Home

 

Tivoli Directory Integrator properties

Lotus Connections maps LDAP properties with Tivoli Directory Integrator configuration parameters. You can find white papers and other information about LDAP properties on ibm.com and other sites. The following properties are stored in the source LDAP repository.


LDAP Properties

Property TDI parameter Definition
source_ldap_sort_page_size   Currently used only by IBM Services personnel.
source_ldap_search_base Search Base Required. The search base used when iterating the This should be a distinguished name. Some directories enable you to specify a blank string which defaults to whatever the server is configured to do. Other services require this to be a valid distinguished name in the
source_ldap_search_filter Search Filter Required. Search filter used when iterating the
source_ldap_url LDAP URL Required. The LDAP Web address used to access the source LDAP system. For example:

    ldap://host:port 
    

source_ldap_use_ssl Use SSL Required if you are using SSL to authenticate. Set this to "true" if you are using SSL (typically port 636 in the LDAP URL). Options include the following: true and false.
source_ldap_user_login Login user name Required. Login user name used for authentication. You can leave this blank if no authentication is required.
source_ldap_user_password Login password Required. Login password used for authentication. You can leave this blank if no authentication is required. The value will be encrypted in the file the next time it is loaded.
source_ldap_authentication_method Authentication Method Options include the following::

    Anonymous

    This method provides minimal security.

    Simple

    This method uses a login user name and password to authenticate. It is treated as anonymous if no user name and password are provided.

    CRAM-MD5

    Challenge/Response Authentication Mechanism using Message Digest 5. This method provides reasonable security against various attacks, including replay.

    SASL

    Simple Authentication and Security Layer. This method adds authentication support to connection-based protocols. Specify parameters for this type of authentication using the Extra Provider Parameters option.

source_ldap_collect_dns_file   Name of the file used to collect distinguished names (DNs) from the source LDAP, and then used during the population processes to look up entries to add to the database repository. The default value is collect.dns.
source_ldap_debug   Flag used by Profiles processing which indicates whether to print additional debug information to the log. Use this to capture problem information when the number of input records being processed has been limited (for example, by specifying a much more specific search filter). It also sets the detailed log setting of the connectors that are used as part of the processing of source to the database repository. Options include the following: true and false.
source_ldap_escape_dns   Indicates that special characters have not been escaped properly and identifies them so the processor can find those characters and escape them. Special characters are:

  • , (comma)

  • = (equals)

  • + (plus)

  • < (less than)

  • > (greater than)

  • # (number sign)

  • ; (semicolon)

  • \ (backslash)

  • " (quotation mark)

The backslash is used to escape special characters. A plus sign is represented by \+ and a backslash is represented by \\. The code will not escape commas, so if you have DNs containing commas (as part of a name, not separating fields in the DN), make sure your DNs are already escaped. Typically, if you use the collect_ldap_dns script with IBMTivoli Directory Server, you will not need to set this property to true since the data will be escaped properly. If you use collect_ldap_dns with Active Directory or enter the data manually, you may need to set this property to true.

source_ldap_required_dn_regex   Allows a regular expression to be used to limit the distinguished names (DNs) which are processed by providing a regular expression which must be matched. If the regular expression is not matched, that particular record is skipped. Although the search filter property gives some flexibility, in case this is not sufficient, you can use a more powerful regular expression.
source_ldap_sort_attribute Search Filter Instructs the LDAP server to sort entries matching the search base on the specified field name. This is usually only needed in special circumstances.

The following properties are associated with the Profiles database repository.


Profiles Database Properties

Property TDI parameter Definition
dbrepos_jdbc_driver JDBC Driver Required. JDBC driver used to access the Profiles database repository. The default value references the DB2 database with the following value:

    dbrepos_jdbc_driver=
     com.ibm.db2.jcc.
     DB2Driver
    

If you are using DB2, you do not need to modify this value. If you are using an Oracle database, change the value to reference an Oracle database. The following values are example values:

    dbrepos_jdbc_driver=
     oracle.jdbc.driver.
     OracleDriver
    

    oracle.jdbc.pool. OracleConnectionPool DataSource
    

dbrepos_jdbc_url JDBC URL Required. JDBC Web address used to access the Profiles database repository. You must modify the hostname portion and port number to reference your server information.

You can find this information by accessing the WebSphere Application Server Administration Console (http://yourhost:9060), and then selecting Resources > JDBC > Data sources > profiles. The default value uses the syntax for a DB2 database. If you are using an Oracle database, use the following syntax:

    jdbc:oracle:thin:
     @host_name:1521:
     PEOPLEDB
    

dbrepos_username User name Required. User name under which the database tables, which are part of the Profiles database repository, are accessed.
dbrepos_password Password Required. Password associated with the username under which the database tables, which are part of the Profiles database repository, are accessed.

The following properties are associated with the task that monitors the Profiles employee draft table for changes and transmits them through a DSML v2 connector.


Change Monitoring Properties

Property TDI parameter Definition
monitor_changes_debug   Flag used by Profiles to monitor changelog processing, which prompts the Tivoli Directory Integrator to print additional debug information to the log. Use this when debugging issues arise. This property also sets the detailed log setting of the connectors used as part of the monitor change log processing. Options include the following: true and false.
monitor_changes_dsml_server_authentication   Type of authentication used by the DSML server update requests. Options include the following:

    HTTP basic authentication

    A method designed to allow a web browser, or other client program, to provide credentials – in the form of a user name and password – when making a request.

