IBM Lotus Lotus Connections 2.5 Installation Guide

IBM Lotus Lotus Connections 2.5 Installation Guide
Lotus
®
Lotus Connections 2.5 Installation
Guide
GC14-7258-03
This edition applies to version 2, release 5, modification 2 of IBM Lotus Connections (product number 5724-S68)
and to all subsequent releases and modifications until otherwise indicated in new editions.
© Copyright IBM Corporation 2007, 2010.
US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract
with IBM Corp.
Contents
Chapter 1. Installing . . . . . . . . . 1
What's new . . . . . . . . . . . . . . . 1
The installation process . . . . . . . . . . . 1
Accessibility features for installing Lotus
Connections . . . . . . . . . . . . . 2
Planning the installation . . . . . . . . . . 3
Audience . . . . . . . . . . . . . . 4
Directory path conventions . . . . . . . . 4
Deployment options . . . . . . . . . . . 6
Lotus Connections detailed system requirements 13
Release notes - Lotus Connections 2.5 . . . . . 14
Installing a pilot deployment . . . . . . . . 16
Creating a user information file. . . . . . . 17
Installing the pilot deployment . . . . . . . 19
Accessing the pilot deployment. . . . . . . 23
Changing the pilot configuration . . . . . . 25
Designating an administrative user for a pilot
deployment . . . . . . . . . . . . . 25
Adding actual users to the pilot . . . . . . 26
Uninstalling a pilot deployment . . . . . . 28
Pre-installation tasks . . . . . . . . . . . 30
Preparing to configure the LDAP directory . . . 30
Installing IBM WebSphere Application Server . . 36
Setting up federated repositories . . . . . . 38
Creating databases . . . . . . . . . . . 42
Populating the Profiles database . . . . . . 64
Installing Lotus Connections. . . . . . . . . 94
Installing a stand-alone deployment . . . . . 95
Installing a network deployment . . . . . . 104
Running the installation wizard from a console 123
Installing in silent mode . . . . . . . . . 124
Post-installation tasks. . . . . . . . . . . 138
Mandatory tasks for all deployments . . . . 139
Mandatory tasks for a network deployment . . 156
Mandatory tasks for an advanced stand-alone
deployment . . . . . . . . . . . . . 162
Optional tasks for all deployments . . . . . 171
Uninstalling Lotus Connections . . . . . . . 193
Uninstalling a stand-alone deployment . . . . 193
Uninstalling a network deployment . . . . . 194
Manually uninstalling Lotus Connections . . . 197
Uninstalling: Remove files . . . . . . . . 199
Uninstalling: delete databases with the database
wizard . . . . . . . . . . . . . . 202
Uninstalling: Manually drop databases . . . . 203
Chapter 2. Security . . . . . . . . . 205
Enabling virus scanning . .
Forcing users to log in before
feature . . . . . . .
Configuring single sign-on .
. .
they
. .
. .
© Copyright IBM Corp. 2007, 2010
.
can
.
.
. . . .
access a
. . . .
. . . .
Using Single sign-on LTPA keys . . . . . .
Enabling single sign-on for Tivoli Access
Manager . . . . . . . . . . . . . .
Enabling single sign-on for SiteMinder . . . .
Enabling single sign-on between all features . .
Enabling single sign-on for Lotus Quickr . . .
Enabling single sign-on for Domino . . . . .
Enabling single sign-on for standalone LDAP
Enabling single sign-on for the Windows
desktop . . . . . . . . . . . . . .
Adding features to the SSL trust store . . . . .
Configuring the AJAX proxy . . . . . . . .
Configuring the AJAX proxy for Search . . .
Configuring the AJAX proxy for a specific
feature . . . . . . . . . . . . . .
Enabling the AJAX proxy to forward user
credentials . . . . . . . . . . . . .
Securing features from malicious attack . . . .
Mitigating a cross site scripting attack . . . .
Turning off active content filtering . . . . .
Disabling support for flash animations . . . .
Forcing traffic to be sent over SSL . . . . . .
Forcing Files and Wikis authenticated API traffic
to be sent over HTTPS . . . . . . . . .
210
211
223
233
235
237
237
238
245
246
249
251
256
258
259
263
263
265
266
Chapter 3. Updating and migrating
269
Preparing Lotus Connections for maintenance .
Backing up Lotus Connections . . . . . .
Saving your customizations . . . . . . .
Migrating to Lotus Connections 2.5 . . . . .
Migration strategies . . . . . . . . .
Migrating Lotus Connections . . . . . .
Updating databases . . . . . . . . .
Migrating a pilot to a production deployment
Post-migration tasks . . . . . . . . .
Rolling back a migration or update . . . .
Updating Lotus Connections 2.5 . . . . . .
Downloading the update wizard . . . . .
Downloading fixes . . . . . . . . .
Updating a stand-alone deployment . . . .
Updating a network deployment . . . . .
Installing fixes . . . . . . . . . . .
Uninstalling updates . . . . . . . . . .
Uninstalling fix packs in interactive mode . .
Uninstalling fix packs in silent mode . . .
Uninstalling interim fixes in interactive mode
Uninstalling interim fixes in silent mode . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
269
271
272
272
273
274
308
329
339
341
341
342
343
344
344
346
356
356
357
358
359
. 205
Notices . . . . . . . . . . . . . . 361
. 207
. 209
Trademarks .
.
.
.
.
.
.
.
.
.
.
.
.
. 362
iii
iv
IBM Lotus Lotus Connections 2.5 Installation Guide
Chapter 1. Installing
To install Lotus® Connections, you need to follow a detailed series of procedures.
What's new
Find out what's new and what has been updated.
Lotus Connections 2.5
v The installation wizard offers a simplified stand-alone deployment option, a
network option, and an advanced stand-alone option. The Custom option has
been removed because the use of multiple WebSphere® Application Server
profiles for stand-alone deployment is no longer recommended.
v The Network deployment option has been enhanced to improve ease-of-use.
v The Search feature has been separated from the Home page feature and is
automatically installed when you choose to install at least one other Lotus
Connections feature. The initial index for installed features is also created
automatically.
v The installation wizard automatically creates a WebSphere Application Server
search-admin role to allow inter-feature indexing and searching.
v The database schemas have been updated.
v Cluster installation has been simplified: you no longer need to install Lotus
Connections on each node. You can install on one node in a cluster and instruct
the Deployment Manager to push the installation to other nodes. Cluster
uninstallation is now integrated into the uninstallation wizard.
v The primary node and secondary node concept in a network deployment is
replaced by the first node and subsequent node concept. Lotus Connections is
installed on a system that you define as the first node in a cluster. You then use
the Deployment Manger to add subsequent nodes.
v “Changing the context root of a feature” on page 179
v “Scheduling Activities jobs” on page 154
The installation process
Review the steps that are required to install Lotus Connections.
About this task
Installing Lotus Connections in a production environment requires you to perform
several procedures to deploy the different components of the installation.
Note: If you are planning to install the pilot version of Lotus Connections, you do
not need to perform any of these procedures. The pilot installation automatically
creates a complete, stand-alone environment.
Procedure
1. Decide if you want to install a stand-alone or a network deployment of Lotus
Connections. For more information, see the Deployment options topic.
2. Review the hardware requirements for the systems that will host Lotus
Connections. See the Lotus Connections system requirements topic.
© Copyright IBM Corp. 2007, 2010
1
3. Install the required software, choosing a supported product in each case.
v Operating system
v Database server
v LDAP directory
4. If you plan to use mail notification, ensure that you have the SMTP and DNS
details of your mail infrastructure available at installation time.
5. Prepare the LDAP server, install WebSphere Application Server, and create
databases for the Lotus Connections features that you plan to use. See
Preinstallation tasks.
6. Install Lotus Connections by completing one of the following steps:
v If you are setting up a stand-alone deployment, see “Installing a stand-alone
deployment” on page 95.
v If you are setting up a network deployment, see “Installing a network
deployment” on page 104.
7. Complete the post-installation tasks that apply to your configuration. For
example, map the installed features to IBM® HTTP Server. See “Configuring
IBM HTTP Server” on page 139.
Related concepts
“Deployment options” on page 6
Lotus Connections supports a flexible set of deployment scenarios. Simple
topology diagrams are provided to help you understand the basic concepts of the
Lotus Connections architecture.
“Planning the installation” on page 3
Before installing Lotus Connections, study the system requirements that are
required to perform the installation.
Related reference
“Release notes - Lotus Connections 2.5” on page 14
Lotus Connections 2.5 is available. Compatibility, installation, and other
getting-started issues are addressed.
Accessibility features for installing Lotus Connections
Learn about the accessibility features for installing IBM Lotus Connections.
Using the wizards
Lotus Connections wizards provide non-graphical console modes for installation
and other tasks. You can use accessibility features in the following wizards:
v Production installation
v Pilot installation
v Database creation
v Profiles population
v Connector installation
v Update installation
See the related topics for more information about accessing the wizards.
IBM and accessibility
Go to the IBM Human Ability and Accessibility Center for more information about
the commitment that IBM has to accessibility.
2
IBM Lotus Lotus Connections 2.5 Installation Guide
Related tasks
“Running the installation wizard from a console” on page 123
Run the IBM Lotus Connections installation wizard from a non-graphical console
interface.
“Using the database wizard in silent mode” on page 53
Run the database wizard in silent mode when you need an identical installation on
several servers.
“Using the Profiles population wizard in silent mode” on page 71
Run the Profiles population wizard in silent mode to populate the Profiles
database.
Installing fix packs in silent mode
Use the updateLC command to install fix packs in silent mode.
Installing the Confluence connector from a console
Install the IBM Lotus Connections Connector for Confluence from a non-graphical
console interface.
Installing the Lotus Quickr® connector from a console
You can install the IBM Lotus Connections Connector for Quickr from a
non-graphical console interface.
“Uninstalling fix packs in silent mode” on page 357
If the fix pack that you installed is not working, you can uninstall it using the
update wizard in silent mode.
“Uninstalling interim fixes in silent mode” on page 359
If the interim fix that you installed is not working, you can uninstall it using the
update wizard in silent mode.
Uninstalling the Confluence connector from a console
You can uninstall the IBM Lotus Connections Connector for Confluence from a
non-graphical console interface.
Uninstalling the Lotus Quickr connector from a console
You can uninstall the IBM Lotus Connections Connector for Lotus Quickr from
your system using a non-graphical console interface.
Planning the installation
Before installing Lotus Connections, study the system requirements that are
required to perform the installation.
Chapter 1. Installing
3
Related concepts
“Stand-alone deployment” on page 9
A stand-alone deployment is an installation of one or more Lotus Connections
features. Use this small-scale production deployment for deployment to
workgroups and small businesses.
“Network deployment” on page 11
The network deployment option is the best overall choice for ease of deployment,
maintenance, scalability, and performance for most scenarios. This deployment
scenario can provide component redundancy to support operational high
availability and failover. It also provides a way of scaling Lotus Connections
features to support large system loads and concurrent user populations.
“Pilot deployment” on page 7
Use this deployment for test and evaluation purposes only. A pilot deployment
provides a quick and easy way for you to preview the features and benefits of
Lotus Connections. This basic environment provides you with an opportunity to
learn which of the Lotus Connections features might be most appropriate in your
enterprise.
Securing Lotus Connections
Ensure that your deployment is secure.
Related tasks
“The installation process” on page 1
Review the steps that are required to install Lotus Connections.
Related reference
“Release notes - Lotus Connections 2.5” on page 14
Lotus Connections 2.5 is available. Compatibility, installation, and other
getting-started issues are addressed.
Audience
This Installation Guide assumes that you have prior experience with products that
support enterprise Web applications.
Lotus Connections has dependencies on a number of other products. This guide
assumes that you have a basic knowledge of those products, including how to:
v Install, configure, secure, and administer IBM WebSphere Application Server.
v Install IBM Tivoli® Directory Server, Microsoft Active Directory, Sun Java System
Directory Server, or IBM Lotus Domino® LDAP directory, and then configure
WebSphere Application Server to use that LDAP directory with federated
repositories.
v Create, manage, and drop IBM DB2®, Oracle, or Microsoft SQL Server databases.
v Install IBM HTTP Server, and then configure it to interact with IBM WebSphere
Application Server over HTTP and HTTPS.
Directory path conventions
Directory variables are abbreviations for the default installation paths for AIX®,
Linux, and Microsoft Windows. This topic defines the directory variable and its
matching default installation directory for each supported operating system.
Notes:
v The term Linux in this documentation includes the Linux for System z®
platform, unless otherwise specified.
4
IBM Lotus Lotus Connections 2.5 Installation Guide
v Many examples of directory and file paths in this documentation use the UNIX
'/' separator to denote AIX, Linux, and Windows path separators, even though
the Windows convention is to use the '\' separator. Where applicable, substitute
the '\' separator for the '/' separator.
Table 1. Directory variable values
Directory variable
Default installation root
app_server_root
AIX:
WebSphere Application Server installation
directory
/usr/IBM/WebSphere/AppServerLinux:
/opt/IBM/WebSphere/AppServerWindows:
<drive>:\Program Files\IBM\WebSphere\
AppServerwhere <drive> is the system drive
on which the file directory is stored. For
example: C or D.
profile_root
AIX:
WebSphere Application Server installation
directory
/usr/IBM/WebSphere/AppServer/profiles/
<profile_name>Linux:
/opt/IBM/WebSphere/AppServer/profiles/
<profile_name>Windows:
<drive>:\Program Files\IBM\WebSphere\
AppServer\profiles\<profile_name>where
<profile_name> is the name of the profile on
which the feature is installed or the profile
name of the deployment manager. <drive> is
the system drive on which the file directory
is stored. For example: C or D.
ibm_http_server_root
AIX:
IBM HTTP Server installation directory
/usr/IBM/HTTPServerLinux:
/opt/IBM/HTTPServerWindows:
<drive>:\Program Files\IBM\
HTTPServerwhere <drive> is the system drive
on which the file directory is stored. For
example: C or D.
lotus_connections_root
AIX or Linux:
Lotus Connections installation directory
/opt/IBM/LotusConnectionsWindows:
<drive>:\Program Files\IBM\
LotusConnectionswhere <drive> is the
system drive on which the file directory is
stored. For example: C or D.
Chapter 1. Installing
5
Table 1. Directory variable values (continued)
Directory variable
Default installation root
data_directory_root
AIX:
/usr/IBM/LotusConnections/Data/
<feature_name>Linux:
/opt/IBM/LotusConnections/Data/
<feature_name>Windows:
<drive>:\Program Files\IBM\
LotusConnections\Data\
<feature_name>where <feature_name> is the
name of one of the following Lotus
Connections features:
v Activities
v Blogs
v Communities
v Dogear
v Files
v Homepage
v Profiles
v Wikis
and <drive> is the system drive on which
the file directory is stored. For example: C
or D.
db2_root
AIX or Linux:
DB2 database installation directory
/usr/IBM/db2/<version>Linux:
/opt/ibm/db2/<version>Windows:
<drive>:\Program Files\IBM\SQLLIB\
<version>where <drive> is the system drive
on which the file directory is stored, for
example: C or D, and <version> is the
version of DB2 installed, for example: V9.1
or V9.5.
oracle_root
AIX or Linux:
Oracle database installation directory
/home/oracle/oracle/product/10.2.0/
db_1Windows:
<drive>:\oracle\product\10.2.0\db_1where
<drive> is the system drive on which the file
directory is stored. For example: C or D.
Deployment options
Lotus Connections supports a flexible set of deployment scenarios. Simple
topology diagrams are provided to help you understand the basic concepts of the
Lotus Connections architecture.
Consider the topology options in the following table:
6
IBM Lotus Lotus Connections 2.5 Installation Guide
Table 2. Lotus Connections deployment options
Lotus Connections
deployment option
JVM
Proxy
Cluster topology
Pilot
Single
No
(Not applicable)
Stand-alone
Single
No
(Not applicable)
Advanced stand-alone
Multiple
(individually
managed)
Optional
(Not applicable)
Network deployment
Multiple
(centrally
managed)
Recommended
One cluster per feature.
Each cluster contains at
least 1 JVM.
Notes:
v In a network deployment, you can assign various combinations of features to
clusters in many different ways, depending on your usage and expectations. For
more information, see the Network deployment topic and go to the Lotus
Connections wiki to read articles about deployment.
v The number of Java Virtual Machines (JVMs) that you need for each cluster
depends on the user population and workload. For failover, you must have two
JVMs per feature, scaled horizontally. Horizontal scaling refers to having
multiple JVMs per feature with each JVM running on a WebSphere Application
Server instance. Vertical scaling refers to running multiple JVMs for the same
feature on a single WebSphere Application Server instance. Vertical scaling is not
officially supported yet in Lotus Connections. However, it is usually not needed
unless your server has a large number of CPUs.
v Advanced stand-alone: You can create a stand-alone deployment with multiple
instances of WebSphere Application Servers Base but this is a complex
deployment that requires considerable post-installation effort to link the different
application servers. If you choose this deployment, your administration load
could be excessive. You can save time and effort by choosing the network
deployment option instead.
Choose from the following deployment options:
Related tasks
“The installation process” on page 1
Review the steps that are required to install Lotus Connections.
Related reference
Lotus Connections wiki
“Release notes - Lotus Connections 2.5” on page 14
Lotus Connections 2.5 is available. Compatibility, installation, and other
getting-started issues are addressed.
Pilot deployment
Use this deployment for test and evaluation purposes only. A pilot deployment
provides a quick and easy way for you to preview the features and benefits of
Lotus Connections. This basic environment provides you with an opportunity to
learn which of the Lotus Connections features might be most appropriate in your
enterprise.
Chapter 1. Installing
7
The pilot deployment is installed on a Windows operating system with a local DB2
Express® database for data storage. It also takes advantage of the out-of-box
security, file based user registry. Therefore, no LDAP user registry is needed.
Figure 1 illustrates a common topology for this self-contained deployment. Only
one server is needed and no additional software is required. All required software
is installed on a single server:
v
v
v
v
WebSphere Application Server
DB2 Express
Lotus Connections and selected features
Tivoli Directory Integrator to expedite the loading of user data into the Profiles
database
No additional configuration is required. The installation configures WebSphere
Application Server for use with Lotus Connections and also configures DB2
Express with the databases required for each feature.
Figure 1. Pilot topology
Limitations of a pilot deployment:
v Supported on Microsoft Windows only
v Supports a maximum user population of 100 users
v No LDAP server is installed, and no integration with an existing LDAP
repository is supported
v Does not support IBM HTTP server
To set up a pilot deployment, see the Installing a pilot version of Lotus Connections
topic. You can migrate the data that your users create in the pilot to a production
environment. For more information, see the Migrating a pilot to a production
installation topic.
8
IBM Lotus Lotus Connections 2.5 Installation Guide
Related concepts
“Planning the installation” on page 3
Before installing Lotus Connections, study the system requirements that are
required to perform the installation.
“Stand-alone deployment”
A stand-alone deployment is an installation of one or more Lotus Connections
features. Use this small-scale production deployment for deployment to
workgroups and small businesses.
“Installing a pilot deployment” on page 16
Install a pilot deployment of Lotus Connections to evaluate its features and
benefits.
“Uninstalling a pilot deployment” on page 28
Uninstall a pilot deployment of IBM Lotus Connections.
“Migrating a pilot to a production deployment” on page 329
A pilot deployment is ideal for evaluating Lotus Connections. After evaluation is
complete, you can migrate the pilot deployment to a production deployment.
Stand-alone deployment
A stand-alone deployment is an installation of one or more Lotus Connections
features. Use this small-scale production deployment for deployment to
workgroups and small businesses.
In this type of deployment, each server is administered independently.
Figure 2 on page 10 depicts a typical stand-alone topology. One system has Lotus
Connections features with WebSphere Application Server and IBM HTTP Server
installed. Another system hosts the database and Tivoli Directory Integrator (TDI),
while a third system hosts the LDAP server. You can locate IBM HTTP Server or
TDI on their own servers as well. If TDI is configured to perform synchronizations
on a near real-time basis, you might need to move the TDI server processes to a
separate server to limit potential resource constraints on the database server.
Chapter 1. Installing
9
Figure 2. Stand-alone topology
Determine the best deployment scenario based on your hardware resources and
the amount of use that you anticipate for each feature.
Install features on one server instance
In the standard stand-alone deployment, the WebSphere Application Server
Integrated Solutions Console is available on the default server instance
(server1). You can, if necessary, convert this base application server deployment
to a clustered, network environment. Note that while it is easy to administer,
you are limited by the number of active users due to memory constraints.
Install features on multiple server instances
In the advanced stand-alone deployment, you can select an existing server
instance or create a new server instance for each feature.
There is no centralized administration for all the features that you install with
this deployment. You must use the WebSphere Application Server Integrated
Solutions Console on each server instance (server1 to serverN). If you want to
centrally manage multiple server instances, install WebSphere Application
Server Network Deployment and then create a cluster with only a single node
so that you can centrally administer features installed on different server
instances. You can, if necessary, convert this base application server
deployment to a clustered, network environment.
Note: The stand-alone deployment pattern for Lotus Connections has changed
since release 2.0.1. You can still install features on multiple WebSphere
Application Server profiles but this scenario is no longer officially supported.
The advanced stand-alone deployment option requires several additional
manual configuration steps before it can be used. In particular, the News
feature does not function out-of-the-box. For more information, see the Linking
buses manually for non-federated servers topic.
10
IBM Lotus Lotus Connections 2.5 Installation Guide
Note: You cannot easily configure or administer an advanced stand-alone
deployment. You might find that your deployment needs are more easily met
by choosing the Network deployment option.
Related concepts
“Planning the installation” on page 3
Before installing Lotus Connections, study the system requirements that are
required to perform the installation.
“Pilot deployment” on page 7
Use this deployment for test and evaluation purposes only. A pilot deployment
provides a quick and easy way for you to preview the features and benefits of
Lotus Connections. This basic environment provides you with an opportunity to
learn which of the Lotus Connections features might be most appropriate in your
enterprise.
Related tasks
“Installing a stand-alone deployment” on page 95
Install a stand-alone deployment of Lotus Connections on WebSphere Application
Server.
“Linking buses manually for non-federated servers” on page 162
Link buses between non-federated application servers to allow the news repository
to collect messages from the other features
Related reference
“Lotus Connections detailed system requirements” on page 13
A variety of hardware and software is required to run IBM Lotus Connections.
Network deployment
The network deployment option is the best overall choice for ease of deployment,
maintenance, scalability, and performance for most scenarios. This deployment
scenario can provide component redundancy to support operational high
availability and failover. It also provides a way of scaling Lotus Connections
features to support large system loads and concurrent user populations.
For production environments, failover is critical. This deployment provides a single
point of administration and is the best solution when you want high availability
and to share load between physical machines.
A network deployment can be a single server with all applications installed, or two
or more sets of servers that are grouped to share the product's workload. You must
also configure an additional system with the WebSphere Application Server
Network Deployment Manager, which enables you to build, manage, and tune the
clustered servers.
A Lotus Connections network deployment provides the administrator with a
central management facility, and it ensures that users have constant access to data.
It balances the workload between servers, improves server performance, and
facilitates the maintenance of performance when the number of users increases.
The added reliability also requires a larger number of systems and the experienced
administrative personnel who can manage them.
In Figure 3 on page 12, the Deployment Manager allows you to create a cluster of
the Lotus Connections features. By doing so, one or more HTTP servers can
distribute the load between two or more WebSphere nodes. To load balance the
HTTP servers, you can use WebSphere Edge components, which are included as
part of WebSphere Network Deployment.
Chapter 1. Installing
11
Figure 3. Network topology
When using the Network Deployment option, you can decide how to best
configure the physical deployment of the product features to suit your needs.
Typical examples include:
Installing all features into a single cluster on a single node
This is the simplest deployment, but has limited flexibility and does not allow
individual features to be scaled up. Adding additional nodes requires all
features in the cluster to run on all nodes.
Installing a subset of features into separate clusters
This allows you to partition features according to your usage and expectations.
For instance, you might anticipate higher loads for the Profiles feature and
install it into its own cluster, whilst other features could be installed together
into a different cluster. This allows you to maximize the use of available
hardware and system resources to suit your needs.
Installing each feature into its own cluster
This provides the best performance in terms of scalability and availability
options, but also requires more system resources. In most cases, you should
install the News and Home page features into the same cluster.
Notes:
v In a multi-node cluster, you need to configure network share directories for
content stores, message stores, and search indexes. Use the NFSv4 or UNC
file-naming convention, depending on your operating system.
v For more information about deployment scenarios, see the Lotus Connections
wiki.
12
IBM Lotus Lotus Connections 2.5 Installation Guide
Related concepts
“Planning the installation” on page 3
Before installing Lotus Connections, study the system requirements that are
required to perform the installation.
“Installing a network deployment” on page 104
Installing Lotus Connections on a network deployment provides better
performance and improved availability of features.
Related reference
“Lotus Connections detailed system requirements”
A variety of hardware and software is required to run IBM Lotus Connections.
Lotus Connections detailed system requirements
A variety of hardware and software is required to run IBM Lotus Connections.
To view the hardware and software requirements, go to the Detailed system
requirements for Lotus Connections Web page.
Chapter 1. Installing
13
Related concepts
“Stand-alone deployment” on page 9
A stand-alone deployment is an installation of one or more Lotus Connections
features. Use this small-scale production deployment for deployment to
workgroups and small businesses.
“Network deployment” on page 11
The network deployment option is the best overall choice for ease of deployment,
maintenance, scalability, and performance for most scenarios. This deployment
scenario can provide component redundancy to support operational high
availability and failover. It also provides a way of scaling Lotus Connections
features to support large system loads and concurrent user populations.
“Installing Lotus Connections” on page 94
Select the Lotus Connections features that you plan to use and install them in a
stand-alone or clustered deployment.
“Migration strategies” on page 273
You can migrate from a production installation of Lotus Connections 2.0.1, from
the pilot installation of Lotus Connections 2.5, or from one type of data source to
another.
“Updating databases” on page 308
Update Lotus Connections 2.0.1 databases within an existing database
environment.
Related tasks
“Installing IBM WebSphere Application Server” on page 36
Install WebSphere Application Server Network Deployment.
“Preparing to configure the LDAP directory” on page 30
Determine which Lightweight Directory Access Protocol (LDAP) attributes you
want to use as the identifiers for IBM Lotus Connections users.
“Configuring Tivoli Directory Integrator” on page 65
Configure Tivoli Directory Integrator to synchronize and exchange information
between the IBM Lotus Connections Profiles database and your LDAP directory.
“Preparing Lotus Connections for maintenance” on page 269
Before you bring down Lotus Connections to apply updates, you must let your
users know about the planned outage.
“Migrating to Lotus Connections 2.5” on page 272
Migrate from a production installation of Lotus Connections 2.0.1 to release 2.5.
“Migrating a stand-alone deployment” on page 274
Migrate your Lotus Connections 2.0.1 stand-alone deployment to release 2.5.
“Migrating a network deployment” on page 289
Migrate your Lotus Connections 2.0.1 network deployment to release 2.5.
Release notes - Lotus Connections 2.5
Lotus Connections 2.5 is available. Compatibility, installation, and other
getting-started issues are addressed.
Contents
v
v
v
v
v
14
“Description” on page 15
“Announcement” on page 15
“System requirements” on page 15
“Installing Lotus Connections 2.5” on page 15
“Known problems” on page 15
IBM Lotus Lotus Connections 2.5 Installation Guide
Description
Lotus Connections 2.5 offers enhancements to the Communities feature, and more.
Announcement
The Lotus Connections 2.5 announcement is available at www.ibm.com/common/
ssi/index.wss. See the announcement for the following information:
v Detailed product description, including a description of new function
v Product-positioning statement
v Packaging and ordering details
v International compatibility information
System requirements
For information about hardware and software compatibility, see Lotus Connections
detailed system requirements.
Installing Lotus Connections 2.5
For step-by-step installation instructions, refer to the Lotus Connections 2.5
Installation Guide PDF available from the information center:
http://publib.boulder.ibm.com/infocenter/ltscnnct/v2r0/index.jsp
Known problems
Known problems are documented in the form of individual technotes in the
Support knowledge base at http://www1.ibm.com/software/lotus/products/connections/
support/. As problems are discovered and resolved, the IBM Support team updates
the knowledge base. By searching the knowledge base, you can quickly find
workarounds or solutions to problems.
The following links launch customized queries of the live Support knowledge base:
v All known problems for Lotus Connections 2.5
v Activities
v
v
v
v
v
v
v
Blogs
Communities
Dogear
Home page
Profiles
Installation
Lotus Connections Plugin for Lotus Notes
v
v
v
v
Lotus
Lotus
Lotus
Lotus
Connections
Connections
Connections
Connections
Plugin
Plugin
Plugin
Plugin
for
for
for
for
Microsoft Office
Microsoft Outlook
Microsoft Windows Explorer
WebSphere Portal
Chapter 1. Installing
15
Related concepts
“Deployment options” on page 6
Lotus Connections supports a flexible set of deployment scenarios. Simple
topology diagrams are provided to help you understand the basic concepts of the
Lotus Connections architecture.
“Planning the installation” on page 3
Before installing Lotus Connections, study the system requirements that are
required to perform the installation.
Related tasks
“The installation process” on page 1
Review the steps that are required to install Lotus Connections.
Installing a pilot deployment
Install a pilot deployment of Lotus Connections to evaluate its features and
benefits.
A pilot deployment minimizes administration effort by simplifying configuration.
The pilot includes all the ancillary software that you need to run Lotus
Connections, including IBM WebSphere Application Server and IBM DB2 Express
Edition.
The pilot is installed on a single WebSphere Application Server profile, and does
not support clustering or fail over.
If you decide to move from the pilot to a production deployment, you can migrate
data from the pilot.
What's included in the pilot deployment
The pilot includes the following software:
v WebSphere Application Server version 6.1.0.23 and all required fix packs
v DB2 Express Edition version 9.5 Fix Pack 3
v One or more Lotus Connections features: Activities, Blogs, Communities, Dogear,
Files, Home page, Mobile, News, Profiles, Search, or Wikis
v IBM Tivoli Directory Integrator 6.1.1 Fix Pack 6
v Preconfigured DB2 databases for each installed feature
v A prepopulated Profiles database with user data
Hardware and software requirements
The hardware requirements of a pilot installation are like those of a single-server
production installation, except that you need only one system on which to install
the product. For more information, see the Hardware and software requirements topic.
The pilot version is available for Microsoft Windows Server 2003 Standard and
Enterprise Edition, SP2. No other operating systems are supported.
Limitations on adding features to an existing pilot deployment
If you install some features now and later decide that you want to use the
remaining features, you cannot add them to an existing pilot deployment. Instead,
you must remove the existing pilot deployment and reinstall it. This limitation
16
IBM Lotus Lotus Connections 2.5 Installation Guide
means that you lose any user data that you created in the pilot deployment. To
avoid losing data, install all the features when you install the pilot for the first
time. During the installation procedure, you can choose to deploy only those
features that you want to evaluate. You can deploy the remaining features at any
time.
Related concepts
“Pilot deployment” on page 7
Use this deployment for test and evaluation purposes only. A pilot deployment
provides a quick and easy way for you to preview the features and benefits of
Lotus Connections. This basic environment provides you with an opportunity to
learn which of the Lotus Connections features might be most appropriate in your
enterprise.
“Migrating a pilot to a production deployment” on page 329
A pilot deployment is ideal for evaluating Lotus Connections. After evaluation is
complete, you can migrate the pilot deployment to a production deployment.
Creating a user information file
Use actual user identities with the pilot deployment of Lotus Connections.
About this task
The pilot deployment uses the IBM WebSphere Application Server identity
manager (WIM) to provide a sample user repository. To use actual user data, you
can populate the pilot user repository by specifying a user information file during
installation. This procedure is essential if you plan to migrate the pilot to a
production deployment because the LDAP directory in the production deployment
requires actual user data.
You can add user data during or after installation. For more information about
adding user data after installation, see the Adding actual users to the pilot topic.
Before you can register actual users, you must create a user information file, a text
file with attributes that define the users. To create a user information file, complete
the following steps:
Note: If you plan to migrate user data from the pilot deployment to a production
deployment, the email addresses for actual users must already exist in your LDAP
directory.
Procedure
1. Open a text editor application.
2. Enter information about each user on a single line. Use the following format:
<attribute1_name>=<attribute1_value>,<attribute2_name>=<attribute2_value>
Separate each name-value pair with a comma (,) symbol.
3. For each user that you add, provide the following name-value pairs:
uid
unique ID for logging into Lotus Connections. For example: uid=jdoe
pwd
encrypted password for the user and stored in the WIM file. Example:
pwd=passw0rd
cn
common name (given name and family name) of the user. For example:
cn=John Doe. This field supports non-ASCII characters
Chapter 1. Installing
17
sn
surname (family name) of the user. For example: sn= Doe. This field
supports non-ASCII characters
mail
e-mail address of the user. For example: [email protected]
The full entry for a user with all attributes is shown in the following example:
uid=jdoe,pwd=passw0rd,cn=John Doe,sn=Doe,[email protected]
4. Optional: For each user that you include in the file, you can add one or more of
the following additional attributes:
Option
Description
description
Job description.
displayName
Screen name.
Note: A syntax of last name, first name is
not supported because the comma is a value
pair delimiter.
facsimileTelephoneNumber
Business fax number.
givenName
User's first name.
manager
The unique ID (PROF_UID) of the user's
manager. For example: manager=jdoe
mobile
User's phone number. For example:
mobile=12345678
pager
Business pager number.
secretary
The unique ID (PROF_UID) of the user's
assistant. For example: secretary=rdoe
telephoneNumber
Business phone number.
5. Save and close the text file using UTF-8 encoding. Make a note of its location.
Example
This is a sample user data text file:
# ** Lotus Connections pilot installation user data text file **
uid=jdoe,pwd=passw0rd,cn=John Doe,sn=Doe,[email protected]
uid=mdoe,pwd=f00bar,cn=Mary Doe,sn=Doe,[email protected],
description=Sales Manager
uid=bdoe,pwd=barf00,cn=Robert Doe,sn=Doe,[email protected],
displayName=Bob Doe
uid=jgreen,pwd=pword1,cn=John Green,sn=Green,[email protected],
givenName=Jack
uid=jbrown,pwd=secretpword,cn=John
Brown,sn=Brown,[email protected], manager=mdoe
uid=jblack,pwd=apw0rd,cn=John Black,sn= Black,[email protected],
telephoneNumber=1234567890
Note: To comment out a line of data, preface the comment with the # symbol.
18
IBM Lotus Lotus Connections 2.5 Installation Guide
What to do next
When you run the pilot installation wizard, use this file to add actual user data to
Lotus Connections. Alternatively, you can add the actual user data after
installation.
Related tasks
“Migrating a pilot deployment” on page 330
Migrate a pilot deployment to a production deployment.
“Installing the pilot deployment”
Install the pilot deployment of Lotus Connections to evaluate the product in a
stand-alone deployment. This type of installation is suitable for product evaluation
purposes only and is not intended for use in a production environment.
“Using Single sign-on LTPA keys” on page 210
Use single sign-on (SSO) with Lightweight Third-Party Authentication (LTPA) to
allow Lotus Connections users to re-use their authentication details for accessing
Profiles data and Communities membership.
Installing the pilot deployment
Install the pilot deployment of Lotus Connections to evaluate the product in a
stand-alone deployment. This type of installation is suitable for product evaluation
purposes only and is not intended for use in a production environment.
Before you begin
Provide actual user data if you plan to migrate from the pilot installation to a
production installation. To provide actual user data, create a user information file
before you begin the pilot installation. Alternatively, you can add a user
information file to the pilot user repository after the installation. For more
information about actual user data, see the Creating a user information file and
Adding actual users to the pilot topics.
The pilot is supported on Microsoft Windows Server 2003. Other operating systems
are not supported.
The system on which you install the pilot must have at least six GB of free space.
Lotus Connections creates a system user in Windows 2003 for DB2 usage. If your
system has an active Windows password policy, you must specify a password
during the pilot installation that complies with the policy, otherwise the pilot
installation fails to install DB2. To resolve this potential problem, perform one of
the following actions:
v Specify a password that complies with your Windows password policy
v Disable the Password must meet complexity requirements setting
About this task
The pilot installation places all Lotus Connections features on a single system. It
also installs the following supporting software packages:
v IBM DB2 Express Edition: Database repository that is prepopulated with sample
user data.
v IBM WebSphere Application Server: Web application server.
To install a Lotus Connections pilot deployment, complete the following steps:
Chapter 1. Installing
19
Procedure
1. Remove any existing installations of WebSphere Application Server from the
system on which you are installing the pilot.
2. Remove any existing installations of DB2 and any DB2-related user or group
IDs.
3. Grant administrator access to the user ID that you use to install the pilot and
create the DB2 database:
a. From the Control Panel, select Administrative Tools → Computer
Management.
b. From the Computer Management console, select System Tools → Local
Users and Groups → Groups.
c. Double-click Administrators to open its properties window. The current
administrators are displayed in the Members field.
d. Click Add.
e. In the Object names field, enter the user ID that you want to add and click
OK.
Note: If the target user ID is not found, create the new user ID or ask
your system administrator to add it.
f. Click OK.
4. Optional: You can create a domain in Windows Server 2003 and install the
pilot in the domain. If you plan to log in as a domain user, add the domain
user ID to a DB2 administrator group:
a. From the Control Panel, select Administrative Tools → Computer
Management.
b. From the Computer Management console, select System Tools → Local
Users and Groups.
c. Right-click Groups and select New Group.
d. Enter DB2ADMNS in the Group Name field. Click Create and then click
Close.
e. Right-click the new group and select Properties.
f. Click Add.
g. In the Object names field, enter the user ID that you want to add and click
OK.
Note: If the target user ID is not found, create a new user ID and repeat
these steps or ask your system administrator to add the new user ID.
h. Click OK.
5. Optional: (If you are installing the product from the DVD, you can skip this
step.) Download the Lotus Connections installation program from the Lotus
Connection Web site and double-click it to extract the setup files.
This step creates a directory named Lotus_Connections_Pilot_Install, which
contains the installation files.
Note: If you are installing the product from the DVD, you can skip this step.
6. Open the Lotus_Connections_Pilot_Install directory, and then double-click
the install.bat file to start the installer.
7. Select an installation language and click OK.
8. On the Welcome page, click Launch Information Center to open the Lotus
Connections Information Center in a browser. Click Next to continue.
20
IBM Lotus Lotus Connections 2.5 Installation Guide
9. Review and accept the Lotus Connections license agreement by clicking the I
accept both the IBM and non-IBM terms. Click Next.
10. Specify the directory where you want to install Lotus Connections: you can
accept the default directory, enter a new directory name, or click Browse to
select an existing directory. All the prerequisite software, including WebSphere
Application Server and DB2, is installed into this directory.
11. Specify an administrative user ID.You can accept the default value or enter a
new value. Enter a password and click Next.
Note: There are three user IDs in the Lotus Connections pilot:
v WebSphere Application Server administrative user ID
v DB2 Express Edition administrative user ID
v DB2 user ID for accessing the features database
By default, all the user IDs are predefined as lcuser and all three user IDs
share the same password that you enter in this step.
You can change the administrative user ID for WebSphere Application Server
and DB2 Express, although you cannot change the default DB2 user ID for
accessing the features database. Any new administrative user ID that you
specify must be a new Windows ID. You can use the new IDs to log into the
WebSphere Application Server Integrated Solutions Console to configure and
manage Lotus Connections features, or to administer the DB2 instance, create
schema definitions, and set up access to the databases for Lotus Connections
features.
12. Select the check boxes next to the features that you want to install and Click
Next. You can select from the following options:
Option
Description
Activities
Collaborate with colleagues
Blogs
Write personal perspectives about projects
Communities
Discuss projects in the user forums
Dogear
Bookmark useful Web sites
Files
Share files
Profiles
Find people in the organization
Wiki
Share and edit information
Notes:
v You cannot add a feature to an existing pilot installation. You should install
all the features now that you plan to use. If you install only a subset of
features but then ant to use more features, you must uninstall and reinstall
the pilot deployment.
v If you install discussion forums in the Communities feature, single sign-on
is automatically enabled.
13. Select the extended features that you want to install and click Next. You can
select from the following options:
Chapter 1. Installing
21
Option
Description
Home page
Access all features from a central point. The availability of
this feature is determined by the features that you selected
in the previous step.
Mobile
Access Lotus Connections from mobile devices. The mobile
feature is only available for installation if you selected
Activities, Blogs, or Profiles in the previous step. .
Search
Search Lotus Connections data
News
Stay informed about updates
Note: The Home page and Mobile features rely on the features that you
selected in the previous step. The Search and News features provide services
to the features that you selected in the previous step.
14. Accept the default host name for the WebSphere Application Server or enter a
different host name. This host name forms the Web address that you use to
access the features. Click Next.
15. Review the installation summary to ensure that the values you entered on
previous screens are correct. If you want to make a change, click Back to edit
a value. Otherwise, click Next to begin the installation.
16. After the installation has completed successfully, click Next.
17. On the user registration page, you can either accept the default users.txt file to
use sample user data or click Browse to retrieve the user information file
containing actual user data that you created previously. Click Next.
See Creating a user information file for details about how to provide actual user
data.
18. Click Finish to close the installation wizard and start the server that hosts the
features.
Results
The content stores for each feature are created in the following file locations:
Table 3. Data directories for features
22
Feature
Directory (samples only)
Description
Activities
content files
C:\Program Files\LotusConnections\
Data\ activities\contentstore
Content directory to store files
uploaded to Activities by
users. This is additional
storage space outside the
database and stores files such
as images.
Activities
statistics files
C:\Program Files\LotusConnections\
Data\ activities\statistic
Content directory to store files
uploaded to Activities by
users. This is additional
storage space outside the
database and stores files such
as images.
IBM Lotus Lotus Connections 2.5 Installation Guide
Table 3. Data directories for features (continued)
Feature
Directory (samples only)
Description
Blogs upload
files
C:\Program Files\LotusConnections\
Data\blogs\upload
File upload directory for
adding files such as images to
Blogs.
