The lazy administrator, how to make your life easier by using tdi to automate your work

1,696 views

Published on

My session on how you can use Tivoli Directory Integrator with other IBM Collaboration Solutions like IBM Connections or Domino to reuse data of the different systems.

0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,696
On SlideShare
0
From Embeds
0
Number of Embeds
334
Actions
Shares
0
Downloads
32
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

The lazy administrator, how to make your life easier by using tdi to automate your work

  1. 1. 14 The lazy administrator, how to make your life easier by using TDI to automate your work Klaus Bild, Wannes Rams UKLUG 2012 – Cardiff, Wales
  2. 2. UKLUG 2012 – Cardiff, Wales About us… Klaus Bild Senior System Architect kbild.ch twitter.com/kbild linkedin.com/in/kbild Wannes Rams Senior Consultant wannes.rams.be twitter.com/wannesrams linkedin.com/in/wannesrams
  3. 3. UKLUG 2012 – Cardiff, Wales Agenda • Introduction to TDI (a.k.a SDI) • What is TDI • How to use it with Domino • How to use it with Connections • Examples, examples, examples • Create a Wiki page with users of your Domino address book • Maintain Community membership through a Domino application • Export users last logon date per application
  4. 4. UKLUG 2012 – Cardiff, Wales Goal Giving you a basic understanding how you can use Tivoli Directory Integrator to reuse data which resides in Connections or Domino.
  5. 5. What is Tivoli Directory Integrator (TDI 7.1.1) aka Security Directory Integrator (SDI 7.2) Input (Feed) Assembly Line (AL) Output UKLUG 2012 – Cardiff, Wales Functions Flow Components Scripts Attribute Maps
  6. 6. What is Tivoli Directory Integrator (TDI) aka Security Directory Integrator (SDI) UKLUG 2012 – Cardiff, Wales Modes: • AddOnly (A) • CallReply (C) • Delete (D) • Delta (Δ) • Interator (I) • Lookup (L) • Update (U) • Server (S)
  7. 7. What is Tivoli Directory Integrator (TDI) aka Security Directory Integrator (SDI) UKLUG 2012 – Cardiff, Wales Available Connectors (7.1.1, more than 60): • Active Directory Change Detection Connector • AssemblyLine Connector • Axis Easy Web Service Server Connector • Axis2 Web Service Server Connector • CCMDB Connector • Command line Connector • Database Connector • Deployed Assets Connector • Direct TCP /URL scripting • custom • Domino AdminP Connector • Domino Change Detection Connector • Domino Users Connector • DSMLv2 SOAP Connector • DSMLv2 SOAP Server Connector • EIF Connector • File Connector • File Management Connector • Form Entry Connector • FTP Client Connector • Generic Log Adapter Connector • Old HTTP Client Connector • HTTP Client Connector • Old HTTP Server Connector • HTTP Server Connector • IBM MQ Connector • IBM Directory Server Changelog Connector • IdML CI and Relationship Connector • IT Registry CI and Relationship Connector • ITIM Agent Connector • TIM DSMLv2 Connector • JDBC Connector • JMS Connector • JMS Password Store Connector • JMX Connector • JNDI Connector • LDAP Connector • LDAP Group Members Connector • LDAP Server Connector • Log Connector • Lotus Notes Connector • Mailbox Connector • Memory Queue Connector • Memory Stream Connector • Properties Connector • RAC Connector • RDBMS Change Detection Connector • SAP ABAP Application Server Business Object Repository Connector • SAP ABAP Application Server User Registry Connector • Script Connector • Server Notifications Connector • Simple Tpae IF Connector • SNMP Connector • SNMP Server Connector • Sun Directory Change Detection Connector • System Queue Connector • System Store Connector • TADDM Change Detection Connector • TADDM Connector • TCP Connector • TCP Server Connector • Tivoli Access Manager (TAM) Connector • Timer Connector • Tpae IF Change Detection Connector • Tpae IF Connector • URL Connector • Web Service Receiver Server Connector • Windows Users and Groups Connector • z/OS LDAP Changelog Connector
