Configuring IBM Security Directory Integrator

Configure IBM Security Directory Integrator to synchronize and exchange information between the Profiles database and your LDAP directory.

Before you begin

Before you attempt to configure Security Directory Integrator, complete the following prerequisite steps:

  1. Ensure that you have installed all the required System Requirements, including Security Directory Integrator, a database server, and an LDAP directory.
    Attention:
    1. If you are installing Connections with Security Directory Integrator 7.2 on Windows Server 2016. See the IBM technote TDI 7.1.1 and SDI 7.2.0 limited support for Windows Server 2016 for information on installing SDI 7.2 on Windows 2016.
    2. Install Java for SDI, Refer to Deploying Security Directory Integrator (formerly Tivoli Directory Integrator) into a new install of Connections 6.5 for additional information.
  2. Create the Profiles database.
    Note: The internal name of the Profiles database is PEOPLEDB.
  3. If your database uses a database driver that requires Java 8, or you otherwise require Java 8 when running the IBM Security Directory Integrator, see this article for instructions: Using IBM Security Directory Integrator with Java 8 and HCL Connections 6.5 or 7.0. Perform the following task, and then complete the rest of the tasks in Populating the Profiles database. Note that you must use the manual population method when using Java 8, not the population wizards.

About this task

Use Tivoli® Directory Integrator to populate the Profiles database repository from an LDAP directory. It is assumed you are using the profiles population wizard, as some of the following information pertains specifically to that method.

You can manually run various Profiles tasks by using the appropriate scripts in the Solution Directory. For more information about these tasks, see the Batch files for processing Profiles data topic.

To configure Tivoli® Directory Integrator, complete the following steps:

Procedure

  1. Install Tivoli® Directory Integrator 7.2 and Java as explained earlier in this topic.

    When prompted for the location of the Solution Directory, select Do not specify. Use the current working directory at startup time. At the end of the installation process, clear the Start the Configuration editor check box.

    After you have configured Tivoli® Directory Integrator, update it with the recommended fix packs.

  2. Make the database available to Tivoli® Directory Integrator by doing one of the following, depending on the database software provider:
    Note: The following information assumes that the database server is on a separate system.
    If the database is hosted on a separate system, copy the database JAR file to the system hosting Tivoli® Directory Integrator
    • DB2®: Copy the db2jcc.jar and db2jcc_license_cu.jar files from the java subdirectory of the directory where you installed DB2®. Paste the files into a temporary location on the system where SDI is installed. The wizard will prompt for this location and copy the files into the jvm/jre/lib/ext subdirectory of Tivoli® Directory Integrator.
      For example, if you installed Tivoli® Directory Integrator on a Linux system in /opt/IBM/TDI/V7.2, the path would be /opt/IBM/TDI/V7.2/jvm/jre/lib/ext. This is the case regardless of the database provider.
      Note: If you only run the SDI Population scripts in manual mode, you must copy the files.
    • Oracle: Copy the ojdbc7.jar file from the jdbc/lib subdirectory of the directory where you installed Oracle. If needed download the Oracle JDBC driver ojdbc7.jar from the Oracle web site and paste the files into a temporary location on the system where SDI is installed. The wizard will prompt for this location and copy the files into the jvm/jre/lib/ext subdirectory of Tivoli® Directory Integrator.
    • Microsoft SQL: Download the SQL Server JDBC 4.2 driver from the Microsoft web site and follow the instructions to extract the driver files. SDI uses the sqljdbc41.jar file.

      Paste the files into a temporary location on the system where Tivoli® Directory Integrator is installed. The wizard will prompt for this location and copy the files into the jvm/jre/lib/ext subdirectory of Tivoli® Directory Integrator.

    Note: As a result of this step, the database files are placed in the jvm/jre/lib/ext SDI directory. This directory is on the SDI classpath, but in rare circumstances may not be close enough to the beginning of the path. If SDI throws an exception that seems to be Java related, try putting the database JAR files in the jars\3rdparty\others SDI directory.
  3. Edit the ibmdisrv file to increase runtime memory. To increase the runtime memory, add the two -Xms1024M -Xmx2048M space-separated arguments to the Java invocation command.
    Note: On Linux systems the file name is ibmdisrv. On Windows systems the file name is ibmdisrv.bat. On both systems the file is located in the main SDI directory.
    • AIX® or Linux:ibmdisrv
      After you add the new arguments to increase runtime memory, the Java invocation command might look like the following example:
      "$TDI_JAVA_PROGRAM" -Xms1024M -Xmx2048M $TDI_MIXEDMODE_FLAG -cp 
      "$TDI_HOME_DIR/IDILoader.jar" "$LOG_4J" com.ibm.di.loader.ServerLauncher "$@" &
      Note: Do not copy and paste the example into your ibmdisrv file. Add the two arguments without changing any of the other arguments.
    • Windows: ibmdisrv.bat
      After you add the new arguments, the Java invocation command might look like the following example:
      "%TDI_JAVA_PROGRAM%" -Xms1024M -Xmx2048M -classpath "%TDI_HOME_DIR%\IDILoader.jar" 
      %ENV_VARIABLES% com.ibm.di.loader.ServerLauncher %*
      
      Note: Do not copy and paste the example into your ibmdisrv.bat file. Add the two arguments without changing any of the other arguments.
      Note: Check the path in ibmdisrv.bat for where SDI is installed - note the following properties:

      path

      Specifies the PATH environment variable used for running the IBM Security Directory Integrator process (this property is usually the same as the PATH variable from ibmdisrv.bat, but you can change it). This is an optional property.

      ibmdiroot

      Specifies the root folder of the IBM Security Directory Integrator (for example, C:\Program Files\IBM\TDI\V7.2). This is a required property.

  4. (AIX® or Linux only.) In the Solution Directory, execute the chmod +x *.sh command to ensure that the script files are executable.
  5. (AIX® or Linux only.) Ensure that there is a localhost entry in the /etc/hosts file.
    For example:
    127.0.0.1    localhost