IBM Tivoli Directory Integrator
No migration steps for pre-7.0 installations are available! A clean
install of the plug-in is advised.
Starting from TDI v7.1, the agents of the Password Synchronizer
are signed by a dedicated signer who has the privilege to "sign or
run unrestricted methods and operations". The IDIPWSync group is no
longer required to have this privilege. The old deployment procedure
(see section Deployment alternative that does not involve a dedicated agent
signer (default pre-v7.1)) is still supported (but not
recommended), so we can skip this migration step:
- Sign the agents of the Password Synchronizer (see step 5 from
section Deployment on a single Domino Server).
- Refresh the designs of names.nsf and admin4.nsf (see steps 6 and 7 from section Deployment on a single Domino Server).
- Add the signer of the agents to the IDIPWSync group (see step
13 from section Deployment on a single Domino Server).
- Take away the privilege to "sign or run unrestricted methods and
operations" from the IDIPWSync group:
- Open the Domino Administrator.
- Open the Configuration page.
- Select Server -> All Server Documents.
- Select the document of the Server (if we have multiple Domino
servers, we have to apply the whole procedure to each one of them).
- Click Edit Server.
- Open the Security page.
- In the Programmability Restrictions section, remove the IDIPWSync group from the Sign
or run unrestricted methods and operations field.
- Click Save & Close to save
the changes to the Server document.