Thursday, December 27, 2007

Sametime Directory Decision

As I mentioned in my previous post I am in the process of designing a Sametime infrastructure for our environment. I think the biggest and toughest decision when designing Sametime is the directory decision. Based on Chris Miller's repeated statement to use LDAP as the access method this is an easy choice but the question is, which LDAP directory? We have 2 in our environment, AD and Domino, and they are not synchronized.

When deciding on a directory I had a few deciding factors; which password will be used, which groups will be accessible, and ease of directory administration going forward. We don't currently use the Internet Password field in Domino for anything. This means if we use the Domino directory we can populate this field with anything we want. At first I thought we should use AD so we can use the Windows password for authentication but the down sides to AD were; not able to easily manage Sametime information within AD, Sametime would be limited to only seeing AD groups and getting the infrastructure team to extend the LDAP schema. With the Domino directory most of the Sametime info for a user is already there and the e-mail groups would be the most logical groups for Sametime to use. However, there is the issue with what password to use with the Domino directory.

When using the Internet Password field in the Domino directory I have 3 options; enter a completely separate password in the field (last choice), use the built-in functionality in Domino to synch the Notes ID password with the Internet Password field or use a 3rd party product such as Tivoli Directory Integrator to synch the Windows password with the Internet Password field.

I'm currently leaning toward using the Domino directory with the native Notes ID password synch option since it doesn't require any additional cost or infrastructure.

Anyone using the native Notes ID and Internet password synch function in Domino? Is it reliable? How about other password synch options for Sametime use?


IdoNotes said...

Opened up a world of decisions here. Give me a couple days and I will write some thoughts for you

Andy said...

I find that it's often tough to get the corporate LDAP people to cooperate. Plus the names in corporate LDAP are often not the same as Notes user names (Bob vs Robert) which makes it hard to find people for buddy lists.
I like using Domino LDAP because it's easier for the users to pick groups. The password synch is pretty easy to deal with in most cases.
Pick up Softerra's free LDAP browser if you don't already have it. It's a great tool.
- Andy