pmooney.net :: Lotus Connections does not (yet) support Domino LDAP

Category

I know Chris blogged this a while ago, but its just damn annoying. It came up in one of the sessions and Rob pointed it out to me. Lotus Connections is getting a lot of attention, but Rob pointed out to me already that the 1.0 release does NOT support the Domino LDAP directory. This is (hopefully) to be resolved in the first point release, which we don't have a date for. For the past few weeks, I have been banging my head against authentication and LDAP/Domino. Please follow my through process below (which is very close to becoming a RANT process).

I assume that the majority of people using Quickr/Sametime/Connections/Portal et al are also Lotus users.

Following that assumption I will also assume that these users have Lotus for mail.

Following that assumption I can assume that the mail directory is usually the most accurate (as people tend to complain if their email account name is incorrect, as opposed to their log-on name).

So why not Domino LDAP support as the primary supported directory?? Or at least holding it in the same light as Tivoli and AD? Why do we have to jump through hoops of bad documentation and poor support to get this stuff to work!??!!?

Connections supports Tivoli and AD LDAP with 1.0, but not Domino LDAP.

Counter

Comments

1 - James.. that makes sense to me. Fact that we have to do that is madness though

Posted by Paul Mooney At 22:45:35 On 09/11/2007 | - Website - |

2 - @6..
Ok Colm... want to give us a date? And will it be reliable or just chucked in?

3 - V1.0.1 Emoticon

Posted by Colm At 22:45:35 On 09/11/2007 | - Website - |

4 - @4 - Ditto. Was planning on rolling it out this fall, but I'm going to have to wait if I can't roll a Lotus product that uses the same password as all their other Lotus products.

Posted by Tom Roberts At 22:45:35 On 09/11/2007 | - Website - |

5 - There are cases.. yes. But I seriously doubt that this is the majority. Realistically, I know that Connections was dogfooded fully by IBM internally who do not use Domino LDAP as their primary, and I also know that Domino LDAP requires more work to get it correct. That is why Tiv is already there... and AD was put in. IBM seem to lose grips with what the customer uses in most cases.. In fact, if I can continue along this rant, I know enough IBM staff that have no idea that their mail file is non-standard or sametime does not come with the IBM plugins..

As for using ad and tds in the meantime.. you know that products have a habbit of becoming production quite quickly.. then there are two directories to worry about, as opposed to focussing on the mail/ldap directory.
Simply put.. this is a LOTUS product... that does not support the LOTUS directory. Madness....
Also, what about sametime/quickr talking to domino ldap.. then you point connections in and point to a different ldap directory... it makes things more difficult.

Sorry Roberto, but this just really pissed me off... and this is not in any way aimed at you.

6 - Yup...... It can be made to work.. Not supported so if we want to implement a 1.0 product with an unsupported configuration... then it doesn't work.. IBM/Lotus support will run a mile from you!

7 - "I know enough IBM staff that have no idea that their mail file is non-standard or sametime does not come with the IBM plugins." Yeah, me too.... this is the problem of using "custom" stuff inside. Makes sense because lets us experiment with things you will eventually see in the base product later, but is confusing if you are not a geek.
"you know that products have a habit of becoming production quite quickly" _ I was not clear, sorry. I meant, let's use those in our labs now to practice with Connections, then go and deploy it at customers when Domino dir will be ready. Also, if a customer has Domino (or any other one) dir as corporate dir, he will NEVER change it, so the risk of having AD move up from pilot to production is negligible.

Posted by Roberto Boccadoro At 22:45:35 On 09/11/2007 | - Website - |

8 - Paul
I understand your frustration, and I can tell you Domino (and Sun One) will be supported in a near future (plans are for a fall release).
As you said there is a way to make it work, but is not suitable for production environments since is not supported.
About Simon comment. There is a way to make it work, and is relatively easy, but this makes Domino LDAP work only for Authentication; if you are planning on synchronizing Profiles with Domino LDAP, there is some other work to be done working with assembly lines in TDI.

9 - Thanks Roberto. Appreciate your comments as always.

That effectively kills my plans to roll out this product on a site.

10 - Fair point Roberto, but do you not accept that the first sites that will work with these products are domino sites? The first sites that will want these products are Domino sites? The sites that will know about this product first will be Domino sites? These are the sites that may be reading more about these products then AD sites. Surely that makes sense?

11 - Just to add my thanks too Roberto.

And Paul, thats the real crying shame of this situation, many of our likely early adoptors come under what you described with your assumptions in your original post.

Its more than a frustration, its a potential loss of an opportunity, or one we're going to have to fight to bring back to the top of the priority list at a later date.

Posted by Simon Scullion At 22:45:35 On 09/11/2007 | - Website - |

12 - Amen! Apparently it can be made to work, but no details on how. Emoticon

13 - @10 - Sadly I am not sure what you says is correct. Is used most by "our" customers, but since connections aim to reach a wider population than Lotus customers, we have to face the fact that AD is quite widespread (you can say that even flu is, and I would agree, but....). Though I am the first one that wishes the whole planet would run on Domino (can you imagine a NAB with 6 billions people Emoticon

) I have to accept this is not yet true (but I am working on it Emoticon

).
Just a question for Colm : where did you get that info ? I said "fall release" and this is not exactly before kids go to school....

