TDI solution properties for Profiles

TDI properties for Profiles

Overview
Tivoli Directory Integrator properties are in profiles_tdi.properties.
The TDI parameter column in the tables contains the name of the parameter in the LDAP connector.
File paths specified below are relative to /opt/IBM/TDI.

TDI properties for Profiles

LDAP property TDI parameter Definition
source_ldap_url LDAP URL host name and LDAP URL Port Required. The LDAP web address used to access the source LDAP system. The port is required and is typically 389 for non-SSL connections. Express this value in the form of...
ldap://myservername.com:389

For the population wizard, this property is configured with the LDAP server name and LDAP server port on the LDAP server connection page. The LDAP query constructed from the source URL, search base, and search filter are stored in a source url property, which can be used to segment the Profiles database user set during synchronization. Using different values for this property, which may be equivalent (for example referencing the LDAP server by IP address or DNS name) is not advised.
source_ldap_use_ssl LDAP URL Use SSL connection Required if we are using SSL to authenticate. Set to either true or false. Set to true if we are using SSL (for example if we are using port 636 in the LDAP URL). Default is false. For the population wizard, this property is configured with the Use SSL communication check box on the LDAP server connection page.
source_ldap_user_login Login user name Login user name used for authentication. We can leave this blank if no authentication is required. For the population wizard, this property is configured in the Bind distinguished name (DN) field on the LDAP authentication properties page.
source_ldap_user_password Login password Login password used for authentication. Leave this blank if no authentication is required. The value will be encrypted in the file the next time it is loaded. For the population wizard, this property is configured in the Bind password field on the LDAP authentication properties page.
source_ldap_search_base or source_ldap_user_search_base Search Base The search base (the location from where the search begins) of the iterating directory. The search begins at this point in the LDAP directory structure and searches all records underneath. This must be a distinguished name. Most directories require a search base, and as such it must be a valid distinguished name. Some directory services allow you to specify a blank string, which defaults to whatever the server is configured to do. A default value is not specified. For the population wizard, this property is configured in the LDAP user search base field on the LDAP page.
source_ldap_search_filter or source_ldap_user_search_filter Search Filter Search filter used when iterating the directory. This filter determines which objects are included or excluded in the search. For the search base and the specified search filter properties do not allow you to adequately construct the search set, use the source_ldap_ required_dn_regex property. Search filters are used by those directories to select entries from which data is retrieved from a search operation. Search filters as they can affect performance of the directory that is being searched, so choose carefully. The directory server schema that is being queried can affect performance. A default value is not specified. For the population wizard, this field is called LDAP user search filter and is located in the LDAP authentication properties page.
source_ldap_sort_page_size Page size If specified, the LDAP Connector tries to use paged mode search. Paged mode causes the directory server to return a specific number of entries (called pages) instead of all entries in one chunk. Not all directory servers support this option. Default is 0, which indicates that paged mode is disabled. Default is 0. This parameter is not configurable when we are using the population wizard.

source_ldap_authentication_method Authentication Method

Anonymous

This method provides minimal security.

Simple

This method uses a login user name and password to authenticate. It is treated as anonymous if no user name and password are provided.

CRAM-MD5

Challenge/Response Authentication Mechanism using Message Digest 5. This method provides reasonable security against various attacks, including replay.

SASL

Simple Authentication and Security Layer. This method adds authentication support to connection-based protocols. Specify parameters for this type of authentication with the Extra Provider Parameters option.

