Home

 

Updating Profiles when changing LDAP directory

In the event that you need to change your LDAP – for example, if you are moving from a pilot installation of IBM Lotus Connections to a production installation – you need to synchronize the data stored in profiles with the information in your new LDAP You can run commands that synchronize the user information in Profiles with the user information stored in your new LDAP deployment.


You must ensure that the values of either the distinguished name (DN) or the e-mail address properties in the existing data source match those in the deployment LDAP system. If neither of these properties have matching values, you cannot use the scripts provided with Lotus Connections to synchronize the IDs.


To use the scripts provided with Lotus Connections to synchronize the IDs and update Profiles...

  1. Open the profiles_tdi.properties file from the IBM Tivoli Directory Integrator on the system that hosts the Profiles feature in a text editor, and edit the following properties to match the values of the corresponding properties in the LDAP system:

    • source_ldap_url

    • source_ldap_user_login

    • source_ldap_user_password

    • source_ldap_search_base

    • source_ldap_search_filter

    • source_ldap_use_ssl

    • dbrepos_jdbc_driver

    • dbrepos_jdbc_url

    • dbrepos_username

    • dbrepos_password

    For more information on these properties and how they are used, see Tivoli Directory Integrator properties.

  2. Check that the value of the guid property in the map_dbrepos_from_source.properties file is set to one of the following:

    • Active Directory:

        guid={function_map_from_objectGUID}
        

  3. Tivoli Directory Server:

  4. Lotus Domino Directory:

      guid={function_map_from_dominoUNID}
      

  5. Sun Java™ System Directory Server:

  6. Check if the value of the distinguishedName property in the EMPLOYEE table in the Profiles database is the same as the distinguished name (DN) specified in the LDAP directory, and do one of the following:

    • If the value is the same...

      • Run the following file from the TDI/sample folder:

        Microsoft Windows

        collect_guid_updates.bat

        This program collects each database entry that contains distinguishedName and compares the values of the guid property in the Profiles database with the value returned by mapping the new LDAP values. If the GUID values do not match, it writes the UID and globally unique ID (GUID) values that are different to the collect_employees.in file.

      • Run the following file from the TDI/sample folder to replace any incorrect globally unique identifiers in the Profiles database with the correct values from the LDAP directory:

        Microsoft Windows:

        update_employees_from_file.bat

    • If the value is not the same...

      • Update the value of the distinguishedName property in the map_dbrepos_from_source.properties file to be equal to the distinguished name value in the LDAP by setting it equal to $dn. Update the value of the guid property in the map_dbrepos_from_source.properties file to contain the globally unique identifier defined in the LDAP See Mapping fields manually for information on the specific values to use; this differs depending on the LDAP that you are using.

      • Run the following file from the TDI/sample folder:

        AIX and Linux

        /collect_guid_and_source_uid_updates.sh

        Microsoft Windows:

        collect_guid_and_source_uid_updates.bat

        This program collects each database entry that contains an e-mail value and compares the value of the guid and distinguishedName properties in the Profiles database with the values returned by the LDAP If one or both of the values are not the same, it writes the UID and the values that are different to the collect_employees.in file.

      • Run the following file from the TDI/sample folder to replace the globally unique identifiers in the Profiles database with values from the LDAP directory:

        AIX and Linux:

        /update_employees_from_file.sh

        Microsoft Windows:

        update_employees_from_file.bat


Updating the LDAP directory

 

Related tasks

Map fields manually

 

Related reference


Tivoli Directory Integrator properties


+

Search Tips   |   Advanced Search