Sun ONE logo     Previous      Contents      Index      Next     
Sun ONE Meta-Directory 5.1 Configuration and Administration Guide



Chapter 15   Configuring the Lotus Notes Connector

This chapter discusses configuration details specific to the Lotus Notes Connector, which provides bi-directional synchronization of address book (names.nsf) data for Lotus Notes server 5.0.10 into its connector view. Configuration with respect to the Join-Engine is required to further synchronize this data with that in the meta view.

Though the typical usage of this connector would be to synchronize the user and group data, this connector can actually be used to synchronize any other kind of data (data confirming to any other object class) that is recognized by data sources at both ends (viz. Lotus Notes directory and iPlanet Directory Server).

It is important to note that the Lotus Notes Connector supports bi-directional synchronization of UTF-8 encoded data. The connector also supports multi-valued and binary attributes. In addition, the connector supports all the regular and special operations. Regular operations include - add, modify, delete and modrdn. Special operations include - addbacks and refresh.

Unlike the other indirect connectors, default mapping rules are provided only for the default schema (based on the object classes present) in the iPlanet Directory Server. One would have to create additional rules in order to flow all the other user and group attributes present in the Lotus Notes directory.

The topics in this chapter are:

Installing the Connector

The Lotus Notes Connector has been implemented as an indirect connector. However, unlike the existing Indirect connectors such as - Universal Text Parser, Active Directory, Microsoft Exchange and the NT Domain connectors, this connector is not UTC-based. It is based on a new connector framework introduced in V5.1 (using which the Novell Directory Connector also has been implemented). This new connector framework uses an intermediate mySQL database to perform change detection and loop detection for data in Lotus Notes directory.

Hence, the following pre-requisites must be satisfied before you install the connector:

  • Install iPlanet Directory Server V5.1, as described in the Installation and Deployment Guides. Restart the server after enabling the retro change logs plugin.

  • Depending on whether you are installing Lotus Notes Connector on Windows or Solaris:

    • Windows. Install and configure Lotus Notes server and the client. If the connector is being installed on windows, notes client software should be installed on the system where the connector would be run. The global PATH environment variable should be set to the Lotus Notes client installation location. For example, if Lotus Notes client is installed in c:\lotus\notes directory, add c:\lotus\notes to the PATH env variable. The user.id file for the admin user of the Lotus Notes directory and the cert.id file of the certifier should be copied to the system, where the connector would be installed. Ensure LDAP service is enabled on the Lotus Notes Server. Also check the configuration of the Lotus Notes Server and ensure ldap write access is allowed.

    • Solaris. To install the connector on Solaris, a Lotus Notes (domino) server should be installed on the system where the connector would be installed. This is required for the user id and mail files to get created for the new users registered from the lotus notes connector. Identify the Lotus Notes (domino) server from which data would be synched to the Meta Directory. Copy the user.id file of the admin user and cert.id file of the certifier from that domino server to the system where the connector would be installed. Ensure LDAP service is enabled on the domino server used for synching. Also check the configuration of the Lotus Notes (domino) Server and ensure ldap write access is allowed.

  • Install the mySQL Connector/J V 2.0.14 JDBC driver for accessing the mySQL database. This is typically distributed as a JAR. This can be downloaded from -

    • http://www.mysql.com/downloads/api-jdbc-stable.html .

  • Install mySQL-Max V3.23.51. This can be downloaded from - http://www.mysql.com or from one of it's mirror sites. A mirror that currently hosts and can be used for downloading the binary is

    • http://mysql.mirror.stop.hu/downloads/mysql-3.23.html .

  • Also create a database administrator (dba) user that has all the privileges to create new databases and users in mySQL, for the intermediate changelog maintained by the connector (for its functioning).

  • Note - This database administrator user should be associated with an appropriate hostname of '%', 'localhost', 'non-qualified-host-name-of-JDBC-driver' or 'fully-qualified-host-name-of-mysql-host', as required by the JDBC driver.

  • A dba (database administrator) user can be created using the following command:

    • "GRANT ALL PRIVILEGES ON *.* TO '<dba_userName>'@'<hostName>' identified by '<dba_password>' WITH GRANT OPTION"

  • Ideally, to take care of all deployment scenarios related to MySQL Connector/J JDBC driver and MySQL database server - one must create (depending on the deployment circumstance) one or more of the following four database administrator users:

    1.     '<dba_userName>@%'

    2.     '<dba_userName>@localhost'

    3. '<dba_userName>@<non-qualified-host-name-of-JDBC-driver>'

    4.     '<dba_userName>@<fully-qualified-host-name-of-mysql-host>

  • Please verify that you are able to connect to the mySQL database server using this dba user from the host on which you are running the Meta-Directory Console. The connector instance creation dialog requests for the username and password of this user.

  • Once these pre-requisites are satisfied, you can proceed and install Sun ONE Meta-Directory V5.1, as described in the Deployment and Installation Guides. Make sure to select Lotus Notes Connector in the components screen when you install Meta-Directory.

To add a Lotus Notes Connector Instance

You can create an instance of the Lotus Notes Connector by following the steps explained below. All the required configuration parameters for connector instance creation can be set via the connector instance creation dialog only. Unlike the other indirect connectors, this connector does not need any configuration via an external configuration file.

Please note that mySQL server should be running when a Lotus Notes Connector Instance is created.

To set the configuration parameters during connector instance creation

  1. From the Sun ONE Console window, right-click on Server Group. A context menu appears.



  1. Select Create Instance Of, then select Meta-Directory Lotus Notes Connector. The New Instance Creation dialog box appears.



  1. Provide input for the data fields. The dialog box for the Lotus Notes Connector contains additional fields. A description of these fields is now listed below.

    2. Dialog Box Parameter

    Definition

    View Name

     

    Enter a name of any length that more fully describes the View ID. The default is the View ID

     

    View ID

     

    Enter up to five characters to represent the view ID. The default is CVx, where x is the next successive integer following the last instance created.

