This article describes the minimum privileges that would need to be granted to a user to allow successful administration of the Lotus Notes connector when full domain admin rights are not granted. 

Identity Manager 14.X
Lotus Domino

For LND connector administration, a user account with LND domain administrator privileges is required to be set up. However, due to the organization's security policy, you cannot create the user as a domain administrator.

Ensure your LND user has the following minimum privileges

• In the ACL of the Domino Directory, the user should have at least Author access with the rights to Create and Delete documents, and at least GroupCreator, GroupModifier, UserCreator and UserModifier roles.
  
  
• In the ACL of the Administration Requests database, the user should have at least Author access with the rights to Create and Delete documents.
  
  
• In the ACL of the Certification Log database, the user should have at least Author access with the right to Create documents.
  
  
• In the ACL of the Certifier database, the user should have Manager access with the right to Delete documents, and the configuration and registrar roles.
  
  
• In the ACL of the Archive database, the user should have Manager access with the right to Delete documents.
  
  
• The ID file of the user must contain the RegXArchive and RegXCertifier encryption keys.