the lazy administrator, how to make your life easier by...
TRANSCRIPT
#engageug
The lazy administratorHow to make your life easier by using TDI to automate your work
Klaus Bild - WebGate AG Wannes Rams - Ramsit
#engageug
About us
2
Senior System Architect WebGate AG
IBM ConnectionsIBM Sametime
TDI Softlayer Scripting
…
Senior Consultant Ramsit
IBM Connections IBM Sametime
TDI IBM Domino Networking
…
#engageug
Agenda
3
Introduction to TDI (a.k.a SDI)• What is TDI • How to use it with Domino • How to use it with Connections
Examples, examples, examples• Maintain Community membership through a Domino
application • Export users last logon date per application • Create a Wiki page with users of your Domino address book
#engageug
Goal
4
Giving you a basic understanding
how you can use Tivoli Directory Integrator
to reuse data which resides in IBM Connections
or IBM Domino.
#engageug
Who are you?
5
And hey, did I already mention:
Disclaimer: We are not a developers
#engageug
What is Tivoli Directory Integrator (TDI 7.1.1) aka Security Directory Integrator (SDI 7.2)
6
Input&(Feed)&
Assembly&Line&(AL)&
Output&
Func6ons& Flow&Components&
Scripts& A<ribute&Maps&
#engageug
What is Tivoli Directory Integrator (TDI 7.1.1) aka Security Directory Integrator (SDI 7.2)
7
Modes: • AddOnly (A) • CallReply (C) • Delete (D) • Delta (Δ)
• Iterator (I) • Lookup (L) • Update (U) • Server (S)
#engageug
What is Tivoli Directory Integrator (TDI 7.1.1) aka Security Directory Integrator (SDI 7.2)
8
Available Connectors (7.1.1, more than 60):• Active Directory Change Detection Connector • AssemblyLine Connector • Axis Easy Web Service Server Connector • Axis2 Web Service Server Connector • CCMDB Connector • Command line Connector • Database Connector • Deployed Assets Connector • Direct TCP /URL scripting • custom • Domino AdminP Connector • Domino Change Detection Connector • Domino Users Connector • DSMLv2 SOAP Connector • DSMLv2 SOAP Server Connector • EIF Connector • File Connector • File Management Connector • Form Entry Connector • FTP Client Connector • Generic Log Adapter Connector • Old HTTP Client Connector • HTTP Client Connector • Old HTTP Server Connector • HTTP Server Connector • IBM MQ Connector • IBM Directory Server Changelog Connector • IdML CI and Relationship Connector • IT Registry CI and Relationship Connector • ITIM Agent Connector • TIM DSMLv2 Connector • JDBC Connector • JMS Connector • JMS Password Store Connector
• JMX Connector • JNDI Connector • LDAP Connector • LDAP Group Members Connector • LDAP Server Connector • Log Connector • Lotus Notes Connector • Mailbox Connector • Memory Queue Connector • Memory Stream Connector • Properties Connector • RAC Connector • RDBMS Change Detection Connector • SAP ABAP Application Server Business Object Repository
Connector • SAP ABAP Application Server User Registry Connector • Script Connector • Server Notifications Connector • Simple Tpae IF Connector • SNMP Connector • SNMP Server Connector • Sun Directory Change Detection Connector • System Queue Connector • System Store Connector • TADDM Change Detection Connector • TADDM Connector • TCP Connector • TCP Server Connector • Tivoli Access Manager (TAM) Connector • Timer Connector • Tpae IF Change Detection Connector • Tpae IF Connector • URL Connector • Web Service Receiver Server Connector • Windows Users and Groups Connector • z/OS LDAP Changelog Connector
#engageug
How to use TDI with Domino
9
Available Connectors for Notes/Domino:• Domino Change Detection Connector (Mode: I):
Enables TDI to detect when changes have occurred to a nsf database maintained on a Domino server and reports changed Domino documents.
• Domino Users Connector (Mode: ADILU): Provides access to Lotus Domino user accounts and the means for managing them.
• Lotus Notes Connector (Mode: ADILU):Works directly with any type of Notes Documents in any .nsf database.
• Domino AdminP Connector (Mode: AI): The Domino AdminP Connector is a special version of the Lotus Notes Connector, the database parameter is always set to admin4.nsf. It has the capability to sign fields while adding a document and you can create AdminP request.
