5.9 Move/Rename

Move and Rename events are not supported in the default configuration. However, you can synchronize a Move or Rename event in Notes across the Publisher channel and into the Identity Vault if you modify the default Schema Map and the default Publisher Filter, and add a policy.

In addition, you can synchronize a Move or Rename event on the Subscriber channel, enable AdminP support, and add policies that provide the necessary attributes.

5.9.1 Subscriber Channel

Moving a User

  1. Make sure you have reviewed Section 5.9.3, Considerations for Using AdminP.

  2. Make sure you have turned on support for the AdminP process by adding the following parameter to the Subscriber Options in the driver parameters:

    <allow-adminp-support display-name="Allow Domino AdminP Support">True</allow-adminp-support>
    

    See Allow Domino AdminP Support in Section 5.4.2, Subscriber Options.

  3. Create driver policies that add the following attributes to the Move event:

    • The certifier name of the destination certifier in Notes.

    • The certifier ID and a password for the destination certifier in Notes (the certifier that the user is going to)

    • The old certifier ID and password for the source certifier in Notes (the certifier that the user is coming from)

    A sample of a command to the driver shim that moves a user is included in Section D.3, Sample for Moving a User.

Modifying a User Name in eDirectory (a Rename Event in Notes)

When a user's given name, middle initial, or surname changes in eDirectory, this event can cause the Rename of an object in Lotus Notes. If AdminP support is enabled, you can perform the Rename in Notes.

  1. Make sure you have reviewed Section 5.9.3, Considerations for Using AdminP.

  2. Make sure you have turned on support for the AdminP process by adding the following parameter to the Subscriber Options in the driver parameters:

    <allow-adminp-support display-name="Allow Domino AdminP Support">True</allow-adminp-support>
    

    See Allow Domino AdminP Support in Section 5.4.2, Subscriber Options.

  3. Create driver policies that provide the correct certifier and password for the Notes user that is being renamed.

    If a certifier and password are not specified in the event, the default certifier and password specified in the driver parameters are used.

    A sample of a command to the driver shim that renames a user is included in Section D.2, Sample for Renaming: Modifying a User Last Name.

Renaming a Group

If AdminP support is enabled, you can rename groups. Rename events from eDirectory for groups do not require you to create any additional driver policies.

Rename events from eDirectory can be applied only to group objects in Notes. (For users, the driver shim uses an appropriate modify event to rename a user in Notes, as described in Modifying a User Name in eDirectory (a Rename Event in Notes).)

  1. Make sure you have reviewed Section 5.9.3, Considerations for Using AdminP.

  2. Make sure you have turned on support for the AdminP process by adding the following parameter to the Subscriber Options in the driver parameters:

    <allow-adminp-support display-name="Allow Domino AdminP Support">True</allow-adminp-support>
    

    See Allow Domino AdminP Support in Section 5.4.2, Subscriber Options.

5.9.2 Publisher Channel

To enable the one-way object move/rename synchronization:

  1. Modify the schema mapping to map eDirectory Full Name to Notes FullName.

  2. Enable the Full Name attribute in the Publisher filter.

  3. Make sure that the Full Name attribute in the Subscriber filter is not enabled.

  4. Make sure that the Public/Private AB setting is Yes in the driver configuration parameters. Public/Private AB setting is same as the “is-directory” driver parameter, see Table 5-1 for more information.

  5. Use a policy in your driver configuration like the one described in Section 5.1, Determining eDirectory Object Placement When a Notes Object is Moved.

After these modifications have been made, ndsrep detects changes to FullName. Because FullName contains both name and location information in a single attribute, ndsrep cannot distinguish between a Move and a Rename. Therefore, a change to FullName initiates both a Move and a Rename event to be synchronized into eDirectory.

5.9.3 Considerations for Using AdminP

AdminP support provides several new features, but to use them effectively you must keep in mind the following:

  • You need to have an understanding of AdminP and of Notes administration.

  • A success message returned to the driver for an AdminP request means only that the request was successfully received by AdminP, not that it was completed successfully.

  • AdminP requests made by the driver are not completed until AdminP attempts the action. The timing depends on the configuration of the Administration Process by the Notes administrator, the Domino server network, and the complexity of the action requested.

  • Some AdminP requests require manual approval by the Notes administrator before they are completed.

  • AdminP requests typically include the FullName of the Notes user (or ListName for a group). The driver sends requests based on the FullName of the user at the time the request was initiated, but AdminP does not necessarily complete the request immediately, and other requests that affect the FullName of the same user object might be waiting to be processed. If the FullName of the user is changed by a request, a subsequent request might fail because AdminP can't find the user.

    For example, consider this scenario:

    • You send a request from the driver to change a user's first name in Notes, and you use the AdminP feature to also rename the user object (changing FullName).

    • You immediately send a second request from the driver to change the same user's last name in Notes and also rename the user object (changing FullName).

    Both requests are received by AdminP. Both requests refer to the user with the same FullName. At midnight, AdminP begins processing the requests. The first one succeeds. However, the second one fails because the FullName was changed by the first request.

To help you use AdminP effectively, the following features are provided: