the lazy administrator, how to make your life easier by...

#engageug

The lazy administratorHow to make your life easier by using TDI to automate your work

Klaus Bild - WebGate AG Wannes Rams - Ramsit

#engageug

About us

2

Senior System Architect WebGate AG

IBM ConnectionsIBM Sametime

TDI Softlayer Scripting

…

Senior Consultant Ramsit

IBM Connections IBM Sametime

TDI IBM Domino Networking

…

#engageug

Agenda

3

Introduction to TDI (a.k.a SDI)• What is TDI • How to use it with Domino • How to use it with Connections

Examples, examples, examples• Maintain Community membership through a Domino

application • Export users last logon date per application • Create a Wiki page with users of your Domino address book

#engageug

Goal

4

Giving you a basic understanding

how you can use Tivoli Directory Integrator

to reuse data which resides in IBM Connections

or IBM Domino.

#engageug

Who are you?

5

And hey, did I already mention:

Disclaimer: We are not a developers

#engageug

What is Tivoli Directory Integrator (TDI 7.1.1) aka Security Directory Integrator (SDI 7.2)

6

Input&(Feed)&

Assembly&Line&(AL)&

Output&

Func6ons& Flow&Components&

Scripts& A<ribute&Maps&

#engageug


7

Modes: • AddOnly (A) • CallReply (C) • Delete (D) • Delta (Δ)

• Iterator (I) • Lookup (L) • Update (U) • Server (S)

#engageug


8

Available Connectors (7.1.1, more than 60):• Active Directory Change Detection Connector • AssemblyLine Connector • Axis Easy Web Service Server Connector • Axis2 Web Service Server Connector • CCMDB Connector • Command line Connector • Database Connector • Deployed Assets Connector • Direct TCP /URL scripting • custom • Domino AdminP Connector • Domino Change Detection Connector • Domino Users Connector • DSMLv2 SOAP Connector • DSMLv2 SOAP Server Connector • EIF Connector • File Connector • File Management Connector • Form Entry Connector • FTP Client Connector • Generic Log Adapter Connector • Old HTTP Client Connector • HTTP Client Connector • Old HTTP Server Connector • HTTP Server Connector • IBM MQ Connector • IBM Directory Server Changelog Connector • IdML CI and Relationship Connector • IT Registry CI and Relationship Connector • ITIM Agent Connector • TIM DSMLv2 Connector • JDBC Connector • JMS Connector • JMS Password Store Connector

• JMX Connector • JNDI Connector • LDAP Connector • LDAP Group Members Connector • LDAP Server Connector • Log Connector • Lotus Notes Connector • Mailbox Connector • Memory Queue Connector • Memory Stream Connector • Properties Connector • RAC Connector • RDBMS Change Detection Connector • SAP ABAP Application Server Business Object Repository

Connector • SAP ABAP Application Server User Registry Connector • Script Connector • Server Notifications Connector • Simple Tpae IF Connector • SNMP Connector • SNMP Server Connector • Sun Directory Change Detection Connector • System Queue Connector • System Store Connector • TADDM Change Detection Connector • TADDM Connector • TCP Connector • TCP Server Connector • Tivoli Access Manager (TAM) Connector • Timer Connector • Tpae IF Change Detection Connector • Tpae IF Connector • URL Connector • Web Service Receiver Server Connector • Windows Users and Groups Connector • z/OS LDAP Changelog Connector

#engageug

How to use TDI with Domino

9

Available Connectors for Notes/Domino:• Domino Change Detection Connector (Mode: I):

Enables TDI to detect when changes have occurred to a nsf database maintained on a Domino server and reports changed Domino documents.

• Domino Users Connector (Mode: ADILU): Provides access to Lotus Domino user accounts and the means for managing them.

• Lotus Notes Connector (Mode: ADILU):Works directly with any type of Notes Documents in any .nsf database.

• Domino AdminP Connector (Mode: AI): The Domino AdminP Connector is a special version of the Lotus Notes Connector, the database parameter is always set to admin4.nsf. It has the capability to sign fields while adding a document and you can create AdminP request.

