SlideShare ist ein Scribd-Unternehmen logo

Lotusphere 2007: ID204 - Take Control of Your IBM Lotus Domino Directory Infrastructure with Lotus Domino 8!

Ken Lin
Ken Lin

Where are your directory pain-points? It can be time consuming to configure, deploy and maintain a corporate directory infrastructure. In this session we'll cover the new Lotus Domino 8 directory features that will enable you to accomplish these tasks. We'll highlight Directory Lint, the new verification tool that enables admins to check directory integrity and suggest corrections. By popular demand, Directory Assistance now guides you through LDAP connection configuration and we'll show you how. Is your Lotus Domino LDAP server performance suffering? New LDAP statistics identify slow performing search patterns that your applications are sending. Last but not least, we'll touch on how tracing can help you better troubleshoot the root cause of an issue. http://kenlin.com

TechnologieBusiness
1 von 60
Downloaden Sie, um offline zu lesen
® ID204: Take Control of Your IBM Lotus Domino Directory Infrastructure with Lotus Domino 8! Josh Burchard IBM Software Group Domino Directory Team Ken Lin IBM Software Group Domino Directory Team
® Agenda NameLookup Logging Improvements Directory Lint Directory Assistance LDAP Helpers Domino LDAP Server Performance
® NameLookup Logging Improvements Getting to the root of the problem
Improved NameLookup Logging: Finer Granularity NAMELookup logging has been streamlined: debug_namelookup=1: will continue to supply information as it always has From the console: set config debug_namelookup=1 NAMELookup::<Lookup> PID:TID ( 42C: 7B) start of routine NAMELookup::<lookup> Searching name='Terri' (1 of 1 names). NAMELookup::<lookup> Searching view='$Users' (1 of 1 views). NAMELookup::<lookup> Searching DBIndex=1. NAMELookup::<lookup> from cache took 0 msecs NAMELookup::<lookup> NumReturned=1, TotalNumReturned=1 match(es) for name='Terri' NAMELookup::<NextNameDatabase> DAResolveDomain found 2 directories: TESTDIR1,NEWDIR2. NAMELookup::<NextNameDatabase> looking for directory TESTDIR1 in OPEN_NAME_COLLECTION queue for NRPC Clients. NAMELookup::<NextNameDatabase> Found directory TESTDIR1 in OPEN_NAME_COLLECTION queue, DBIndex=2. NAMELookup::<NAMELookUpDiskLookup> name='Terri' was found '1' match(es) in domain='TESTDIR1' NAMELookup::<lookup> NumReturned=1, TotalNumReturned=1 match(es) for name='Terri' NAMELookup::<lookup> DBIndex=1 specified, search is over! debug_namelookup=2: “Search mode”. Less verbosity
Improved NameLookup Logging: Finer Granularity debug_namelookup=16: enables you to see LDAP Gateway logging NAMELookup::<lookup> Searching name='Josh' (1 of 1 names). NAMELookup::<lookup> Searching view='$Users' (1 of 1 views). NAMELookup::<lookup> Searching DBIndex=3. NAMELookup::<NAMELookupDiskLookup> name='Josh', view='$Users', domain='NEWDIR2, db=3 01/05/2007 03:17:06.53 PM [042C:007B-1530] NAMELookup::<LDAP GW> Searching LDAPhost='[121.121.121.99]:389' anonymously, msgid='13'... 01/05/2007 03:17:06.53 PM [042C:007B-1530] NAMELookup::<LDAP GW> Attr: fullname 01/05/2007 03:17:06.53 PM [042C:007B-1530] NAMELookup::<LDAP GW> Attr: CN 01/05/2007 03:17:06.53 PM [042C:007B-1530] NAMELookup::<LDAP GW> Attr: objectClass 01/05/2007 03:17:06.53 PM [042C:007B-1530] NAMELookup::<LDAP GW> Base: 01/05/2007 03:17:06.53 PM [042C:007B-1530] NAMELookup::<LDAP GW> Scope: 2 01/05/2007 03:17:06.53 PM [042C:007B-1530] NAMELookup::<LDAP GW> Filter: (|(cn=Josh)(uid=Josh) (sn=Josh)(givenname=Josh)(mail=Josh)) 01/05/2007 03:17:06.53 PM [042C:007B-1530] NAMELookup::<LDAP GW> Timeout: 60 secs 01/05/2007 03:20:50.14 PM [042C:007B-0668] NAMELookup::<LDAP GW> ldap_search returned matched DN='CN=Josh Thornton/O=Bruins' 01/05/2007 03:20:50.14 PM [042C:007B-0668] NAMELookup::<LDAP GW> Return buffer was added ok. NAMELookup::<NAMELookUpDiskLookup> name='Joe Thornton' was found '1' match(es) in domain='NEWDIR2' NAMELookup::<lookup> NumReturned=1, TotalNumReturned=4 match(es) for name='Josh Thornton'
® Directory Lint (AKA DirLint) Problems with directory integrity can be hard to diagnose and remedy
Background: “Directory Lint” - What a weird name C/C++ programmers can probably nap through this slide “Lint” is commonly known as a program that can verify the integrity of C code by: Flagging suspicious elements that some pre-configured logic thinks may turn out to be bugs “Lint” Itself came from, “the name of the undesirable bits of fiber and fluff found in sheep's wool” “IBM Lotus Domino Directory Name Fixer-Upper” wasn't too catchy Lint programming tool. (2006, November 13). In Wikipedia, The Free Encyclopedia. Retrieved 15:55, December 21, 2006, from http://en.wikipedia.org/w/index.php?title=Lint_programming_tool&oldid=87512453
So what does this DirLint thing do?
Overview: Directory Lint A tool that can be used to provide you with Domino directory integrity Reports inconsistencies in Domino directory naming hierarchy Gives a heads-up about invalid syntax in Domino directory names that can vex search and login attempts Scans group member lists to ensure each member exists in an available Directory Assistance configured directory 8.0’s DirLint is just the beginning! More exciting stuff to come in future revs!
And how does DirLint do it?
DirLint: The basic flow… straightforward. You specify one or more Domino directory databases to scan DirLint runs tests against the given directories An XML report is generated that flags possible issues
Hold on a second! Q: I know there’s this thing in Domino called Domino Domain Monitoring (DDM) that flags issues… so why an XML report? A1: We wanted to roll out this first rev of DirLint and get it in your hands as soon as possible A2: Don’t fret! While it might not be in this revision, DDM integration is coming down the pike! Oh, all that and we’ll get you started using the XML report by making an XSLT tool available for you online Now, back to what DirLint actually does
Scan Directory Hierarchy Using the Domino Registration Process will keep your directory crisp and clean Also, adding new entries to Domino through LDAP is safe BUT! Notes client, Registration-bypassing, name adds may leave hierarchy gaps For example: You add “cn=Jane Dough/ou=OurOrganizationalUnit/o=IBM” You didn't add a document for “ou=OurOrganizationalUnit”... not such a big deal in Domino However, searches in LDAP may fail Directory Lint will report these types of errors and let you choose what to fix
Sounds a lot like VerifyDIT, to me You caught me! VerifyDIT was extended to work with DirLint and: Be a kinder, gentler incarnation Report changes, not just arbitrarily modify your directory Now, you can SEE what will happen if you run the classic VerifyDIT on your directory BEFORE changes are made You still have the choice of running the classic VerifyDIT whenever you want
OK, what else? Invalid DN Syntax Again, using Domino Registration (it’s a great tool) you shouldn’t need to worry BUT special “escaped” characters can creep into your directory names in multiple ways: Special LDAP chars added through Notes Example: You were thinking LDAP-style (comma delimited) while typing in: cn=Josh Burchard,o=IBM – You really wanted: “cn=Josh Burchard/o=IBM” in Domino – You get: “cn=Josh Burchard,o=IBM/o=MYDOMAIN” – Everything, including commas is your entire CN!
Invalid DN Syntax Names added via Domino LDAP before 7.0 Example using the special ‘+’ character: – The LDAP DN CN=This+That,OU=West,O=Acme should be converted to Notes DN CN=This"+"That/OU=West/O=Acme. – However, previous revisions did not correctly escape the + (plus) character with double-quotes, resulting in a Notes DN (CN=This+That/OU=Westford/O=Acme) that appears to have a multi-valued RDN. – Oops! Custom programs that bypass syntax checking and write directly to a directory database
Special Characters – Risky Business? Our translation routines can only be so clever, and special chars that sneak into the Domino directory may not translate to LDAP the way you expect and vice versa Can cause problems when searching for names Can cause problems when trying to log in with an LDAP-style name to use a Domino web resource
Special Characters – The Li’l Translation List The following characters need special handling when present in an LDAP DN less than character < greater than character > semicolon character ; comma character , (within a name, not being used as separator) plus sign character + double quote character “ backslash character equal sign = A space or # character occurring at the beginning of the string A space character occurring at the end of the string Find more about this general topic here: Domino 7.0 Release notes http://www-12.lotus.com/ldd/doc/domino_notes/7.0/readme.nsf Navigate to: Domino Server->About this release->New in this release->New enhancements->LDAP special characterhandling
