not have any access anywhere).

< definition display-name="Domino Server ID File" name="server-id-file" type="string"> < description> </ description>

< value>c:\lotus654\domino\data\server.id</ value> </ definition>

Update File or ndsrep polling cache

The filename of the database used to cache database changes that need to be published to the Identity Vault. The default is ndsrep.nsf. Specify this item without full path information.

The Driver's Domino add-in process ndsrep creates this database. Within this database, filtered updates are cached before being consumed by the Notes Driver's publisher.

< definition display-name="Update File" name="update-file" type="string"> < description> </ description>

< value>ndsrep.nsf</ value> </ definition>

Notes User ID file

The Notes User ID file associated with the Notes User this driver represents (this is required). The full path of the file should be represented with respect to the operating system hosting Domino. The password associated with this user ID file is input in the following user interface section: Driver Configuration > Authentication > Specify the application password.

< definition display-name="Notes Driver User ID File" name="user-id-file" type="string"> < description> </ description>

< value>c:\lotus654\domino\data\ids\people\ndriver.id</ value> </ definition>

Janitor Cleanup Interval

Janitor cleanup checks for and releases resources that might have been orphaned by unfinished query-ex sequences. This interval determines how often to perform this janitorial service.

< definition display-name="Janitor Cleanup Interval (in minutes)" name="janitor-cleanup-interval" type="integer"> < description> </ description>

< value>30</ value> </ definition>

Allow Document Locking

Enables Notes database documents to be locked by the Notes Driver Shim if they are being modified. This parameter is only effective using Notes 6.5 or higher and the Notes database has the Allow document locking check box enabled.

< definition display-name="Allow Document Locking" name="allow-document-locking" type="boolean"> < description> </ description>

< value>true</ value> </ definition>

4.4.2 Subscriber Options

The third column of the following table contains XML text that you can paste into the Driver Parameters XML Editor. The XML text represents exactly what is necessary to display the parameters. You can also place the information that you see under the Description heading within the < description> </ description> parameters.

Table 4-2 Subscriber Channel Parameters

Parameter

Description

XML to Define Driver Parameters

Allow Domino AdminP Support

Specifies that AdminP features can be used. AdminP features are supported only for users of Lotus Notes 6.0.3 or later.

If you have Lotus Notes 6.0.3 or later and you want to use the AdminP features, you must add this parameter and set it to true.

If the parameter does not exist in the driver parameters, the default setting is false.

This parameter can be overridden on a command-by-command basis using the attribute Allow AdminP Support described in Section 4.5, Custom Driver Parameters.

< definition display-name="Allow Domino AdminP Support" name="allow-adminp-support" type="boolean"> < description> </ description>

< value>true</ value> </ definition>

Certify/Register Users

This parameter indicates the default behavior for the driver regarding Notes user account creation. Yes indicates the driver by default attempts to register users in the Notes Address book by certifying them and creating an ID file for each user when add events are received.

This default setting can be overridden using the XML < certify-user> attribute tag.

< definition display-name="Certify (register) Notes Users" name="cert-users" type="boolean"> < description> </ description>

< value>true</ value> </ definition>

Create Mail DB

This parameter indicates the default behavior for the driver regarding e-mail account creation. True indicates the driver by default attempts to create a Notes Mail database when adding a new user.

This default setting can be overridden using the XML attribute tag < create-mail>.

< definition display-name="Create User E-Mail Box" name="create-mail" tmpId="238" type="boolean"> < description> </ description>

< value>true</ value> </ definition>

Default HTTP Password

The default Notes Web (HTTP) password set for newly created Notes users.

This default setting can be overridden using the XML attribute tag < user-pwd>.

< definition display-name="Default HTTP Password" name="default-http-password" type="string"> < description> </ description>

< value>notesweb</ value> </ definition>

Default Notes Password

The default Notes User ID password for newly created Notes users.

This default setting can be overridden using the XML attribute tag < user-pwd>.

< definition display-name="Default Notes Password" name="default-password" type="string"> < description> </ description>

< value>notes</ value> </ definition>

Expiration Term

The default expiration term (specified in years) for newly created Notes User ID files.

