Installation

This document outlines how to install in a Domino environment.

These instructions are normally performed by one of HADSL's consultants during installation and are placed here in order to assist customers in installing evaluation copies. It should be noted that this procedure takes 2-3 hours, and requires a high degree of Lotus Domino system administration knowlege.

Note that this is a lengthy document, and is presented as a single page in order that it can be printed out and used as a reference

Easy Configuration using the EzConfig wizard

Instructions for the Installation and Configuration of

This document contains a step-by-step guide to the procedures that must be followed in order to install and set up within a Domino environment. It is essential that you follow these instructions accurately and in order – the instructions are aimed at Domino administrators and assume familiarity with the basic Domino administration tools and procedures.

If problems are encountered, please contact your HADSL sales consultant who will be able to provide assistance and route your question to someone who is able to provide technical support if necessary.

Lastly, we strive to ensure that this is a straightforward and accurate guide to the installation of FirM. If you find errors, omissions or ambiguities in these instructions then please let us know – contact support@hadsl.com who will forward the matter to the appropriate person.

Back to table of Contents

Prerequisites: Necessary information and access rights

In order to install you will need:

  1. A Domino R5 or R6 server (R5.0.8 or above, R6.0.1 or above), and an administrator workstation running Notes 5.0.8 or above or v6.0.2 or above.
  2. The administrator id used must have permission to be able to issue Administration (AdminP) Requests.
  3. A downloaded copy of from the evaluation page.
  4. A license key - this should arrive in an email from your sales representative. It will be for time limited evaluation copy or full licensed copy as appropriate. You will need to copy and paste information from this email into the installer, when appropriate.
  5. Domino directories should be properly configured, in that the directory profile must be set up so that the domain name matches the actual name of the domain that this directory serves. You will need the names of each domain to be managed, the filename and path of the directory (e.g. “names.nsf”) and the filename and path of the AdminP database (e.g. “admin4.nsf”)
  6. You will need access to the server console, either physical access or through a remote server management tool such as PCAnywhere, VNC, etc.
  7. You will need the certifier id(s) for all hierarchies that you are going to manage, along with the password(s) for these certifiers. (Note that does not currently support certifier ids that have been set up to require multiple passwords.)
Back to table of Contents

Stage 1: The creation of encryption keys

uses three encryption keys to keep sensitive files and passwords secure. These keys need to exist within the server’s id file, and additionally they will need to be imported into the administrator’s id file for the set-up of .

These encryption keys are called:

  • iDM Certificate Encryption Key
  • iDM Password Encryption Key
  • iDM ID Encryption Key

We have prepared a recorded screen and talkthrough example of how to create the encryption keys and export them to the server ID: Click here to view the Encryption Key movie

(Note that existing iDM customers need not change their existing encryption key names)

Problems have been encountered when the encryption keys have been created in the administrator’s id file and then imported into the server id file – it is therefore recommended that the encryption keys are created using the server’s notes client, and then imported into the administrator’s id. This can especially be a problem when using servers before release 5.0.9, and/or the server has been created with a lower degree of security than the administrator’s id (i.e. a mixture of Global, International and North American certifier security has been used).

  1. Take a backup copy of both the server’s and the administrator’s id files. Keep them safe, in case of problems! Bring down the server and run the notes client nlnotes.exe from the server’s executable directory. Choose “File, Tools, User Id…” from the menu. Enter passwords as appropriate.
  2. Click on the Encryption tab, and then click on “New...”
  3. Give the encryption key the name “iDM Certificate Encryption Key” (without quotes, retain capitalisation), choose an appropriate encryption type (North American, International, etc) if the option is available. Give the key an appropriate description. Then click “OK”.
  4. With the key highlighted, click on “Export Key…” and save to an appropriate file, onto a removable disk or to a network path accessible from the administrator’s workstation. Give each key an appropriately secure password, in accordance with your security guidelines and procedures.
  5. Repeat steps 1.c to 1.e above for the following keys:
    • “iDM ID Encryption Key”
    • “iDM Password Encryption Key”
    (Note that existing iDM customers need NOT change their encryption keys to these new v2.0 names)
  6. It is vitally important that the names of the keys match the above names exactly. expects to find keys with these names (the names are so long because they only have to be typed in once, and they clearly describe their purpose)
  7. Bring the server back up, and test that it is possible to connect to the server. If an error message “the server’s id is not an id or is corrupt” occurs when trying to authenticate with the server then it will be necessary to restore the backup copy of the server id and contact HADSL for technical support – installation can proceed with the restored id file, but will not be able to function correctly without the encryption keys. (This is usually caused by a Global/International encryption key clash, and is a known Lotus Notes SPR)
  8. Now import the encryption keys into your administrator's workstation id. During stage 2 of the installation we check to ensure that your administration workstation id file contains these encryption keys. Strictly speaking it is only necessary to import the “certificate encryption” and “password encryption” keys as these are required for set-up, but within an evaluation environment it may be useful to inspect id records within the password and id repositories (These records will not be able to be read with an id that does not contain the appropriate encryption key).