Special Characters - How DirLint can Help Scans the names in your directory to find out if the special chars from the chart are embedded Reports them to you and gives you the choice to decide what to keep as-is and what to change
PRESENTATION DEMO WILL BE RECORDED AND PROVIDED ONLINE
Group Member Craziness Problems can arise whenever human input is involved - group membership lists are no exception Inserting typos in otherwise valid names Totally invalid and non-existent names Etc. But even correctly entered names that exist today may go away tomorrow!
Group Members - What do I do? Use Domino Registration when removing things that may be group members, and you'll be ok Run DirLint! DirLint will scan your group member lists and ensure names exist in a directory available through Directory Assistance
PRESENTATION DEMO WILL BE RECORDED AND PROVIDED ONLINE
Cool! How do I get started? Simple! Type: “load dirlint -?” at the Domino server's console command line to get an overview of all the commands, options and tests DirLint offers to give you control over directory integrity!
PRESENTATION DEMO WILL BE RECORDED AND PROVIDED ONLINE
® Directory Assistance LDAP Helpers How Do I Integrate My Other LDAP Server Into Domino Directory Services?
Directory Assistance / Secondary LDAP Directories A way for your Notes applications to achieve … Internet Authentication Group Authorization Mail Addressing, etc. to secondary directories
Directory Assistance LDAP Tab
Suggest - Hostname DNS SRV records Per RFC 2782 (Active Directory automatically does this) Server’s DNS suffix
Suggest - Base DN for Search Domino LDAP servers return empty search base, denoting the root
Suggest - Type Of Search Filter Domino LDAP (8.0) – dominoAccessGroups for group authorization IBM Directory Server (8.0) – ibm-allGroups for group authorization Active Directory (7.0/6.5.5) – memberOf for group authorization
Verify - Optional Credentials
Verify - Notes DN Attribute
Review Simplifies successful DA/LDAP configurations by suggesting and immediately testing settings Suggest buttons are great for configuring DA/LDAP connections for the first time Verify buttons are great for re-testing existing DA/LDAP connection configurations
® Domino LDAP Search Performance What To Do When Someone Tells You LDAP Is Slow
Two Step Approach 1. Identify - How do you determine what’s slow? Previously, set LDAPDEBUG=1 in Notes.ini to see LDAP server traces Previously, turn on LDAP Activity Logging Now, see LDAP.Search.Longest Statistics 2. Remedy - How do you improve slow searches? Adjust the Domino LDAP server Adjust the LDAP client application
® 1. Identify How do you determine what’s slow?
LDAPDEBUG=1 Peeks into Domino LDAP Server 01:12:56.00 PM LDAP> ***** Start search request processing ***** 01:12:56.00 PM LDAP> Scope: SUBTREE 01:12:56.00 PM LDAP> Dereference Aliases: 0 01:12:56.00 PM LDAP> TimeLimit: 15 01:12:56.00 PM LDAP> SizeLimit: 0 01:12:56.00 PM LDAP> Attributes to return: ALL 01:12:56.00 PM LDAP> Base: o=klint42p 01:12:56.00 PM LDAP> Filter: (|(cn=ken lin)(givenname=ken lin) (sn=ken lin)(uid=ken lin)(mail=ken lin)) 01:12:56.00 PM LDAP> *** Searching in database c:dominodatanames.nsf... 01:12:56.00 PM LDAP> Type of search: View Search 01:12:56.00 PM LDAP> ... Searching view ($LDAPCN) for match on cn = ken lin 01:12:56.01 PM LDAP> ... Searching view ($LDAPG) for match on givenname = ken lin 01:12:56.01 PM LDAP> ... Searching view ($LDAPS) for match on sn = ken lin 01:12:56.01 PM LDAP> ... Searching view $Users for match on uid = ken lin 01:12:56.01 PM LDAP> ... Searching view $Users for match on mail = ken lin 01:12:56.01 PM LDAP> GetSearchEntry State 01:12:56.01 PM LDAP> Found matching entry, Note ID: 4942 01:12:56.01 PM LDAP> SendSearchEntry, sending entry CN=Ken Lin,O=klint42p 01:12:56.01 PM LDAP> GetSearchEntry State 01:12:56.01 PM LDAP> Search State 01:12:56.01 PM LDAP> Search State 01:12:56.01 PM LDAP> ***** Count of search entries returned (total): 1 ***** 01:12:56.01 PM LDAP> Return Result State (Search operation) 01:12:56.01 PM LDAP> StateReturnResult returning resultCode 0 (Success)
Approaches Previous approaches are laborious 1. Turn on LDAPDEBUG=1 Tracing or Activity Logging 2. Restart LDAP server 3. Resend LDAP traffic 4. Analyze lots and lots of data 5. Remedy 6. Repeat steps 2-5 until satisfied 7. Turn off tracing or logging 8. Resume normal LDAP application operation New LDAP.Search.Longest Domino statistics (since 7.0.2) 1. SHOW STAT LDAP 2. Analyze just a few statistics 3. Remedy No digging through lots of traces! No down time! No recreating LDAP traffic - these stats always maintained!
LDAP.Search.Longest Statistics > show stat ldap LDAP.Average LDAP Search time = 0.013 LDAP.Longest LDAP Search request = Base: , Filter: (&(objectclass=groupofnames) (member=cn=ken lin,o=klint42p)), Scope: 2, Entries Found: 1 LDAP.Longest LDAP Search time = 0.06 LDAP.Search.Longest.AverageTime.01 = LDAP.Search.Longest.AverageTime.02 = LDAP.Search.Longest.AverageTime.03 = LDAP.Search.Longest.AverageTime.04 = LDAP.Search.Longest.Count.01 = LDAP.Search.Longest.Count.02 = LDAP.Search.Longest.Count.03 = LDAP.Search.Longest.Count.04 = LDAP.Search.Longest.Entries.01 = LDAP.Search.Longest.Entries.02 = LDAP.Search.Longest.Entries.03 = LDAP.Search.Longest.Entries.04 = LDAP.Search.Longest.Pattern.01 = LDAP.Search.Longest.Pattern.02 = LDAP.Search.Longest.Pattern.03 = LDAP.Search.Longest.Pattern.04 = o=klint42p??sub?(location=%v)?timelimit=15 o=klint42p??sub?(|(cn=%v)(givenname=%v) (sn=%v)(uid=%v)(mail=%v))?timelimit=15 o=klint42p??sub?(dominounid=%v)?timelimit=15 ??sub?(&(objectclass=%v)(member=%v))? timelimit=15 0.023 0.014 0.01 0.008 29 30 30 30 29 30 30 30
Decoding LDAP.Search.Longest.Pattern basedn - where to start searching o=klint42p ? ? sub ? (location=%v) ? timelimit=15 Modeled after part of RFC 4516 - LDAP URL ldap://host:port/basedn?attributes?scope?filter?extensions attributes - to return scope - relative to basedn (base, subtree, onelevel) filter - %v is user-supplied value extensions - from client
LDAP URLs in Your Browser
LDAP.Search.Longest Statistics It is often the search pattern, not every search instance, that determines the overall efficiency of the Domino LDAP search. LDAP applications search by reusing a limited set of search patterns, but with different values. LDAP applications allow their administrators to customize the search patterns used. Directory Assistance – LDAP “Type of search filter to use” Sametime – stconfig.nsf LDAPServer document’s “search filters” Portal – wmm.xml configuration file The new LDAP.Search.Longest Domino statistics reveal the search patterns ordered by slowest average times. Since the LDAP server does not have to record tremendous volumes of individual searches, the LDAP.Search.Longest statistics are always available and does not require a “debug” mode.
® 2. Remedy How do you improve slow searches?
How Domino LDAP Server Searches View Search For attributes in Pubnames.ntf view indices Full Text Search For attributes not in Pubnames.ntf view indices All Search For attributes not in Pubnames.ntf view indices when no FT Index present Visits every document in Domino directory Specialized Searches For group membership, modified time, Universal Note ID-based searches, etc. QR Cached Search For previously issued searches
View Search 01:12:56.00 PM LDAP> ***** Start search request processing ***** 01:12:56.00 PM LDAP> Scope: SUBTREE 01:12:56.00 PM LDAP> Dereference Aliases: 0 01:12:56.00 PM LDAP> TimeLimit: 15 01:12:56.00 PM LDAP> SizeLimit: 0 01:12:56.00 PM LDAP> Attributes to return: ALL 01:12:56.00 PM LDAP> Base: o=klint42p 01:12:56.00 PM LDAP> Filter: (|(cn=kenFilter: (|(cn=kenFilter: (|(cn=kenFilter: (|(cn=ken lin)(givennamelin)(givennamelin)(givennamelin)(givenname=ken=ken=ken=ken linlinlinlin)))) (sn=ken(sn=ken(sn=ken(sn=ken lin)(uidlin)(uidlin)(uidlin)(uid=ken=ken=ken=ken lin)(maillin)(maillin)(maillin)(mail=ken=ken=ken=ken linlinlinlin)))))))) 01:12:56.00 PM LDAP> *** Searching in database c:dominodatanames.nsf... 01:12:56.00 PM LDAP> Type of search: View SearchType of search: View SearchType of search: View SearchType of search: View Search 01:12:56.00 PM LDAP> ... Searching view ($LDAPCN) for match on cn = ken lin 01:12:56.01 PM LDAP> ... Searching view ($LDAPG) for match on givenname = ken lin 01:12:56.01 PM LDAP> ... Searching view ($LDAPS) for match on sn = ken lin 01:12:56.01 PM LDAP> ... Searching view $Users for match on uid = ken lin 01:12:56.01 PM LDAP> ... Searching view $Users for match on mail = ken lin 01:12:56.01 PM LDAP> GetSearchEntry State 01:12:56.01 PM LDAP> Found matching entry, Note ID: 4942 01:12:56.01 PM LDAP> SendSearchEntry, sending entry CN=Ken Lin,O=klint42p 01:12:56.01 PM LDAP> GetSearchEntry State 01:12:56.01 PM LDAP> Search State 01:12:56.01 PM LDAP> Search State 01:12:56.01 PM LDAP> ***** Count of search entries returned (total): 1 ***** 01:12:56.01 PM LDAP> Return Result State (Search operation) 01:12:56.01 PM LDAP> StateReturnResult returning resultCode 0 (Success) Simplify!
