The document provides an overview of the IBM SmartCloud Integration Server and the process for provisioning users from an on-premises directory to IBM SmartCloud. Key points include: - The Integration Server allows organizations to integrate user provisioning from an on-premises directory to IBM SmartCloud through scheduled uploads of provisioning files. - Provisioning files follow a specific CSV format and naming convention to define actions like adding, updating, or removing users and assigning subscriptions. - Fields can be populated from existing directories like Domino Directory and IBM Connections profiles to synchronize user data to SmartCloud user accounts.

1. BP311: Sunny Days,
(Smart)Cloud-y Users
Mitch Cohen, Colgate-Palmolive
© 2014 IBM Corporation

2. Acknowledgements and Disclaimers
Availability. References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates.
The workshops, sessions and materials have been prepared by IBM or the session speakers and reflect their own views. They are provided for informational purposes only, and are neither
intended to, nor shall have the effect of being, legal or other guidance or advice to any participant. While efforts were made to verify the completeness and accuracy of the information
contained in this presentation, it is provided AS-IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise
related to, this presentation or any other materials. Nothing contained in this presentation is intended to, nor shall have the effect of, creating any warranties or representations from IBM or
its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software.
All customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual environmental costs and
performance characteristics may vary by customer. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you
will result in any specific sales, revenue growth or other results.
© Copyright IBM Corporation 2014. All rights reserved.
 U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
 IBM, the IBM logo, ibm.com, and IBM SmartCloud for Social Business, IBM DB2, IBM Notes and Domino, IBM Docs, IBM Tivoli Directory Integrator, and IBM Security Directory Integrator
are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are
marked on their first occurrence in this information with a trademark symbol (® or ™), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this
information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the Web at “Copyright
and trademark information” at www.ibm.com/legal/copytrade.shtml
Other company, product, or service names may be trademarks or service marks of others.
2

3. Even More Acknowledgements and Disclaimers
 In the course of this session the following IBM Trademarked Software will be mentioned
– IBM SmartCloud®
– IBM Social Business®
– Domino®
– Tivoli Directory Integrator®
– IBM Security Direcory Integrator®
– DB2®
– Lotus®
– LotusLive™
– Lotusphere®
3

4. About Me
 Working with IBM Collaboration Solutions for 15 years
 Married 15 years with 3 (crazy) kids: Molly 10 , Abe 5 ¾, Jack 5 ¾
 Huge fan of the
– NY Giants (Football)
– NY Mets (Baseball)
 2014 IBM Champion
 Long accused of having my head in the clouds
 I am NOT a developer (confirmed by those who have reviewed my code)
– Help yourself to any of my code at your own risk
4

5. Agenda
 What is IBM SmartCloud for Social Business
 Registering Users for SmartCloud
 Introduction to IBM Tivoli Directory Integrator
 Introduction to the SmartCloud Integration Server
 Creating a Provisioning File
 Questions and (with any luck) Answers
5

6. What is IBM SmartCloud
for Social Business?
6

7. IBM Smart Cloud for Social Business
 A series of Cloud Based Collaboration Tools offered by IBM
– Email & Calendar (IBM Notes, or iNotes mail)
– Collaboration (IBM Connections, Sametime Instant Messaging)
– Web Meetings (IBM Sametime)
– IBM Docs
– Audio Conferencing
– IBM Notes Traveler
– Blackberry
– Email Archiving
 Many of these are “mix and match”
– For example Traveler is an additional license on top of Email & Calendar.
 You can have different licenses for different parts of your organization.
7

8. Registering Users for SmartCloud
8

9. Registering Users for IBM SmartCloud
 To provision services to a user, you need to create their account and assign them a license.
 You can have different subscriptions for different users in your organization.
– Some users will have multiple subscriptions. For example:
• Traveler is an additional subscription on top of Notes or Engage.
• IBM Docs is an additional subscription on top of Engage.
9