This parameter is not configurable through the population wizard.
source_ldap_collect_dns_file
Name of the file used to collect distinguished names (DNs) by the collect_dns.bat/sh process from the source. This is then used during population by the populate_from_dn_file.bat/sh processes to look up entries to add to the database repository. This file can also be constructed by hand to populate an explicit set of users. Default is collect.dns. This parameter is not configurable through the population wizard.
source_ldap_escape_dns
Indicates that special characters were not escaped properly and identifies them so the processor can find those characters and escape them. The following characters are the special characters:

, (comma)
= (equals)
+ (plus)
< (less than)
> (greater than)
# (number sign)
; (semicolon)
\ (backslash)
" (Quotation mark)

The backslash is used to escape special characters. A plus sign is represented by \+ and a backslash is represented by \\. if the distinguished names contains these special characters and you receive errors when the collect_dns/populate_from_dn_file processruns, set this property to true so the characters are escaped. Default is false. This parameter is not configurable through the population wizard.
source_ldap_ required_dn_regex
Allow a regular expression to be used to limit the distinguished names (DNs) which are processed by providing a regular expression, which must be matched. If the regular expression is not matched, that particular record is skipped. Although the search filter property gives some flexibility, we can use a more powerful regular expression when needed. A default value is not specified. This parameter is not configurable through the population wizard.
source_ldap_sort_attribute Sort Attribute Specifies server side sorting. This parameter instructs the LDAP server to sort entries that match the search base on the specified field name. Server side sorting is an LDAP extension. The iterating directory must be able to support this sorting extension. A default value is not specified. This parameter is not configurable through the population wizard.
source_ldap_iterate_with_filter
This property should be used if the size of the data to be retrieved from LDAP exceeds the search limit from the LDAP. For example, if the search parameters return 250K records but the LDAP allows only 100K to be returned at a time, use this parameter. If the data is too large, an LDAP size limit exceeded error message is generated. When set to true, this attribute specifies the default iteration assembly line use the collect_ldap_dns_generator.js file to iterate over a set of LDAP search bases and filters. The cconfig setting replaces the sync_all_dns_forLarge and collect_dns_iterate scripts used in earlier releases. This parameter is not configurable through the population wizard. Default is false.
source_ldap_binary_attributes Binary Attributes By default, this property is set internally to GUID, objectGUID, objectSid, sourceObjectGUID. Any additional values specified in the property are appended to the list. This parameter is not configurable through the population wizard. Default is GUID.
source_ldap_time_limit_seconds Time Limit Maximum number of seconds that can be used when searching for entries; 0 = no limit. This parameter is not configurable through the population wizard. Default is 0.
source_ldap_map_functions_file
Location of any referenced function mappings. When we are using the population wizard, the functions that are shown in the mapping dialog are read from and written to this file. Default is profiles_functions.js.
source_ldap_logfile
In addition to the standard logs/ibmdi.log file, output from the populate_from_dn_file.bat or populate_from_dn_file.sh task is written to this file. This parameter is not configurable through the population wizard. Default is logs/PopulateDBFromSource.log.
source_ldap_compute_function_for_givenName
Connections allows JavaScript functions for setting values of common LDAP fields such as cn, sn, givenName to run before Connections performs its mapping. For example, sn and givenName can be parsed from cn (common name). This parameter is not configurable through the population wizard. A default value is not specified.
source_ldap_compute_function_for_sn
Connections allows JavaScript functions for setting values of common LDAP fields such as cn, sn, givenName to run before Connections performs its mapping. For example, sn and givenName can be parsed from cn (common name). This parameter is not configurable through the population wizard. A default value is not specified.
source_ldap_collect_updates_file This property is no longer used.
source_ldap_manager_lookup_field This property is no longer used.
source_ldap_secretary_lookup_field This property is no longer used.

Mproperties in the TDI LDAP connector are not mapped to Profiles Tivoli Directory Integrator properties. To configure properties other than the ones listed here, we can use a different source repository and create our own specialized configuration. Use the LDAP iterator and the connectors provided with the TDI solution directory as a starting point.
The following properties are associated with the Profiles database repository.
Set the following properties in profiles_tdi.properties, even if we are developing our own assembly lines with the connectors provided in the Profiles TDI solution directory. These properties are not configured in the Connector panels, but rather in profiles_tdi.properties.

