Installing the adapter

Download the adapter installation software from Passport Advantage® and then install the adapter.

1. Extract the contents of the download file. Take these steps:
   1. Create a temporary directory on the computer on which you want to install the software.
   2. Extract the contents of the compressed file into the temporary directory.
2. Start the installation program with the setup.exe file in the temporary directory.
3. Click Next on the Welcome window.
4. Do the following:
   • Review the license agreement and select Accept.
   • Click Next.
5. Select either Full installation or Update installation and click Next to display the Select Destination Directory window. Remember that the adapter must already exist if you want to perform an updated installation
6. Specify the name of the adapter instance in the Adapter Name field. This name is used in the adapter registry settings, for the name of the installation folder, and as the service name for the Lotus Notes Adapter. Then, click Next.
7. Specify where you want to install the adapter in the Directory Name field.

   Do one of the following:

   • Click Next to accept the default location.
   • Click Browse and navigate to a different directory and click Next.
8. Specify the required information about your Lotus Domino server in these fields in the Domino Server Name window:

   Domino Version Number

   The version number of your Lotus Domino server.

   Domino Server Name

   Type the Lotus Domino server name that the adapter uses. Enter the server name in the following format:

   CN=<Server Name>/O=<Organization Name> 

   For example,

   CN=Condor/O=IBM

   Domino Server Address Book

   If the adapter use any address book other than the default NAMES.NSF, type the name of the Lotus Domino server address book.

   Then, click Next.
9. Specify the login information for the Domino Administrator in these fields in the Workstation Information window:

   File Location

   Type the workstation ID file that the adapter uses. Enter the fully qualified name of the file, for example, D:\Lotus\Notes\Data\user.id

   Workstation Password

   Type the password associated with the ID file, which is used to access the Lotus Domino server, through the Domino Administrator. Passwords are case-sensitive.

   Then, click Next.
10. Specify the groups where suspended users are added in these fields in the Suspend Group and Suspend HTTP Group Name window:

    Suspend Group Name

    Type the name of the group to which suspended users are added. The default value is SuspendGroup.

    Suspend HTTP Group Name

    Type the name of the group to which suspended users are added for HTTP access. The default value is HTTPSuspendGroup.

    Then, click Next.
11. In the Delete Group Name and Deny Access Log window, complete the following fields:

    Delete Group Name

    Type the name of the group to which deleted users are added. For example,

    Deleted Users

    Deny Access Log Name

    Type the name of the database file that lists the deleted or suspended user documents. User documents are removed from this database file when a user is added or restored. For example, LogDB.nsf

    Note: If Log DB is in a multilevel directory structure in the data directory of Lotus Domino server at \admindatabases\adapterdatabases, then the value of registry key Log DB must be admindatabases\adapterdatabases\logdb.nsf

    Then, click Next.
12. In the Attributes to be Reconciled, Not Reconciled Attributes, and Synchronize HTTP Password window complete the following fields:

    Attributes to be Reconciled

    Specify a list of attributes to include in the reconciliation process. Separate the attributes with a semicolon (;) if you list more than one attribute, for example, Certificate;$UpdatedBy;$Revisions. If you leave the Reconciled Attributes field blank, all attributes except the ones specified in the Not Reconciled Attributes List are returned during reconciliation.

    Not Reconciled Attributes List

    Specify a list of attributes to exclude from the reconciliation process. Separate the attributes with a semicolon (;) if you list more than one attribute, for example, Certificate;$UpdatedBy;$Revisions.

    Synchronize HTTP Password

    Select Yes to synchronize the user password as the Internet/HTTP password for the user. Select No to not synchronize the user password. The default is Yes.

    Then, click Next.
13. Specify how you want to use short names in these fields in the Use Short Name and Audit Short Name window:

    Use Short Name

    Select Yes to use short names as user IDs in IBM Security Identity Manager. Select No to not use short names. The default is No.

    Note: When Yes is selected during this step, do not use the Short Name field on the IBM Security Identity Manager GUI Account form.