10. Registering Users for IBM SmartCloud
10

11. Registering Users for IBM SmartCloud
11

12. Registering Users for IBM SmartCloud
12

13. Registering Users for IBM SmartCloud
13

14. Registering Users for IBM SmartCloud
 If you have a handful of people to register, manual registration might work.
 If you are working in a large organization. you might want an easier way to register users
and assign licenses.
14

15. Introduction to
Tivoli Directory Integrator (TDI)
15

16. Introduction to TDI
 Please note: IBM has recently rebranded products in the Tivoli brand.
– Tivoli Directory Integrator is now known as IBM Security Directory Integrator.
– This presentation was built using Tivoli Directory Integrator version 7.1.
– I will be referring to it as TDI.
• Mostly out of habit
• Partly because some of my jokes depend on it
16

17. Introduction to TDI
 So What is TDI?
– Not This
17

18. Introduction to TDI
 What is Tivoli Directory Integrator?
– According to IBM:
“Transforms, moves and synchronizes generic and
identity data residing in heterogeneous directories,
databases, files, collaborative systems and applications,
with real-time automated updates to the authoritative
data source.”
18

19. Introduction to TDI
 What is Tivoli Directory Integrator?
– To put it in simpler terms
19

20. Introduction to TDI
 There is a good chance you have an entitlement to use TDI.
– If you own licenses for:
• Domino
• Connections
• SmartCloud
– Check the version of TDI you are entitled to.
• IBM Connections requires a specific version.
– We usually just say TDI is ‘Free Free Free’.*
*Please consult your IBM Licenses to verify your entitlement
20

21. Introduction to TDI
 TDI Terminology
– Projects
• Collection of AssemblyLine and Resources
– Connectors
• Pre-built templates to connect to different systems
• Many installed with TDI
• If you are adventurous, you can write your own.
– AssemblyLines
• Made up of Feeds and Data Flows
– Workspace
– Solution Directory
21

22. Why Use TDI?
 Entitled to use it with your SmartCloud licenses
 TDI more than likely ships with a Connector that can read from your existing data store.
 Once you understand TDI it is easy to use.
– You don’t have to be a developer.
– A little JavaScript knowledge will go a long way though.
 TDI is fun*
*My definition of “fun” might not be the same as yours.
22

23. Launching TDI
 The TDI Configuration Editor is Eclipse-based.
 When launching, you need to define a Workspace folder:
– This is where your code is stored.
– You can dedicate a Workspace per project or include multiple projects in one
Workspace.
23

24. The TDI Configuration Editor
24

25. TDI Connectors
 TDI Ships with many Connectors (partial list):
25

26. TDI Connectors
 In this session I am going to show you the:
– LDAP Connector
• Connected to Domino Directory and Active Directory
– JDBC Connector
– File Connector
26

27. AssemblyLine
 Not this:
27

28. AssemblyLine
 AssemblyLines are where your TDI code lives.
– An AssemblyLine can contain multiple tasks.
– An AssemblyLine can contain control flows:
• If/Else
• Switch
• Scripts
– An AssemblyLine can call another AssemblyLine.
– An AssemblyLine contains two parts:
• Feed
• Data Flow
28

29. Properties
 Property Files allow you to store your properties in a common file instead of manually
entering them in each AssemblyLine component.
– Using Property Files will save you time.
– Allows you to change a parameter once regardless of how many times it appears in the
AssemblyLine.
– Easily allows you to point an AssemblyLine at different environments.
• i.e. Test/Dev/Production
– Wherever possible, use Property Files.
• Trust me on this one.
29

30. Properties
 Example of defined properties
30

31. Properties
 It is not obvious, but all of these attributes are clickable to assign a property value instead of
hardcoding.
– You can script property names, too.
31

32. Properties
32

33. Introduction to
SmartCloud Integration Server
33

34. Introduction to SmartCloud Integration Server
 What is the Integration Server?
– According to IBM:
• “The integration server enables you to integrate user provisioning information from your onpremises administrative environment. It also enables you to upload users in your organization’s
enterprise directory to the SmartCloud iNotes® corporate contacts directory.”
• “The integration server supports your use of a hybrid environment – one that uses a combination
of on-premises administrative management and cloud-based service and subscription
management. The integration server periodically processes data files that you create and upload
using a secure file transfer mechanism, to add, modify, and remove user provisioning
information. This enables you to continue using your on-premises management systems and
periodically upload user data.”
• “Integrating initial and changed content from your on-premises administrative environment is
facilitated through your organization's subscription to the integration server service and by
properly named and formatted change files that you periodically create and upload”.
34

35. Introduction to SmartCloud Integration Server
 What is the Integration Server?
– In simpler terms:
•
•
•
•
A simple automated way to add users and assign services in IBM SmartCloud.
You can add, remove, suspend, delete, and change subscription data.
You prepare the input file according to the provided format.
Provisioning files are sent via SFTP to the Integration server for processing.
- This is not API access.
- You are preparing and uploading a provisioning file.
35

36. Introduction to SmartCloud Integration Server
 The Integration Server used to be called LotusLive Integration Server (LLIS)
– The latest documentation simply refers to it as “Integration Server”
• I guess SCIS didn’t sound as good as LLIS.
• My example refers to it as LLIS.
– Speaking of documentation
• https://apps.na.collabserv.com/help/index.jsp?
topic=/com.ibm.cloud.admin.doc/IntegrationServer/llis_workwithintro_NOGI
_c.html
• You might notice the URL still references LLIS.
• I will call it LLIS out of habit .
- I don’t think I have any jokes that depend on it though.
36

37. Introduction to SmartCloud Integration Server
 Please note:
– SmartCloud accounts are NOT enabled to use the Integration Server by default.
– Email support to request Integration Server Enablement.
– Specifics can be found here:
• https://apps.na.collabserv.com/help/index.jsp?
topic=/com.ibm.cloud.admin.doc/IntegrationServer/llis_enablingllis_t.html
37

38. Introduction to SmartCloud Integration Server
 All of the information you need to prepare a provisioning file can be found:
– In the SmartCloud Admin Console
– In your existing directories
 In our example today we will use information from:
– Domino Directory
– Active Directory
– IBM Connections
38

39. SmartCloud Integration Server Limits
 The SmartCloud Integration Server limits the number of changes you can process:
– Per file
– Per hour
– Per day
 A provisioning file can contain up to 200 entries.
 750 Changes can be processed per hour.
 10,000 Changes can be processed per day.
 Simply put, if you have 50,000 users in your organization it will take at least 5 days to
process.
– Plan accordingly
39

40. Naming SmartCloud Provisioning Files
 LLIS Provisioning Files are made up of 5 components:
– Customer ID
• Find this in your SmartCloud Admin Panel.
– Source ID
• This is optional but recommended.
• This can be any string you choose:
- Company name
- Directory name
– Type
• Set to ‘prv’.
- ‘prv’ stands for provisioning file
40

41. Naming SmartCloud Provisioning Files
– Sequence Number
• This is a unique number between 0 and 4294967295.
• Each new provisioning file must have a higher sequence number than the previous
file or it will not be processed.
• Unix Epoch time is recommended for sequence number.
- TDI can generate this for you.
• Sequence number is related to Source ID.
- Each Source ID can have its own sequence.
– Extension
• Provisioning files are CSV files and should have a .csv extension.
41

42. Naming SmartCloud Provisioning Files
 Example: Provisioning File Name
– 00000000_seinfeld_prv_1367246866.csv
• 00000000 is the Customer ID. You can find yours in your SmartCloud Admin
Console.
 If your provisioning files do not meet these rules, they will not be processed.
42

43. Integration Server Provisioning File Format
 The SmartCloud Provisioning file contains 25 fields.
– Not all field values are required.
– Regardless of which fields you are populating, you must have all 25 fields accounted for.
• Fields in RED are required.
• Depending on the subscription, additional fields may be required.
emailAddress,action,subscriptionId,subscriptionId2,givenName,familyName,language,time
Zone,password,altEmailAddress,notesTemplate,notesDN,assignTo,department,jobTitle,c
ountry,telephone,mobile,fax,address,suppressInvitation,federationType,CollabExtraStora
ge,MailExtraStorage,Activation
43