Or use non Domino specific: LDAP Connector (ADILUΔ) / HTTP Client Connector (AILC)
#engageug
How to use TDI with Domino
10
Supported session types by Connector:Supported)Sessions)>)
Connectors)V)Local)Client)Session) Local)Server)Session) IIOP)session)
Domino&Change&Detec.on&Connector&
Yes& No) Yes&
Domino&Users&Connector&
Yes& Yes& Yes&
Lotus&Notes&Connector&
Yes) Yes& Yes&
Domino&AdminP&Connector&
No)&
Yes& Yes&
-> IIOP session gives you the highest flexibility
#engageug
How to use TDI with Domino
11
If you are using IIOP sessions, perform the following:
• Ensure the Notes.jar file does not exist in the TDI_install_dir/jars folder and any of its subfolders.
• Copy Domino_data/domino/java/NCSO.jar to TDI_install_dir/jars/3rdparty/IBM or to the folder specified by the com.ibm.di.loader.userjars property in global.properties (or solution.properties).
#engageug
How to use TDI with Connections
12
Pre-packaged scripts with IBM Connections:• “Official” way to go if you want to change which users are imported or
want to change/add/get profile data. Included scripts: • collect_dns, delete_or_inactivate_employees, dump_photos_to_files, dump_pronounce_to_files,
fill_country/department/emp_type/organization/workloc, load_photos_from_files, load_pronounce_from_files, mark_managers, populate_from_dn_file, sync_all_dns
• Needs setup, has to be imported into TDI solution directory and will add two additional connectors (Profile/Photo) as well.
IBM Connections API:• Gives you access to almost every function that you can access and
use through the IBM Connections user interface. You can use standard TDI connectors (i.e. HTTP Client connector). Be aware that the API documentation is not very good (to say it nicely).
#engageug
How to use TDI with Connections
13
IBM Social Business Toolkit:• TDI is java based and therefore you can use the IBM SBT SDK to
create your own script connectors. You have to import some parts of the SDK into your TDI environment. You definitely should have a developer background. -> http://de.slideshare.net/AndreasArtner/activity-stream-how-to-feed-the-beast
Direct Database access:• Connections stores almost everything inside the RDBMS but there is no
public DB schema info from IBM. This is not a supported way to change data inside Connections (although some Partner solutions directly manipulate data in the database and their solutions are IBM supported). But you can use it to get data from Connections.
#engageug
Community membership through a Domino application - Example
14
#engageug
Community membership through a Domino application - Example
15
#engageug
Community membership – How to
16
The workflow is as follows:1. Iterate through all Community entries in the Notes DB 2. Create Community if it is a new Community
• Check if it is a new community • Create Community Atom entry • Call/Reply request to the Communities API • Get the Uuid of the new Community & write it back to the Notes DB
3. Add missing members to every Community • Iterate through all members found in the Community entry (from the Notes
DB) and look if user is not a member in the Community member feed • Create member Atom entry • Send the member Atom entry to the Communities API
4. Add missing Owners (same steps as for member adding)
#engageug
Community membership – How to
17
1. Iterate through all Community entries in the Notes DB Just use Lotus Notes Connector in iterator mode, again this is easy.
You don’t need a running HTTP task on Domino if you use the DIIOP IOR string as Server IP Address!
#engageug
Community membership – How to
18
2. Create Community if it is a new Community • Check if it is a new community
#engageug
Community membership – How to
19
2. Create Community if it is a new Community • Create Community Atom entry
var atom_community_entry = '<?xml version="1.0" encoding="UTF-8"?><entry xmlns="http://www.w3.org/2005/Atom" xmlns:app="http://www.w3.org/2007/app" xmlns:snx="http://www.ibm.com/xmlns/prod/sn"><title type="text">' + work.Community_Name + '</title><content type="html">' + work.Description + '</content><category term="community" scheme="http://www.ibm.com/xmlns/prod/sn/type"></category><snx:communityType>' + work.Access + '</snx:communityType></entry>';
#engageug
Community membership – How to
20
2. Create Community if it is a new Community • Call/Reply request to the Communities API
This user needs the admin security role for the Communities app!
