Chapter 11
Configuring the Lotus Notes Connector

This chapter discusses configuration details specific to the Lotus Notes Connector, which provides bi-directional synchronization of address book (names.nsf) data for Lotus Notes server 5.0.10, and 5.0.12 into its Connector View. Configuration with respect to the Join-Engine is required to further synchronize this data with that in the Meta View.

Though the typical usage of this connector would be to synchronize the user and group data, this connector can actually be used to synchronize any other kind of data (data confirming to any other object class) that is recognized by data sources at both ends (viz. Lotus Notes directory and Sun ONE Directory Server).

It is important to note that the Lotus Notes Connector supports bi-directional synchronization of UTF-8 encoded data. The connector also supports multi-valued and binary attributes. In addition, the connector supports all the regular and special operations. Regular operations include - add, modify, delete and modrdn. Special operations include addbacks and refresh.

Unlike the other indirect connectors, default mapping rules are provided only for the default schema (based on the object classes present) in the Sun ONE Directory Server. One would have to create additional rules in order to flow all the other user and group attributes present in the Lotus Notes directory.

The topics in this chapter are:

Before You Begin
Adding a Lotus Notes Connector Instance
Configuring a Participating Connector View
Creating Users
Configuring Connector Rules
Configuring a Lotus Notes Connector Instance
Monitoring the Connector
Data Flow for User and Group Entries.
Synchronizing Users Using Lotus Notes Specific Schema
About Connector Configuration Data
Configuration Example
Uninstalling the Connector
Known Limitations

---

Before You Begin

The Lotus Notes Connector is an indirect connector and is not UTC based. A new connector framework uses an intermediate mySQL database to perform change detection and loop detection for data in Lotus Notes directory.

Install Sun ONE Directory Server 5.2 as described in the Installation and Deployment Guides. Restart the server after enabling the retro-changelogs plug-in.
Depending on whether you are installing Lotus Notes Connector on Windows or Solaris:
Windows. Install and configure Lotus Notes server and the client. If the connector is being installed on windows, notes client software should be installed on the system where the connector would be run. The global PATH environment variable should be set to the Lotus Notes client installation location. For example, if Lotus Notes client is installed in c:\lotus\notes directory, add c:\lotus\notes to the PATH env variable. The user.id file for the admin user of the Lotus Notes directory and the cert.id file of the certifier should be copied to the system, where the connector would be installed. Ensure LDAP service is enabled on the Lotus Notes Server. Also check the configuration of the Lotus Notes Server and ensure ldap write access is allowed.
Solaris. To install the connector on Solaris, a Lotus Notes (domino) server should be installed on the system where the connector would be installed. This is required for the user id and mail files to get created for the new users registered from the lotus notes connector. Identify the Lotus Notes (domino) server from which data would be synchronized to the Meta Directory. Copy the user.id file of the admin user and cert.id file of the certifier from that domino server to the system where the connector would be installed. Ensure LDAP service is enabled on the domino server used for synchronization. Also check the configuration of the Lotus Notes (domino) Server and ensure ldap write access is allowed.
Install the mySQL Connector/J 2.0.14 JDBC driver for accessing the mySQL database. This is typically distributed as a JAR. This can be downloaded from -

http://www.mysql.com/downloads/api-jdbc-stable.html.

Install mySQL-Max 3.23.51. This can be downloaded from - http://www.mysql.com or from one of it's mirror sites. A mirror that currently hosts and can be used for downloading the binary is

http://mysql.mirror.stop.hu/downloads/mysql-3.23.html.

Also create a database administrator (dba) user that has all the privileges to create new databases and users in mySQL, for the intermediate changelog maintained by the connector (for its functioning). Note - This database administrator user should be associated with an appropriate hostname of '%', 'localhost', 'non-qualified-host-name-of-JDBC-driver' or 'fully-qualified-host-name-of-mysql-host', as required by the JDBC driver. A dba (database administrator) user can be created using the following command:

"GRANT ALL PRIVILEGES ON *.* TO '<dba_userName>'@'<hostName>' identified by '<dba_password>' WITH GRANT OPTION"

Ideally, to take care of all deployment scenarios related to MySQL Connector/J JDBC driver and MySQL database server - one must create (depending on the deployment circumstance) one or more of the following four database administrator users:
'<dba_userName>@%'
'<dba_userName>@localhost'
<dba_userName>@<non-qualified-host-name-of-JDBC-driver>'
'<dba_userName>@<fully-qualified-host-name-of-mysql-host>
Verify that you are able to connect to the mySQL database server using this dba user from the host on which you are running the Meta-Directory Console. The connector instance creation dialog requests for the username and password of this user.
Make sure to select Lotus Notes Connector in the components screen when you installing Meta-Directory.

---

Adding a Lotus Notes Connector Instance

All the required configuration parameters for connector instance creation can be set via the connector instance creation dialog only. Unlike the other indirect connectors, this connector does not need any configuration via an external configuration file.

Note that the mySQL server must be running when a Lotus Notes Connector Instance is created.

    To set the configuration parameters during connector instance creation

From the Sun ONE Console window, right-click Server Group.
Choose Create Instance Of > Meta-Directory Lotus Notes Connector. The ‘New Instance Creation’ dialog box displays.


Provide input for the data fields. A description of these fields is now listed below.