View Searches ($LDAPRDNHier)(objectClass=*)base ($ServerAccess)(&(member=%v) (objectclass=groupOfNames)) ($Users) if found in InternetAddress; otherwise also FT Search MailAddress (mail=%v) ($Users)(displayName=%v) new in 7.0.2 ($Users)(uid=%v) ($LDAPG)(givenName=%v) ($LDAPS)(sn=%v)onelevel ($LDAPCN)(cn=%v)subtree, ViewFilter AttributesScope
Query Results Cache’d Search ***** Start search request processing ***** Scope: SUBTREE Dereference Aliases: 0 TimeLimit: 15 SizeLimit: 0 Attributes to return: ALL Base: o=klint42p Filter: (|(cn=kenFilter: (|(cn=kenFilter: (|(cn=kenFilter: (|(cn=ken lin)(givennamelin)(givennamelin)(givennamelin)(givenname=ken=ken=ken=ken linlinlinlin)))) (sn=ken(sn=ken(sn=ken(sn=ken lin)(uidlin)(uidlin)(uidlin)(uid=ken=ken=ken=ken lin)(maillin)(maillin)(maillin)(mail=ken=ken=ken=ken linlinlinlin)))))))) Found entry in LDAP QR Cache.Found entry in LDAP QR Cache.Found entry in LDAP QR Cache.Found entry in LDAP QR Cache. ***** Count of search entries returned (total): 1 ***** Return Result State (Search operation) StateReturnResult returning resultCode 0 (Success)
Fallback To All Search ***** Start search request processing ***** Scope: SUBTREE Dereference Aliases: 0 TimeLimit: 15 SizeLimit: 0 Attributes to return: ALL Base: o=klint42p Filter: (location=Filter: (location=Filter: (location=Filter: (location=wchwchwchwch)))) *** Searching in database c:dominodatanames.nsf... Type of search: FT SearchType of search: FT SearchType of search: FT SearchType of search: FT Search ... No FT index was found... No FT index was found... No FT index was found... No FT index was found ... Fallback to All Search... Fallback to All Search... Fallback to All Search... Fallback to All Search ... Getting entries in ($LDAPRDNHier) GetSearchEntry State Found matching entry CN=Ken Lin/O=klint42p (NoteID: 4942) SendSearchEntry, sending entry CN=Ken Lin,O=klint42p GetSearchEntry State Search State Search State ***** Count of search entries returned (total): 1 ***** Return Result State (Search operation) StateReturnResult returning resultCode 0 (Success) LDAP Server: You should full text index Domino directory names.nsf on klint42p/klint42p to improve search performance for filters like '(location=x)' Full Text Index!
DDM – Directory: LDAP
Full Text Search ***** Start search request processing ***** Scope: SUBTREE Dereference Aliases: 0 TimeLimit: 15 SizeLimit: 0 Attributes to return: ALL Base: o=klint42p Filter: (location=Filter: (location=Filter: (location=Filter: (location=wchwchwchwch)))) *** Searching in database c:dominodatanames.nsf... Type of search: FT SearchType of search: FT SearchType of search: FT SearchType of search: FT Search FT Query: ([$$O] Contains ("klint42p")) AND (([location] Contains ("wch"))) Type of search: Modified Since FT SearchType of search: Modified Since FT SearchType of search: Modified Since FT SearchType of search: Modified Since FT Search GetSearchEntry State Found matching entry, Note ID: 4942 SendSearchEntry, sending entry CN=Ken Lin,O=klint42p GetSearchEntry State Search State Search State ***** Count of search entries returned (total): 1 ***** Return Result State (Search operation) StateReturnResult returning resultCode 0 (Success)
Group Membership and dominoAccessGroups If you see many search patterns like this … ??sub?(&(objectclass=%v)(member=%v)) the application may be attempting to performing many series of nested group membership searches e.g., “cn=Ken Lin,ou=Westford,o=IBM” belongs to “cn=LDAP Server Dev” belongs to “cn=Iris Directory Team” etc. For such situations, consider reconfiguring the application to use a single query to retrieve the person’s new 8.0 dominoAccessGroups attribute instead Domino Directory Assistance - LDAP Type of search filter = Domino LDAP Portal and Websphere Member Manager (WMM) -based applications groupMembershipAttributeMap = "dominoAccessGroups:nested"
Relative LDAP Search Speeds QR Cache’d Search All Search View Search Full Text Search If DDM.nsf shows a Fallback to All Search warning, Full Text Index the specified Domino directory and make sure the Update task is running. If application’s LDAP search pattern contains terms that are not indexed view fields, see if they can either be eliminated or changed to use indexed fields. If different LDAP applications use equivalent or similiar filters, evaluated if they can be made identical. e.g., Technote 1197769 – Change Websphere Portal People Finder wmm XML files from pluginAttributeName=“displayName” to pluginAttributeName=“cn” for Domino LDAP < 7.0.2 e.g., If one application uses “(|(cn=%v)(givenName=%v)(sn=%v))” and another uses “(|(cn=%v)(sn=%v)(givenName=%v))”, rearrange one to match the other
Miscellaneous Notes.ini Variables LDAPMaxLongestSearchCount - Number of sets of statistics maintained Default is LDAPMaxLongestSearchCount = 20 LDAPMaxLongestSearchCount = 0 turns off collection LDAPMaxLongestSearchCount = 50 is maximum In general, too many statistics will slow down Domino LDAPMinLongestSearchTime - Searches shorter than this milisecond interval are not collected Default is LDAPMinLongestSearchTime = 100 (i.e., 0.1 sec) LDAPMinLongestSearchTime = 0 collects all searches
Review Identify the slowest searches using SHOW STAT LDAP command Available since 7.0.2! Target the slowest search patterns that have the highest count Check the DDM Directory events for Full Text Index recommendations Remedy performance … Domino LDAP Server: Full text index Domino directories as necessary LDAP Application: Tweak the application’s search filters so … View searches are used Complexity of the search filter is reduced – Can you remove terms? – Can you use dominoAccessGroups for group membership searches?
® Closing
See Also ID207: IBM Lotus Domino 8 Directory Deployment to Address TCO SW 3-4, Monday 11:00-12:00 8.0 directory features Directory roadmap BOF305: IBM Lotus Domino Directory Integration SW Macaw 1-2, Wednesday 5:45-6:45 Directory roadmap Open discussion L101: Meet the Developers Lab DL Asia 1-2 L105: Deployments, Performance and Interoperability DL Europe 3-4 Google “Domino Directory FAQ” We monitor “Notes/Domino 6 and 7 Forum” and “Business Partner Forum”
® Questions
© IBM Corporation 2007. All Rights Reserved. The workshops, sessions and materials have been prepared by IBM or the session speakers and reflect their own views. They are provided for informational purposes only, and are neither intended to, nor shall have the effect of being, legal or other guidance or advice to any participant. While efforts were made to verify the completeness and accuracy of the information contained in this presentation, it is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this presentation or any other materials. Nothing contained in this presentation is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in this presentation may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results. Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the user's job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here. All customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics may vary by customer. IBM, the IBM logo, Lotus, Lotus Notes, Notes, Domino, Domino.Doc, Domino Designer, Lotus Enterprise Integrator, Lotus Workflow, Lotusphere, QuickPlace, Sametime, WebSphere, Workplace, Workplace Forms, Workplace Managed Client, Workplace Web Content Management, AIX, AS/400, DB2, DB2 Universal Database, developerWorks, eServer, EasySync, i5/OS, IBM Virtual Innovation Center, iSeries, OS/400, Passport Advantage, PartnerWorld, Rational, Redbooks, Software as Services, System z, Tivoli, xSeries, z/OS and zSeries are trademarks of International Business Machines Corporation in the United States, other countries, or both. Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other countries, or both. Intel and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. UNIX is a registered trademark of The Open Group in the United States and other countries. Linux is a registered trademark of Linus Torbvalds in the United States, other countries, or both. Other company, product, or service names may be trademarks or service marks of others. All references to Acme, Renovations and Zeta Bank refer to a fictitious company and are used for illustration purposes only.

