The lazy administrator, how to make your life easier by using TDI to
The lazy administrator
How to make your life easier by
using TDI to automate your work
Klaus Bild - WebGate AG
Wannes Rams - Ramsit
#engageug
About us
#engageug
Senior System Architect
WebGate AG
Senior Consultant
Ramsit
IBM Connections
IBM Sametime
TDI
Softlayer
Scripting
…
IBM Connections
IBM Sametime
TDI
IBM Domino
Networking
…
2
Agenda
Introduction to TDI (a.k.a SDI)
•
•
•
What is TDI
How to use it with Domino
How to use it with Connections
Examples, examples, examples
•
•
•
#engageug
Maintain Community membership through a Domino
application
Export users last logon date per application
Create a Wiki page with users of your Domino address book
3
Goal
Giving you a basic understanding how you can use Tivoli Directory Integrator to reuse data which resides in IBM Connections or IBM Domino.
#engageug
4
Who are you?
e
h
d
n
A
c
s
i
D
#engageug
d
i
d
y,
e
m
i
la
r
l
a
I
a
e
r: W
e
m
y
d
ea
t
o
n
e
r
:
n
ntio
e
d
a
s
r
e
p
o
l
ve
5
What is Tivoli Directory Integrator (TDI 7.1.1)
aka Security Directory Integrator (SDI 7.2)
Input&
(Feed)&
Func6ons&
Scripts&
#engageug
Flow&Components&
A<ribute&Maps&
Assembly&
Line&(AL)&
Output&
6
What is Tivoli Directory Integrator (TDI 7.1.1)
aka Security Directory Integrator (SDI 7.2)
Modes:
•
•
•
•
#engageug
AddOnly (A)
CallReply (C)
Delete (D)
Delta (Δ)
•
•
•
•
Iterator (I)
Lookup (L)
Update (U)
Server (S)
7
What is Tivoli Directory Integrator (TDI 7.1.1)
aka Security Directory Integrator (SDI 7.2)
Available Connectors (7.1.1, more than 60):
#engageug
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Active Directory Change Detection Connector
AssemblyLine Connector
Axis Easy Web Service Server Connector
Axis2 Web Service Server Connector
CCMDB Connector
Command line Connector
Database Connector
Deployed Assets Connector
Direct TCP /URL scripting
custom
Domino AdminP Connector
Domino Change Detection Connector
Domino Users Connector
DSMLv2 SOAP Connector
DSMLv2 SOAP Server Connector
EIF Connector
File Connector
File Management Connector
Form Entry Connector
FTP Client Connector
Generic Log Adapter Connector
Old HTTP Client Connector
HTTP Client Connector
Old HTTP Server Connector
HTTP Server Connector
IBM MQ Connector
IBM Directory Server Changelog Connector
IdML CI and Relationship Connector
IT Registry CI and Relationship Connector
ITIM Agent Connector
TIM DSMLv2 Connector
JDBC Connector
JMS Connector
JMS Password Store Connector
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
JMX Connector
JNDI Connector
LDAP Connector
LDAP Group Members Connector
LDAP Server Connector
Log Connector
Lotus Notes Connector
Mailbox Connector
Memory Queue Connector
Memory Stream Connector
Properties Connector
RAC Connector
RDBMS Change Detection Connector
SAP ABAP Application Server Business Object Repository
Connector
SAP ABAP Application Server User Registry Connector
Script Connector
Server Notifications Connector
Simple Tpae IF Connector
SNMP Connector
SNMP Server Connector
Sun Directory Change Detection Connector
System Queue Connector
System Store Connector
TADDM Change Detection Connector
TADDM Connector
TCP Connector
TCP Server Connector
Tivoli Access Manager (TAM) Connector
Timer Connector
Tpae IF Change Detection Connector
Tpae IF Connector
URL Connector
Web Service Receiver Server Connector
Windows Users and Groups Connector
z/OS LDAP Changelog Connector
8
How to use TDI with Domino
Available Connectors for Notes/Domino:
•
•
•
•
Domino Change Detection Connector (Mode: I):
Enables TDI to detect when changes have occurred to a nsf database
maintained on a Domino server and reports changed Domino documents.
Domino Users Connector (Mode: ADILU):
Provides access to Lotus Domino user accounts and the means for
managing them.
Lotus Notes Connector (Mode: ADILU):
Works directly with any type of Notes Documents in any .nsf database.
Domino AdminP Connector (Mode: AI):
The Domino AdminP Connector is a special version of the Lotus Notes
Connector, the database parameter is always set to admin4.nsf. It has the
capability to sign fields while adding a document and you can create AdminP
request.