Note that it is neither necesssary or desirable to distribute the encryption keys to users or administrators in order for them to operate in normal usage. And the only servers that require these encryption keys will be the Primary (and optionally secondary) processing servers.

Both your administrator’s id and the server’s id should now contain the three encryption keys. You should store these encryption keys securely in the same manner that you normally secure certificate files.

Note to administrators: it is not possible for to be able to automatically create and import the encryption keys. We feel that it is important that the administrators are fully aware of any changes made to important file within their environment.

Back to table of Contents

Stage 2: Initial install of

  1. Extract the installer file that has been supplied or downloaded and open it using the administrator’s Notes client. The first page of the installation wizard dialogue should now be displayed.
  2. Follow the instructions on the installer.
    • Installer Screen 1
    • Click on the "forward" button to continue
    • Installer Screen 2
    • For a first time installation, select "Full Product Install". If you are upgrading an existing install then "Product Update" should be selected. In order to upgrade a license from an evaluation license to a full license, select "License Update"
    • Installer Screen 3
    • the installer will then ask you to confirm and accept the terms of the End User License agreement (EULA)
    • Installer Screen 4
    • The installer will enable you to set up the primary server. If you wish to run a secondary processing server then this needs to be set up during stage 3 - basic configuration of . The replica on the secondary server must also be manually created
    • It is suggested that the target directory of “FirM” is used. You may choose to change this, however. Checks will be performed to try and determine whether there is an existing install of on this server.
    • Installer Screen 5
    • The installer will then try to establish if you have an existing FirM installation, and if so, what version
    • Installer Screen 6
    • The installer will then prompt you for a group of users who shall manage FirM. These people will be granted Manager access to all databases, and have the 'Administrator' role set, allowing them access to the configuration screens
    • Installer Screen 7
    • The installer will then confirm that you have correctly installed the encryption keys into the ID file being used to run the installation
    • Installer Screen 8
    • The installer will then confirm that you have correct ACL access to the Domino directory ("names.nsf"), the administration database ("Admin4.nsf") and the certifier log database ("certlog.nsf") on the target server
    • Installer Screen 9
    • You will be prompted for license information - your company name, license key and license data should be copied from the email that you should have received, and pasted into the relevant fields. Press "F9" when this information has been entered and then click on the forwards arrow button. If you are performing an upgrade then existing license information will be displayed for update or acceptance.
    • Installer Screen 10
    • The installer will then confirm all information entered so far, and invite you to continue
    • Installer Screen 11
    • The installer will create the templates and databases on the primary server and will add icons to the administrator's workspace
    • It is not possible to complete the installation if the administrator's id does not have the encryption keys within it. These should have been created and imported during stage 1 of this installation (see above). A running dialog will be displayed showing the status of the installation.
  3. Once the installer has completed check the Administration Process requests database - admin4.nsf. There should be about 10 requests to sign a database with the server id. These should have processed successfully - you may wish to issue the "tell adminp process all" command at the server console to speed this action up.
  4. Your security standards may require that databases are signed with a special development id. If this is the case then you will have to carry out this step manually
  5. You will need to go through the databases and set up an appropriate ACL according to your standards for each one. Only the administrators should be members of the [Administrator] role.
  6. You must also create a replica copy of the Extended AdminP database on each Domino server in your environment that hosts users or applications that will be managed by .