Or use non Domino specific: LDAP Connector (ADILUΔ) / HTTP Client Connector (AILC)

#engageug


10

Supported session types by Connector:Supported)Sessions)>)

Connectors)V)Local)Client)Session) Local)Server)Session) IIOP)session)

Domino&Change&Detec.on&Connector&

Yes& No) Yes&

Domino&Users&Connector&

Yes& Yes& Yes&

Lotus&Notes&Connector&

Yes) Yes& Yes&

Domino&AdminP&Connector&

No)&

Yes& Yes&

-> IIOP session gives you the highest flexibility

#engageug


11

If you are using IIOP sessions, perform the following:

• Ensure the Notes.jar file does not exist in the TDI_install_dir/jars folder and any of its subfolders.

• Copy Domino_data/domino/java/NCSO.jar to TDI_install_dir/jars/3rdparty/IBM or to the folder specified by the com.ibm.di.loader.userjars property in global.properties (or solution.properties).

#engageug

How to use TDI with Connections

12

Pre-packaged scripts with IBM Connections:• “Official” way to go if you want to change which users are imported or

want to change/add/get profile data. Included scripts: • collect_dns, delete_or_inactivate_employees, dump_photos_to_files, dump_pronounce_to_files,

fill_country/department/emp_type/organization/workloc, load_photos_from_files, load_pronounce_from_files, mark_managers, populate_from_dn_file, sync_all_dns

• Needs setup, has to be imported into TDI solution directory and will add two additional connectors (Profile/Photo) as well.

IBM Connections API:• Gives you access to almost every function that you can access and

use through the IBM Connections user interface. You can use standard TDI connectors (i.e. HTTP Client connector). Be aware that the API documentation is not very good (to say it nicely).

#engageug

How to use TDI with Connections

13

IBM Social Business Toolkit:• TDI is java based and therefore you can use the IBM SBT SDK to

create your own script connectors. You have to import some parts of the SDK into your TDI environment. You definitely should have a developer background. -> http://de.slideshare.net/AndreasArtner/activity-stream-how-to-feed-the-beast

Direct Database access:• Connections stores almost everything inside the RDBMS but there is no

public DB schema info from IBM. This is not a supported way to change data inside Connections (although some Partner solutions directly manipulate data in the database and their solutions are IBM supported). But you can use it to get data from Connections.

http://de.slideshare.net/AndreasArtner/activity-stream-how-to-feed-the-beast

#engageug

Community membership through a Domino application - Example

14

#engageug

Community membership through a Domino application - Example

15

#engageug

Community membership – How to

16

The workflow is as follows:1. Iterate through all Community entries in the Notes DB 2. Create Community if it is a new Community

• Check if it is a new community • Create Community Atom entry • Call/Reply request to the Communities API • Get the Uuid of the new Community & write it back to the Notes DB

3. Add missing members to every Community • Iterate through all members found in the Community entry (from the Notes

DB) and look if user is not a member in the Community member feed • Create member Atom entry • Send the member Atom entry to the Communities API

4. Add missing Owners (same steps as for member adding)

#engageug


17

1. Iterate through all Community entries in the Notes DB Just use Lotus Notes Connector in iterator mode, again this is easy.

You don’t need a running HTTP task on Domino if you use the DIIOP IOR string as Server IP Address!

#engageug


18

2. Create Community if it is a new Community • Check if it is a new community

#engageug


19

2. Create Community if it is a new Community • Create Community Atom entry

var atom_community_entry = '<?xml version="1.0" encoding="UTF-8"?><entry xmlns="http://www.w3.org/2005/Atom" xmlns:app="http://www.w3.org/2007/app" xmlns:snx="http://www.ibm.com/xmlns/prod/sn"><title type="text">' + work.Community_Name + '</title><content type="html">' + work.Description + '</content><category term="community" scheme="http://www.ibm.com/xmlns/prod/sn/type"></category><snx:communityType>' + work.Access + '</snx:communityType></entry>';

#engageug


20

2. Create Community if it is a new Community • Call/Reply request to the Communities API

This user needs the admin security role for the Communities app!

