Fixing Domino's LDAP
Domino's LDAP needs some fixing before it can be used as fully standard compliant LDAP, e.g. for Linux authentication. Alan Bell decribed the procedure long ago, but no action was taken by IBM/Lotus. So Nathan stepped forward and published a project on OpenNTF.
Unfortunately the template contained modifications of IBM copyrighted code (other than the mail and application templates the Domino Directory template never was published under an Apache 2.0 license), so the project had to be taken down. I had a look at it and used DXLMagic to run a comparison that revealed only modest changes:
Quite some of that changes are subtle alteration of the pardef settings - which are 100% irrelevant to our task (see the detailed report). The main challenge here are the changes inside the original IBM design elements. Altering a design is one of the DXLMagic capabilities. So without publishing IBM © code it can inject the neccessary changes.The trick here is to find the right injection points expressed as XPath expressions and the right DXL snippet to do the job. The DXLMagic module needed here is the DesignInjector. These are the injection points:
Download is coming soon.
Use it at your own risk (read: try it on a copy of pubnames.ntf and have a backup at hand).
As usual YMMV!
Unfortunately the template contained modifications of IBM copyrighted code (other than the mail and application templates the Domino Directory template never was published under an Apache 2.0 license), so the project had to be taken down. I had a look at it and used DXLMagic to run a comparison that revealed only modest changes:
XMLComparison: pubnames.ntf.dxl to DemoDirectory.nsf.dxl
| Element | Name | Changes |
|---|---|---|
| Modified ( 86 changes) | ||
| form | " (PublicDirectoryProfile) " | 37 changes ( A57A396D2617685D852565D300812356 ) |
| outline | " (AllViews) " | 30 changes ( 8BD254C7A4FBCA6B85256A450072C65D ) |
| subform | " $GroupExtensibleSchema " | 4 changes ( D3095315B1612EC2852565D7005C620E ) |
| subform | " $PersonExtensibleSchema " | 5 changes ( D64258C1970DE85A852565D70058B520 ) |
| view | " ($LDAPHier) " | 5 changes ( E72D0DA8994BDCB08525668E007FC98E ) |
| view | " ($LDAPRDNHier) " | 5 changes ( 0E315EB2B26A4532852567DD007187B4 ) |
| Element | Name | Unid |
| Added ( 4 additions) | ||
| subform | " DominoDirectoryProfileAddin " | ( 1FB319E88A4DFA0C48257A320049FCA3 ) |
| subform | " LDAPGroupExtensions " | ( E57DA00E4BFFE3D648257A320049FCA4 ) |
| subform | " LDAPPersonExtensions " | ( C479022EFB0069E748257A320049FCA5 ) |
| view | " ($IDNumbers) " | ( 9864DF762EC0FA9648257A3200499A64 ) |
| XPath | Insertion Type | File Name |
|---|---|---|
/d:database |
LASTCHILD | view_$IDNumbers.dxl subform_DominoDirectoryProfileAddin.dxl subform_LDAPPersonExtensions.dxl subform_LDAPGroupExtensions.dxl |
/d:database/d:form[@alias="DirectoryProfile"]/d:body/d:richtext/d:section[position()=last()] |
LASTCHILD | form_DirectoryProfile.dxl |
/d:database/d:subform[@name="$PersonExtensibleSchema"]/d:body/d:richtext |
LASTCHILD | subform_$PersonExtensibleSchema.dxl |
/d:database/d:subform[@name="$GroupExtensibleSchema"]/d:body/d:richtext |
LASTCHILD | subform_$GroupExtensibleSchema.dxl |
/d:database/d:view[@name="($LDAPRDNHier)"]/d:column[position()=1] |
Attributes change | itemname="$RDNRootColumn" profiledocname="DirectoryProfile" usecolumnformula="true" userdefinable="true" |
/d:database/d:view[@name="($LDAPHier)"]/d:column[position()=1] |
Attributes change | itemname="$RDNRootColumn" profiledocname="DirectoryProfile" usecolumnformula="true" userdefinable="true" |
Use it at your own risk (read: try it on a copy of pubnames.ntf and have a backup at hand).
As usual YMMV!
Posted by Stephan H Wissel on 05 July 2012 | Comments (3) | categories: Show-N-Tell Thursday