Sunny Days, (Smart)Cloud-y Users
Upcoming SlideShare
Loading in...5
×
 

Sunny Days, (Smart)Cloud-y Users

on

  • 579 views

Learn how you can leverage the data in your existing on-premises or cloud systems (LDAP, Profiles, Active Directory, and others) to automatically provision users in IBM Smart Cloud for Social ...

Learn how you can leverage the data in your existing on-premises or cloud systems (LDAP, Profiles, Active Directory, and others) to automatically provision users in IBM Smart Cloud for Social Business. This session will provide a basic introduction to Tivoli Directory Integrator, and how to connect to multiple data sources to create users in IBM SmartCloud.

We will cover user the automation of user creation, changes, and deletions, as well as explain different enrollment and log in methods available to your users.

Statistics

Views

Total Views
579
Views on SlideShare
556
Embed Views
23

Actions

Likes
1
Downloads
17
Comments
0

2 Embeds 23

http://www.idonotes.com 22
http://172.29.6.144 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Next slide is the TDI Engine <br />
  • Can it core a Apple <br />
  • You can build a connector off of a connector <br />
  • We are going to show this in more detail as we develop our Assembly Line <br />
  • 4294967295 as an Epoch Timestamp is 2/7/2106 1:28:15 AM  <br />
  • If you are converting Epoch you know this slide was originally created on 4/29/2013 10:47:46 AM <br />
  • subscriptionId – not technically required you can create a user with out a subscription <br /> You can technically leave off any fields past the last one that contains a value – Best Practice though is to keep a place holder for every field <br />
  • Remind about the clickable field names <br />
  • Point out here the importance of naming components logically as that is what appears in the log when the AL runs <br />
  • Point out this is just an example <br />
  • In our example we are not filtering <br />
  • Point out this is just an example the point is you can manipulate data at many different points across TDI <br />

Sunny Days, (Smart)Cloud-y Users Sunny Days, (Smart)Cloud-y Users Presentation Transcript