These files can be very large,
so you should ensure that the
directory has enough disk
space
Communities
discussion
forum content
C:\Program Files\LotusConnections\
Data\communties\content
Content store for the
discussion forums, storing
additional content such as
images and presentations
Communities
statistics files
C:\Program Files\LotusConnections\
Data\communties\statistic
Statistics files, used for storing
statistics generated by
Communities. The file format
is CSV
Dogear favicon C:\Program Files\LotusConnections\
files
Data\dogear\favorite
Favicon files directory, used
for the favicons (favorite icons)
that are generated by Dogear
users
Files
C:\Program Files\LotusConnections\
Data\files\contentstore
Files content
Profiles cache
C:\Program Files\LotusConnections\
Data\profiles\cache
Cached files
Profiles
statistics files
C:\Program Files\LotusConnections\
Data\profiles\statistic
Statistics files, used for storing
statistics generated by Profiles.
The file format is CSV
Search index
files
C:\Program Files\LotusConnections\
Data\search\index
Search index files
Search index
C:\Program Files\LotusConnections\
Data\search\index
Search index files
Wikis content
files
C:\Program Files\LotusConnections\
Data\wikis\contentstore
Wikis content
What to do next
Log into Lotus Connections and begin evaluating the product. For more
information, see the Accessing the pilot deployment topic.
If you plan to use the Blogs feature, you need to configure the feature before you
can start creating blogs. For more information, see the Configuring Blogs topic.
Related tasks
“Creating a user information file” on page 17
Use actual user identities with the pilot deployment of Lotus Connections.
Accessing the pilot deployment
Log into and evaluate the pilot deployment of Lotus Connections.
Chapter 1. Installing
23
Before you begin
Ensure that WebSphere Application Server is running.
About this task
To access and use Lotus Connections, complete the following steps:
Procedure
1. Open a Web browser and navigate to one of the following Web addresses:
Activities
http://<WebSphere_Application_Server_hostname>:9080/activities
Blogs
http://<WebSphere_Application_Server_hostname>:9080/blogs
Communities
http://<WebSphere_Application_Server_hostname>:9080/communities
Dogear
http://<WebSphere_Application_Server_hostname>:9080/dogear
Files
http://<WebSphere_Application_Server_hostname>:9080/files
Home page
http://<WebSphere_Application_Server_hostname>:9080/homepage
Profiles
http://<WebSphere_Application_Server_hostname>:9080/profiles
Search
http://<WebSphere_Application_Server_hostname>:9080/search
Wiki
http://<WebSphere_Application_Server_hostname>:9080/wikis
where <WebSphere_Application_Server_hostname> is the host name that you
specified during the installation process.
2. Log in by completing one of the following steps:
v If you provided actual users for the pilot by creating a user information file,
enter the user ID and password of one of the users.
v If you are using sample user information, enter the credentials of one of the
sample users. There are 19 sample users and each user has the same
password, passw0rd, where the o character is replaced by a zero (0). For
example, you could use the following credentials to log in:
– User ID: mli
– Password: passw0rd
See the Changing the pilot configuration topic for more information about pilot
users and how to manage their IDs.
Note: You cannot log in with the user IDs that you provided for IBM DB2
Express Edition or WebSphere Application Server. You must log in with pilot
user credentials.
3. If you plan to use the Blogs feature, create an administrative user for Blogs. See
the Configuring an administrative user topic for details.
What to do next
For more information about using Lotus Connections, see the Using topic.
24
IBM Lotus Lotus Connections 2.5 Installation Guide
Changing the pilot configuration
Configure security and user accounts in the pilot deployment of Lotus
Connections.
Before you begin
To administer Lotus Connections from the WebSphere Application Server
Integrated Solutions Console, open a browser and navigate to the following Web
address:
http://<WebSphere_Application_Server_hostname>:9060/IBM/console
where <WebSphere_Application_Server_hostname> is the host name that you specified
during installation .
Log in using the administrative user ID and password that you specified when
you installed the pilot.
Refer to the Administering topics for additional information about administering
Lotus Connections.
About this task
To change the pilot configuration, complete the following steps:
Procedure
v The Blogs and Dogear features support SSL configurations. If you want to force
login credentials for these features, you must install the IBM HTTP Server and
Web server plug-ins, and then configure the IBM HTTP Server to support
encrypted traffic. See theConfiguring the IBM HTTP Server for SSL topic for more
information.
v You can administer the data of the pilot users, edit their passwords, and add
new users. To manage the pilot users, complete the following steps:
1. Open a browser and navigate to the WebSphere Application Server
Integrated Solutions Console.
2. Log in using the administrative user ID and password that you specified
during the pilot installation.
3. Expand Users and Groups, and then select Manage Users.
4. Click Search to view a list of pilot users.
5. From this page, you can edit user passwords or add new users.
The user names are also listed in the fileRegistry.xml file, which is stored
in the following directory:
C:\IBM\LotusConnections\WebSphere\AppServer\profiles\
AppSrv01\config\cells\<cell_name>\
Designating an administrative user for a pilot deployment
The installation wizard creates a default administrative user for each feature called
connectionsAdmin and assigns the search-admin role to that user. If necessary,
grant administrative access to more users for a Lotus Connections feature.
Chapter 1. Installing
25
Before you begin
If you do not need more administrative users for any of the features, then you do
not need to perform this task.
About this task
You can grant administrative access to users who are allowed to configure
designated features. Without administrative access to the Home page, for example,
you cannot add, enable, or disable widgets. Similarly, without administrative
access to Blogs, you cannot configure a home page for the Blogs feature.
To grant administrative access to a user for a feature, complete the following steps:
Procedure
1. From the WebSphere Application Server Integrated Solutions Console, select
Applications → Enterprise Applications.
2. Click the link to the feature for which you want to provide administrative
access.
3. In the Detail Properties area, click Security role to user/group mapping.
4. To map a user to the administrative role, select the check box beside the
admin role, and then click Look up users or Look up groups.
5. In the Search String field, type the name of the user that you would like to
designate as an administrator, and then click Search.
6. Select the user's ID from the Available field, and then move it to the Selected
column by clicking the right-arrow button.
7. Repeat steps 5 and 6 to add more users to the administrative role.
8. Click OK.
9. From the Enterprise Applications → <feature> → Security role to user/group
mapping page, click OK, and then click Save to save the changes.
10. Restart WebSphere Application Server.
What to do next
Repeat this procedure to add an administrative user for another feature.
Adding actual users to the pilot
Add actual users to the pilot installation if you plan to migrate to a production
installation of Lotus Connections.
Before you begin
You must create a user information file before you can complete this procedure.
For more information, see the Creating a user information file topic.
About this task
Perform this procedure if you already installed the pilot version of Lotus
Connections and used sample user data.
To add actual users to the repository, complete the following steps:
26
IBM Lotus Lotus Connections 2.5 Installation Guide
Note: The commands in this task assume that you installed the pilot to the default
location: C:\Program Files\IBM\LotusConnections. If you specified an alternative
location, modify the commands accordingly.
Procedure
1. Open a command prompt and enter the following commands:
cd C:\Program Files\IBM\LotusConnections\WebSphere\AppServer\profiles\
AppSrv01\bin
wsadmin.bat -user <admin_user_id> -password <admin_password>
-f C:\Program Files\IBM\LotusConnections\populate\parseText.jacl
<user_info_file_path>
where:
v <admin_user_id> is the user name of the WebSphere Application Server
administrator
v <admin_password> is the password of the WebSphere Application Server
administrator
v <user_info_file_path> is the path to the user information file that you want to
add to the pilot.
v Use the following syntax to specify the file path:
c:/myusers.txt
2. Optional: (Profiles feature only.) Add actual users to the Profiles database:
a. Copy the fileRegistry.xml file from the following directory:
C:\Program Files\IBM\LotusConnections\WebSphere\AppServer\profiles\
AppSrv01\config\cells\<host_name>Node01Cell
where <host_name> is the host name of the WebSphere Application Server.
Paste the file into the following directory:
C:\Program Files\IBM\LotusConnections\TDISOL\
b. Add a valid password to the profiles_tdi.properties file so that you can
update the Profiles database:
1) Navigate to the C:\Program Files\IBM\LotusConnections\TDISOL
directory and open the profiles_tdi.properties file with a text editor.
2) Update the {protect}-dbrepos_password attribute with the database
password.
c. Populate the Profiles database with the users that are defined in the
fileRegistry.xml file:
1) Navigate to the following directory:
C:\Program Files\IBM\LotusConnections\TDISOL\samples\
2) Double-click the populate_from_xml_file.bat file.
d. Update the database with location information:
1) Navigate to the following directory:
C:\Program Files\IBM\LotusConnections\TDISOL\
2) Double-click the fill_country.bat file.
e. For security reasons, remove the password from the
profiles_tdi.properties file:
1) Navigate to the C:\Program Files\IBM\LotusConnections\TDISOL
directory and open the profiles_tdi.properties file with a text editor.
2) Remove the password in the {protect}-dbrepos_password attribute.
Chapter 1. Installing
27
Related tasks
“Migrating a pilot deployment” on page 330
The steps required to migrate a pilot deployment to a production deployment
depend on the features installed with the pilot deployment.
Uninstalling a pilot deployment
Uninstall a pilot deployment of IBM Lotus Connections.
When you have finished evaluating Lotus Connections, uninstall the product and
ancillary software such as IBM WebSphere Application Server and IBM DB2
Express Edition.
Alternatively, you can remove features that you do not use and continue to
evaluate the remaining features.
Related concepts
“Pilot deployment” on page 7
Use this deployment for test and evaluation purposes only. A pilot deployment
provides a quick and easy way for you to preview the features and benefits of
Lotus Connections. This basic environment provides you with an opportunity to
learn which of the Lotus Connections features might be most appropriate in your
enterprise.
“Migrating a pilot to a production deployment” on page 329
A pilot deployment is ideal for evaluating Lotus Connections. After evaluation is
complete, you can migrate the pilot deployment to a production deployment.
Removing features from a pilot deployment
Use this procedure to remove a subset of the features that you installed in the pilot
deployment of IBM Lotus Connections.
Before you begin
This procedure removes a subset of features from the pilot deployment. It does not
remove all of the features nor does it remove supporting software such as IBM
WebSphere Application Server or IBM DB2 Express Edition. If you want to remove
all of the pilot features, perform the steps in Removing a pilot installation instead of
continuing with this procedure.
About this task
To remove a subset of features from a pilot deployment, complete the following
steps:
Procedure
1. Stop the instance of WebSphere Application Server that is hosting the pilot
deployment.
2. Stop all DB2-related processes that are running on the system. From the Start
menu, select Control Panel → Administrative Tools → Services, and then look
for DB2-related processes. To stop a process, right-click the service, and then
click Stop.
3. From the directory where you installed the pilot, expand the uninstall
directory, and double-click the uninstall.bat file.
4. Specify the language that you want to use in the uninstallation wizard, and
click OK.
28
IBM Lotus Lotus Connections 2.5 Installation Guide
5. On the Welcome page, click Next.
6. Select the check boxes next to the features that you want to remove. Do not
select the prerequisite software check box; that software supports the remaining
features. Click Next.
7. Review the summary page. Click Back to return to the previous page and make
changes, or click Next to continue.
8. From the uninstallation summary page, click Next.
Review the messages that are generated during the removal process by opening
the lcuninstalllog.txt log file from the C:\Documents and
Settings\<user>\Local Settings\Temp directory.
9. Click Finish to exit the wizard.
Removing a pilot deployment
Uninstall a pilot deployment of IBM Lotus Connections.
Before you begin
If you plan to migrate from the pilot to a production deployment, perform the
migration before completing this procedure. For more information, see the
Migrating a pilot deployment topic.
If you want to remove only a subset of Lotus Connections features, complete the
steps in the Removing features from a pilot deployment topic.
About this task
Use the pilot uninstallation wizard to remove the pilot deployment and supporting
software from the system. The wizard removes Lotus Connections and IBM
WebSphere Application Server. It also removes IBM DB2 Express Edition, but
leaves the feature databases on the system. You can remove the databases after you
migrate to a production deployment or decide that you no longer need the data.
Note: Do not remove WebSphere Application Server or DB2 before removing
Lotus Connections. You might not be able to remove the pilot features from the
system if these supporting software products are no longer installed.
To remove the pilot deployment, complete the following steps:
Note: This procedure assumes that you installed the pilot to the default directories,
such as C:\Program Files\IBM\LotusConnections.
Procedure
1. Stop the instance of WebSphere Application Server that is hosting the pilot
deployment.
2. Stop all DB2-related processes that are running on the server. From the Start
menu, select Control Panel → Administrative Tools → Services, and then look
for DB2-related processes. To stop a process, right-click the service, and then
click Stop.
3. From the directory where you installed the pilot, expand the uninstall
directory, and double-click the uninstall.bat file.
4. Specify the language that you want to use for the uninstallation wizard, and
then click OK.
5. On the Welcome page, click Next.
Chapter 1. Installing
29
6. Select the check box next to each feature, and then select the check boxes for
the prerequisite software. Click Next. You are prompted with the following
message: "Selection to uninstall the prerequisite software means all
features installed will be uninstalled. Do you want to continue?" Click
Yes. Another message reminds you to back up and asks if you want to
continue. Click Yes.
7. Review the summary page. Click Back to return to previous pages and make
changes, or click Next to continue.
8. After the features are removed, click Next. The prerequisite software is
removed next.
Review the messages that are generated during the removal process by
opening the lcuninstalllog.txt log file from the C:\Documents and
Settings\<user>\Local Settings\Temp directory.
9. Optional: To remove any remaining artifacts of the pilot deployment from the
system, complete the following steps:
a. Delete the C:\DB2 directory.
b. Delete the Windows DB2ADMNS and DB2USERS group IDs.
c. Delete the Windows lcuser user ID.
Note: If you specified non-default users or groups for Lotus Connections,
delete those users, groups, and any associated directories.
d. Restart the system.
e. Delete the C:\Documents and Settings\lcuser directory.
f. Delete the C:\Program Files\IBM\LotusConnections directory.
10. Click Finish to exit the wizard.
Related tasks
“Uninstalling a stand-alone deployment” on page 193
Uninstall a stand-alone deployment of Lotus Connections from your system.
Pre-installation tasks
Complete the following tasks before installing Lotus Connections.
These task are only necessary when you are installing Lotus Connections in
production environment. If you plan to install the pilot version of Lotus
Connections, you do not need to perform these tasks.
Preparing to configure the LDAP directory
Determine which Lightweight Directory Access Protocol (LDAP) attributes you
want to use as the identifiers for IBM Lotus Connections users.
Before you begin
Ensure that you have installed a supported LDAP directory. For more information
about supported LDAP directories, see the Lotus Connections detailed system
requirements topic.
About this task
To prepare to configure your LDAP directory with IBM WebSphere Application
Server, complete the following steps:
30
IBM Lotus Lotus Connections 2.5 Installation Guide
Procedure
1. Identify LDAP attributes to use for the following roles. If no corresponding
attribute exists, create one. You can use an attribute for multiple purposes. For
example, you can use the mail attribute to perform the login and messaging
tasks.
Display name
The cn LDAP attribute is used to display a person's name in the
product user interface. Be sure that the value you use in the cn
attribute is suitable for use as a display name.
Log in Determine which attribute or attributes you want people to be able to
use to log in to Lotus Connections. For example: uid. See Choosing log
in values for important considerations when deciding which attributes
to use.
Note: The login name must be unique in the LDAP directory.
Messaging
(Optional.) Determine which attribute to use to define the e-mail
address of a person. The e-mail address must be unique in the LDAP
directory. If a person does not have an e-mail address and does not
have an LDAP attribute that represents the e-mail address, that person
cannot receive notifications.
Global unique identifier
Determine which attribute to use as the unique identifier of each
person and group in the organization. This value must be unique across
the organization.
Note: You should not allow the guid of a user in the system to change.
If you must change the guid, the user will not have access to their data
until you re-synchronize the LDAP and Lotus Connections databases
with the new guid.
By default, WebSphere Application Server reserves the following
attributes to serve as the unique identifier for the given LDAP directory
servers:
v IBM Tivoli Directory Server:
ibm-entryUUID
v Microsoft Active Directory:
objectGUID
If you are using Active Directory, remember that the
samAccountName attribute has a 20-character limit; other IDs used
by Lotus Connections have a 256-character limit.
v Microsoft Active Directory Application Mode (ADAM):
objectGUID
To use objectSID as the default for ADAM, add the following line to
the <config:attributeConfiguration> section of the wimconfig.xml file:
<config:externalIdAttributes
name="objectSID" syntax="octetString"/>
v IBM Domino Enterprise Server:
dominoUNID
Chapter 1. Installing
31
Note: If the bind ID for the Domino LDAP does not have sufficient
manager access to the Domino directory, the Virtual Member
Manager (VMM) does not return the correct attribute type for the
Domino schema query; DN is returned as the VMM ID. To override
VMM's default ID setting, add the following line to the
<config:attributeConfiguration> section of the wimconfig.xml file:
<config:externalIdAttributes
name="dominoUNID"/>
v Sun Java System Directory Server:
nsuniqueid
v eNovell Directory Server:
GUID
v Custom ID:
If your organization already uses a unique identifier for each user
and group, you can configure Lotus Connections to use that. For
more information, see the Specifying a custom ID attribute for users or
groups topic.
The wimconfig.xml file is stored in the following location:
AIX
/usr/IBM/WebSphere/AppServer/profiles/<profile_name>/
config/cells/ <cell_name>/wim/config
Linux /opt/IBM/WebSphere/AppServer/profiles/<profile_name>/
config/cells/ <cell_name>/wim/config
Microsoft Windows
<drive>:\IBM\WebSphere\AppServer\profiles\<profile_name>\
config\cells\ <cell_name>\wim\config
2. Collect the following information about your LDAP directory before
configuring it for WebSphere Application Server:
v Directory Type. Identifies and selects a directory service from the available
vendors and versions.
v Primary host name
v Port
v Bind distinguished name
v Bind password
v Certificate mapping
v Certificate filter, if applicable.
v LDAP entity types or classes. Identifies and selects LDAP object classes. For
example, select the LDAP inetOrgPerson object class for the Person Account
entity, or the LDAP groupOfUniqueNames object class for the Group entity.
v Search base. Identifies and selects the distinguished name (DN) of the LDAP
subtree as the search scope. For example, select o=ibm.com to allow all
directory objects underneath this subtree node to be searched. For example:
Group, OrgContainer, PersonAccount, or inetOrgPerson.
32
IBM Lotus Lotus Connections 2.5 Installation Guide
Related reference
“Lotus Connections detailed system requirements” on page 13
A variety of hardware and software is required to run IBM Lotus Connections.
Choosing log in values
Determine which LDAP attribute or attributes you want people to use to log in to
IBM Lotus Connections.
The following scenarios are supported:
Single LDAP attribute with a single value
For example: uid=jsmith.
Multiple LDAP attributes, each with a single value
To specify multiple attributes, separate them with a semicolon when you
enter them in the Login properties field (while adding the repository to
IBM WebSphere Application Server). For example, where uid=jsmith and
[email protected], you would enter: uid; mail.
Single LDAP attribute with multiple values
For example, mail is the login attribute and it accepts two different e-mail
addresses: an intranet address and an extranet address. For example:
uid=jsmith or uid=john_smith. If you want to use multivalued attributes,
ensure that the Profiles directory services extension is enabled after you
install Lotus Connections. (This option is automatically enabled during
installation if you chose the option to use the Profiles database when
searching for users.)
Multiple LDAP attributes, each with multiple values
For example: uid=jsmith or uid=john_smith and [email protected]
or [email protected] or [email protected]<MyISP>.com.
Multiple LDAP directories
For example: One LDAP directory uses uid as the login attribute and the
other uses mail. You must repeat the steps in Setting up federated repositories
for each LDAP directory.
Specifying a custom ID attribute for users or groups
Specify custom global unique ID attributes to identify users and groups in the
LDAP directory.
Before you begin
This is an optional task.
A custom ID must meet the following requirements:
v The ID must be static and unique. It must not be reassigned across all users and
groups in the directory.
v The ID must not exceed 256 characters in length. To achieve faster search results,
use a fixed-length attribute for the ID.
Note: If you are planning to install the Files or Wikis feature, the ID cannot
exceed 252 characters in length.
v The ID must have a one-to-one mapping per directory object. You cannot use an
attribute with multiple values as a unique ID.
Chapter 1. Installing
33
About this task
By default, Lotus Connections looks for LDAP attributes to use as the global
unique IDs to identify users and groups in the LDAP directory. You can change the
default setting to use a custom ID to identify users and groups in the directory.
To specify a custom attribute as the unique ID for users or groups, complete the
following steps:
Procedure
1. From the VMM_HOME/model directory, open the wimxmlextension.xml file. If no file
with this name exists, create one.
VMM_HOME is the directory where the Virtual Member Manager files are located.
This location is set to either the wim.home system property or the
user.install.root/config/cells/local.cell/wim directory.
