Domino-WebSphere Portal Integration wizard overview

The Domino-WebSphere Portal Integration wizard configures...

• Lotus Domino LDAP
• Lotus Domino messaging/appservers
• IBM Lotus Sametime server

...to support messaging and Lotus Sametime portlets...

• Domino Web Access
• Lotus Notes View
• Sametime Contact List
• Who Is Here

For dual directory-type sites that use Microsoft Active Directory as an LDAP user registry and Lotus Domino Directory for messaging, you can use the Lotus Domino Active Directory Synchronization Tool (ADSync) as a bridge to connect AD and Domino, keeping AD users and groups in synch with Domino Directory users and groups. After running ADSync, you can run the Domino-WebSphere Portal Integration wizard.

The wizard does not work with any other LDAP directories, federated LDAP, or a portal configured with eTrust SiteMinder.

The wizard performs the following tasks...

Task	Server configured	Equivalent manual procedure
Lotus Domino configuration task	WebSphere Portal server	Configure portal to recognize Lotus Domino and Collaborative Services
Bind user configuration task	WebSphere Portal server	Configure a binding user ID for Collaborative Services
Server task enablement: DIIOP	Lotus Domino messaging/appservers	Configure automatic DIIOP and HTTP tasks on the Lotus Domino server
Single Sign-On (SSO) configuration	All Lotus Domino servers	Configure single sign-on between WebSphere Portal and Lotus Domino
Lotus Sametime server trust configuration	Lotus Sametime server	Configure trust for the Sametime Contact List portlet

Prerequisites for the Domino-WebSphere Portal Integration wizard

Your existing Domino and portal configuration must fit the following description in order for your organization to use the wizard. The wizard can identify all Lotus Domino servers in your domain for integration, so know all servers you want to include.

• You must already have installed and set up the Lotus Domino servers.

  Domino and Sametime features that you want to use in WebSphere Portal must also be working before integration. You must have a Lotus Domino LDAP directory working, mail databases in place and users with access to them, Lotus Sametime awareness, chatting, and conferencing working on your Lotus Sametime server, and the Domino Web Access client also working with Lotus Sametime awareness.

  If you already have a Web SSO configuration on your Domino servers, be sure to see the section below on Considerations for existing Web SSO environments before running the wizard.

• All Lotus Domino servers...
  • LDAP
  • messaging/application
  • Lotus Sametime server

  ... must be at least release 7.0.1. WebSphere Portal must not be configured with clusters.

  For i5/OS all Lotus Domino servers must be at least release 7.0.2 with Cumulative Fix Pack 1.

• To use Active Directory as an LDAP user registry while using Lotus Domino Directory for messaging, install and initialize ADSync before running the Domino-WebSphere Portal Integration wizard.

  ADSync is included with the Lotus Domino Administrator client as an installation option but is not installed by default.

  For detailed instructions on installation and setup, see the developerWorks article...

  Integrate Lotus Domino Directory with Microsoft Active Directory using ADSync

• The LDAP task must be running on your Lotus Domino Directory server.

• All servers must be behind the same Internet security firewall, in the same Internet domain, and if they are Lotus Domino servers, in the same Lotus Domino domain.

• Security must be enabled on the portal server with the Lotus Domino LDAP server. IBM recommends that you enable security by running the WebSphere Portal configuration wizard.

  The portal configuration wizard is located on the portal server.

  If you choose not to run the portal configuration wizard, make sure that security has been manually enabled on the portal server.

• All Lotus Domino servers on which you intend to run the wizard must be running the HTTP server task so that the wizard can communicate over HTTP. For more information, see the topic on starting the DIIOP and HTTP tasks automatically on the Lotus Domino server.

• The user who runs the wizard must provide an ID that is recognized as an Administrator in the Server document in the Domino Directory (NAMES.NSF) file on the Lotus Domino LDAP server.

• If you plan to use the wizard to integrate a Lotus Sametime server, the server must have an HTTP port specified. Specifying an HTTPS port as well allows for secure transmission of the LTPA token that the wizard copies.

Considerations for existing Web SSO environments

The wizard creates a fresh Web SSO (Single Sign-On) environment for all the Lotus Domino servers in your Lotus Domino domain that you choose to configure.

If your installation of Lotus Domino is new, or if your existing Lotus Domino and Lotus Sametime servers have no Web SSO documents in their Domino Directory applications (NAMES.NSF files), no further action is needed and you are ready to run the wizard.

If you do have one or more existing Web SSO documents, refer to the following checklist to evaluate whether your site is ready to run the wizard. Technote #1256149, listed below under Related information, explains how to locate and examine the Web SSO document.

• If you have an existing Web SSO document in your Domino Directory (NAMES.NSF), check to see whether it has the name LtpaToken. If all Web SSO documents in your domain have other names, no further action is needed and you are ready to run the wizard. The wizard creates a document with this exact name and will not affect your existing documents with other names.

• If the document is called LtpaToken, check to see whether there are any copies of it on other Lotus Domino servers in your Lotus Domino domain that have different content (for example, with different servers listed in the document). The Web SSO document should always be created by replication so that its content is identical on all Lotus Domino servers. If you have documents with differing content, correct the configuration before you can run the wizard.

• If the document is called LtpaToken and has the same content on all servers, check to see whether it was created by the Lotus Sametime server. A document created by the Sametime server before Web SSO is configured in Lotus Domino cannot be used with the wizard, and correct this configuration.

• If the document is called LtpaToken, has the same content on all servers, and was not created by Lotus Sametime, check to see whether it was created by a different Lotus Domino administrator than the one who will run the wizard. You need to correct this configuration.

• If the document meets all the conditions above, but you do not plan to configure all the Lotus Domino servers currently listed in it, correct this configuration to list only the servers you plan to use with the wizard.

• Otherwise, your environment is probably ready to run the wizard, but see the technote if you have concerns.

• Running the Domino-WebSphere Portal Integration wizard

  The wizard files are installed with the portal, and you can execute the wizard from a command line. You can also see log files describing the operation of the wizard.

Parent topic:

Integrate with collaboration software

Related information

Integrate Lotus Domino Directory with Microsoft Active Directory using ADSync
IBM Support Technote #1256149: Domino-Portal Integration Wizard unable to create a working Web Single Sign-On environment

---