  • BP311: Sunny Days, (Smart)Cloud-y Users Mitch Cohen, Colgate-Palmolive © 2014 IBM Corporation
  • Acknowledgements and Disclaimers Availability. References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. The workshops, sessions and materials have been prepared by IBM or the session speakers and reflect their own views. They are provided for informational purposes only, and are neither intended to, nor shall have the effect of being, legal or other guidance or advice to any participant. While efforts were made to verify the completeness and accuracy of the information contained in this presentation, it is provided AS-IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this presentation or any other materials. Nothing contained in this presentation is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. All customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics may vary by customer. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results. © Copyright IBM Corporation 2014. All rights reserved.  U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.  IBM, the IBM logo, ibm.com, and IBM SmartCloud for Social Business, IBM DB2, IBM Notes and Domino, IBM Docs, IBM Tivoli Directory Integrator, and IBM Security Directory Integrator are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or ™), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the Web at “Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml Other company, product, or service names may be trademarks or service marks of others. 2
  • Even More Acknowledgements and Disclaimers  In the course of this session the following IBM Trademarked Software will be mentioned – IBM SmartCloud® – IBM Social Business® – Domino® – Tivoli Directory Integrator® – IBM Security Direcory Integrator® – DB2® – Lotus® – LotusLive™ – Lotusphere® 3
  • About Me  Working with IBM Collaboration Solutions for 15 years  Married 15 years with 3 (crazy) kids: Molly 10 , Abe 5 ¾, Jack 5 ¾  Huge fan of the – NY Giants (Football) – NY Mets (Baseball)  2014 IBM Champion  Long accused of having my head in the clouds  I am NOT a developer (confirmed by those who have reviewed my code) – Help yourself to any of my code at your own risk 4
  • Agenda  What is IBM SmartCloud for Social Business  Registering Users for SmartCloud  Introduction to IBM Tivoli Directory Integrator  Introduction to the SmartCloud Integration Server  Creating a Provisioning File  Questions and (with any luck) Answers 5
  • What is IBM SmartCloud for Social Business? 6
  • IBM Smart Cloud for Social Business  A series of Cloud Based Collaboration Tools offered by IBM – Email & Calendar (IBM Notes, or iNotes mail) – Collaboration (IBM Connections, Sametime Instant Messaging) – Web Meetings (IBM Sametime) – IBM Docs – Audio Conferencing – IBM Notes Traveler – Blackberry – Email Archiving  Many of these are “mix and match” – For example Traveler is an additional license on top of Email & Calendar.  You can have different licenses for different parts of your organization. 7
  • Registering Users for SmartCloud 8
  • Registering Users for IBM SmartCloud  To provision services to a user, you need to create their account and assign them a license.  You can have different subscriptions for different users in your organization. – Some users will have multiple subscriptions. For example: • Traveler is an additional subscription on top of Notes or Engage. • IBM Docs is an additional subscription on top of Engage. 9
  • Registering Users for IBM SmartCloud 10
  • Registering Users for IBM SmartCloud 11
  • Registering Users for IBM SmartCloud 12
  • Registering Users for IBM SmartCloud 13
  • Registering Users for IBM SmartCloud  If you have a handful of people to register, manual registration might work.  If you are working in a large organization. you might want an easier way to register users and assign licenses. 14
  • Introduction to Tivoli Directory Integrator (TDI) 15
  • Introduction to TDI  Please note: IBM has recently rebranded products in the Tivoli brand. – Tivoli Directory Integrator is now known as IBM Security Directory Integrator. – This presentation was built using Tivoli Directory Integrator version 7.1. – I will be referring to it as TDI. • Mostly out of habit • Partly because some of my jokes depend on it 16
  • Introduction to TDI  So What is TDI? – Not This 17
  • Introduction to TDI  What is Tivoli Directory Integrator? – According to IBM: “Transforms, moves and synchronizes generic and identity data residing in heterogeneous directories, databases, files, collaborative systems and applications, with real-time automated updates to the authoritative data source.” 18