Empfohlen

Lotusphere 2006: ID107 - Getting Started with Active Directory Integration
Lotusphere 2006: ID107 - Getting Started with Active Directory IntegrationLotusphere 2006: ID107 - Getting Started with Active Directory Integration
Lotusphere 2006: ID107 - Getting Started with Active Directory IntegrationKen Lin
 
Domino Security - not knowing is not an option - MWLUG 2015
Domino Security - not knowing is not an option - MWLUG 2015Domino Security - not knowing is not an option - MWLUG 2015
Domino Security - not knowing is not an option - MWLUG 2015Darren Duke
 
Domino testing presentation
Domino testing presentationDomino testing presentation
Domino testing presentationdominion
 
Connections fornewbies
Connections fornewbiesConnections fornewbies
Connections fornewbiesr4ttl3r
 
Configuring Domino To Be An Ldap Directory And To Use An Ldap Directory
Configuring Domino To Be An Ldap Directory And To Use An Ldap DirectoryConfiguring Domino To Be An Ldap Directory And To Use An Ldap Directory
Configuring Domino To Be An Ldap Directory And To Use An Ldap DirectoryEdson Oliveira
 
LDAP Storage for Archetypes
LDAP Storage for ArchetypesLDAP Storage for Archetypes
LDAP Storage for ArchetypesRicado Alves
 
Deploying DAOS and ID Vault
Deploying DAOS and ID VaultDeploying DAOS and ID Vault
Deploying DAOS and ID VaultLuis Guirigay
 
DNUG HCL Domino 11 First Look
DNUG HCL Domino 11 First LookDNUG HCL Domino 11 First Look
DNUG HCL Domino 11 First Lookdaniel_nashed
 

Empfohlen

Lotusphere 2006: ID107 - Getting Started with Active Directory Integration
Lotusphere 2006: ID107 - Getting Started with Active Directory IntegrationLotusphere 2006: ID107 - Getting Started with Active Directory Integration
Lotusphere 2006: ID107 - Getting Started with Active Directory IntegrationKen Lin
 
Domino Security - not knowing is not an option - MWLUG 2015
Domino Security - not knowing is not an option - MWLUG 2015Domino Security - not knowing is not an option - MWLUG 2015
Domino Security - not knowing is not an option - MWLUG 2015Darren Duke
 
Domino testing presentation
Domino testing presentationDomino testing presentation
Domino testing presentationdominion
 
Connections fornewbies
Connections fornewbiesConnections fornewbies
Connections fornewbiesr4ttl3r
 
Configuring Domino To Be An Ldap Directory And To Use An Ldap Directory
Configuring Domino To Be An Ldap Directory And To Use An Ldap DirectoryConfiguring Domino To Be An Ldap Directory And To Use An Ldap Directory
Configuring Domino To Be An Ldap Directory And To Use An Ldap DirectoryEdson Oliveira
 
LDAP Storage for Archetypes
LDAP Storage for ArchetypesLDAP Storage for Archetypes
LDAP Storage for ArchetypesRicado Alves
 
Deploying DAOS and ID Vault
Deploying DAOS and ID VaultDeploying DAOS and ID Vault
Deploying DAOS and ID VaultLuis Guirigay
 
DNUG HCL Domino 11 First Look
DNUG HCL Domino 11 First LookDNUG HCL Domino 11 First Look
DNUG HCL Domino 11 First Lookdaniel_nashed
 
Save time by applying clean code principles
Save time by applying clean code principlesSave time by applying clean code principles
Save time by applying clean code principlesEdorian
 
Ora12154
Ora12154Ora12154
Ora12154oracle documents
 
Bp106 Worst Practices Final
Bp106 Worst Practices FinalBp106 Worst Practices Final
Bp106 Worst Practices FinalBill Buchan
 
AD303 - Extreme Makeover: IBM Lotus Domino Application Edition
AD303 - Extreme Makeover: IBM Lotus Domino Application EditionAD303 - Extreme Makeover: IBM Lotus Domino Application Edition
AD303 - Extreme Makeover: IBM Lotus Domino Application EditionRay Bilyk
 
Using OpenLDAP
Using OpenLDAPUsing OpenLDAP
Using OpenLDAPWildan Maulana
 
Office 365 DNS for Success
Office 365 DNS for SuccessOffice 365 DNS for Success
Office 365 DNS for SuccessRegroove
 
Webinar: From Frustration to Fascination: Dissecting Replication
Webinar: From Frustration to Fascination: Dissecting ReplicationWebinar: From Frustration to Fascination: Dissecting Replication
Webinar: From Frustration to Fascination: Dissecting ReplicationHoward Greenberg
 
Scaling your website
Scaling your websiteScaling your website
Scaling your websiteAlejandro Marcu
 
LDAP Integration
LDAP IntegrationLDAP Integration
LDAP IntegrationDell World
 
Optimize the obvious
Optimize the obviousOptimize the obvious
Optimize the obviousdrhenner
 
LESSON 2 - Active Directory and Domain Controller.pptx
LESSON 2 - Active Directory and Domain Controller.pptxLESSON 2 - Active Directory and Domain Controller.pptx
LESSON 2 - Active Directory and Domain Controller.pptxssuser0f6f05
 
Uklug 2014 connections dev faq
Uklug 2014 connections dev faqUklug 2014 connections dev faq
Uklug 2014 connections dev faqMark Myers
 
LSC - Synchronizing identities @ Loadays 2010
LSC - Synchronizing identities @ Loadays 2010LSC - Synchronizing identities @ Loadays 2010
LSC - Synchronizing identities @ Loadays 2010Jonathan Clarke
 
LDAP & Cocoon
LDAP & CocoonLDAP & Cocoon
LDAP & Cocoonmr.quinn
 
LSC - Synchronizing identities @ Loadays 2010
LSC - Synchronizing identities @ Loadays 2010 LSC - Synchronizing identities @ Loadays 2010
LSC - Synchronizing identities @ Loadays 2010RUDDER
 
DB2 and PHP in Depth on IBM i
DB2 and PHP in Depth on IBM iDB2 and PHP in Depth on IBM i
DB2 and PHP in Depth on IBM iAlan Seiden
 
Lotusphere 2007 AD505 DevBlast 30 LotusScript Tips
Lotusphere 2007 AD505 DevBlast 30 LotusScript TipsLotusphere 2007 AD505 DevBlast 30 LotusScript Tips
Lotusphere 2007 AD505 DevBlast 30 LotusScript TipsBill Buchan
 
User administration without you - integrating LDAP
User administration without you - integrating LDAPUser administration without you - integrating LDAP
User administration without you - integrating LDAPMongoDB
 
Pilot Tech Talk #10 — Practical automation by Kamil Cholewiński
Pilot Tech Talk #10 — Practical automation by Kamil CholewińskiPilot Tech Talk #10 — Practical automation by Kamil Cholewiński
Pilot Tech Talk #10 — Practical automation by Kamil CholewińskiPilot
 
From frustration to fascination: dissecting Replication
From frustration to fascination: dissecting ReplicationFrom frustration to fascination: dissecting Replication
From frustration to fascination: dissecting ReplicationBenedek Menesi
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 

Weitere ähnliche Inhalte

Ähnlich wie Lotusphere 2007: ID204 - Take Control of Your IBM Lotus Domino Directory Infrastructure with Lotus Domino 8!

Save time by applying clean code principles
Save time by applying clean code principlesSave time by applying clean code principles
Save time by applying clean code principlesEdorian
 
Bp106 Worst Practices Final
Bp106 Worst Practices FinalBp106 Worst Practices Final
Bp106 Worst Practices FinalBill Buchan
 
AD303 - Extreme Makeover: IBM Lotus Domino Application Edition
AD303 - Extreme Makeover: IBM Lotus Domino Application EditionAD303 - Extreme Makeover: IBM Lotus Domino Application Edition
AD303 - Extreme Makeover: IBM Lotus Domino Application EditionRay Bilyk
 
Office 365 DNS for Success
Office 365 DNS for SuccessOffice 365 DNS for Success
Office 365 DNS for SuccessRegroove
 
Webinar: From Frustration to Fascination: Dissecting Replication
Webinar: From Frustration to Fascination: Dissecting ReplicationWebinar: From Frustration to Fascination: Dissecting Replication
Webinar: From Frustration to Fascination: Dissecting ReplicationHoward Greenberg
 
LDAP Integration
LDAP IntegrationLDAP Integration
LDAP IntegrationDell World
 
Optimize the obvious
Optimize the obviousOptimize the obvious
Optimize the obviousdrhenner
 
LESSON 2 - Active Directory and Domain Controller.pptx
LESSON 2 - Active Directory and Domain Controller.pptxLESSON 2 - Active Directory and Domain Controller.pptx
LESSON 2 - Active Directory and Domain Controller.pptxssuser0f6f05
 
Uklug 2014 connections dev faq
Uklug 2014 connections dev faqUklug 2014 connections dev faq
Uklug 2014 connections dev faqMark Myers
 
LSC - Synchronizing identities @ Loadays 2010
LSC - Synchronizing identities @ Loadays 2010LSC - Synchronizing identities @ Loadays 2010
LSC - Synchronizing identities @ Loadays 2010Jonathan Clarke
 
LDAP & Cocoon
LDAP & CocoonLDAP & Cocoon
LDAP & Cocoonmr.quinn
 
LSC - Synchronizing identities @ Loadays 2010
LSC - Synchronizing identities @ Loadays 2010 LSC - Synchronizing identities @ Loadays 2010
LSC - Synchronizing identities @ Loadays 2010RUDDER
 
DB2 and PHP in Depth on IBM i
DB2 and PHP in Depth on IBM iDB2 and PHP in Depth on IBM i
DB2 and PHP in Depth on IBM iAlan Seiden
 
Lotusphere 2007 AD505 DevBlast 30 LotusScript Tips
Lotusphere 2007 AD505 DevBlast 30 LotusScript TipsLotusphere 2007 AD505 DevBlast 30 LotusScript Tips
Lotusphere 2007 AD505 DevBlast 30 LotusScript TipsBill Buchan
 
User administration without you - integrating LDAP
User administration without you - integrating LDAPUser administration without you - integrating LDAP
User administration without you - integrating LDAPMongoDB
 
Pilot Tech Talk #10 — Practical automation by Kamil Cholewiński
Pilot Tech Talk #10 — Practical automation by Kamil CholewińskiPilot Tech Talk #10 — Practical automation by Kamil Cholewiński
Pilot Tech Talk #10 — Practical automation by Kamil CholewińskiPilot
 
From frustration to fascination: dissecting Replication
From frustration to fascination: dissecting ReplicationFrom frustration to fascination: dissecting Replication
From frustration to fascination: dissecting ReplicationBenedek Menesi
 

Ähnlich wie Lotusphere 2007: ID204 - Take Control of Your IBM Lotus Domino Directory Infrastructure with Lotus Domino 8! (20)

Save time by applying clean code principles
Save time by applying clean code principlesSave time by applying clean code principles
Save time by applying clean code principles
 
Ora12154
Ora12154Ora12154
Ora12154
 
Bp106 Worst Practices Final
Bp106 Worst Practices FinalBp106 Worst Practices Final
Bp106 Worst Practices Final
 
AD303 - Extreme Makeover: IBM Lotus Domino Application Edition
AD303 - Extreme Makeover: IBM Lotus Domino Application EditionAD303 - Extreme Makeover: IBM Lotus Domino Application Edition
AD303 - Extreme Makeover: IBM Lotus Domino Application Edition
 
Using OpenLDAP
Using OpenLDAPUsing OpenLDAP
Using OpenLDAP
 
Office 365 DNS for Success
Office 365 DNS for SuccessOffice 365 DNS for Success
Office 365 DNS for Success
 
Webinar: From Frustration to Fascination: Dissecting Replication
Webinar: From Frustration to Fascination: Dissecting ReplicationWebinar: From Frustration to Fascination: Dissecting Replication
Webinar: From Frustration to Fascination: Dissecting Replication
 
Scaling your website
Scaling your websiteScaling your website
Scaling your website
 
LDAP Integration
LDAP IntegrationLDAP Integration
LDAP Integration
 
Optimize the obvious
Optimize the obviousOptimize the obvious
Optimize the obvious
 
LESSON 2 - Active Directory and Domain Controller.pptx
LESSON 2 - Active Directory and Domain Controller.pptxLESSON 2 - Active Directory and Domain Controller.pptx
LESSON 2 - Active Directory and Domain Controller.pptx
 
Uklug 2014 connections dev faq
Uklug 2014 connections dev faqUklug 2014 connections dev faq
Uklug 2014 connections dev faq
 
LSC - Synchronizing identities @ Loadays 2010
LSC - Synchronizing identities @ Loadays 2010LSC - Synchronizing identities @ Loadays 2010
LSC - Synchronizing identities @ Loadays 2010
 
LDAP & Cocoon
LDAP & CocoonLDAP & Cocoon
LDAP & Cocoon
 
LSC - Synchronizing identities @ Loadays 2010
LSC - Synchronizing identities @ Loadays 2010 LSC - Synchronizing identities @ Loadays 2010
LSC - Synchronizing identities @ Loadays 2010
 
DB2 and PHP in Depth on IBM i
DB2 and PHP in Depth on IBM iDB2 and PHP in Depth on IBM i
DB2 and PHP in Depth on IBM i
 
Lotusphere 2007 AD505 DevBlast 30 LotusScript Tips
Lotusphere 2007 AD505 DevBlast 30 LotusScript TipsLotusphere 2007 AD505 DevBlast 30 LotusScript Tips
Lotusphere 2007 AD505 DevBlast 30 LotusScript Tips
 
User administration without you - integrating LDAP
User administration without you - integrating LDAPUser administration without you - integrating LDAP
User administration without you - integrating LDAP
 
Pilot Tech Talk #10 — Practical automation by Kamil Cholewiński
Pilot Tech Talk #10 — Practical automation by Kamil CholewińskiPilot Tech Talk #10 — Practical automation by Kamil Cholewiński
Pilot Tech Talk #10 — Practical automation by Kamil Cholewiński
 
From frustration to fascination: dissecting Replication
From frustration to fascination: dissecting ReplicationFrom frustration to fascination: dissecting Replication
From frustration to fascination: dissecting Replication
 

Kürzlich hochgeladen

My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 

Kürzlich hochgeladen (20)

My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 

Lotusphere 2007: ID204 - Take Control of Your IBM Lotus Domino Directory Infrastructure with Lotus Domino 8!