During the installation phase, the installer asks your primary processing server to sign the Request processor database with the server's ID file. In many cases, the servers' ID will be in your environments Execution Control List (ECL) list. Should the server NOT be in your Domino environment ECL, you might wish to sign the request processor database with your normal "application signing" ID file.

Later on, the scheduled agents within the request processr and optionally the Extended AdminP databases will be signed with an ID capable of running restricted agents.

Back to table of Contents

Stage 3: Basic configuration of .

Tools, Configuration

Basic information about the operating environment now has to be added to . All of the following steps should be carried out from the administrator’s Notes client.

  1. Create bookmarks to the databases on the server.
  2. Amend the ACL of ALL databases so that they do not have default access of “Manager”! Default access of “No Access”, “Reader”, or “Author” are acceptable, depending upon your rollout of and security requirements.
  3. Locate and open the “FirM Request Processor” (“firmrequestprocessor.nsf”)
  4. Click on the “Tools” option on the left hand pane, and then choose the "Config" tab. Click on "Edit the Configuration", check/amend the following information:
    Configuration Profile
    1. “Databases” tab:
      • In the "File Locations" tab please ensure that a valid temporary directory path is supplied for both the administrator's Notes client ("Local Temporary Directory") and for the server ("Server Temporary Directory"). These directories have to be created manually. It is vitally important that a valid temporary directory is supplied for the server for normal operation of . The local temporary directory only has to exist on the administrator's workstation when certifiers are imported. Certifier files will be temporarily extracted to this directory and deleted after use.
      • The installer should have correctly populated all file paths to the databases. All paths are relative to the domino server’s data directory. The entries in this field should not be changed except as a result of discussions with HADSL technical staff.
    2. Servers tab:
      • Primary server must contain the fully qualified name of the domino server.
      • Secondary server should be blank for the moment until configuration and correct operation has been confirmed within the environment. It is possible to return to this setting and specify a secondary server if this is needed for increased system resilience. Accept the default value for “Secondary Server Delay" (5 minutes).
    3. “Directories” tab - Each domino directory that is to be managed should contain a complete line across the three fields:
      • Use the buttons to add the directories that are to be managed by . Each directory should have an Admin4.nsf databases specified and additionally a Deny Access group for that domain.
      • The Edit Entries and Delete Entry buttons can be used to manage the directories list.
    4. External Lookup Tab:
      • supports the use of an external database which can be used to provide additional keys and codes to ensure unique naming standards. Leave this selected to “No” as this is an advanced option and setting up this database is beyond the scope of these installation instructions.
    5. Admin Settings tab:
      • Entries on this tab should be left as the default values.
      • The Default Administrator entry is reserved for future enhancements and currently has no effect.
      • Automatic recertification should be left as Disabled for initial installation.
    6. Log Setting tab:
      • Make sure that the Debug Level field is set to “4. Very Detailed”
      • Make sure that the Debug to Output field is set to “Debug to Notes Log File” at least
    7. Billing tab:
      • If you wish to write billing information to the Billing Repository database then this option should be enabled.
      • Select each request type that should be recorded within the billing repository database.
    8. Name Validation tab:
      • Each element of user and group names can be specified – whether required or not, minimum and maximum lengths, special characters, etc.
      • Under group names, ensure that there is an option selected for the group splitting. This can either be when the group reaches 15Kb size or when a certain number of members is reached.
      • You should ensure that there is a subgroup separator character specified. The default of "_" is suggested.
    9. Workflow tab:
      • Accept the default of 1 hour for “Notify Every:”
      • It is recommended that all days, Sunday through to Saturday, are checked in “Notification Window Days”
      • Similarly, change the notification times so that they start at “1” and end at “23”.
    10. Archiving and Expiry tab:
      • The settings on this tab determine the number of days after which requests in various statuses are archived.
      • It is suggested that the default values are accepted, unless you have planned requirements otherwise. It is possible to turn archiving on at a later date.
    11. Click on the Tick button to save the changes and close the options dialogue box.
Back to table of Contents

Stage 4: Set up System profiles

In order to create a map of your organisation structure it is necessary to create a number of "System Profiles". Note that it is also possible to add or amend profiles at any time after initial set-up and configuration.

