Domino recognizes only distinguished names that contain the traditional Domino "CN,"OU," "O," and (optionally) "C" components. If the distinguished names of external members in an LDAP directory do not follow this model and you use Domino Off-Line Services with IBM® Lotus® Quickr™, you must use qpconfig.xml settings to translate users' names into a format that Domino recognizes, and then translate those names back into their original LDAP format.
About this task
For example, the distinguished name "CN=James Moore, OU=East, O=Acme, C=US" does not require translation, but the name UID=
Example of translating names that contain the dc attribute
If the distinguished names of external members in an LDAP directory do not follow the traditional Domino model and you use Domino Off-Line Services with IBM Lotus Quickr, you must use qpconfig.xml settings to translate users' names into a format that Domino recognizes, and then translate those names back into their original LDAP format.
Parent topic: Setting up Lotus Quickr for offline use (optional)
Previous topic: Creating an Offline Security Policy document
Next topic: Configuring offline use for specific environments
How to configure translation
About this task
To translate distinguished names, you use the name_translation element in the offline element of the qpconfig.xml file to create name translation rules. Translation rules typically contain text strings with symbols that are used to match text patterns. Translation rules are specified in the <translate> element. The following example of translation rules in the qpconfig.xml file translate distinguished names that follow this pattern "uid=value
/ou=bluepages/o=ibm.com" into the Domino-style name "CN=value
/O=ibm_com." The two <translate> elements contain the rules. The "from" and "to" attributes within the <translate> elements contain regular expressions, for example, "uid=(.+)/c=(.+)/ou=bluepages/o=ibm\.com." The regular expressions contain symbols, for example, (.+) and \:
<translate from="uid=(.+)/c=(.+)/ou=bluepages/o=ibm\.com" to="CN=\1/OU=bluepages_\2/O=ibm_com" />
<translate from="CN=(.+)/OU=bluepages_(.+)/O=ibm_com" to="uid=\1/c=\2/ou=bluepages/o=ibm.com" />
You create rules for translating LDAP names to Domino names within the <from_directory_name> elment. You specify each LDAP name attribute in the "from" attribute, using symbols to account for any possible value the attribute might have. For example, the (.+) symbol means "one or more occurrences of any character." In the preceding sample, this accounts for any value the "uid" and "c" attributes might have. You also use symbols to translate syntax that otherwise might be interpreted as a special character. For example, the \ symbol turns off the special meaning of the character which follows. Without this symbol in "o=ibm\.com," the dot (".") would be interpreted by its special character meaning, which is "match any single character."
The "to" attribute specifies Domino attributes using symbols to match values from the LDAP attributes and to arrange them in a way Domino recognizes. For example, the symbol \1 means "whatever matched the first regular expression." So, the CN attribute's value will match the first regular expression (.+) found in the "from" attribute. In the same way, the symbol \2 means "whatever matched the second regular expression." So, the OU value will be the explicitly stated "bluepages_" plus the second regular expression (.+), which in this case is the value of the country, or "c", attribute. The O attribute is explicitly stated. You can have up to nine regular expressions in one rule.
You create rules for translating Domino names back to LDAP names within the <to_directory_name> element using the same method.
The preceding translation rules result in the following example translations:
Table 1. Example translations
|LDAP directory name||Domino name|
|uid=Joe User/c=us/ou=bluepages/o=ibm.com||CN=Joe User/OU=bluepages_us/O=ibm_com|
|uid=Nils Nilsen/c=dk/ou=bluepages/o=ibm.com||CN= Nils Nilsen/OU=bluepages_dk/O=ibm_com|
Notice that the regular expressions accommodate the country, or "c," code. There is no need to have a separate translation rule for each country code because they can be captured by a (.+) expression, and then inserted anywhere in the translated name with a \[number] expression.
The LDAP names specified in from_directory_name and to_directory_name must exactly match the case that is used for the names in the LDAP directory. The attributes of the Domino-style names specified in from_directory_name and to_directory_name (CN, OU, O, or O) must be uppercase.
Table of expressions
About this task
There are many symbols that can be used in regular expressions, but only a few are useful for the purpose of translating a non-conforming LDAP name to a Domino name. The following table lists of these symbols, with examples that show how they match a particular LDAP name. All of the examples shown here will match the LDAP distinguished name "uid=Joe User/c=us/ou=People1/o=org.com." The symbols described are in bold text in the examples:
Table 2. Table of expressions
|(.+)||Represents one or more occurrences of any character.||uid=(.+)/c=(.+)/ou=bluepages/o=ibm\.com|
|\1, \2, \3, etc.||\1 represents a match with the first regular expression; \2 represents a match with the second regular expression, and so on. Up to 9 regular expressions may be used in one rule.||CN=\1/OU=bluepages_\2/O=ibm_com|
|\c||Turns off the meaning of any special character 'c'.||uid=Joe User/c=us/ou=People1/o=org\.com|
|.||Matches any single character.||uid=Joe User/c=us/ou=People./o=org|
|[...]||Matches any of the enclosed characters.||uid=Joe User/c=us/ou=People/o=org|
|[^...] ||Matches any character that is not enclosed.||uid=Joe User/c=us/ou=People[^2-9]/o=org|
|n-n||Matches any character in this range.||uid=Joe User/c=us/ou=People[0-9]/o=org[._]com|
|*||Matches any number (zero or more) of the preceding character or bracketed expression.||uid=Joe U.*/c=us/ou=People1/o=org\.com|
|+||Matches one or more of the preceding character or bracketed expression.||uid=Joe [A-Za-z]+/c=us/ou=People1/o=org\.com|
|(regexp)||Delineates a regular expression so that it can be used in the replacement string (the "to" string in <translate>).||uid=Joe User/c=(.+)/ou=People1/o=org\.com|