Table 11-1  List of options and the description of the action to perform

Field	Do This
View Name	Enter a name of any length that more fully describes the View ID. The default is the View ID
View ID	Enter up to five characters to represent the view ID. The default is CVx, where x is the next successive integer following the last instance created.
View Base DN	Enter the subtree DN where this Connector View is located. The default is o=CVx, where x is the next successive integer following the last instance created.
Data Server URL	From the drop-down list, select the data server from which the new instance should be created. You can also type in a data server (LDAP) URL of the form - ldap://FullyQualifiedhostName:Port.
Data Server Bind DN	Enter a DN to be bound to the data server URL for access rights to the subtree.
Data Server Bind Password	Enter the password associated with the data server bind DN.
NOTES URL	Enter the LDAP URL for the Lotus Notes directory. This is of the form - ldap://FullyQualifiedhostName:Port.
NOTES Bind User DN	Enter a DN to be bound to the NOTES URL for access rights to the subtree. This is of the form - cn=admin, o=org.
NOTES Bind Password	Enter the password associated with the NOTES Bind User DN.
NOTES Top Level Synch DN	Specifies the top level DN where Lotus Notes Connector synchronization occurs. You should enter input in this field accurately. If the top level in Lotus notes Directory (from where users/groups are being synchronized) is under a 'organizational-unit' node, the entry should be: ou=organizational-unit,o=domain All the users under the DN mentioned above will be synchronized. All the groups present in the Lotus Notes directory will be synchronized. It is important that the value entered for this DN is in the same (exact) case as that present in the external data source. (The objective is to create entries whose DN values have the exact case as desired.) In general, the case of the value for any entry’s DN is significant in Meta-Directory; since entries flow across various types of data sources through the Join Engine and connectors. Some of the data sources support only case-sensitive DNs. For example, Novell Directory Server and Sun ONE Directory Server are case-insensitive to DN values, however Lotus Notes is case-sensitive to DN values.
Absolute Path For JDBC Jar File Name	Enter the absolute path, with the filename of the MySQL JDBC driver jar file
mySQL HostName	Specifies the fully qualified host name on which the mySQL server is running.
mySQL DBA User Name	Specifies the user name of the database administrator using which new (change log) database and users (required for the connector's operation) can be created in the mySQL server. One new (change log) database and a set of four (change log) users are created during the creation of each new Lotus Notes Connector Instance.
mySQL DBA User Password	Specifies the password of the database administrator using which new (change log) database and (change log) users (required for the connector's operation) can be created in the mySQL server.
mySQL Database Name	Specifies the name of the new (change log) database that can be created in the mySQL server. Do not reuse a value already given for another connector instance. The Lotus Notes Connector creates a new database with this name, in mySQL server for every instance of the connector.
mySQL Database User Name	Specifies the base-name of the new (change log) database users that can be created in the mySQL server. Do not reuse a value already given for another connector instance. The Lotus Notes Connector creates a new change log user with this name, in mySQL server for every instance of the connector.
mySQL Database User Password	Specifies the password of the new (change log) database users that can be created in the mySQL server.
Absolute Path for notes Cert ID	Specifies the location where the cert.id file from the domino (Lotus Notes) server is copied to.
Notes Cert ID Password	Specifies the cert.id password.
Domino Server Name	Specifies the domino (Lotus Notes) server name.
Absolute Path for notes Admin ID File	Specifies the location where the user.id file for the admin user is copied to.
Notes Admin User Name	Specifies the admin user name
Notes Install Location	If the connector is installed on Windows, enter the complete path of the Lotus Notes client installation directory. If the connector is installed on Solaris, enter the complete path up to the ‘version’ directory, for example, /opt/lotus/notes/50100.
Notes Data Directory	Enter the complete path of the Lotus Notes data directory.

    To provide authorization

Provide authorization of created users for data server access. See "Setting Access Permissions" for the procedure.

---

Configuring a Participating Connector View

If you have installed the Join Engine, you can configure a Participating View for the Lotus Notes connector. To configure the Participating View refer to the procedures in Chapter 2, "Working with Views."

    To add the instance as a Participating View

Right-click the Participating Views object under Meta View.
Click Add Participating View. The ‘Select View’ dialog box displays.
Select the Connector View to add or participate in a join/synchronization with the Meta View.
Click OK. The view is added to the Meta-Directory configuration tree.

---

Creating Users

The following procedures apply only to the Meta View. If you have installed the Join Engine and want to create new entries, it is recommended that you create them under the Meta View instead of Connector View. The Connector View is intended only to reflect the contents of the external data source or Meta View.

    To create a Lotus Notes user in the Meta View

Click the Contents of the Meta View. Choose Object > New > User. The ‘Create New User’ dialog box displays.
Provide input in the required fields. Lotus Notes has a restriction that first name, last name and middle name can have only ASCII data. A default user ID is generated when you enter the first and last names. When adding users, user names can consist of uppercase and lowercase alpha characters (A - Z), numbers (0 - 9), and the ampersand (&), dash (-), dot (.), space ( ) , and underscore (_). The only characters supported by Notes for registered user names are: letters (including those with accents and other diacritical marks from the ISO Latin1 character set), numbers, ampersand, apostrophe, hyphen, period, space, and underscore.
Click OK. The user name is displayed.

You can also create Notes users in the Meta View by using an LDIF file format from any LDAP client.

    To modify a Lotus Notes user in the Meta View

Click the contents of the Lotus Notes Meta View.
Double-click the Lotus Notes user to modify. The ‘Edit Entry’ dialog box displays.
Click Advanced, and modify the values as required and then click OK.

Follow this procedure to create or modify Lotus Notes group entries in the Meta View.

---

Configuring Connector Rules

You can configure two types of rules for the Lotus Notes Connector:

Attribute Flow rule.
Object Class Flow rule.

However, the tabs for “Default Values” and “Filters” are not provided for the Lotus Notes Connector. Hence you cannot use these features with the Lotus Notes Connector instances. The recommended workaround is to introduce these configuration items while flowing data from Connector View to the Meta View (i.e. at the Join Engine level) via the configuration for “Filters” and “Attribute Construction”.

Attribute Flow

The Lotus Notes Connector uses attribute flow rules to specify the mapping between external data source attributes and the corresponding Connector View attributes. Lotus Notes Connector provides the following preset configurations for Attribute Flow:

Minimal Attribute Set for Default Schema, which is the minimum set of attributes necessary to flow data. This set actually contains a list of all attributes that are required in the schema for both Lotus Notes Directory and Sun ONE Directory Server.
Complete Attribute Set for Default Schema, that represents mappings for all those attributes for which there is a direct match between Lotus Notes Directory and Sun ONE Directory Server.