44. Integration Server Provisioning File Format
 I am not going to explain every field in the provisioning file…
– Many of them are obvious.
– I am going to point out a few specific ones though that are not.
– For a complete list of fields and explanations, see:
https://apps.na.collabserv.com/help/index.jsp?
topic=/com.ibm.cloud.admin.doc/bss/topics/intro.html&lang=en
44

45. Integration Server Provisioning File Format
 Action
– This specifies the action to be taken when processed the available options are:
• Add, Update, Suspend, Resume, Remove, AssignSeat, ChangeSeat, RevokeSeat,
Rename, ResendInvitation, ChangeStorage
– I will be showing you a provisioning file with the ‘Add’ action.
 SubscriptionID, SubscriptionID2
– This specifies the services being assigned to the account.
– Typically you will have a SubscriptionID for every account.
– Not every account will have a second subscription, but the field is required even if blank.
45

46. Integration Server Provisioning File Format
 AssignTo
– Used when revoking collaboration services to assign the resources belonging to the old
account to a new account.
 SuppressInvitation
– By default, when provisioning accounts IBM SmartCloud will send an email to the user
with a link to complete their enrollment.
• The email can be suppressed using SUPPRESS_ALL.
• You can use the ResendInvitation action to send it later on.
46

47. Integration Server Provisioning File Format
 FederationType
– This is used to set up how accounts login:
• NON_Federated – users log in with their email address and password specified
when they complete their SmartCloud enrollment.
• Federated – users can only log in via SAML.
• Modified_Federated – users can login with either method.
 Note: If you want to allow users to login via mobile apps, NON_Federated or
Modified_Federated are required.
 For Federated or Modified_Federated, additional setup is required to configure SAML from
your organization to IBM SmartCloud:
– We are not covering that in this session.
– For more information on Federated Identity Management, see:
https://apps.na.collabserv.com/help/index.jsp?topic=%2Fcom.ibm.cloud.admin.doc%2FSAMLFederatedIdentity
%2Ffim_federated_identity_management.html
47

48. Integration Server Provisioning File Format
 CollabExtraStorage, MailExtraStorage
– Used with the ChangeStorage action to add additional storave for mail or files to a
specific account.
 Activation
– Default is not set (blank).
– Can only be used in a fully federated environment.
– No email verification is sent for accounts created with FORCE_ACTIVATION.
– Make sure you understand this one before setting it.
48

49. Integration Server Provisioning File Format
 Before you begin, determine which data you need for your organization.
– For demo purposes, I will be adding the following fields to the Provisioning File:
Field Name
Source
emailAddress
Domino Directory via LDAP
action
add
subscriptionID
000000
givenname
Domino Directory via LDAP
familyName
Domino Directory via LDAP
language
IBM Connections Profiles
notesDN
Domino Directory via LDAP
department
IBM Connections Profiles
jobTitle
IBM Connections Profiles
country
IBM Connections Profiles
49

50. Creating a Provisioning File
50

51. Quick Review
 Hopefully right now you have an understanding of:
– What is TDI
– What is the Integration Server
– What data you need, and where you can get it.
 Now we are going to put it all together and create a provisioning file.
51

52. Creating a Provisioning File
 What we are going to do:
– Connect to the Domino Directory via LDAP.
• Retrieve the users NotesDN, email, first, and last name.
– Connect to IBM Profiles.
• Retrieve the users language, job title, country, and department.
– Connect to Active Directory via LDAP.
• Verify that the user exists.
– Add in:
• The SmartCloud subscription ID and action.
52

53. The AssemblyLine
 Time to build the AssemblyLine
– In the AssemblyLine, click on Add Component.
53

54. The AssemblyLine
 Our first connection is to the Domino Directory via LDAP.
– We will be using the LDAP Connector.
– You can browse the list or use the search box.
54

