Some IBM Security Directory Integrator (aka TDI) stuff


As part of my preparing for my sessions on CCTY in Munich I played with some usefull stuff around IBM Security Directory Integrator, IBM Connections & IBM Domino. I would like to share a few samples which some of you may need.

First of all I created the Assembly Line syncKerberosPrincipal which synchronizes the Users Kerberos Realm in the Domino Fullname Field. This is usefull if you would like to use SPENGO in a Connections environment which uses Domino as user base. The Assembly Line uses the users sAMAccountName to build his Kerberos Realm. This value will be written to the Domino FullName Field via LDAP or DIIOP. All Connector properties are configured in one single properties file. To increase the performance I used delta mode which forces SDI only to synchronize changed users. This feature uses a local derby database which look up changed attributes. Further I used some hooks for logging and error processing.


The second one called syncLTPAUser synchronizes the Active Directory DN in the Domino LTPAUsrNm field. Both connectors are using LDAP connections. The script customizeDN replaces all semicolons with slashes which is needed in Domino. Equal to the first Assembly Line I used property files, delta mode and hooks.


The last Assembly Line called syncCNXProfile2Domino synchronizes all mapped attributes from the PEOPLEDB to the domino directory using DIIOP. Lookup uses a JDBC Connector. Perhaps you are asking why I wrote this assembly line?Because the Assembly Line in TDISOL needs DSML. DSML is XML based and not supported with Domino LDAP. If you are using Active Directory you are able to use the TDISOL provided Assembly Line.


If you would like the sample code please send me a short message. The provided Assembly Lines are no “out-of-the-box” solution without any warranty!

One thought on “Some IBM Security Directory Integrator (aka TDI) stuff”

Leave a Reply

Your email address will not be published. Required fields are marked *