  • Introduction to TDI  What is Tivoli Directory Integrator? – To put it in simpler terms 19
  • Introduction to TDI  There is a good chance you have an entitlement to use TDI. – If you own licenses for: • Domino • Connections • SmartCloud – Check the version of TDI you are entitled to. • IBM Connections requires a specific version. – We usually just say TDI is ‘Free Free Free’.* *Please consult your IBM Licenses to verify your entitlement 20
  • Introduction to TDI  TDI Terminology – Projects • Collection of AssemblyLine and Resources – Connectors • Pre-built templates to connect to different systems • Many installed with TDI • If you are adventurous, you can write your own. – AssemblyLines • Made up of Feeds and Data Flows – Workspace – Solution Directory 21
  • Why Use TDI?  Entitled to use it with your SmartCloud licenses  TDI more than likely ships with a Connector that can read from your existing data store.  Once you understand TDI it is easy to use. – You don’t have to be a developer. – A little JavaScript knowledge will go a long way though.  TDI is fun* *My definition of “fun” might not be the same as yours. 22
  • Launching TDI  The TDI Configuration Editor is Eclipse-based.  When launching, you need to define a Workspace folder: – This is where your code is stored. – You can dedicate a Workspace per project or include multiple projects in one Workspace. 23
  • The TDI Configuration Editor 24
  • TDI Connectors  TDI Ships with many Connectors (partial list): 25
  • TDI Connectors  In this session I am going to show you the: – LDAP Connector • Connected to Domino Directory and Active Directory – JDBC Connector – File Connector 26
  • AssemblyLine  Not this: 27
  • AssemblyLine  AssemblyLines are where your TDI code lives. – An AssemblyLine can contain multiple tasks. – An AssemblyLine can contain control flows: • If/Else • Switch • Scripts – An AssemblyLine can call another AssemblyLine. – An AssemblyLine contains two parts: • Feed • Data Flow 28
  • Properties  Property Files allow you to store your properties in a common file instead of manually entering them in each AssemblyLine component. – Using Property Files will save you time. – Allows you to change a parameter once regardless of how many times it appears in the AssemblyLine. – Easily allows you to point an AssemblyLine at different environments. • i.e. Test/Dev/Production – Wherever possible, use Property Files. • Trust me on this one. 29
  • Properties  Example of defined properties 30
  • Properties  It is not obvious, but all of these attributes are clickable to assign a property value instead of hardcoding. – You can script property names, too. 31
  • Properties 32
  • Introduction to SmartCloud Integration Server 33
  • Introduction to SmartCloud Integration Server  What is the Integration Server? – According to IBM: • “The integration server enables you to integrate user provisioning information from your onpremises administrative environment. It also enables you to upload users in your organization’s enterprise directory to the SmartCloud iNotes® corporate contacts directory.” • “The integration server supports your use of a hybrid environment – one that uses a combination of on-premises administrative management and cloud-based service and subscription management. The integration server periodically processes data files that you create and upload using a secure file transfer mechanism, to add, modify, and remove user provisioning information. This enables you to continue using your on-premises management systems and periodically upload user data.” • “Integrating initial and changed content from your on-premises administrative environment is facilitated through your organization's subscription to the integration server service and by properly named and formatted change files that you periodically create and upload”. 34
  • Introduction to SmartCloud Integration Server  What is the Integration Server? – In simpler terms: • • • • A simple automated way to add users and assign services in IBM SmartCloud. You can add, remove, suspend, delete, and change subscription data. You prepare the input file according to the provided format. Provisioning files are sent via SFTP to the Integration server for processing. - This is not API access. - You are preparing and uploading a provisioning file. 35