By default “Minimal Attribute Set for Default Schema” is selected as the “Attribute Flow Configuration”.

The following user interface elements have been disabled in the “Attribute Flow” tab and the “Insert Attribute Mappings” window for the Lotus Notes Connector:

The “Insert Defaults” button.
The “Mapping Type” list.

In addition to the preset attribute flow configuration, you can also create new/custom attribute flow rules manually.

In the definition and application of these rules there are two concepts that, although not specifically referred to in the GUI, are important to remember. Granularity refers to the complexity of the application of the rules, i.e. whether the entry flows as a whole piece or whether the entry is divided into its base attributes which then flow separately. Ownership refers to where the entry originates (in the external data source or in the Connector View), i.e. whichever source the entry originates from is considered the owner of the entry.

Granularity and Ownership

Typically, if you do not configure your indirect connector rules, an indirect connector uses default attribute flow rules and the process is considered to have entry-level granularity. The Lotus Notes Connector requires you to select only one of the attribute flow rules; either preset rules or custom rules. Hence, there is no support for entry-level granularity.

When an attribute flow rule is applied, the flow is considered to have attribute-level granularity.

Attribute-level granularity has the following characteristics:

Entries can be added. Thus, it can flow either from the data source or Meta View; the entry's ownership is based on this.
Only the owner of an entry can rename or delete the entry.
If a non-owner deletes an entry, it is added-back.
If a non-owner renames (applies modrdn) an entry in the Connector View, the original entry is added back and, the renamed entry remains in the Connector View and is not synchronized.

The connector considers a rename operation performed at the Lotus Notes server as a delete operation followed by an add operation. Thus, if a non-owned entry is renamed, the original entry is added back and the renamed entry is synchronized to the Connector View.

Modifications to an entry can be made at the data source or in the Meta View, because specific attributes flow independent of the complete entries.

These concepts explain certain flow behaviors and must be reviewed when configuring and applying attribute flow rules for the Lotus Notes Connector.

The next section describes how to create new External Attributes for use in creation of a custom/manual Attribute Flow rules.

    To add external attributes for Lotus Notes connectors

You can create a list of attributes that you want to flow from the external data source (Lotus Notes) for Lotus Notes Connector. You can store the external attributes as described in the following procedure.

Click the “Attributes” tab from a Lotus Notes instance node. The “Attributes” window appears.
Click New. A blank field appears below the “Attribute” label.
Click within the blank field, then type the name of an external attribute you want to map to an internal attribute.
Repeat the steps above to add other attributes, then click “Save”.
See “To Configure an Attribute Flow Rule” to map the external attributes with Connector View attributes.

    To configure an attribute flow rule

To achieve attribute-level granularity, an attribute flow rule is written and applied, as described in the following procedure.

Select the “Lotus Notes” node from the Meta-Directory console navigation tree and click “The Attribute Flow” tab.
Click New.

The “New Flow Configuration Name” dialog box appears. Reset can be clicked at any time to delete all new configuration and return to the last saved state.

Type a name for the new attribute flow configuration and click OK.

The name appears in the Configurations list box.

The “Mapping Type” drop-down list is disabled for the Lotus Notes Connector.

Note: When creating attribute flow rules, all attributes must be mapped in both directions: “From Connector View” and “To Connector View”. Mappings are configured this way in order to propagate changes in both directions.

Click Insert.The “Insert Attribute Mappings” dialog box appears. This displays a list of all attributes configured as external attributes for the specific connector.

For example, the figure below shows the description attribute being mapped to itself for a flow direction to the Connector View.

Please note that unlike the rest of the Indirect connectors, the “Mapping Type”, cannot be changed/selected even from within this dialog box for the Lotus Notes Connector.
Specify the flow direction, either mappings of attributes from external data source to the Connector View or from the Connector View to the external data source.
Specify either “All Attributes” or “All Language Tagged Attributes” from the “Connector View Objectclass” drop-down list. If you specify “All Language Tagged Attributes” as the Connector View objectclass, choose a supported language subtype. Check Add Phonetic Type box to indicate if the attribute value is a phonetic representation. For more information on these fields, see “To Compose Language Tagged Attribute Conditions” of “Connectors and Connector Rules.”
Select an external attribute and the Connector View attribute you wish to map it to. If you select an external attribute for which there is a matching Connector View attribute, the Connector View attribute is automatically selected. However, any Connector View attribute can be selected for any given external attribute. You can also use a keyword search by typing the first letter of the external attribute or Connector View attribute you want to find. For instance, if you wanted to find uid, you would only have to type u.
Click “Insert”. The mapping for your configuration appears at the bottom of the Attribute Flow window.
Select additional pairs, clicking “Insert” after each pair is selected. Click “Close” when finished.

Click “Save” in the “Attribute Flow” tab to save the attribute flow rules.

Note - It is important to note that you must always make sure that the attribute flow rule includes attribute mappings for all those attributes that are marked as mandatory/required at the destination end data source.

---

Object Class Flow

The Lotus Notes Connector uses object class flow rules to specify the mapping between external data source object classes and the corresponding Connector View object classes.

Lotus Notes Connector provides a single preset configuration for Object Class Flow:

Object Class Set for Default Schema, that represents mappings for the default user and group object classes present in both Lotus Notes Directory and Sun ONE Directory Server (external data source and Connector View).

By default “Object Class Set for Default Schema” is selected as the “Object Class Flow Configuration”.

In addition to the preset object class flow configuration, you can also create new/custom object class flow rules manually. This allows you to flow entries belonging to any object class (not just those corresponding to user and group) in both directions.

The next section describes how to create new External Object Classes for use in creation of a custom/manual Object Class Flow rules.

    To add object classes for Lotus Notes Connectors

You can create a list of object classes that you want to flow from the external data source (Lotus Notes) for Lotus Notes Connectors.

You can store the external object classes as described in the following procedure.