Property TDI parameter Definition
dbrepos_jdbc_driver JDBC Driver
Required.
The JDBC driver implementation class name used to access the Profiles database repository.
For DB2, the default is com.ibm.db2.jcc.DB2Driver. For example:
dbrepos_jdbc_driver=com.ibm.db2.jcc.DB2Driver

For Oracle, the default is oracle.jdbc.driver.OracleDriver. For example:
dbrepos_jdbc_driver=oracle.jdbc.driver.OracleDriver

For a Microsoft SQL Server database, change the value to reference a SQL Server driver, for example:
dbrepos_jdbc_driver=com.microsoft.sqlserver.jdbc.SQLServerDriver

This corresponds to the JDBC driver path in the population wizard. If not using the wizard, this library must be present in the CLASSPATH of TDI. Otherwise, TDI cannot load the library when initializing the Connector and cannot communicate with the Relational Database (RDBMS).
To install a JDBC driver library so that TDI can use it, copy it into the TDI_install_dir/jars directory, or a subdirectory such as TDI_install_dir/jars/local.
dbrepos_jdbc_url JDBC URL
Required. JDBC web address used to access the Profiles database repository. You must modify the host name portion and port number to reference the server information. We can find this information by accessing the WAS Administration Console (http://yourhost:9060), and then selecting Resources > JDBC > Data sources > profiles. The default syntax is for DB2, unless using the wizard, but the default uses a local host. If the DB2 is not on the same system as the TDI solution directory, update the URL with the host name.
For an Oracle database, use the following syntax:
dbrepos_jdbc_url=jdbc:oracle:thin:@<host_name>:1521:orcl

For a SQL Server database, use the following syntax:
dbrepos_jdbc_url=jdbc:sqlserver://<host_name>:1433;databaseName=PEOPLEDB

dbrepos_username User name Required. User name under which the database tables, which are part of the Profiles database repository, are accessed.
dbrepos_password Password Required. Password associated with the user name under which the database tables, which are part of the Profiles database repository, are accessed.
dbrepos_mark_manger_if_referenced
This property is no longer used.

The following properties are associated with the task that monitors the Profiles employee draft table for changes and transmits them through a DSML v2 connector.

Property TDI parameter Definition
monitor_changes_dsml_server_authentication Type of authentication used by the DSML server update requests.

HTTP basic authentication

A method designed to allow a web browser, or other client program, to provide credentials when making a request. The credentials are in the form of a user name and password.

Anonymous

This method provides minimal security.

monitor_changes_dsml_server_url Required if we are transmitting user changes back to the source repository. Web address of the DSML server to which the DSML update requests are sent.
monitor_changes_dsml_server_username Required if we are transmitting user changes back to the source repository. User name used for authentication to the DSML server.
monitor_changes_dsml_server_password Required if we are transmitting user changes back to the source repository. Password used for authentication to DSML server the DSML update requests are sent to.
monitor_changes_map_functions_file
Path to the file containing mapping functions for mapping from a changed database field to a source. for example LDAP field. This file is only needed if changes made to the source based on database repository field changes are not mapped one-to-one. We can use the same file that you use to map from source to database repository fields, assuming the functions are named appropriately.
monitor_changes_sleep_interval
Polling interval, in seconds, between checks for more changes when no changes exist.

The following properties are associated with the TDI processing that reads a Tivoli Directory Server change log and subsequently updates the database repository with those changes.

Property TDI parameter Definition
ad_changelog_ldap_url
LDAP web address used to access the LDAP system updated. For example:
ldap://host:port

ad_changelog_ldap_user_login
Login user name to use to authenticate with an LDAP system updated. We can leave this blank if no authentication is needed.
ad_changelog_ldap_user_password
Login user name to use to authenticate with an LDAP updated. We can leave this blank if no authentication is needed. The value will be encrypted in the file the next time it is loaded.
ad_changelog_ldap_search_base

