Introduction
A hotfix rollup (build 5.3.259.0) is available for the Lotus Domino connector for Microsoft Forefront Identity Manager (FIM) 2010. This hotfix rollup resolves several issues and adds several features that are described in the "More Information" section.
Update information
A supported update is available from Microsoft. We recommend that all customers apply this update to their production systems. This update is available from Microsoft Support.
Microsoft Support
A supported hotfix is available from Microsoft Support. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing the problem described in this article. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.
If this hotfix is available for download from Microsoft Support, there is a "Hotfix download available" section at the top of this Microsoft Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.
Note If additional issues occur, or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, go to the following Microsoft website:
http://support.microsoft.com/contactus/?ws=supportNote The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, this is because a hotfix is not available for that language.
Prerequisites
To apply this update, you must have the following installed:
-
The Lotus Notes client
-
The Microsoft .NET Framework 4.0
-
The FIM Synchronization Service in one of the following:
-
Microsoft Forefront Identity Manager 2010 R2
-
Microsoft Forefront Identity Manager 2010 Update 2 (build 4.0.3606.2 or a later build)
-
Additionally, a user account on the same server as the service account of the Lotus Domino connector must start Lotus Notes one time. Also, the default Lotus Domino Lightweight Directory Access Protocol (LDAP) schema database (Schema.nsf) must exist on the Domino Directory server.
Note You can install the default Lotus Domino LDAP schema database by running or restarting the LDAP service on the Domino server.
Restart requirement
You may have to restart the computer after you apply this hotfix.
File information
The global version of this update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
|
File name |
File size |
Date |
Time |
Path |
|---|---|---|---|---|
|
Microsoft.identitymanagement.ma.lotusdomino.dll |
203,944 |
22-Mar-2013 |
07:01 |
lotusconnector\synchronization service\extensions |
|
Lotusconnectortemplate.xml |
13,317 |
22-Mar-2013 |
05:52 |
lotusconnector\synchronization service\uishell\xmls\packagedmas |
More Information
Issues that are fixed in the Lotus Domino connector
Issue 1In Domino, an object could be a member of a group several times by using a different case. For example "CN=Example,NAB=names.nsf" and "CN=eXample,NAB=names.nsf" may each be found as a member of the same group. The Synchronization Service reports a staging error on objects that have these duplicate distinguished names (DNs).
Issue 2In Domino, a reference value that has trailing white spaces may cause the Synchronization Service to crash.
Issue 3For random attributes that use empty string values, the Lotus Notes client may throw the following exception during an import:
Index was outside the bounds of an array.
Issue 4For random attributes, the Lotus Notes client may throw the following exception during an export:
Error: Object reference not set to an instance of an object.
Issue 5When the Lotus Domino connector tries to export an object rename, such as a change of last name, the following exception is thrown from the connector:
Encrypted parameter should be retrieved using the Secure Value property.
Issue 6During a full import from Domino, an object that was flagged for replication conflict is imported. This causes transient objects to be created in connector space so that it becomes possible to have multiple objects that have the same distinguished name (DN).
After this update is installed, a new option is added on the global page to enable objects that are marked as conflict resolution victims. These objects are now silently ignored and will not be present in the connector space.
Issue 7With the earlier algorithm for creating the distinguished name (DN) for _Contact objects, it was possible that the created object would conflict with an existing object in the address book.
After this update is installed, all _Contact objects are now created by using the additional VC=_Contact object in their DN.
Issue 8It was not possible to have both a Lotus Domino connector and the new SharePoint Identity connector on the same server.
Features that are added to the Lotus Domino connector
Feature 1In Domino, an object may have multiple distinguished names. The Full name attribute is multivalued, and references from other objects can use any of the values in the Full name attribute. After this update is installed, _Contact objects can be created and enabled for each value in the Full name attribute. This makes sure that these references can be resolved. For these _Contact objects, the following attributes are also added to enable joining to the real object:
-
_personEmployeeID
-
_personShortName
-
_personEmployeeNumber
-
_personDisplayName
-
_routingName
-
_contactName
-
_displayName
-
UniversalID
Feature 2In Domino, a reference attribute that has routing information may be embedded as a suffix to the distinguished name (DN). For example, the member attribute in a group could contain "CN=example/organization@routing_information." The routing information is used by Domino to send email messages to the correct Domino system. This might be a system in a different organization.
After this update is installed, on the global page, you can specify the format of the routing suffixes that are used within the organization in scope of the connector. If one of these values is found as a suffix in a reference attribute, the routing information is removed from the reference so that the reference attribute will match the DN for the object in the connector space. If the routing suffix on a reference value cannot be matched to one of those that are specified, a _Contact object is created.
The _Contact object that is created has "RO=@RoutingSuffix" inserted into the distinguished name. For such _Contact objects, the following attributes are also added to enable joining to a real object if this is necessary:
-
_routingName
-
_contactName
-
_displayName
-
UniversalID
Feature 3Support for Lotus Notes 9 is added.
References
For more information about software update terminology, please see Description of the standard terminology that is used to describe Microsoft software updates.
The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.