This default setting can be overridden using the XML attribute tag < expire-term>.

< definition display-name="Default User ID File/Registration Expiration Term (in years)" name="expiration-term" type="integer"> < description> </ description>

< value>2</ value> </ definition>

Failed Command Reply Status

If the parameter does not exist in the driver parameters, the default setting is Retry.

Possible values are Success, Warning, Error, Retry, or Fatal.

This parameter can be used when troubleshooting critical situations.

< definition display-name="Retry Status Return Code" name="retry-status-return" type="enum"> < description> </ description>

< value>retry</ value> </ definition>

ID File Storage Location

This parameter specifies the default Notes User ID file (certifier) storage location that is used when user objects are registered and ID files are created. New ID files are placed in this location. The full path of the folder should be represented in relationship to the operating system hosting Domino.

This default setting can be overridden using the XML attribute tag < user-id-path>.

< definition display-name="User ID File Storage Location" name="cert-path" type="string"> < description> </ description>

< value>c:\lotus654\domino\data\ids\people</ value> </ definition>

Internet Mail Domain Name

Obsolete in version 2.0.

< definition display-name="Internet Mail Domain" name="account.email.InternetDomainName" type="string"> < description> </ description>

< value>< variable-ref var-name="base.Notes.INetMailDomain"/></ value> </ definition>

Add User E-Mail ACL Level

The default ACL setting for the newly created mail file of newly created user objects. Valid values are NOACCESS, DEPOSITOR, READER, AUTHOR, EDITOR, DESIGNER, and MANAGER. When no ACL setting is specified, the setting defaults to MANAGER.

This default setting can be overridden using the XML attribute tag < mailfile-acl-level>.

< definition display-name="Add User E-Mail: E-Mail Database ACL Setting" name="account.email.aclsetting" type="enum"> < description> </ description>

< value>default</ value> </ definition>

User Mail File Storage Location

A mail storage path relative to the Domino data storage location where mail files are stored if created by the driver. For example, if the parameter is set to “mail,” then new mail files created by the driver on the Domino server (running on Linux) are stored in the /local/notesdata/mail folder.

<definition display-name="User Mail File Storage Location" name="mailfile-path" type="string"> <description> </description>

<value>mail</value> </definition>

Notes Password Strength

The default minimum password length (0-16 characters) for newly created Notes User ID files.

This default setting can be overridden using the XML attribute tag < minimum-pwd-len>.

< definition display-name="Notes Password Strength (0 - 16)" name="minimum-pwd-len" type="integer"> < description> </ description>

< value>2</ value> </ definition>

Is Domino Server North American?

North American Server User ID file (certifier) property. Set to True only if the Domino Server is in North America. According to Domino registration requirements, this attribute is required for user ID file creation.

< definition display-name="Is Domino Server North American?" name="north-american-flag" type="boolean"> < description> </ description>

< value>true</ value> </ definition>

Domino Mail Server Name

The DN of the Domino Server that holds the mail files.

This default setting can be overridden using the XML < mailserver> element as a child of the add event element.

< definition display-name="Domino Mail Server Name" name="mail-server" type="string"> < description> </ description>

< value>CN=blackcap/O=novell</ value> </ definition>

Notes Document Save Failure Return Code

If the parameter does not exist in the driver parameters, the default value is warning.

Possible values are success, warning, error, retry, or fatal.

This parameter can be used when troubleshooting and is overwritten by < retry-status-return>

< definition display-name="Notes Document Save Failure Return Code" name="notes-save-fail-action" type="enum"> < description> </ description>

< value>warning</ value> </ definition>

Allow Notes Web (HTTP) Password Set

Set the parameter to true to allow the Notes driver to set or to change the Web (HTTP) password attribute on user objects. Set the parameter to false to disallow the Notes driver from setting or changing the web (HTTP) password attribute on user objects. The default setting is true.

< definition display-name="Allow Notes Web (HTTP) Password Set" name="allow-http-password-set" type="boolean"> < description> </ description>

< value>true</ value> </ definition>

Registration/ Certification Log File

The Notes Certification log file that is used to record the registration of user objects in the Notes Address Book. Specify this item without full path information.

