Additional steps if WebSphere Portal and Lotus Quickr authenticate with different LDAP directories

If WebSphere Portal authenticates against a non-Domino LDAP directory and IBM LotusQuickrauthenticates against Domino LDAP, follow the steps described here to synchronize users' names in the directories.

  1. Configure the LDAP directory on the Lotus Quickr server by updating an attribute in LDAP with the Alias Name:

    1. Synchronize the user name and password for each user in the Domino Directory with the values that WebSphere Portal uses to authenticate users.

        For example, if the WebSphere Portal user directory is IBM Directory Server (IDS), and a user's Distinguished Name (DN) from IDS is:

        uid=tuser,cn=users,dc=acme,dc=com

        add the following to the Short Name field of the Person document for that user in Domino:

        uid=tuser/cn=users/dc=acme/dc=com

        Following the example used here, the Person document fields would contain the values shown below:

        Field Value
        First name Test
        Middle name
        Last name User
        User name

          Test User/acme

          Test User

        Short name tuser uid=tuser/cn=users/dc=acme=dc=com

        Save and close the document.

    2. Shut down the LDAP task, then update the Domino Directory views for the settings to take effect. Run the following commands from the Domino Server console:

        tell ldap q

        load updall names.nsf -r

        After the previous tasks complete, run this command:

        load ldap

        At this point, you should be able to run the following LDAP search command and receive Test User's results:

        ldapsearch -h ldapserver.domain.com -D <bind user if necessary>

        -w <bind user's password> -b <baseDN> uid=uid=tuser/cn=users/dc=acme/dc=com }}}

  2. Update the notes.ini file:

    1. Add the following setting and include whatever prefixes you need, separated by a semicolon.

        In the example below, only uid= is required:

        QuickPlaceRemapDN=uid=;cn=

    2. Comment out or remove the following:

        DisableUserCacheForUrl=/QuickPlace/

        DisableUserLookupForUrl=/QuickPlace/

  3. Update the qpconfig.xml file:

    1. In this section:

        <user_directory>

        <schema>}}}

        Add this:

        <do_not_deref_for_groups enabled="true"/>

    2. In this section:

        <user_directory>

        <schema>

        <search_filters>}}}

        Add this:

        <alias_lookup>

        <! [CDATA [

        (&(objectclass=person)(uid={0}))

        ]]&gt;

        </alias_lookup>}}} uid is configurable; if you add the alias name to a field other than Shortname in LDAP directory, for example the ltpa user name field in the person document, you would use that field here (&(objectclass=person)(ltpa-usrnm={0})). With a Domino LDAP directory, uid/shortname field is a multi-value field, and provides the best performance.


Parent

Configure SSO between WebSphere Portal and Lotus Quickr services for Domino

 


+

Search Tips   |   Advanced Search