2. Add the definitions of the new property types and the entity types to which
they apply. Ensure that the XML is well-formed and conforms to the schema
defined in wimschema.xsd.
v To select a single ID attribute for both users and groups, use the following
sample XML, which defines a new property type called enterpriseID and
adds this property type to the PersonAccount and Group entity types:
<?xml version="1.0" encoding="UTF-8"?>
<sdo:datagraph xmlns:sdo="commonj.sdo"
xmlns:wim="http://www.example.com/websphere/wim">
<wim:schema>
<wim:propertySchema
nsURI="http://www.example.com/websphere/wim"
dataType="STRING" multiValued="false"
propertyName="enterpriseID">
<wim:applicableEntityTypeNames>PersonAccount
</wim:applicableEntityTypeNames>
</wim:propertySchema>
<wim:propertySchema
nsURI="http://www.example.com/websphere/wim"
dataType="STRING" multiValued="false"
propertyName="enterpriseID">
<wim:applicableEntityTypeNames>Group
</wim:applicableEntityTypeNames>
</wim:propertySchema>
</wim:schema>
</sdo:datagraph>
v To use two different ID attributes, one for users and a different one for
groups, use the following sample XML, which defines a property type called
customUserID and adds it to the PersonAccount entity type, and also defines
a property type called customGroupID and adds it to the Group entity type:
<?xml version="1.0" encoding="UTF-8"?>
<sdo:datagraph xmlns:sdo="commonj.sdo"
xmlns:wim="http://www.example.com/websphere/wim">
<wim:schema>
<wim:propertySchema
nsURI="http://www.example.com/websphere/wim"
dataType="STRING" multiValued="false"
propertyName="customUserID">
<wim:applicableEntityTypeNames>PersonAccount
</wim:applicableEntityTypeNames>
</wim:propertySchema>
<wim:propertySchema
nsURI="http://www.example.com/websphere/wim"
dataType="STRING" multiValued="false"
propertyName="customGroupID">
34
IBM Lotus Lotus Connections 2.5 Installation Guide
<wim:applicableEntityTypeNames>Group
</wim:applicableEntityTypeNames>
</wim:propertySchema>
</wim:schema>
</sdo:datagraph>
Note: The customUserID and customGroupID properties are not related to the
properties of the login ID.
3. Add the new property types to each repository adapter. Open the
wimconfig.xml file in a text editor.
Option
Description
AIX
/usr/IBM/WebSphere/AppServer/profiles/
<profile_name>/config/cells/
<cell_name>/wim/config
Linux
/opt/IBM/WebSphere/AppServer/profiles/
<profile_name>/config/cells/
<cell_name>/wim/config
Microsoft Windows
C:\IBM\WebSphere\AppServer\profiles\
<profile_name>\config\cells\
<cell_name>\wim\config
4. Find and edit the <config:attributeConfiguration> element, adding one of the
following texts:
v To use a single ID attribute for both users and groups, using a string called
enterpriseid, add the following text:
<config:attributeConfiguration>
<config:externalIdAttributes
name="enterpriseID" syntax="String"/>
</config:attributeConfiguration>
v To use two different ID attributes, one for users and the other for groups,
add the following text:
<config:attributeConfiguration>
<config:attributes name="userPassword"
propertyName="password"/>
<config:attributes name="customUserID"
propertyName="customUserID"/>
<config:attributes name="customGroupID"
propertyName="customGroupID"/>
<config:propertiesNotSupported
name="homeAddress"/>
<config:propertiesNotSupported
name="businessAddress"/>
</config:attributeConfiguration>
5. Save and close the wimconfig.xml file.
What to do next
If you specified different ID attributes for users and groups, complete the steps in
the Configuring the custom ID attribute for users or groups topic in the
Post-installation tasks section of the information center. The steps in that task
configure Lotus Connections to use the custom ID attributes that you specified in
this task.
When you map fields in the Profiles database, ensure that you add the custom ID
attribute to the PROF_GUID field in the EMPLOYEE table. See the Mapping fields
manually topic.
Chapter 1. Installing
35
Related tasks
“Configuring the custom ID attribute for users or groups” on page 191
Configure Lotus Connections to use custom ID attributes to identify users and
groups in the LDAP directory.
“Mapping fields manually” on page 85
To populate the Profiles database with data from the enterprise LDAP directory,
map the content of the fields in the database to the fields in the LDAP directory.
Installing IBM WebSphere Application Server
Install WebSphere Application Server Network Deployment.
Before you begin
IBM WebSphere Application Server Network Deployment is provided with Lotus
Connections 2.5 and supports both stand-alone and network deployments of Lotus
Connections as well as conversion from stand-alone to network deployments.
WebSphere Application Server Base is also supported with Lotus Connections 2.5
but is not as easily scalable as the Network Deployment version.
Use the following table to determine the installation option that you should
choose:
Table 4. WebSphere Application Server Network Deployment options
Lotus Connections deployment
WebSphere Application Server Network
Deployment option
Stand-alone
Application Server
Network deployment
Note: Deployment Manager and first node
on the same system
Deployment Manager
Note: Use the Profiles Management Tool to
create an Application Server for the first
node
Network deployment
Note: Deployment Manager and first node
on separate systems
1. Deployment Manager on the system
hosting the DM
Advanced stand-alone
Notes:
2. Application Server on the system hosting
the first node. The node must be
unmanaged before you install WebSphere
Application Server.
Application Server
v If you install the News feature, you need
to manually configure the buses between
the News and other features. For more
information, see the Linking buses on
different servers topic.
v If you anticipate performing extensive
administration tasks on the servers, you
should consider installing a network
deployment instead.
After you have created the first node in a cluster, you can add subsequent nodes
by following the procedure described in the Adding subsequent nodes to a cluster
topic. You must always use a separate system to host a subsequent node.
36
IBM Lotus Lotus Connections 2.5 Installation Guide
If you plan to use multiple application server instances to host Lotus Connections
features, create them later with the Lotus Connections installation wizard. Do not
create them manually.
If you are using the Files or Wikis applications, configure IBM HTTP Server to
handle file downloads from those applications. For more information, see the
Configuring Files and Wikis downloading topic. If you choose to let the WebSphere
Application Server redirect servlet manage file downloading, you must configure
the server to transfer data synchronously instead of asynchronously. This
configuration helps avoid errors caused by using too much memory. See the
Excessive native memory use in IBM WebSphere Application Server tech note for
instructions.
About this task
To install and configure WebSphere Application Server Network Deployment,
complete the following tasks:
Procedure
1. Install WebSphere Application Server Network Deployment. For more
information, go to the WebSphere Application Server 6.1 information center.
Notes:
v Do not enable security when the installation wizard requests it. Enable
Administrative and Application Security later in this task, after you have
configured WebSphere Application Server to communicate with the LDAP
directory.
v If you are installing a Deployment Manager, configure Administrative and
Application Security on the Deployment Manager, as described in Step 4 of
this task. You also need to configure Administrative and Application Security
on each node in the cluster, as described in the Installing the first node of a
cluster and Adding subsequent nodes to a cluster topics.
2. Apply the available fix packs. See the Lotus Connections system requirements topic
for details.
3. Configure WebSphere Application Server to communicate with the LDAP
directory. For more information, see the Setting up federated repositories topic.
Note: Perform this step on the Deployment Manger admin console if you are
installing a network deployment of Lotus Connections.
4. Configure Administrative and Application Security after you have completely
installed WebSphere Application Server Network Deployment. For more
information, see the Securing Lotus Connections topic. For an overview of
application server security, go to the Security topic in the WebSphere
Application Server information center.
Note: Perform this step on the Deployment Manger admin console if you are
installing a network deployment of Lotus Connections.
5. (For network deployments of Lotus Connections only.) Increase the size of the
Java Virtual Machine (JVM) heap on the Deployment Manager to at least 512
MB. If the heap size is less than 512 MB, you are likely to encounter an
out-of-memory error while installing Lotus Connections. To increase the heap
size, go to this Troubleshooting Web page and follow the instructions for your
platform.
Chapter 1. Installing
37
Related concepts
Securing Lotus Connections
Ensure that your deployment is secure.
Related tasks
“Installing the first node of a cluster” on page 105
Install the first node of a network deployment of Lotus Connections.
“Adding subsequent nodes to a cluster” on page 116
Add more nodes to an existing cluster.
“Linking buses on different servers” on page 164
For each server containing features other than the news repository, you need to
create a link between that server and the server hosting the news repository.
“Configuring Files and Wikis downloading for production deployments” on page
184
You can make downloading files from the Files and Wikis features much more
efficient by configuring an IBM HTTP Server to handle most of the download
instead of the WebSphere Application Server. It is strongly recommended that you
configure production deployments this way.
Related reference
“Lotus Connections detailed system requirements” on page 13
A variety of hardware and software is required to run IBM Lotus Connections.
Setting up federated repositories
Use federated repositories with IBM WebSphere Application Server to manage and
secure user and group identities.
Before you begin
Ensure that you have completed the steps described in the Preparing to configure the
LDAP directory topic.
You can configure the user directory for IBM Lotus Connections to be populated
with users from more than one LDAP directory.
Important: Ensure that you meet the following guidelines for entity-object class
mapping:
v If you are using a Domino LDAP, replace the default mapping with
dominoPerson and dominoGroup object classes for person account and group
entities.
v If you are using IBM Tivoli Directory Server, decide whether your deployment
will rely on the LDAP groupOfNames or groupOfUniqueNames object class for
group entities. WebSphere Application Server uses groupOfNames by default. In
most cases, you need to delete this default mapping and create a new mapping
for group entities using the LDAP groupOfUniqueNames object class.
v If you are using the groupOfUniqueNames object class for group entities, use
the uniqueMember attribute for the group member attribute.
v If you are using the groupOfNames object class group entities, use the member
attribute for the group member attribute.
About this task
To set up federated repositories in WebSphere Application Server, complete the
following steps:
38
IBM Lotus Lotus Connections 2.5 Installation Guide
Procedure
1. Start WebSphere Application Server and log in to the WebSphere Application
Server Integrated Solutions Console by going to the following Web address:
http://<Websphere_Application_Server_host_name>:9060/ibm/console
Note: If you plan to install a network deployment of Lotus Connections on
federated nodes, perform this task on the Deployment Manager's Integrated
Solutions Console.
2. Click Log in.
Note: Security must be disabled on the WebSphere Application Server until
you have set up the federated respository.
3. Click Security → Secure Administration, applications and infrastructure.
4. Select Federated Repositories from the Available realm definitions field, and
then click Configure.
5. On the Federated Repositories page, enter an administrative user ID (for
example, wasadmin) in the Primary administrative user name field. You can
leave the other default settings, such as Realm name, unchanged.
6.
7.
8.
9.
Note: The administrative user ID must be unique, and must not exist in the
LDAP repository to be federated.
From the Server user identity area, select Automatically generated server
identity as the server user identity.
Click Apply and then type the password for the administrative user in the
Password and Confirm password fields. Click OK and then click Save to save
this setting.
Click Add Base entry to Realm, and then, on the Repository reference page,
click Add Repository.
On the New page, type a repository identifier, such as myFavoriteRepository
into the Repository identifier field.
10. Specify the directory that you are using in the Directory type field.
There are some naming discrepancies between the LDAP directories that
WebSphere Application Server supports and the LDAP directories listed in the
Directory type field of the Integrated Solutions Console. The following table
identifies which options to select to specify one of the LDAP directories
supported by Lotus Connections:
Table 5. Options to specify a supported LDAP directory
Directory type option
LDAP directory supported by Lotus
Connections
Sun ONE
Sun Java System Directory Server 5
(formerly iPlanet 5.2), 6
IBM Lotus Domino 6.5
IBM Lotus Domino 7.0.2, 8.0.2, and 8.5
Microsoft Windows Server 2003 Active
Directory
Microsoft Active Directory 2003 SP2
Microsoft Active Directory Application Mode Microsoft Active Directory Application Mode
IBM Tivoli Directory Server Version 6
IBM Tivoli Directory Server 6.0.0.3, 6.1
Novell Directory Services
eDirectory 8.8
Chapter 1. Installing
39
11. Type the host name of the primary LDAP directory server in the Primary host
name field. The host name is either an IP address or a domain name service
(DNS) name.
12. If your directory does not allow LDAP attributes to be searched anonymously,
provide values for the Bind distinguished name and Bind password fields.
For example, the Domino LDAP directory does not allow anonymous access,
so if you are using a Domino directory, you must specify the user name and
password with administrative level access in these fields.
13. Specify the login attribute or attributes that you want to use for authentication
in the Login properties field. Separate multiple attributes with a semicolon.
For example: uid;mail. See the Choosing log in values topic for information
about the types of login values that can be used.
v If you are installing Profiles and using Tivoli Directory Server, Domino, or
Sun Java System Directory Server, specify either mail, which represents the
user's e-mail address, or uid, which represents the user's ID, as the value
for this property.
v If you are installing Profiles and using Active Directory, and you use an
e-mail address as the login, specify mail as the value for this property. If
you use the samAccountName attribute as the login, specify uid as the
value for this property.
14. Click Apply, and then click Save to save this setting.
15. On the Repository reference page, the following fields represent the LDAP
attribute type and value pairs for the base element in the realm and the LDAP
repository. (The type and value pair are separated by an equal sign (=), for
example: o=acme. These can be the same value when a single LDAP
repository is configured for the realm or can be different in a multiple LDAP
repository configuration.)
Distinguished name of a base entry that uniquely identifies this set of
entries in the realm
Identifies entries in the realm. For example, cn=john doe, o=acme.
Distinguished name of a base entry in this repository
Identifies entries in the LDAP directory. For example, cn=john doe,
o=acme.
This value defines the location in the LDAP directory information tree
from which the LDAP search begins. The entries beneath it in the tree
can also be accessed by the LDAP search.
Note: If you have defined flat groups in the Domino directory, do not
enter a value in this field. Flat groups are group names such as
SalesGroup, as opposed to: cn=SalesGroup,ou=Groups. If you
configure a search base in this Step, you will not be able to access the
groups.
16. Click Apply and Save to save this setting, and then click OK to return the
Federated Repositories page.
17. In the Repository Identifier column, click the link for the repository or
repositories that you just added.
18. In the Additional Properties area, click the LDAP entity types link.
19. Click the Group entity type and modify the object classes mapping. You can
also edit the Search bases and Search filters fields, if necessary. Enter LDAP
parameters that are suitable for your LDAP directory. Click Apply, and then
click Save to save this setting.
40
IBM Lotus Lotus Connections 2.5 Installation Guide
Note: You can accept the default object classes value for Group. However, if
you are using Domino, change the value to dominoGroup.
20. Click the PersonAccount entity type and modify the default object classes
mapping. You can also edit the Search bases and Search filters fields, if
necessary. Enter LDAP parameters that are suitable for your LDAP directory.
Click Apply, and then click Save to save this setting.
Note: You can accept the default object classes value for PersonAccount.
However, if you are using Domino, change the value to dominoPerson.
21. In the navigation links at the top of the page, click the name of the repository
that you have just modified to return to the Repository page.
22. Optional: If your applications rely on group membership from LDAP,
complete the following steps:
a. Click the Group attribute definition link in the Additional Properties area,
and then click the Member attributes link.
b. Click New to create a group attribute definition.
c. Enter group membership values in the Name of member attribute and
Object class fields.
d. Click Apply, and then click Save to save this setting.
Notes:
v If you have already accepted the default groupOfNames value for Group,
then you can also accept the default value for Member.
v If you changed objectclass for Group to dominoGroup in step 16, then you
must add dominoGroup to the definition of Member.
v Consider an example of group membership attribute for using Activities:
the Member attribute type is used by the groupOfNames object class, and
the uniqueMember attribute type is used by groupOfUniqueNames.
23. If you want to support more than one LDAP directory, repeat steps 8-22 for
each additional LDAP directory.
24. Set the new repository as the current respository:
Click Secure Administration, applications and infrastructure in the
navigation links at the top of the page.
b. Select Federated Repositories from the Available realm definitions field,
and then click Set as current.
a.
c. Click Apply.
25. Enable login security on WebSphere Application Server:
a. Select the Administrative Security and Application Security check boxes.
For better performance, clear the Java 2 security check box.
b. Click Apply and then click Save to save this configuration.
The administrative user name and password are now required because you
have just set up security on WebSphere Application Server.
26. Log out of the WebSphere Application Server Integrated Solutions Console
and restart WebSphere Application Server. If you are performing this task on
the Deployment Manager console, restart that console.
27. When WebSphere Application Server is running again, log in to the Integrated
Solutions Console using your primary administrative user name and
password.
28. Optional: Test the new configuration by adding some LDAP users to the
WebSphere Application Server with administrative roles.
Chapter 1. Installing
41
29. Optional: If you are using SSL for LDAP, add a signer certificate to your trust
store by completing the following steps:
a. From the WebSphere Application Server Integrated Solutions Console,
select Security → SSL Certificate and key management → Key Stores and
certificates → CellDefaultTrustStore → Signer Certificate → Retrieve from
port.
b. Type the DNS name of the LDAP directory in the Host Name field.
c. Type the secure LDAP port in the Port field (typically 636).
d. Type an alias name, such as LDAPSSLCertificate, in the Alias field.
e. Click Apply
30. Optional: Verify that users in the LDAP directory have been successfully
added to the repository:
a. From the WebSphere Application Server Integrated Solutions Console,
select Users and Groups → Manage Users.
b. In the Search for field, enter a user name that you know to be in the
LDAP directory and click Search. If the search succeeds, you have partial
verification that the repository is configured correctly. However, this check
cannot check for the groups that a user belongs to.
Results
You have configured WebSphere Application Server to use a federated repository.
Creating databases
Create databases for the features that you plan to install. You can use the database
wizard or run the scripts that are provided with Lotus Connections.
Each Lotus Connections feature requires its own database, except Mobile, News,
and Search. Mobile does not have an associated database or content store, and the
News and Search features share the HOMEPAGE database. The database wizard
automates the process of creating databases for the features that you plan to install.
It is a more reliable method for creating databases because it validates the
databases as you create them.
Consult your database documentation for detailed information about preparing
your databases.
Note: You must have already created and started a database instance before you
can create databases.
Complete the procedures that are appropriate for your deployment:
Creating multiple database instances
Create multiple instances of a database for a more versatile database environment.
Before you begin
This task is an optional procedure. If you need only one database instance (or, in
Oracle terminology, one database), you can skip this task.
About this task
A database environment with multiple instances provides the flexibility to tune an
instance for a particular configuration. You can use different instances for
42
IBM Lotus Lotus Connections 2.5 Installation Guide
development and production, restrict access to sensitive information, and optimize
the database manager configuration for each instance. For example, if you need to
reconfigure one of the instances, you can restart just that instance instead of the
whole system. If you must take an instance offline, only the databases that are
hosted on that instance are unavailable during the outage, while your other
databases are unaffected.
Creating multiple instances requires additional system resources.
DB2 only. If you are hosting DB2 on a single 32-bit database server, consider
creating multiple DB2 instances. A single DB2 instance on a 32-bit system can
manage a maximum of 2 GB of data in memory and this limit can become a
constraint if you install multiple Lotus Connections features. At a minimum, create
two DB2 instances when you are installing all the features, but also consider
creating separate instances for the Activities and Communities databases because
they are typically the most memory-intensive databases. Ideally, you should install
one DB2 instance per Lotus Connections feature.
Note: The Home page, News, and Search features share the same database so you
must create only one instance to accommodate those features.
To create multiple instances of a database, complete the following steps:
Procedure
Choose your database type:
v DB2
– AIX:
An instance and user called db2inst1 are created during DB2 installation.
1. Create a group for DB2:
mkgroup db2iadm1
2. Create more users for DB2:
mkuser
mkuser
mkuser
mkuser
mkuser
mkuser
mkuser
groups=db2iadm1
groups=db2iadm1
groups=db2iadm1
groups=db2iadm1
groups=db2iadm1
groups=db2iadm1
groups=db2iadm1
db2inst2
db2inst3
db2inst4
db2inst5
db2inst6
db2inst7
db2inst8
passwd
passwd
passwd
passwd
passwd
passwd
passwd
db2inst2
db2inst3
db2inst4
db2inst5
db2inst6
db2inst7
db2inst8
3. Create more DB2 instances:
Log in with root user and go to /opt/IBM/db2/V9.5/instance.
./db2icrt
./db2icrt
./db2icrt
./db2icrt
./db2icrt
./db2icrt
./db2icrt
-u
-u
-u
-u
-u
-u
-u
db2inst2
db2inst3
db2inst4
db2inst5
db2inst6
db2inst7
db2inst8
db2inst2
db2inst3
db2inst4
db2inst5
db2inst6
db2inst7
db2inst8
4. Set the port number of the instance:
Edit the/etc/services file and add the following line:
db2c_<instance_name> <instance_port>/tcp
where <instance_name> is the name of the instance and <instance_port> is
the port number for the instance.
5. Set the communication protocols for the instance:
Chapter 1. Installing
43
db2 update database manager configuration using svcename db2c_<instance_name>
db2set DB2COMM=tcpip
db2stop
db2start
6. Edit your firewall configuration to allow the new instance to communicate
through its listening port.
– Linux:
An instance called db2inst1 is created during DB2 installation, along with
three users: db2inst1, db2fenc1, and dasusr1.