#engageug


21

2. Create Community if it is a new Community • Get the Uuid of the new Community & write it back to the Notes DB

#engageug


22

3. Add missing members to every Community • Get the Community member feed (received with HTTP client

connector)

This will create a request to following URL:…/communities/service/atom/community/ members?communityUuid=$uuid&role=member

#engageug


23

3. Add missing members to every Community • Iterate through all members found in the Community entry (from

the Notes DB) and look if user is not a member in the Community member feed

#engageug


24

3. Add missing members to every Community • Create member Atom entry through script:

var atom_member_entry = '<?xml version="1.0" encoding="UTF-8"?><entry xmlns="http://www.w3.org/2005/Atom" xmlns:app="http://www.w3.org/2007/app" xmlns:snx="http://www.ibm.com/xmlns/prod/sn"><contributor>¨<email>' + work.InternetAddress + '</email><snx:role>member</snx:role></contributor><snx:role component="http://www.ibm.com/xmlns/prod/sn/communities">member</snx:role></entry>’;

http://www.ibm.com/xmlns/prod/sn/communities

#engageug


25

3. Add missing members to every Community

• Send the member Atom entry to the Communities API (HTTP client connector)

URL on next page

This user needs the admin security role for the Communities

app! (WAS Admin

Console)

#engageug


26

3. Add missing members to every Community • Send the member Atom entry to the Communities API (HTTP

client connector)

This will create a request to following URL:…/communities/service/atom/community/members?communityUuid=$uuid

#engageug


27

4. Add missing Owners (same steps as for members)

var atom_owner_entry = '<?xml version="1.0" encoding="UTF-8"?><entry xmlns="http://www.w3.org/2005/Atom" xmlns:app="http://www.w3.org/2007/app" xmlns:snx="http://www.ibm.com/xmlns/prod/sn"><contributor><email>' + work.InternetAddress_Owner + '</email><snx:role>owner</snx:role></contributor><snx:role component="http://www.ibm.com/xmlns/prod/sn/communities">owner</snx:role></entry>’;

http://www.ibm.com/xmlns/prod/sn/communities

#engageug


28

Final assembly line

#engageug

Export users last logon date per application - Example

29

#engageug

Export users last logon date per application - Example

30

#engageug

Export users last logon date – How to

31

Example• We will export the last logon date for all users • For all applications • Export to Domino • Export to CSV • This runs scheduled weekly as a reporting to our deployment team The workflow is as follows1. Iterate through all entries in the PeopleDB and fetch uid and full name 2. Connect to the application table that contains the profile 3. Fetch user key 4. Connect to Application table that contains last logon date 5. Repeat for all applications 6. Write to Domino 7. Write to csv

#engageug


32

1. Iterate through all entries in the PeopleDB and fetch uid and full name

• Create a new assemble line and add a Database Connector. Make it an iterator and connect it to your Profiles database Employee table

#engageug


33

2. Connect to the application table that contains the profile • Will show you for 1 database (FILES) and then give you the mapping table

for the other databases • Connect to the Files database, USER_TO_LOGIN table

#engageug


34

3. Fetch user key • Use the uid_lower as your key to find the relevant user key

#engageug


35

4. Connect to Application table that contains last logon date • Now connect to the Files database USER table to get the last logon date of

this user using the USER_ID fetched in the last step as a link

#engageug


36

5. Repeat for all applications • Repeat these steps for all applications, except Blogs. The Blogs database table

ROLLERUSER contains uid and last logon date. On top of that it is the only table that uses the uid as is and not converted to lowercase (thank god for consistency)

#engageug


37

• This is the table for all the databases Applica'on* Uid*lookup*Table*

Table*Name* Uid*Column* User*Key*Column*

Blogs& Not&needed& Not&needed& Not&needed&

Bookmarks& PERSONLOGIN& LOGINNAME& PERSON_ID&

Files& USER_TO_LOGIN& LOGIN_ID& LOGIN_ID&

Forum& DF_MEMBERLOGIN& LOGINNAME_LOWER& MEMBERID&

Homepage& LOGINNAME& LOGINNAME& PERSON_ID&

AcEviEes& OA_MEMBERLOGIN& LLOGINNAME& MEMBERID&

Profiles& EMPLOYEE& PROF_UID_LOWER& PROF_KEY&

CommuniEes& MEMBERLOGIN& LOWER_LOGIN& MEMBER_UUID&

Wikis& USER_TO_LOGIN& LOGIN_ID& USER_ID&

#engageug


38

• This is the table for all the databases Applica'on* Last*Logon*table*

Table*Name* Uid* Last*Logon*

Blogs& ROLLERUSER& USERNAME& LASTLOGIN&

Bookmarks& PERSON& PERSON_ID& LASTLOGIN&

Files& USER& ID& LAST_VISIT&

Forum& MEMBERPROFILE& MEMBERID& LASTLOGIN&

Homepage& PERSON& PERSON_ID& LAST_UPDATE&

AcBviBes& OA_MEMBERPROFILE& MEMBERID& LASTLOGIN&

Profiles& PROFILE_LAST_LOGIN& PROF_KEY& LAST_LOGIN&

CommuniBes& MEMBERPROFILE& MEMBER_UUID& LASTLOGIN&

Wikis& USER& ID& LAST_VISIT&

#engageug


39

• Create a Domino Database with a form called “User” and following fields: • Activities_LASTLOGIN, Name, Blogs_LASTLOGIN, Communities_LASTLOGIN,