ad_changelog_ldap_use_ssl

Define whether to use SSL in authenticating with an LDAP system updated. The options are true and false.
ad_changelog_timeout
ad_changelog_sleep_interval Polling interval, in seconds, between checks for more changes when no changes exist.
ad_changelog_use_notifications Indicates whether to use change log notifications rather than polling. If true, the tds_changelog_sleep_interval is not applicable since polling is not used. The options are true and false.
ad_changelog_ldap_page_size
ad_changelog_start_at Change number in the Active Directory change log to start at. Typically this is an integer, while the special value EOD means start at the end of the change log.
ad_changelog_ldap_ required_dn_regex.
tds_changelog_ldap_authentication_method Authentication Method
Authentication method used to connect to LDAP to read records. Options include the following:

Anonymous

This method provides minimal security.

Simple

This method uses a login user name and password to authenticate. It is treated as anonymous if no user name and password are provided.

CRAM-MD5

Challenge/Response Authentication Mechanism using Message Digest 5. This method provides reasonable security against various attacks, including replay.

SASL

Simple Authentication and Security Layer. This method adds authentication support to connection-based protocols. Specify parameters for this type of authentication using the Extra Provider Parameters option.

tds_changelog_ldap_changelog_base ChangelogBase
Change log base to use when iterating through the changes. This is typically cn=changelog.
tds_changelog_ldap_time_limit_seconds Time Limit
Search for entries must take no more than this number of seconds; 0 = no limit.
tds_changelog_ldap_url LDAP URL
LDAP web address used to access the LDAP system updated. For example:
ldap://host:port

tds_changelog_ldap_use_ssl Use SSL
Define whether to use SSL in authenticating with an LDAP system updated. The options are true and false.
tds_changelog_ldap_user_login Login user name
Login user name to use to authenticate with an LDAP system updated. We can leave this blank if no authentication is needed.
tds_changelog_ldap_user_password Login password Login user name to use to authenticate with an LDAP updated. We can leave this blank if no authentication is needed. The value will be encrypted in the file the next time it is loaded.
tds_changelog_sleep_interval Polling interval, in seconds, between checks for more changes when no changes exist.
tds_changelog_start_at_changenumber Change number in the Tivoli Directory Server change log to start at. Typically the number is an integer, while the special EOD value means start at the end of the change log.
tds_changelog_use_notifications
Indicates whether to use change log notifications rather than polling. If true, the tds_changelog_sleep_interval is not applicable since polling is not used. The options are true and false.

The following properties are available in profiles_tdi.properties and are associated with TDI debug activities.
The debug properties enable TDI debugging for an entire assembly. In addition, enabling debug_update_profile, which enables debugging for the commands that use the Profiles Connector, also enables Java debugging for the following packages.

log4j.logger.com.ibm.lconn.profiles.api.tdi=ALL
log4j.logger.com.ibm.lconn.profiles.internal.service=ALL
log4j.logger.java.sql=ALL

The following properties are not configurable when we use the population wizard.
Property TDI parameter Definition
sync_all_dns

debug_managers Flag that instructs TDI to log more debug information for the following commands. The options are true and false. To enable, set as debug_managers=true. This property maps :
debug_managers
mark_managers

The default setting is false.
debug_photos Flag that instructs TDI to log more debug information for the following commands. The default setting is false. This property maps :
debug_photos
load_photos_from_files
dump_photos_to_files

debug_pronounce Flag that instructs TDI to log more debug information for the following commands. The default setting is false. This property applies to the following commands:
debug_pronounce
load_pronounce_from_files,
dump_pronounce_to_files

debug_fill_codes

Flag that instructs TDI to log more debug information for the following commands. The default setting is false. This property applies to the following commands:
debug_fill_codes
fill_country
fill_department
fill_emp_type
fill_organization
fill_worklok

