Making your user happy – how to create a perfect profile

Making your user happy –
how to create a perfect profile
Andreas Artner
Fritz & Macziol

That's me….
Andreas Artner
• IBM Software Consultant
• Working with Fritz & Macziol www.fum.de
• Focusing on Integration, Interfaces, SSO and
other fun stuff
• Tivoli Directory Integrator (TDI) enthusiast
aartner@fum.de
@AnderlArtner
http://tdiblog.anderls.com

PLATINUM & CHAMPAGNE SPONSORS
GOLD SPONSORS
SILVER SPONSORS
BRONZE SPONSORS

What we will cover today…
• Some TDI basics
• Building custom TDI AssemblyLines for IBM
Connections
• Best practices and Tips
• Real world examples

What is TDI ?
• (Tivoli) IBM Security Directory Integrator
• Don’t get fooled by the name
• Incredible powerful and flexible
• The most valuable add-on that IBM gives to
you
• To make your Users happy you just need to
identify the data sources and push the info to
their profiles !

TDI Terms
• Solution Directory
• TDI‘s working Directory
• Workspace
• Here you store your projects
• Project
• One or more AssemblyLines and related resources
• A single XML-File
• AssemblyLine
• The Interface logic
• Connector
• Connection to a Data source or target

Customizing TDI for IBM Connections
• Many choices:
• Configure Standard TDI Solution
• Simple Attribute mapping
• Custom Functions
• Extension Attributes
• Custom AssemblyLines
• that work in combination with the standard
AssemblyLines
• that are independent
• What is the right approach ?

Customizing TDI for IBM Connections
• Keep it simple and easy to maintain
• Can it be done with standard functionality ? Do it.
• Don’t mess up with the standard AssemblyLines –
rather create your own project.
• Know what you are doing, make your changes
error proven

Example - profiles_function.js
• TDI Sync fails with every run
• "exception": java.lang.NullPointerException“
Small difference – great impact

TDI Development environment
• Install TDI
• Use exactly the same Version as in your Connections
installation – but don’t do it on the same box !
• You can run multiple TDI Versions on the same
machine
• Setup your Directory Structure
• <TDI Development>
• <Version>
• Release
• TDISOL
• Workspace

• Grab the TDISOL directory from your
Connections installation – the easy way.
• Or extract it from the install sources and
adjust the properties / xml files.
• Create a .bat /.sh to launch your TDI
Development instance

• Launch TDI and select the workspace folder
that you just created

• CTGDKD004E Could not create RMI custom socket
factories. Exception occurred: {0} : Keystore was
tampered with, or password was incorrect.

• Create a new Project
• Add profiles_tdi.xml as Reference

• Add the profiles property store:

• The values from the Property store should
look familiar to you

• Not a must but sometime useful – import the
original profiles_tdi project in your workspace

• Your environment should
now look like this:
• Ready to go 

How to connect to IBM Connections
• Available TDI Connectors:
• ProfileConnector
• PhotoConnector
• PronunciationConnector
• CodesConnector
• API
• Profiles Administration API
• openntf: TDI Connectors for IBM Connections

Profile Connector & custom Attributes
• Custom extension Attributes are defined in
the data model
• tdi-profiles-config.xml & profiles-types.xml
• If you miss that part, your AssemblyLine will run
without any error but no Data will be updated.
• They have a defined format.
• Array of three string fields:
• ["name:" , "dataType:", "value:“]

• Use scripts to retrieve and manipulate these
values
• Accessing an existing Attribute value:
• Creating a new Attribute:

• TDI Debugger is a great tool to check and
manipulate your data – even during runtime
• Richtext Attributes are not “Update aware”,
you need to discover and trigger updates
based on some logic in your AssemblyLine.

Photo Connector
• This Connector is not “update aware“
• If you want to run your AssemblyLine on a
scheduled basis detect the necessary updates
in your logic.
• How to do that ?
• I’ll show you in a moment
• http://tdiblog.anderls.com/2015/01/handling-
photos-for-ibm-connections.html

Photo Connector
• As Link Criteria you can specify the profile uid
or key
• To update a user photo you need to feed in
the attributes:
• uid – Profile uid
• image – byte array containing the photo

Photo Connector
• How to get the byte array ?
• The good news - since TDI is Java based you can
do anything you want
• Based on your data source this can be easy or may
need some tweaking..
• LDAP or Web Service – easy just grab the attribute
• Domino Database – extract the file to a local disk
• SAP BAPI – a nightmare – let me know if you need that

How to deploy and run your solution
• Follow the same method IBM is using to run their standard
TDI Solutions
• Create a separate .bat or .sh to run your solution based on
a existing one.
• Modify the necessary parts:
• LOCK_FILE
• Remove the parts handling the Return code from TDI (RC) - unless you
use it in your solution
• Modify the code to launch the TDI AssemblyLine ${TDIPATH}/ibmdisrv
-s . -c <your project>.xml –r <your AssemblyLine>
• The command to clear the lockfile
• Create a .bat or .sh to remove your lockfile
• Add these files to your release folder

How to deploy and run your solution
• Copy the following files to your release folder:
• Your <TDI_Project>.xml
• Your <TDI_Project>.properties (only if you created your
own property store)
• both are available in your
TDI_workspace/Projectname/Runtime folder
• Copy all files in the release folder to your Connections
TDI Server Solution Directory
• Test the solution and schedule execution

Tips
• Understand the IBM Connections default
synchronization
• Avoid updating the same Info from different sources
• The TDI Connectors for Connections offer
different modes
• Have you ever thought about publishing Data from
Connections to other systems ?
• Define a synchronization Flow that fits your
needs
• Often I start with a ProfileConnector as Data Feed

Tips
• Use logging – task.logmsg()
• Write your own log files
• Define Error handling in the “on Error” Hooks
• Use try – catch blocks in your scripts
• Utilize a Property Store

Tips
• Define the Attributes you want to read / write
in the Connectors Attribute Mapping
• Or even better use external Attribute Mappings
• Use meaningful and unique names for your
Attributes that help you to identify the source

Thank you !
• Go and make your users happy !
• Questions, comments, ideas, … are always
welcome
• just right now
• or reach out to me….

THE SSL Challenge
• If any of the involved systems requires a SSL
connection per default TDI will run into an
error.
• TDI can handle SSL – you just need to
configure keystores and import the certificates
• To make it easy – you can have multiple
keystores in TDI.

THE SSL Challenge
• Create a new keystore using the IBM Key
Management utility – or use your existing one

THE SSL Challenge
• Import all required Server Certificates
including the complete certificate chain
• Add the following lines to your
solution.properties file
• As alternative you also can define multiple
independent keystores

Links and resources
• http://www.slideshare.net/curiousmitch/sho
w304
• http://de.slideshare.net/pgodby/ic50-l02-
profilescustomization
• http://www.slideshare.net/palmke/show301-
make-your-ibm-connections-deployment-
your-own-customize-it-30628456
• https://www.ibm.com/developerworks/lotus/
documentation/connectionstdi/

Making your user happy – how to create a perfect profile

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Making your user happy – how to create a perfect profile

Similar to Making your user happy – how to create a perfect profile (20)

More from LetsConnect

More from LetsConnect (20)

Recently uploaded

Recently uploaded (20)

Making your user happy – how to create a perfect profile