    Audit Short Name

    Select Yes to use internet addresses as user IDs in IBM Security Identity Manager. The internet address is used only when a user's short name is not present on the resource. Select No to not use internet addresses. The default is No.

    Then, click Next.
14. Specify information about the user address book and mail file in these fields in the Note IDs Address Book and Delete Mail Database File window:

    Note IDs Address Book

    Type the name of the database file to use to store ID file and password information for newly created users in IBM Security Identity Manager. For example,

    NoteIDsAddressBook.nsf

    Note: If NoteIDsAddressBook is in a multilevel folder directory structure in the data directory of Lotus Domino server at \admindatabases\adapterdatabases, then the value of registry key NoteIDsAddressBook must be admindatabases\adapterdatabases\NoteIDsAddressBook.NSF.

    Delete Mail Database File

    Select Yes to delete the mail database file of a user when an account is detected in IBM Security Identity Manager. Select No to keep the mail database file. The default is Yes.

    Then, click Next.
15. Specify information in these fields in the Change HTTPPassword Only, Change HTTPPassword First, Store ERUID in FullName, and Update Server Doc window:

    Change HTTPPassword Only

    Specify whether only HTTP password is changed in the password change operation from IBM Security Identity Manager. Select YES if only HTTP password is to be changed in the password change operation. The default value is NO.

    Change HTTPPassword First

    Specify how to store the HTTP password during a change operation. Select Yes if you want to change the HTTP password first before changing the user password. The default value is No.

    Store ERUID in FullName

    Specify whether you want to store the ERUID or User ID attribute in the FullName field in the person document. Select Yes if you want to store the attribute in the FullName field. The default value is Yes.

    This registry key can be used only when either the ShortName, Custom Attribute, or ITIM_ERUID fields are used to store the ERUID attribute.

    Update Server Doc

    Specify whether you want to include all suspended groups in the Not Access Server field of the server document. Select Yes include all suspended groups in the Not Access Server field. The default value is NO.

    Then, click Next.
16. If the default Certifier ID file is used for ADD operations, complete the following fields in the Certifier ID File Path and Certifier password window:

    Certifier ID File Path

    Optional: Specify the file path for the certifier ID file. The certifier ID file is the default file used for ADD operations. If the file path for the certifier file is not specified when you add a user, the file path from this field is used. If you specify the path for the certifier file when you add a user, the file path in this field is ignored. For example, you might specify the certifier ID file path as C:\Lotus\Domino\cert.id.

    Certification Password

    Specify the password for the certifier ID file that is provided in the Certifier ID File Path field. If a file path is not provided in this field, then you do not need to provide a password.

    Use the agentCfg to change the value of the Certification Password registry key.

    Then, click Next.
17. Specify information in these fields in the Mail Template Server and Execute AdminP Operation window:

    Mail Template Server

    Specify the server name for mail template files to be used by the adapter. If a value is not specified for this registry key, the adapter uses the mail template files from the Domino Registration Server. The files for the Domino Registration Server are specified for the Domino Server registry key.

    Execute AdminP Operation

    Specify whether the AdminP operation is used to deprovision a user. Select Yes if you want the AdminP operation to be used when deprovisioning a user from IBM Security Identity Manager. The default value is NO. For Domino Version 6.5 and later Delete Person in NAB is used to deprovision a user.

    Then, click Next.
18. Specify the Create Group If Not Present attribute if the group is not available on the Lotus Domino server. Select Yes if you want the adapter to create a group on the Lotus Domino server when you perform the add or modify user account operation from IBM Security Identity Manager. Select No if you do not want the adapter to create a group on the Lotus Domino server if the group is not available on the Lotus Domino server when you perform the add or modify user account operation from IBM Security Identity Manager. The default value is No.
19. Specify whether the ID Vault is configured on the Lotus Domino server.
    The default setting is No.
20. Review the installation settings in the Install Summary window. Take one of the following actions:
    • Click Back and return to a previous window to change any of these settings.
    • Click Next when you are ready to begin the installation.
21. Click Finish when the software displays the Install Completed window.