  8. 8. UKLUG 2012 – Cardiff, Wales How to use TDI with Domino Available Connectors for Notes/Domino: • Domino Change Detection Connector (Mode: I): Enables TDI to detect when changes have occurred to a nsf database maintained on a Domino server and reports changed Domino documents. • Domino Users Connector (Mode: ADILU): Provides access to Lotus Domino user accounts and the means for managing them. • Lotus Notes Connector (Mode: ADILU): Works directly with any type of Notes Documents in any .nsf database. • Domino AdminP Connector (Mode: AI): The Domino AdminP Connector is a special version of the Lotus Notes Connector, the database parameter is always set to admin4.nsf. It has the capability to sign fields while adding a document and you can create AdminP request. Or use non Domino specific: LDAP Connector (ADILUΔ) / HTTP Client Connector (AILC)
  9. 9. Local Client Session Local Server Session IIOP session Yes No Yes Domino Users Connector Yes Yes Yes Lotus Notes Connector Yes Yes Yes No Yes Yes UKLUG 2012 – Cardiff, Wales How to use TDI with Domino Supported session types by Connector Supported Sessions > Connectors V Domino Change Detection Connector Domino AdminP Connector -> IIOP session gives you the highest flexibility
  10. 10. UKLUG 2012 – Cardiff, Wales How to use TDI with Domino If you are using IOOP sessions, perform the following: • Ensure the Notes.jar file does not exist in the TDI_install_dir/jars folder and any of its subfolders. • Copy Domino_data/domino/java/NCSO.jar to TDI_install_dir/jars/3rdparty/IBM or to the folder specified by the com.ibm.di.loader.userjars property in global.properties (or solution.properties).
  11. 11. How to use TDI with Connections Pre-packaged scripts with IBM Connections: “Official” way to go if you want to change which users are imported or want to change/add/get profile data. Included scripts: collect_dns, delete_or_inactivate_employees, dump_photos_to_files, dump_pronounce_to_files, fill_country/department/emp_type/organization/workloc, load_photos_from_files, load_pronounce_from_files, mark_managers, populate_from_dn_file, sync_all_dns Needs setup, has to be imported into TDI solution directory and will add two additional connectors (Profile/Photo) as well. IBM Connections API Gives you access to almost every function that you can access and use through the IBM Connections user interface. You can use standard TDI connectors (i.e. HTTP Client connector). Be aware that the API documentation is not very good (to say it nicely). UKLUG 2012 – Cardiff, Wales
  12. 12. How to use TDI with Connections IBM Social Business Toolkit: TDI is java based and therefore you can use the IBM SBT SDK to create your own script connectors. You have to import some parts of the SDK into your TDI environment. You definitely should have a developer background. -> http://de.slideshare.net/AndreasArtner/activity-stream-how-to-feed-the-beast Direct Database access: Connections stores almost everything inside the RDBMS but there is no public DB schema info from IBM. This is not a supported way to change data inside Connections (although some Partner solutions directly manipulate data in the database and their solutions are IBM supported). But you can use it to get data from Connections. UKLUG 2012 – Cardiff, Wales
  13. 13. Create a Wiki page with users of your Domino address book - Example UKLUG 2012 – Cardiff, Wales
  14. 14. Create a Wiki page with users of your Domino address book - Example UKLUG 2012 – Cardiff, Wales
  15. 15. Create a Wiki page with users of your Domino address book – How to The workflow is as follows: 1. Get all Domino users in names.nsf 2. Create the Wiki page Atom document 3. Send the Wiki page Atom document to the Wikis API UKLUG 2012 – Cardiff, Wales
  16. 16. UKLUG 2012 – Cardiff, Wales Wiki page – How to 1. Get all Domino users in names.nsf: Just use Domino Users Connector in iterator mode, easy. Best practice: Always use property files for your parameters, it will save you a lot of time if you want to use the AL with different servers, environments!