Click the “Object Classes” tab. The “Object Classes” window appears.
Click New. A blank field appears below each of the “Object Class Name” label and “Naming Attribute” label. This is a convenient way to associate a naming attribute type with the corresponding object class.
Click within the blank field under “Object Class Name” label, then type the name of an external object class you want to map to an internal object class. Click within the blank field under “Naming Attribute” label, then type the name of the naming attribute corresponding to the external object class that you have just entered.
Repeat the steps above to add other object classes along with their corresponding naming attributes and click “Save”.
See “To Configure an Object Class Flow Rule” to map the external attributes with Connector View attributes.

    To Configure an Object Class Flow Rule

To achieve data synchronization via proper DN-mapping for the entries flowed, an object class flow rule is written and applied, as described in the following procedure.

Select the “Lotus Notes” node from the Meta-Directory console navigation tree and click “The Object Class Flow” tab.
Click New. The “New Flow Configuration Name” dialog box appears. Reset can be clicked at any time to delete all new configuration and return to the last saved state.
Type a name for the new object class flow configuration and click OK. The name appears in the Configurations list box.

Note: When creating object class flow rules, all object classes must be mapped in both directions: “From Connector View” and “To Connector View”. Mappings are configured this way in order to propagate changes in both directions.

Click Insert. The “Insert Object Class Mappings” dialog box appears. This displays a list of all object classes configured as external object classes for the specific connector.

For example, the figure shows the dominoPerson object class being mapped to inetorgperson object class for a flow direction to the Connector View. Naming attributes also have been entered.

Specify the flow direction, either mappings of “object classes and the corresponding naming attributes” from external data source to the Connector View or from the Connector View to the external data source.
Select an external object class and the Connector View object class you wish to map it to. Whereas the “External Naming Attribute” gets selected/populated automatically (if you have defined the external object classes and the corresponding naming attributes already), you will have to manually enter the value for the “Directory Naming Attribute”. The value of the "Directory Naming Attribute" should be carefully selected based on the manner in which the DN of the entries in the Connector View get constructed. If the Connector View is configured with respect to the Join-Engine, then the contents of the DN rule(s) drive the selection of this "Directory Naming Attribute" for the flow between Lotus Notes Server and the Connector View (in Sun ONE Directory Server). i.e. If the Meta View to Connector View DN rule designates "cn" as the "Naming Attribute for Connector View entries", then "cn" (and not "uid") should be the value entered for "Directory Naming Attribute" when the "Object Class Mappings" are created. Hence, when data is flowed end-to-end between the Lotus Notes Server and the Meta View, a typical mapping for flowing user-entries between the Lotus Notes Server and the Connector View would look like "dominoperson#cn <-> inetorgperson#cn".

No automatic selection happens when you select an external object class for which there is a matching Connector View object class.

Click “Insert”. The mapping for your configuration appears at the bottom of the “Object Class Flow” window.
Select additional pairs, clicking “Insert” after each pair is selected. Click Close when finished.

Click Save in the “Object Class Flow” tab to save the object class flow rules.

---

Configuring a Lotus Notes Connector Instance

The tabs associated with a node for an instance Lotus Notes connector can be used to perform the following tasks.

General tab
Select the rules to be applied for attribute flow and object class mappings via the Attribute Flow Configuration and Object Class Mapping Configuration lists.
Select the Operation to indicate the directions of data synchronization.
Schedule tab
Configure the schedule based on directions of synchronization (From Connector View and To Connector View) for the given connector instance.
Log tab
* Configure attributes related to logging for the given connector instance.
Attributes tab
Add/Edit ‘Available External Attributes’ to be used in the definitions of custom ‘Attribute Flow’ rules in the Attribute Flow tab at the Lotus Notes node.
Object Classes tab
Add/Edit ‘Available External Object Classes’ to be used in the definitions of custom ‘Object Class Flow’ rules in the ‘Object Class Flow’ tab at the ‘Lotus Notes’ node.

Click on the instance of Lotus Notes Connector to be configured. Steps to perform each of the above mentioned configuration have been outlined below.

Using the General tab

Select the General tab. The Name and Connector View fields would be read-only. This is the same data that was specified when the connector instance was created.
Select the rules to be applied for attribute flow and object class mappings via the “Attribute Flow Configuration” and “Object Class Mapping Configuration” lists. The drop-down list to select “Object Class Mapping Configuration” is a new one that has been introduced just for the Novell and Notes connectors.

Unlike UTC-based connectors, Lotus Notes connector does not have “Filter Configuration” and “Default Configuration” in the “General” tab.

Select one of the radio buttons for the “Operation” to indicate the directions of data synchronization.

Using the Schedule tab

Select the Schedule tab.
Select either “To Connector View” or “From Connector View” and enter appropriate values in the text boxes for various synchronization schedule elements.
Unlike UTC-based connectors, the “Schedule” tab for the Lotus Notes Connector does not have “Advanced” option to specify values for various synchronization schedule elements.

Using the Log tab

Select the Log tab.
Provide information for the following fields:
“Log File Location” - Specifies the directory in which the log files reside. To specify a directory other than the default, enter the full path name of the directory on the system where the connector instance is created.
“Prefix for Log File Name” - Specifies the prefix for the log file name. For example, if you chose “meta” as the prefix, the log file names would be of the form “meta-yyyymmdd-nn.log”.
“Maximum Size of Each File” - Specifies the maximum size of each log file. After a log file reaches this size, a new log file gets created for subsequent log messages. The default value is set to 8192 KB.
“Maximum Disk usage” - Specifies the maximum disk usage set aside for logging. When the maximum disk usage is reached, the oldest log file is deleted. The default value is set to 15000 KB.
“Minimum Reserved Free Space” - Specifies the minimum disk space that should be available for logging, when the connector instance starts up. The default value is set to 4096 KB.
“Flush Buffered Log Data to Disk after every” - Specifies the size of log data buffer which controls the flushing of log data to the log files. This is specified in KB.
“Log level” - Specifies the available log levels. One of - “Off”, “Normal”, “Debug” or “Trace” should be selected.
A value of “Off” suppresses logging.
A value of “Normal” logs minimal information. Only error and warning messages are logged. Maximum disk space may be small and new files are created infrequently.
A value of “Debug logs error, warning and debug information into the log file. Maximum disk space should be large enough and new files may be created frequently.
A value of “Trace” logs maximum information. Error, warning, debug and trace messages are logged into the log file. Maximum disk space for this option should be large and new files would get created frequently.
“Trace” is the new log-level introduced for Lotus Notes Connector. A new log file is created when the max size of the log file is reached. New files are not created based on the age of the log files.