Or use non Domino specific: LDAP Connector (ADILUΔ) / HTTP Client Connector (AILC)
#engageug
9
How to use TDI with Domino
Supported session types by Connector:
Supported)Sessions)>) Local)Client)Session) Local)Server)Session)
Connectors)V)
IIOP)session)
Domino&Change&
Detec.on&Connector&
Yes&
No)
Yes&
Domino&Users&
Connector&
Yes&
Yes&
Yes&
Lotus&Notes&
Connector&
Yes)
Yes&
Yes&
Domino&AdminP&
Connector&
No)
&
Yes&
Yes&
-> IIOP session gives you the highest flexibility
#engageug
10
How to use TDI with Domino
If you are using IIOP sessions, perform the
following:
•
Ensure the Notes.jar file does not exist in the TDI_install_dir/jars folder
and any of its subfolders.
•
Copy Domino_data/domino/java/NCSO.jar to TDI_install_dir/jars/3rdparty/IBM or to the folder specified by the com.ibm.di.loader.userjars property in
global.properties (or solution.properties).
#engageug
11
How to use TDI with Connections
Pre-packaged scripts with IBM Connections:
•
“Official” way to go if you want to change which users are imported or
want to change/add/get profile data. Included scripts:
•
•
collect_dns, delete_or_inactivate_employees, dump_photos_to_files, dump_pronounce_to_files,
fill_country/department/emp_type/organization/workloc, load_photos_from_files,
load_pronounce_from_files, mark_managers, populate_from_dn_file, sync_all_dns
Needs setup, has to be imported into TDI solution directory and will
add two additional connectors (Profile/Photo) as well.
IBM Connections API:
•
#engageug
Gives you access to almost every function that you can access and
use through the IBM Connections user interface. You can use standard
TDI connectors (i.e. HTTP Client connector). Be aware that the API
documentation is not very good (to say it nicely).
12
How to use TDI with Connections
IBM Social Business Toolkit:
•
TDI is java based and therefore you can use the IBM SBT SDK to
create your own script connectors. You have to import some parts of
the SDK into your TDI environment. You definitely should have a
developer background. -> http://de.slideshare.net/AndreasArtner/activity-stream-how-to-feed-the-beast
Direct Database access:
•
#engageug
Connections stores almost everything inside the RDBMS but there is no
public DB schema info from IBM. This is not a supported way to
change data inside Connections (although some Partner solutions
directly manipulate data in the database and their solutions are IBM
supported). But you can use it to get data from Connections.
13
Community membership through
a Domino application - Example
#engageug
14
Community membership through
a Domino application - Example
#engageug
15
Community membership – How to
The workflow is as follows:
1. Iterate through all Community entries in the Notes DB
2. Create Community if it is a new Community
•
•
•
•
Check if it is a new community
Create Community Atom entry
Call/Reply request to the Communities API
Get the Uuid of the new Community & write it back to the Notes DB
3. Add missing members to every Community
•
•
•
Iterate through all members found in the Community entry (from the Notes
DB) and look if user is not a member in the Community member feed
Create member Atom entry
Send the member Atom entry to the Communities API
4. Add missing Owners (same steps as for member adding)
#engageug
16
Community membership – How to
1. Iterate through all Community entries in the Notes DB
Just use Lotus Notes Connector in iterator mode, again this is
easy.
You don’t need a running HTTP task on Domino if you use the DIIOP IOR string as Server IP Address!
#engageug
17
Community membership – How to
2. Create Community if it is a new Community
• Check if it is a new community
#engageug
18
Community membership – How to
2. Create Community if it is a new Community
• Create Community Atom entry
var atom_community_entry = '<?xml version="1.0"
encoding="UTF-8"?><entry xmlns="http://www.w3.org/2005/
Atom" xmlns:app="http://www.w3.org/2007/app"
xmlns:snx="http://www.ibm.com/xmlns/prod/sn"><title
type="text">' + work.Community_Name + '</title><content
type="html">' + work.Description + '</content><category
term="community" scheme="http://www.ibm.com/xmlns/prod/sn/
type"></category><snx:communityType>' + work.Access + '</
snx:communityType></entry>';
#engageug
19
Community membership – How to
2. Create Community if it is a new Community
• Call/Reply request to the Communities API
This user needs the admin security role for the Communities app!