#engageug
Community membership – How to
21
2. Create Community if it is a new Community • Get the Uuid of the new Community & write it back to the Notes DB
#engageug
Community membership – How to
22
3. Add missing members to every Community • Get the Community member feed (received with HTTP client
connector)
This will create a request to following URL:…/communities/service/atom/community/ members?communityUuid=$uuid&role=member
#engageug
Community membership – How to
23
3. Add missing members to every Community • Iterate through all members found in the Community entry (from
the Notes DB) and look if user is not a member in the Community member feed
#engageug
Community membership – How to
24
3. Add missing members to every Community • Create member Atom entry through script:
var atom_member_entry = '<?xml version="1.0" encoding="UTF-8"?><entry xmlns="http://www.w3.org/2005/Atom" xmlns:app="http://www.w3.org/2007/app" xmlns:snx="http://www.ibm.com/xmlns/prod/sn"><contributor>¨<email>' + work.InternetAddress + '</email><snx:role>member</snx:role></contributor><snx:role component="http://www.ibm.com/xmlns/prod/sn/communities">member</snx:role></entry>’;
#engageug
Community membership – How to
25
3. Add missing members to every Community
• Send the member Atom entry to the Communities API (HTTP client connector)
URL on next page
This user needs the admin security role for the Communities
app! (WAS Admin
Console)
#engageug
Community membership – How to
26
3. Add missing members to every Community • Send the member Atom entry to the Communities API (HTTP
client connector)
This will create a request to following URL:…/communities/service/atom/community/members?communityUuid=$uuid
#engageug
Community membership – How to
27
4. Add missing Owners (same steps as for members)
var atom_owner_entry = '<?xml version="1.0" encoding="UTF-8"?><entry xmlns="http://www.w3.org/2005/Atom" xmlns:app="http://www.w3.org/2007/app" xmlns:snx="http://www.ibm.com/xmlns/prod/sn"><contributor><email>' + work.InternetAddress_Owner + '</email><snx:role>owner</snx:role></contributor><snx:role component="http://www.ibm.com/xmlns/prod/sn/communities">owner</snx:role></entry>’;
#engageug
Community membership – How to
28
Final assembly line
#engageug
Export users last logon date per application - Example
29
#engageug
Export users last logon date per application - Example
30
#engageug
Export users last logon date – How to
31
Example• We will export the last logon date for all users • For all applications • Export to Domino • Export to CSV • This runs scheduled weekly as a reporting to our deployment team The workflow is as follows1. Iterate through all entries in the PeopleDB and fetch uid and full name 2. Connect to the application table that contains the profile 3. Fetch user key 4. Connect to Application table that contains last logon date 5. Repeat for all applications 6. Write to Domino 7. Write to csv
#engageug
Export users last logon date – How to
32
1. Iterate through all entries in the PeopleDB and fetch uid and full name
• Create a new assemble line and add a Database Connector. Make it an iterator and connect it to your Profiles database Employee table
#engageug
Export users last logon date – How to
33
2. Connect to the application table that contains the profile • Will show you for 1 database (FILES) and then give you the mapping table
for the other databases • Connect to the Files database, USER_TO_LOGIN table
#engageug
Export users last logon date – How to
34
3. Fetch user key • Use the uid_lower as your key to find the relevant user key
#engageug
Export users last logon date – How to
35
4. Connect to Application table that contains last logon date • Now connect to the Files database USER table to get the last logon date of
this user using the USER_ID fetched in the last step as a link
#engageug
Export users last logon date – How to
36