55. The AssemblyLine
 Name your Component.
– It will default to the Connector Name.
– Give your Connector a meaningful name.
– Select a Mode.
• For a feed component select ‘Iterator’.
– Click Next to set up the connection properties.
55

56. The AssemblyLine
 We are now going to use our pre-defined properties to populate the connection to the LDAP
server.
– Remember: it is not obvious, but click on the field name.
56

57. The AssemblyLine
 Select ‘Use Property’.
57

58. The AssemblyLine
 Find and select the correct value.
58

59. The AssemblyLine
 Repeat for each required field to complete the connection properties.
– Remember, changes to the properties resource will be reflected here.
– You can always change the connection details later on if needed.
59

60. The AssemblyLine
 Test the Connection.
– Now that the LDAP Connection is configured, we want to test it.
– Select the component in the Feed.
• Click on Connect and then Next to view data.
60

61. The AssemblyLine
 Test the Connection.
– If your connection fails:
• Don’t Panic!
• Read the error message and double check your Connection Properties.
• Check firewalls, network connectivity, user names and passwords.
61

62. The AssemblyLine
 Select the fields you want to work with:
62

63. The AssemblyLine
 Working with data:
– We are going to use email address as a key in a later step of the AssemblyLine.
– In order to match it to other systems, we want to put the email address in all lowercase.
• Email addresses are mixed case in the Domino Directory.
– A little JavaScript is going to help us.
63

64. The AssemblyLine
 Working with data:
64

65. The AssemblyLine
 The Feed from Domino LDAP is complete. Now we will set up the connection to Profiles to
get additional information.
– This is the same as adding the LDAP Connector.
– We will be using the JDBC Connecter.
– Remember to define your Connection Attributes in Property Files.
65

66. The AssemblyLine
 For the Profiles Connection, we are using Lookup Mode.
– Remember to give your component a logical name.
66

67. The AssemblyLine
 JDBC Connector Connection Details
– All of the connections properties are in a properties file.
67

68. The AssemblyLine
 Once the JDBC Connection is defined, test the connection and select the attributes we need
from Profiles.
68

69. The AssemblyLine
 The fields we took from Profiles:
– PROF_ISO_COUNTRY_CODE – we will use this for language.
– PROF_JOB_REPONSIBILITIES – we will use this for title.
– PROF_MAIL_LOWER – this is the email address.
• We are using PROF_MAIL_LOWER not PROF_MAIL as we need them in lowercase.
– PROF_ORGANIZATION_IDENTIFIER – we will use this for Department.
 Some of these require additional coding and DB Lookups to get the actual value we need.
69

70. The AssemblyLine
 Now that we have our Connection defined and fields selected, we can create our Link
Criteria.
– This is where we tell the AssemblyLine how to match records from different data
sources.
– Remember Link Criteria can be case-sensitive.
• This is why we used JavaScript earlier to convert all email addresses from LDAP to
lowercase.
70

71. The AssemblyLine
 Link Criteria:
71

72. The AssemblyLine
 We are going to use Hooks to provide some basic error handling.
– We are going to use the ‘On No Match’ hook to:
• Log to the console when there is no match in Profiles.
• Skip the entry.
– Without this, the job would fail the first time it encountered a record without a match.
– There are any number of Hooks that can be used to log or handle errors.
– Hooks can also be used to write out log files to report on error conditions.
72

73. The AssemblyLine
 On No Match Hook:
73

74. The AssemblyLine
 If we ran the job now the log would look like this:
– Note the log for the records with no match:
14:53:01,749 INFO
14:53:01,798 INFO
14:53:01,811 INFO
14:53:01,825 INFO
14:53:01,839 INFO
14:53:01,845 INFO
14:53:01,846 INFO
14:53:01,847 INFO
14:53:01,847 INFO
14:53:01,848 INFO
14:53:01,849 INFO
- CTGDIS087I Iterating.
- No record found for kramer@seinfeld.com
- No record found for elaine@seinfeld.com
- No record found for costanza@seinfeld.com
- CTGDIS088I Finished iterating.
- CTGDIS100I Printing the Connector statistics.
- [read_domino_ldap] Get:4
- [read_profiles] Lookup:1, Skip:3
- CTGDIS104I Total: Get:4, Lookup:1, Skip:3.
- CTGDIS101I Finished printing the Connector statistics.
- CTGDIS080I Terminated successfully (0 errors).
74