  • Introduction to SmartCloud Integration Server  The Integration Server used to be called LotusLive Integration Server (LLIS) – The latest documentation simply refers to it as “Integration Server” • I guess SCIS didn’t sound as good as LLIS. • My example refers to it as LLIS. – Speaking of documentation • https://apps.na.collabserv.com/help/index.jsp? topic=/com.ibm.cloud.admin.doc/IntegrationServer/llis_workwithintro_NOGI _c.html • You might notice the URL still references LLIS. • I will call it LLIS out of habit . - I don’t think I have any jokes that depend on it though. 36
  • Introduction to SmartCloud Integration Server  Please note: – SmartCloud accounts are NOT enabled to use the Integration Server by default. – Email support to request Integration Server Enablement. – Specifics can be found here: • https://apps.na.collabserv.com/help/index.jsp? topic=/com.ibm.cloud.admin.doc/IntegrationServer/llis_enablingllis_t.html 37
  • Introduction to SmartCloud Integration Server  All of the information you need to prepare a provisioning file can be found: – In the SmartCloud Admin Console – In your existing directories  In our example today we will use information from: – Domino Directory – Active Directory – IBM Connections 38
  • SmartCloud Integration Server Limits  The SmartCloud Integration Server limits the number of changes you can process: – Per file – Per hour – Per day  A provisioning file can contain up to 200 entries.  750 Changes can be processed per hour.  10,000 Changes can be processed per day.  Simply put, if you have 50,000 users in your organization it will take at least 5 days to process. – Plan accordingly 39
  • Naming SmartCloud Provisioning Files  LLIS Provisioning Files are made up of 5 components: – Customer ID • Find this in your SmartCloud Admin Panel. – Source ID • This is optional but recommended. • This can be any string you choose: - Company name - Directory name – Type • Set to ‘prv’. - ‘prv’ stands for provisioning file 40
  • Naming SmartCloud Provisioning Files – Sequence Number • This is a unique number between 0 and 4294967295. • Each new provisioning file must have a higher sequence number than the previous file or it will not be processed. • Unix Epoch time is recommended for sequence number. - TDI can generate this for you. • Sequence number is related to Source ID. - Each Source ID can have its own sequence. – Extension • Provisioning files are CSV files and should have a .csv extension. 41
  • Naming SmartCloud Provisioning Files  Example: Provisioning File Name – 00000000_seinfeld_prv_1367246866.csv • 00000000 is the Customer ID. You can find yours in your SmartCloud Admin Console.  If your provisioning files do not meet these rules, they will not be processed. 42
  • Integration Server Provisioning File Format  The SmartCloud Provisioning file contains 25 fields. – Not all field values are required. – Regardless of which fields you are populating, you must have all 25 fields accounted for. • Fields in RED are required. • Depending on the subscription, additional fields may be required. emailAddress,action,subscriptionId,subscriptionId2,givenName,familyName,language,time Zone,password,altEmailAddress,notesTemplate,notesDN,assignTo,department,jobTitle,c ountry,telephone,mobile,fax,address,suppressInvitation,federationType,CollabExtraStora ge,MailExtraStorage,Activation 43
  • Integration Server Provisioning File Format  I am not going to explain every field in the provisioning file… – Many of them are obvious. – I am going to point out a few specific ones though that are not. – For a complete list of fields and explanations, see: https://apps.na.collabserv.com/help/index.jsp? topic=/com.ibm.cloud.admin.doc/bss/topics/intro.html&lang=en 44
  • Integration Server Provisioning File Format  Action – This specifies the action to be taken when processed the available options are: • Add, Update, Suspend, Resume, Remove, AssignSeat, ChangeSeat, RevokeSeat, Rename, ResendInvitation, ChangeStorage – I will be showing you a provisioning file with the ‘Add’ action.  SubscriptionID, SubscriptionID2 – This specifies the services being assigned to the account. – Typically you will have a SubscriptionID for every account. – Not every account will have a second subscription, but the field is required even if blank. 45
  • Integration Server Provisioning File Format  AssignTo – Used when revoking collaboration services to assign the resources belonging to the old account to a new account.  SuppressInvitation – By default, when provisioning accounts IBM SmartCloud will send an email to the user with a link to complete their enrollment. • The email can be suppressed using SUPPRESS_ALL. • You can use the ResendInvitation action to send it later on. 46
