WebSphere

 

Portal Express, Version 6.0
Operating systems: i5/OS, Linux, Windows

 

Domino use cases

 

+

Search Tips   |   Advanced Search

 

IBM Lotus Domino integration requires decisions about...

See also: Integrate Lotus Domino with IBM WebSphere Portal Express.

Choices for user directories include...

  1. LDAP other than Lotus Domino
  2. Lotus Domino LDAP
  3. LDAP other than Lotus Domino for portal with Lotus Domino LDAP for Lotus Sametime and Lotus QuickPlace
  4. LDAP other than Lotus Domino for portal with native Lotus Domino directory for Lotus Sametime and Lotus Domino LDAP for Lotus QuickPlace

 

LDAP other than Lotus Domino

You have WebSphere Portal Express installed and in active use.

Your portal site is configured with an LDAP directory other than Lotus Domino (for the purposes of these scenarios, assume IBM Tivoli Directory Server, but any other LDAP has the same considerations) with a substantial user repository in active use.

You intend to integrate collaborative portlets

You want the Lotus Domino portlets to have online awareness features.

You want users to be able to work in portlets without authentication other than logging into the portal: Single sign-on (SSO)

In fact, you may already have SSO enabled on the portal server.

You do not yet have any Domino and Extended Products or servers installed, or if you have them, they are not yet configured for use with the portal.

If you have an existing Lotus Domino server you intend to integrate, make sure that its release is supported before you attempt to use it with the portal.

Install and set up a Lotus Sametime server to support awareness, as well as a Lotus QuickPlace server for team collaboration. We recommend that you configure them to authenticate against the LDAP directory already configured with the portal site.

To enable SSO, configure it as a last task after installing and configuring new servers for Domino and Extended Products, to include all the new servers.

Support for key features in the collaborative portlets such as auto-detection of users' mail files requires additional configuration in this environment.

 

Lotus Domino LDAP

You have installed WebSphere Portal Express

You have no LDAP user directory configured yet.

You intend to integrate collaborative portlets

You want the portlets to have online awareness features, and you want users to be able to work in portlets without authentication other than logging into the portal (that is, you need the SSO feature)

Recommended by IBM, especially for new portal sites, if you intend to make full use of Lotus Domino integration.

If you have WebSphere Portal 6.0.1 or later, this is the environment most suited to configuration with the Domino-WebSphere Portal Express Integration Wizard.

It is a best practice to use the directory configured for Lotus Sametime and Lotus QuickPlace as the directory configured for the portal, and Lotus Domino LDAP is the best choice for Lotus Sametime and Lotus QuickPlace; therefore, in a new site we recommend using Lotus Domino LDAP as the single directory.

 

LDAP other than Lotus Domino for portal with Lotus Domino LDAP for Lotus Sametime and Lotus QuickPlace

You already have a mature installation of Lotus Domino servers including...

Your Lotus Domino servers are upgraded to a release supported by WebSphere Portal Express.

You have newly installed WebSphere Portal Express or have the intention to deploy it. You may even have a mature portal site, but have not yet attempted to integrate it with your Lotus Domino installations.

You intend to integrate collaborative portlets, especially messaging portlets to support your existing Lotus Domino mail and calendar users.

You want the portlets to have online awareness features (your Lotus Domino users are accustomed to Lotus Sametime instant messaging), and you want users to be able to work in portlets without authentication other than logging into the portal (that is, you need the SSO feature).

Your environment is typical of many portal customers who have investments in both directories that must be maintained.

Follow the instructions for installation and integration in the rest of the Domino Integration and Messaging section of the Information center.

For more info on reconciling directories:

 

LDAP other than Lotus Domino for portal with native Lotus Domino directory for Lotus Sametime and Lotus Domino LDAP for Lotus QuickPlace

You already have a mature installation of Lotus Domino servers including any of the following products: Lotus QuickPlace, Lotus Sametime, Domino Web Access (iNotes), Domino Document Manager. Your Lotus Domino servers are upgraded to a release supported by WebSphere Portal Express.

You have newly installed WebSphere Portal Express or have the intention to deploy it. You may even have a mature portal site, but have not yet attempted to integrate it with your Lotus Domino installations.

You have a native Lotus Domino Directory (non-LDAP) in active use. One or more of the following products uses a native Lotus Domino Directory:

You intend to integrate collaborative portlets, especially messaging portlets, to support your existing Lotus Domino mail and calendar users.

You want the portlets to have online awareness features (your users are accustomed to Lotus Sametime instant messaging), and you want users to be able to work in portlets without authentication other than logging into the portal (that is, you need the SSO feature).

Your environment is typical of many customers with mature Lotus Domino installations and an investment in an extensive native Lotus Domino directory who want to integrate portal.

Follow the instructions for installation and integration in the rest of the Domino Integration and Messaging section of the Information center.

To support SSO, reconcile authentication between user identifications in your native Lotus Domino directory and the portal LDAP directory.

For info on reconciling directories...