< definition display-name="Registration/Certification Log File" name="cert-log" type="string"> < description> </ description>

< value>certlog.nsf</ value> </ definition>

Store User ID in Address Book

This flag indicates the default behavior for the driver regarding attaching user ID files on their respective user objects in the Notes Address Book at registration time.

Setting the flag to True causes registered user objects in the Notes Address Book to be created with an attached user ID file.

Setting the flag to False causes registered user objects in the Notes Address Book to be created without an attached user ID file.

This default setting can be overridden using the XML attribute tag < store-useridfile-in-ab>.

< definition display-name="Store User ID File in Address Book" name="store-id-ab-flag" type="boolean"> < description> </ description>

< value>true</ value> </ definition>

E-Mail File Template

The .ntf database template to be used when creating a new mail database when the driver creates a user e-mail account. This template must be accessible to the Domino server in the Domino data folder.

< definition display-name="Mail File Template" name="mailfile-template" type="string"> < description> </ description>

< value>mail654.ntf</ value> </ definition>

Add Registered Users To Address Book

This parameter indicates the default behavior for the driver regarding placing registered user objects in the Notes Address Book. Setting the flag to True causes registered users to be placed in the address book. Setting the flag to False causes users to be registered (meaning that a certifier ID file is created for the user) without the user object being placed into the Notes Address Book.

This default setting can be overridden using the XML attribute tag < update-addressbook>.

<definition display-name="Add Registered Users to Address Book" name="update-ab-flag" type="boolean"> <description> </description>

< value>true</ value> </ definition>

Document Lock Failure Action

Specify the action (document return code) the Notes Driver will return to the Metadirectory engine if the Notes Driver fails to acquire a document lock. The value choices are retry (default), warning, error, fatal, and success.

This parameter is overwritten by < retry-status-return>

<definition display-name="Document Lock Failure Action" name="notes-doc-lock-fail-action" type="enum">

< value>retry</ value> </definition>

Number of File Creation Collision Retry Attempts

Specify a positive integer value indicating the highest number to append to a filename when attempting to resolve file name collisions. If the NotesDriverShim cannot create a mailfile or a mailfile replica because of a file name collision, the NotesDriverShim appends an integer text value to the end of the attempted filename and tries again to create the file. Thus, if the mailfile JohnDoe.nsf already exists, then the NotesDriverShim will attempt to create JohnDoe1.nsf. If this value is 0, then this file creation after filename collision feature is not invoked.

< definition display-name="Number of File Creation Collision Retry Attempts" name="db-creation-max-collisions" type="integer">

< value>5</ value> </ definition>

4.4.3 Publisher Options

The third column of the following table contains XML text that you should paste into the Driver Parameters XML Editor. The XML text represents exactly what is necessary to display the parameters. You can also place the information that you see under the Description heading within the < description> </ description> parameters.

Table 4-3 Publisher Channel Parameters

Parameter

Description

XML to Define Driver Parameters

Check Attributes

The ndsrep check and publish attributes parameter. Set to True if only modified attributes within the Publisher filter should be sent to the Identity Vault via the Publisher channel when a Notes object is modified. Set to False if all sync attributes specified within the Publisher filter should be sent to the Identity Vault via the Publisher channel when a Notes object is modified.

The default value is True.

< definition display-name="Check Attributes?" name="check-attrs-flag" type="boolean"> < description> </ description>

< value>true</ value> </ definition>

DN Format

The Distinguished Name format used by ndsrep. Valid values are NOTES_TYPED, NOTES, SLASH_TYPED, SLASH, LDAP, LDAP_TYPED, DOT, and DOT_TYPED. The default is NOTES_TYPED.

< definition display-name="DN FORMAT" name="dn-format" type="enum"> < description> </ description>

< value>NOTES_TYPED</ value> </ definition>

Enable Loop Back Detection

Loopback detection parameter. Set to True to enable loopback detection. Set to False to disable loopback detection.

<definition display-name="Enable Loop Back Detection" name="loop-detect-flag" type="boolean"> <description> </description>

< value>true</ value> </ definition>

NDSREP Configuration Database

The ndsrep configuration database filename created and maintained by the driver. This parameter controls which .nsf database the driver shim uses to write its publication options.