debug_draft
Flag that instructs TDI to log more debug information for the following commands. The default setting is false. This property applies to the following commands:
debug_draft process_draft_updates reset_draft_iiterator_state set_draft_iterator_count
debug_update_profile
Flag that instructs TDI to log more debug information for the following commands. The default setting is false. This property applies to the following commands:
debug_update_profile
    populate_from_dn_file
    delete_or_inactivate_employees
    populate_from_xml_file
    process_ad_changes
    process_tds_changes
debug_collect
Flag that instructs TDI to log more debug information for the following commands. The default setting is false. This property applies to the following commands:
debug_collect
    collect_dns
debug_special
Flag that instructs TDI to log more debug information for the following commands. The default setting is false. This property applies to the following commands:
debug_special
    unused at present 
trace_profile_tdi_javascript Enable generation of an internal JavaScript trace file. Options are OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE, ALL (values are not case-sensitive). The default setting is OFF.
Parent topic:
Populate peopledb

Related:

Populate peopledb. sync_all_dns
Use a custom source repository connector
Develop custom TDI assembly lines for Profiles
Profiles population wizard
Create an iterator connector
Update Profiles when changing LDAP directory
Supplemental user data for Profiles
The tdisettings.properties file

LDAP property	TDI parameter	Definition
source_ldap_url	LDAP URL host name and LDAP URL Port	Required. The LDAP web address used to access the source LDAP system. The port is required and is typically 389 for non-SSL connections. Express this value in the form of... ldap://myservername.com:389 For the population wizard, this property is configured with the LDAP server name and LDAP server port on the LDAP server connection page. The LDAP query constructed from the source URL, search base, and search filter are stored in a source url property, which can be used to segment the Profiles database user set during synchronization. Using different values for this property, which may be equivalent (for example referencing the LDAP server by IP address or DNS name) is not advised.
source_ldap_use_ssl	LDAP URL Use SSL connection	Required if we are using SSL to authenticate. Set to either true or false. Set to true if we are using SSL (for example if we are using port 636 in the LDAP URL). Default is false. For the population wizard, this property is configured with the Use SSL communication check box on the LDAP server connection page.
source_ldap_user_login	Login user name	Login user name used for authentication. We can leave this blank if no authentication is required. For the population wizard, this property is configured in the Bind distinguished name (DN) field on the LDAP authentication properties page.
source_ldap_user_password	Login password	Login password used for authentication. Leave this blank if no authentication is required. The value will be encrypted in the file the next time it is loaded. For the population wizard, this property is configured in the Bind password field on the LDAP authentication properties page.
source_ldap_search_base or source_ldap_user_search_base	Search Base	The search base (the location from where the search begins) of the iterating directory. The search begins at this point in the LDAP directory structure and searches all records underneath. This must be a distinguished name. Most directories require a search base, and as such it must be a valid distinguished name. Some directory services allow you to specify a blank string, which defaults to whatever the server is configured to do. A default value is not specified. For the population wizard, this property is configured in the LDAP user search base field on the LDAP page.
source_ldap_search_filter or source_ldap_user_search_filter	Search Filter	Search filter used when iterating the directory. This filter determines which objects are included or excluded in the search. For the search base and the specified search filter properties do not allow you to adequately construct the search set, use the source_ldap_ required_dn_regex property. Search filters are used by those directories to select entries from which data is retrieved from a search operation. Search filters as they can affect performance of the directory that is being searched, so choose carefully. The directory server schema that is being queried can affect performance. A default value is not specified. For the population wizard, this field is called LDAP user search filter and is located in the LDAP authentication properties page.
source_ldap_sort_page_size	Page size	If specified, the LDAP Connector tries to use paged mode search. Paged mode causes the directory server to return a specific number of entries (called pages) instead of all entries in one chunk. Not all directory servers support this option. Default is 0, which indicates that paged mode is disabled. Default is 0. This parameter is not configurable when we are using the population wizard.

