When you need to change to a new LDAP directory, you must
synchronize the user data stored in profiles with the information
in your new LDAP directory. You can run a command that synchronizes
the information in the Profiles database with the user information
stored in your new LDAP deployment.
Before you begin
You must ensure that the values of either the uid or the email
address in the existing data source match those in the new deployment LDAP directory. If
neither of these properties have matching values, you cannot use the scripts provided with IBM® Connections to synchronize the IDs. Note: Changing a user's identifier in Connections Content Manager (CCM)
results in the user record being viewed by the system as a totally new user, and access will be
lost, which can be a particular concern when administrative access is lost.
Procedure
To use the scripts provided with IBM Connections to synchronize the IDs and update
Profiles, complete the following steps:
- Open the profiles_tdi.properties file
from the IBM Tivoli® Directory Integrator directory on the
system that hosts the Profiles application in a text editor, and edit
the following properties to match the values of the corresponding
properties in the LDAP system:
- source_ldap_url
- source_ldap_user_login
- source_ldap_user_password
- source_ldap_search_base
- source_ldap_search_filter
- source_ldap_use_ssl
For more information about these properties and how they are
used, see Tivoli Directory
Integrator properties.
- Ensure that the guid property in the map_dbrepos_from_source.properties file
is set to the appropriate value for your environment:
- IBM Tivoli Directory Server:
guid=ibm-entryUuid
- IBM Lotus® Domino® Directory:
guid={function_map_from_dominoUNID}
- Microsoft Active Directory:
guid={function_map_from_objectGUID}
- Sun Java System Directory
Server:
guid=nsuniqueid
- Novell (NetIQ) eDirectory:
guid={function_map_from_GUID}
- Identify a database attribute to synchronize with –
either uid, guid or email –
with the same value per member in the old LDAP deployment as in the
new, and then set the sync_updates_hash_field property
in the profiles_tdi.properties file to this attribute.
The names of the LDAP attributes are immaterial. For example:
sync_updates_hash_field=uid
- Synchronize the data so that the values from the new LDAP
deployment are updated in the Profiles database by running the following
script:
For more information about the properties that you can set when
synchronizing LDAP data with Profiles, see Synchronizing LDAP
directory changes with Profiles.