Advice Needed: Domino Directory Alternatives
For various reasons, a customer of mine is contemplating moving away from Domino.
The first step they're going to take is to move the people listed in their Domino Directory/Address Book in to another CRM outside of Domino, such as Microsoft Dynamics.
Obviously the users still need to login to and use the Domino applications I've developed for them over the years and so they need to authenticate with Domino. ACLs, Author/Readers Fields etc still need to work.
All I've advised them of so far is that whatever they choose it should make itself available as an LDAP service, so that Domino can use it as a trusted source via Directory Assistance. They can then keep same Notes usernames.
They're yet to settle on a CRM to move to and have asked me what the requirements, if any, there are for whichever they choose. All I can think of is LDAP. Am I right in thinking LDAP is a must-have for their chosen CRM?
What experience do you guys have in this field? Anything to avoid or tend towards?
Skip to the 
You can subscribe to an individual
One really nice solution is to use the IIS plug in. Basically, if the users use IE (sorry!) or Firefox with the authentication plug-in, the users authenticate to the site using their current Windows credentials.
These are then passed to domino, matched to ones contained in the users person document, fullname field, and then the user is authenticated within Domino using their normal domino name. So no messing with reader/author fields, etc.
For instance, my fullname field looks like:
Bill Buchan/HADSL
Bill Buchan
HADSL\BBuchan
(where the last is my windows AD domain and username). When I open up a domino web application (using the IIS plug in), I'm then authenticated as 'Bil Buchan/HADSL' so all the existing readerfields/authorfields work as before.
Oh. And the upside is that the users dont have to maintain passwords in Domino anymore (if they're web-only users).
Warren Elsmore has a good writeup on how this works.
HTH, and thanks for all the good articles over the years,
---* Bill
Hi Bill,
"Warren Elsmore has a good writeup".
Not as good as mine though ;-)
http://www.codestore.net/store.nsf/unid/EPSD-5F6P9G?OpenDocument
I should have mentioned it's not employees listed in their address book (well some are) but is mainly just people who've registered online to use their extranet.
Jake
Might be over the top, but in a Windows world (which I assume since you suggested Dynamics), Microsoft's ILM
http://www.microsoft.com/windowsserver2008/en/us/ida-identity-lifecycle-management.aspx
can keep Domino and AD in synch (usernames/passwords/and group membership).
On the other side is Tivoli Directory Integrator.
http://en.wikipedia.org/wiki/Shibboleth_(Internet2)
As a means of providing SSO between MS and IBM ...... How about Shibboleth?
Believe it or not, their best option here would be to use Active Directory. I'm not sure if I can say why just yet, but trust me when I say that it's the best choice of LDAP server for what they're looking to do.