1. Create groups for DB2:
groupadd -g 999 db2iadm1
groupadd -g 998 db2fadm1
groupadd -g 997 dasadm1
2. Create users for DB2:
useradd
useradd
useradd
useradd
useradd
useradd
useradd
useradd
useradd
useradd
-u
-u
-u
-u
-u
-u
-u
-u
-u
-u
1100
1101
1102
1103
1104
1105
1106
1107
1107
1107
-g
-g
-g
-g
-g
-g
-g
-g
-g
-g
db2iadm1
db2fadm1
dasadm1
db2iadm1
db2iadm1
db2iadm1
db2iadm1
db2iadm1
db2iadm1
db2iadm1
-m
-m
-m
-m
-m
-m
-m
-m
-m
-m
-d
-d
-d
-d
-d
-d
-d
-d
-d
-d
/home/db2inst1
/home/db2fenc1
/home/dasadm1
/home/db2inst2
/home/db2inst3
/home/db2inst4
/home/db2inst5
/home/db2inst6
/home/db2inst7
/home/db2inst8
db2inst1
db2fenc1
dasusr1
db2inst2
db2inst3
db2inst4
db2inst5
db2inst6
db2inst7
db2inst8
-p
-p
-p
-p
-p
-p
-p
-p
-p
-p
passw0rd
passw0rd
passw0rd
passw0rd
passw0rd
passw0rd
passw0rd
passw0rd
passw0rd
passw0rd
3. Create new DB2 instances:
Log in with root user and go to /opt/ibm/db2/V9.5/instance.
./db2icrt
./db2icrt
./db2icrt
./db2icrt
./db2icrt
./db2icrt
./db2icrt
./db2icrt
-u
-u
-u
-u
-u
-u
-u
-u
db2fenc1
db2fenc1
db2fenc1
db2fenc1
db2fenc1
db2fenc1
db2fenc1
db2fenc1
db2inst1
db2inst2
db2inst3
db2inst4
db2inst5
db2inst6
db2inst7
db2inst8
4. Set the port number of the instance:
Edit the /etc/services file and add the following line:
db2c_<instance_name> <instance_port>/tcp
where <instance_name> is the name of the instance and <instance_port> is
the port number for the instance.
5. Log in as the database instance and set the communication protocols for
the instance:
su - db2inst1
db2 update database manager configuration using svcename
db2c_<instance_name>
db2set DB2COMM=tcpip
db2stop
db2start
6. Edit your firewall configuration to allow the new instance to communicate
through its listening port.
– Microsoft Windows:
1. Create an instance by running the following command:
db2icrt <instance_name> -s ese -u <db2_admin_user>
2. Set the port number of the instance:
Edit the C:\WINDOWS\system32\drivers\etc\services file and add the
following line:
44
IBM Lotus Lotus Connections 2.5 Installation Guide
db2c_<instance_name> <instance_port>/tcp
where <instance_name> is the name of the instance and <instance_port> is
the port number for the instance.
3. Set the communication protocols for the instance:
db2 update database manager configuration using svcename
db2c_<instance_name>
db2set DB2COMM=npipe,tcpip
db2stop
db2start
4. Set the current instance parameter:
set DB2INSTANCE=<instance name>
5. Edit your firewall configuration to allow the new instance to communicate
through its listening port.
v Oracle:
Each database is a database instance.
Use the Oracle Database Configuration Assistant (DBCA) to create Oracle a new
database:
1. Open the DBCA tool:
– AIX or Linux:
a. Change login user to oracle
b. $ export [[ORACLE_HOME]]=...
c. $ export PATH=$PATH:$ORACLE_HOME/bin
d. $ export DISPLAY=<hostname:displaynumber.screennumber>
Note: where <hostname:displaynumber.screennumber> represents the
client system, monitor number, and window number. For example:
localhost:0.0
e. $ dbca &
– Windows:
a. Click Start
b. Select Oracle → OraDB10g_Home1 → Configuration and Migration
Tools → Database Configuration Assistant
2. On the Operations page, accept the default option to Create a database and
click Next.
3. On the Database Templates page, accept the General Purpose default
option and click Next.
4. On the Database Identification page, enter LSCONN in the Global Database
Name and SID fields and click Next.
5. On the Management Options page, accept the default option to Configure
the database with Enterprise Manager and click Next.
6. On the Database Credentials page, enter the database password and click
Next.
7. On the Storage Options page, accept the File System storage option and
click Next.
8. On the Database File Locations page, accept the Database File Locations
from Template default option and click Next.
9. On the Recovery Configuration page, accept the Specify Flash Recovery
Area default option and click Next.
10. On the Database Content page, accept the defaults and click Next.
Chapter 1. Installing
45
11. On the Initialization Parameters page, click the Character Sets tab and select
the Use Unicode (AL32UTF8) option. Click Next.
12. On the Database Content page, accept the defaults and click Next.
13. On the Creation Options page, accept the Create Database default option
and click Next.
v SQL Server
1. Run the SQL Server installation wizard. On the Instance Name panel of the
installation wizard, select Named instance, and then specify a new instance
name in the field.
2. Edit your firewall configuration to allow the new instance to communicate
through its listening port.
Notes:
– Use the same collation that you are using for the feature databases:
Latin1_General_BIN
– For Authentication mode, use Mixed Mode (Windows Authentication and
SQL Server Authentication)
– If you receive any warnings or errors from the System Configuration Check
dialog, correct them from the SQL Server 2005 instance installation
For more information, go to the Microsoft SQL Server Developer Center Web site
to view the SQL Server documentation:
What to do next
When you create multiple database instances, you must install the databases on
each instance. If you are using the wizard to install the databases, you must
prepare and run the database wizard once for each instance and if you are using
the scripts to install the databases, you must run the scripts once for each instance.
Related reference
http://publib.boulder.ibm.com/infocenter/db2luw/v9/topic/
com.ibm.db2.udb.admin.doc/doc/c0004900.htm
Registering the DB2 product license key
Register the DB2 product license key for the version of DB2 that is included with
Lotus Connections.
Before you begin
Only perform this procedure if you are using the version of DB2 that was included
with Lotus Connections 2.5. If you installed Lotus Connections 2.5 and DB2 V9.1
from the product DVD, the license key was already provided.
If you used DB2 V9.1 with an earlier version of Lotus Connections, you can
continue to use DB2 V9.1 with Lotus Connections 2.5. Your installation of DB2 V9.1
is already registered and you can skip this task.
You do not need to complete this procedure if you are installing the pilot version
of the product; the version of DB2 provided with the pilot is registered
automatically.
Note: Install DB2 before beginning this task but do not create any feature
databases until after you have completed this task.
46
IBM Lotus Lotus Connections 2.5 Installation Guide
About this task
To register the DB2 product license key, complete the following steps:
Procedure
1. Navigate to the IBM Passport Advantage® Web site and log in.
2.
3.
4.
5.
Note: If you installed Lotus Connections 2.5 and DB2 V9.1 from the product
DVD, the license key was already provided. You can skip Steps 1-3 and begin
at Step 4.
Choose Find by Part Number to search for the license file for your system:
v AIX, Linux, or Windows 32-bit systems: part number C150RML
v Linux 64-bit system: Part number C14SSML
Download the part and extract the file, making a note of the download
location.
Log into DB2 using an ID with SYSADM authority.
Open a command prompt, change to the directory where the license file is
stored, and run the following command:
Note: On the DVD image, the license is stored in the DB2.License directory.
db2licm -a <path_to_lic_file>/db2ese_o.lic
where <path_to_lic_file> is the directory to which you extracted the
db2ese_o.lic file.
Note: For more information about using the db2licm command, see the DB2
information center.
6. Verify that the license is registered by running the following command:
db2licm -l
If the license is correctly registered, the details of your DB2 installation are
displayed.
7. Restart DB2.
What to do next
Create your Lotus Connections feature databases.
Creating a dedicated DB2 user
Create a dedicated DB2 database user named lcuser with restricted privileges.
Before you begin
This is an optional procedure. Perform it only if you want to create a DB2 database
user with a limited set of privileges.
This procedure applies only to DB2 databases.
About this task
When you create the new user, name it lcuser. The scripts that are provided with
Lotus Connections grant the appropriate rights to lcuser and are written with the
assumption that the user name is lcuser. Always use lowercase characters for this
user name.
Chapter 1. Installing
47
To create a dedicated DB2 database user named lcuser, complete the following
steps:
Procedure
Choose your operating system:
v AIX or Linux:
– Log into the DB2 server as the root user, and then type the following
commands to create a new user:
useradd lcuser
passwd lcuser
When prompted for the new password, enter it, and then confirm it.
v Windows
1. Click Start → Control Panel and select Administrative Tools → Computer
Management.
2. From the Computer Management console, select System Tools → Local Users
and Groups.
3. Right-click Users and select New User.
4. Add a user named lcuser. Enter the required details, including the
password. Clear the User must change password at next logon check box.
Click Create.
5. Click Close.
6. Open the Users object, right-click lcuser, and select Properties from the
context menu.
7. Click the Member Of tab and then click the Add button.
8. Type DB2USERS in the Enter the object names to select field, and click OK.
Click OK again to save your changes.
Note: If the DB2USERS group is not found, extended security for DB2 on
Windows might not be enabled. See the DB2 documentation for information
about Extended Windows security using DB2ADMNS and DB2USERS
groups.
What to do next
For more information about granting privileges to users, go to the DB2 information
center.
Related tasks
“Creating IBM DB2 databases manually” on page 56
Create DB2 databases with SQL scripts instead of using the Lotus Connections
database wizard.
“Preparing the database wizard”
Before you can use the wizard to create databases for your Lotus Connections
deployment, prepare the database server.
“Using the database wizard” on page 51
Use the database wizard to create databases for the Lotus Connections features that
you plan to install.
Creating databases with the database wizard
Use the database wizard to create databases for the Lotus Connections features.
Preparing the database wizard:
48
IBM Lotus Lotus Connections 2.5 Installation Guide
Before you can use the wizard to create databases for your Lotus Connections
deployment, prepare the database server.
Before you begin
Create a dedicated DB2 database user named lcuser. For more information, see the
Creating a dedicated DB2 user topic.
Ensure that you have given the necessary permissions to the user IDs that need to
log into the database system and access the Lotus Connections Wizards directory.
Notes:
v If you are planning to create multiple database instances, prepare and run the
database wizard once for each instance.
v (AIX only). If you are downloading the wizard, the TAR program available by
default with AIX does not handle path lengths longer than 100 characters. To
overcome this restriction, use the GNU file archiving program instead. This
program is an open source package that IBM distributes through the AIX
Toolbox for Linux Applications at the IBM AIX Toolbox Web site. Download and
install the GNU-compatible TAR package. You do not need to install the RPM
Package Manager because it is provided with AIX.
After you have installed the GNU-compatible TAR program, change to the
directory where you downloaded the Lotus Connections TAR file, and enter the
following command to extract the files from it:
gtar -xvf <Lotus_Connections_wizard>_aix.tar
This command creates a directory named after the wizard.
About this task
To prepare the database wizard, complete the following steps:
Procedure
1. Log in to your database server as the root user or system administrator.
2. Copy the database wizard from the Wizards directory in the Lotus Connections
installation media to the system that hosts the database server.
Note: Linux/AIX only: Ensure that users other than root have permission to
access the Lotus Connections Wizards directory.
3. Linux/AIX only: Grant display authority to all users by running the following
commands under the root user or system administrator:
xhost + // Grant display authority to other users
Note: If granting display authority to all users is a security concern for you,
change the command to grant display authority to a specific user or users. For
more information about this command, consult your AIX or Linux
administrator's guide.
echo $DISPLAY // Echo the value of DISPLAY under the root user
4. Linux/AIX only: Make sure that the current user is qualified or else switch to a
qualified user by running the following commands:
v DB2
su – db2inst1 // db2inst1 is the default DB2 administrator
export DISPLAY=<hostname:displaynumber.screennumber>
Chapter 1. Installing
49
where <hostname:displaynumber.screennumber> represents the client system,
monitor number, and window number. For example: localhost:0.0
xclock // Display the clock, confirming that the current user has
display authority and can run the wizard
// Press Ctrl + C to close the clock and return to the command prompt
v Oracle
Note: Before running the database wizard, you must create an Oracle
database instance.
su – oracle // oracle is the Oracle database administrator
export DISPLAY=<hostname:displaynumber.screennumber>
xclock //Display the clock, confirming that the current user has
display authority and can run the wizard
// Press Ctrl + C to close the clock and return to the command prompt
where <hostname:displaynumber.screennumber> represents the client system,
monitor number, and window number. For example: localhost:0.0
Note: If you can see the xclock application running after issuing the xclock
command, then you have permission to run the database wizard. If you cannot
see the xclock application, run the xhost + command as root user and then run
the su command.
5. Start the database instance:
Note: Run the database commands under the user account that has
administrative access to the database.
v AIX or Linux:
– DB2
cd /opt/ibm/db2/V9.1/instance
./db2istrt // Start the current DB2 instance
Note: For more information about starting a DB2 instance, go to the
Setting the current instance environment variablesWeb page in the DB2
information center.
– Oracle (login as oracle or use the su oracle command to change to oracle)
export ORACLE_SID=orcl // Specify the current Oracle database
export ORACLE_HOME=/home/oracle/oracle/product/10.2.0/db_1 //
Specify the Oracle home directory
cd $ORACLE_HOME/bin
./sqlplus "/ as sysdba"
startup // Start the current Oracle database
v Microsoft Windows:
Note: Windows registers most database instances as a service. You can start
or stop a database service manually if necessary.
– DB2
a. Log in to the Control Center.
b. In Object View, right-click the database instance.
c. In the shortcut menu, click Start to start the database manager.
– Oracle
50
IBM Lotus Lotus Connections 2.5 Installation Guide
a. Open the Windows Services panel: click Start > All Programs >
Administrative Tools > Services.
b. Right-click the Oracle service.
c. From the context menu, click Start to start the database service.
– SQL Server
a. Open SQL Server Management Studio.
b. Connect the database instance.
c. Start the database instance from the studio.
Note: If you have more instances, exit from this instance and repeat step 5 for
each instance. For more information about working with multiple instances, see
the Setting the current instance environment variables topic in the DB2
information center.
Related tasks
“Creating a dedicated DB2 user” on page 47
Create a dedicated DB2 database user named lcuser with restricted privileges.
“Using the database wizard”
Use the database wizard to create databases for the Lotus Connections features that
you plan to install.
Using the database wizard:
Use the database wizard to create databases for the Lotus Connections features that
you plan to install.
Before you begin
Before using the wizard for the first time, you must complete the steps described
in the Preparing the database wizard topic.
When you are creating a database either with the database wizard or SQL scripts,
you must log into the system where the database is hosted with the database
administrator account. The default values for DB2 are db2admin on Microsoft
Windows and db2inst1 on Linux and AIX. For Oracle, the default value is oracle
on AIX or Linux, and system administrator on Windows . For SQL Server, the
default value is the system administrator
Oracle and SQL Server connect to Lotus Connections databases with the user
accounts that are set up during database creation. The passwords of those user
accounts are defined later in this task. DB2 uses a user account called lcuser. If you
are creating a DB2 database, you must manually create the lcuser account on your
operating system and then run the appGrants.sql script to grant the appropriate
privileges to the lcuser account. For more information, see the Creating a dedicated
DB2 user topic.
About this task
You can use the Lotus Connections database wizard to create, update, and remove
databases.
You can review the scripts that the wizard executes by examining the files in the
connections.sql directory in the installation media. For Linux on System z, the
Chapter 1. Installing
51
scripts are located in the connections.s390.sql directory. On DB2, the commands
are shown in the log that the wizard creates. On Oracle and SQL Server, the log
shows the results of the commands.
Notes:
v If you are using Linux on IBM System z with the DASD driver, the SQL scripts
are located in the connections.s390.sql<application_subdirectory> directory of
the Lotus Connections set-up directory or installation media.
v If you are using Linux on IBM System z with the SCSI driver, back up the
connections.s390.sql directory and rename the connections.sql directory to
connections.s390.sql.
To create databases with the wizard, complete the following steps:
Procedure
1. From the Lotus Connections wizards directory, open the following file to
launch the wizard:
v AIX:
./dbWizard.sh
v Linux:
./dbWizard.sh
v Microsoft Windows:
dbWizard.bat
2. On the Welcome page, click Launch Information Center to open the Lotus
Connections Information Center in a browser window. Click Next to continue.
3. Select the option to Create a database and click Next.
4. Enter the details of the database you wish to create and then click Next:
a. Select a database type.
b. Select the location of the database.
c. Specify a database instance.
Note: The database instance that you specify must already exist on your
system.
5. Select a feature and click Next.
Note: If you are creating databases, only features that have not already been
installed to a database instance are available. If you are updating databases,
you can only choose features that are already installed.
6. Optional: This step is required only if you selected Oracle or SQL Server as the
database type. Enter the password for the databases and then click Next.
Choose one of the following options:
v Use the Same password for all feature database users. Type the password in
the Password and Confirm password fields.
v Use a Different password for each feature database user. Type a different
password for each feature database, and confirm the password in the confirm
field.
7. Optional: SQL Server only: Specify the location of the database file and then
click Next.
v Select Same database file location to use the same database file location for
all features. Type the location of the database or click Browse to choose a
location.
52
IBM Lotus Lotus Connections 2.5 Installation Guide
v Select Different database file location for each feature. For each feature, type
the location of the database file or click Browse to choose a location.
8. Review the Pre Configuration Task Summary to ensure that the values you
entered on previous pages in the wizard are correct. If you want to make a
change, click Back to edit the value. Click Create to begin creating databases.
9. Review the Post Configuration Task Summary panel and, if necessary, click
View Log to open the log file. Click Finish to exit the wizard.
What to do next
DB2 for Linux on System z only: To improve database performance, enable the
NO FILE SYSTEM CACHING option. For more information, see the Enabling NO
FILE SYSTEM CACHING for DB2 topic.
Related tasks
“Preparing the database wizard” on page 48
Before you can use the wizard to create databases for your Lotus Connections
deployment, prepare the database server.
“Creating a dedicated DB2 user” on page 47
Create a dedicated DB2 database user named lcuser with restricted privileges.
“Creating databases with SQL scripts” on page 56
Create Lotus Connections databases using the SQL scripts that are provided on the
installation media.
Using the database wizard in silent mode:
Run the database wizard in silent mode when you need an identical installation on
several servers.
Before you begin
Ensure that the wizard has created the response.properties file in the
<user_settings>/lcWizard/response/dbWizard directory.
v To create a response file, run the wizard in standard mode and specify that you
would like to create a response file. You can modify the existing response file or
create your own, using a text editor.
v DB2 only. If you are hosting DB2 on a single 32-bit database server, consider
creating multiple DB2 instances. A single DB2 instance on a 32-bit system can
manage a maximum of 2 GB of data in memory and this limit can become a
constraint if you install multiple Lotus Connections features. At a minimum,
create two DB2 instances when you are installing all the features, but also
consider creating separate instances for the Activities and Communities
databases because they are typically the most memory-intensive databases.
Ideally, you should install one DB2 instance per Lotus Connections feature.
Note: The Home page, News, and Search features share the same database so
you must create only one instance to accommodate those features.
Notes:
v If you are using Linux on System z, the SQL scripts are located in the
connections.s390.sql<feature_subdirectory> directory of the Lotus Connections
set-up directory or installation media.
v If you are using Linux on IBM System z with the DASD driver, the SQL scripts
are located in the connections.s390.sql<application_subdirectory> directory of
the Lotus Connections set-up directory or installation media.
Chapter 1. Installing
53
v If you are using Linux on IBM System z with the SCSI driver, back up the
connections.s390.sql directory and rename the connections.sql directory to
connections.s390.sql.
About this task
To create databases in silent mode, complete the following steps:
Procedure
1. Open a command prompt and change to the directory where the wizard is
located.
2. Launch the wizard by running the following command:
v AIX: ./DbWizard.sh -silent <response_file>
v Linux: ./DbWizard.sh -silent <response_file>
v Microsoft Windows: DbWizard.bat -silent <response_file>
where <response_file> is the file path to the response file.
What to do next
After the wizard has finished, check the log file in the <Lotus_Connections_setup_directory>/Wizards/DBWizard directory for messages. The log file name uses
the time as a postfix. For example: dbConfig_20090808_202501.log.
Related reference
“Accessibility features for installing Lotus Connections” on page 2
Learn about the accessibility features for installing IBM Lotus Connections.
The database wizard response file:
The Lotus Connections database wizard can record your input in a response file
that you can use for silent installations.
When you want to run the database wizard in silent mode, use the response file to
duplicate the settings that you selected when you ran the wizard in interactive
mode. You can start the wizard from a command prompt and then pass the
response file in as a parameter. The wizard uses the values in the response file
rather than requiring you to interact with it.
The response file is named dbWizard_response.properties and is stored by default
in the Wizards/DBWizard directory on the Lotus Connections installation media.
There is a sample response file in the Wizards/samples directory called
dbWizard_response.properties.
The response.properties file collects a specific set of values. Those values are
described in the following table:
Table 6. Typical properties of the response.properties file
54
Property
Value
Description
dbtype
db2 | oracle | sqlserver
The database system that you want to use.
Choose from IBM DB2, Oracle, or Microsoft
SQL Server.
IBM Lotus Lotus Connections 2.5 Installation Guide
Table 6. Typical properties of the response.properties file (continued)
Property
Value
Description
dbInstance
<database_instance_name>
The instance name of the database that you
want to use. For example:
v DB2 (DB2 on Windows)
v db2inst1 (DB2 on AIX or Linux)
v orcl (Oracle)
v \\ (SQL Server)
Note: The first '\' is an escape character.
dbHome
<database_locatFion>
File path to the database.