Tools, Profiles, System Profiles

Perform the following steps in order to create their system profiles:

  1. Click on the “Tools” entry in the menu on the left hand side of the screen.
  2. Click on the "Certifier ID" tab, then click on "Import a new Certifier", then answer “Yes” to the prompt in order to continue.
  3. A file-attach dialog will be displayed and you should select the certifier id file that is to be imported. Type the password for the certifier into the next dialogue (note: certifiers requiring multiple passwords cannot be used with ) and then reconfirm the password.
  4. Click on the "Profiles" tab
  5. Click on the "System Profiles" sub-tab and perform the following steps:
  6. Click on “System Certifier Profiles” radio button entry and perform the following steps:
    • Click on “Create a profile” to create an actual profile for the certifier – this enables it to be used in the creation of other request types.
    • Enter a descriptive, textual, name for the certifier. This is normally the same as the certifier’s hierarchy. Choose the imported certifier to use in the Certifier Hierarchy selection field.
    • In the “Fields” tab it is possible to specify static and dynamic fields. A dynamic field is a field that is set with information that must be supplied by the requesting user when creating a user under this profile, e.g. "Telephone Number". A static field is one that is set with the same information every time a request is processed that uses this profile - e.g. "OfficeLocation" field can always be set to "London". Default groups can also be specified (i.e. groups that users should be added to if they are created with this location). All settings on this tab are optional.
    • Entries in the “Keys” tab should not be amended.
    • Click on "Save" to save this profile, or "Close" to close the dialogue and continue without saving.
    • Repeat these steps for as many certifiers as you wish to be able to use within .
  7. Click on “System Company Profiles” radio button entry and perform the following steps:
    • Click on “Create a profile”
    • Give the company profile a name – typically this will be the name of your organisation.
    • Static and dynamic field settings and default groups can be specified if necessary.
    • Click on "Save" or "Close".
  8. Click on “System Location Profiles” radio button and perform the following steps:
    • Click on “Create a profile”
    • Give the new location a name. This will be something that has meaning in your business context. Locations can be broad geographic regions, (e.g. “London”, “New York”) or specific locations (“Edinburgh 5th floor”).
    • Use the address book name picker to select names of all the mail servers that you want users to be created on for this location (i.e. the user's primary servers). If more than one server is specified then will automatically load balance and create new users on whichever server has the fewest users, based upon the "Server\Mail
    • Users" view in the Domino Directory.
    • Note that this location can share servers with other locations.
    • Static and dynamic field settings and default groups can be specified if necessary.
    • Click on "Save" or "Close".
    • Repeat these steps for as many locations as necessary.
  9. Click on "System ID Profiles" radio button and perform the following steps:
    • Click on “Create a profile ”
    • These specify the type of id that is to be generated – for instance, International or North American, also the recertification period, whether a mail file should be created, etc. It should be noted that the mail template name refers to the actual file name of the Domino template, and this template must exist on the server. It is possible to specify different classes of user ID with this profile type – e.g. “Staff”, “Contractors”, “and Functional Ids”, etc.
    • Static and dynamic field settings and default groups can be specified if necessary.
    • Click on "Save" or "Close".
    • Repeat these steps for as many ID Types as necessary.
  10. Business Group profiles are optional.
  11. Country profiles are optional.
  12. You should not worry about Agent Triggers during this initial set up of .
  13. Click on "System Notification Profiles" radio button:
    • You will see that each stage of notification will send out an email, and the text of this email can be configured. A default set of notification profiles is supplied with and these may be changed as necessary. There is a tag language that enables different parts of the request to be inserted into the message, for instance the name of the requested user id.
Back to table of Contents Back to table of Contents

Stage 5: Set up User profiles

Tools, Profiles, User Profiles, User Create Profiles

These profiles tie together all of the other profiles within the system, for instance enabling you to create a request to generate a Contractor ID in the ACME certification hierarchy for a Leeds office based user. You must configure a profile for every permutation of request that is valid for your organisation, and users requesting the creation of id files within will only be able to choose from lists of valid configurations.