     

    View Base DN

     

    Enter the subtree DN where this connector view is located. The default is o=CVx, where x is the next successive integer following the last instance created.

     

    Data Server URL   

     

    From the drop-down list, select the data server from which the new instance should be created. You can also type in a data server (LDAP) URL of the form - ldap://FullyQualifiedhostName:Port.

     

    Data Server Bind DN

     

    Enter a DN to be bound to the data server URL for access rights to the subtree.

     

    Data Server Bind Password

     

    Enter the password associated with the data server bind DN.

     

    NOTES URL

     

    Enter the LDAP URL for the Lotus Notes directory. This is of the form - ldap://FullyQualifiedhostName:Port.

     

    NOTES Bind User DN

     

    Enter a DN to be bound to the NOTES URL for access rights to the subtree. This is of the form - cn=admin, o=org.

     

    NOTES Bind Password

     

    Enter the password associated with the NOTES Bind User DN.

     

    NOTES Top Level Synch DN

     

    Specifies the top level DN where Lotus Notes Connector synchronization occurs. You should enter input in this field accurately. If the top level in Lotus notes Directory (from where users/groups are being synchronized) is under a 'organizational-unit' node, the entry should be: ou=organizational-unit,o=domain

    All the users under the DN mentioned above will be synchronized.

    All the groups present in the Lotus Notes directory will be synched.

     

    Absolute Path For JDBC Jar File Name

     

    Enter the absolute path, with the filename of the MySQL JDBC driver jar file

     

    mySQL HostName

     

    Specifies the fully qualified host name on which the mySQL server is running.

     

    mySQL DBA User Name

     

    Specifies the user name of the database administrator using which new (changelog) database and users (required for the connector's operation) can be created in the mySQL server. One new (changelog) database and a set of four (changelog) users are created during the creation of each new Lotus Notes Connector Instance.

     

    mySQL DBA User Password   

     

    Specifies the password of the database administrator using which new (changelog) database and (changelog) users (required for the connector's operation) can be created in the mySQL server.

     

    mySQL Database Name

     

    Specifies the name of the new (changelog) database that can be created in the mySQL server. Do not reuse a value already given for another connector instance. The Lotus Notes Connector creates a new database with this name, in mySQL server for every instance of the connector.

     

    mySQL Database User Name

     

    Specifies the base-name of the new (changelog) database users that can be created in the mySQL server. Do not reuse a value already given for another connector instance. The Lotus Notes Connector creates a new changelog user with this name, in mySQL server for every instance of the connector.

     

    mySQL Database User Password

     

    Specifies the password of the new (changelog) database users that can be created in the mySQL server.

     

    Absolute Path for notes Cert ID

     

    Specifies the location where the cert.id file from the domino(Lotus Notes) server is copied to.

     

    Notes Cert ID Password

     

    Specifies the cert.id password.

     

    Domino Server Name

     

    Specifies the domino(Lotus Notes) server name.

     

    Absolute Path for notes Admin ID File

     

    Specifies the location where the user.id file for the admin user is copied to.

     

    Notes Admin User Name

     

    Specifies the admin user name

     

    Notes Install Location

     

    If the connector is installed on Windows, enter the absolute path of the lotus notes client installation directory. If the connector is installed on Solaris, enter the absolute path of the lotus notes data directory.

     

To provide authorization

Provide authorization of created users for data server access. See "Setting Access Permissions" for the procedure.

Configuring a Participating Connector View

If you have installed the join engine, you can configure a participating view for the Lotus Notes connector. To configure the Participating View refer to the procedures in "Views in Meta-Directory."

To add the instance as a participating view

  1. Right-click the Participating Views object under Meta View. A context menu appears.

  2. Select Add Participating View. The Select View dialog box appears.

  3. Select the connector view you want to add or participate in a join/synchronization with the meta view.

Click OK. The view is added to the Sun ONE Meta-Directory configuration tree.

Creating Users

The following procedures apply only to the Meta View. If you have installed the join engine and want to create new entries, it is recommended that you create them under the Meta View instead of Connector View. The Connector View is intended only to reflect the contents of the external data source or meta view.

To create a Lotus Notes User in the Meta View

  1. Click on the Contents of the Meta View. From the menu bar, select Object > New > User. The Create New User dialog box appears.

  1. Provide input in the required fields. Lotus Notes has a restriction that firstname, lastname and middlename can have only ASCII data. A default user ID is generated when you enter the first and last names. When adding users, user names can consist of uppercase and lowercase alpha characters (A - Z), numbers (0 - 9), and the ampersand (&), dash (-), dot (.), space ( ) , and underscore (_). The only characters supported by Notes for registered user names are: letters (including those with accents and other diacritical marks from the ISO Latin1 character set), numbers, ampersand, apostrophe, hyphen, period, space, and underscore.

  2. Click OK. The user name appears in the right pane of the Meta-Directory console.

You can also create Notes users in the meta view by using an LDIF file format within any LDAP client.

To modify a Lotus Notes user in the meta view

  1. Click on the contents of the Lotus Notes meta view.

  2. Double-click on the Lotus Notes user you want to modify. The Edit Entry dialog box appears.

  3. Click Advanced Alter the fields as needed, then click OK.

Similar procedure needs to be followed for creating and/or modifying Lotus Notes group entries in the Meta View.

Configuring Connector Rules

You can configure two types of rules for the Lotus Notes Connector:

  1. Attribute Flow rule.

  2. Object Class Flow rule.

However, the tabs for "Default Values" and "Filters" are not provided for the Lotus Notes Connector. Hence you cannot use these features with the Lotus Notes Connector instances. The recommended workaround is to introduce these configuration items while flowing data from Connector View to the Meta View (i.e. at the join engine level) via the configuration for "Filters" and "Attribute Construction".