Unlike UTC-based connectors, Lotus Notes Connector does not have separate modules and hence needs a single value for the log-level. The log-level selected is applicable to all the components of the connector.

Click “Save”. A connector restart is not required for the modifications specified in the log screen to take effect (if the connector is already running).

Using the Attributes tab

The external attributes (Lotus Notes directory attributes) that can be flown to/from the Connector View are specified in the attributes screen. Lotus Notes connector comes with a predefined set of external attributes that can be used to flow data. However, new external attributes can be added as described in “To add External Attributes for Lotus Notes connectors”.

Using the Object Classes tab

Object Classes screen is the new screen added for the connectors developed using the new connector framework. The external object classes (Lotus Notes directory objectclasses) that can be flown to/from the Connector View are specified in the object Classes screen. Lotus Notes connector comes with a predefined set of external objectclasses that are synchronized. However, new external object classes can be added as described in the following “To add Object Classes for Lotus Notes connectors”.

Restarting the Connector Instance

Except for the logging related settings, you will have to restart the connector instance (if it is already running) for any of the other configuration changes (described above) to take effect. Both instance-specific and shared configurations will not become effective for a given connector instance until it is restarted.

It is possible to pass arguments to the JVM used by the Lotus Notes connector by editing the file NETSITE_ROOT/<connector-dir>/config/jvm.conf. Note that each line of this file should be a valid option of the JVM as defined in the JVM documentation. Lines beginning with # are ignored as empty lines. For example, to set the maximum stack size used by the JVM to 20MB, add the following line to jvm.conf:
-DXss20m

Default values for (initial and maximum) the heap size is set to 200MB (-Xms200m and -Xmx200m). These values are sufficient, only, for small to medium volumes of data. For large volumes of data (50K entries and above; each of ~15KB size), it is recommended that the heap size is set to a higher value (~1500MB; -Xms1500m and -Xmx1500m).

    To restart a connector instance

Stop the connector by right-clicking on the connector instance and selecting “Stop Server”.
Click “Yes” to the prompt. A message appears stating that the stop command has been issued to the component.
Start the connector by right-clicking on the connector instance and selecting “Start Server”. A message appears stating that the start command has been issued to the component.

Look for the message:

"******* Service -------- START SunONE.Connector service, version 5.1.1. *******"

to find out if the connector instance has completed all the initialization and got started successfully. Similarly, look for the message:

"******* Service SunONE.Connector shutdown complete. *******"

to find out if the connector instance has completed its stop/shutdown process.

Enabling and Refreshing the Connector View

After the Connector View is enabled and the Join Engine is started, data can flow to/from the Meta View. The following sections provide details on these tasks.

    To enable and refresh the Connector View

Starting the Join Engine. Before the Join Engine is started, ensure that you have already enabled the retro-changelog plug-in in the Directory Server configuration. To start the Join Engine
Select the “Join Engine” node from the navigation tree and right-click. A context menu appears.
Select “Start Server”. A message stating that the server has been started appears.
Enabling the Connector View
From the Sun ONE Meta-Directory console, click on the “Status” tab.
Click on the Join Engine object. The “Operations” tab appears.
Select the Participating View you want to enable.
Select “Enable” from the “Operation” list and click “Start”. This option disables the “Traverse” drop-down menu.

The Participating View can be enabled if the configuration for setting up the view is valid. Any error in the configuration automatically changes the view to a disable status.

Refreshing the Connector View with respect to the Meta View. You can optionally refresh the view if you want to observe updates immediately and bypass the regularly scheduled refresh synchronization.
From the Sun ONE Meta-Directory console, click on the “Status” tab.
Select the Participating View you want to refresh. Note that it should already be enabled.
Select “Refresh” from the “Operation” list, then select either “Meta View” or “Connector View” from the “Traverse” list.
Click “Start”.
Refreshing the Connector View with respect to Lotus Notes. You can optionally refresh the Connector View with respect to Lotus Notes, if you want to observe updates immediately and bypass the regularly scheduled refresh synchronization.
From the Sun ONE Meta-Directory console, click on the “Status” tab.
Select the Connector View to be refreshed.
Select “Refresh” from the “Operation” list, then select Connector View from the “Updates to the” list.
Click “Start”.
This would refresh all the entries owned by Lotus Notes(i.e. those entries that originally originated from Lotus Notes) in the Connector View. The following dialog pops up when the refresh is started.

In the same manner, data in the Lotus Notes that originated from the meta directory (Connector View or Meta View) can be refreshed by selecting appropriate options.

Select “Refresh” from the “Operation” list, then select “External Directory” from the “Updates to the” list.
Click “Start”.
This would refresh all the Connector View owned entries in the external directory. The following dialog pops up when the refresh is started.

---

Monitoring the Connector

The Lotus Notes Connector maintains only a single log file at the following location that enables one to monitor the connector status:

<NETSITE_ROOT>/notes-ViewName/logs/meta-yyyymmdd-nn.log

For example, a Lotus Notes Connector's log-file might appear as

meta-20021225-04.log

---

Data Flow for User and Group Entries.

Entries in the Lotus Notes Connector View must adhere to certain conditions to flow from the Connector View into the Lotus Notes Directory. Note the following restrictions and advisory information:

To prevent duplicate user IDs from occurring in the same Connector View, the Meta View and Connector Views must be separate entities. A Connector View should not be nested as a subtree of another Connector View.
Entries that preexist in an Lotus Connector View will not flow to the Meta View after the connector starts. To flow these entries, the Lotus notes Connector View must be an enabled participating Connector View in the Join Engine. Refreshing the Meta View operation from the Join Engine will trigger the preexisting entries from the Lotus notes Connector View to flow to the Meta View.

