Creating a Notes Security Mapping File Using Direct Mappings
Important: Whenever the security mapping file is modified, you have to restart the Notes security provider by clicking Apply Changes in the Modify Security Provider page of the Administration Tool. Otherwise, your security modifications will not be reflected in CES.
To create a Notes security mapping file using direct mappings
-
Open a text editor.
-
In the text editor, design direct mapping nodes (<DirectMapping></DirectMapping>) for each of your Notes users.
Example: Your security mapping file should look like the following:
<?xml version="1.0" encoding="utf-8" ?> <SecurityMapping> <DirectMappings> <DirectMapping> <Lotus>John Smith</Lotus> <Windows>domain\user0124</Windows> </DirectMapping> <DirectMapping> <Lotus>CN=John Smith/O=domain @ domain</Lotus> <Windows>domain\user0135</Windows> </DirectMapping> </DirectMappings> </SecurityMapping>
The first direct mapping node (<DirectMapping></DirectMapping>) directly maps the IBM Notes user John Smith to the Windows user domain\user0124.
The second direct mapping node uses the complete LDAP syntax as the username in the Lotus node, i.e. CN=John Smith/O=domain @ domain. The domain part represents the name of the Domino domain the server is member of. The @ character is mandatory.
Note: Remember that in the Domino address book on the server, each user has a field named FullName. This field is stored as an LDAP entry, such as CN=John Smith/O=[org]/OU=[orgUnit]. You can enter either only the CN part as the username in the Lotus node (<Lotus></Lotus>), i.e. John Smith, or the complete LDAP syntax as in the second direct mapping node.
-
Using an administrator account, connect to the Coveo Master server.
-
Save the custom security mapping file on the Coveo Master server.
Example: C:\CES7\Config\IBMSecurityMappingFile.xml
-
Configure the connector to use the security mapping file in the IBM Notes security provider page (see Security Mapping File Path).
-
Direct mappings have priority over resolution methods. In other words, any mapping entered as a direct mapping is used as is by the security provider, even if it is invalid (invalid Notes or Windows user).
-
Direct mappings with a complete LDAP syntax have priority over direct mappings with a common name part only. In the example above, if there is a single John Smith in your organization, then use the short form (common name only). If there is more than one John Smith in your organization, then use the long form (full LDAP syntax). By using the short form, you take the risk of mapping the wrong Windows username to the wrong Notes username, as the short form queries the address book for the very first entry corresponding to John Smith.
-
Users not specified as direct mappings are mapped using one of the resolution methods provided (if any). The first method is executed on the first user found in the Domino address book and if the Windows username being formed is invalid, the second method is executed and so on. If all resolution methods fail, no Windows user is mapped to the current IBM Notes user.
Notes: