SPNEGO = Simple and Protected Negotiation Portlets don't support SSO via TAM/Siteminder/SPNEGO – they require LTPA
A TDI assembly line is made up of components (connectors, flow controls, loops, branches) that collect data from your source repositories and reformat it into the Profiles database. Supports two-way synchronization on LDAP attributes. Assembly line hooks are available for scripting and customization TDI should be used to initially populate Profiles and then frequently used to keep it in sync Connections release 3 allows you to mark a person as “inactive” when they aren't found in LDAP
SyncAllMembersByExtId() takes several parameters indicating how a mismatch can be resolved (either by a matching email address, login id or left for later manual resolution).
Use Batch commands, external ids are consistent across all applications. Investigate once, create batch script to update across all apps Returning users can be re-linked with their old data ProfilesService.swapUserAccessByUserId(&quot;oldUserId&quot;,&quot;newUserId&quot;)
ID304 Lotus® Connections 3.0 TDI, SSO, and User Life Cycle Management: What you NEED to know! Jay Boyd | Lotus Connections Team Lead | IBM Luis Benitez | Social Software Product Manager | IBM
[2010-12-21 07:34:31] CLFWY0242W: The synchronize command found that active member Benjamin Button [current external id: LDAP_ID , application id LC_ID ] could not be matched via external id, but could be matched via login or email to external id NEW_LDAP_ID . The member was not updated since this action was disabled by the command.
Review the information from HR systems about the user identified by external id NEW_LDAP_ID and determine if this entry matches Benjamin Button or if the person has left the company.