When setting up the Join Engine, you need to ensure that user and group entries meet the required criteria for Lotus Notes Connector views. Discussion on the requirements for both user and group entries follows:

A Lotus Notes group name can have any of these characters: A - Z, 0 - 9, & - . _ ' / (ampersand, dash, period, space, underscore, apostrophe, and forward slash) for the name. Other special characters are not allowed. When adding users, user names can consist of uppercase and lowercase alpha characters (A - Z), numbers (0 - 9), and the ampersand (&), dash (-), dot (.), space ( ) , and underscore (_). The only characters supported by Notes for registered user names are: letters (including those with accents and other diacritical marks from the ISO Latin1 character set), numbers, ampersand, apostrophe, hyphen, period, space, and underscore.

---

Synchronizing Users Using Lotus Notes Specific Schema

Unlike the UTC-based connectors, the Lotus Notes Connector does not provide a direct facility to use Lotus Notes specific schema for the “Attribute Flow Configuration” and “Object Class Mapping Configuration”. The schema for the Directory Server hosting the Connector View does not get automatically extended during the creation of a Lotus Notes Connector instance. You have to manually extend the Sun ONE Directory Server schema using the LDIF files present in the Lotus Notes Connector's installation. The added schema elements include a list of attributeTypes and objectClasses that form a one-to-one mapping of the corresponding (User and Group related) elements present in the schema of Lotus Notes.

As discussed in the previous sections on “Attribute Flow” and “Object Class Flow”, you can create custom rules for the “Attribute Flow Configuration” and “Object Class Mapping Configuration”. Hence, you can create rules for Lotus Notes specific schema using schema elements that are created in the Connector View's Directory Server via schema extension (as explained above).

All you have to do is to create/define new “External Attributes” and “External Object Classes”. Then, choose and map these “External Attributes” and “External Object Classes” with the corresponding new (extended) schema elements in the Sun ONE Directory Server. Names of the new attributeTypes added to the Sun ONE Directory Server schema are of the format - “mdsNotesAttr-<attributeName>” and that of the new objectClasses added to the Sun ONE Directory Server schema are of the format - “mdsNotesOc-<objectClassName>”.

Look for “mdsNotesOc-dominoPerson” and “mdsNotesOc-dominoGroup” in the extended schema for the new object classes added.

---

About Connector Configuration Data

Most of the configuration specific to a Lotus Notes Connector instance is stored under the attribute “mdsgeneralconfiguration” of the following two configuration nodes in the configuration Directory Server instance -

cn=notes-CVN,cn=connectors,cn=system,ou=5,ou=meta-directory,ou=global preferences,ou=<domain-name>,o=netscaperoot
cn=1,cn=tasks,cn=notes-CVN,cn=connectors,cn=system,ou=5,ou=meta-directory,ou=global preferences,ou=<domain-name>,o=netscaperoot

Rest of this section explains some configuration items that is spread across these two nodes. Some of these configuration items marked as “<MANUALLY CONFIGURABLE>” could be modified manually to suit the deployment needs. Rest of the configuration items have been described for the sake of clarity. Once may however choose to manually change these as well.

Configuration items under - cn=notes-CVN,cn=connectors,cn=system,ou=5,ou=meta-directory,ou=global preferences,ou=<domain-name>,o=netscaperoot:

MaxManagerThreads <MANUALLY CONFIGURABLE> - Specifies the maximum number of threads in the thread-pool maintained to service the management/administration requests. You can increase this number if you foresee a large number of simultaneous management/administration requests. The default is set to ‘2’.
Log related items like - LogRollOverDays and LogBufferTime are not used. All the other log related items can be configured via the ‘Log’ tab for the specific connector instance.

Configuration items under:

cn=1,cn=tasks,cn=notes-CVN,cn=connectors,cn=system,ou=5,ou=meta-directory,ou=global preferences,ou=<domain-name>,o=netscaperoot (also referred to as ‘connector instance configuration’):