75. The AssemblyLine
 Next we need to lookup the department name in a different table.
– Profiles stores a reference to department in PROF_ORGANIZATION_IDENTIFIER, so
we need to look up the actual department name in the Department Table.
 We are going to add another JDBC Lookup component.
– This time we will read the department table.
– The value retrieved from PROF_ORGANIZATION_IDENTIFIER will be our Link Criteria
75

76. The AssemblyLine
 Connected to the Department table, and selected the required attributes:
76

77. The AssemblyLine
 Link Criteria defined:
77

78. The AssemblyLine
 Remember to include some error handling:
78

79. The AssemblyLine
 The last thing we want to check is that the email address exists in Active Directory*
– We will only provision users who exist in Active Directory.
– We will log exceptions to a different file.
 The Connection to Active Directory will be via LDAP.
 We will use an IF and ELSE component to:
– Write anyone that exists in Active Directory to the provisioning file.
– Skip and log anyone that does not exist in Active Directory
*This is just an example of data validation – your requirements may differ
79

80. The AssemblyLine
 Adding an IF Branch.
– Click on Add Component.
• Search for IF or look under ‘Control/Flow Components’:
• Remember to give your IF Component a logical name.
- It will default to IF.
80

81. The AssemblyLine
 Branch Conditions
– You can optionally filter in the IF branch to include based on conditions.
• For example, limiting provisioning to a specific email domain:
81

82. The AssemblyLine
 Adding an IF Branch
– TDI will ask you if want to add a component to the branch:
• “Yes” will take you to the standard Add Component Dialog.
• If you say “No”, you can manually add a component or drag and drop an existing
component into the branch at any time.
82

83. The AssemblyLine
 In our example we are going to add the Connection to Active Directory via LDAP.
– I am not going to show how to add that here.
– It is the same as the Domino LDAP connection. You are just using the properties for the
AD Connection.
 Once we are connected to Active Directory, we will use Hooks to decide which action to take
for each record.
83

84. The AssemblyLine
 The Active Directory Connection
– The AD Mail attribute has been defined as admail so as not to conflict with mail which
was assigned earlier from Domino LDAP:
84

85. The AssemblyLine
 We are going to add a Hook for On No Match.
– When the email is not found in AD it will log the information and call the ELSE Branch
where it will be logged.
– The Code for On No Match:
task.logmsg("Email Not Found in AD "+ work.mail);
var ent = system.newEntry();
ent.setAttribute("first",work.getString("givenname"));
ent.setAttribute("last",work.getString("sn"));
ent.setAttribute("mail",work.getString("mail"));
dumpToFile.add(ent);
system.skipEntry()
85

86. The AssemblyLine
 The ELSE Branch
– Uses the File System Connector and the CSV Parser.
– dumpToFile is the name of the component called from On No Match which passed the
fields:
86

87. The AssemblyLine
 Provide a file name
– This will be the name of your log file:
87

88. The AssemblyLine
 Select a Parser.
– We are using the CSV Parser:
88

89. The AssemblyLine
 Specify your field separator.
– We are using a comma.
– Click on the advanced tab to specify the fields:
89

90. The AssemblyLine
 Our Fields are first, last, and mail.
– These were defined in the On No Match code:
90

91. The AssemblyLine
 Add the fields into the Output Map:
91

92. The AssemblyLine
 All that is left is to write out the LLIS Provisioning File.
– We will use the File Connector with the CSV Parser.
– The component will be called write_llis.
• It will be added to the IF:check_ad branch.
– We will then use all of the fields we collected to write out the provisioning file.
– We also have to name the file correctly.
92

93. The AssemblyLine
 Adding the write_llis component:
93

94. The AssemblyLine
 Naming the LLIS Provisioning File.
– Remember earlier we discussed the naming rules.
– We are going to let TDI create the filename for us according to the rules.
• Not obvious but click on ‘File Path’:
94

95. The AssemblyLine
 As a reminder…
 Example: Provisioning File Name:
– 00000000_seinfeld_prv_1367246866.csv
 If your provisioning files do not meet these rules, they will not be processed.
95

96. The AssemblyLine
 Naming the LLIS Provisioning File.
– Select ‘Advanced (JavaScript)’.
• A little JavaScript will generate our file name:
96

97. The AssemblyLine
 Like Magic, here is our file name generated by TDI.
– The timestamp portion will change when the AssemblyLine runs:
97

98. The AssemblyLine
 Select the CSV Parser:
98

99. The AssemblyLine
 The default Field Separator is a semi-colon (;). We’ll change it to a comma (,):
99

100. The AssemblyLine
 Open up the advanced section to define the Field Names.
– We listed them earlier. This will be the first line in the CSV file and must match the
documented format.
– Make sure the ‘Write header’ box is checked:
100

101. The AssemblyLine
 Finally we need to define the fields in the write_llis component.
– Some fields we will hardcode values.
– Some fields we will use what we gathered in previous steps.
– Some fields we will further manipulate the data.
– Remember we need to add every field defined in the Provisioning File format, regardless
of whether there is data or not.
• If you skip a field, your file will be invalid and will not process.
101

102. The AssemblyLine
 Click on Add to define each field:
102

103. The AssemblyLine
 You can select fields we already defined, or create new ones.
– We are going to do a little of both:
103

104. The AssemblyLine
 We have added the subscriptionID element.
– Click on work.subscriptionID to assign its value.
– This will be a simple Substitution text:
104

105. The AssemblyLine
 Here is the completed subscriptionID assignment.
– The ‘Component Attribute’ maps to the field defined in the CSV File.
– The ‘Assignment’ is the field value.
105

106. The AssemblyLine
 Next we are going to simply select the fields we defined earlier.
106

107. The AssemblyLine
 When added they look like this.
– We need to rename the ‘Component Attributes’ to match the CSV File definition:
107

108. The AssemblyLine
 Note the Attribute Component name is case-sensitive:
108

109. The AssemblyLine
 Time to Fast Forward a bit…
109

110. The AssemblyLine
 Here are all the fields defined.
– Remember some fields are assigned values.
– Others are place holders to keep the file in the right format.
110

111. The AssemblyLine
 If we ran the AssemblyLine now we would get a valid provisioning file.
– But I just want to show you one more thing…
 You might need to further manipulate the date at the time you write the file.
 For example… We have a country code, but we did not have a language defined for each
user.
– However, we can however extrapolate language from country.
– This might not be perfect, but hey… It is an example of what you can do in TDI.
111

112. The AssemblyLine
 We have the ISO Country Code which is two letters.
 Supported SmartCloud languages can be found here:
– https://apps.na.collabserv.com/help/index.jsp?
topic=/com.ibm.cloud.admin.doc/IntegrationServer/llis_apx_provlangcodes_c.html
 To keep things simple, let’s just look at a couple of languages:
Language
Code
English
en_us
French
fr_FR
German
de_DE
112

113. The AssemblyLine
 Using JavaScript, we can translate a country code to a valid language code.
– Click on the language assignment to open up the assignment editor:
113

114. The AssemblyLine
 We will get the value of country and run it through a Case statement to assign the proper
value.
– We will default to English if it does not match anything else:
114