  1. Click on the “Tools” entry in the menu on the left hand side of the screen. The control panel should open up and default to the "Profiles" tab. Selec the "User Profiles" sub-tab.
  2. Click on the "User Create profiles" radio button and perform the following steps:
    • Click on “Create a profile” hotspot
    • Give the profile a meaningful name (e.g. “London Staff User”)
    • In the Fields and Groups tab specify static and dynamic field settings and default groups necessary.
    • Change to the "Names and Domains" tab. There will be pre-populated entries for these fields – the tag language enables you to build up the user’s notes name, internet address, etc, to accommodate your organisation’s naming standards. Internet Domain and Notes Domain should be completed.
    • In the Sub Profiles tab you are required to tie together the various elements that will make up this ID type. If more than one sub-profile is selected within a section then the user will be prompted for the sub-profile to use at the point of request creation. If only one sub-profile is selected for a section then no prompt will appear for the user.
    • Finally, in the Authorisation tab you specify the names of users who are permitted to request creation of ids with this type, and also who is able to authorise such creation requests.
    • Either specify individual names in the fields on this tab, or the names of multipurpose groups that exist in the address book.
    • It is possible to specify that if a person appears in both the requester and authoriser field, that the request is routed to another authoriser rather than passing straight through for processing without further intervention.
    • If necessary, in the "Notification" tab it is possible to specify names of users or groups who should be receive a notification whenever an ID is created using this profile. This is especially useful where there are security considerations for certain certification hierarchies.
    • Click on "Save" or "Close".
    • Repeat these steps for as many user creation profiles as you want to create.
  3. Similar profiles must be created for each type of user request that is able to process. One difference between create profiles and the other profile types is that the other types have a field “Users Managed by this Profile”. This should contain a name mask, such as “*/ACME”, thereby restricting who can be deleted, renamed, etc, using this profile.
Back to table of Contents

Stage 6: Set up Group profiles

Tools, Profiles, System Profiles, Group Profiles

The Group Profiles define what actions can be done for each type of group that can manage, what it’s allowed content is, what the name of the group should be and who can submit requests to create these groups.

  1. Click on the “Tools” entry in the menu on the left hand side of the screen. The control panel screen should open and default to the "Profiles" tab. Select "System Profiles".
  2. Click on "System Group Profiles" radio button entry entry and perform the following steps:
    • Click on “Create A Profile”
    • Give the profile a name, e.g. “ACME Mail Group”
    • Select the type of group – e.g. “Mail Group”
    • Select foreign Dir Sync setting.
    • In the Membership tag you must explicitly say whether each type of group content is allowed or not allowed to be a member. Valid Notes users are always allowed to be members of a group.
    • In the Name tab, the mask for the group name is created. If a group is not to be given an internet address when it is created then the Internet Address field should be left blank. The tag “%3CGROUPNAMEUSERELEMENT%3E” will be replaced with the user’s descriptive element of the group name.
    • The final three tabs are “Request”, “Authorise” and “Notify”. These fields need to be populated with the names of people who are able to request and authorise the creation of a group. The rights for modification, deletion and management are governed by the group’s entry in the database “FirM Group Register”.
    • The Notification tab allows you to specify who will be notified when a request progresses through the workflow for the creation, management or modification of a group created with this profile.
    • Click on "Save" or "Close".
  3. Repeat for as many different types of group profiles as are necessary. It is possible and perfectly normal to have more than one type of profile for each group type. This is useful in the circumstance that you wish to enforce different naming conventions for (for example) a global mailing group as opposed to a regional mailing group, and to assign the authority to create each of these group types to different people or groups of people.
  4. At a minimum there must be a profile defined for each of the basic Domino group types Mail Group, ACL Group, Multipurpose group, Server Group and Terminations (Deny only) group.
Back to table of Contents

Stage 7: Group Import Utility

Group Import Utility

In order for a group to be managed with it must have an entry in the Group Registry. This entry contains information about the group such as which profile it will use, which domain it belongs to, and who are the Owners and Administrators of this group.