LastShutdownType <MANUALLY CONFIGURABLE> - Specifies the nature of last shutdown performed on the connector instance. The default is set to ‘0’. A value of ‘0’ indicates ‘NORMAL’ and ‘1’ indicates ‘ABNORMAL’ shutdown. The connector instance tries to recover from an abnormal shutdown whenever it starts up next time.
DeltaRetryMaxCount <MANUALLY CONFIGURABLE> - Specifies the maximum number of times for which an entry's processing should be attempted. If the number of failures while processing an entry reaches this limit, it is not processed further and an appropriate error-message is logged. The default is set to ‘3’.
MaxConnectionRetrials <MANUALLY CONFIGURABLE> - Specifies the maximum number of attempts to be made on connection failures. The same value is used for connections to both the Lotus Notes Server and the Sun ONE Directory Server. The default is set to ‘3’.
TaskMode <MANUALLY CONFIGURABLE> - Specifies the directions in which the connector should synchronize data. The default is set to ‘0’. A value of ‘0’ indicates synchronization in both directions, a value of ‘1’ indicates synchronization only ToCV and a value of ‘2’ indicates synchronization only FromCV.
AttributeFlowConfiguration <MANUALLY CONFIGURABLE> - Specifies the name of the “Attribute Flow Rule” to be used for synchronization. The default is set to “Minimal Attribute Set for Default Schema”. These rules are stored under the configuration node - cn=attribute flow,cn=lotus notes,cn=connectors,cn=sharedconfiguration,cn=system,ou=5,ou=meta-directory,ou=global preferences,ou=<domain-name>,o=netscaperoot.
ObjectClassFlowConfiguration <MANUALLY CONFIGURABLE> - Specifies the name of the “Object Class Flow Rule” to be used for synchronization. The default is set to “Object Class Set for Default Schema”. These rules are stored under the configuration node - cn=objectclass flow,cn=lotus notes,cn=connectors,cn=sharedconfiguration,cn=system,ou=5,ou=meta-directory,ou=global preferences,ou=<domain-name>,o=netscaperoot.
AttributeFlowGranularity - This configuration item is not used by the Lotus Notes Connector and should not be changed. This identifies the granularity for the other UTC-based connectors.
ExternalHost <MANUALLY CONFIGURABLE> - Specifies the fully qualified host-name of the host on which Lotus Notes Server is running. You can make changes to this item if you want to change it after the connector instance has been created.
ExternalPort <MANUALLY CONFIGURABLE> - Specifies the port number on which Lotus Notes directory service is running. You can make changes to this item if you want to change it after the connector instance has been created. The default is set to “389” if you don't specify one during the instance creation of the connector.
ExternalDNToSynch <MANUALLY CONFIGURABLE> - Specifies the DN of the root-suffix in the Lotus Notes Connector that needs to be synchronized. You can make changes to this item if you want to change it after the connector instance has been created.
AttributesToMapLikeDnExtToDir <MANUALLY CONFIGURABLE> - Specifies the list of attributes whose values need to go through a DN-mapping-mechanism during the “Lotus Notes-to-Sun ONE Directory” synchronization. A typical example is the “member” attribute present in the “dominogroup” object class whose value is the DN of the group's member. The default is set to “member=dominoperson”. The format specifies the name of the attribute to be DN-mapped followed by the name of the object class (in the Lotus Notes schema) to which the “value-of-this-attribute” belongs (separated by an “=” sign). Members of this list are “,” (comma) separated.
AttributesToMapLikeDnDirToExt <MANUALLY CONFIGURABLE> - Specifies the list of attributes whose values need to go through a DN-mapping-mechanism during the “Sun ONE Directory-to-Lotus Notes” synchronization. A typical example is the “uniquemember” attribute present in the “groupofuniquenames” object class whose value is the DN of the group's member. The default is set to “member=inetorgperson”. The format specifies the name of the attribute to be DN-mapped followed by the name of the object class (in the Sun ONE Directory Server schema) to which the “value-of-this-attribute” belongs (separated by an “=” sign). Members of this list are “,” (comma) separated.
ExternalToDirIsInitialSynchTotal <MANUALLY CONFIGURABLE> - Specifies the nature of the first synchronization cycle. When set to ‘true’, this configuration allows the connector to bypass all the change-detection-processing to achieve better performance for initial loading of data from the Lotus Notes server to the Connector View.

If it is set to ‘true’ manually after a connector instance is created and used, you need to manually cleanup the records present in the tables (ImageTable and ChangelogTable) presented in the intermediate changelog database. You should also manually remove all the entries in Connector View that originated from the Lotus Notes server and flowed via this connector instance and set the value of the configuration item LastSynchPoint to the value of the attribute lastchangenumber from the rootDSE.

DirectoryHost <MANUALLY CONFIGURABLE> - Specifies the fully qualified host-name of the host on which Sun ONE Directory Server (hosting the Connector View) is running. You can make changes to this item if you want to change it after the connector instance has been created.
DirectoryPort <MANUALLY CONFIGURABLE> - Specifies the port number on which Sun ONE Directory Server is running. You can make changes to this item if you want to change it after the connector instance has been created. The default is set to “389” if you don't specify one during the instance creation of the connector.
DirectoryDNToSynch <MANUALLY CONFIGURABLE> - Specifies the DN of the root-suffix in the Sun ONE Directory Connector that needs to be synchronized. You can make changes to this item if you want to change it after the connector instance has been created. This typically represents the Connector View ID.
LastSynchPoint <MANUALLY CONFIGURABLE> - Specifies the “changeNumber” of the changelog-entry (created by the retro-changelog plug-in) from which the “Sun ONE Directory-to-Lotus Notes” synchronization is started when the connector comes up.
LocaleLanguagePart <MANUALLY CONFIGURABLE> - Specifies the language portion of the locale used for the logging resource bundles. The default is set to “en” (representing “English”).
LocaleRegionPart <MANUALLY CONFIGURABLE> - Specifies the region portion of the locale used for the logging resource bundles. The default is set to “US” (representing “United States”).
LoggingResourceBundleClassName <MANUALLY CONFIGURABLE> - Specifies the fully qualified class name of the list resource bundle to be used for the log-messages dumped by the connector during access to the Lotus Notes. The default is set to - com.sun.metadir.connectors.lotusnotes.logging.resourcebundles.LNLoggingMessagesBundle.
IntermediateDBDriverClassName <MANUALLY CONFIGURABLE> - Specifies the fully qualified class name of the JDBC driver to be used to connect to the intermediate changelog database. The default is set to ‘com.mysql.jdbc.Driver’ (corresponding to the mySQL Connector/J 2.0.14 driver).
IntermediateDBAURL<MANUALLY CONFIGURABLE> - Specifies the JDBC URL to be used to connect as the database administrator of the intermediate changelog database. Format of this JDBC URL is - jdbc:<subprotocol>://<fullyQualifiedHostName>/<DatabaseName>/user=<UserName>&password=<userPassword>. This URL is used by the connector to create/remove the intermediate changelog database and users for the connector's functioning.
IntermediateDBJDBCURL <MANUALLY CONFIGURABLE> - Specifies the JDBC URL to be used to connect as the intermediate changelog user. Format of this JDBC URL is - jdbc:<subprotocol>://<fullyQualifiedHostName>:<portIfNotDefault>/<DatabaseName>/user=<UserName>&password=<userPassword>. This URL is used by the connector to access the intermediate changelog database for the connector's functioning.

---

Configuration Example

The following example is intended as a quick reference which can be used as a checklist. For complete configuration information, refer back to the earlier portions of this chapter.