Note: If you encounter an Invalid database
instance error, the file path to the database
might be incorrect. If the dbHome value is,
for example, /home/oracle/oracle/product/
10.2.0/db_1/, then you must remove the
final / character. This limitation applies
only on Oracle databases. On Windows,
you need to add an escape character '\'. For
example, activities.filepath=C\:\\
SQLSERVER.
action
create | delete | upgrade
The action performed by the wizard. The
options are create, delete, or upgrade.
features
Lotus Connections features for which the
activities, blogs,
communities, dogear, files, wizard will create databases. Use a comma
homepage, profiles, wikis (,) character to separate multiple features.
If you are creating Oracle or SQL Server databases, you need to add the additional
properties described in the following table:
Table 7. Additional properties for Oracle or SQL Server databases
Property
Value
Description
<feature>.
password
Password for feature
databases
Password for the features.
Note: The passwords will be removed from
the response file after the wizard has
finished.
<feature>.filepath File path to the directory
where database files are
stored
(SQL Server only) File path to the database
file location.
Note: On Windows, you need to add an
escape character '\'. For example,
activities.filepath=C\:\\SQLSERVER.
If you are upgrading databases and a JDBC connection is needed, you need to add
the additional properties described in the following table:
Table 8. Additional properties for upgrading databases with JDBC
Property
Recommended value
Description
port
v DB2 default is 50000
Database server port for invoking JDBC
v Oracle default is 1521
v SQL Server default is
1433
Chapter 1. Installing
55
Table 8. Additional properties for upgrading databases with JDBC (continued)
Property
Recommended value
Description
administrator
v DB2 default on
Windows is db2admin
Database administrator account for
invoking JDBC
v DB2 default on AIX and
is db2inst1
v Oracle default is system
v SQL Server default is sa
adminPassword
Database administrator password for
invoking JDBC
jdbcLibPath
(SQL Server only) JDBC library path for
invoking JDBC.
Note: On Windows, you need to add an
escape character '\'. For example,
jdbcLibPath=C\:\\sqljdbc.jar
forum.contentStore
(Communities
only)
Path to the Communities forum content
store directory.
The content store can be located in a local
directory or a shared network directory.
Ensure that the directory is accessible
within your deployment.
Related reference
“The tdisettings.properties file” on page 73
When you run the Profiles population wizard, you can record your selections in
two response files: a tdisettings.properties file and a mapping file.
Creating databases with SQL scripts
Create Lotus Connections databases using the SQL scripts that are provided on the
installation media.
About this task
Using the SQL scripts to create databases for Lotus Connections takes longer than
using the wizard, and does not validate the databases, but might be necessary in
some circumstances.
Related tasks
“Using the database wizard” on page 51
Use the database wizard to create databases for the Lotus Connections features that
you plan to install.
Creating IBM DB2 databases manually:
Create DB2 databases with SQL scripts instead of using the Lotus Connections
database wizard.
Before you begin
Complete this task if you do not want to use the database wizard to create your
databases.
v If the database server and Lotus Connections are installed on different systems,
copy the SQL scripts to the system that hosts the database server.
56
IBM Lotus Lotus Connections 2.5 Installation Guide
v The SQL scripts are located in the connections.sql<feature_subdirectory> of the
Lotus Connections set-up directory or installation media, where
<feature_subdirectory> is the directory that contains the SQL scripts for each
feature.
Notes:
– If you are using Linux on System z, the SQL scripts are located in the
connections.s390.sql<feature_subdirectory> directory of the Lotus Connections
set-up directory or installation media.
– If you are using Linux on IBM System z with the DASD driver, the SQL
scripts are located in the connections.s390.sql<application_subdirectory>
directory of the Lotus Connections set-up directory or installation media.
– If you are using Linux on IBM System z with the SCSI driver, back up the
connections.s390.sql directory and rename the connections.sql directory to
connections.s390.sql.
v When you are creating a database either with the database wizard or SQL
scripts, you must log into the system where the database is hosted with the
database administrator account. The default values for DB2 are db2admin on
Microsoft Windows and db2inst1 on Linux and AIX. For Oracle, the default
value is oracle on AIX or Linux, and system administrator on Windows . For
SQL Server, the default value is the system administrator
v AIX only: Configure the AIX system that will host the DB2 databases to use the
enhanced journaled file system (JFS2), which supports file sizes larger than 2 GB.
To enable large files in the JFS system, perform the following steps:
1. In the SMIT tool, select System Storage Management>File
System>Add/Change/Show/Delete File Systems
2. Select the file system type you want to use and specify other characteristics
as desired. If you choose to use a Journaled File System, set the Large File
Enabled setting to true.
See the AIX documentation for more options.
v DB2 only. If you are hosting DB2 on a single 32-bit database server, consider
creating multiple DB2 instances. A single DB2 instance on a 32-bit system can
manage a maximum of 2 GB of data in memory and this limit can become a
constraint if you install multiple Lotus Connections features. At a minimum,
create two DB2 instances when you are installing all the features, but also
consider creating separate instances for the Activities and Communities
databases because they are typically the most memory-intensive databases.
Ideally, you should install one DB2 instance per Lotus Connections feature.
Note: The Home page, News, and Search features share the same database so
you must create only one instance to accommodate those features.
About this task
You need to perform this task for each Lotus Connections feature that you are
installing.
To create the feature databases, complete the following steps:
Procedure
1. Optional: (Only required if the database server and Lotus Connections are
installed on different systems.) Copy the Lotus Connections SQL scripts to the
DB2 database system. Authorize a user ID that can create the databases.
Chapter 1. Installing
57
2. Log into the DB2 database system with the user ID of the owner of the
database instance. The user ID must have privileges to create a database, a
tablespace, tables, and indexes.
Notes:
v If you created multiple database instances, specify the user ID for the first
instance.
v The default administrative ID for Microsoft Windows is db2admin.
3. Start the DB2 command line processor in command mode and enter the
following command:
db2start
4. For Activities, Blogs, Dogear, Profiles, and Home page, change to the directory
where the SQL scripts for each feature are stored, and then enter the following
command to run the script:
db2 -tvf createDb.sql
5. For Home page, you also need to run the following script:
db2 -tvf initData.sql
6. For Communities, Files, and Wikis, change to the directory where the SQL
scripts for each feature are stored, and then enter the following command to
run the script:
db2 [email protected] -vf createDb.sql
7. Optional: (Required only if you are installing the Communities forum.) Enter
the following command:
db2 -tvf createDb_forum.sql
8. Run the following command to grant access privileges to the lcuser account
for each feature:
db2 -tvf <feature_subdirectory>/appGrants.sql
Note: For the Files and Wikis features, run the following command:
db2 [email protected] -vf <feature_subdirectory>/appGrants.sql
9. Optional: (Communities forums only.) Run the following command to grant
access privileges to the lcuser account for forums:
db2 -tvf <feature_subdirectory>/appGrants_forum.sql
10. (For DB2 9.1 users only.) If you are using DB2 9.1, you need to configure the
DB2 environment.
If you have installed Activities, Blogs, Dogear, Communities, or Profiles, run
the following command in the DB2 command line processor:
db2 -tvf <feature_subdirectory>/db291settings.sql
If you have installed Files or Wikis, run the following command in the DB2
command line processor:
db2 [email protected] -vf <feature_subdirectory>/db291settings.sql
Note: The db291settings.sql file is located in the connections.sql/
<feature_subdirectory>/DB2 directory on the installation media.
11. Close the DB2 command line processor.
12. Optional: When you install Lotus Connections, the JDBC configuration page of
the installation wizard asks you to provide a user ID and password for the
Application User. The user ID that you specify on that page needs to have
read and write access to the database. You can provide the user ID of an
58
IBM Lotus Lotus Connections 2.5 Installation Guide
administrative user or you can create a dedicated user ID with fewer
privileges. See the Creating a dedicated DB2 database user topic for more
information.
What to do next
DB2 for Linux on System z only: To improve database performance, enable the
NO FILE SYSTEM CACHING option. For more information, see the Enabling NO
FILE SYSTEM CACHING for DB2 topic.
Related tasks
“Creating a dedicated DB2 user” on page 47
Create a dedicated DB2 database user named lcuser with restricted privileges.
Creating Oracle databases manually:
Create Oracle databases with SQL scripts instead of using the Lotus Connections
database wizard.
Before you begin
Follow this procedure if you do not want to use the database wizard to create your
databases.
Note:
You must specify the Unicode AL32UTF8 character set.
About this task
This task describes how to use SQL scripts to create Oracle databases for Lotus
Connections features. Complete this task only if you do not want to use the
database wizard.
To manually create the feature database tables, complete the following steps:
Procedure
1. Log in with the same user ID that you used to install the Oracle database
system.
2. Copy the Lotus Connections SQL scripts for creating databases to the Oracle
system. The SQL scripts are located in the Lotus_Connections_Install
directory on the installation media:
v AIX or Linux:
/Lotus_Connections_Install/connections.sql/<feature_subdirectory>/
oracle
v Microsoft Windows:
\Lotus_Connections_Install\connections.sql\<feature_subdirectory>\
oracle
where <feature_subdirectory> is the directory that contains the SQL scripts for
each feature. Choose from the following subdirectories:
v activities
v blogs
v communities
v dogear
Chapter 1. Installing
59
v files
v homepage
v profiles
v wikis
3. Create an Oracle user ID with system database administrator privileges that
you can use to manage the database tables. Alternatively, use an existing ID
that has administrative privileges, such as sys.
4. Set the ORACLE_SID.
If you created multiple databases, specify the database on which to install the
tables by providing the SID for that database.
5. Run SQL Plus by entering the following command:
sqlplus /NOLOG
6. Log in as an administrator with the sysdba role by entering the following
command:
connect as sysdba
7. Enter the Oracle user ID and password.
8. For each feature, change to that feature's SQL scripts directory and enter the
following command to create the feature's database tables:
@<feature_subdirectory>/createDb.sql <password>
Notes:
v Repeat this step for each Lotus Connections feature that you plan to install.
v Begin the command with the @ symbol.
v The createDB script creates a dedicated user ID for the JDBC connector for a
feature database. Later, when you run the Lotus Connections installation
wizard, you must provide the user ID that you specify in this step. You can
specify one of the following default user IDs:
– Activities: OAUSER
– Blogs: BLOGS
– Communities: SNCOMMUSER
– Dogear: DOGEARUSER
– Files: FILESUSER
– Home page: HOMEPAGE
– Profiles: PROFUSER
– Wikis: WIKISUSER
Notes:
– Each of these default user IDs has a narrower set of privileges than an
administrative user ID.
– You can change the passwords for these database users later in Oracle
Enterprise Manager Console. If you change the passwords there, you
must also change them in the J2C authentication alias in the WebSphere
Application Server Integrated Solutions Console.
9. (Home page only.) Run the following command:
@<feature_subdirectory>/initData.sql
10. Optional: (Communities forums only.) Run the following command:
@<feature_subdirectory>/createDb_forum.sql <password>
11. Optional: (Dogear only.) Run the following command:
60
IBM Lotus Lotus Connections 2.5 Installation Guide
@<feature_subdirectory>/createHistogramStatsJob.sql
This script creates a job to collect histogram statistics and improves
performance.
12. Run the following command to grant access privileges for each feature:
@<feature_subdirectory>/appGrants.sql
13. Optional: (Communities forums only.) Run the following command:
@<feature_subdirectory>/appGrants_forum.sql
14. Close the SQL Plus window.
Creating SQL Server databases manually:
Create Microsoft SQL Server databases with SQL scripts instead of using the Lotus
Connections database wizard.
Before you begin
Follow this procedure if you do not want to use the database wizard to create your
databases.
About this task
This task describes how to use SQL script to create SQL Server databases for Lotus
Connections features.
For more information about Microsoft SQL Server 2005 Enterprise Edition, go to
the Microsoft SQL Server Web site. You can download the SQL Server 2005 JDBC
1.2 driver from the Microsoft Web site.
To create the feature database tables, complete the following steps:
Procedure
1. If Microsoft SQL Server and Lotus Connections are hosted on different systems,
copy the database creation scripts from the directory to which you downloaded
the Lotus Connections installation files, and paste them in a directory on the
Microsoft SQL Server system. The database table creation scripts are stored in
the following installation directory:
v AIX or Linux:
/Lotus_Connections_Install/connections.sql/<feature_name>/ sqlserver
v Microsoft Windows:
\Lotus_Connections_Install\connections.sql\<feature_name>\ sqlserver
where <feature_name> is the script file storage directory of the feature for which
you are creating the database. Choose one of the following subdirectories:
v activities
v blogs
v
v
v
v
v
v
communities
dogear
files
homepage
profiles
wikis
You must run the database scripts separately for each feature.
Chapter 1. Installing
61
2. Create a directory on the Microsoft SQL Server where you would like to store
the feature databases.
Later on, you need to specify these directories as parameters of the filepath flag
for the sqlcmd command.
3. Create a Microsoft SQL Server user ID with system database administrator
privileges that you can use to manage the database tables or use an existing ID
that has administrative privileges, such as sa.
You will specify these credentials as parameters of the U and P flags for the
sqlcmd command later.
4. Perform the following steps once per feature to create each database:
a. Open a command prompt and change to the directory to which you copied
the database creation scripts for the feature.
b. Enter the following command to create the feature database table:
Note: If your database server has multiple SQL Server instances, add the
following parameter as the first parameter to each command:
-S <sqlserver_server_name>\<sqlserver_server_instance_name>
sqlcmd -U <admin_user> -P <admin_password> -i "createDb.sql" -v
filepath="<path_to_db>" password="<password_for_feature_user>"where
v <admin_user> and <admin_password> are the credentials for the user ID
that you created in a previous step or an existing ID with administrative
privileges.
v <path_to_db> is the directory in which the created database are stored.
You created this directory in a previous step.
v <password_for_feature_user> is the password for each feature database.
v The database user IDs are named as follows:
– Activities: OAUSER
– Blogs: BLOGSUSER
–
–
–
–
Communities: SNCOMMUSER
Dogear: DOGEARUSER
Files: FILESUSER
Home page: HOMEPAGEUSER
– Profiles: PROFUSER
– Wikis: WIKISUSER
Specify the password to be associated with this user ID.
Notes:
v When you run the installation wizard, you are asked to provide a user ID
for the JDBC provider. Specify the user ID created by the database
creation script and the password that you defined in this step.
v You can change the passwords for these database users later in SQL
Server Management Studio. If you change the passwords there, you must
also change them in the J2C authentication alias in the WebSphere
Application Server Integrated Solutions Console.
5. (Home page only.) Perform the following steps if you are installing the Home
page feature:
a. Open a command prompt and change to the directory to which you copied
the database creation scripts for this feature.
62
IBM Lotus Lotus Connections 2.5 Installation Guide
b. Enter the following command to create the feature database table:
sqlcmd -U <admin_user> -P <admin_password> -i "initData.sql"
6. Perform the following steps to grant access privileges for the features:
a. Open a command prompt and change to the directory to which you copied
the database creation scripts for each feature.
b. Enter the following command to create the feature database table:
sqlcmd -U <admin_user> -P <admin_password> -i "appGrants.sql"
7. (Communities only.) Perform the following steps to create a database for
Communities forums:
a. Open a command prompt and change to the directory to which you copied
the database creation scripts for this feature.
b. Enter the following command to create the database table:
sqlcmd -U <admin_user> -P <admin_password> -i "createDb_forum.sql" -v
filepath=<path_to_db>
c. Enter the following command to grant access privileges for the database
table:
sqlcmd -U <admin_user> -P <admin_password> -i "appGrants_forum.sql"
Enabling NO FILE SYSTEM CACHING for DB2
When your operating system is Linux on System z, enable the NO FILE SYSTEM
CACHING option for IBM DB2 databases to improve performance.
Before you begin
v Create a backup copy of the database using native database tools.
v If the database server and IBM Lotus Connections are installed on different
systems, copy the SQL scripts to the system that hosts the database server.
v The SQL scripts for DB2 for Linux on System z are located in the
connections.s390.sql/<feature_subdirectory> directory of the Lotus
Connections setup directory or installation media, where <feature_subdirectory> is
the directory that contains the SQL scripts for each feature.
v You can enable the NO FILE SYSTEM CACHING option for the Activities,
Communities, and Profiles databases only. You cannot enable the option for
other Lotus Connections databases.
Important: Enabling the NO FILE SYSTEM CACHING option on an unsupported
device could cause your database to become inaccessible. Ensure that you meet the
requirements for creating table spaces without file system caching.
About this task
When you create DB2 databases for Linux on System z, the Lotus Connections
database wizard and the createDb.sql script create table spaces with the FILE
SYSTEM CACHING option enabled. If you are storing DB2 table spaces on devices
where Direct I/O (DIO) is enabled, such as Small Computer System Interface
(SCSI) disks that use Fibre Channel Protocol (FCP), you can improve database
performance by enabling the NO FILE SYSTEM CACHING option.
To enable the NO FILE SYSTEM CACHING option, complete the following steps:
Chapter 1. Installing
63
Procedure
1. Log in to the DB2 database system with the user ID of the owner of the
database instance. The user ID must have privileges to create a database, a
table space, tables, and indexes.
Note: If you created multiple database instances, specify the user ID for the
first instance.
2. Enable the NO FILE SYSTEM CACHING option for the Activities table space
by entering the following commands:
CONNECT TO OPNACT
ALTER TABLESPACE OAREGTABSPACE NO FILE SYSTEM CACHING
CONNECT RESET
3. Enable the NO FILE SYSTEM CACHING option for the Communities table
space by entering the following commands:
CONNECT TO SNCOMM
ALTER TABLESPACE SNCOMMREGTABSPACE NO FILE SYSTEM CACHING
ALTER TABLESPACE DFREGTABSPACE NO FILE SYSTEM CACHING
CONNECT RESET
4. Enable the NO FILE SYSTEM CACHING option for the Profiles table space by
entering the following commands:
CONNECT TO PEOPLEDB
ALTER TABLESPACE USERSPACE4K NO FILE SYSTEM CACHING
ALTER TABLESPACE TEMPSPACE4K NO FILE SYSTEM CACHING
ALTER TABLESPACE USERSPACE32K NO FILE SYSTEM CACHING
ALTER TABLESPACE TEMPSPACE32K NO FILE SYSTEM CACHING
CONNECT RESET
5. Close the DB2 command line processor.
Related reference
DB2 information center - Creating table spaces without file system caching
Populating the Profiles database
Populate the Profiles database with data from the LDAP directory.
64
IBM Lotus Lotus Connections 2.5 Installation Guide
Related concepts
Administering Profiles
Profiles provides two types of administrative capabilities: configuration settings
and administrative commands. You change configuration settings and execute
administrative commands by running scripts from the wsadmin command line.
Related tasks
“Using the Profiles population wizard” on page 67
Use the Profiles population wizard to populate the Lotus Connections Profiles
database with data from the LDAP directory.
“Using the Profiles population wizard in silent mode” on page 71
Run the Profiles population wizard in silent mode to populate the Profiles
database.
“Manually populating the Profiles database” on page 75
Instead of using the Profiles population wizard, you can manually populate the
database.
Configuring Tivoli Directory Integrator
Configure Tivoli Directory Integrator to synchronize and exchange information
between the IBM Lotus Connections Profiles database and your LDAP directory.
Before you begin
Ensure that you have installed all the required software, including a database
server and LDAP directory, and that you have created the Profiles database.
About this task
You can use Tivoli Directory Integrator to populate the profiles database repository
from a source LDAP system and to keep the database synchronized with the LDAP
directory.
To configure Tivoli Directory Integrator, complete the following steps:
Procedure
1. Install Tivoli Directory Integrator, if it is not already installed.
2.
3.
4.
5.
When prompted for the location of the Solution directory, select Do not specify.
Use the current working directory at startup time.
Optional: (Complete this step if you plan to manually populate the Profiles
database.) On the system hosting your Tivoli Directory Integrator installation,
create a subdirectory in which to store the Tivoli Directory Integrator solution
directory. Make sure that the file path does not contain spaces. Do not, for
example, create the subdirectory in the Program Files directory in Microsoft
Windows.
Optional: (Complete this step if you plan to manually populate the Profiles
database.) Copy the tdisol compressed file from the TDISOL directory of the
Lotus Connections installation media to the system where you installed Tivoli
Directory Integrator.
Optional: (Complete this step if you plan to manually populate the Profiles
database.) Using appropriate tools, extract the tdisol file to the directory that
you created in Step 2. This creates a Tivoli Directory Integrator Solution
directory called TDI.
Optional: (Complete this step if you plan to manually populate the Profiles
database.) From the TDI solution directory, open the tdienv.bat or tdienv.sh
Chapter 1. Installing
65
file in a text editor and ensure that the path to the Tivoli Directory Integrator
installation directory is specified correctly in the TDIPATH variable. If the path
is not correct, edit the TDIPATH environment variable.
v AIX or Linux:
The default value for TDIPATH is:
export TDIPATH=/opt/ibm/TDI/V6.1.1
v Windows:
The default value for TDIPATH is:
SET TDIPATH=C:\Program Files\IBM\TDI\V6.1.1
Other scripts in the solution directory use this TDI path to find Tivoli Directory
Integrator files.