source_ldap_authentication_method	Authentication Method	Anonymous This method provides minimal security. Simple This method uses a login user name and password to authenticate. It is treated as anonymous if no user name and password are provided. CRAM-MD5 Challenge/Response Authentication Mechanism using Message Digest 5. This method provides reasonable security against various attacks, including replay. SASL Simple Authentication and Security Layer. This method adds authentication support to connection-based protocols. Specify parameters for this type of authentication with the Extra Provider Parameters option. This parameter is not configurable through the population wizard.
source_ldap_collect_dns_file		Name of the file used to collect distinguished names (DNs) by the collect_dns.bat/sh process from the source. This is then used during population by the populate_from_dn_file.bat/sh processes to look up entries to add to the database repository. This file can also be constructed by hand to populate an explicit set of users. Default is collect.dns. This parameter is not configurable through the population wizard.
source_ldap_escape_dns		Indicates that special characters were not escaped properly and identifies them so the processor can find those characters and escape them. The following characters are the special characters: , (comma) = (equals) + (plus) < (less than) > (greater than) # (number sign) ; (semicolon) \ (backslash) " (Quotation mark) The backslash is used to escape special characters. A plus sign is represented by \+ and a backslash is represented by \\. if the distinguished names contains these special characters and you receive errors when the collect_dns/populate_from_dn_file processruns, set this property to true so the characters are escaped. Default is false. This parameter is not configurable through the population wizard.
source_ldap_ required_dn_regex		Allow a regular expression to be used to limit the distinguished names (DNs) which are processed by providing a regular expression, which must be matched. If the regular expression is not matched, that particular record is skipped. Although the search filter property gives some flexibility, we can use a more powerful regular expression when needed. A default value is not specified. This parameter is not configurable through the population wizard.
source_ldap_sort_attribute	Sort Attribute	Specifies server side sorting. This parameter instructs the LDAP server to sort entries that match the search base on the specified field name. Server side sorting is an LDAP extension. The iterating directory must be able to support this sorting extension. A default value is not specified. This parameter is not configurable through the population wizard.
source_ldap_iterate_with_filter		This property should be used if the size of the data to be retrieved from LDAP exceeds the search limit from the LDAP. For example, if the search parameters return 250K records but the LDAP allows only 100K to be returned at a time, use this parameter. If the data is too large, an LDAP size limit exceeded error message is generated. When set to true, this attribute specifies the default iteration assembly line use the collect_ldap_dns_generator.js file to iterate over a set of LDAP search bases and filters. The cconfig setting replaces the sync_all_dns_forLarge and collect_dns_iterate scripts used in earlier releases. This parameter is not configurable through the population wizard. Default is false.
source_ldap_binary_attributes	Binary Attributes	By default, this property is set internally to GUID, objectGUID, objectSid, sourceObjectGUID. Any additional values specified in the property are appended to the list. This parameter is not configurable through the population wizard. Default is GUID.
source_ldap_time_limit_seconds	Time Limit	Maximum number of seconds that can be used when searching for entries; 0 = no limit. This parameter is not configurable through the population wizard. Default is 0.
source_ldap_map_functions_file		Location of any referenced function mappings. When we are using the population wizard, the functions that are shown in the mapping dialog are read from and written to this file. Default is profiles_functions.js.
source_ldap_logfile		In addition to the standard logs/ibmdi.log file, output from the populate_from_dn_file.bat or populate_from_dn_file.sh task is written to this file. This parameter is not configurable through the population wizard. Default is logs/PopulateDBFromSource.log.
source_ldap_compute_function_for_givenName		Connections allows JavaScript functions for setting values of common LDAP fields such as cn, sn, givenName to run before Connections performs its mapping. For example, sn and givenName can be parsed from cn (common name). This parameter is not configurable through the population wizard. A default value is not specified.
source_ldap_compute_function_for_sn		Connections allows JavaScript functions for setting values of common LDAP fields such as cn, sn, givenName to run before Connections performs its mapping. For example, sn and givenName can be parsed from cn (common name). This parameter is not configurable through the population wizard. A default value is not specified.
source_ldap_collect_updates_file		This property is no longer used.
source_ldap_manager_lookup_field		This property is no longer used.
source_ldap_secretary_lookup_field		This property is no longer used.