  • Integration Server Provisioning File Format  FederationType – This is used to set up how accounts login: • NON_Federated – users log in with their email address and password specified when they complete their SmartCloud enrollment. • Federated – users can only log in via SAML. • Modified_Federated – users can login with either method.  Note: If you want to allow users to login via mobile apps, NON_Federated or Modified_Federated are required.  For Federated or Modified_Federated, additional setup is required to configure SAML from your organization to IBM SmartCloud: – We are not covering that in this session. – For more information on Federated Identity Management, see: https://apps.na.collabserv.com/help/index.jsp?topic=%2Fcom.ibm.cloud.admin.doc%2FSAMLFederatedIdentity %2Ffim_federated_identity_management.html 47
  • Integration Server Provisioning File Format  CollabExtraStorage, MailExtraStorage – Used with the ChangeStorage action to add additional storave for mail or files to a specific account.  Activation – Default is not set (blank). – Can only be used in a fully federated environment. – No email verification is sent for accounts created with FORCE_ACTIVATION. – Make sure you understand this one before setting it. 48
  • Integration Server Provisioning File Format  Before you begin, determine which data you need for your organization. – For demo purposes, I will be adding the following fields to the Provisioning File: Field Name Source emailAddress Domino Directory via LDAP action add subscriptionID 000000 givenname Domino Directory via LDAP familyName Domino Directory via LDAP language IBM Connections Profiles notesDN Domino Directory via LDAP department IBM Connections Profiles jobTitle IBM Connections Profiles country IBM Connections Profiles 49
  • Creating a Provisioning File 50
  • Quick Review  Hopefully right now you have an understanding of: – What is TDI – What is the Integration Server – What data you need, and where you can get it.  Now we are going to put it all together and create a provisioning file. 51
  • Creating a Provisioning File  What we are going to do: – Connect to the Domino Directory via LDAP. • Retrieve the users NotesDN, email, first, and last name. – Connect to IBM Profiles. • Retrieve the users language, job title, country, and department. – Connect to Active Directory via LDAP. • Verify that the user exists. – Add in: • The SmartCloud subscription ID and action. 52
  • The AssemblyLine  Time to build the AssemblyLine – In the AssemblyLine, click on Add Component. 53
  • The AssemblyLine  Our first connection is to the Domino Directory via LDAP. – We will be using the LDAP Connector. – You can browse the list or use the search box. 54
  • The AssemblyLine  Name your Component. – It will default to the Connector Name. – Give your Connector a meaningful name. – Select a Mode. • For a feed component select ‘Iterator’. – Click Next to set up the connection properties. 55
  • The AssemblyLine  We are now going to use our pre-defined properties to populate the connection to the LDAP server. – Remember: it is not obvious, but click on the field name. 56
  • The AssemblyLine  Select ‘Use Property’. 57
  • The AssemblyLine  Find and select the correct value. 58
  • The AssemblyLine  Repeat for each required field to complete the connection properties. – Remember, changes to the properties resource will be reflected here. – You can always change the connection details later on if needed. 59
  • The AssemblyLine  Test the Connection. – Now that the LDAP Connection is configured, we want to test it. – Select the component in the Feed. • Click on Connect and then Next to view data. 60
  • The AssemblyLine  Test the Connection. – If your connection fails: • Don’t Panic! • Read the error message and double check your Connection Properties. • Check firewalls, network connectivity, user names and passwords. 61
  • The AssemblyLine  Select the fields you want to work with: 62
  • The AssemblyLine  Working with data: – We are going to use email address as a key in a later step of the AssemblyLine. – In order to match it to other systems, we want to put the email address in all lowercase. • Email addresses are mixed case in the Domino Directory. – A little JavaScript is going to help us. 63
  • The AssemblyLine  Working with data: 64
  • The AssemblyLine  The Feed from Domino LDAP is complete. Now we will set up the connection to Profiles to get additional information. – This is the same as adding the LDAP Connector. – We will be using the JDBC Connecter. – Remember to define your Connection Attributes in Property Files. 65
  • The AssemblyLine  For the Profiles Connection, we are using Lookup Mode. – Remember to give your component a logical name. 66
  • The AssemblyLine  JDBC Connector Connection Details – All of the connections properties are in a properties file. 67
  • The AssemblyLine  Once the JDBC Connection is defined, test the connection and select the attributes we need from Profiles. 68
  • The AssemblyLine  The fields we took from Profiles: – PROF_ISO_COUNTRY_CODE – we will use this for language. – PROF_JOB_REPONSIBILITIES – we will use this for title. – PROF_MAIL_LOWER – this is the email address. • We are using PROF_MAIL_LOWER not PROF_MAIL as we need them in lowercase. – PROF_ORGANIZATION_IDENTIFIER – we will use this for Department.  Some of these require additional coding and DB Lookups to get the actual value we need. 69
  • The AssemblyLine  Now that we have our Connection defined and fields selected, we can create our Link Criteria. – This is where we tell the AssemblyLine how to match records from different data sources. – Remember Link Criteria can be case-sensitive. • This is why we used JavaScript earlier to convert all email addresses from LDAP to lowercase. 70
  • The AssemblyLine  Link Criteria: 71
  • The AssemblyLine  We are going to use Hooks to provide some basic error handling. – We are going to use the ‘On No Match’ hook to: • Log to the console when there is no match in Profiles. • Skip the entry. – Without this, the job would fail the first time it encountered a record without a match. – There are any number of Hooks that can be used to log or handle errors. – Hooks can also be used to write out log files to report on error conditions. 72
  • The AssemblyLine  On No Match Hook: 73
  • The AssemblyLine  If we ran the job now the log would look like this: – Note the log for the records with no match: 14:53:01,749 INFO 14:53:01,798 INFO 14:53:01,811 INFO 14:53:01,825 INFO 14:53:01,839 INFO 14:53:01,845 INFO 14:53:01,846 INFO 14:53:01,847 INFO 14:53:01,847 INFO 14:53:01,848 INFO 14:53:01,849 INFO - CTGDIS087I Iterating. - No record found for kramer@seinfeld.com - No record found for elaine@seinfeld.com - No record found for costanza@seinfeld.com - CTGDIS088I Finished iterating. - CTGDIS100I Printing the Connector statistics. - [read_domino_ldap] Get:4 - [read_profiles] Lookup:1, Skip:3 - CTGDIS104I Total: Get:4, Lookup:1, Skip:3. - CTGDIS101I Finished printing the Connector statistics. - CTGDIS080I Terminated successfully (0 errors). 74
  • The AssemblyLine  Next we need to lookup the department name in a different table. – Profiles stores a reference to department in PROF_ORGANIZATION_IDENTIFIER, so we need to look up the actual department name in the Department Table.  We are going to add another JDBC Lookup component. – This time we will read the department table. – The value retrieved from PROF_ORGANIZATION_IDENTIFIER will be our Link Criteria 75
  • The AssemblyLine  Connected to the Department table, and selected the required attributes: 76
  • The AssemblyLine  Link Criteria defined: 77
  • The AssemblyLine  Remember to include some error handling: 78
  • The AssemblyLine  The last thing we want to check is that the email address exists in Active Directory* – We will only provision users who exist in Active Directory. – We will log exceptions to a different file.  The Connection to Active Directory will be via LDAP.  We will use an IF and ELSE component to: – Write anyone that exists in Active Directory to the provisioning file. – Skip and log anyone that does not exist in Active Directory *This is just an example of data validation – your requirements may differ 79
  • The AssemblyLine  Adding an IF Branch. – Click on Add Component. • Search for IF or look under ‘Control/Flow Components’: • Remember to give your IF Component a logical name. - It will default to IF. 80
  • The AssemblyLine  Branch Conditions – You can optionally filter in the IF branch to include based on conditions. • For example, limiting provisioning to a specific email domain: 81
  • The AssemblyLine  Adding an IF Branch – TDI will ask you if want to add a component to the branch: • “Yes” will take you to the standard Add Component Dialog. • If you say “No”, you can manually add a component or drag and drop an existing component into the branch at any time. 82
  • The AssemblyLine  In our example we are going to add the Connection to Active Directory via LDAP. – I am not going to show how to add that here. – It is the same as the Domino LDAP connection. You are just using the properties for the AD Connection.  Once we are connected to Active Directory, we will use Hooks to decide which action to take for each record. 83
  • The AssemblyLine  The Active Directory Connection – The AD Mail attribute has been defined as admail so as not to conflict with mail which was assigned earlier from Domino LDAP: 84
  • The AssemblyLine  We are going to add a Hook for On No Match. – When the email is not found in AD it will log the information and call the ELSE Branch where it will be logged. – The Code for On No Match: task.logmsg("Email Not Found in AD "+ work.mail); var ent = system.newEntry(); ent.setAttribute("first",work.getString("givenname")); ent.setAttribute("last",work.getString("sn")); ent.setAttribute("mail",work.getString("mail")); dumpToFile.add(ent); system.skipEntry() 85
  • The AssemblyLine  The ELSE Branch – Uses the File System Connector and the CSV Parser. – dumpToFile is the name of the component called from On No Match which passed the fields: 86
  • The AssemblyLine  Provide a file name – This will be the name of your log file: 87
  • The AssemblyLine  Select a Parser. – We are using the CSV Parser: 88
  • The AssemblyLine  Specify your field separator. – We are using a comma. – Click on the advanced tab to specify the fields: 89
  • The AssemblyLine  Our Fields are first, last, and mail. – These were defined in the On No Match code: 90
  • The AssemblyLine  Add the fields into the Output Map: 91
  • The AssemblyLine  All that is left is to write out the LLIS Provisioning File. – We will use the File Connector with the CSV Parser. – The component will be called write_llis. • It will be added to the IF:check_ad branch. – We will then use all of the fields we collected to write out the provisioning file. – We also have to name the file correctly. 92
  • The AssemblyLine  Adding the write_llis component: 93
  • The AssemblyLine  Naming the LLIS Provisioning File. – Remember earlier we discussed the naming rules. – We are going to let TDI create the filename for us according to the rules. • Not obvious but click on ‘File Path’: 94
  • The AssemblyLine  As a reminder…  Example: Provisioning File Name: – 00000000_seinfeld_prv_1367246866.csv  If your provisioning files do not meet these rules, they will not be processed. 95
  • The AssemblyLine  Naming the LLIS Provisioning File. – Select ‘Advanced (JavaScript)’. • A little JavaScript will generate our file name: 96
  • The AssemblyLine  Like Magic, here is our file name generated by TDI. – The timestamp portion will change when the AssemblyLine runs: 97
  • The AssemblyLine  Select the CSV Parser: 98
  • The AssemblyLine  The default Field Separator is a semi-colon (;). We’ll change it to a comma (,): 99
  • The AssemblyLine  Open up the advanced section to define the Field Names. – We listed them earlier. This will be the first line in the CSV file and must match the documented format. – Make sure the ‘Write header’ box is checked: 100
  • The AssemblyLine  Finally we need to define the fields in the write_llis component. – Some fields we will hardcode values. – Some fields we will use what we gathered in previous steps. – Some fields we will further manipulate the data. – Remember we need to add every field defined in the Provisioning File format, regardless of whether there is data or not. • If you skip a field, your file will be invalid and will not process. 101
  • The AssemblyLine  Click on Add to define each field: 102
  • The AssemblyLine  You can select fields we already defined, or create new ones. – We are going to do a little of both: 103
  • The AssemblyLine  We have added the subscriptionID element. – Click on work.subscriptionID to assign its value. – This will be a simple Substitution text: 104
  • The AssemblyLine  Here is the completed subscriptionID assignment. – The ‘Component Attribute’ maps to the field defined in the CSV File. – The ‘Assignment’ is the field value. 105
  • The AssemblyLine  Next we are going to simply select the fields we defined earlier. 106
  • The AssemblyLine  When added they look like this. – We need to rename the ‘Component Attributes’ to match the CSV File definition: 107
  • The AssemblyLine  Note the Attribute Component name is case-sensitive: 108
  • The AssemblyLine  Time to Fast Forward a bit… 109
  • The AssemblyLine  Here are all the fields defined. – Remember some fields are assigned values. – Others are place holders to keep the file in the right format. 110
  • The AssemblyLine  If we ran the AssemblyLine now we would get a valid provisioning file. – But I just want to show you one more thing…  You might need to further manipulate the date at the time you write the file.  For example… We have a country code, but we did not have a language defined for each user. – However, we can however extrapolate language from country. – This might not be perfect, but hey… It is an example of what you can do in TDI. 111