#engageug
20
Community membership – How to
2. Create Community if it is a new Community
• Get the Uuid of the new Community & write it back to the Notes DB
#engageug
21
Community membership – How to
3. Add missing members to every Community
• Get the Community member feed (received with HTTP client
connector)
This will create a request to following URL:
…/communities/service/atom/community/
members?communityUuid=$uuid&role=member
#engageug
22
Community membership – How to
3. Add missing members to every Community
• Iterate through all members found in the Community entry (from
the Notes DB) and look if user is not a member in the
Community member feed
#engageug
23
Community membership – How to
3. Add missing members to every Community
• Create member Atom entry through script:
var atom_member_entry = '<?xml version="1.0" encoding="UTF-8"?
><entry xmlns="http://www.w3.org/2005/Atom" xmlns:app="http://
www.w3.org/2007/app" xmlns:snx="http://www.ibm.com/xmlns/prod/
sn"><contributor>¨<email>' + work.InternetAddress + '</
email><snx:role>member</snx:role></contributor><snx:role
component="http://www.ibm.com/xmlns/prod/sn/communities">member</
snx:role></entry>’; #engageug
24
Community membership – How to
3. Add missing members
to every Community
• Send the member Atom entry to the
Communities API
(HTTP client
connector)
URL on next page
This user needs the
admin security role
for the Communities
app!
(WAS Admin
Console)
#engageug
25
Community membership – How to
3. Add missing members to every Community
• Send the member Atom entry to the Communities API (HTTP
client connector)
This will create a request to following URL:
…/communities/service/atom/community/
members?communityUuid=$uuid
#engageug
26
Community membership – How to
4. Add missing Owners (same steps as for members)
var atom_owner_entry = '<?xml version="1.0" encoding="UTF-8"?>
<entry xmlns="http://www.w3.org/2005/Atom" xmlns:app="http://www.w3.org/
2007/app" xmlns:snx="http://www.ibm.com/xmlns/prod/sn"><contributor><email>'
+ work.InternetAddress_Owner + '</email><snx:role>owner</snx:role></
contributor><snx:role component="http://www.ibm.com/xmlns/prod/sn/
communities">owner</snx:role></entry>’;
#engageug
27
Community membership – How to
Final assembly line
#engageug
28
Export users last logon date per
application - Example
#engageug
29
Export users last logon date per
application - Example
#engageug
30
Export users last logon date – How to
Example
•
•
•
•
•
We will export the last logon date for all users
For all applications
Export to Domino
Export to CSV
This runs scheduled weekly as a reporting to our deployment team
The workflow is as follows
1.
2.
3.
4.
5.
6.
7.
#engageug
Iterate through all entries in the PeopleDB and fetch uid and full name
Connect to the application table that contains the profile
Fetch user key
Connect to Application table that contains last logon date
Repeat for all applications
Write to Domino
Write to csv
31
Export users last logon date – How to
1. Iterate through all entries in the PeopleDB and fetch uid and full
name
•
#engageug
Create a new assemble line and add a Database Connector. Make it an
iterator and connect it to your Profiles database Employee table
32
Export users last logon date – How to
2. Connect to the application table that contains the profile
•
•
#engageug
Will show you for 1 database (FILES) and then give you the mapping table
for the other databases
Connect to the Files database, USER_TO_LOGIN table
33
Export users last logon date – How to
3. Fetch user key
•
#engageug
Use the uid_lower as your key to find the relevant user key
34
Export users last logon date – How to
4. Connect to Application table that contains last logon date
•
#engageug
Now connect to the Files database USER table to get the last logon date of
this user using the USER_ID fetched in the last step as a link
35
Export users last logon date – How to
5. Repeat for all applications