Attribute Flow

The Lotus Notes Connector uses attribute flow rules to specify the mapping between external data source attributes and the corresponding connector view attributes. Lotus Notes Connector provides the following preset configurations for Attribute Flow:

  • Minimal Attribute Set for Default Schema, which is the minimum set of attributes necessary to flow data. This set actually contains a list of all attributes that are required in the schema for both Lotus Notes Directory and iPlanet Directory Server.

  • Complete Attribute Set for Default Schema, that represents mappings for all those attributes for which there is a direct match between Lotus Notes Directory and iPlanet Directory Server.

By default "Minimal Attribute Set for Default Schema" is selected as the "Attribute Flow Configuration".

The following user interface elements have been disabled in the "Attribute Flow" tab and the "Insert Attribute Mappings" window for the Lotus Notes Connector:

  • The "Insert Defaults" button.

  • The "Mapping Type" list.

In addition to the preset attribute flow configuration, you can also create new/custom attribute flow rules manually.

In the definition and application of these rules there are two concepts that, although not specifically referred to in the GUI, are important to remember. Granularity refers to the complexity of the application of the rules, i.e. whether the entry flows as a whole piece or whether the entry is divided into its base attributes which then flow separately. Ownership refers to where the entry originates (in the external data source or in the connector view), i.e. whichever source the entry originates from is considered the owner of the entry.

Granularity and Ownership

Typically, if you don't configure your own indirect connector rules, the indirect connector uses default attribute flow rules and the process is considered to have entry-level granularity. Entry-level granularity is characterized by all of the following:

  • Entries can be added in, and therefore flow from, either the data source or the Meta View and the entry's ownership is based on this.

  • Only the owner of an entry can modify, rename or delete that entry. However, if a non-owner deletes an entry, it gets added-back. On the same lines, if a non-owner renames (applies modrdn) an entry, the old entry gets added-back and the new entry with the new name also remains. Also, a modification by the non-owner gets reverted/modified-back.

  • Entries flow back and forth as complete entries with no specific attribute mapping or filtering allowed.

The Lotus Notes Connector requires the user to always select one of the attribute flow rules (the preset rules or custom rules). Hence, there is no support for entry-level granularity.

Hence when an attribute flow rule is developed and applied, the flow is considered to have attribute-level granularity. Attribute-level granularity is characterized as follows:

  • Entries can be added in, and therefore flow from, either the data source or the Meta View and the entry's ownership is based on this.

  • Only the owner of an entry can rename or delete that entry. However, if a non-owner deletes an entry, it gets added-back. On the same lines, if a non-owner renames (applies modrdn) an entry, the old entry gets added-back and the new entry with the new name also remains.

  • Because specific attributes flow independently of complete entries, modifications can be made from either the data source or the Meta View.

These concepts explain certain flow behaviors and should be kept in mind when configuring and applying attribute flow rules for the Lotus Notes Connector.

The next section describes how to create new External Attributes for use in creation of a custom/manual Attribute Flow rules.

To add External Attributes for Lotus Notes connectors

You can create a list of attributes that you want to flow from the external data source (Lotus Notes ) for Lotus Notes Connector. You can store the external attributes as described in the following procedure.

  1. Click the "Attributes" tab from a Lotus Notes instance node. The "Attributes" window appears.



  1. Click New. A blank field appears below the "Attribute" label.

  2. Click within the blank field, then type the name of an external attribute you want to map to an internal attribute.

  3. Repeat the steps above to add other attributes, then click "Save".

  4. See "To Configure an Attribute Flow Rule" to map the external attributes with connector view attributes.

To Configure an Attribute Flow Rule

To achieve attribute-level granularity, an attribute flow rule is written and applied, as described in the following procedure.

  1. Select the "Lotus Notes" node from the Meta-Directory console navigation tree and click "The Attribute Flow" tab.



  2. Click New.

    3. The "New Flow Configuration Name" dialog box appears. Reset can be clicked at any time to delete all new configuration and return to the last saved state.

  3. Type a name for the new attribute flow configuration and click OK.

    4. The name appears in the Configurations list box.

  4. The "Mapping Type" drop-down list is disabled for the Lotus Notes Connector.

    5. Note: When creating attribute flow rules, all attributes must be mapped in both directions: "From Connector View" and "To Connector View". Mappings are configured this way in order to propagate changes in both directions.

  5. Click Insert.The "Insert Attribute Mappings" dialog box appears. This displays a list of all attributes configured as external attributes for the specific connector.



    6. For example, the figure below shows the description attribute being mapped to itself for a flow direction to the connector view.

    1. Please note that unlike the rest of the Indirect connectors, the "Mapping Type", cannot be changed/selected even from within this dialog box for the Lotus Notes Connector.

    2. Specify the flow direction, either mappings of attributes from external data source to the connector view or from the connector view to the external data source.

    3. Specify either "All Attributes" or "All Language Tagged Attributes" from the "Connector View Objectclass" drop-down list. If you specify "All Language Tagged Attributes" as the connector view objectclass, choose a supported language subtype. Check Add Phonetic Type box to indicate if the attribute value is a phonetic representation. For more information on these fields, see "To Compose Language Tagged Attribute Conditions" of "Connectors and Connector Rules."

    4. Select an external attribute and the connector view attribute you wish to map it to. If you select an external attribute for which there is a matching connector view attribute, the connector view attribute is automatically selected. However, any connector view attribute can be selected for any given external attribute. You can also use a keyword search by typing the first letter of the external attribute or connector view attribute you want to find. For instance, if you wanted to find uid, you would only have to type u.

    5. Click "Insert". The mapping for your configuration appears at the bottom of the Attribute Flow window.

    6. Select additional pairs, clicking "Insert" after each pair is selected. Click "Close" when finished.

  6. Click "Save" in the "Attribute Flow" tab to save the attribute flow rules.

Note - It is important to note that you must always make sure that the attribute flow rule includes attribute mappings for all those attributes that are marked as mandatory/required at the destination end data source.

Object Class Flow

The Lotus Notes Connector uses object class flow rules to specify the mapping between external data source object classes and the corresponding connector view object classes.

