Writing a configuration file for Lotus Domino target systems
If you are managing Lotus Notes client users, write the configuration file in KVGroup format and add it to the <Program Files path>\Bravura Security\Bravura Security Fabric\<instance>\ script\ directory. The sample agtdmno.cfg is included in the <instance>\samples\ directory.
If you cannot find the sample file, try re-running setup to modify your installation. Sample files are automatically installed with complete (typical) installations. You can select them in custom installations.
If you only want to manage the HTTP password, a configuration file is not necessary.
Text inside <angle brackets> indicates variables.
Unused settings on lines without {curly braces} must be commented out.
#KVGROUP-V2.0
hid:domino = {
target = {
# Name of the names.nsf like database to target
#database = <name>;
};
views = {
# Name of the user view defaults to "People"
#user = <name>;
# Name of the group view defaults to "Groups"
#group = <name>;
# Name of the deny group view defaults to "Server/Deny Access Groups"
#deny-group = <name>;
};
short-id = {
# Name of the short id field or column name used to derive the short id
# defaults to "ShortName"
#field = <name>;
# Name of the sort-column field used in searching for the short id
# defaults to "Name"
#sort-column = <name>;
# Flag used to indicate whether to derived the short id from a view value
# defaults to "no"
#use-view-value = <yes|no>;
# Flag used to indicate whether to treat short IDs as unique
# values when creating users. Note that Lotus Domino does not
# require short IDs to be unique.
# defaults to "no"
# unique = <yes|no>;
certifier = {
# A Certificate Authority can be used to register new users. If
# the "certificate-authority" value is set, the registration
# process will attempt to obtain the CA context.
# If the "certificate-authority" value is not set, the certifier
# database will be used.
# certificate-authority = <yes|no>;
# Name of the certificate authority server (defaults to the target
# system's server)
# certificate-authority-server = <servername>;
# -- OR --
# Name of the certifier database defaults to "pscert.nsf"
#database = <name>;
# Name of the field used to hold the certifier's name
# defaults to "CertifierName"
#name-field = <name>;
# Name of the field used to hold the certifier's password
# defaults to "Password"
#password-field = <name>;
# Flag used to indicate whether the password stored in the
# password field is encrypted defaults to "yes"
#password-encrypted = <yes|no>;
# Name of the field where the id-file is stored
# defaults to "Certifier"
#id-file-field = <name>;
};
mail = {
# Used to indicate if and how to delete a user's mailfile
# defaults to "adminp"
#delete-mailfile = <adminp|force|no>;delete-mailfile = force;
# Flag used to indicate whether to look up the mail server
# defaults to "no"
#lookup-mail-server = <yes|no>;
};
delete = {
# Used to indicate if and how to delete a user's record
# defaults to "adminp"
# delete-user = <adminp|force>;
delete-user = force;
};
groups = {
# Name of the deny access group which needs to be set by the user
#deny-access = <name>;
};
password-management = {
# Clear the password digest. Defaults to "yes".
#clear-password-digest = <yes|no>;
id-file = {
# Flag used to indicate whether or not to manage a user's
# note id file password defaults to "no"
#reset = <yes|no>;
# Flag used to indicate whether or not to update the password
# change date. Defaults to "yes".
#update-password-change-date = <yes|no>;
# Flag used to indicate whether or not to manage a user's
# note id file password located in a user's note
# defaults to "no"
#usernote-attachment-update = <yes|no>;
# Used to indicate the name of the id file located in a user's note
# which needs to be specified by the user
#usernote-attachment-name = <%shortid%|%existing%|<name>>;
# Flag used to indicate whether or not to manage a user's note id
# file password located in a user's mailfile defaults to "no"
#mailfile-attachment-update = <yes|no>;
# Flag used to indicate that if updating the mail file copy of a
# users id file, if we should do so under the context of the admin
# user or the target user. In order to be able to do this as the
# admin user, the admin user id must have sufficient privileges to
# every users mail file. If set to 'yes', the connector will temporally
# switch to the target user's id file in order to update the attachment
# on the mail file. This setting defaults to "yes"
#mailfile-attachment-switchid = <yes|no>;
# Name of the batch file to run which needs to be specified
# by the user#batch-file = <name>;
# Flag used to indicate that the Notes ID Vault is being
# used to store user ID files (available in Lotus 8.5 or
# later); defaults to no
# use-vault = <yes|no>;
# Name of the server on which the ID Vault resides; defaults to
# the target system's server
# vault-server = <name>;
# Name of the id vault database
# vault-database = <name>;
# The number of ID downloads available from the vault after a reset;
# defaults to 0 (unlimited)
# download-count = <number>;
# List users from the id vault. Listing will only be done either from
# the id vault or from the main database, as specified in the "target"
# section above, not from both databases# list-vault = <yes|no>;
# Delete id file backups from the id vault during the delete operation
# vault-delete = <yes|no>
# List inactive accounts from the ID Vault; defaults to "no"
# list-inactive = <yes|no>;
# This flag controls if the reset operation should fail or succeed, when
# we are unable to reset the ID file password AND both the idfile is being
# managed (password-management/id-file/reset = yes), and the web password
# (password-management/web-password/reset = yes) is also being managed.
#
# NOTE: if the web-password is being managed, and updating it fails, the
# operation will fail regardless of this setting.
#
# The default value for this flag is 'yes', so id file reset failures will
# be treated as operation failures.
#
# fail-idfile-reset-error = <yes|no>;
};
#Used to manage the HTTP/Internet password
web-password = {
# Flag used to indicate whether or not to manage a user's web
# password. Defaults to "yes"
#reset = <yes|no>;
# Flag used to indicate whether or not to update the password
# change date. Defaults to "yes".
#update-password-change-date = <yes|no>;
};
};
attributes = {
# Marks the listed attributes as "multi-valued", allowing the agent to
# read and write more than one value to the field.
# By default, all attributes are viewed as single-valued. multivalued = {
# attrname1;
# attrname2;
};
};
};