  17. 17. Wiki page – How to 2. Create the Wiki page Atom document (AL create_Wiki_Entry_Atom): UKLUG 2012 – Cardiff, Wales • Find out how the Atom document has to be build (http://www-10.lotus.com/ldd/appdevwiki.nsf/dx/Wiki_page_content_ic50) or try the SBT playground https://greenhouse.lotus.com/sbt/SBTPlayground.nsf/ Explorer.xsp#api=Social_Wikis_API_Working_with_wiki_pages • Should be easy but… Example on SBT playground (does not work) • Works if you change the content line to <content type="text/html"><![CDATA[<p>This is James's wiki page.</p>]]>
  18. 18. UKLUG 2012 – Cardiff, Wales Wiki page – How to 2. AL create_Wiki_Entry_Atom: • Define the HTML code for the page • Use the Prolog for the first part • Use the iterator to generate the list • Use the Epilog for the closing
  19. 19. UKLUG 2012 – Cardiff, Wales Wiki page – How to 2. AL create_Wiki_Entry_Atom: • This is the final code, all on ONE line: <?xml version="1.0" encoding="UTF-8"?><entry xmlns="http://www.w3.org/2005/Atom"><content type="text/html"><![CDATA[<div><p dir="ltr"><strong style="color: rgb(67, 106, 173);font-size:large;">All data is from the Domino directory - Example for ICON UK </strong> <img src="/images/graphics-star-wars- 300566.gif" width="151" height="100"/></p><table border="1" cellpadding="5" cellspacing="0" dir="ltr" style="border-collapse: collapse; width: 800px;" width="246"><tbody><tr height="14"><td><strong>Name</strong></td><td><strong>Shortname</strong></td><td><strong>Title</strong></ td><td><strong>Company</strong></td><td><strong>Number</strong></td><td><strong>Photo (Connections photo!)</strong></td></tr><tr><td><span class="vcard"><a class="fn url" href="">Christian Guedemann</a><span class="email" style="display: none;">Christian.Guedemann@snt.com</span></ span></td><td><span class="vcard"><a class="fn url" href="">CGU</a><span class="email" style="display: none;">Christian.Guedemann@snt.com</ span></span></td><td>Senior System Architect</td><td>WebGate Consulting AG</td><td><a href="sip://+41008008008">+41008008008</a></ td><td><div style="width: 150px;height: 150px;border-radius: 75px;-webkit-border-radius: 75px;-moz-border-radius: 75px;background: url(/profiles/ photo.do?email=Christian.Guedemann@snt.com) no-repeat;"></div></td></tr><tr><td><span class="vcard"><a class="fn url" href="">Klaus Bild</ a><span class="email" style="display: none;">Klaus.Bild@snt.com</span></span></td><td><span class="vcard"><a class="fn url" href="">KBI</ a><span class="email" style="display: none;">Klaus.Bild@snt.com</span></span></td><td>Senior System Architect</td><td>WebGate Consulting AG</ td><td><a href="sip://+41004004004">+41004004004</a></td><td><div style="width: 150px;height: 150px;border-radius: 75px;-webkit-border-radius: 75px;-moz-border-radius: 75px;background: url(/profiles/photo.do?email=Klaus.Bild@snt.com) no-repeat;"></div></td></tr><tr><td><span class="vcard"><a class="fn url" href="">Christoph Stoettner</a><span class="email" style="display: none;">CHristoph.Stoettner@snt.com</span></ span></td><td><span class="vcard"><a class="fn url" href="">CST</a><span class="email" style="display: none;">CHristoph.Stoettner@snt.com</ span></span></td><td>Senior IT Consultant</td><td>Fritz and Macziol GmbH</td><td><a href="sip://+41003003003">+41003003003</a></ td><td><div style="width: 150px;height: 150px;border-radius: 75px;-webkit-border-radius: 75px;-moz-border-radius: 75px;background: url(/profiles/ photo.do?email=CHristoph.Stoettner@snt.com) no-repeat;"></div></td></tr><tr><td><span class="vcard"><a class="fn url" href="">Sharon Bellamy</ a><span class="email" style="display: none;">Sharon.Bellamy@snt.com</span></span></td><td><span class="vcard"><a class="fn url" href="">SBE</ a><span class="email" style="display: none;">Sharon.Bellamy@snt.com</span></span></td><td>IT Consultant</td><td>Cube Soft Consulting</ td><td><a href="sip://+41003003003">+41003003003</a></td><td><div style="width: 150px;height: 150px;border-radius: 75px;-webkit-border-radius: 75px;-moz-border-radius: 75px;background: url(/profiles/photo.do?email=Sharon.Bellamy@snt.com) no-repeat;"></div></td></tr><tr><td><span class="vcard"><a class="fn url" href="">Wannes Rams</a><span class="email" style="display: none;">Wannes.Rams@snt.com</span></span></ td><td><span class="vcard"><a class="fn url" href="">WRA</a><span class="email" style="display: none;">Wannes.Rams@snt.com</span></span></ td><td>Social Business Consultant</td><td>GFI</td><td><a href="sip://+41003003003">+41003003003</a></td><td><div style="width: 150px;height: 150px;border-radius: 75px;-webkit-border-radius: 75px;-moz-border-radius: 75px;background: url(/profiles/photo.do?email=Wannes.Rams@snt.com) no-repeat;"></ div></td></tr></tbody></table></div> ]]></content><category scheme="tag:ibm.com,2006:td/type" term="page" label="page" /></entry>
  20. 20. Wiki page – How to 3. Send the Wiki page Atom document to the Wikis API (HTTP client UKLUG 2012 – Cardiff, Wales connector): • This is good documented (no joke) http://www-10.lotus.com/ldd/appdevwiki.nsf/dx/Updating_a_wiki_page_ic50
  21. 21. UKLUG 2012 – Cardiff, Wales Wiki page – How to This user needs editor rights on the Wiki
  22. 22. Wiki page – SSL requests • Most Connections environments force traffic over SSL • If you get following error if you call the Connections API through SSL you have to import the Connections server certificate into TDI_install_dir/jserverapi/testadmin.jks (pw: administrator) UKLUG 2012 – Cardiff, Wales
  23. 23. UKLUG 2012 – Cardiff, Wales Wiki page – How to • Final step is to create an AL with combines the create_Wiki_Entry_Atom AL and the HTTP client connector
  24. 24. Community membership through a Domino application - Example UKLUG 2012 – Cardiff, Wales
  25. 25. Community membership - Example UKLUG 2012 – Cardiff, Wales
  26. 26. Community membership – How to The workflow is as follows: 1. Iterate through all Community entries in the Notes DB 2. Create Community if it is a new Community • Check if it is a new community • Create Community Atom entry • Call/Reply request to the Communities API • Get the Uuid of the new Community & write it back to the Notes DB 3. Add missing members to every Community • Iterate through all members found in the Community entry (from the Notes DB) and look if user is not a member in the Community member feed • Create member Atom entry • Send the member Atom entry to the Communities API 4. Add missing Owners (same steps as for member adding) UKLUG 2012 – Cardiff, Wales
  27. 27. Community membership – How to 1. Iterate through all Community entries in the Notes DB: Just use Lotus Notes Connector in iterator mode, again this is easy. You don’t need a running HTTP task on Domino if you use the DIIOP IOR string as Server IP Address! UKLUG 2012 – Cardiff, Wales
  28. 28. Community membership – How to 2. Create Community if it is a new Community UKLUG 2012 – Cardiff, Wales • Check if it is a new community
  29. 29. Community membership – How to 2. Create Community if it is a new Community UKLUG 2012 – Cardiff, Wales • Create Community Atom entry var atom_community_entry = '<?xml version="1.0" encoding="UTF-8"?><entry xmlns="http://www.w3.org/2005/Atom" xmlns:app="http://www.w3.org/2007/app" xmlns:snx="http://www.ibm.com/xmlns/prod/sn"><title type="text">' + work.Community_Name + '</title><content type="html">' + work.Description + '</ content><category term="community" scheme="http://www.ibm.com/xmlns/prod/ sn/type"></category><snx:communityType>' + work.Access + '</ snx:communityType></entry>';
  30. 30. Community membership – How to 2. Create Community if it is a new Community UKLUG 2012 – Cardiff, Wales • Call/Reply request to the Communities API This user needs the admin security role for the Communities app! (WAS Admin Console)
