When you change to a new LDAP directory with the same users, you must synchronize the
user data in Profiles with the user data in your new LDAP directory. You can use the
sync_all_dns command, provided that certain criteria are met.
Before you begin
You must ensure that the values of either the uid or the email address in the existing data
source match those in the new deployment LDAP directory. If neither of these properties have
matching values, you cannot use the scripts provided with IBM®
Connections to synchronize. Note: Changing a user's identifier in Connections Content Manager (CCM)
results in the user record being viewed by the system as a completely new user, and access will be
lost, which can be a particular concern when administrative access is lost.
Procedure
To use the scripts provided with IBM Connections to synchronize the IDs and update
Profiles, complete the following steps:
- Open the profiles_tdi.properties file from the IBM Tivoli® Directory Integrator solution directory on the system that hosts the
Profiles application in a text editor, and edit the following properties to match the values of the
corresponding properties in the LDAP system:
- source_ldap_url
- source_ldap_user_login
- source_ldap_user_password
- source_ldap_search_base
- source_ldap_search_filter
- source_ldap_use_ssl
For more information about these properties and how they are used, see Tivoli Directory
Integrator solution properties for Profiles.
- Ensure that the guid property in the
map_dbrepos_from_source.properties file is set to the appropriate value for
your LDAP:
- IBM
Tivoli Directory Server:
guid=ibm-entryUuid
- IBM
Lotus®
Domino®
Directory:
guid={function_map_from_dominoUNID}
- Microsoft Active
Directory:
guid={function_map_from_objectGUID}
- Sun Java System Directory
Server:
guid=nsuniqueid
- Novell (NetIQ) eDirectory:
guid={function_map_from_GUID}
- Ensure that all other properties in the map_dbrepos_from_source.properties
are set to the correct LDAP attribute name.
- Identify a database attribute to synchronize with, either uid or
email, with the same value per member in the old LDAP deployment as in the new,
and then set the sync_updates_hash_field property in the
profiles_tdi.properties file to this attribute. For example:
sync_updates_hash_field=uid
- Synchronize the data so that the values from the new LDAP deployment are updated in the
Profiles database by running the following script:
For more information about the properties that you can set when synchronizing LDAP data with
Profiles, see Synchronizing the Profiles database with your organization's user
data.