  • 1.
  • 2. ® ID204: Take Control of Your IBM Lotus Domino Directory Infrastructure with Lotus Domino 8! Josh Burchard IBM Software Group Domino Directory Team Ken Lin IBM Software Group Domino Directory Team
  • 3. ® Agenda NameLookup Logging Improvements Directory Lint Directory Assistance LDAP Helpers Domino LDAP Server Performance
  • 4. ® NameLookup Logging Improvements Getting to the root of the problem
  • 5. Improved NameLookup Logging: Finer Granularity NAMELookup logging has been streamlined: debug_namelookup=1: will continue to supply information as it always has From the console: set config debug_namelookup=1 NAMELookup::<Lookup> PID:TID ( 42C: 7B) start of routine NAMELookup::<lookup> Searching name='Terri' (1 of 1 names). NAMELookup::<lookup> Searching view='$Users' (1 of 1 views). NAMELookup::<lookup> Searching DBIndex=1. NAMELookup::<lookup> from cache took 0 msecs NAMELookup::<lookup> NumReturned=1, TotalNumReturned=1 match(es) for name='Terri' NAMELookup::<NextNameDatabase> DAResolveDomain found 2 directories: TESTDIR1,NEWDIR2. NAMELookup::<NextNameDatabase> looking for directory TESTDIR1 in OPEN_NAME_COLLECTION queue for NRPC Clients. NAMELookup::<NextNameDatabase> Found directory TESTDIR1 in OPEN_NAME_COLLECTION queue, DBIndex=2. NAMELookup::<NAMELookUpDiskLookup> name='Terri' was found '1' match(es) in domain='TESTDIR1' NAMELookup::<lookup> NumReturned=1, TotalNumReturned=1 match(es) for name='Terri' NAMELookup::<lookup> DBIndex=1 specified, search is over! debug_namelookup=2: “Search mode”. Less verbosity
  • 6. Improved NameLookup Logging: Finer Granularity debug_namelookup=16: enables you to see LDAP Gateway logging NAMELookup::<lookup> Searching name='Josh' (1 of 1 names). NAMELookup::<lookup> Searching view='$Users' (1 of 1 views). NAMELookup::<lookup> Searching DBIndex=3. NAMELookup::<NAMELookupDiskLookup> name='Josh', view='$Users', domain='NEWDIR2, db=3 01/05/2007 03:17:06.53 PM [042C:007B-1530] NAMELookup::<LDAP GW> Searching LDAPhost='[121.121.121.99]:389' anonymously, msgid='13'... 01/05/2007 03:17:06.53 PM [042C:007B-1530] NAMELookup::<LDAP GW> Attr: fullname 01/05/2007 03:17:06.53 PM [042C:007B-1530] NAMELookup::<LDAP GW> Attr: CN 01/05/2007 03:17:06.53 PM [042C:007B-1530] NAMELookup::<LDAP GW> Attr: objectClass 01/05/2007 03:17:06.53 PM [042C:007B-1530] NAMELookup::<LDAP GW> Base: 01/05/2007 03:17:06.53 PM [042C:007B-1530] NAMELookup::<LDAP GW> Scope: 2 01/05/2007 03:17:06.53 PM [042C:007B-1530] NAMELookup::<LDAP GW> Filter: (|(cn=Josh)(uid=Josh) (sn=Josh)(givenname=Josh)(mail=Josh)) 01/05/2007 03:17:06.53 PM [042C:007B-1530] NAMELookup::<LDAP GW> Timeout: 60 secs 01/05/2007 03:20:50.14 PM [042C:007B-0668] NAMELookup::<LDAP GW> ldap_search returned matched DN='CN=Josh Thornton/O=Bruins' 01/05/2007 03:20:50.14 PM [042C:007B-0668] NAMELookup::<LDAP GW> Return buffer was added ok. NAMELookup::<NAMELookUpDiskLookup> name='Joe Thornton' was found '1' match(es) in domain='NEWDIR2' NAMELookup::<lookup> NumReturned=1, TotalNumReturned=4 match(es) for name='Josh Thornton'
  • 7. ® Directory Lint (AKA DirLint) Problems with directory integrity can be hard to diagnose and remedy
  • 8. Background: “Directory Lint” - What a weird name C/C++ programmers can probably nap through this slide “Lint” is commonly known as a program that can verify the integrity of C code by: Flagging suspicious elements that some pre-configured logic thinks may turn out to be bugs “Lint” Itself came from, “the name of the undesirable bits of fiber and fluff found in sheep's wool” “IBM Lotus Domino Directory Name Fixer-Upper” wasn't too catchy Lint programming tool. (2006, November 13). In Wikipedia, The Free Encyclopedia. Retrieved 15:55, December 21, 2006, from http://en.wikipedia.org/w/index.php?title=Lint_programming_tool&oldid=87512453
  • 9. So what does this DirLint thing do?
  • 10. Overview: Directory Lint A tool that can be used to provide you with Domino directory integrity Reports inconsistencies in Domino directory naming hierarchy Gives a heads-up about invalid syntax in Domino directory names that can vex search and login attempts Scans group member lists to ensure each member exists in an available Directory Assistance configured directory 8.0’s DirLint is just the beginning! More exciting stuff to come in future revs!
  • 11. And how does DirLint do it?
  • 12. DirLint: The basic flow… straightforward. You specify one or more Domino directory databases to scan DirLint runs tests against the given directories An XML report is generated that flags possible issues
  • 13. Hold on a second! Q: I know there’s this thing in Domino called Domino Domain Monitoring (DDM) that flags issues… so why an XML report? A1: We wanted to roll out this first rev of DirLint and get it in your hands as soon as possible A2: Don’t fret! While it might not be in this revision, DDM integration is coming down the pike! Oh, all that and we’ll get you started using the XML report by making an XSLT tool available for you online Now, back to what DirLint actually does
  • 14. Scan Directory Hierarchy Using the Domino Registration Process will keep your directory crisp and clean Also, adding new entries to Domino through LDAP is safe BUT! Notes client, Registration-bypassing, name adds may leave hierarchy gaps For example: You add “cn=Jane Dough/ou=OurOrganizationalUnit/o=IBM” You didn't add a document for “ou=OurOrganizationalUnit”... not such a big deal in Domino However, searches in LDAP may fail Directory Lint will report these types of errors and let you choose what to fix
  • 15. Sounds a lot like VerifyDIT, to me You caught me! VerifyDIT was extended to work with DirLint and: Be a kinder, gentler incarnation Report changes, not just arbitrarily modify your directory Now, you can SEE what will happen if you run the classic VerifyDIT on your directory BEFORE changes are made You still have the choice of running the classic VerifyDIT whenever you want
  • 16. OK, what else? Invalid DN Syntax Again, using Domino Registration (it’s a great tool) you shouldn’t need to worry BUT special “escaped” characters can creep into your directory names in multiple ways: Special LDAP chars added through Notes Example: You were thinking LDAP-style (comma delimited) while typing in: cn=Josh Burchard,o=IBM – You really wanted: “cn=Josh Burchard/o=IBM” in Domino – You get: “cn=Josh Burchard,o=IBM/o=MYDOMAIN” – Everything, including commas is your entire CN!
  • 17. Invalid DN Syntax Names added via Domino LDAP before 7.0 Example using the special ‘+’ character: – The LDAP DN CN=This+That,OU=West,O=Acme should be converted to Notes DN CN=This"+"That/OU=West/O=Acme. – However, previous revisions did not correctly escape the + (plus) character with double-quotes, resulting in a Notes DN (CN=This+That/OU=Westford/O=Acme) that appears to have a multi-valued RDN. – Oops! Custom programs that bypass syntax checking and write directly to a directory database
  • 18. Special Characters – Risky Business? Our translation routines can only be so clever, and special chars that sneak into the Domino directory may not translate to LDAP the way you expect and vice versa Can cause problems when searching for names Can cause problems when trying to log in with an LDAP-style name to use a Domino web resource
  • 19. Special Characters – The Li’l Translation List The following characters need special handling when present in an LDAP DN less than character < greater than character > semicolon character ; comma character , (within a name, not being used as separator) plus sign character + double quote character “ backslash character equal sign = A space or # character occurring at the beginning of the string A space character occurring at the end of the string Find more about this general topic here: Domino 7.0 Release notes http://www-12.lotus.com/ldd/doc/domino_notes/7.0/readme.nsf Navigate to: Domino Server->About this release->New in this release->New enhancements->LDAP special characterhandling
  • 20. Special Characters - How DirLint can Help Scans the names in your directory to find out if the special chars from the chart are embedded Reports them to you and gives you the choice to decide what to keep as-is and what to change
  • 21. PRESENTATION DEMO WILL BE RECORDED AND PROVIDED ONLINE
  • 22. Group Member Craziness Problems can arise whenever human input is involved - group membership lists are no exception Inserting typos in otherwise valid names Totally invalid and non-existent names Etc. But even correctly entered names that exist today may go away tomorrow!