  31. 31. Community membership – How to 2. Create Community if it is a new Community • Get the Uuid of the new Community & write it back to the Notes DB UKLUG 2012 – Cardiff, Wales
  32. 32. Community membership – How to 3. Add missing members to every Community • Get the Community member feed (received with HTTP client connector) This will create a request to following URL: …/communities/service/atom/community/members? communityUuid=$uuid&role=member UKLUG 2012 – Cardiff, Wales
  33. 33. Community membership – How to 3. Add missing members to every Community • Iterate through all members found in the Community entry (from the Notes DB) and look if user is not a member in the Community member feed UKLUG 2012 – Cardiff, Wales
  34. 34. Community membership – How to 3. Add missing members to every Community • Create member Atom entry through script: var atom_member_entry = '<?xml version="1.0" encoding="UTF-8"?><entry xmlns="http://www.w3.org/2005/Atom" xmlns:app="http://www.w3.org/2007/app" xmlns:snx="http://www.ibm.com/xmlns/prod/sn"><contributor>¨<email>' + work.InternetAddress + '</email><snx:role>member</snx:role></ contributor><snx:role component="http://www.ibm.com/xmlns/prod/sn/ communities">member</snx:role></entry>'; UKLUG 2012 – Cardiff, Wales
  35. 35. Community membership – How to 3. Add missing members UKLUG 2012 – Cardiff, Wales to every Community • Send the member Atom entry to the Communities API (HTTP client connector) URL on next page This user needs the admin security role for the Communities app! (WAS Admin Console)
  36. 36. Community membership – How to 3. Add missing members to every Community • Send the member Atom entry to the Communities API (HTTP client connector) This will create a request to following URL: …/communities/service/atom/community/members? communityUuid=$uuid UKLUG 2012 – Cardiff, Wales
  37. 37. Community membership – How to 4. Add missing Owners (same steps as for members) var atom_owner_entry = '<?xml version="1.0" encoding="UTF-8"?><entry xmlns="http://www.w3.org/2005/Atom" xmlns:app="http://www.w3.org/2007/app" xmlns:snx="http://www.ibm.com/xmlns/prod/sn"><contributor>¨<email>' + work.InternetAddress_Owner + '</email><snx:role>owner</snx:role></contributor><snx:role component="http:// www.ibm.com/xmlns/prod/sn/communities">owner</snx:role></entry>'; UKLUG 2012 – Cardiff, Wales
  38. 38. Community membership – How to • Final assembly line UKLUG 2012 – Cardiff, Wales
  39. 39. Export users last logon date per application - Example UKLUG 2012 – Cardiff, Wales
  40. 40. Export users last logon date per application - Example UKLUG 2012 – Cardiff, Wales
  41. 41. Export users last logon date – How to • We will export the last logon date for all users • For all applications • Export to Domino • Export to CSV • This runs scheduled weekly as a reporting to our deployment team UKLUG 2012 – Cardiff, Wales
  42. 42. Export users last logon date – How to The workflow is as follows: 1. Iterate through all entries in the PeopleDB and fetch uid and full name 2. Connect to application table that contains profile 3. Fetch user key 4. Connect to Application table that contains last logon date 5. Repeat for all applications 6. Write to Domino 7. Write to csv UKLUG 2012 – Cardiff, Wales
  43. 43. Export users last logon date – How to • Create a new assemble line and add a Database Connector. Make it an iterator and connect it to your Profiles database Employee table UKLUG 2012 – Cardiff, Wales
  44. 44. Export users last logon date – How to • I will show you for 1 database and then give you the mapping table for the other databases • Connect to the Files database, USER_TO_LOGIN table UKLUG 2012 – Cardiff, Wales
  45. 45. Export users last logon date – How to • Use the uid_lower as your key to find the relevant user key UKLUG 2012 – Cardiff, Wales
