Portal, Express Beta Version 6.1 Operating systems: i5/OS, Linux,Windows

Reconciling single sign-on across Lotus Domino and another LDAP directory

When the portal authenticates against a non-Lotus Domino LDAP user directory such as IBM^® Tivoli^® Directory Server, and Lotus^® Collaborative Services authenticates against a Lotus Domino LDAP directory, administrators must perform tasks to synchronize names across the directories to support single sign-on.

1. Select one of the following methods to modify the site. The first method is the responsibility of the portal LDAP administrator, and the second method is the responsibility of the Lotus Domino LDAP administrator, but the Lotus Domino administrator may be able to assist the portal administrator with the second method.

   1. Extend the schema of the non-Lotus Domino LDAP directory to include the following attributes:

      mailserver=mailserver.domain.com
      mailfile=mail/usermail.nsf

   2. Set up Domino Directory Assistance. The administrator does this by creating a Domino Directory Assistance database (da.nsf) on the Lotus Domino LDAP server. For more information, see Directory Assistance in the Domino 7 Administration Help.
2. Run an agent on the Lotus Domino LDAP server to populate all Person documents in the Domino Directory database (names.nsf), with a field value corresponding to the distinguished name (DN) of each user in the portal LDAP directory.

   For example, if the portal user LDAP directory is Tivoli Directory Server, and a user's distinguished name in the portal is: uid=wpsadmin,cn=users,dc=acme,dc=com then the agent needs to add uid=wpsadmin/cn=users/dc=acme/dc=com to the User Name field of the Person document.