Lotus Notes Connector provides a single preset configuration for Object Class Flow:

  • Object Class Set for Default Schema, that represents mappings for the default user and group object classes present in both Lotus Notes Directory and iPlanet Directory Server (external data source and connector view).

By default "Object Class Set for Default Schema" is selected as the "Object Class Flow Configuration".

In addition to the preset object class flow configuration, you can also create new/custom object class flow rules manually. This allows you to flow entries belonging to any object class (not just those corresponding to user and group) in both directions.

The next section describes how to create new External Object Classes for use in creation of a custom/manual Object Class Flow rules.

To add object classes for Lotus Notes Connectors

You can create a list of object classes that you want to flow from the external data source (Lotus Notes) for Lotus Notes Connectors.

You can store the external object classes as described in the following procedure.

  1. Click the "Object Classes" tab. The "Object Classes" window appears.



  1. Click New. A blank field appears below each of the "Object Class Name" label and "Naming Attribute" label. This is a convenient way to associate a naming attribute type with the corresponding object class.

  2. Click within the blank field under "Object Class Name" label, then type the name of an external object class you want to map to an internal object class. Click within the blank field under "Naming Attribute" label, then type the name of the naming attribute corresponding to the external object class that you have just entered.

  3. Repeat the steps above to add other object classes along with their corresponding naming attributes and click "Save".

  4. See "To Configure an Object Class Flow Rule" to map the external attributes with connector view attributes.

To Configure an Object Class Flow Rule

To achieve data synchronization via proper DN-mapping for the entries flowed, an object class flow rule is written and applied, as described in the following procedure.

  1. Select the "Lotus Notes " node from the Meta-Directory console navigation tree and click "The Object Class Flow" tab.



  1. Click New. The "New Flow Configuration Name" dialog box appears. Reset can be clicked at any time to delete all new configuration and return to the last saved state.

  1. Type a name for the new object class flow configuration and click OK. The name appears in the Configurations list box.

Note: When creating object class flow rules, all object classes must be mapped in both directions: "From Connector View" and "To Connector View". Mappings are configured this way in order to propagate changes in both directions.

  1. Click Insert. The "Insert Object Class Mappings" dialog box appears. This displays a list of all object classes configured as external object classes for the specific connector.



For example, the figure shows the dominoPerson object class being mapped to inetorgperson object class for a flow direction to the connector view. Naming attributes also have been entered.

    1. Specify the flow direction, either mappings of "object classes and the corresponding naming attributes" from external data source to the connector view or from the connector view to the external data source.

    2. Select an external object class and the connector view object class you wish to map it to. Whereas the "External Naming Attribute" gets selected/populated automatically (if you have defined the external object classes and the corresponding naming attributes already), you will have to manually enter the value for the "Directory Naming Attribute". The value of the "Directory Naming Attribute" should be carefully selected based on the manner in which the DN of the entries in the Connector View get constructed. If the Connector View is configured with respect to the Join-Engine, then the contents of the DN rule(s) drive the selection of this "Directory Naming Attribute" for the flow between Lotus Notes Server and the Connector View (in iPlanet Directory Server). i.e. If the MV->CV DN rule designates "cn" as the "Naming Attribute for Connector View entries", then "cn" (and not "uid") should be the value entered for "Directory Naming Attribute" when the "Object Class Mappings" are created. Hence, when data is flowed end-to-end between the Lotus Notes Server and the Meta View, a typical mapping for flowing user-entries between the Lotus Notes Server and the Connector View would look like "dominoperson#cn <-> inetorgperson#cn".

    No automatic selection happens when you select an external object class for which there is a matching connector view object class.

    1. Click "Insert". The mapping for your configuration appears at the bottom of the "Object Class Flow" window.

    2. Select additional pairs, clicking "Insert" after each pair is selected. Click Close when finished.

  1. Click Save in the "Object Class Flow" tab to save the object class flow rules.

Configuring a Lotus Notes Connector Instance

The tabs associated with a node for an instance Lotus Notes connector can be used to perform the following tasks.

  • "General" tab -

    • Select the rules to be applied for attribute flow and object class mappings via the "Attribute Flow Configuration" and "Object Class Mapping Configuration" lists.

    •    Select the "Operation" to indicate the direction(s) of data synchronization.

  • "Schedule" tab -

    • Configure the schedule based on direction(s) of synchronization ("From Connector View" and "To Connector View") for the given connector instance.

  • "Log" tab -

    •    * Configure attributes related to logging for the given connector instance.

  • "Attributes" tab -

    • Add/Edit "Available External Attributes" to be used in the definitions of custom "Attribute Flow" rules in the "Attribute Flow" tab at the "Lotus Notes" node.

  • "Object Classes" tab

    • Add/Edit "Available External Object Classes" to be used in the definitions of custom "Object Class Flow" rules in the "Object Class Flow" tab at the "Lotus Notes" node.

Click on the instance of Lotus Notes Connector to be configured. Steps to perform each of the above mentioned configuration have been outlined below.

Using the "General" tab -

  1. Click on the "General" tab. The "General" tab appears. The "Name" and "Connector View" fields would be read-only. This is the same data that was specified when the connector instance was created.

  1. Select the rules to be applied for attribute flow and object class mappings via the "Attribute Flow Configuration" and "Object Class Mapping Configuration" lists. The drop-down list to select "Object Class Mapping Configuration" is a new one that has been introduced just for the Novell and Notes connectors.

Unlike UTC-based connectors, Lotus Notes connector does not have "Filter Configuration" and "Default Configuration" in the "General" tab.

  1. Select one of the radio buttons for the "Operation" to indicate the direction(s) of data synchronization.



Using the "Schedule" tab

  1. Click on the "Schedule" tab. The "Schedule" tab appears.

  2. Select either "To Connector View" or "From Connector View" and enter appropriate values in the text boxes for various synchronization schedule elements.

  3. Unlike UTC-based connectors, the "Schedule" tab for the Lotus Notes Connector does not have "Advanced" option to specify values for various synchronization schedule elements.



