Plan names for servers and users in a Lotus Domino site

Plan names for servers and users in a Lotus Domino site

While installing and integrating Domino and Extended Products, decide on a naming scheme for servers, plan for and create several important administrative users, and create passwords for those users. Learn about server naming and a table of identities you can use while installing and configuring servers, with recommendations for which names need to match for better performance.
About server naming:
When portal site contains multiple IBMLotus Dominoservers, their names should be reasonably short and should contain no spaces. The server names will be seen by users, so make them descriptive when possible. If the Lotus Domino server name is not the same as the physical server name, verify the name is resolvable through DNS. For example, you could name a hub server in Chicago acmehub, which, combined with the server's domain, could yield a fully qualified host name of acmehub.chicago.acme.com. You would configure an entry in DNS for acmehub.chicago.acme.com to point to the physical IP address of the server. It is not a requirement to make the Lotus Domino server name the same as the physical server name, but if it is not, Server Connection documents are required in all other Lotus Domino servers and the Lotus Notes or Lotus Domino Administrator client software running on them.

Table of user identities
Some names in the following table are specified during the Lotus Domino Server Setup procedure you perform after installing the Lotus Domino LDAP server for the first time. If you later perform an upgrade installation, configuration choices from the first-time Server Setup will be used; you will not see screens presenting these choices again.

Identity Description Recommendation
Organization name for a Lotus Domino LDAP server This name is specified during the Lotus Domino Server Setup procedure. See About server naming.
Example: dom_hub/chicago/renovationscorp
Administrator of a Lotus Domino LDAP server This administrative user identity is created during the Lotus Domino Server Setup procedure. For convenience, you could make this the same as the user name of an administrator in WebSphere Portal (PortalAdminId in wkplc.properties)
Example: wpsadmin
Administrator of a Lotus Domino LDAP server with ability to run the Domino-WebSphere Portal Integration Wizard This administrative user identity is created during the Lotus Domino Server Setup procedure. It can be the same one as above, but only if it has the following characteristics:

The user must be an Administrator, allowed to issue a full range of OS commands to the server, as defined in the Server document - Security tab topic in Lotus Domino Administrator 8 Help.

The user must have authority to run server programs created with all Java and JavaScript features ("Run restricted LotusScript/Java agents").

The user must have an Internet password specified in his/her Person document

The user must be in the Access Control List of the DPICFG.NSF database

Bind user OR IBM WAS administrator OR both This identity is used by IBM WebSphere Portal to access the LDAP directory.
Both LDAP directory and security configuration for WebSphere Portal involve modifying values in wkplc.properties.
This user identity is created during the Server Setup procedure.

Should be the same as the user ID of an administrator for the WAS (WasUserID in wkplc.properties)
Example: wpsbind
For information on how to create the Bind user or Admin user, use Search to find the topic on preparing a Domino Directory server on <platform> (for example, Preparing a Domino Directory server on Windows™).
WebSphere Portal administrators group You should manually edit the group wpsadmins to wpsadmins/yourorgname. This edit creates a fully distinguished LDAP name of cn=wpsadmins/o=yourorgname. This change must made when using a Lotus Domino LDAP directory, because Lotus Domino does not store groups in the hierarchical format that WebSphere Portal expects. Should be the same as the group name of an administrator for all administrators for the WebSphere Portal server (PortalAdminGroupId in wkplc.properties)
Example: wpsadmins/renovationscorp In the ACL of the Lotus Domino Directory this group should have Author or Editor access, and the Role Types. These settings allow the administrator group to write and edit Person documents in the Lotus Domino Directory; these are necessary tasks in a portal that uses subscriber management.
Lotus Sametimeserver administrator This user name has administrative access to the Lotus Sametime server and can modify Web pages on the server. Example: stadmin
Lotus Sametime server administrator with ability to run the Domino-WebSphere Portal Integration Wizard This user name has administrative access to the Lotus Sametime server, as well as all the characteristics listed above for the Administrator of a Lotus Domino LDAP server with ability to run the Domino-WebSphere Portal Integration Wizard.