Dogear_LASTLOGIN, Files_LASTVISIT, Forum_LASTVISIT, Homepage_LASTUPDATE, Profiles_LASTLOGIN, Uid, Wikis_LASTVISIT

• And a view to show these

#engageug


40

6. Write to Domino • Add a Lotus Notes connector to the assembly line and connect it to your

database using diiop • Set the mode to “AddOnly”

You don’t need a running HTTP task on Domino if you use the DIIOP IOR string as Server IP Address!

#engageug


41

6. Write to Domino • Create the following output map • The reason for not having the value as is in the left column is because the

value you get from db2 is in java.sql.date format, we need to make sure we get the string

#engageug


42

7. Write to csv • To dump to a csv file add a File

System Connector and select csv as parser. Add the header fields to the Field Names and enable the write header

• Set “;” as your seperator

#engageug


43

7. Write to csv • Now we need to set

the file location and file name. We want to make this dynamic so we can schedule the script. File location will be defined in the property file. Use the following javascript to define the filename and location var srcPath=system.getTDIProperty("Cnx", "export_path")var stDateStamp=system.formatDate((new Date()),"yyyyMMdd");var outFile=srcPath + system.getTDIProperty("Cnx", "export_filename") + stDateStamp + ".csv";return outFile

#engageug


44

7. Write to csv • For the csv file we can output in the original format, no need to transform

to String as the parser will do this for us.

30.03.2015

Calibri weiss 32 Fett

Calibri 24 Fett • Calibri 18

− Calibri 18

4

#engageug

Contact

46

ch.linkedin.com/in/kbild/

kbild.ch

twitter.com/kbild

slideshare.com/kbild

linkedin.com/in/wannesrams

wannes.ramsit.com

twitter.com/wannesrams

slideshare.com/palmke

http://ch.linkedin.com/in/kbild/

http://kbild.ch

https://twitter.com/kbild

http://slideshare.com/kbild

http://linkedin.com/in/wannesrams

http://wannes.ramsit.com

http://twitter.com/wannesrams

http://slideshare.com/palmke

#engageug

Create a Wiki page with users of your Domino address book - Example

47

#engageug

Create a Wiki page with users of your Domino address book - Example

48

#engageug

Wiki page – How to

49

1. Get all Domino users in names.nsf: Just use Domino Users Connector in iterator mode, easy.

Best practice: Always use property files for your parameters, it will save you a lot of time if you want to use the AL with different servers, environments!

#engageug


50

2. Create the Wiki page Atom document (AL create_Wiki_Entry_Atom): • Find out how the Atom document has to be build

(http://www-10.lotus.com/ldd/appdevwiki.nsf/dx/Wiki_page_content_ic50)or try the SBT playground https://greenhouse.lotus.com/sbt/SBTPlayground.nsf/Explorer.xsp#api=Social_Wikis_API_Working_with_wiki_pages

• Should be easy but… Example on SBT playground (does not work)

• Works if you change the content line to <content type="text/html"><![CDATA[<p>This is James's wiki page.</p>]]>

http://www-10.lotus.com/ldd/appdevwiki.nsf/dx/Wiki_page_content_ic50

https://greenhouse.lotus.com/sbt/SBTPlayground.nsf/Explorer.xsp#api=Social_Wikis_API_Working_with_wiki_pages

#engageug


51

2. AL create_Wiki_Entry_Atom: • Define the HTML code for the page • Use the Prolog for the first part • Use the iterator to generate the list • Use the Epilog for the closing