6. (AIX or Linux only.) In the TDI directory, execute the following commands to
ensure that the script files are executable:
+x *.sh
+x netstore
7. Make the database libraries available to the Tivoli Directory Integrator by doing
one of the following:
v DB2: Copy the db2jcc_license_cu.jar file from the java subdirectory of the
directory where you installed DB2 and paste it into the jvm/jre/lib/ext
subdirectory of Tivoli Directory Integrator.
For example, if you installed Tivoli Directory Integrator on a Linux system in
/opt/ibm/TDI/V6.1.1, the path would be /opt/ibm/TDI/V6.1.1/jvm/jre/lib/
ext.
v Oracle: Copy the ojdbc14.jar file from the jdbc/lib subdirectory of the
directory where you installed Oracle and paste it into the jvm/jre/lib/ext
subdirectory of the Tivoli Directory Integrator directory.
For example: If you installed Tivoli Directory Integrator on a Linux system in
/opt/ibm/TDI/V6.1.1, the path would be /opt/ibm/TDI/V6.1.1/jvm/jre/lib/
ext.
v SQL Server: Download the SQL Server 2005 JDBC 1.2 driver from the
Microsoft Web site and follow the instructions to extract the driver files.
Copy the new sqljdbc_1.2 directory into the jvm/jre/lib/ext subdirectory
of the Tivoli Directory Integrator directory.
For example: If you installed Tivoli Directory Integrator on a Linux system in
/opt/ibm/TDI/V6.1.1, the path would be /opt/ibm/TDI/V6.1.1/jvm/jre/lib/
ext.
If the database is hosted on a separate system, copy the database JAR file to the
system hosting Tivoli Directory Integrator.
8. Increase the runtime memory by adding -Xms256M and -Xmx1024M as
arguments to the Java invocation command in the following file, stored in the
Tivoli Directory Integrator installation directory:
v AIX or Linux: ibmdisrv
After you add the memory arguments, the Java invocation should look like
this:
"$JRE_PATH/java" -Xms256M -Xmx1024M
v Microsoft Windows: ibmdisrv.bat
After you add the memory arguments, the Java invocation should look like
this:
"<drive>\IBM\TDI\V6.1.1\jvm\jre\bin\java" -Xms256M -Xmx1024M
66
IBM Lotus Lotus Connections 2.5 Installation Guide
9. (AIX or Linux only.) Ensure that there is a localhost entry in the /etc/hosts
file. For example:
127.0.0.1
localhost
What to do next
After you have configured Tivoli Directory Integrator, update it with the
recommended fix packs.
Note: Fix pack 6 is a critical fix.
For more information, see theLotus Connections 2.5 system requirements topic.
Related reference
“Lotus Connections detailed system requirements” on page 13
A variety of hardware and software is required to run IBM Lotus Connections.
Adding LDAP data to the Profiles database
Populate the Profiles database with information from the LDAP server by using
the Lotus Connections Profiles population wizard or by populating the database
manually.
About this task
The Profiles population wizard provides an interface to make it easier for you to
populate the Profiles database with information from your LDAP directory.
Alternatively, if you do not want to use the wizard, you can populate the database
manually by manually updating the profiles_tdi.properties file in the TDI
directory.
Procedure
To populate the Profiles database with information from the LDAP server, do one
of the following:
v Run the Profiles population wizard on the server where Tivoli Directory
Integrator is installed. For more information, see Using the Profiles population
wizard.
v Populate the Profiles database manually by updating the property values
relevant to your configuration in the profiles_tdi.properties file. For more
information, see Manually populating the Profiles database.
Using the Profiles population wizard:
Use the Profiles population wizard to populate the Lotus Connections Profiles
database with data from the LDAP directory.
Before you begin
Ensure that you have created a Profiles database, and installed and configured
Tivoli Directory Integrator and an LDAP directory.
Notes:
v Run the population wizard on the system where Tivoli Directory Integrator is
installed.
Chapter 1. Installing
67
v If you need to configure multiple systems with Profiles data, you can run the
wizard in silent mode. For more information, see the Using the Profiles population
wizard in silent mode topic.
v The population wizard populates only those entries where the value for
surname is not null.
v You can run the population wizard before installing Lotus Connections, during
installation, or after installation.
About this task
To populate the Profiles database, complete the following steps:
Procedure
1. Log in to your database server as the root user or system administrator.
2. Linux/AIX only: Grant display authority to all users by running the following
commands under the root user or system administrator:
xhost + // Grant display authority to other users
Note: If granting display authority to all users is a security concern for you,
change the command to grant display authority to a specific user or users. For
more information about this command, consult your AIX or Linux
administrator's guide.
echo $DISPLAY // Echo the value of DISPLAY under the root user
3. Log into the system where Tivoli Directory Integrator is installed.
4. Copy the Wizards directory from the Lotus Connections installation media to
the system where Tivoli Directory Integrator is installed.
Important: For Microsoft Windows: If you are installing from disk or ISO,
change the permissions for the Wizards folder from Read Only to Write or the
population wizard will fail.
5. Run the following script from the Wizards directory:
v AIX: ./populationWizard.sh
v Linux: ./populationWizard.sh
Note: If the wizard does not run correctly, you might need to edit the
populationWizard.sh file and enter the correct JRE/JVM path for your
system The populationWizard.sh file expects the path to be
jvm/linux/jre/bin.
v Microsoft Windows: populationWizard.bat
6. On the Welcome page of the wizard, click Launch Information Center to open
the Lotus Connections Information Center in a browser window. Click Next to
continue.
7. Select Default settings or, if you are resuming an earlier session, click Last
successful default settings and click Next.
Note: This page is shown only if you have already used the wizard to
populate the Profiles database.
8. Enter the location of Tivoli Directory Integrator (TDI) and then click Next.
Note: This page is shown only if the wizard cannot automatically detect your
TDI directory.
9. Select a database type and click Next.
68
IBM Lotus Lotus Connections 2.5 Installation Guide
10. Enter the following information about the database, and then click Next:
Host name
The name of the system that hosts the database.
Port
The communications port for connecting to the database. Add a new
port number or choose one of the following default port numbers:
DB2
50000
Oracle 1521
SQL Server
1433
Database name
The default name of the database is PEOPLEDB.
JDBC driver library path
Enter the path to the JDBC driver on the host machine. For example:
IBM/sqllib/java.
v If you are using DB2, you can find the db2jcc.jar and
db2jcc_license_cu.jar files in the IBM/DB2/v9.5/SQLLIB/java
directory.
v If you are using Oracle, you can find the ojdbc14.jar file in the
oracle/product/10.2.0/db_1/jdbc/lib directory.
v If you are using SQL Server, download the SQL Server 2005 JDBC
1.2 driver from the Microsoft Web site and follow the instructions to
extract the driver files.
User ID
Enter your user ID. This must be a database user who has write access
to the Profiles database. For DB2, the default value is LCUSER. For
Oracle and SQL Server, default value is PROFUSER. These user names
are automatically created when you create the database.
Password
Enter your password.
11. Enter the following properties for the LDAP server, and then click Next:
LDAP server name
The host name or IP address of the LDAP server.
LDAP server port
The default port is 389. If SSL is selected, the default port is 636.
Use SSL communication
Select the check box to enable SSL.
12. Optional: If you selected SSL in the previous step, you are asked to enter the
following keystore properties:
Truststore file
File where trusted server certificates are stored. Used when SSL
handshaking is performed.
Keystore password
Password to access the keystore.
Keystore type
Format of the trusted server certificate. Currently only JKS and
PKCS12 are supported in Java.
Chapter 1. Installing
69
If the LDAP server's certificate is not in the truststore, an Accept permanently
message appears that asks you to permanently accept the certificate in the
truststore file. If you do not accept it, the wizard cannot connect to the LDAP
server with SSL and will not continue with the population task.
13. Enter the authentication details for the Bind distinguished name (DN) and
Bind password, and then click Next.
Note: The Profiles population wizard does not support anonymous binding
for LDAP. If you wish to populate the Profiles database using anonymous
binding, you must populate the database manually. However, if your LDAP
server supports both anonymous and authenticated binding, you can use the
wizard to populate the Profiles database.
14. Enter the details of the Base distinguished name (LDAP user search base)
and LDAP user search filter, and then click Next.
15. Map LDAP attributes or JS Functions to the Profiles database fields. For
more information about each attribute and function, see Table 18 on page 88in
the Mapping fields manually topic.
Note: For each user in LDAP, Tivoli Directory Integrator will create a row in
the database, mapping each LDAP attribute or JavaScript function to the
corresponding column in the database. The wizard automatically validates
each mapping. If you need to change the default mapping, select the required
LDAP attributes or JavaScript functions and create or modify the field.
16. Optional: You can choose to run the following additional tasks:
Countries
Add country data to each profile.
Departments
Add department data to each profile.
Organizations
Add organization data to each profile.
Employee types
Add employee-type data to each profile.
Work locations
Add location data to each profile.
Select Yes if you want to mark the profiles of each manager.
Note: For all the entries in this list (except Mark managers), you need to
prepare corresponding CSV files with the required information. An Employee
Type CSV file might include regular=IBM Employee and manager=IBM
Manager. You can edit the profiles-config.xml file to specify whether you
want to display the code or the value, where regular or manager are the
employee type codes stored in LDAP and IBM Employee or IBM Manager are
the values.
17. Review the Summary page to ensure that the information you entered in the
previous panels is correct. To make changes, click Back to return to the
relevant page and edit the information. Otherwise, click Configure to begin
populating the database.
18. Review the message on the Result page. If necessary, click View log to
examine the log in detail. Click Finish to exit the wizard.
70
IBM Lotus Lotus Connections 2.5 Installation Guide
Results
The Profiles population wizard has populated the Profiles database with data from
your LDAP directory.
Related concepts
Administering Profiles
Profiles provides two types of administrative capabilities: configuration settings
and administrative commands. You change configuration settings and execute
administrative commands by running scripts from the wsadmin command line.
Related tasks
“Populating the Profiles database” on page 64
Populate the Profiles database with data from the LDAP directory.
Using the Profiles population wizard in silent mode:
Run the Profiles population wizard in silent mode to populate the Profiles
database.
Before you begin
When you use the Profiles population wizard in interactive mode, the wizard
automatically creates a response file called tdisettings.properties in the
Wizards/TDIPopulation directory in the Lotus Connections set-up directory. You
can, if necessary, modify the existing response file or create a new one.
You can also modify the mappings files manually. For more information, see the
Mapping fields manually topic.
Note:
v (AIX only). If you are downloading the wizard, the TAR program available by
default with AIX does not handle path lengths longer than 100 characters. To
overcome this restriction, use the GNU file archiving program instead. This
program is an open source package that IBM distributes through the AIX
Toolbox for Linux Applications at the IBM AIX Toolbox Web site. Download and
install the GNU-compatible TAR package. You do not need to install the RPM
Package Manager because it is provided with AIX.
After you have installed the GNU-compatible TAR program, change to the
directory where you downloaded the Lotus Connections TAR file, and enter the
following command to extract the files from it:
gtar -xvf <Lotus_Connections_wizard>_aix.tar
This command creates a directory named after the wizard.
About this task
To run the Profiles population wizard in silent mode, complete the following steps:
Procedure
1. Log in to your database server as the root user or system administrator.
2. Linux/AIX only: Grant display authority to all users by running the following
commands under the root user or system administrator:
xhost + // Grant display authority to other users
Chapter 1. Installing
71
Note: If granting display authority to all users is a security concern for you,
change the command to grant display authority to a specific user or users. For
more information about this command, consult your AIX or Linux
administrator's guide.
echo $DISPLAY // Echo the value of DISPLAY under the root user
3. Ensure that the wizard has created the tdisettings.properties response file in
the TDIPopulation directory.
4. Open a command prompt, change to the TDIPopulation directory, and enter the
following commands to launch the wizard in silent mode:
v AIX/Linux:
– populationWizard.sh -silent <response_file>
[ -mappingFile <mapping_file>]
[ -dbPassword <db_password>]
[ -ldapPassword <ldap_password>]
[ -sslPassword <ssl_password>]
[ -help | -? | /help | /? | -usage]
v Windows:
– populationWizard.bat -silent <response_file>
[ -mappingFile <mapping_file>]
[ -dbPassword <db_password>]
[ -ldapPassword <ldap_password>]
[ -sslPassword <ssl_password>]
[ -help | -? | /help | /? | -usage]
where <response_file> is the full path to the tdisettings.properties response
file, <mapping_file> is the full path to the mappings.properties file,
<dbPassword> is the password for the Profiles database, <ldapPassword> is the
password for bind user in the LDAP directory, and <sslPassword> is the
password for the SSL key store.
Note:
If you do not specify a mapping file, the default mapping file for your LDAP
directory type is used. These mapping files are located in the
Wizards/TDIPopulation directory, where you can edit the file for your LDAP
directory type. For more information about editing the mapping file, see the
Mapping fields manually topic. The following table lists the mappings files for
applicable LDAP directory types:
Table 9. Options to specify a supported LDAP directory
Directory type
Mapping file
IBM Lotus Domino
defaultMapping_domino.properties
IBM Tivoli Directory Server
defaultMapping_tivoli.properties
Microsoft Active Directory Application Mode defaultMapping_adam.properties
Microsoft Windows Server 2003 Active
Directory
defaultMapping_ad.properties
Novell Directory Services
defaultMapping_nds.properties
Sun ONE
defaultMapping_sun.properties
The parameters for running the population wizard in silent mode are described
in the following table:
72
IBM Lotus Lotus Connections 2.5 Installation Guide
Table 10. Command parameters
Parameter
Value
Description
responseFile
(required)
full path to the
tdisettings.properties
response file
After running the population wizard
successfully, the tdisettings.properties
response file is stored in the
Wizards\TDIPopulation directory in the
Lotus Connections set-up directory.
mappingFile
(optional)
full path to the
mappings.properties file
The mappings.properties file is stored in
the Wizards\TDIPopulation directory in the
Lotus Connections set-up directory. If you
do not use specify a different file with the
-mappingFile parameter, the wizard uses
this file to map properties to the LDAP
directory.
dbPassword
(optional)
Database password
Overwrites the database password in the
response file. If you do not specify the
database password here, you must specify it
in the response file.
ldapPassword
(optional)
LDAP password
Overwrites the LDAP password in the
response file. If you do not specify the
LDAP password here, you must specify it
in the response file.
sslPassword
(optional)
SSL key store password
Overwrites the SSL key store password in
the response file. If you do not specify the
SSL password here, you must specify it in
the response file.
Results
After the wizard has finished, check the log file in the <user home>/lcwizard/log/
tdi/ directory for messages. The log file name uses the time as a suffix. For
example: tdi_20090912_163536.log.
Related concepts
Administering Profiles
Profiles provides two types of administrative capabilities: configuration settings
and administrative commands. You change configuration settings and execute
administrative commands by running scripts from the wsadmin command line.
Related tasks
“Populating the Profiles database” on page 64
Populate the Profiles database with data from the LDAP directory.
Related reference
“Accessibility features for installing Lotus Connections” on page 2
Learn about the accessibility features for installing IBM Lotus Connections.
The tdisettings.properties file:
When you run the Profiles population wizard, you can record your selections in
two response files: a tdisettings.properties file and a mapping file.
After running the Profiles population wizard in interactive mode, you can repeat
the same configuration in silent mode by starting the wizard from the command
line and passing the response files in as an argument. The wizard uses the values
in the response files rather than requiring you to interact with it.
Chapter 1. Installing
73
The tdisettings.properties file collects the values that are described in the
following table.
Table 11. Common properties of the tdisettings.properties file
Property
Description
db.hostname
Host name of the database server.
db.jdbcdriver
Location of the JDBC driver.
Example: C\:\\IBM\\SQLLIB\\
java
Note: The extra "\" symbol is an
escape character.
db.name
Name of the Profiles database.
Default: PEOPLEDB
db.password
Password for connecting to the database. The property
is required if you do not specify -dbPassword as a
command parameter.
v DB2 default: 50000
Database server port for invoking JDBC.
v DB2 default: 50000
db.port
Value
v Oracle default: 1521
v SQL Server default: 1433
v Oracle default: 1521
v SQL Server default: 1433
db.type
DB2, Oracle, or SQL Server.
db2 | oracle | sqlserver
db.user
Name of the database user, such as lcuser.
Example: lcuser
ldap.dn.base
LDAP distinguished name search base.
Example: dc=example, dc=com
ldap.enable.ssl
Boolean value that determines if SSL is enabled. If the
value of this property is yes, you must also provide
values for the ssl.keystore, ssl.password, and ssl.type
properties.
yes | no
ldap.filter
Filter for the LDAP.
Example: (&(uid\
=*)(objectclass\
=inetorgperson))
ldap.hostname
Host name of the LDAP server.
ldap.password
Password for connecting to the LDAP directory. The
property is required if you do not specify
-ldapPassword as a command parameter. .
Default: 389 or 663 (SSL)
ldap.port
Communications port of the LDAP server.
Default: 389 or 663 (SSL)
ldap.user
Distinguished name of the LDAP administrative user.
ssl.keyStore
File path to the keystore. Required only if the
ldap.enable.ssl property is set to yes.
ssl.password
SSL password. Required only if the ldap.enable.ssl
property is set to yes.
ssl.type
SSL standard. Required only if the ldap.enable.ssl
property is set to yes.
JKS | PKCS12
task.list
Tasks that the Profiles population wizard can perform.
You can choose from the following options:
LDAP_OPTIONAL_TASK_MARK_MANAGER,
LDAP_OPTIONAL_TASK_FILL_COUNTRIES,
LDAP_OPTIONAL_TASK_FILL_DEPARTMENT,
LDAP_OPTIONAL_TASK_FILL_ORGANIZATION,
LDAP_OPTIONAL_TASK_FILL_EMPLOYEE, and
LDAP_OPTIONAL_TASK_FILL_WORK_LOCATION
Example:
LDAP_OPTIONAL_TASK_MARK
_MANAGER,LDAP_OPTIONAL
_TASK_FILL_COUNTRIES
To execute multiple tasks, separate the tasks with the
comma symbol.
74
IBM Lotus Lotus Connections 2.5 Installation Guide
Table 11. Common properties of the tdisettings.properties file (continued)
Property
Description
Value
task.country.csv
File path to the isocc.csv file. Required if you specify
LDAP_OPTIONAL_TASK_FILL_COUNTRIES in the
task.list property.
Example: C\:\\build\\isocc.csv
Note: The extra "\" symbol is an
escape character.
task.department.csv
File path to the deptinfo.csv file. Required if you
specify LDAP_OPTIONAL_TASK_FILL_DEPARTMENT
in the task.list property.
Example: C\:\\build\\
deptinfo.csv
Note: The extra "\" symbol is an
escape character.
task.empoyeetype.csv
File path to the emptype.csv file. Required if you specify Example: C\:\\build\\
LDAP_OPTIONAL_TASK_FILL_EMPLOYEE in the
emptype.csv
task.list property.
Note: The extra "\" symbol is an
escape character.
task.organization.csv
File path to the orginfo.csv file. Required if you specify Example: C\:\\build\\
LDAP_OPTIONAL_TASK_FILL_ORGANIZATION in
orginfo.csv
the task.list property.
Note: The extra "\" symbol is an
escape character.
task.worklocation.csv
File path to the workloc.csv file. Required if you specify Example: C\:\\build\\
LDAP_OPTIONAL_TASK_FILL_ORGANIZATION in
workloc.csv
the task.list property.
Note: The extra "\" symbol is an
escape character.
TDI.dir
Installation location of Tivoli Directory Integrator.
Example: C\:\\IBM\\TDI\\V6.1.1
Note: The extra "\" symbol is an
escape character.
Note: For more information about using CSV files to provide additional data for
Profiles, see the Supplemental user data for Profiles topic.
Related reference
“The database wizard response file” on page 54
The Lotus Connections database wizard can record your input in a response file
that you can use for silent installations.
Manually populating the Profiles database:
Instead of using the Profiles population wizard, you can manually populate the
database.
Before you begin
Before starting this task, complete the steps in the Mapping fields manually topic.
About this task
After installing the Profiles database and defining mapping and validation,
complete the following steps to populate the Profiles database:
Procedure
1. Update the profiles_tdi.properties file to specify values for the following
properties.
Note: To locate this file, unzip the tdisol.zip file from the TDISOL directory
in your Lotus Connections installation media. After unzipping, the file is
located in the <tdisol.zip>/tdisol/TDI directory.
Chapter 1. Installing
75
The following list contains properties that you must review. Edit any property
values that require editing for your configuration.
source_ldap_url
Universal resource locator of the LDAP directory which enables
programs to access the LDAP directory. Use the following syntax to
specify the value:
source_ldap_url=ldap://myldap.enterprise.example.com:389
source_ldap_user_login
A user login name is required if you cannot use Anonymous search.
Use the following syntax to specify the value:
source_ldap_user_login=uid=wpsbind,cn=users,l=Bedford Falls,
st=New York,c=US,ou=Enterprise,o=Sales Division,dc=example,dc=com
source_ldap_user_password
A user password is required (along with user login name) if you cannot
use anonymous search. Use the following syntax to specify the value:
{protect}-source_ldap_user_password=wpsbind
Note: TDI will automatically encrypt any properties which have the
{protect} prefix. If you don't want to encrypt these properties, remove
the {protect} prefix.
source_ldap_search_base
A portion of the LDAP DN that should be part of all entries processed.