Using the "Log" tab

  1. Click the "Log" tab. The "Log" tab appears.

  2. Provide information for the following fields:

    • "Log File Location" - Specifies the directory in which the log files reside. To specify a directory other than the default, enter the full path name of the directory on the system where the connector instance is created.

    • "Prefix for Log File Name" - Specifies the prefix for the log file name. For example, if you chose "meta" as the prefix, the log file names would be of the form "meta-yyyymmdd-nn.log".

    • "Maximum Size of Each File" - Specifies the maximum size of each log file. After a log file reaches this size, a new log file gets created for subsequent log messages. The default is set to 4096 KB.

    • "Maximum Disk usage" - Specifies the maximum disk usage set aside for logging. When the maximum disk usage is reached, the oldest log file is deleted. The default is set to 15000 KB.

    • "Minimum Reserved Free Space" - Specifies the minimum disk space that should be available for logging, when the connector instance starts up. The default is set to 4096 KB.

    • "Flush Buffered Log Data to Disk after every" - Specifies the size of log data buffer which controls the flushing of log data to the log files. This is specified in KB.

    • "Log level" - Specifies the available log levels. One of - "Off", "Normal", "Debug" or "Trace" should be selected.

      • A value of "Off" suppresses logging.

      • A value of "Normal" logs minimal information. Only error and warning messages are logged. Maximum disk space may be small and new files are created infrequently.

      • A value of "Debug logs error, warning and debug information into the log file. Maximum disk space should be large enough and new files may be created frequently.

      • A value of "Trace" logs maximum information. Error, warning, debug and trace messages are logged into the log file. Maximum disk space for this option should be large and new files would get created frequently.

    • "Trace" is the new log-level introduced for Lotus Notes Connector. A new log file is created when the max size of the log file is reached. New files are not created based on the age of the log files.

Unlike UTC-based connectors, Lotus Notes Connector does not have separate modules and hence needs a single value for the log-level. The log-level selected is applicable to all the components of the connector.

  1. Click "Save". A connector restart is not required for the modifications specified in the log screen to take effect (if the connector is already running).



Using the "Attributes" tab

The external attributes (Lotus Notes directory attributes) that can be flown to/from the connector view are specified in the attributes screen. Lotus Notes connector comes with a predefined set of external attributes that can be used to flow data. However, new external attributes can be added as described in "To add External Attributes for Lotus Notes connectors".

Using the "Object Classes" tab

Object Classes screen is the new screen added for the connectors developed using the new connector framework. The external object classes(Lotus Notes directory objectclasses) that can be flown to/from the connector view are specified in the object Classes screen. Lotus Notes connector comes with a predefined set of external objectclasses that are synched. However, new external object classes can be added as described in the following "To add Object Classes for Lotus Notes connectors".

Restarting the Connector Instance

Except for the logging related settings, you will have to restart the connector instance (if it is already running) for any of the other configuration changes (described above) to take effect. Both instance-specific and shared configurations will not become effective for a given connector instance until it is restarted.

It is possible to pass arguments to the JVM used by the Lotus Notes connector by editing the file NETSITE_ROOT/<connector-dir>/config/jvm.conf. Note that each line of this file should be a valid option of the JVM as defined in the JVM documentation. Lines beginning with # are ignored, as empty lines. For example, to set the maximum stack size used by the JVM to 20MB, add the following line to jvm.conf:

-DXss20m

To restart a connector instance -

  1. Stop the connector by right-clicking on the connector instance and selecting "Stop Server".

  2. Click "Yes" to the prompt. A message appears stating that the stop command has been issued to the component.

  3. Start the connector by right-clicking on the connector instance and selecting "Start Server". A message appears stating that the start command has been issued to the component.

Look for the message:

"******* Service -------- START SunONE.Connector service, version 5.1. *******"

to find out if the connector instance has completed all the initializations and got started successfully. Similarly, look for the message:

"******* Service SunONE.Connector shutdown complete. *******"

to find out if the connector instance has completed its stop/shutdown process.

Enabling and Refreshing the Connector View

After the Connector View is enabled and the join engine is started, data can flow to/from the Meta View. The following sections provide details on these tasks.

  1. Starting the Join Engine. Before the join engine is started, ensure that you have already enabled the changelog in the Directory Server configuration. To start the join engine

    1. Select the "join-engine" node from the navigation tree and right-click. A context menu appears.

    2. Select "Start Server". A message stating that the server has been started appears.

  2. Enabling the Connector View

    1. From the Sun ONE Meta-Directory console, click on the "Status" tab.

    2. Click on the Join Engine object. The "Operations" tab appears.

    3. Select the participating view you want to enable.

    4. Select "Enable" from the "Operation" list and click "Start". This option disables the "Traverse" drop-down menu.



The participating view can be enabled if the configuration for setting up the view is valid. Any error in the configuration automatically changes the view to a disable status.

  1. Refreshing the Connector View wrt Meta View. You can optionally refresh the view if you want to observe updates immediately and bypass the regularly scheduled refresh synchronization.

    1. From the Sun ONE Meta-Directory console, click on the "Status" tab.

    2. Select the participating view you want to refresh. Note that it should already be enabled.

    3. Select "Refresh" from the "Operation" list, then select either "Meta View" or "Connector View" from the "Traverse" list.

    4. Click "Start".



  1. Refreshing the Connector View wrt Lotus Notes. You can optionally refresh the Connector View wrt Lotus Notes, if you want to observe updates immediately and bypass the regularly scheduled refresh synchronization.

    1. From the Sun ONE Meta-Directory console, click on the "Status" tab.

    2. Select the connector view to be refreshed.

    3. Select "Refresh" from the "Operation" list, then select Connector View from the "Updates to the" list.

    4. Click "Start".

    5. This would refresh all the entries owned by Lotus Notes(i.e. those entries that originally originated from Lotus Notes) in the connector view. The following dialog pops up when the refresh is started.



