Reconcile single sign-on across Lotus Domino and another LDAP directory

 

+

Search Tips   |   Advanced Search

 

When the portal authenticates against a non- Lotus Domino LDAP user directory such as IBM Tivoli Directory Server, and Lotus Collaborative Services authenticates against a Lotus Domino LDAP directory, administrators must perform tasks to synchronize names across the directories to support single sign-on.

There are two methods for synchronizing the directories.

  • The portal LDAP administrator can extend the LDAP schema and set up Domino Directory Assistance

  • Lotus Domino administrator can run agents to populate all Person documents in the Domino Directory with the distinguished user name used by the portal for login.

Extending the schema and setting up Directory Assistance has the benefit of matching user passwords that might otherwise require additional tasks to reconcile.

  1. Select one of the following methods to modify the site. The first method is the responsibility of the portal LDAP administrator, and the second method is the responsibility of the Lotus Domino LDAP administrator, but the Lotus Domino administrator may be able to assist the portal administrator with the second method.

    1. Extend the schema of the non- Lotus Domino LDAP directory to include the following attributes:

      mailserver=mailserver.domain.com mailfile=mail/usermail.nsf

    2. Set up Domino Directory Assistance.

      The administrator does this by creating a Domino Directory Assistance database (da.nsf) on the Lotus Domino LDAP server.

  2. Run an agent on the Lotus Domino LDAP server to populate all Person documents in the Domino Directory database (names.nsf), with a field value corresponding to the distinguished name (DN) of each user in the portal LDAP directory.

    For example, if the portal user LDAP directory is Tivoli Directory Server, and a user's distinguished name in the portal is...

    uid=wpsadmin,cn=users,dc=acme,dc=com

    ...then the agent needs to add...

    uid=wpsadmin/cn=users/dc=acme/dc=com

    ...to the User Name field of the Person document.

 

Parent Topic

Configure single sign-on between WebSphere Portal and Lotus Domino

 

Previous topic

Check the page source for awareness configuration