•
#engageug
Repeat these steps for all applications, except Blogs. The Blogs database table
ROLLERUSER contains uid and last logon date. On top of that it is the only table that
uses the uid as is and not converted to lowercase (thank god for consistency)
36
Export users last logon date – How to
•
This is the table for all the databases
Applica'on*
Uid*lookup*Table*
Table*Name*
Uid*Column*
User*Key*Column*
Blogs&
Not&needed&
Not&needed&
Not&needed&
Bookmarks&
PERSONLOGIN&
LOGINNAME&
PERSON_ID&
Files&
USER_TO_LOGIN&
LOGIN_ID&
LOGIN_ID&
Forum&
DF_MEMBERLOGIN&
LOGINNAME_LOWER& MEMBERID&
Homepage&
LOGINNAME&
LOGINNAME&
PERSON_ID&
AcEviEes&
OA_MEMBERLOGIN&
LLOGINNAME&
MEMBERID&
Profiles&
EMPLOYEE&
PROF_UID_LOWER&
PROF_KEY&
CommuniEes&
MEMBERLOGIN&
LOWER_LOGIN&
MEMBER_UUID&
Wikis&
USER_TO_LOGIN&
LOGIN_ID&
USER_ID&
#engageug
37
Export users last logon date – How to
•
This is the table for all the databases
Applica'on*
Last*Logon*table*
Table*Name*
Uid*
Last*Logon*
Blogs&
ROLLERUSER&
USERNAME&
LASTLOGIN&
Bookmarks&
PERSON&
PERSON_ID&
LASTLOGIN&
Files&
USER&
ID&
LAST_VISIT&
Forum&
MEMBERPROFILE&
MEMBERID&
LASTLOGIN&
Homepage&
PERSON&
PERSON_ID&
LAST_UPDATE&
AcBviBes&
OA_MEMBERPROFILE&
MEMBERID&
LASTLOGIN&
Profiles&
PROFILE_LAST_LOGIN&
PROF_KEY&
LAST_LOGIN&
CommuniBes&
MEMBERPROFILE&
MEMBER_UUID&
LASTLOGIN&
Wikis&
USER&
ID&
LAST_VISIT&
#engageug
38
Export users last logon date – How to
•
Create a Domino Database with a form called “User” and following
fields:
•
•
#engageug
Activities_LASTLOGIN, Name, Blogs_LASTLOGIN, Communities_LASTLOGIN,
Dogear_LASTLOGIN, Files_LASTVISIT, Forum_LASTVISIT,
Homepage_LASTUPDATE, Profiles_LASTLOGIN, Uid, Wikis_LASTVISIT
And a view to show these 39
Export users last logon date – How to
6. Write to Domino
•
•
Add a Lotus Notes connector to the assembly line and connect it to your
database using diiop
Set the mode to “AddOnly”
You don’t need a running HTTP task on Domino if you use the DIIOP IOR string as Server IP Address!
#engageug
40
Export users last logon date – How to
6. Write to Domino
•
•
#engageug
Create the following output map
The reason for not having the value as is in the left column is because the
value you get from db2 is in java.sql.date format, we need to make sure
we get the string 41
Export users last logon date – How to
7. Write to csv
•
•
#engageug
To dump to a csv file add a File System Connector and select csv as parser. Add the header fields to the Field Names and enable the write header
Set “;” as your seperator 42
Export users last logon date – How to
7. Write to csv
Now we need to set the file location and file name. We want to make this dynamic so we can schedule the script. File location will be defined in the property file. Use the following javascript to define the filename and location
•
var srcPath=system.getTDIProperty("Cnx", "export_path")
var stDateStamp=system.formatDate((new Date()),"yyyyMMdd");
var outFile=srcPath + system.getTDIProperty("Cnx",
"export_filename") + stDateStamp + ".csv";
return outFile
#engageug
43
Export users last logon date – How to
7. Write to csv
•
#engageug
For the csv file we can output in the original format, no need to transform
to String as the parser will do this for us.
44
Calibri weiss 32 Fett
Calibri 24 Fett • Calibri 18 − Calibri 18 30.03.2015
4
Contact
ch.linkedin.com/in/kbild/
kbild.ch
twitter.com/kbild
slideshare.com/kbild
#engageug
linkedin.com/in/wannesrams
wannes.ramsit.com
twitter.com/wannesrams
slideshare.com/palmke
46
Create a Wiki page with users of your
Domino address book - Example
#engageug
47
Create a Wiki page with users of your
Domino address book - Example
#engageug
48
Wiki page – How to
1. Get all Domino users in names.nsf:
Just use Domino Users Connector in iterator mode, easy.
Best practice:
Always use property files for your parameters, it will save you a lot of
time if you want to use the AL with different servers, environments!