In the same manner, data in the Lotus Notes that originated from the meta directory (Connector View or Meta View) can be refreshed by selecting appropriate options.

    1. Select "Refresh" from the "Operation" list, then select "External Directory" from the "Updates to the" list.

    2. Click "Start".

    3. This would refresh all the connector view owned entries in the external directory. The following dialog pops up when the refresh is started.



Monitoring the Connector

The Lotus Notes Connector maintains only a single log file at the following location that enables one to monitor the connector status:

<NETSITE_ROOT>/notes-ViewName/logs/meta-yyyymmdd-nn.log

For example, a Lotus Notes Connector's log-file might appear as

meta-20021225-04.log

Data Flow for User and Group entries.

Entries in the Lotus Notes connector view must adhere to certain conditions to flow from the connector view into the Lotus Notes Directory. Note the following restrictions and advisory information:

  • To prevent duplicate user IDs from occurring in the same connector view, the meta view and connector views must be separate entities. A connector view should not be nested as a subtree of another connector view.

  • Entries that preexist in an Lotus connector view will not flow to the meta view after the connector starts. To flow these entries, the Lotus notes connector view must be an enabled participating connector view in the join engine. Refreshing the meta view operation from the join engine will trigger the preexisting entries from the Lotus notes connector view to flow to the meta view.

When setting up the join engine, you need to ensure that user and group entries meet the required criteria for Lotus Notes Connector views. Discussion on the requirements for both user and group entries follows:

A Lotus Notes group name can have any of these characters: A - Z, 0 - 9, & - . _ ' / (ampersand, dash, period, space, underscore, apostrophe, and forward slash) for the name. Other special characters are not allowed. When adding users, user names can consist of uppercase and lowercase alpha characters (A - Z), numbers (0 - 9), and the ampersand (&), dash (-), dot (.), space ( ) , and underscore (_). The only characters supported by Notes for registered user names are: letters (including those with accents and other diacritical marks from the ISO Latin1 character set), numbers, ampersand, apostrophe, hyphen, period, space, and underscore.

Synchronizing Users using Lotus Notes Specific Schema

Unlike the UTC-based connectors, the Lotus Notes Connector does not provide a direct facility to use Lotus Notes specific schema for the "Attribute Flow Configuration" and "Object Class Mapping Configuration".

As discussed in the previous sections on "Attribute Flow" and "Object Class Flow", you can create custom rules for the "Attribute Flow Configuration" and "Object Class Mapping Configuration". Hence, you can create rules for Lotus Notes specific schema using schema elements that are created in the Connector View's directory server via schema extension (during the creation of connector instance).

All you have to do is to create/define new "External Attributes" and "External Object Classes". Then, choose and map these "External Attributes" and "External Object Classes" with the corresponding new (extended) schema elements in the iPlanet Directory Server. Names of the new attributeTypes added to the iPlanet Directory Server schema are of the format - "mdsNotesAttr-<attributeName>" and that of the new objectClasses added to the iPlanet Directory Server schema are of the format - "mdsNotesOc-<objectClassName>".

Look for "mdsNotesOc-dominoPerson" and "mdsNotesOc-dominoGroup" in the extended schema for the new object classes added.

Connector Configuration Data

Most of the configuration specific to a Lotus Notes Connector instance is stored under the attribute "mdsgeneralconfiguration" of the following two configuration nodes in the configuration directory server instance -

  1. "cn=notes-CVN,cn=connectors,cn=system,ou=5,ou=meta-directory,ou=global preferences,ou=<domain-name>,o=netscaperoot" and

  2. "cn=1,cn=tasks,cn=notes-CVN,cn=connectors,cn=system,ou=5,ou=meta-directory,ou=global preferences,ou=<domain-name>,o=netscaperoot"

Rest of this section explains some configuration items that is spread across these two nodes. Some of these configuration items marked as "<MANUALLY CONFIGURABLE>" could be modified manually to suit the deployment needs. Rest of the configuration items have been described for the sake of clarity. Once may however choose to manually change these as well.

Configuration items under - "cn=notes-CVN,cn=connectors,cn=system,ou=5,ou=meta-directory,ou=global preferences,ou=<domain-name>,o=netscaperoot":

    • MaxManagerThreads <MANUALLY CONFIGURABLE> - Specifies the maximum number of threads in the thread-pool maintained to service the management/administration requests. You can increase this number if you foresee a large number of simultaneous management/administration requests. The default is set to "2".

    • Log related items like - LogRollOverDays and LogBufferTime are not used. All the other log related items can be configured via the "Log" tab for the specific connector instance.

Configuration items under - "cn=1,cn=tasks,cn=notes-CVN,cn=connectors,cn=system,ou=5,ou=meta-directory,ou=global preferences,ou=<domain-name>,o=netscaperoot" (also referred to as - "connector instance configuration" in this documentation):

    • LastShutdownType <MANUALLY CONFIGURABLE> - Specifies the nature of last shutdown performed on the connector instance. The default is set to "0". A value of "0" indicates "NORMAL" and "1" indicates "ABNORMAL" shutdown. The connector instance tries to recover from an abnormal shutdown whenever it starts up next time.

    • DeltaRetryMaxCount <MANUALLY CONFIGURABLE> - Specifies the maximum number of times for which an entry's processing should be attempted. If the number of failures while processing an entry reaches this limit, it is not processed further and an appropriate error-message is logged. The default is set to "3".

   

    • MaxConnectionRetrials <MANUALLY CONFIGURABLE> - Specifies the maximum number of attempts to be made on connection failures. The same value is used for connections to both the Lotus Notes Server and the iPlanet Directory Server. The default is set to "3".

    • TaskMode <MANUALLY CONFIGURABLE> - Specifies the directions in which the connector should synchronize data. The default is set to "0". A value of "0" indicates synchronization in both directions, a value of "1" indicates synchronization only ToCV and a value of "2" indicates synchronization only FromCV.