Property	TDI parameter	Definition
dbrepos_jdbc_driver	JDBC Driver	Required. The JDBC driver implementation class name used to access the Profiles database repository. For DB2, the default is com.ibm.db2.jcc.DB2Driver. For example: dbrepos_jdbc_driver=com.ibm.db2.jcc.DB2Driver For Oracle, the default is oracle.jdbc.driver.OracleDriver. For example: dbrepos_jdbc_driver=oracle.jdbc.driver.OracleDriver For a Microsoft SQL Server database, change the value to reference a SQL Server driver, for example: dbrepos_jdbc_driver=com.microsoft.sqlserver.jdbc.SQLServerDriver This corresponds to the JDBC driver path in the population wizard. If not using the wizard, this library must be present in the CLASSPATH of TDI. Otherwise, TDI cannot load the library when initializing the Connector and cannot communicate with the Relational Database (RDBMS). To install a JDBC driver library so that TDI can use it, copy it into the TDI_install_dir/jars directory, or a subdirectory such as TDI_install_dir/jars/local.
dbrepos_jdbc_url	JDBC URL	Required. JDBC web address used to access the Profiles database repository. You must modify the host name portion and port number to reference the server information. We can find this information by accessing the WAS Administration Console (http://yourhost:9060), and then selecting Resources > JDBC > Data sources > profiles. The default syntax is for DB2, unless using the wizard, but the default uses a local host. If the DB2 is not on the same system as the TDI solution directory, update the URL with the host name. For an Oracle database, use the following syntax: dbrepos_jdbc_url=jdbc:oracle:thin:@<host_name>:1521:orcl For a SQL Server database, use the following syntax: dbrepos_jdbc_url=jdbc:sqlserver://<host_name>:1433;databaseName=PEOPLEDB
dbrepos_username	User name	Required. User name under which the database tables, which are part of the Profiles database repository, are accessed.
dbrepos_password	Password	Required. Password associated with the user name under which the database tables, which are part of the Profiles database repository, are accessed.
dbrepos_mark_manger_if_referenced		This property is no longer used.

Property	TDI parameter	Definition
monitor_changes_dsml_server_authentication		Type of authentication used by the DSML server update requests. HTTP basic authentication A method designed to allow a web browser, or other client program, to provide credentials when making a request. The credentials are in the form of a user name and password. Anonymous This method provides minimal security.
monitor_changes_dsml_server_url		Required if we are transmitting user changes back to the source repository. Web address of the DSML server to which the DSML update requests are sent.
monitor_changes_dsml_server_username		Required if we are transmitting user changes back to the source repository. User name used for authentication to the DSML server.
monitor_changes_dsml_server_password		Required if we are transmitting user changes back to the source repository. Password used for authentication to DSML server the DSML update requests are sent to.
monitor_changes_map_functions_file		Path to the file containing mapping functions for mapping from a changed database field to a source. for example LDAP field. This file is only needed if changes made to the source based on database repository field changes are not mapped one-to-one. We can use the same file that you use to map from source to database repository fields, assuming the functions are named appropriately.
monitor_changes_sleep_interval		Polling interval, in seconds, between checks for more changes when no changes exist.