  • 23. Group Members - What do I do? Use Domino Registration when removing things that may be group members, and you'll be ok Run DirLint! DirLint will scan your group member lists and ensure names exist in a directory available through Directory Assistance
  • 24. PRESENTATION DEMO WILL BE RECORDED AND PROVIDED ONLINE
  • 25. Cool! How do I get started? Simple! Type: “load dirlint -?” at the Domino server's console command line to get an overview of all the commands, options and tests DirLint offers to give you control over directory integrity!
  • 26. PRESENTATION DEMO WILL BE RECORDED AND PROVIDED ONLINE
  • 27. ® Directory Assistance LDAP Helpers How Do I Integrate My Other LDAP Server Into Domino Directory Services?
  • 28. Directory Assistance / Secondary LDAP Directories A way for your Notes applications to achieve … Internet Authentication Group Authorization Mail Addressing, etc. to secondary directories
  • 30. Suggest - Hostname DNS SRV records Per RFC 2782 (Active Directory automatically does this) Server’s DNS suffix
  • 31. Suggest - Base DN for Search Domino LDAP servers return empty search base, denoting the root
  • 32. Suggest - Type Of Search Filter Domino LDAP (8.0) – dominoAccessGroups for group authorization IBM Directory Server (8.0) – ibm-allGroups for group authorization Active Directory (7.0/6.5.5) – memberOf for group authorization
  • 33. Verify - Optional Credentials
  • 34. Verify - Notes DN Attribute
  • 35. Review Simplifies successful DA/LDAP configurations by suggesting and immediately testing settings Suggest buttons are great for configuring DA/LDAP connections for the first time Verify buttons are great for re-testing existing DA/LDAP connection configurations
  • 36. ® Domino LDAP Search Performance What To Do When Someone Tells You LDAP Is Slow
  • 37. Two Step Approach 1. Identify - How do you determine what’s slow? Previously, set LDAPDEBUG=1 in Notes.ini to see LDAP server traces Previously, turn on LDAP Activity Logging Now, see LDAP.Search.Longest Statistics 2. Remedy - How do you improve slow searches? Adjust the Domino LDAP server Adjust the LDAP client application
  • 38. ® 1. Identify How do you determine what’s slow?
  • 39. LDAPDEBUG=1 Peeks into Domino LDAP Server 01:12:56.00 PM LDAP> ***** Start search request processing ***** 01:12:56.00 PM LDAP> Scope: SUBTREE 01:12:56.00 PM LDAP> Dereference Aliases: 0 01:12:56.00 PM LDAP> TimeLimit: 15 01:12:56.00 PM LDAP> SizeLimit: 0 01:12:56.00 PM LDAP> Attributes to return: ALL 01:12:56.00 PM LDAP> Base: o=klint42p 01:12:56.00 PM LDAP> Filter: (|(cn=ken lin)(givenname=ken lin) (sn=ken lin)(uid=ken lin)(mail=ken lin)) 01:12:56.00 PM LDAP> *** Searching in database c:dominodatanames.nsf... 01:12:56.00 PM LDAP> Type of search: View Search 01:12:56.00 PM LDAP> ... Searching view ($LDAPCN) for match on cn = ken lin 01:12:56.01 PM LDAP> ... Searching view ($LDAPG) for match on givenname = ken lin 01:12:56.01 PM LDAP> ... Searching view ($LDAPS) for match on sn = ken lin 01:12:56.01 PM LDAP> ... Searching view $Users for match on uid = ken lin 01:12:56.01 PM LDAP> ... Searching view $Users for match on mail = ken lin 01:12:56.01 PM LDAP> GetSearchEntry State 01:12:56.01 PM LDAP> Found matching entry, Note ID: 4942 01:12:56.01 PM LDAP> SendSearchEntry, sending entry CN=Ken Lin,O=klint42p 01:12:56.01 PM LDAP> GetSearchEntry State 01:12:56.01 PM LDAP> Search State 01:12:56.01 PM LDAP> Search State 01:12:56.01 PM LDAP> ***** Count of search entries returned (total): 1 ***** 01:12:56.01 PM LDAP> Return Result State (Search operation) 01:12:56.01 PM LDAP> StateReturnResult returning resultCode 0 (Success)
  • 40. Approaches Previous approaches are laborious 1. Turn on LDAPDEBUG=1 Tracing or Activity Logging 2. Restart LDAP server 3. Resend LDAP traffic 4. Analyze lots and lots of data 5. Remedy 6. Repeat steps 2-5 until satisfied 7. Turn off tracing or logging 8. Resume normal LDAP application operation New LDAP.Search.Longest Domino statistics (since 7.0.2) 1. SHOW STAT LDAP 2. Analyze just a few statistics 3. Remedy No digging through lots of traces! No down time! No recreating LDAP traffic - these stats always maintained!
  • 41. LDAP.Search.Longest Statistics > show stat ldap LDAP.Average LDAP Search time = 0.013 LDAP.Longest LDAP Search request = Base: , Filter: (&(objectclass=groupofnames) (member=cn=ken lin,o=klint42p)), Scope: 2, Entries Found: 1 LDAP.Longest LDAP Search time = 0.06 LDAP.Search.Longest.AverageTime.01 = LDAP.Search.Longest.AverageTime.02 = LDAP.Search.Longest.AverageTime.03 = LDAP.Search.Longest.AverageTime.04 = LDAP.Search.Longest.Count.01 = LDAP.Search.Longest.Count.02 = LDAP.Search.Longest.Count.03 = LDAP.Search.Longest.Count.04 = LDAP.Search.Longest.Entries.01 = LDAP.Search.Longest.Entries.02 = LDAP.Search.Longest.Entries.03 = LDAP.Search.Longest.Entries.04 = LDAP.Search.Longest.Pattern.01 = LDAP.Search.Longest.Pattern.02 = LDAP.Search.Longest.Pattern.03 = LDAP.Search.Longest.Pattern.04 = o=klint42p??sub?(location=%v)?timelimit=15 o=klint42p??sub?(|(cn=%v)(givenname=%v) (sn=%v)(uid=%v)(mail=%v))?timelimit=15 o=klint42p??sub?(dominounid=%v)?timelimit=15 ??sub?(&(objectclass=%v)(member=%v))? timelimit=15 0.023 0.014 0.01 0.008 29 30 30 30 29 30 30 30
  • 42. Decoding LDAP.Search.Longest.Pattern basedn - where to start searching o=klint42p ? ? sub ? (location=%v) ? timelimit=15 Modeled after part of RFC 4516 - LDAP URL ldap://host:port/basedn?attributes?scope?filter?extensions attributes - to return scope - relative to basedn (base, subtree, onelevel) filter - %v is user-supplied value extensions - from client
  • 43. LDAP URLs in Your Browser
  • 44. LDAP.Search.Longest Statistics It is often the search pattern, not every search instance, that determines the overall efficiency of the Domino LDAP search. LDAP applications search by reusing a limited set of search patterns, but with different values. LDAP applications allow their administrators to customize the search patterns used. Directory Assistance – LDAP “Type of search filter to use” Sametime – stconfig.nsf LDAPServer document’s “search filters” Portal – wmm.xml configuration file The new LDAP.Search.Longest Domino statistics reveal the search patterns ordered by slowest average times. Since the LDAP server does not have to record tremendous volumes of individual searches, the LDAP.Search.Longest statistics are always available and does not require a “debug” mode.
  • 45. ® 2. Remedy How do you improve slow searches?
  • 46. How Domino LDAP Server Searches View Search For attributes in Pubnames.ntf view indices Full Text Search For attributes not in Pubnames.ntf view indices All Search For attributes not in Pubnames.ntf view indices when no FT Index present Visits every document in Domino directory Specialized Searches For group membership, modified time, Universal Note ID-based searches, etc. QR Cached Search For previously issued searches
  • 47. View Search 01:12:56.00 PM LDAP> ***** Start search request processing ***** 01:12:56.00 PM LDAP> Scope: SUBTREE 01:12:56.00 PM LDAP> Dereference Aliases: 0 01:12:56.00 PM LDAP> TimeLimit: 15 01:12:56.00 PM LDAP> SizeLimit: 0 01:12:56.00 PM LDAP> Attributes to return: ALL 01:12:56.00 PM LDAP> Base: o=klint42p 01:12:56.00 PM LDAP> Filter: (|(cn=kenFilter: (|(cn=kenFilter: (|(cn=kenFilter: (|(cn=ken lin)(givennamelin)(givennamelin)(givennamelin)(givenname=ken=ken=ken=ken linlinlinlin)))) (sn=ken(sn=ken(sn=ken(sn=ken lin)(uidlin)(uidlin)(uidlin)(uid=ken=ken=ken=ken lin)(maillin)(maillin)(maillin)(mail=ken=ken=ken=ken linlinlinlin)))))))) 01:12:56.00 PM LDAP> *** Searching in database c:dominodatanames.nsf... 01:12:56.00 PM LDAP> Type of search: View SearchType of search: View SearchType of search: View SearchType of search: View Search 01:12:56.00 PM LDAP> ... Searching view ($LDAPCN) for match on cn = ken lin 01:12:56.01 PM LDAP> ... Searching view ($LDAPG) for match on givenname = ken lin 01:12:56.01 PM LDAP> ... Searching view ($LDAPS) for match on sn = ken lin 01:12:56.01 PM LDAP> ... Searching view $Users for match on uid = ken lin 01:12:56.01 PM LDAP> ... Searching view $Users for match on mail = ken lin 01:12:56.01 PM LDAP> GetSearchEntry State 01:12:56.01 PM LDAP> Found matching entry, Note ID: 4942 01:12:56.01 PM LDAP> SendSearchEntry, sending entry CN=Ken Lin,O=klint42p 01:12:56.01 PM LDAP> GetSearchEntry State 01:12:56.01 PM LDAP> Search State 01:12:56.01 PM LDAP> Search State 01:12:56.01 PM LDAP> ***** Count of search entries returned (total): 1 ***** 01:12:56.01 PM LDAP> Return Result State (Search operation) 01:12:56.01 PM LDAP> StateReturnResult returning resultCode 0 (Success) Simplify!
