Directory synchronization for SmartCloud iNotes is achieved by setting up an on-premises integration client and uploading a LDAP Data Interchange Format (LDIF) file to the SmartCloud Enterprise Integration Site as shown in the figure below. The blue line marked components are key components to this integration solution.
The integration client is a computer system (can be a virtual machine) that connects to your IBM Domino Directory, Microsoft Active Directory, Tivoli Directory Server, or any other LDAP source. The integration client can be an administrative workstation that just creates the LDIF file or it can be a full function server that hosts IBM Security Directory Integrator to read changes from the corporate directory automatically.
The IBM Softlayer cloud can host the integration client with both setup types, removing the need for additional hardware costs and risks of hardware failure.
The connection from the Directory Source can be established by running Tivoli Directory Integrator (TDI) software with a specific assembly line (AL) that creates the LDIF change file. The TDI AL needs to be able to detect the changes in the directory and then create the LDIF change file once a change has occurred.
You must create the LDIF change file according to the IBM SmartCloud Integration Site naming convention as shown in the following figure:
For more information, see the Creating directory integration change files
The following are examples of LDIF change files:
- Add a new user (for addressing lookups, not provisioning):
DN: cn=Joe Smith,ou=Development,o=Acme
displayName: Joe Smith
telephoneNumber: 999 123-9876
- Delete a user:
DN: cn=Joe Smith,ou=Quality Assurance,o=Acme
- Modify or add a phone number:
DN: cn=Joe Smith,ou=Marketing,o=Acme
telephoneNumber: 111 222-3333
More examples about the LDIF files, see the IBM SmartCloud for Social Business
IBM SmartCloud Integration and Migration site
The IBM SmartCloud Integration and Migration site is an FTP site that provides you with a landing zone for your directory synchronization files. To obtain your own integration site, contact the IBM SmartCloud Customer Support Group (CSG) by email, asking for the enablement of your corporate integration site. The email should contain, at least, the following information:
Make sure that you provide CSG with an non-personal account (for example: email@example.com) to prevent services disruption when the administrator leaves your organization or when a personal account is locked out. For more information about integration server enablement, see the Requesting integration server enablement
section of the IBM SmartCloud for Social Business documentation.
Automating LDIF file transfer
You probably want to automate the upload of LDIF files after the files have been created. There are many software options that support file transfer through FTP. Note that the software must be able to run FTP encrypted transfer with Implicit mode over TLS and the software must be able to accept the IBM security certificate.
We see these software options used: Filezilla, Robotask, or WinSCP. But other solutions could work for you as well.
In addition, the firewalls must be opened to support ports: 990 and 60000-61000 for passive transfers (pasv). The following table shows the SmartCloud Integration Site firewall rules:
Implicit FTPS connection
60000 - 61000
The figure below shows an example of how to set up FileZilla :
After you have a session in place, you must accept the certificate from the Integration Site. The following figure shows the session information details:
The figure below shows an example of how to set up WinSCP:
Knowing this, you understand that IBM takes security serious.
- You must register to use the integration site.
- You must provide a specific account that has authority to upload files.
- You must provide the files in a specific file format with predefined content formatting.
- You must provide the files over a secure connection that requires you to accept security certificates.