#engageug
49
Wiki page – How to
2. Create the Wiki page Atom document (AL create_Wiki_Entry_Atom):
Find out how the Atom document has to be build
(http://www-10.lotus.com/ldd/appdevwiki.nsf/dx/Wiki_page_content_ic50)
or try the SBT playground
https://greenhouse.lotus.com/sbt/SBTPlayground.nsf/
Explorer.xsp#api=Social_Wikis_API_Working_with_wiki_pages
Should be easy but… Example on SBT playground (does not work)
•
•
•
Works if you change the content line to
<content type="text/html"><![CDATA[<p>This is James's wiki page.</p>]]>
#engageug
50
Wiki page – How to
2. AL create_Wiki_Entry_Atom:
•
•
•
•
#engageug
Define the HTML code for the page
Use the Prolog for the first part
Use the iterator to generate the list
Use the Epilog for the closing
51
Wiki page – How to
2. AL create_Wiki_Entry_Atom:
•
This is the final code, all on ONE line:
<?xml version="1.0" encoding="UTF-8"?><entry xmlns="http://www.w3.org/2005/Atom"><content type="text/html"><![CDATA[<div><p dir="ltr"><strong
style="color: rgb(67, 106, 173);font-size:large;">All data is from the Domino directory - Example for IBM Connect in Zurich </strong> <img src="/images/
graphics-star-wars-300566.gif" width="151" height="100"/></p><table border="1" cellpadding="5" cellspacing="0" dir="ltr" style="border-collapse:
collapse; width: 800px;" width="246"><tbody><tr height="14"><td><strong>Name</strong></td><td><strong>Shortname</strong></
td><td><strong>Title</strong></td><td><strong>Company</strong></td><td><strong>Number</strong></td><td><strong>Photo (Connections
photo!)</strong></td></tr><tr><td><span class="vcard"><a class="fn url" href="">Christian Guedemann</a><span class="email" style="display:
none;">[email protected]</span></span></td><td><span class="vcard"><a class="fn url" href="">CGU</a><span class="email"
style="display: none;">[email protected]</span></span></td><td>Senior System Architect</td><td>WebGate Consulting AG</td><td><a
href="sip://+41008008008">+41008008008</a></td><td><div style="width: 150px;height: 150px;border-radius: 75px;-webkit-border-radius: 75px;-mozborder-radius: 75px;background: url(/profiles/[email protected]) no-repeat;"></div></td></tr><tr><td><span
class="vcard"><a class="fn url" href="">Klaus Bild</a><span class="email" style="display: none;">[email protected]</span></span></
td><td><span class="vcard"><a class="fn url" href="">KBI</a><span class="email" style="display: none;">[email protected]</span></span></
td><td>Senior System Architect</td><td>WebGate Consulting AG</td><td><a href="sip://+41004004004">+41004004004</a></td><td><div style="width:
150px;height: 150px;border-radius: 75px;-webkit-border-radius: 75px;-moz-border-radius: 75px;background: url(/profiles/photo.do?
[email protected]) no-repeat;"></div></td></tr><tr><td><span class="vcard"><a class="fn url" href="">Christoph Stoettner</a><span
class="email" style="display: none;">[email protected]</span></span></td><td><span class="vcard"><a class="fn url" href="">CST</
a><span class="email" style="display: none;">[email protected]</span></span></td><td>Senior IT Consultant</td><td>Fritz and Macziol
GmbH</td><td><a href="sip://+41003003003">+41003003003</a></td><td><div style="width: 150px;height: 150px;border-radius: 75px;-webkit-borderradius: 75px;-moz-border-radius: 75px;background: url(/profiles/[email protected]) no-repeat;"></div></td></
tr><tr><td><span class="vcard"><a class="fn url" href="">Sharon Bellamy</a><span class="email" style="display: none;">[email protected]</
span></span></td><td><span class="vcard"><a class="fn url" href="">SBE</a><span class="email" style="display:
none;">[email protected]</span></span></td><td>IT Consultant</td><td>Cube Soft Consulting</td><td><a href="sip://+41003003003">
+41003003003</a></td><td><div style="width: 150px;height: 150px;border-radius: 75px;-webkit-border-radius: 75px;-moz-border-radius:
75px;background: url(/profiles/[email protected]) no-repeat;"></div></td></tr><tr><td><span class="vcard"><a class="fn url"
href="">Wannes Rams</a><span class="email" style="display: none;">[email protected]</span></span></td><td><span class="vcard"><a
class="fn url" href="">WRA</a><span class="email" style="display: none;">[email protected]</span></span></td><td>Social Business
Consultant</td><td>GFI</td><td><a href="sip://+41003003003">+41003003003</a></td><td><div style="width: 150px;height: 150px;border-radius:
75px;-webkit-border-radius: 75px;-moz-border-radius: 75px;background: url(/profiles/[email protected]) no-repeat;"></div></
td></tr></tbody></table></div> ]]></content><category scheme="tag:ibm.com,2006:td/type" term="page" label="page" /></entry>
#engageug
52
Wiki page – How to
3. Send the Wiki page Atom document to the Wikis API (HTTP client
connector):
• This is good documented http://www-10.lotus.com/ldd/appdevwiki.nsf/dx/Updating_a_wiki_page_ic50
#engageug
53
Wiki page – How to
#engageug
This user needs editor rights on the Wiki
54
Wiki page – SSL requests
•
•
#engageug
Most Connections environments force traffic over SSL
If you get following error if you call the Connections API through
SSL you have to import the Connections server certificate into
TDI_install_dir/jserverapi/testadmin.jks (pw: administrator)
55
Wiki page – How to
4. Final step is to create an AL with combines the
create_Wiki_Entry_Atom AL and the HTTP client connector
#engageug
56
© Copyright 2025