Tom Duff and I had the privilege of speaking at Lotusphere 2012 on one of our favorite topics – Tivoli Directory Integrator. This year we chose to do a Best Practices session rather than a Show and Tell session, so at least for me, the BP session felt like speedgeeking as we had tons of content to fit into an hour!
Afterwards, we had some interesting questions and discussions about how to use TDI. There are so many different ways you can use this product, and when you get a bunch of nerds together to formulate some solutions – the sky’s the limit!
Here’s our slide deck. Be sure to drop either Tom or myself an email if you have a question about TDI. We’ll do our best to point you in the right direction!
I know everyone is excited about the release of Notes/Domino 8.5.3. And there is lots of information to digest regarding features and requirements.
One good bit of news I don’t want you to miss – is the entitlement for Tivoli Directory Integrator! If you were keeping up, there were some licensing changes in 8.5.2 that limited the version of TDI and what types of data you could move with an assembly line.
However, that’s all changed with 8.5.3. Check out the licensing info regarding what product entitlement included with your license of a Domino Enterprise Server.
There has been some interesting discussion over the past couple of days about Domino Directory Independence. Domino “directory independence” would allow information now stored in the Domino person documents to be stored in another directory such as third party LDAP or Active Directory. I had quickly responded to the discussion with the recent presentations that Gabriella Davis and Tom Duff and myself had made at IAMLUG that were somewhat directory related – including a session that described how to use another directory for authentication without requiring the HTTP password in the Domino Directory, and the use of Tivoli Directory Integrator to update data in either the Domino Directory or an LDAP directory.
But I’ve been doing some further thinking about this. Why would you want to store person data in Active Directory? What exactly is in the Person document? Have you looked under its hood? Are there attributes available in Active Directory that would match one for one those that are currently used in the Person document? Well the answer is no. Having done a fair bit of TDI connectivity between Domino and LDAP, I’ve come to realize that you either have to task existing attributes for Domino that aren’t being used by Active Directory, or you need to add them. Do you know how to add them? Do you have an LDAP or Active Directory expert in your environment? Is Active Directory stable? What if you don’t want to depend on Active Directory? What if you want to move to the cloud?
Okay, so what if all those attributes were available? Then yes, using LDAP or Active Directory as your primary directory might make more sense. As the linkages for desktop policies and mail routing and ACL’s, etc., etc., would be easier to recreate. But again, stop and think about it a moment. They don’t currently exist, so building them is a huge project. Do we as customers really get the most out of something like Directory Independence versus being able to use Active Directory or LDAP for authentication for Domino, or being able to customize the Domino Directory easily and quickly, when precious IBM development resources can be used to fix existing problems or coming up with an entirely new solution?