Domino-WebSphere Portal Integration wizard overview
The Domino-WebSphere Portal Integration wizard configures...
- IBM Lotus Domino LDAP
- IBM Lotus Domino messaging server
- IBM Lotus Domino application server
- IBM Lotus Sametime server
...to support messaging and Sametime portlets...
- Domino Web Access
- Lotus Notes View
- Sametime Contact List
- Who Is Here
If your environment is a dual directory-type site that uses...
- Microsoft Active Directory as an LDAP user registry
- Domino Directory for messaging
...use the Lotus Domino Active Directory Synchronization Tool (ADSync) as a bridge to connect Active Directory and Domino. Once you set up ADSync, you can run the Domino-WebSphere Portal Integration wizard.
The wizard does not work with...
- Any other LDAP directories
- Federated LDAP
- Portal configured with Computer Associates eTrust SiteMinder.
The wizard performs the following tasks on your behalf, eliminating manual procedures:
| Task that the wizard performs | Server that is configured |
|---|---|
| Lotus Domino configuration task | WebSphere Portal server |
| Bind user configuration | WebSphere Portal server |
| Server task enablement: DIIOP | Domino messaging server(s) |
| Single Sign-On (SSO) configuration | All Domino servers |
| Lotus Sametime server trust configuration | Lotus Sametime server |
Prerequisites for the Domino-WebSphere Portal Integration wizard
Your existing Domino and portal configuration must fit the following description in order for your organization to use the wizard. The wizard can identify all Domino servers in your domain for integration, so know all servers you want to include.
- You must already have installed and set up the Domino servers you want to use the wizard to integrate into your portal site.
The features of Domino and Sametime that you want to use in WebSphere Portal must also be working on the Domino servers before integration into the portal site. You must have a Domino LDAP directory working, mail databases in place and users with access to them, Sametime awareness, chatting, and conferencing working on your Sametime server, and the Domino Web Access client also working with Sametime awareness.CAUTION:If you already have a Web SSO configuration on your Domino servers, be sure to see the section below on Considerations for existing Web SSO environments before running the wizard.
- All Domino servers (LDAP, messaging, and the underlying server on the Sametime server) must be at least release 7.0.1. WebSphere Portal must not be configured with clusters.
i5/OS: All Domino servers (LDAP, messaging and the underlying server on the Sametime server) must be at least release 7.0.2 with Cumulative Fix Pack 1.
- To use Active Directory as an LDAP user registry while using Domino Directory for messaging install and initialize ADSync before you run the Domino-WebSphere Portal Integration wizard.
ADSync is included with the IBM Lotus Domino Administrator client as an installation option but is not installed by default. For detailed instructions on installation and setup, see the developerWorks article, Integrating IBM Lotus Domino Directory with Microsoft Active Directory using ADSync.
- The LDAP task must be running on your Lotus Domino Directory server.
- All servers must be behind the same Internet security firewall, in the same Internet domain, and if they are Domino servers, in the same Domino domain.
- Security must be enabled on your portal server with the Domino LDAP server.
IBM recommends that you enable security by running the WebSphere Portal configuration wizard. The portal configuration wizard is located on your portal server. See Related information for details on running the portal configuration wizard.
If you choose not to run the portal configuration wizard, make sure that security has been manually enabled on your portal server.
- All Domino servers on which you intend to run the wizard must be running the HTTP server task so that the wizard can communicate over HTTP.
For more information, see Related tasks for the topic on starting the DIIOP and HTTP tasks automatically on the Domino server.
- The user who runs the wizard must provide an ID that is recognized as an Administrator in the Server document in the Domino Directory (NAMES.NSF) file on the Domino LDAP server.
For details, see the topic on planning names under Related tasks.
- If you plan to use the wizard to integrate a Sametime server, the server must have an HTTP port specified. Specifying an HTTPS port as well allows for secure transmission of the LTPA token that the wizard copies.
Considerations for existing Web SSO environments
The wizard creates a fresh Web SSO (Single Sign-On) environment for all the Domino servers in your Domino domain that you choose to configure.
If your installation of Domino is new, or if your existing Domino and Sametime servers have no Web SSO documents in their Domino Directory applications (NAMES.NSF files), no further action is needed and you are ready to run the wizard.
If you do have one or more existing Web SSO documents, refer to the following checklist to evaluate whether your site is ready to run the wizard. The technote listed below under Related information explains how to locate and examine the Web SSO document.
- If you have an existing Web SSO document in your Domino Directory (NAMES.NSF), check to see whether it has the name LtpaToken.
If all Web SSO documents in your domain have other names, no further action is needed and you are ready to run the wizard. The wizard creates a document with this exact name and will not affect your existing documents with other names.
- If the document is called LtpaToken, check to see whether there are any copies of it on other Domino servers in your Domino domain that have different content
For example with different servers listed in the document). The Web SSO document should always be created by replication so that its content is identical on all Domino servers. If you have documents with differing content, correct the configuration before you can run the wizard. For instructions, see the technote.
- If the document is called LtpaToken and has the same content on all servers, check to see whether it was created by the Sametime server.
A document created by the Sametime server before Web SSO is configured in Domino cannot be used with the wizard, and correct this configuration. For instructions, see the technote.
- If the document is called LtpaToken, has the same content on all servers, and was not created by Sametime, check to see whether it was created by a different Domino administrator than the one who will run the wizard. You need to correct this configuration; for instructions, see the technote.
- If the document meets all the conditions above, but you do not plan to configure all the Domino servers currently listed in it, correct this configuration to list only the servers you plan to use with the wizard. For instructions, see the technote.
- Otherwise, your environment is probably ready to run the wizard, but see the technote if you have concerns.
Related concepts
Planning names for servers and users in a Domino siteConfigure WebSphere Portal with the configuration wizard
Related tasks
Start the DIIOP and HTTP tasks automatically on the Domino serverRun the Domino-WebSphere Portal Integration wizard
Related information
IBM Support Technical Note #1256149: Domino-Portal Integration Wizard unable to create a working Web Single Sign-On environmentIntegrating Domino Directory with Microsoft Active Directory using ADSync