Property	TDI parameter	Definition
ad_changelog_ldap_url		LDAP web address used to access the LDAP system updated. For example: ldap://host:port
ad_changelog_ldap_user_login		Login user name to use to authenticate with an LDAP system updated. We can leave this blank if no authentication is needed.
ad_changelog_ldap_user_password		Login user name to use to authenticate with an LDAP updated. We can leave this blank if no authentication is needed. The value will be encrypted in the file the next time it is loaded.
ad_changelog_ldap_search_base
ad_changelog_ldap_use_ssl		Define whether to use SSL in authenticating with an LDAP system updated. The options are true and false.
ad_changelog_timeout
ad_changelog_sleep_interval		Polling interval, in seconds, between checks for more changes when no changes exist.
ad_changelog_use_notifications		Indicates whether to use change log notifications rather than polling. If true, the tds_changelog_sleep_interval is not applicable since polling is not used. The options are true and false.
ad_changelog_ldap_page_size
ad_changelog_start_at		Change number in the Active Directory change log to start at. Typically this is an integer, while the special value EOD means start at the end of the change log.
ad_changelog_ldap_ required_dn_regex.
tds_changelog_ldap_authentication_method	Authentication Method	Authentication method used to connect to LDAP to read records. Options include the following: Anonymous This method provides minimal security. Simple This method uses a login user name and password to authenticate. It is treated as anonymous if no user name and password are provided. CRAM-MD5 Challenge/Response Authentication Mechanism using Message Digest 5. This method provides reasonable security against various attacks, including replay. SASL Simple Authentication and Security Layer. This method adds authentication support to connection-based protocols. Specify parameters for this type of authentication using the Extra Provider Parameters option.
tds_changelog_ldap_changelog_base	ChangelogBase	Change log base to use when iterating through the changes. This is typically cn=changelog.
tds_changelog_ldap_time_limit_seconds	Time Limit	Search for entries must take no more than this number of seconds; 0 = no limit.
tds_changelog_ldap_url	LDAP URL	LDAP web address used to access the LDAP system updated. For example: ldap://host:port
tds_changelog_ldap_use_ssl	Use SSL	Define whether to use SSL in authenticating with an LDAP system updated. The options are true and false.
tds_changelog_ldap_user_login	Login user name	Login user name to use to authenticate with an LDAP system updated. We can leave this blank if no authentication is needed.
tds_changelog_ldap_user_password	Login password	Login user name to use to authenticate with an LDAP updated. We can leave this blank if no authentication is needed. The value will be encrypted in the file the next time it is loaded.
tds_changelog_sleep_interval		Polling interval, in seconds, between checks for more changes when no changes exist.
tds_changelog_start_at_changenumber		Change number in the Tivoli Directory Server change log to start at. Typically the number is an integer, while the special EOD value means start at the end of the change log.
tds_changelog_use_notifications		Indicates whether to use change log notifications rather than polling. If true, the tds_changelog_sleep_interval is not applicable since polling is not used. The options are true and false.

Property	TDI parameter	Definition
sync_all_dns
debug_managers		Flag that instructs TDI to log more debug information for the following commands. The options are true and false. To enable, set as debug_managers=true. This property maps : debug_managers mark_managers The default setting is false.
debug_photos		Flag that instructs TDI to log more debug information for the following commands. The default setting is false. This property maps : debug_photos load_photos_from_files dump_photos_to_files
debug_pronounce		Flag that instructs TDI to log more debug information for the following commands. The default setting is false. This property applies to the following commands: debug_pronounce load_pronounce_from_files, dump_pronounce_to_files
debug_fill_codes		Flag that instructs TDI to log more debug information for the following commands. The default setting is false. This property applies to the following commands: debug_fill_codes fill_country fill_department fill_emp_type fill_organization fill_worklok
debug_draft		Flag that instructs TDI to log more debug information for the following commands. The default setting is false. This property applies to the following commands: debug_draft process_draft_updates reset_draft_iiterator_state set_draft_iterator_count
debug_update_profile		Flag that instructs TDI to log more debug information for the following commands. The default setting is false. This property applies to the following commands: debug_update_profile populate_from_dn_file delete_or_inactivate_employees populate_from_xml_file process_ad_changes process_tds_changes
debug_collect		Flag that instructs TDI to log more debug information for the following commands. The default setting is false. This property applies to the following commands: debug_collect collect_dns
debug_special		Flag that instructs TDI to log more debug information for the following commands. The default setting is false. This property applies to the following commands: debug_special unused at present
trace_profile_tdi_javascript		Enable generation of an internal JavaScript trace file. Options are OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE, ALL (values are not case-sensitive). The default setting is OFF.