Lotus Sametime Web Conferencing administrator This user name is created in the Lotus Domino Directory (names.nsf) on the Lotus Sametime Web Conferencing server and is used only for integration of Lotus Sametime. In the ACL of the STConfig.nsf database, this user name is a Person/Manager, and has, at minimum, role(s) equivalent to those specified for the servlet entry of the meeting API in the servlets.properties file on the Lotus Domino server. Example: st_webconf_admin
Recommended: At least the [SametimeAdmin] role

Parent
Plan for collaborative servers and portlets

Lotus Domino Administrator Help, Server document - Security tab
Lotus Domino Administrator Help, Server registration

+
Search Tips | Advanced Search

Identity	Description	Recommendation
Organization name for a Lotus Domino LDAP server	This name is specified during the Lotus Domino Server Setup procedure.	See About server naming. Example: dom_hub/chicago/renovationscorp
Administrator of a Lotus Domino LDAP server	This administrative user identity is created during the Lotus Domino Server Setup procedure.	For convenience, you could make this the same as the user name of an administrator in WebSphere Portal (PortalAdminId in wkplc.properties) Example: wpsadmin
Administrator of a Lotus Domino LDAP server with ability to run the Domino-WebSphere Portal Integration Wizard	This administrative user identity is created during the Lotus Domino Server Setup procedure. It can be the same one as above, but only if it has the following characteristics: The user must be an Administrator, allowed to issue a full range of OS commands to the server, as defined in the Server document - Security tab topic in Lotus Domino Administrator 8 Help. The user must have authority to run server programs created with all Java and JavaScript features ("Run restricted LotusScript/Java agents"). The user must have an Internet password specified in his/her Person document The user must be in the Access Control List of the DPICFG.NSF database
Bind user OR IBM WAS administrator OR both	This identity is used by IBM WebSphere Portal to access the LDAP directory. Both LDAP directory and security configuration for WebSphere Portal involve modifying values in wkplc.properties. This user identity is created during the Server Setup procedure.	Should be the same as the user ID of an administrator for the WAS (WasUserID in wkplc.properties) Example: wpsbind For information on how to create the Bind user or Admin user, use Search to find the topic on preparing a Domino Directory server on <platform> (for example, Preparing a Domino Directory server on Windows™).
WebSphere Portal administrators group	You should manually edit the group wpsadmins to wpsadmins/yourorgname. This edit creates a fully distinguished LDAP name of cn=wpsadmins/o=yourorgname. This change must made when using a Lotus Domino LDAP directory, because Lotus Domino does not store groups in the hierarchical format that WebSphere Portal expects.	Should be the same as the group name of an administrator for all administrators for the WebSphere Portal server (PortalAdminGroupId in wkplc.properties) Example: wpsadmins/renovationscorp In the ACL of the Lotus Domino Directory this group should have Author or Editor access, and the Role Types. These settings allow the administrator group to write and edit Person documents in the Lotus Domino Directory; these are necessary tasks in a portal that uses subscriber management.
Lotus Sametimeserver administrator	This user name has administrative access to the Lotus Sametime server and can modify Web pages on the server.	Example: stadmin
Lotus Sametime server administrator with ability to run the Domino-WebSphere Portal Integration Wizard	This user name has administrative access to the Lotus Sametime server, as well as all the characteristics listed above for the Administrator of a Lotus Domino LDAP server with ability to run the Domino-WebSphere Portal Integration Wizard.
Lotus Sametime Web Conferencing administrator	This user name is created in the Lotus Domino Directory (names.nsf) on the Lotus Sametime Web Conferencing server and is used only for integration of Lotus Sametime. In the ACL of the STConfig.nsf database, this user name is a Person/Manager, and has, at minimum, role(s) equivalent to those specified for the servlet entry of the meeting API in the servlets.properties file on the Lotus Domino server.	Example: st_webconf_admin Recommended: At least the [SametimeAdmin] role