Home
Gather LDAP information
- Identify LDAP attributes...
- displayName
- Attribute used for display name in the LC user interface.
For example: cn
Must be configured to use Activities.
- Log in
- Attribute(s) to use for logging in to Lotus Connections.
For example: uid.
The login name must be unique in the LDAP
If no corresponding attribute exists, create one. You can use an attribute for multiple purposes. For example, you can use the mail attribute to perform the login and messaging tasks.
- Messaging
- (Optional.) Attribute to use to define the e-mail address of a person.
The e-mail address must be unique in the LDAP directory. If a person does not have an e-mail address and does not have an LDAP attribute that represents the e-mail address, that person cannot receive notifications.
- Global unique identifier
- Attribute to use as the unique identifier of each person and group in the organization. This value must be unique across the organization.
You should not allow the guid of a user in the system to change. If changed, the user will not have access to their data until you re-synchronize the LDAP and Lotus Connections databases with the new guid.
By default, WebSphere Application Server reserves the following attributes to serve as the unique identifier for the given LDAP servers:
- IBM Tivoli Directory Server
ibm-entryUUID
- Microsoft Active Directory
objectGUID
If you are using Active Directory, remember that the samAccountName attribute has a 20-character limit; other IDs used by Lotus Connections have a 256-character limit.
- Microsoft Active Directory Application Mode (ADAM)
objectGUID
To use objectSID as the default for ADAM, edit...
PROFILE_HOME/profile_name/config/cells/cell_name/wim/config/wimconfig.xml
..add the following line to the <config:attributeConfiguration> section...
<config:externalIdAttributes name="objectSID" syntax="octetString"/>- IBM Domino Enterprise Server
dominoUNIDIf the bind ID for the Domino LDAP does not have sufficient manager access to the Domino directory, the Virtual Member Manager (VMM) does not return the correct attribute type for the Domino schema query; DN is returned as the VMM ID.
To override VMM's default ID setting, edit wimconfig.xml, go to the section...
<config:attributeConfiguration>
..and add the following line...
<config:externalIdAttributes name="dominoUNID"/>- Sun Java System Directory Server
nsuniqueid- eNovell Directory Server
GUID- Custom ID:
If your organization already uses a unique identifier for each user and group, you can configure Lotus Connections to use that. For more information, see the Specifying a custom ID attribute for users or groups topic.
- Also collect...
Value Description My Value Directory Type Identifies and selects a service from the available vendors and versions. Primary host name Port Bind distinguished name Bind password Certificate mapping Certificate filter LDAP entity types Identifies and selects LDAP object classes. For example, select the...
- inetOrgPerson object class for the Person Account entity
- groupOfUniqueNames object class for the Group entity
Search base Identifies the distinguished name of the LDAP subtree as the search scope. For example, select... o=ibm.com
..to allow all objects underneath this subtree node to be searched. For example:
- Group
- OrgContainer
- PersonAccount
- inetOrgPerson
- With Domino LDAP, for entities...
- PersonAccount
- Group
..replace the default mapping with...
- dominoPerson
- dominoGroup
- For Tivoli Directory Server, set group entities to either...
- groupOfNames
- groupOfUniqueNames
WAS uses groupOfNames by default. In most cases, delete this default mapping and create a new mapping for group entities using groupOfUniqueNames.
If you use groupOfUniqueNames, for the group member attribute, use uniqueMember.
If you use groupOfNames, for the group member attribute, use member.
Related tasks
Set up federated repositories
Pre-installation tasks
Choose log in values
Specify a custom ID attribute for users or groups
Create databases
Install IBM WebSphere Application Server