The roles of Owner and Administrator are described in the Help database, but broadly an Owner is a person who is able to modify the group’s list of owners and administrators, manage the content of the group, and request the group’s deletion. An Administrator is a person who is only able to manage the content of the group.

A typical Domino installation will have many groups within each Domino Directory, and the import utility is used to create Group Registry entries for each of these groups. The tool is run from within the Request Processor, and is accessed from the “Tools” button under “Import Group(s)”.

  1. Click on the “Tools” entry in the menu on the left hand side of the screen.
  2. Click on "Profiles" tab, and "System Profiles" sub-tab.
  3. Select "System Group Profiles" radio button and perform the following steps:
    • Click on “Tools” and "Import Groups”
    • The wizard-style dialog will guide you through the procedure for importing groups.
    • Group Import Utility Wizard Screen 1
    • Select whether you wish to import a single group, a selection of groups or all groups of a type in the directory.
    • Group Import Utility Wizard Screen 2
    • Select the Directory from which the group/groups is/are to be imported
    • Group Import Utility Wizard Screen 3
    • Select whether the groups are to be imported straight into a “Live” state (i.e. can be managed from without further intervention) or into a “Draft” state, in which case the groups must be manually moved to Live from within the Group Registry.
    • Group Import Utility Wizard Screen 4
    • It is possible to import spanned groups into as a hierarchy. In order to do this the spanned groups must follow the naming convention of
      [parent group name][separator character][number of subgroup]
    • Group Import Utility Wizard Screen 5
    • and the parent group must contain only the names of subgroups. will honour the existing separator characters in this case and will add and remove users from subgroups in this hierarchy.
    • Group Import Utility Wizard Screen 6
    • The settings within the "Ownership" tab enables you to specify default entries for group owners and administrators - values contained within these fields will be added as an owner and administrator (respectively) to each group imported with the utility.
    • Finally, click on “OK” and the groups will be imported.
  4. If groups have been imported into a Draft status then you must open the Group Registry, navigate to the Draft Groups view, and once you are satisfied that the group entry is correct then select the group from the view, and use the “Tools”, “Flag selected groups as Live” action to mark the group as live for management.
  5. This operation must be carried out for every directory that contains groups that are to manage.
Back to table of Contents

Stage 8: Extended AdminP Configuration

Before enabling the processing agents within FirM there is one last database in which a configuration profile must be set and that is the Extended AdminP database. This database processes requests that AdminP is unable to and extends the facilities avalable to FirM to manipulate specific aspects fo the applications and mail files managed by FirM. This part of the operation must be carried out using an ID which is allowed to run "Restricted and System" operations on scheduled agents on any of your Domino servers.

Extended AdminP Profile - Profile Info Tab

Extended AdminP Profile Document - Profile Info Tab

Extended AdminP Profile - Database Locations Tab

Extended AdminP Profile Document - Database Location Tab

  1. Open the Extended AdminP database and select the 'System Profiles' and then the 'Extended AdminP Setup' menu option from the left hand navigator. When the control document appears:
  2. From the 'Profile Info' tab:
    1. Select the list of 'Servers To Run On' that you want this process to run on. By specifying '*' the process will run on all server. Entries in this list will be included for processing.
    2. Select.the list of 'Servers NOT To Run On. Exntries in this list will be excluded from any processing of Extended AdminP request.
    3. Select the 'Frequency' that this process will run at. This frequenct is specific in minutes and is the minumum interval between each process cycle (this is dependant on the interval set for the agent to run).
    4. For 'Report Faults To' specify the addresses of recipients for any processing agent error messages that may be generated.
  3. From the 'Database Locations' tab:
    1. Specify in the 'Server Temp Directory' field. This is the name of a file system directory that will be used for storing transient data needed for the Extended AdminP process to function correctly. The path must be specified in a compatible format for the processing servers, INCLUDING leading and trailing "/" or "\", e.g. "/tmp/".
    2. In the 'Domain Admin Servers' field specify the name(s) of the domain AdminP servers.
  4. The final 4 fields on this configuration profile relate to other databases in the FirM tool suite. Set their values as in the FirM Request Processor configuration profile.
Back to table of Contents

Stage 9: ID Escrow Configuration (Optional)

provides an option to integrate the ID Escrow feature of Domino into the process.