Install the Connector
Ensure that Sun ONE Directory Server 5.2 and the Sun ONE Meta-Directory 5.1.1 is installed. If the Lotus Notes connector is being installed on windows, ensure notes client is installed. Also ensure that the user.id file for the admin and cert.id file for the certifier are copied.
Create a Lotus Notes connector instance. During instance creation, provide input for all data fields. For details on the input fields, please see the table at the beginning of this chapter on Dialog Box Parameters”.
Add the Connector View as a Participating View
Right-click the Participating Views object. A context menu appears.
Select “Add Participating View”. The “Select View” dialog box appears.
Select “notes-CVN” and click OK. The view is added to the Sun ONE Meta-Directory tree.
Provide authorization. See “Setting Access Permissions”.
Configure Connector Rules
By default “Minimal Attribute Set for Default Schema” is selected as the attribute flow configuration.
By default “Object Class Set for Default Schema” is selected as the object class flow configuration.
Customized attribute flow and object class flow rules can be set as described earlier in this chapter.
Configure a Connector Instance
Select the “notes-CVN” connector instance. The “General” tab appears.
If default configuration rules are used, no configuration is required for the connector. If customized “Attribute Flow Configuration” and “Object Class Flow Configuration” are required, select the right configuration from the “Attribute Flow configuration” drop-down list and “Object Class Flow Configuration” drop-down list.
For Operation, select “Both send and receive updates”.
Click “Save” if any default configuration was modified. Leave the current values for fields in the Schedule, Log, Attributes and ObjectClasses tabs.
Restart the Connector Instance
Stop the connector by right-clicking on “notes-CVN” and selecting “Stop Server”.
Click “Yes” to the prompt. A message appears stating that the stop command has been issued to the component.
Start the connector by right-clicking on “notes-CVN” and selecting “Start Server”. A message appears stating that the start command has been issued to the component.
Start the Join Engine
Select the Join Engine object from the navigation tree and right-click and select “Start Server”. A message appears stating that start command has been issued to the component.
Enable and Refresh the Meta View
Select “Status > Join Engine > Operations”.
For “View”, select the Lotus Notes Connector View. For Operation, select “Enable”, and then click “Start”.
For “Traverse” direction, keep the default value as “Connector View” and repeat the step above, except select “Refresh” instead of “Enable”.
Wait for a few seconds. From the “Configuration” tab Refresh the “Content” of Meta View. Verify that the data is properly propagated to the Meta View.

---

Uninstalling the Connector

Prior to uninstalling the Lotus Notes Connector (instances), you must remove each of the connector instances separately using the ‘Remove Server’ option from the Meta Console. This cleans the file system, registry (on Windows), configuration-directory, Connector Views, and the created-items (new database and users) from the MySQL database server.

Note	It is highly recommended that you follow the above procedure during the uninstallation of the connector, else, problems could occur during subsequent installation attempts (if you enter the same input parameters when creating the connector instances).

---

Known Limitations

Synchronization of password attributes is not supported.
Currently one can use only MySQL as the relational database that can store the intermediate changelog for the Lotus Notes Connector.
The MySQL database administrator user (supplied during the instance creation of Lotus Notes Connector) needs to be associated with an appropriate hostname of '%', 'localhost', 'non-qualified-host-name-of-JDBC-driver' or 'database-server-host-name'.
Lotus Notes Connector supports (scheduled and manual) synchronization of container entries; such as: instances of ‘organizationalunit’ and commonly synchronized user and group entries.

The connector automatically creates a DIT in the Connector View for a corresponding DIT in Lotus Notes.

However, the user or administrator must provide the ‘ObjectClass’ mapping in the exact order of containment, for the connector-configuration. For example, if user, group, and organizationalunit entries are to be synchronized from Lotus Notes to the Connector View, then the correct order is:

1. To CV:: organizationalunit#ou <-> organizationalunit#ou

2. To CV:: inetorgperson#cn <-> inetorgperson#uid

3. To CV:: groupofnames#cn <-> grouofuniquenames#cn

Also, make sure the contained entries have the same ownership as the container entries. (All entries under a container should either be owned by Lotus Notes or the Connector View.)

The attribute flow rule must not contain a mapping for “objectclass” attribute. It is included by default for any attribute flow rule (preset or custom) selected.
Support for InitialDump is provided ONLY for the first external to directory synchronization cycle. One should not try to change the configuration in the configuration Directory Server instance and expect the same behavior for subsequent synchronization cycles. However, if there is a requirement to perform an InitialDump again, one should set "ExternalToDirIsInitialSynchTotal=true" in the connector instance configuration (from the backend) and manually clean up the tables in the intermediate changelog database in MySQL (delete all records from both the tables - ImageTable and ChangelogTable) and the entries from the Connector View. The above mentioned terms are defined as follows:
InitialDump - Identifies the first synchronization cycle (for synchronization from Lotus Notes Server to Sun ONE Directory Server) as an Initial Dump. The connector bypasses all the change-detection processing and identifies all the entries as NEW for the CV and processes them asynchronously to allow better performance.
Incremental - Identifies the first (and subsequent) synchronization cycle(s) (for synchronization from Lotus Notes Server to Sun ONE Directory Server) to be Incremental. The connector performs all the regular change-detection processing in this case.
Depending on the direction of synchronization, the naming attribute of the destination object class is always required to be mapped to the naming attribute of the source object class. Even if such a mapping is supplied by the user, it is overridden and changed by the connector to the mapping recommended above.
It is also recommended that the naming attribute of the source object class is always mapped only to the naming attribute of the destination object class. Otherwise, the naming attributes at either ends would end up having multiple values. This might not be desired sometimes, especially when the Connector View is configured with respect to the Join-Engine/Meta-View. For example - if “dominoPerson” object class (with naming attribute of “cn”) at Lotus Notes Server is synchronized with “inetOrgPerson” object class (with naming attribute of “uid”) at Sun ONE Directory Server, then the only recommended attribute mapping (involving these two naming attributes at both ends) for both the directions of synchronization is “(External)cn<->(Directory)uid”.
Addback operations would not be supported if the synchronization is configured for only one direction.

Previous      Contents      Index      Next

---

Copyright 2004 Sun Microsystems, Inc. All rights reserved.