  • The AssemblyLine  We have the ISO Country Code which is two letters.  Supported SmartCloud languages can be found here: – https://apps.na.collabserv.com/help/index.jsp? topic=/com.ibm.cloud.admin.doc/IntegrationServer/llis_apx_provlangcodes_c.html  To keep things simple, let’s just look at a couple of languages: Language Code English en_us French fr_FR German de_DE 112
  • The AssemblyLine  Using JavaScript, we can translate a country code to a valid language code. – Click on the language assignment to open up the assignment editor: 113
  • The AssemblyLine  We will get the value of country and run it through a Case statement to assign the proper value. – We will default to English if it does not match anything else: 114
  • The AssemblyLine  Finally, let’s run the AssemblyLine and see the output. – In the TDI Console we see this: 10:24:08,523 INFO - [write_llis] CTGDJW002I Parser will use provide column names: '[emailAddress, action, subscriptionId, subscriptionId2, givenname, familyName, language, timeZone, password, altEmailAddress, notesTemplate, notesDN, assignTo, department, jobTitle, country, telephone, mobile, fax, address, suppressInvitation, federationType]'. 10:24:08,528 INFO - [dumpToFile] CTGDJW002I Parser will use provide column names: '[first, last, mail]'. 10:24:08,537 INFO - CTGDIS087I Iterating. 10:24:08,669 INFO - No record found for kramer@seinfeld.com 10:24:08,835 INFO - Email Not Found in AD elaine@seinfeld.com 10:24:08,898 INFO - No record found for costanza@seinfeld.com 10:24:09,135 INFO - CTGDIS088I Finished iterating. 10:24:09,204 INFO - CTGDIS100I Printing the Connector statistics. 10:24:09,205 INFO - [read_domino_ldap] Get:4 10:24:09,205 INFO - [read_profiles] Lookup:2, Skip:2 10:24:09,206 INFO - [get_department_name] Lookup:2 10:24:09,207 INFO - [check_ad] Branch True:2, Branch False:0 10:24:09,207 INFO - [check_active_directory_for_email] Lookup:1, Skip:1 10:24:09,208 INFO - [write_llis] Add:1 10:24:09,208 INFO - [log_not_in_ad] Branch True:0, Branch False:0 10:24:09,211 INFO - [dumpToFile] Add:1 10:24:09,212 INFO - CTGDIS104I Total: Get:4, Lookup:5, Add:2, Skip:3. 10:24:09,212 INFO - CTGDIS101I Finished printing the Connector statistics. 10:24:09,213 INFO - CTGDIS080I Terminated successfully (0 errors). 115
  • The AssemblyLine  The output files are in the TDI Workspace Directory: 116
  • The AssemblyLine  Our Provisioning file:  Our log of emails that were not in Active Directory: 117
  • The AssemblyLine  Now What? – With a completed provisioning file you can now upload it via secure FTP to the Integration Server for processing. – To reach the integration server via SFTP you need to have access on port 990 as well as 60000-61000. • Be nice to your firewall admins! – Once uploaded, the provisioning files will be processed by the Integration Server. • You can upload multiple provisioning files at a time. They will be processed in sequence number order. – You can download logs from the same secure FTP site. • Full documentation for Secure FTP and logs are here: https://apps.na.collabserv.com/help/index.jsp?topic=%2Fcom.ibm.cloud.admin.doc %2FIntegrationServer%2Fllis_config_llims_c.html  Don’t forget about the Integration Server rate limits we talked about earlier… 118
  • Summary 119
  • Summary  What I showed you here today:  Basic overview of Tivoli Directory Integrator  Where to find the data you need to provision a SmartCloud User  How to enable the Integration Server for your organization  How to create a provisioning file  Integration Server processing limits
  • Additional Resources  IBM SmartCloud Administration Documentation − http://curi0.us/scadmin  Tivoli Directory Integrator 7.1 Documentation − http://curi0.us/tdi71doc  IBM Data Studio − http://curi0.us/dstudio  Notepad++ − http://curi0.us/noteplus  Softerra LDAP Browser − http://curi0.us/ldbrowser  IBM Tivoli Directory Integrator Users Group − http://curi0.us/tdiusers
  • Additional Resources  W3 Schools Javascript – http://www.w3schools.com/js/  Code Academy – http://www.codecademy.com/  TDI Google Group / Discussion Forum – http://curi0.us/tdigroup • WinSCP - Secure FTP Client • http://curi0.us/winscp 122
  • Contact Me Email: mitch@curiousmitch.com Twitter: @curiousmitch Blog: http://www.curiousmitch.com
  •  Access Connect Online to complete your session surveys using any: – Web or mobile browser – Connect Online kiosk onsite 124
  • I hope you are not…  But if you are I would be happy to answer some questions… or at least try! 125