Extended AdminP Profile - Profile Info Tab

ID Escrow Profile Document - Profile Info Tab

  1. Open the Escrow Agent database.
    1. Select 'Tools\Edit' Profile from the view actions.
    2. Specify the full filepath of the Firm ID Repository in 'Firm ID Repository' field.
    3. The 'ID Encryption Key Name' field should match the encryption key being used for the ID Repository and should be contained in the ID of the server processing the agent. Changing this value may cause unexpected results!
    4. Click on 'Save' to save the profile document
  2. Follow the steps to configure your Domino environment to use ID Recovery. These can be found in 'Setting up ID recovery' in the Domino Administration Help database.
Back to table of Contents

Stage 10: Agent Enablement

This stage in setting up for use is to enable the processing and workflow agent. This part of the operation must be carried out using an ID which is allowed to run "Restricted and System" operations on scheduled agents on any of your Domino servers.

Scheduled Agents Control Panel
  1. Open the Request Processor and select the 'tools' menu from the left hand side. When the control panel appears, select the 'Scheduled Agents' tab.
    1. On the 'Process Requests and Workflow' agent line, click on the server name, and select the correct processing server for . Then click on the traffic-light on the left hand column to enable the agent.
    2. On the 'ServerAgent' agent line, click on the server name, and set the processing serve to a single asterisk ( * ). This means that this agent will run on every server where this database is replicated to. Then click on the traffic-light on the left hand column to enable the agent.
Back to table of Contents

Stage 11: Replicate to the rest of your Domino Environment

The final stage in setting up for use to replicate it to all relevant servers.

  1. Replicate the following Databases to all servers (and any intermediate replication servers) where you wish users to access the Request Processor:
    1. The Request Processor (firmrequestprocessor.nsf)
    2. The Group Registry (firmgroupregistry.nsf)
    3. The Help File (firmhelp.nsf)
    4. The Log Database (firmlog.nsf):
  2. Replicate the following Databases to all servers (and any intermediate replication servers) where you wish to manage users or applications via :
    1. the Extended AdminP Request Processor (firmextendedadminp.nsf)

is now installed, configured and ready to be used to create and process user and group management requests.

Back to table of Contents

Normal Operation: Creating Requests

  1. Open the Request Processor database.
  2. The default view is the "All Requests" view. This shows all requests by status. Click on the “New Request” button.
  3. A dialogue will now be displayed so that you can choose which type of request to create. The list of requests that you are able to create will display only those request types where you are named as a requester in the various profiles that have been created.
Back to table of Contents

Installation instructions for Active Directory

The installation routine for this is:

  • Install a Lotus Notes v6 or greater client and ID capable of opening the firmExtendedAdminP.nsf database on your processing server
  • Install this package. Unzip this package, taking care to preserve directory structure. Then use windows explorer to "run" the ".application" file in the root of this package.
  • Use RegEdt32 to
    • Create a new tree "hadsl" under HKEY_LOCAL_MACHINE\SOFTWARE
    • Create a new tree "firmAD" under HADSL
    • Create the following settings:
      • Name Type Value
      baseURL String http://www.hadsl.com
      CycleTime WORD Number of seconds between cycles - 120 seconds is what we recommend.
      debugLevel WORD The debug level - 1 - low, 4 - maximum. We recommend 4 for testing
      firmExAmpRequestDbPath String The directory and filename for the FirM Extended AdminP database on the server. Ours is set to:
      HAD\firm20\firmextendedadminp.nsf
      firmRequestDbPath String The directory and filename for the FirM Request database on the server. Ours is set to:
      HAD\firm20\firmrequestprocessor.nsf
      firmRequestDbServer String the abbreviated name of the server hosting your firm database. Ours is "idm-demo3/HADSL"
      notesPassword String The password (if required) for the notes client installed on this machine. Currently, this is stored in clear text, which is unnaceptable. See the notes below.
      WaitPeriod String The number of minutes between each "report" back to the server on disk space usage.