Skip to main content

Software  >  Lotus  >  

Configuring Sametime awareness for Domino Web Access when Sametime uses a non-Domino LDAP server
 Technote (FAQ)
 
 
Question
How do you set up Lotus® Sametime® awareness in Domino® Web Access when Sametime is using a non-Domino LDAP server?
 
Answer
First, you should review the following documents for general steps to set up Sametime integration with Domino Web Access: Also, a successful setup requires the latest Domino Web Access hotfix for 7.0.1, 7.0.1 Fix Pack 1, or 7.0.2. Any issues included in the hotfix should be fixed in 7.0.3.

To configure Sametime awareness in Domino Web Access when the Sametime server is using a non-Domino LDAP server, make sure the following conditions exist:

  • The Domino Web Access server must be at least version 7.0
  • The Sametime server can be version 6.5.1 or 7.0.
  • Single Sign-On (SSO, also called Multiple Server Session Authentication) is set up between the Domino Web Access server and Sametime server

Steps:

1. Create a Configuration document for the Domino Web Access server.

2. Click the Domino Web Access tab in the document.

3. Enter the following values for the Instant Messaging fields, then save and close the document:

Instant messaging features:Enabled
Online awareness:Enabled
Allow secrets and tokens authentication:Disabled
Set an IBM Lotus Sametime server hostname for all DWA users (useful for clustered configurations):DNS Name of Sametime Server
Loading \stlinks from Domino application server: Enabled
Directory type used by IBM Lotus Sametime server:Non-Domino LDAP

4. Open the Web SSO Configuration document.

5. Make sure the field "Map names in LTPA tokens" is Enabled. Save and close the document.

6. Configure Domino Web Access to understand the non-Domino LDAP Distinguished Name that should be passed to Sametime. There are two possible ways to accomplish this setup:

  • Synchronize the user name in the Person document in the Domino Directory with the non-Domino LDAP name that Sametime uses to authenticate a user.
    For example, if the non-Domino LDAP Sametime directory is IBM Directory Server, and a user's dn from IBM Directory Server is as follows:
      uid=wpsadmin,cn=users,dc=ibm,dc=com

    then you need to add the following to the LTPA user name field (located on the Administration Tab of the Person document) for wpsadmin in Domino:
      LTPA user name:  uid=wpsadmin/cn=users/dc=ibm/dc=com
  • Or, synchronize the user name in the non-Domino LDAP with the name that Domino Web Access uses to authenticate the user by using Directory Assistance. For more information on creating and configuring Directory Assistance, refer to the Domino Administrator help database.

    a. Extend the LDAP Schema by adding the following attributes, or use an attribute that is already available:

    NotesDN=CN=wpsadmin,O=ibm

    This entry must match the attribute name defined in Directory Assistance.

    b. Use Directory Assistance on all the Domino servers, and point it to your LDAP Directory (the same as the one Sametime is using).

    c. On the LDAP tab in the Directory Assistance document, add the LDAP attribute that contains your Notes Canonical name. You use this to solve the multiple identity issue, as your Notes Name is used for everything while you are connected to the Domino server, and you get access to your mail database without modifying the ACL.
      Screen capture of LDAP tab:

    d. On the Basic tab in the Directory Assistance document, set the following:
    Attribute to be used as name in an SSO token (map to Notes LTPA_UsrNm): $DN

    e. If extending the schema and adding the NoteDN attribute, then also add the following to the sametime.ini file on the Sametime server under the [Directory] section:

      ST_DB_LDAP_ALLOW_SEARCH_ON_DN=1

      Note: If the [Directory] section does not exist, then add that section.
7. If Sametime is tunnelling, then make sure to modify the stlinks.js file in the C:\Lotus\Domino\data\domino\html\sametime\stlinks folder on the Domino Web Access server to add the following:
    var HTTP_TUNNELING_PORT=80;
    var TUNNELING_ADDRESS="";

For additional information, refer to "Is it Possible to Configure DWA Chat to Tunnel Using Port 80 or 8080?" (#1154819)
 
 
 

Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.
Rate this page
Please take a moment to complete this form to help us better serve you.
This material provides me with the information I need.




This material is clear and easy to understand.




Did the information help you to achieve your goal?
What updates, improvements, or related information would you like to see in this document?
Your response will be used to improve our document content. Requests for assistance, if applicable, should be submitted through your normal support channel as we cannot respond from this site.
Input the verification number to submit feedback:
Document information
 Product categories:
 Software
 Messaging Applications
 Advanced Messaging
 Lotus Domino Web Access
 Chat
 Operating system(s):
  Linux, Mac OS X, Windows
 Software version:
  7.0, 8.0
 Reference #:
  1230590
 IBM Group:
 Software Group
 Modified date:
 2009-09-15

Translate My Page
 
 

Rate this page

Help us improve this page. Your response will be used to improve our document content. Requests for assistance, if applicable, should be submitted through your normal support channel as we cannot respond from this site.