+

Search Tips   |   Advanced Search

Additional steps if WebSphere Portal and Lotus Quickr authenticate with different LDAP directories


If IBM WebSphere Portal authenticates against a non-Domino LDAP directory and IBM Lotus Quickr authenticates against Domino LDAP, follow the steps described here to synchronize users' names in the directories.

  1. Configure the LDAP directory on the Lotus Quickr server by updating an attribute in LDAP with the Alias Name:

    1. Synchronize the user name and password for each user in the Domino Directory with the values that WebSphere Portal uses to authenticate users.

      For example, if the WebSphere Portal user directory is IBM Directory Server (IDS), and a user's Distinguished Name (DN) from IDS is:

      uid=tuser,cn=users,dc=acme,dc=com

      add the following to the Short Name field of the Person document for that user in Domino:

      uid=tuser/cn=users/dc=acme/dc=com

      Following the example used here, the Person document fields would contain the values shown in the following table:

      Field Value
      First name Test
      Middle name  
      Last name User
      User name

      Test User/acme
      Test User

      Short name tuser uid=tuser/cn=users/dc=acme=dc=com

      Save and close the document.

    2. Shut down the LDAP task, then update the Domino Directory views for the settings to take effect. Run the following commands from the Domino Server console:

      tell ldap q
      load updall names.nsf -r

      After the previous tasks complete, run this command:

      load ldap

      At this point, you should be able to run the following LDAP search command and receive Test User's results:


      ldapsearch -h ldapserver.domain.com -D <bind user if necessary>
      -w <bind user's password> -b <baseDN> uid=uid=tuser/cn=users/dc=acme/dc=com

  2. Update the notes.ini file:

    1. Add the following setting and include whatever prefixes you need, separated by a semicolon. In the following example, only uid= is required:

      QuickPlaceRemapDN=uid=;cn=

    2. Comment out or remove the following:


      DisableUserCacheForUrl=/QuickPlace/
      DisableUserLookupForUrl=/QuickPlace/

  3. Update the qpconfig.xml file:

    1. In this section:


      <user_directory>
      <schema>

      Add this:

      <do_not_deref_for_groups enabled="true"/>

    2. In this section:


      <user_directory>
      <schema>
      <search_filters>

      Add this:


      <alias_lookup>
      <![CDATA[
      (&(objectclass=person)(uid={0}))
      ]]&gt;
      </alias_lookup>

      uid is configurable; if we add the alias name to a field other than Shortname in the LDAP directory, for example the ltpa user name field in the person document, you would use that field here (&(objectclass=person)(ltpa-usrnm={0})). With a Domino LDAP directory, uid/shortname field is a multi-value field, and provides the best performance.


Parent: Configure SSO between WebSphere Portal and Lotus Quickr services for Domino