14 - Paul
your points are valid, but even within the Domino customers community there are cases in which AD is used as "corporate directory" and Domino dir only for mail.
Having said that, myself too had wished our dir came fist, but....
Let's face the music and dance, what else can we do ? Use AD or TDS to make practice and wait a few months for Domino dir.

15 - Before the kids go back to school ! Emoticon

It's written in stone.

16 - Great news. I have to ask though..

Why was it not there in the first place, with the first release? Why does the domino directory come secondary considering this is the one that is used most by customers?

17 - @15 - Roberto

If the expectation is that we should use our labs to 'practice' with Connections then the better way forward would be for IBM to write-up the workaround for DominoLDAP use and we can progress on that footing knowing that it's not a supported production configuration. In my mind this certainly beats setting AD and/or TDI in the lab knowing that my production will require a switch to DominoLDAP. Once IBM have firmed up the dates for the point release we can then drop that into the lab to for FVT before a move to production.

Hope this makes sense!!!

Posted by James Ravinski At 22:45:35 On 09/11/2007 | - Website - |

18 - I agree to the uproar, but at least my personal experience after 4 installations of Lotus Connections showed that AD unfortunately is at least where I had been more spread than the Domino LDAP. But after struggling for two hours I also found out that there is only a tiny change to be made in the assembly line to make Profiles work (takes less than 2 minutes). I guess there is just more testing to be done to officially support it - it's not that it doesn't work...

Posted by Martti Garden At 22:45:36 On 09/11/2007 | - Website - |

19 - Well...
Lotus Connections runs on a WAS server. It will use for authentication anything it has been configured for. So Domino will work. The other part is populating the Profiles database and synchronizing it with a LDAP source. This is done using TDI. The TDI scripts used are not exactly rocket science.
... but that is just the technical explanation what you could do.
The gods know what were the reasons not to include the scripts in the release 1.0 files.
Emoticon

stw

@Martti: would you share the change you made?

Posted by Stephan H. Wissel At 22:45:36 On 09/11/2007 | - Website - |

20 - Good to see your on top of stuff, Ed! The sir reflects the respect I have for your opinion.

Posted by Lars Berntrop-Bos At 22:45:36 On 09/11/2007 | - Website - |

21 - Paul, I'm with you all the way. I would have a little more patience for things if this was not a Lotus branded product, but come on guys... Dropping the Workplace brand was great, let's make sure the support for current Lotus customers is a first thought since they are typically our warmest opportunities!

Posted by Steve McDonald At 22:45:36 On 09/11/2007 | - Website - |

22 - @16 - Let me check if I can share the workaround.
About dates, we've told it will be in a fall release but I do not have a "fixed" date yet.

Posted by Roberto Boccadoro At 22:45:36 On 09/11/2007 | - Website - |

23 - Ted, I believe that Beta support of the Domino LDAP directory is to begin on October 1st. Is this correct?

The point of this all is that it should of been a no brainer "out of the box" support feature.

Posted by Paul Mooney At 22:45:36 On 09/11/2007 | - Website - |

24 - Hear hear, Sean. I think Ted has his work cut out to correct this c*ckup ASAP. And what does sir Brill have to say about this?

25 - "Sir Brill" LOL
I don't own Connections, so I had deferred to Ted and the others on the product team. I have said many things about this issue, but they are best kept internal to IBM.

Posted by Ed Brill At 22:45:36 On 09/11/2007 | - Website - |

26 - Do we think the noise of Alec hitting the nail on the head will reach IBM?

Posted by Simon Scullion At 22:45:36 On 09/11/2007 | - Website - |

27 - What ldap version does Lotus LDAP support? There are differences. The new is v3 or some sort.

What about IBM/Lotus having a business case in their release planning like say
"What quirks will Mike Yellow (NotesDev since Notes 2, who constantly updated his knowledge along the way) encounter in using a new product."? They are a not too small fraction of the possible early adopters.

Posted by Axel At 22:45:36 On 09/11/2007 | - Website - |

28 - Sorry Ted, the fundamental question remains: Why have IBM released a 'connections' product without outright support for Domino Directory from V1.0. Why should we have to wait at all? Emoticon

Posted by Sean Murphy At 22:45:36 On 09/11/2007 | - Website - |

29 - This is for the IBM shareholders and accounts Department:
I am a customer.
My business depends on Lotus products.
I actively sought out this product: no one from IBM got around to trying to sell it.
However they did provide demonstrations insights and previews,
I decided to buy it.

So far stakeholders all happy.
I may even be presented with a bill for some of the work that was done.
Now I discover that Connections (note the name) doesn't connect to my other Lotus products,
Reading the exchange above it seems this was "planned" and the expectation is that-I will be so impressed that rather than solving my business problem now I will wait for some unspecified date, set in stone, when the kids go back to school, when it will be released or else coding will begin. Or try an unsupported hack? or buy Tivoli to sort it all out?
None of the above, I think.
One small piece of business less for IBM. Cash loss small to medium. credibility loss? This is not a marketing problem. Its not a technical problem. Its a bottom line problem.

Posted by Alec Dolan At 22:45:36 On 09/11/2007 | - Website - |

30 - I'm a product manager for Lotus Connections. We have every intention of supporting the Domino Directory this year. Stay tuned. Emoticon