Fun with TDI (aka SDI) and AD/Domino/Cnx – Part 1

As you can see I really love abbreviations but for those of you which have no clue what I’m talking about:

  • TDI -> IBM Tivoli Directory Integrator or the new name IBM Security Directory Integrator
  • AD -> Microsoft Active Directory
  • Domino -> IBM Domino Server
  • Cnx -> IBM Connections

Everyone knows the scenario, a new employee begins to work at your company but before he can use your internal systems he has to be manually added to thousands of systems.
This can be automated/simplified with TDI scripts and this was exactly what I did last week.

The task was to define the user data which is needed for the different systems and then to create a TDI script which does following:

  1. Monitore AD for changes
  2. If users are added/changed check the “mustfields” in AD
  3. Create/change the user in Domino (with registration/creation of ID…)
  4. Add/change users group membership
  5. Add/change user in Domino Apps (CRM…)
  6. Create a CSV file with all employees and the actual user data
  7. Upload the file to IBM Connections
  8. Create a comment of what has been changed inside the file
  9. Update a Wiki page where all employees are listed with actual user data

Following movie gives you an overview of the script:

The first part (1-6)  is pretty easy and you can find lot of examples by googling. A pitfall for me was that we are using ID vault and that you have to define all of the following variables for your Domino Users Connector in this case (I missed REG_RegistrationServer at the beginning, thx Kris De Bisschop for helping me out)

REG_CertPassword
 REG_CertifierIdFile
 REG_CreateMailDb
 REG_IdFile
 REG_Is
 REG_MailTemplateFile
 REG_Perform
 REG_RegistrationServer
 REG_Server
 REG_StoreIDInAddressBook
 REG_UserPw

Checking and adding users to a Domino group can’t be done directly with a connector in Update mode. It has to be done via a lookup connector, add user to the member array and then writing back these members with a Notes connector in Update mode.
I had a second issue during testing with a DB index not being up to date and therefore my script added users to our CRM DB even when the users were already created some minutes ago. Solving this was to check the “Always use Formula Search” box in the used Lotus Notes Connector. Thanks  Frédéric helping me identify the problem and Andreas Artner for the solution.

Btw, if you speak german I would recommend to look through following presentation from Andreas which gives you a very good overview what can be done with TDI: Synchronisieren von Daten mit IBM Tivoli Directory Integrator

In part 2/3 later this week I will show you how you can upload a file to IBM Connections, create a comment and update a Wiki page with the TDI script, so stay tuned.

 

Leave a Reply

%d bloggers like this: