The driver requires an account to access the Lotus Notes system. It also requires a Deny Access group to exist in the Lotus Notes system.
Create a Lotus Notes user account to be used exclusively by the driver. Do the following when you create the account:
Assign manager-level ACL access to the target Notes database (usually names.nsf), the output database (ndsrep.nsf) created by ndsrep, and certlog.nsf.
If you are synchronizing information from the Identity Vault to the Notes database (names.nsf), give the user all ACL roles (GroupCreator, GroupModifier, NetCreator, NetModifier, PolicyCreator, PolicyModifier, PolicyReader, ServerCreator, ServerModifier, UserCreator, UserModifier).
Assign access rights to the user account’s certifier ID file.
Assign access rights to the certifier ID files for the Notes certifiers that you want the driver to create users for.
(Optional) If you want the driver to be able to create new user certifier ID files, assign file access rights to the location where you want the driver to create the files.
If a Deny Access group doesn’t already exist, create this group by using the Lotus Domino Administrator tool.
This group is used to hold disabled user accounts.
The installation procedure should take care of Universal ID issues. If you are having problems with Universal IDs, see Section 7.2.1, Creating Lotus Notes Accounts and Groups.