    • AttributeFlowConfiguration <MANUALLY CONFIGURABLE> - Specifies the name of the "Attribute Flow Rule" to be used for synchronization. The default is set to "Minimal Attribute Set for Default Schema". These rules are stored under the configuration node - "cn=attribute flow,cn=lotus notes,cn=connectors,cn=shared configuration,cn=system,ou=5,ou=meta-directory,ou=global preferences,ou=<domain-name>,o=netscaperoot".

    • ObjectClassFlowConfiguration <MANUALLY CONFIGURABLE> - Specifies the name of the "Object Class Flow Rule" to be used for synchronization. The default is set to "Object Class Set for Default Schema". These rules are stored under the configuration node - "cn=objectclass flow,cn=lotus notes,cn=connectors,cn=shared configuration,cn=system,ou=5,ou=meta-directory,ou=global preferences,ou=<domain-name>,o=netscaperoot".

    • AttributeFlowGranularity - This configuration item is not used by the Lotus Notes Connector and should not be changed. This identifies the granularity for the other UTC-based connectors.

    • ExternalHost <MANUALLY CONFIGURABLE> - Specifies the fully qualified host-name of the host on which Lotus Notes Server is running. You can make changes to this item if you want to change it after the connector instance has been created.

    • ExternalPort <MANUALLY CONFIGURABLE> - Specifies the port number on which Lotus Notes directory service is running. You can make changes to this item if you want to change it after the connector instance has been created. The default is set to "389" if you don't specify one during the instance creation of the connector.

    • ExternalDNToSynch <MANUALLY CONFIGURABLE> - Specifies the DN of the root-suffix in the Lotus Notes Connector that needs to be synchronized. You can make changes to this item if you want to change it after the connector instance has been created.

    • AttributesToMapLikeDnExtToDir <MANUALLY CONFIGURABLE> - Specifies the list of attributes whose values need to go through a DN-mapping-mechanism during the "Lotus Notes-to-iPlanet Directory" synchronization. A typical example is the "member" attribute present in the "dominogroup" object class whose value is the DN of the group's member. The default is set to "member=dominoperson". The format specifies the name of the attribute to be DN-mapped followed by the name of the object class (in the Lotus Notes schema) to which the "value-of-this-attribute" belongs (separated by an "=" sign). Members of this list are "," (comma) separated.

    • AttributesToMapLikeDnDirToExt <MANUALLY CONFIGURABLE> - Specifies the list of attributes whose values need to go through a DN-mapping-mechanism during the "iPlanet Directory-to-Lotus Notes" synchronization. A typical example is the "uniquemember" attribute present in the "groupofuniquenames" object class whose value is the DN of the group's member. The default is set to "member=inetorgperson". The format specifies the name of the attribute to be DN-mapped followed by the name of the object class (in the iPlanet Directory Server schema) to which the "value-of-this-attribute" belongs (separated by an "=" sign). Members of this list are "," (comma) separated.

    • ExternalToDirIsInitialSynchTotal <MANUALLY CONFIGURABLE> - Specifies the nature of the first synchronization cycle. It is set to "true" for the first synchronization cycle if a value of "InitialDump" is selected during creation of connector's instance. This configuration allows the connector to bypass all the change-detection-processing to achieve better performance for initial loading of data from the Lotus Notes to the Connector View.

If it is set to "true" manually after a connector instance is created and used, you need to manually cleanup the records present in the tables (ImageTable and ChangelogTable) presented in the intermediate changelog database. You should also manually remove all the entries in Connector View that originated from the Lotus Notes and flowed via this connector instance.   

    • DirectoryHost <MANUALLY CONFIGURABLE> - Specifies the fully qualified host-name of the host on which iPlanet Directory Server (hosting the Connector View) is running. You can make changes to this item if you want to change it after the connector instance has been created.

    • DirectoryPort <MANUALLY CONFIGURABLE> - Specifies the port number on which iPlanet Directory Server is running. You can make changes to this item if you want to change it after the connector instance has been created. The default is set to "389" if you don't specify one during the instance creation of the connector.

    • DirectoryDNToSynch <MANUALLY CONFIGURABLE> - Specifies the DN of the root-suffix in the iPlanet Directory Connector that needs to be synchronized. You can make changes to this item if you want to change it after the connector instance has been created. This typically represents the connector view ID.

    • LastSynchPoint <MANUALLY CONFIGURABLE> - Specifies the "changeNumber" of the changelog-entry (created by the retro-changelog plugin) from which the "iPlanet Directory-to-Lotus Notes" synchronization is started when the connector comes up.

    • LocaleLanguagePart <MANUALLY CONFIGURABLE> - Specifies the language portion of the locale used for the logging resource bundles. The default is set to "en" (representing "English").

    • LocaleRegionPart <MANUALLY CONFIGURABLE> - Specifies the region portion of the locale used for the logging resource bundles. The default is set to "US" (representing "United States").

    • LoggingResourceBundleClassName <MANUALLY CONFIGURABLE> - Specifies the fully qualified class name of the list resource bundle to be used for the log-messages dumped by the connector during access to the Lotus Notes. The default is set to - "com.sun.metadir.connectors.lotusnotes.logging.resourcebundles.LNLoggingMessagesBundle".

    • IntermediateDBDriverClassName <MANUALLY CONFIGURABLE> - Specifies the fully qualified class name of the JDBC driver to be used to connect to the intermediate changelog database. The default is set to "com.mysql.jdbc.Driver" (corresponding to the "mySQL Connector/J 2.0.14 driver).

    • IntermediateDBAURL <MANUALLY CONFIGURABLE> - Specifies the JDBC URL to be used to connect as the database administrator of the intermediate changelog database. Format of this JDBC URL is - jdbc:<subprotocol>://<fullyQualifiedHostName>/<DatabaseName>/user=<UserName>&password=<userPassword>. This URL is used by the connector to create/remove the intermediate changelog database and users for the connector's functioning.

    • IntermediateDBJDBCURL <MANUALLY CONFIGURABLE> - Specifies the JDBC URL to be used to connect as the intermediate changelog user. Format of this JDBC URL is - jdbc:<subprotocol>://<fullyQualifiedHostName>:<portIfNotDefault>/<DatabaseName>/user=<UserName>&password=<userPassword>. This URL is used by the connector to access the intermediate changelog database for the connector's functioning.

Configuration Example

The following example is intended as a quick reference which can be used as a checklist. For complete configuration information, refer back to the earlier portions of this chapter.

  1. Install the Connector

    1. Ensure that iPlanet Directory Server 5.1, and the Sun ONE Meta-Directory 5.1 software are already installed. If the Lotus Notes connector is being installed on windows, ensure notes client is installed. Also ensure that the user.id file for the admin and cert.id file for the certifier are copied.

    2. Create a Lotus Notes connector instance. During instance creation, provide input for all data fields. For details on the input fields, please see the table at the beginning of this chapter on Dialog Box Parameters".

  2. Add the Connector View as a Participating View

    1.    Right-click the Participating Views object. A context menu appears.

    2. Select "Add Participating View". The "Select View" dialog box appears.

    3. Select "notes-CVN" and click OK. The view is added to the Sun ONE Meta-Directory tree.

  3. Provide authorization. See "Setting Access Permissions".

  4. Configure Connector Rules

    1. By default "Minimal Attribute Set for Default Schema" is selected as the attribute flow configuration.

    2. By default "Object Class Set for Default Schema" is selected as the object class flow configuration.

    3. Customized attribute flow and object class flow rules can be set as described earlier in this chapter.

  5. Configure a Connector Instance

    1. Select the "notes-CVN" connector instance. The "General" tab appears.

    2. If default configuration rules are used, no configuration is required for the connector. If customized "Attribute Flow Configuration" and "Object Class Flow Configuration" are required, select the right configuration from the "Attribute Flow configuration" drop-down list and "Object Class Flow Configuration" drop-down list.

    3. For Operation, select "Both send and receive updates".

    4. Click "Save" if any default configuration was modified. Leave the current values for fields in the Schedule, Log, Attributes and ObjectClasses tabs.

  6. Restart the Connector Instance

    1. Stop the connector by right-clicking on "notes-CVN" and selecting "Stop Server".

    2. Click "Yes" to the prompt. A message appears stating that the stop command has been issued to the component.

    3. Start the connector by right-clicking on "notes-CVN" and selecting "Start Server". A message appears stating that the start command has been issued to the component.

  7. Start the Join Engine

    1. Select the join-engine object from the navigation tree and right-click and select "Start Server". A message appears stating that start command has been issued to the component.

  8. Enable and Refresh the Meta View

    1. Select "Status > join-engine > Operations".

    2. For "View", select the Lotus Notes connector view. For Operation, select "Enable", and then click "Start".

    3. For "Traverse" direction, keep the default value as "Connector View" and repeat the step above, except select "Refresh" instead of "Enable".

    4. Wait for a few seconds. From the "Configuration" tab Refresh the "Content" of Meta View. Verify that the data is properly propagated to the Meta View.

Limitations

Following are the limitations of the Lotus Notes Connector:

  • Synchronization of password attributes is not supported.

  • Currently one can use only MySQL as the relational database that can store the intermediate changelog for the Lotus Notes Connector.

  • The MySQL database administrator user (supplied during the instance creation of Lotus Notes Connector) needs to be associated with an appropriate hostname of '%', 'localhost', 'non-qualified-host-name-of-JDBC-driver' or 'database-server-host-name'.

  • If the source synchronization DN contains a hierarchy within it, then the same hierarchy needs to be created under the destination synchronization DN. Otherwise, the synchronization would fail for all the entries that get stored under subtrees of the source synchronization DN.

  • The attribute flow rule must not contain a mapping for "objectclass" attribute. It is included by default for any attribute flow rule (preset or custom) selected.

  • Support for InitialDump is provided ONLY for the first external to directory synchronization cycle. One should not try to change the configuration in the configuration directory server instance and expect the same behavior for subsequent synchronization cycles. However, if there is a requirement to perform an InitialDump again, one should set "ExternalToDirIsInitialSynchTotal=true" in the connector instance configuration (from the backend) and manually clean up the tables in the intermediate changelog database in MySQL (delete all records from both the tables - ImageTable and ChangelogTable) and the entries from the connector view. The above mentioned terms are defined as follows:

    • InitialDump - Identifies the first synchronization cycle (for synchronization from Lotus Notes Server to iPlanet Directory Server) as an Initial Dump. The connector bypasses all the change-detection processing and identifies all the entries as NEW for the CV and processes them asynchronously to allow better performance.

    • Incremental - Identifies the first (and subsequent) synchronization cycle(s) (for synchronization from Lotus Notes Server to iPlanet Directory Server) to be Incremental. The connector performs all the regular change-detection processing in this case.

  • Depending on the direction of synchronization, the naming attribute of the destination object class is always required to be mapped to the naming attribute of the source object class. Even if such a mapping is supplied by the user, it is overridden and changed by the connector to the mapping recommended above.

  • It is also recommended that the naming attribute of the source object class is always mapped only to the naming attribute of the destination object class. Otherwise, the naming attributes at either ends would end up having multiple values. This might not be desired sometimes, especially when the Connector View is configured wrt the Join-Engine/Meta-View. For example - if "dominoPerson" object class (with naming attribute of "cn") at Lotus Notes Server is synchronized with "inetOrgPerson" object class (with naming attribute of "uid") at iPlanet Directory Server, then the only recommended attribute mapping (involving these two naming attributes at both ends) for both the directions of synchronization is "(External)cn<->(Directory)uid".

  • Addback operations would not be supported if the synchronization is configured for only one direction.

Previous      Contents      Index      Next     
Copyright 2003 Sun Microsystems, Inc. All rights reserved.

Last Updated February 21, 2003