The full path of the filename should be represented with respect to the operating system hosting Domino. When using this parameter, ndsrep needs to be loaded with the -f filename parameter.

ndsrep load example: 

load ndsrep NotesDriver2 -f /home/notes/mycfg.nsf

If this parameter is not present, by default the Configuration database filename is set to dsrepcfg.nsf and is normally located in the Domino data folder.

If the name of your driver includes spaces, then you must put quotes around the name.

< definition display-name="NDSREP Configuration database" name="config-db-name" type="string"> <description> </description>

< value>mycfg.nsf</ value> </ definition>

NDSREP Configuration Instance

The ndsrep configuration instance name created and maintained by the driver within the ndsrep configuration database. This parameter controls which database note the driver shim uses to read and write its publication options within the ndsrep configuration database. When using this parameter, ndsrep utilizes the settings of this configuration instance when loaded with this instance name as a parameter.

If this parameter is not present, by default the configuration instance is set to the name of the driver (the driver RDN in eDirectory.)

ndsrep load example: 

load ndsrep NotesDriver2

If the name of your driver includes spaces, then you must put quotes around the name.

<definition display-name="NDSREP Configuration Instance" name="instance-id" type="string"> <description> </description>

< value>NotesDriver2</ value> </ definition>

NDSREP Console Trace Level

Possible values are SILENT, NORMAL, VERBOSE, or DEBUG.

If this parameter is not present, the default setting is NORMAL.

<definition display-name="NDSREP Domino Console Trace Level" name="ndsrep-console-trace-level" type="enum"> <description> </description>

< value>NORMAL</ value> </ definition>

NDSREP Schedule Units

The ndsrep polling interval unit. Valid values are SECONDS, MINUTES, HOURS, DAYS, and YEARS. The default value is SECONDS.

<definition display-name="NDSREP Polling Units" name="schedule-units" type="enum"> <description> </description>

< value>SECONDS</ value> </ definition>

NDSREP Schedule Value

The ndsrep polling interval unit value. This value is utilized in conjunction with the < schedule-units> configuration parameter.

<definition display-name="NDSREP Polling interval" name="schedule-value" type="integer"> <description> </description>

< value>30</ value> </ definition>

Polling Interval

Notes Driver Shim publisher polling interval, specified in SECONDS, MINUTES, HOURS, and DAYS,.

<definition display-name="Polling Interval (in seconds)" name="polling-interval" type="integer"> <description> </description>

< value>30</ value> </ definition>

Publication Heartbeat Interval (in seconds)

Publication Heartbeat Interval specified in seconds. This parameter can be used instead of < pub-heartbeat-interval> to provide finer interval size granularity. If no documents are sent on the Publisher channel for this specified interval (duration of time), then a heartbeat document is sent by the driver. A value of 0 indicates that no heartbeat documents are to be sent.

If this parameter is not present, by default the publication heartbeat interval is 0.

<definition display-name="Heartbeat Interval (in seconds)" name="pub-heartbeat-interval-seconds" type="integer"> <description> </description>

< value>0</ value> </ definition>

Publication Heartbeat Interval

Publication Heartbeat Interval specified in minutes. If no documents are sent on the Publisher channel for this specified interval (duration of time), then a heartbeat document is sent by the driver. A value of 0 indicates that no heartbeat documents are to be sent.

If this parameter is not present, by default the publication heartbeat interval is 0.

<definition display-name="Heartbeat Interval (in minutes)" name="pub-heartbeat-interval" type="integer"> <description> </description>

< value>0</ value> </ definition>

Write Time Stamps?

Whether ndsrep writes special driver time stamp on synchronized Notes parameter. Set to True to have ndsrep write a driver specific time stamp on all Notes objects that are synchronized. This special driver time stamp is used to more accurately determine Notes object attribute updates. Set to False to have ndsrep determine Notes object attribute updates based on existing Notes object time stamps.

The default value is True.

<definition display-name="Write Time Stamps?" name="write-timestamps-flag" type="boolean"> <description> </description>

< value>true</ value> </ definition>