IBM Tivoli Directory Integrator
Copy all the files from the folder TDI_Install_dir/pwd_plugins/jars to the folder domino_jvm_directory/lib/ext folder
on the Domino Server and to the Lotus\Notes\jvm\lib\ext folder
on the machine where Lotus Domino Designer is installed.
Copy the files idipwsync.nsf and pwsync_install_r8.nsf from the folder TDI_Install_dir/pwd_plugins/domino to
the data directory of the Domino Server: domino_data_dir.
Copy the Domino/JavaProxy configuration file (template
is shipped in TDI_Install_dir/pws_plugins/domino/pwsync.props)
to the file domino_data_directory/idipwsync/pwsync.props for
Unix or to the domino_program_directory\idipwsync\pwsync.props for
Windows.
On Linux- and UNIX-based platforms, install the Password
Store with the Domino user (notes by default). This gives
the necessary privileges to the Domino JVM to execute the Password
Store. Also make sure the Domino user has the necessary privileges
to read the files copied to the Domino Server (those described above).
In order for the new files to be loaded a restart of the server
is required.
Here are sample steps to create a person that can be used as agent
signer:
- Open the Domino Administrator.
- Open the People & Groups page.
- On the right panel select People ->
Register... (the Register Person wizard will show up).
- In the Last name field enter "IDIPWSyncSigner".
- Fill in the password field with a value of the choice.
- In the Mail system field select None.
- Make sure Create a Notes ID for this
person is checked (the ID file will be used to sign agents).
- Click the Register button.
Here are sample steps how to download the ID file of the newly
generated person from the Person document in the Domino Directory:
- Open the Domino Administrator.
- Open the People & Groups page.
- In the left navigation panel open the People node.
- Select the IDIPWSyncSigner person.
- Click Edit Person (this will open
the Person document).
- At the bottom left corner of the Basics page, there is an attached
file named "UserID". Open a context menu for that attachment
and select Save.
- Click Cancel to close the Person
document without changes.
The signer must have Manager access to the pubnames.ntf and admin4.ntf templates. Here is how to configure
it for admin4.ntf (do the same for pubnames.ntf):
- Open the Domino Administrator.
- Open the Files page.
- In the Show me combo box select Templates only.
- In the list of templates, select admin4.ntf, open a context menu and select Access Control
-> Manage.
- Click Add...
- Choose the IDIPWSyncSigner person.
- In the User type combo box, select Person.
- In the Access combo box select Managers.
- Click OK to close the Access List
window.
Finally we have to allow the signer to "sign or run unrestricted
methods and operations":
- Open the Domino Administrator.
- Open the Configuration page.
- Select Server -> All Server Documents.
- Select the document of the Server (if we have multiple Domino
servers, we have to apply the whole procedure to each one of them).
- Click Edit Server.
- Open the Security page.
- In the Programmability Restrictions section, add the signer person to the "Sign or run unrestricted methods and
operations" field.
- Click Save & Close to save
the changes to the Server document.