 

Platform considerations

All platforms Lotus Domino IIOP is used to pre-populate drop-down lists shown when users personalize the collaborative portlets.
Windows Any Lotus Domino data source servers must have HTTP, LDAP, and Lotus Domino IIOP enabled.
Linux Any Lotus Domino data source servers must have HTTP, LDAP, and Lotus Domino IIOP enabled.
i5/OS Any Lotus Domino data source servers must have HTTP and Lotus Domino IIOP enabled, and must use an LDAP user registry.

 

Directory considerations for Lotus Domino LDAP

From the portal perspective, there are two types of Lotus Domino servers:

Because WebSphere Portal Express supports the use of Lotus Domino Directory as an LDAP server, you can set up the portal to use a Lotus Domino server as the user repository for users who access both the portal and any portlets that access Lotus Domino and the Extended Products.

You can use a Lotus Domino server with LDAP enabled both as the user repository for the portal and for auto-detection of users' mail files, unless the portal user repository is so large that you want to use separate machines for performance reasons.

 

Directory considerations for Lotus Sametime and Lotus QuickPlace

If you will be using portlets for Lotus Domino and Lotus Sametime only, the Lotus Sametime user directory can be any supported LDAP (including Lotus Domino) directory, or a native Lotus Domino directory.

But it is recommended that Lotus Sametime use the same directory as the one configured for the portal, to avoid the additional configuration necessary to support both directories.

If you will be using portlets for Lotus Domino, Lotus Sametime, and Lotus QuickPlace, the Lotus Sametime user directory must be an LDAP directory and Lotus QuickPlace must share that directory. This is a requirement to get awareness and online meetings working within Lotus QuickPlace.

For an LDAP other than Lotus Domino, such as Tivoli Directory Server to work properly with Lotus QuickPlace, modify the qpconfig.xml file on the Lotus QuickPlace server as part of its server setup. This is an additional task to those described in Integrating the Lotus QuickPlace server and portlets.

 

Security

IBM recommends implementing SSL

If you will use Lotus Sametime and Lotus QuickPlace together, and you enable SSL on one of the servers, also enable it on the other server.

If your site will use IBM Tivoli Access Manager for e-business or Computer Associates eTrust SiteMinder for additional security, set up such protection on servers in the following order...

If you use eTrust SiteMinder, portlets such as Lotus Notes View will be unable to take advantage of features supported by DIIOP.

If your site will use Tivoli Access Manager or another reverse proxy, or a load balancer, when installing Lotus Sametime, select the option...

Allow HTTP Tunneling on a Lotus Sametime server with a single IP address

With this option selected, all Lotus Sametime client data, except A/V data, is tunneled to the Lotus Sametime server via HTTP on port 80. You also may need to enable this option if Lotus Sametime clients must connect to the server through a network that blocks TCP communications on ports 8081 and 1533.

 

User authentication through Single Sign-On

SSO between the Lotus Domino environment and the portal environment allows users to log in to the portal, and then work in any of the collaborative portlets without having to authenticate a second time.

The following portlets require single-on support:

SSO is also required if you use a mix of Lotus Sametime and Lotus QuickPlace portlets with both servers.

A Web SSO configuration document must exist for each Lotus Domino domain that includes Lotus Domino servers. This document is replicated to all servers participating in an SSO domain, and is encrypted with a shared secret key used by servers for authenticating user credentials.

Create an LTPA key from WebSphere Application Server, and then import the key into each Lotus Domino domain.

Install and configure all servers prior to enabling SSO. For example, install and configure Lotus QuickPlace and Lotus Sametime before you enable SSO.

If you complete the required SSO configuration between the Lotus Domino environment and portal environment, there is no procedure to disallow automatic login for a specific user. For example, if user A logs in to the portal, user A will always be logged in to the Lotus Domino environment.

If there is an LDAP directory server other than Lotus Domino in place, for example Tivoli Directory Server, you could employ several strategies to integrate it with a native Lotus Domino Directory and therefore achieve single sign-on and awareness across any collaborative portlets your organization uses. The Lotus Domino Directory Assistance functionality may provide a solution for name mapping across LDAP directories. Even when your organization, as a matter of policy, manages modifications primarily through an existing non-Lotus Domino LDAP directory, schema in the non-Lotus Domino directory can be customized and then work in concert with Directory Assistance, which can manage the name mapping for collaborative applications.

See also:

 

Performance considerations

To use a Lotus Domino LDAP server as the user repository for the portal, install portal on a separate machine from the Lotus Domino LDAP server configured to support collaborative features in the portlets.

The Lotus Domino LDAP server for the portal user directory should reside on a machine that is dedicated to serving the portal environment and all its users.

For i5/OS IBM recommends that the Lotus Domino server reside on the same i5/OS server as WebSphere Portal Express.

 

Performance

If you will use Lotus Sametime and Lotus QuickPlace together, install these servers on separate machines, and configure both servers to use the same LDAP directory.

 

People Finder considerations

Configuration of Member Manager, a component used to manage the common user repository of the portal, is a prerequisite for the People Finder portlet, which searches for people in the repository.

 

Parent topic:

Information roadmap: Domino Integration

 

Related concepts

Domino-WebSphere Portal Express Integration wizard overview
Planning names for servers and users in a Lotus Domino site
Single sign-on
Overview of cooperative portlets

 

Related reference

Member Manager and People Finder