5. Repeat for all applications • Repeat these steps for all applications, except Blogs. The Blogs database table
ROLLERUSER contains uid and last logon date. On top of that it is the only table that uses the uid as is and not converted to lowercase (thank god for consistency)
#engageug
Export users last logon date – How to
37
• This is the table for all the databases Applica'on* Uid*lookup*Table*
Table*Name* Uid*Column* User*Key*Column*
Blogs& Not&needed& Not&needed& Not&needed&
Bookmarks& PERSONLOGIN& LOGINNAME& PERSON_ID&
Files& USER_TO_LOGIN& LOGIN_ID& LOGIN_ID&
Forum& DF_MEMBERLOGIN& LOGINNAME_LOWER& MEMBERID&
Homepage& LOGINNAME& LOGINNAME& PERSON_ID&
AcEviEes& OA_MEMBERLOGIN& LLOGINNAME& MEMBERID&
Profiles& EMPLOYEE& PROF_UID_LOWER& PROF_KEY&
CommuniEes& MEMBERLOGIN& LOWER_LOGIN& MEMBER_UUID&
Wikis& USER_TO_LOGIN& LOGIN_ID& USER_ID&
#engageug
Export users last logon date – How to
38
• This is the table for all the databases Applica'on* Last*Logon*table*
Table*Name* Uid* Last*Logon*
Blogs& ROLLERUSER& USERNAME& LASTLOGIN&
Bookmarks& PERSON& PERSON_ID& LASTLOGIN&
Files& USER& ID& LAST_VISIT&
Forum& MEMBERPROFILE& MEMBERID& LASTLOGIN&
Homepage& PERSON& PERSON_ID& LAST_UPDATE&
AcBviBes& OA_MEMBERPROFILE& MEMBERID& LASTLOGIN&
Profiles& PROFILE_LAST_LOGIN& PROF_KEY& LAST_LOGIN&
CommuniBes& MEMBERPROFILE& MEMBER_UUID& LASTLOGIN&
Wikis& USER& ID& LAST_VISIT&
#engageug
Export users last logon date – How to
39
• Create a Domino Database with a form called “User” and following fields: • Activities_LASTLOGIN, Name, Blogs_LASTLOGIN, Communities_LASTLOGIN,
Dogear_LASTLOGIN, Files_LASTVISIT, Forum_LASTVISIT, Homepage_LASTUPDATE, Profiles_LASTLOGIN, Uid, Wikis_LASTVISIT
• And a view to show these
#engageug
Export users last logon date – How to
40
6. Write to Domino • Add a Lotus Notes connector to the assembly line and connect it to your
database using diiop • Set the mode to “AddOnly”
You don’t need a running HTTP task on Domino if you use the DIIOP IOR string as Server IP Address!
#engageug
Export users last logon date – How to
41
6. Write to Domino • Create the following output map • The reason for not having the value as is in the left column is because the
value you get from db2 is in java.sql.date format, we need to make sure we get the string
#engageug
Export users last logon date – How to
42
7. Write to csv • To dump to a csv file add a File
System Connector and select csv as parser. Add the header fields to the Field Names and enable the write header
• Set “;” as your seperator
#engageug
Export users last logon date – How to
43
7. Write to csv • Now we need to set
the file location and file name. We want to make this dynamic so we can schedule the script. File location will be defined in the property file. Use the following javascript to define the filename and location var srcPath=system.getTDIProperty("Cnx", "export_path")var stDateStamp=system.formatDate((new Date()),"yyyyMMdd");var outFile=srcPath + system.getTDIProperty("Cnx", "export_filename") + stDateStamp + ".csv";return outFile
#engageug
Export users last logon date – How to
44
7. Write to csv • For the csv file we can output in the original format, no need to transform
to String as the parser will do this for us.
30.03.2015
Calibri weiss 32 Fett
Calibri 24 Fett • Calibri 18
− Calibri 18
4
#engageug
Contact
46
ch.linkedin.com/in/kbild/
kbild.ch
twitter.com/kbild
slideshare.com/kbild
linkedin.com/in/wannesrams
wannes.ramsit.com
twitter.com/wannesrams
slideshare.com/palmke
#engageug
Create a Wiki page with users of your Domino address book - Example
47
#engageug
Create a Wiki page with users of your Domino address book - Example
48
#engageug
Wiki page – How to
49
1. Get all Domino users in names.nsf: Just use Domino Users Connector in iterator mode, easy.
Best practice: Always use property files for your parameters, it will save you a lot of time if you want to use the AL with different servers, environments!
#engageug
Wiki page – How to
50
2. Create the Wiki page Atom document (AL create_Wiki_Entry_Atom): • Find out how the Atom document has to be build
(http://www-10.lotus.com/ldd/appdevwiki.nsf/dx/Wiki_page_content_ic50)or try the SBT playground https://greenhouse.lotus.com/sbt/SBTPlayground.nsf/Explorer.xsp#api=Social_Wikis_API_Working_with_wiki_pages
• Should be easy but… Example on SBT playground (does not work)
• Works if you change the content line to <content type="text/html"><![CDATA[<p>This is James's wiki page.</p>]]>
#engageug
Wiki page – How to
51
2. AL create_Wiki_Entry_Atom: • Define the HTML code for the page • Use the Prolog for the first part • Use the iterator to generate the list • Use the Epilog for the closing
#engageug
Wiki page – How to
52
2. AL create_Wiki_Entry_Atom: • This is the final code, all on ONE line:
<?xml version="1.0" encoding="UTF-8"?><entry xmlns="http://www.w3.org/2005/Atom"><content type="text/html"><![CDATA[<div><p dir="ltr"><strong style="color: rgb(67, 106, 173);font-size:large;">All data is from the Domino directory - Example for IBM Connect in Zurich </strong> <img src="/images/graphics-star-wars-300566.gif" width="151" height="100"/></p><table border="1" cellpadding="5" cellspacing="0" dir="ltr" style="border-collapse: collapse; width: 800px;" width="246"><tbody><tr height="14"><td><strong>Name</strong></td><td><strong>Shortname</strong></td><td><strong>Title</strong></td><td><strong>Company</strong></td><td><strong>Number</strong></td><td><strong>Photo (Connections photo!)</strong></td></tr><tr><td><span class="vcard"><a class="fn url" href="">Christian Guedemann</a><span class="email" style="display: none;">[email protected]</span></span></td><td><span class="vcard"><a class="fn url" href="">CGU</a><span class="email" style="display: none;">[email protected]</span></span></td><td>Senior System Architect</td><td>WebGate Consulting AG</td><td><a href="sip://+41008008008">+41008008008</a></td><td><div style="width: 150px;height: 150px;border-radius: 75px;-webkit-border-radius: 75px;-moz-border-radius: 75px;background: url(/profiles/[email protected]) no-repeat;"></div></td></tr><tr><td><span class="vcard"><a class="fn url" href="">Klaus Bild</a><span class="email" style="display: none;">[email protected]</span></span></td><td><span class="vcard"><a class="fn url" href="">KBI</a><span class="email" style="display: none;">[email protected]</span></span></td><td>Senior System Architect</td><td>WebGate Consulting AG</td><td><a href="sip://+41004004004">+41004004004</a></td><td><div style="width: 150px;height: 150px;border-radius: 75px;-webkit-border-radius: 75px;-moz-border-radius: 75px;background: url(/profiles/[email protected]) no-repeat;"></div></td></tr><tr><td><span class="vcard"><a class="fn url" href="">Christoph Stoettner</a><span class="email" style="display: none;">[email protected]</span></span></td><td><span class="vcard"><a class="fn url" href="">CST</a><span class="email" style="display: none;">[email protected]</span></span></td><td>Senior IT Consultant</td><td>Fritz and Macziol GmbH</td><td><a href="sip://+41003003003">+41003003003</a></td><td><div style="width: 150px;height: 150px;border-radius: 75px;-webkit-border-radius: 75px;-moz-border-radius: 75px;background: url(/profiles/[email protected]) no-repeat;"></div></td></tr><tr><td><span class="vcard"><a class="fn url" href="">Sharon Bellamy</a><span class="email" style="display: none;">[email protected]</span></span></td><td><span class="vcard"><a class="fn url" href="">SBE</a><span class="email" style="display: none;">[email protected]</span></span></td><td>IT Consultant</td><td>Cube Soft Consulting</td><td><a href="sip://+41003003003">+41003003003</a></td><td><div style="width: 150px;height: 150px;border-radius: 75px;-webkit-border-radius: 75px;-moz-border-radius: 75px;background: url(/profiles/[email protected]) no-repeat;"></div></td></tr><tr><td><span class="vcard"><a class="fn url" href="">Wannes Rams</a><span class="email" style="display: none;">[email protected]</span></span></td><td><span class="vcard"><a class="fn url" href="">WRA</a><span class="email" style="display: none;">[email protected]</span></span></td><td>Social Business Consultant</td><td>GFI</td><td><a href="sip://+41003003003">+41003003003</a></td><td><div style="width: 150px;height: 150px;border-radius: 75px;-webkit-border-radius: 75px;-moz-border-radius: 75px;background: url(/profiles/[email protected]) no-repeat;"></div></td></tr></tbody></table></div> ]]></content><category scheme="tag:ibm.com,2006:td/type" term="page" label="page" /></entry>
#engageug
Wiki page – How to
53
3. Send the Wiki page Atom document to the Wikis API (HTTP client connector):
• This is good documented http://www-10.lotus.com/ldd/appdevwiki.nsf/dx/Updating_a_wiki_page_ic50
#engageug
Wiki page – How to
54This user needs editor rights on the Wiki
#engageug
Wiki page – SSL requests
55
• Most Connections environments force traffic over SSL • If you get following error if you call the Connections API through
SSL you have to import the Connections server certificate into TDI_install_dir/jserverapi/testadmin.jks (pw: administrator)
#engageug
Wiki page – How to
56
4. Final step is to create an AL with combines the create_Wiki_Entry_Atom AL and the HTTP client connector