  46. 46. Export users last logon date – How to UKLUG 2012 – Cardiff, Wales
  47. 47. Export users last logon date – How to • Now connect to the Files database USER table to get the last logon date of this user using the USER_ID fetched in the last step as a link UKLUG 2012 – Cardiff, Wales
  48. 48. Export users last logon date – How to • Repeat these steps for all applications, except Blogs. The Blogs database table ROLLERUSER contains uid and last logon date. On top of that it is the only table that uses the uid as is and not converted to lowercase.(thank god for consistency) UKLUG 2012 – Cardiff, Wales
  49. 49. Export users last logon date – How to • This is the table for all the databases UKLUG 2012 – Cardiff, Wales Application Uid lookup Table Table Name Uid Column User Key Column Blogs Not needed Not needed Not needed Bookmarks PERSONLOGIN LOGINNAME PERSON_ID Files USER_TO_LOGIN LOGIN_ID LOGIN_ID Forum DF_MEMBERLOGIN LOGINNAME_LOWER MEMBERID Homepage LOGINNAME LOGINNAME PERSON_ID Activities OA_MEMBERLOGIN LLOGINNAME MEMBERID Profiles EMPLOYEE PROF_UID_LOWER PROF_KEY Communities MEMBERLOGIN LOWER_LOGIN MEMBER_UUID Wikis USER_TO_LOGIN LOGIN_ID USER_ID
  50. 50. Export users last logon date – How to • This is the table for all the databases UKLUG 2012 – Cardiff, Wales Application Last Logon table Table Name Uid Last Logon Blogs ROLLERUSER USERNAME LASTLOGIN Bookmarks PERSON PERSON_ID LASTLOGIN Files USER ID LAST_VISIT Forum MEMBERPROFILE MEMBERID LASTLOGIN Homepage PERSON PERSON_ID LAST_UPDATE Activities OA_MEMBERPROFILE MEMBERID LASTLOGIN Profiles PROFILE_LAST_LOGIN PROF_KEY LAST_LOGIN Communities MEMBERPROFILE MEMBER_UUID LASTLOGIN Wikis USER ID LAST_VISIT
  51. 51. Export users last logon date – How to • Create a Domino Database with a form called “User” and following fields: • Activities_LASTLOGIN, Name, Blogs_LASTLOGIN, Communities_LASTLOGIN, Dogear_LASTLOGIN, Files_LASTVISIT, Forum_LASTVISIT, Homepage_LASTUPDATE, Profiles_LASTLOGIN, Uid, Wikis_LASTVISIT UKLUG 2012 – Cardiff, Wales • And a view to show these
  52. 52. Export users last logon date – How to • Add a LotusNotes connector to the assembly line and connect it to UKLUG 2012 – Cardiff, Wales your database using diiop. • Set the mode to “AddOnly”
  53. 53. Export users last logon date – How to • Create the following output map • The reason for not having the value as is in the left column is because the value you get from db2 is in java.sql.date format, we need to make sure we get the string UKLUG 2012 – Cardiff, Wales
  54. 54. Export users last logon date – How to • To dump to a csv file add a File System Connector and select csv as UKLUG 2012 – Cardiff, Wales parser. Add the header fields to the Field Names and enable the write header • Set “;” as your seperator
  55. 55. Export users last logon date – How to Now we need to set the file location and file name. We want to make this dynamic so we can schedule the script. File location will be defined in the property file. Use the following javascript to define the filename and location var srcPath=system.getTDIProperty("Cnx", "export_path") var stDateStamp=system.formatDate((new Date()),"yyyyMMdd"); var outFile=srcPath + system.getTDIProperty("Cnx", "export_filename") + stDateStamp + ".csv"; return outFile UKLUG 2012 – Cardiff, Wales
  56. 56. Export users last logon date – How to • For the csv file we can output in the original format, no need to UKLUG 2012 – Cardiff, Wales transform to String as the parser will do this for us.
  57. 57. UKLUG 2012 – Cardiff, Wales Questions?
  58. 58. http://slideshare.com/palmke UKLUG 2012 – Cardiff, Wales Thank You! http://linkedin.com/in/wannesrams http://twitter.com/wannesrams http://wannes.rams.be http://www.webgate.biz http://slideshare.com/kbild http://linkedin.com/in/kbild http://twitter.com/kbild http://kbild.ch

×