115. The AssemblyLine
 Finally, let’s run the AssemblyLine and see the output.
– In the TDI Console we see this:
10:24:08,523 INFO - [write_llis] CTGDJW002I Parser will use provide column names: '[emailAddress, action, subscriptionId, subscriptionId2,
givenname, familyName, language, timeZone, password, altEmailAddress, notesTemplate, notesDN, assignTo, department, jobTitle, country,
telephone, mobile, fax, address, suppressInvitation, federationType]'.
10:24:08,528 INFO - [dumpToFile] CTGDJW002I Parser will use provide column names: '[first, last, mail]'.
10:24:08,537 INFO - CTGDIS087I Iterating.
10:24:08,669 INFO - No record found for kramer@seinfeld.com
10:24:08,835 INFO - Email Not Found in AD elaine@seinfeld.com
10:24:08,898 INFO - No record found for costanza@seinfeld.com
10:24:09,135 INFO - CTGDIS088I Finished iterating.
10:24:09,204 INFO - CTGDIS100I Printing the Connector statistics.
10:24:09,205 INFO - [read_domino_ldap] Get:4
10:24:09,205 INFO - [read_profiles] Lookup:2, Skip:2
10:24:09,206 INFO - [get_department_name] Lookup:2
10:24:09,207 INFO - [check_ad] Branch True:2, Branch False:0
10:24:09,207 INFO - [check_active_directory_for_email] Lookup:1, Skip:1
10:24:09,208 INFO - [write_llis] Add:1
10:24:09,208 INFO - [log_not_in_ad] Branch True:0, Branch False:0
10:24:09,211 INFO - [dumpToFile] Add:1
10:24:09,212 INFO - CTGDIS104I Total: Get:4, Lookup:5, Add:2, Skip:3.
10:24:09,212 INFO - CTGDIS101I Finished printing the Connector statistics.
10:24:09,213 INFO - CTGDIS080I Terminated successfully (0 errors).
115

116. The AssemblyLine
 The output files are in the TDI Workspace Directory:
116

117. The AssemblyLine
 Our Provisioning file:
 Our log of emails that were not in Active Directory:
117

118. The AssemblyLine
 Now What?
– With a completed provisioning file you can now upload it via secure FTP to the
Integration Server for processing.
– To reach the integration server via SFTP you need to have access on port 990 as well as
60000-61000.
• Be nice to your firewall admins!
– Once uploaded, the provisioning files will be processed by the Integration Server.
• You can upload multiple provisioning files at a time. They will be processed in
sequence number order.
– You can download logs from the same secure FTP site.
• Full documentation for Secure FTP and logs are here:
https://apps.na.collabserv.com/help/index.jsp?topic=%2Fcom.ibm.cloud.admin.doc
%2FIntegrationServer%2Fllis_config_llims_c.html
 Don’t forget about the Integration Server rate limits we talked about earlier…
118

119. Summary
119

120. Summary

What I showed you here today:

Basic overview of Tivoli Directory Integrator

Where to find the data you need to provision a SmartCloud User

How to enable the Integration Server for your organization

How to create a provisioning file

Integration Server processing limits

121. Additional Resources

IBM SmartCloud Administration Documentation
−
http://curi0.us/scadmin

Tivoli Directory Integrator 7.1 Documentation
−
http://curi0.us/tdi71doc

IBM Data Studio
−
http://curi0.us/dstudio

Notepad++
−
http://curi0.us/noteplus

Softerra LDAP Browser
−
http://curi0.us/ldbrowser

IBM Tivoli Directory Integrator Users Group
−
http://curi0.us/tdiusers

122. Additional Resources
 W3 Schools Javascript
– http://www.w3schools.com/js/
 Code Academy
– http://www.codecademy.com/
 TDI Google Group / Discussion Forum
– http://curi0.us/tdigroup
• WinSCP - Secure FTP Client
• http://curi0.us/winscp
122

123. Contact Me
Email: mitch@curiousmitch.com
Twitter: @curiousmitch
Blog: http://www.curiousmitch.com

124.  Access Connect Online to complete your session surveys using any:
– Web or mobile browser
– Connect Online kiosk onsite
124

125. I hope you are not…
 But if you are I would be happy to answer some questions… or at least try!
125