#engageug


52

2. AL create_Wiki_Entry_Atom: • This is the final code, all on ONE line:

<?xml version="1.0" encoding="UTF-8"?><entry xmlns="http://www.w3.org/2005/Atom"><content type="text/html"><![CDATA[<div><p dir="ltr"><strong style="color: rgb(67, 106, 173);font-size:large;">All data is from the Domino directory - Example for IBM Connect in Zurich </strong> <img src="/images/graphics-star-wars-300566.gif" width="151" height="100"/></p><table border="1" cellpadding="5" cellspacing="0" dir="ltr" style="border-collapse: collapse; width: 800px;" width="246"><tbody><tr height="14"><td><strong>Name</strong></td><td><strong>Shortname</strong></td><td><strong>Title</strong></td><td><strong>Company</strong></td><td><strong>Number</strong></td><td><strong>Photo (Connections photo!)</strong></td></tr><tr><td><span class="vcard"><a class="fn url" href="">Christian Guedemann</a><span class="email" style="display: none;">[email protected]</span></span></td><td><span class="vcard"><a class="fn url" href="">CGU</a><span class="email" style="display: none;">[email protected]</span></span></td><td>Senior System Architect</td><td>WebGate Consulting AG</td><td><a href="sip://+41008008008">+41008008008</a></td><td><div style="width: 150px;height: 150px;border-radius: 75px;-webkit-border-radius: 75px;-moz-border-radius: 75px;background: url(/profiles/[email protected]) no-repeat;"></div></td></tr><tr><td><span class="vcard"><a class="fn url" href="">Klaus Bild</a><span class="email" style="display: none;">[email protected]</span></span></td><td><span class="vcard"><a class="fn url" href="">KBI</a><span class="email" style="display: none;">[email protected]</span></span></td><td>Senior System Architect</td><td>WebGate Consulting AG</td><td><a href="sip://+41004004004">+41004004004</a></td><td><div style="width: 150px;height: 150px;border-radius: 75px;-webkit-border-radius: 75px;-moz-border-radius: 75px;background: url(/profiles/[email protected]) no-repeat;"></div></td></tr><tr><td><span class="vcard"><a class="fn url" href="">Christoph Stoettner</a><span class="email" style="display: none;">[email protected]</span></span></td><td><span class="vcard"><a class="fn url" href="">CST</a><span class="email" style="display: none;">[email protected]</span></span></td><td>Senior IT Consultant</td><td>Fritz and Macziol GmbH</td><td><a href="sip://+41003003003">+41003003003</a></td><td><div style="width: 150px;height: 150px;border-radius: 75px;-webkit-border-radius: 75px;-moz-border-radius: 75px;background: url(/profiles/[email protected]) no-repeat;"></div></td></tr><tr><td><span class="vcard"><a class="fn url" href="">Sharon Bellamy</a><span class="email" style="display: none;">[email protected]</span></span></td><td><span class="vcard"><a class="fn url" href="">SBE</a><span class="email" style="display: none;">[email protected]</span></span></td><td>IT Consultant</td><td>Cube Soft Consulting</td><td><a href="sip://+41003003003">+41003003003</a></td><td><div style="width: 150px;height: 150px;border-radius: 75px;-webkit-border-radius: 75px;-moz-border-radius: 75px;background: url(/profiles/[email protected]) no-repeat;"></div></td></tr><tr><td><span class="vcard"><a class="fn url" href="">Wannes Rams</a><span class="email" style="display: none;">[email protected]</span></span></td><td><span class="vcard"><a class="fn url" href="">WRA</a><span class="email" style="display: none;">[email protected]</span></span></td><td>Social Business Consultant</td><td>GFI</td><td><a href="sip://+41003003003">+41003003003</a></td><td><div style="width: 150px;height: 150px;border-radius: 75px;-webkit-border-radius: 75px;-moz-border-radius: 75px;background: url(/profiles/[email protected]) no-repeat;"></div></td></tr></tbody></table></div> ]]></content><category scheme="tag:ibm.com,2006:td/type" term="page" label="page" /></entry>

#engageug


53

3. Send the Wiki page Atom document to the Wikis API (HTTP client connector):

• This is good documented http://www-10.lotus.com/ldd/appdevwiki.nsf/dx/Updating_a_wiki_page_ic50

http://www-10.lotus.com/ldd/appdevwiki.nsf/dx/Updating_a_wiki_page_ic50

#engageug


54This user needs editor rights on the Wiki

#engageug

Wiki page – SSL requests

55

• Most Connections environments force traffic over SSL • If you get following error if you call the Connections API through

SSL you have to import the Connections server certificate into TDI_install_dir/jserverapi/testadmin.jks (pw: administrator)

#engageug


56

4. Final step is to create an AL with combines the create_Wiki_Entry_Atom AL and the HTTP client connector