    Anonymous

    This method provides minimal security.

monitor_changes_dsml_server_url   Required if you are transmitting user changes back to the source repository. Web address of the DSML server to which the DSML update requests should be sent.
monitor_changes_dsml_server_username   Required if you are transmitting user changes back to the source repository. User name used for authentication to the DSML server.
monitor_changes_dsml_server_password   Required if you are transmitting user changes back to the source repository. Password used for authentication to DSML server that the DSML update requests should be sent to.
monitor_changes_map_functions_file   Path to the file containing mapping functions for mapping from a changed database field to a source (for example LDAP field). This is only needed if changes made to the source based on database repository field changes are not mapped simply one-to-one. You can use the same file you use to map from source to database repository fields, assuming the functions are named appropriately.
monitor_changes_sleep_interval   Polling interval (in seconds) between checks for additional changes when no changes exist.

The following properties are associated with the Tivoli Directory Integrator processing that reads a Tivoli Directory Server change log and subsequently updates the database repository with those changes.


Tivoli Directory Server Change Log Properties

Property TDI parameter Definition
ad_changelog_debug   Flag used by Active Directory Change Log Server processing which prints additional debug information to the log. Use this when you encounter debugging issues. This property also sets the detailed log setting of the connectors used as part of the monitor changelog processing. Options include the following: true and false.
ad_changelog_ldap_url   Required. LDAP Web address used to access the LDAP system that was updated. For example:

    ldap://host:port
    

ad_changelog_ldap_user_login   Required. Login user name to use to authenticate with an LDAP system that has been updated. You can leave this blank if no authentication is needed.
ad_changelog_ldap_user_password   Required. Login user name to use to authenticate with an LDAP that has been updated. You can leave this blank if no authentication is needed. The value will be encrypted in the file the next time it is loaded.
ad_changelog_ldap_search_base    
ad_changelog_ldap_use_ssl   Defines whether or not to use SSL in authenticating with an LDAP system that was updated. Options include the following: true and false.
ad_changelog_timeout    
ad_changelog_sleep_interval   Polling interval (in seconds) between checks for additional changes when no changes exist.
ad_changelog_use_notifications   Indicates whether to use changelog notifications rather than polling. If true, the tds_changelog_sleep_interval is not applicable since polling is not used. Options include the following: true and false.
ad_changelog_ldap_page_size    
ad_changelog_start_at   Change number in the Active Directory changelog to start at. Typically this is an integer, while the special value "EOD" means start at the end of the changelog.
ad_changelog_ldap_required_dn_regex.    
tds_changelog_debug   Flag used by Tivoli Directory Server Change Log Server processing which prints additional debug information to the log. Use this when you encounter debugging issues. This property also sets the detailed log setting of the connectors used as part of the monitor changelog processing. Options include the following: true and false.
tds_changelog_ldap_authentication_method Authentication Method Authentication method used to connect to LDAP to read records. Options include the following::

    Anonymous

    This method provides minimal security.

    Simple

    This method uses a login user name and password to authenticate. It is treated as anonymous if no user name and password are provided.

    CRAM-MD5

    Challenge/Response Authentication Mechanism using Message Digest 5. This method provides reasonable security against various attacks, including replay.

    SASL

    Simple Authentication and Security Layer. This method adds authentication support to connection-based protocols. Specify parameters for this type of authentication using the Extra Provider Parameters option.

tds_changelog_ldap_changelog_base ChangelogBase Changelog base to use when iterating through the changes. This is typically cn=changelog.
tds_changelog_ldap_time_limit_seconds Time Limit Searching for entries must take no more than this number of seconds (0 means no limit).
tds_changelog_ldap_url LDAP URL Required. LDAP Web address used to access the LDAP system that was updated. For example:

    ldap://host:port
    

tds_changelog_ldap_use_ssl Use SSL Defines whether or not to use SSL in authenticating with an LDAP system that was updated. Options include the following: true and false.
tds_changelog_ldap_user_login Login user name Required. Login user name to use to authenticate with an LDAP system that has been updated. You can leave this blank if no authentication is needed.
tds_changelog_ldap_user_password Login password Required. Login user name to use to authenticate with an LDAP that has been updated. You can leave this blank if no authentication is needed. The value will be encrypted in the file the next time it is loaded.
tds_changelog_sleep_interval   Polling interval (in seconds) between checks for additional changes when no changes exist.
tds_changelog_start_at_changenumber   Change number in the Tivoli Directory Server changelog to start at. Typically this is an integer, while the special value "EOD" means start at the end of the changelog.
tds_changelog_use_notifications   Indicates whether to use changelog notifications rather than polling. If true, the tds_changelog_sleep_interval is not applicable since polling is not used. Options include the following: true and false.

The following property is associated with the query utilities.


Query Utility Properties

Property Definition
query_db_by_name_file Name of the file used by query_input_by_name as the source of names to query. The default value is query_name.in.


Manually populating the Profiles database

 

Related tasks

Map fields manually

Updating Profiles when changing LDAP directory


+

Search Tips   |   Advanced Search