  • 48. View Searches ($LDAPRDNHier)(objectClass=*)base ($ServerAccess)(&(member=%v) (objectclass=groupOfNames)) ($Users) if found in InternetAddress; otherwise also FT Search MailAddress (mail=%v) ($Users)(displayName=%v) new in 7.0.2 ($Users)(uid=%v) ($LDAPG)(givenName=%v) ($LDAPS)(sn=%v)onelevel ($LDAPCN)(cn=%v)subtree, ViewFilter AttributesScope
  • 49. Query Results Cache’d Search ***** Start search request processing ***** Scope: SUBTREE Dereference Aliases: 0 TimeLimit: 15 SizeLimit: 0 Attributes to return: ALL Base: o=klint42p Filter: (|(cn=kenFilter: (|(cn=kenFilter: (|(cn=kenFilter: (|(cn=ken lin)(givennamelin)(givennamelin)(givennamelin)(givenname=ken=ken=ken=ken linlinlinlin)))) (sn=ken(sn=ken(sn=ken(sn=ken lin)(uidlin)(uidlin)(uidlin)(uid=ken=ken=ken=ken lin)(maillin)(maillin)(maillin)(mail=ken=ken=ken=ken linlinlinlin)))))))) Found entry in LDAP QR Cache.Found entry in LDAP QR Cache.Found entry in LDAP QR Cache.Found entry in LDAP QR Cache. ***** Count of search entries returned (total): 1 ***** Return Result State (Search operation) StateReturnResult returning resultCode 0 (Success)
  • 50. Fallback To All Search ***** Start search request processing ***** Scope: SUBTREE Dereference Aliases: 0 TimeLimit: 15 SizeLimit: 0 Attributes to return: ALL Base: o=klint42p Filter: (location=Filter: (location=Filter: (location=Filter: (location=wchwchwchwch)))) *** Searching in database c:dominodatanames.nsf... Type of search: FT SearchType of search: FT SearchType of search: FT SearchType of search: FT Search ... No FT index was found... No FT index was found... No FT index was found... No FT index was found ... Fallback to All Search... Fallback to All Search... Fallback to All Search... Fallback to All Search ... Getting entries in ($LDAPRDNHier) GetSearchEntry State Found matching entry CN=Ken Lin/O=klint42p (NoteID: 4942) SendSearchEntry, sending entry CN=Ken Lin,O=klint42p GetSearchEntry State Search State Search State ***** Count of search entries returned (total): 1 ***** Return Result State (Search operation) StateReturnResult returning resultCode 0 (Success) LDAP Server: You should full text index Domino directory names.nsf on klint42p/klint42p to improve search performance for filters like '(location=x)' Full Text Index!
  • 52. Full Text Search ***** Start search request processing ***** Scope: SUBTREE Dereference Aliases: 0 TimeLimit: 15 SizeLimit: 0 Attributes to return: ALL Base: o=klint42p Filter: (location=Filter: (location=Filter: (location=Filter: (location=wchwchwchwch)))) *** Searching in database c:dominodatanames.nsf... Type of search: FT SearchType of search: FT SearchType of search: FT SearchType of search: FT Search FT Query: ([$$O] Contains ("klint42p")) AND (([location] Contains ("wch"))) Type of search: Modified Since FT SearchType of search: Modified Since FT SearchType of search: Modified Since FT SearchType of search: Modified Since FT Search GetSearchEntry State Found matching entry, Note ID: 4942 SendSearchEntry, sending entry CN=Ken Lin,O=klint42p GetSearchEntry State Search State Search State ***** Count of search entries returned (total): 1 ***** Return Result State (Search operation) StateReturnResult returning resultCode 0 (Success)
  • 53. Group Membership and dominoAccessGroups If you see many search patterns like this … ??sub?(&(objectclass=%v)(member=%v)) the application may be attempting to performing many series of nested group membership searches e.g., “cn=Ken Lin,ou=Westford,o=IBM” belongs to “cn=LDAP Server Dev” belongs to “cn=Iris Directory Team” etc. For such situations, consider reconfiguring the application to use a single query to retrieve the person’s new 8.0 dominoAccessGroups attribute instead Domino Directory Assistance - LDAP Type of search filter = Domino LDAP Portal and Websphere Member Manager (WMM) -based applications groupMembershipAttributeMap = "dominoAccessGroups:nested"
  • 54. Relative LDAP Search Speeds QR Cache’d Search All Search View Search Full Text Search If DDM.nsf shows a Fallback to All Search warning, Full Text Index the specified Domino directory and make sure the Update task is running. If application’s LDAP search pattern contains terms that are not indexed view fields, see if they can either be eliminated or changed to use indexed fields. If different LDAP applications use equivalent or similiar filters, evaluated if they can be made identical. e.g., Technote 1197769 – Change Websphere Portal People Finder wmm XML files from pluginAttributeName=“displayName” to pluginAttributeName=“cn” for Domino LDAP < 7.0.2 e.g., If one application uses “(|(cn=%v)(givenName=%v)(sn=%v))” and another uses “(|(cn=%v)(sn=%v)(givenName=%v))”, rearrange one to match the other
  • 55. Miscellaneous Notes.ini Variables LDAPMaxLongestSearchCount - Number of sets of statistics maintained Default is LDAPMaxLongestSearchCount = 20 LDAPMaxLongestSearchCount = 0 turns off collection LDAPMaxLongestSearchCount = 50 is maximum In general, too many statistics will slow down Domino LDAPMinLongestSearchTime - Searches shorter than this milisecond interval are not collected Default is LDAPMinLongestSearchTime = 100 (i.e., 0.1 sec) LDAPMinLongestSearchTime = 0 collects all searches
  • 56. Review Identify the slowest searches using SHOW STAT LDAP command Available since 7.0.2! Target the slowest search patterns that have the highest count Check the DDM Directory events for Full Text Index recommendations Remedy performance … Domino LDAP Server: Full text index Domino directories as necessary LDAP Application: Tweak the application’s search filters so … View searches are used Complexity of the search filter is reduced – Can you remove terms? – Can you use dominoAccessGroups for group membership searches?
  • 58. See Also ID207: IBM Lotus Domino 8 Directory Deployment to Address TCO SW 3-4, Monday 11:00-12:00 8.0 directory features Directory roadmap BOF305: IBM Lotus Domino Directory Integration SW Macaw 1-2, Wednesday 5:45-6:45 Directory roadmap Open discussion L101: Meet the Developers Lab DL Asia 1-2 L105: Deployments, Performance and Interoperability DL Europe 3-4 Google “Domino Directory FAQ” We monitor “Notes/Domino 6 and 7 Forum” and “Business Partner Forum”
  • 60. © IBM Corporation 2007. All Rights Reserved. The workshops, sessions and materials have been prepared by IBM or the session speakers and reflect their own views. They are provided for informational purposes only, and are neither intended to, nor shall have the effect of being, legal or other guidance or advice to any participant. While efforts were made to verify the completeness and accuracy of the information contained in this presentation, it is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this presentation or any other materials. Nothing contained in this presentation is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in this presentation may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results. Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the user's job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here. All customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics may vary by customer. IBM, the IBM logo, Lotus, Lotus Notes, Notes, Domino, Domino.Doc, Domino Designer, Lotus Enterprise Integrator, Lotus Workflow, Lotusphere, QuickPlace, Sametime, WebSphere, Workplace, Workplace Forms, Workplace Managed Client, Workplace Web Content Management, AIX, AS/400, DB2, DB2 Universal Database, developerWorks, eServer, EasySync, i5/OS, IBM Virtual Innovation Center, iSeries, OS/400, Passport Advantage, PartnerWorld, Rational, Redbooks, Software as Services, System z, Tivoli, xSeries, z/OS and zSeries are trademarks of International Business Machines Corporation in the United States, other countries, or both. Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other countries, or both. Intel and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. UNIX is a registered trademark of The Open Group in the United States and other countries. Linux is a registered trademark of Linus Torbvalds in the United States, other countries, or both. Other company, product, or service names may be trademarks or service marks of others. All references to Acme, Renovations and Zeta Bank refer to a fictitious company and are used for illustration purposes only.