Typically this contains the expected organization (o) value, such as
source_ldap_search_base=o=ibm.com. Use the following syntax to
specify the value:
source_ldap_search_base=l=Bedford Falls,st=New York,c=US,
ou=Enterprise,o=Sales Division,dc=example,dc=com
source_ldap_search_filter
A search filter to further refine the entries used. A typical value might
be source_ldap_search_filter=cn=*. Use the following syntax to
specify the value:
source_ldap_search_filter=(&(uid=*)(objectclass=inetOrgPerson))
source_ldap_use_ssl
Required only if you are using SSL to authenticate. Specifies whether to
use Secure Sockets Layer for the connection. Options are true or false.
dbrepos_jdbc_driver
JDBC driver used to access the Profiles database repository. The default
value of the properties file references the DB2 database provided with
Profiles as follows:
dbrepos_jdbc_driver=com.ibm.db2.jcc.DB2Driver
If you are using DB2, you do not need to modify this value. If you are
using an Oracle database, change the value to reference an Oracle
database. The following values are examples:
dbrepos_jdbc_driver=oracle.jdbc.driver.OracleDriver
dbrepos_jdbc_driver=oracle.jdbc.pool.OracleConnectionPoolDataSource
If you are using SQL Server, change the value to reference the SQL
Server database. The following value is an example:
com.microsoft.sqlserver.jdbc.SQLServerDriver
76
IBM Lotus Lotus Connections 2.5 Installation Guide
dbrepos_jdbc_url
Universal resource locator of the database that you created. This should
specify the peopledb database, and should include the port number.
For example:
v DB2:
jdbc:db2://localhost:50000/peopledb
v Oracle:
jdbc:oracle:thin:@localhost:1521:PEOPLEDB
v SQL Server:
jdbc:sqlserver://enterprise.example.com:1433;DatabaseName=PEOPLEDB
.
dbrepos_username
The user name used to authenticate to the database that you created.
Use the following syntax to specify the value:
dbrepos_username=<db_admin_id>
dbrepos_password
The password used to authenticate to the database that you created.
Use the following syntax to specify the value:
{protect}-dbrepos_password=act1vities
You can provide values for additional properties if necessary.
2. Optional: If you are setting the isManager field using a 1:1 mapping, ensure
that you specified how to set the field in the
map_dbrepos_from_source.properties file.
For example, if your LDAP has an "ismanager" field that is set to a value of Y
or N, your map_dbrepos_from_source.properties file could specify the
following:
PROF_IS_MANAGER=ismanager
Notes:
v If your source LDAP system uses a value other than Y or N to indicate
whether the person is a manager, write a JavaScript function to map the
value into a Y or N, and then provide a reference to that function here.
v If you are setting the PROF_IS_MANAGER field based on
PROF_MANAGER_UID references in other employees' records, perform Step
5 instead of this step.
3. Run the following script to create a file containing the distinguished names
(DNs) to be processed from the source LDAP directory.
v AIX or Linux:
./collect_dns.sh
Note: If the script does not run, you might need to enable its Executable
attribute by running the chmod command first. The Executable attribute of a
script can become disabled after the script is copied from a read-only
medium such as DVD.
v Microsoft Windows:
collect_dns.bat
The file created is named collect.dns by default. After the script runs, it creates
a log file called ibmdi.log in the /logs subdirectory of the TDI directory. Check
this file to find out how many entries were populated and whether there were
any errors encountered during the process.
Chapter 1. Installing
77
Note: Before starting this step, complete the steps in the Mapping fields manually
task.
4. Populate the database repository from the source LDAP directory by running
the following script:
v AIX or Linux:
./populate_from_dn_file.sh
v Windows:
populate_from_dn_file.bat
Depending on how many records you are processing, this step could take many
hours. For example, 5,000 records might take a few minutes, while half a
million records could take over 12 hours. Tivoli Database Integrator prints a
message to the screen after every 1,000 iterations to inform you of its progress.
Notes:
v If a failure occurs during processing, such as loss of the network connection
to the LDAP directory server, start processing the names from where it left
off. Check the PopulateDBFromDNFile.log file in the logs subdirectory to
find out which distinguished name was last successfully processed. (The
ibmdi.log file also keeps track of the tasks that you run.) Edit the DNS file
generated in the previous step, which is named collect.dns by default, to
remove all entries up to and including the last successfully processed entry.
Start the task again. This can be repeated as many times as necessary until
all of the distinguished names are processed.
v The script populates only those entries where the value for surname is not
null.
5. Optional: If you are setting the PROF_IS_MANAGER field based on
PROF_MANAGER_UID references in other employees' records, run the
following script:
v AIX or Linux:
./mark_managers.sh
v Windows:
mark_managers.bat
The acceptable values for the PROF_IS_MANAGER field are Y or N. Y
indicated that the person is a manager. Manager identification is not done as
part of the previous record population step because it must run across all the
records and it is possible that the initial record population step may not
complete in a single pass for large organizations.
6. Run the following script file to populate the Country table from the isocc.csv
file:
v AIX or Linux:
./fill_country.sh
v Windows:
fill_country.bat
7. Optional: Create any of the following tables that are relevant for your
organization, and then populate the local database repository with that
information:
Department codes
If your organization uses department codes, create a table that contains
one line per entry. In each entry, include a department code, followed
by a separator (such as a semicolon), and then a department
78
IBM Lotus Lotus Connections 2.5 Installation Guide
description. Name the table deptinfo.csv and store it in the solution
directory. After building the table, run the following script file:
v AIX or Linux:
./fill_department.sh
v Windows:
fill_department.bat
Employee type codes
If your organization uses employee type codes, create a table that
contains one line per entry. In each entry, include an employee type
code, followed by a separator, such as a semicolon, and then an
employee type description. Name the table emptype.csv and store it in
the solution directory. After building the table, run the following script
file:
v AIX or Linux:
./fill_emp_type.sh
v Windows:
fill_emp_type.bat
Organization codes
If you use organization codes, create a table that contains one line per
entry. In each entry, include an organization code, followed by a
separator, such as a semicolon, and then an organization description.
Name the table orginfo.csv and store it in the solution directory. After
building the table, run the following script file:
v AIX or Linux:
./fill_organization.sh
v Windows:
fill_organization.bat
Work location codes
If your organization uses work location codes, create a table that
contains one line per entry. In each entry, include a work location code,
followed by a separator, such as a semicolon, and then a location
description. Name the table workloc.csv and store it in the solution
directory. After building the table, run the following script file:
v AIX or Linux:
./fill_workloc.sh
v Windows:
fill_workloc.bat
Related concepts
Administering Profiles
Profiles provides two types of administrative capabilities: configuration settings
and administrative commands. You change configuration settings and execute
administrative commands by running scripts from the wsadmin command line.
Related tasks
“Populating the Profiles database” on page 64
Populate the Profiles database with data from the LDAP directory.
Tivoli Directory Integrator properties:
Lotus Connections maps LDAP properties with Tivoli Directory Integrator
configuration parameters.
Chapter 1. Installing
79
You can find white papers and other information about LDAP properties on
ibm.com® and other sites.
The following properties are stored in the source LDAP repository.
Table 12. LDAP Properties
Property
TDI parameter
source_ldap_sort_page_size
Definition
Currently used only by IBM Services personnel.
source_ldap_search_base
Search Base
Required. The search base used when iterating the
directory. This should be a distinguished name. Some
directories enable you to specify a blank string which
defaults to whatever the server is configured to do.
Other directory services require this to be a valid
distinguished name in the directory.
source_ldap_search_filter
Search Filter
Required. Search filter used when iterating the
directory.
source_ldap_url
LDAP URL
Required. The LDAP Web address used to access the
source LDAP system. For example:
ldap://host:port
source_ldap_use_ssl
Use SSL
Required if you are using SSL to authenticate. Set this
to "true" if you are using SSL (typically port 636 in the
LDAP URL). Options include the following: true and
false.
source_ldap_user_login
Login user name
Required. Login user name used for authentication. You
can leave this blank if no authentication is required.
source_ldap_user_password
Login password
Required. Login password used for authentication. You
can leave this blank if no authentication is required. The
value will be encrypted in the file the next time it is
loaded.
source_ldap_authentication
_method
Authentication
Method
Options include the following::
Anonymous
This method provides minimal security.
Simple This method uses a login user name and
password to authenticate. It is treated as
anonymous if no user name and password are
provided.
CRAM-MD5
Challenge/Response Authentication Mechanism
using Message Digest 5. This method provides
reasonable security against various attacks,
including replay.
SASL
source_ldap_collect_dns_file
80
IBM Lotus Lotus Connections 2.5 Installation Guide
Simple Authentication and Security Layer. This
method adds authentication support to
connection-based protocols. Specify parameters
for this type of authentication using the Extra
Provider Parameters option.
Name of the file used to collect distinguished names
(DNs) from the source LDAP, and then used during the
population processes to look up entries to add to the
database repository. The default value is collect.dns.
Table 12. LDAP Properties (continued)
Property
TDI parameter
Definition
source_ldap_debug
Flag used by Profiles processing which indicates
whether to print additional debug information to the
log. Use this to capture problem information when the
number of input records being processed has been
limited (for example, by specifying a much more specific
search filter). It also sets the detailed log setting of the
connectors that are used as part of the processing of
source to the database repository. Options include the
following: true and false.
source_ldap_escape_dns
Indicates that special characters have not been escaped
properly and identifies them so the processor can find
those characters and escape them. Special characters are:
v , (comma)
v = (equals)
v + (plus)
v < (less than)
v > (greater than)
v # (number sign)
v ; (semicolon)
v \ (backslash)
v " (quotation mark)
The backslash is used to escape special characters. A
plus sign is represented by \+ and a backslash is
represented by \\. The code will not escape commas, so
if you have DNs containing commas (as part of a name,
not separating fields in the DN), you must make sure
your DNs are already escaped. Typically, if you use the
collect_ldap_dns script with IBMTivoli Directory Server,
you will not need to set this property to true since the
data will be escaped properly. If you use
collect_ldap_dns with Active Directory or enter the data
manually, you may need to set this property to true.
source_ldap_required_dn
_regex
source_ldap_sort_attribute
Allows a regular expression to be used to limit the
distinguished names (DNs) which are processed by
providing a regular expression which must be matched.
If the regular expression is not matched, that particular
record is skipped. Although the search filter property
gives some flexibility, in case this is not sufficient, you
can use a more powerful regular expression.
Search Filter
Instructs the LDAP server to sort entries matching the
search base on the specified field name. This is usually
only needed in special circumstances.
The following properties are associated with the Profiles database repository.
Chapter 1. Installing
81
Table 13. Profiles Database Properties
Property
TDI parameter
Definition
dbrepos_jdbc_driver
JDBC Driver
Required. JDBC driver used to access the Profiles
database repository. The default value references the
DB2 database with the following value:
dbrepos_jdbc_driver=
com.ibm.db2.jcc.
DB2Driver
If you are using DB2, you do not need to modify this
value. If you are using an Oracle database, change the
value to reference an Oracle database. The following
values are example values:
dbrepos_jdbc_driver=
oracle.jdbc.driver.
OracleDriver
oracle.jdbc.pool.
OracleConnectionPool
DataSource
dbrepos_jdbc_url
JDBC URL
Required. JDBC Web address used to access the Profiles
database repository. You must modify the hostname
portion and port number to reference your server
information.
Note: You can find this information by accessing the
WebSphere Application Server Administration Console
(http://yourhost:9060), and then selecting Resources →
JDBC → Data sources → profiles. The default value uses
the syntax for a DB2 database. If you are using an
Oracle database, use the following syntax:
jdbc:oracle:thin:
@<host_name>:1521:
PEOPLEDB
dbrepos_username
User name
Required. User name under which the database tables,
which are part of the Profiles database repository, are
accessed.
dbrepos_password
Password
Required. Password associated with the username
under which the database tables, which are part of the
Profiles database repository, are accessed.
The following properties are associated with the task that monitors the Profiles
employee draft table for changes and transmits them through a DSML v2
connector.
Table 14. Change Monitoring Properties
Property
TDI parameter
monitor_changes_debug
82
IBM Lotus Lotus Connections 2.5 Installation Guide
Definition
Flag used by Profiles to monitor changelog processing,
which prompts the Tivoli Directory Integrator to print
additional debug information to the log. Use this when
debugging issues arise. This property also sets the
detailed log setting of the connectors used as part of the
monitor change log processing. Options include the
following: true and false.
Table 14. Change Monitoring Properties (continued)
Property
TDI parameter
monitor_changes_dsml_server
_authentication
Definition
Type of authentication used by the DSML server update
requests. Options include the following:
HTTP basic authentication
A method designed to allow a web browser, or
other client program, to provide credentials – in
the form of a user name and password – when
making a request.
Anonymous
This method provides minimal security.
monitor_changes_dsml_server
_url
Required if you are transmitting user changes back to
the source repository. Web address of the DSML server
to which the DSML update requests should be sent.
monitor_changes_dsml_server
_username
Required if you are transmitting user changes back to
the source repository. User name used for
authentication to the DSML server.
monitor_changes_dsml_server
_password
Required if you are transmitting user changes back to
the source repository. Password used for authentication
to DSML server that the DSML update requests should
be sent to.
monitor_changes_map
_functions_file
Path to the file containing mapping functions for
mapping from a changed database field to a source (for
example LDAP field). This is only needed if changes
made to the source based on database repository field
changes are not mapped simply one-to-one. You can use
the same file you use to map from source to database
repository fields, assuming the functions are named
appropriately.
monitor_changes_sleep
_interval
Polling interval (in seconds) between checks for
additional changes when no changes exist.
The following properties are associated with the Tivoli Directory Integrator
processing that reads a Tivoli Directory Server change log and subsequently
updates the database repository with those changes.
Table 15. Tivoli Directory Server Change Log Properties
Property
TDI parameter
Definition
ad_changelog_debug
Flag used by Active Directory Change Log Server
processing which prints additional debug information to
the log. Use this when you encounter debugging issues.
This property also sets the detailed log setting of the
connectors used as part of the monitor changelog
processing. Options include the following: true and
false.
ad_changelog_ldap_url
Required. LDAP Web address used to access the LDAP
system that was updated. For example:
ldap://host:port
ad_changelog_ldap_user
_login
Required. Login user name to use to authenticate with
an LDAP system that has been updated. You can leave
this blank if no authentication is needed.
Chapter 1. Installing
83
Table 15. Tivoli Directory Server Change Log Properties (continued)
Property
TDI parameter
ad_changelog_ldap_user
_password
Definition
Required. Login user name to use to authenticate with
an LDAP that has been updated. You can leave this
blank if no authentication is needed. The value will be
encrypted in the file the next time it is loaded.
ad_changelog_ldap_
search_base
ad_changelog_ldap_use
_ssl
Defines whether or not to use SSL in authenticating with
an LDAP system that was updated. Options include the
following: true and false.
ad_changelog_timeout
ad_changelog_sleep
_interval
Polling interval (in seconds) between checks for
additional changes when no changes exist.
ad_changelog_use
_notifications
Indicates whether to use changelog notifications rather
than polling. If true, the tds_changelog_sleep_interval is
not applicable since polling is not used. Options include
the following: true and false.
ad_changelog_ldap_page
_size
ad_changelog_start_at
Change number in the Active Directory changelog to
start at. Typically this is an integer, while the special
value "EOD" means start at the end of the changelog.
ad_changelog_ldap_required
_dn_regex.
tds_changelog_debug
tds_changelog_ldap
_authentication_method
Flag used by Tivoli Directory Server Change Log Server
processing which prints additional debug information to
the log. Use this when you encounter debugging issues.
This property also sets the detailed log setting of the
connectors used as part of the monitor changelog
processing. Options include the following: true and
false.
Authentication
Method
Authentication method used to connect to LDAP to read
records. Options include the following::
Anonymous
This method provides minimal security.
Simple This method uses a login user name and
password to authenticate. It is treated as
anonymous if no user name and password are
provided.
CRAM-MD5
Challenge/Response Authentication Mechanism
using Message Digest 5. This method provides
reasonable security against various attacks,
including replay.
SASL
tds_changelog_ldap
_changelog_base
84
ChangelogBase
IBM Lotus Lotus Connections 2.5 Installation Guide
Simple Authentication and Security Layer. This
method adds authentication support to
connection-based protocols. Specify parameters
for this type of authentication using the Extra
Provider Parameters option.
Changelog base to use when iterating through the
changes. This is typically cn=changelog.
Table 15. Tivoli Directory Server Change Log Properties (continued)
Property
TDI parameter
Definition
tds_changelog_ldap_time
_limit_seconds
Time Limit
Searching for entries must take no more than this
number of seconds (0 means no limit).
tds_changelog_ldap_url
LDAP URL
Required. LDAP Web address used to access the LDAP
system that was updated. For example:
ldap://host:port
tds_changelog_ldap_use_ssl
Use SSL
Defines whether or not to use SSL in authenticating with
an LDAP system that was updated. Options include the
following: true and false.
tds_changelog_ldap_user
_login
Login user name
Required. Login user name to use to authenticate with
an LDAP system that has been updated. You can leave
this blank if no authentication is needed.
tds_changelog_ldap_user
_password
Login password
Required. Login user name to use to authenticate with
an LDAP that has been updated. You can leave this
blank if no authentication is needed. The value will be
encrypted in the file the next time it is loaded.
tds_changelog_sleep_interval
Polling interval (in seconds) between checks for
additional changes when no changes exist.
tds_changelog_start_at
_changenumber
Change number in the Tivoli Directory Server changelog
to start at. Typically this is an integer, while the special
value "EOD" means start at the end of the changelog.
tds_changelog_use
_notifications
Indicates whether to use changelog notifications rather
than polling. If true, the tds_changelog_sleep_interval is
not applicable since polling is not used. Options include
the following: true and false.
The following property is associated with the query utilities.
Table 16. Query Utility Properties
Property
Definition
query_db_by_name_file
Name of the file used by query_input_by_name as the
source of names to query. The default value is
query_name.in.
Mapping fields manually:
To populate the Profiles database with data from the enterprise LDAP directory,
map the content of the fields in the database to the fields in the LDAP directory.
About this task
When you run the Profiles population wizard in interactive mode, it generates two
property files in the Wizards\TDIPopulation directory: a tdisetting.properties file
and a mappings.properties file. If you do not specify the -mappingFile command
parameter when you map fields manually, the population wizard uses the
mappings.properties file to create LDAP values.
The Profiles population wizard also creates the
map_dbrepos_from_source.properties file, located in the Wizards\TDIPopulation\
TDI directory, and updates this file with data from the mappings.properties file
when you run the Profiles population wizard in silent mood. Both the
Chapter 1. Installing
85
map_dbrepos_from_source.properties file and the mapping.properties file have
similar content. You should only use the map_dbrepos_from_source.properties file
as the value of the -mappingFile command parameter if you cannot use the
mappings.properties file.
Edit the map_dbrepos_from_source.properties and
map_dbrepos_to_source.properties files to map fields between the Profiles
database and the LDAP directory. Open the profiles_functions.js file to see the
options for the different mapping functions. You can add your own functions if
necessary.
To map fields, complete the following steps:
Procedure
1. Edit the properties files to define the mapping between the LDAP directory and
the Profiles database. Consider using LDAP viewer software to help you map
the fields.
v To define the mappings that are used when populating the Profiles database
from the enterprise directory:
a. From the TDI directory, open the map_dbrepos_from_source.properties
file in a text editor.
b. Add or modify the field values. Any values you omit or set to null will
not be populated in the database. You can modify the values in one of the
following ways:
– 1:1 mapping – If one field in the Profiles database matches one field in
the enterprise directory, type the name of the field in the Profiles
database and set it equal to the associated source database LDAP
property. For example:
bldgId=buildingname
– Complex mapping – If there is a more complex relationship between
the fields in the Profiles database and enterprise directory, such as, for
example, the content of the property in the enterprise LDAP directory
must be split into multiple fields in the Profiles database, use a
Javascript function to define the relationship. Define the function in
profiles_functions.js and wrap the name of the Javascript function in
curly brackets {}. Begin function names with "func_" so you can more
easily identify them. For example:
bldgId={func_map_to_db_bldgId}
Note: See the table below for a list of the default values set for the fields.
v To define mappings from the Profiles database to the enterprise directory:
a. From the TDI directory, open the map_dbrepos_to_source.properties file
in a text editor.
b. Add or modify the field values in one of the following ways:
– 1:1 mapping – If one field in the Profiles database matches one field in
the enterprise LDAP directory, type the name of the source LDAP
property and set it equal to the field in the Profiles database. For
example:
buildingname=PROF_BUILDING_IDENTIFIER
– Complex mapping – If there is a more complex relationship between
the fields in the Profiles database and the enterprise directory, such as,
for example, the content of the property must be split into multiple
86
IBM Lotus Lotus Connections 2.5 Installation Guide
fields in the Profiles database, use a Javascript function to define the
relationship. Define the function in profiles_functions.js and wrap the
name of the Javascript function in curly brackets {}. Begin function
names with "func_" so you can more easily identify them. For example:
buildingname={func_map_from_db_PROF_BUILDING_IDENTIFIER}
v Add a line at the bottom of the file and type the name of the LDAP file that
you want to map to the extension field. For example:
PROF_VALUE.property1=carLicense.
2. Open the tdi-profile-config.xml file. After the Tivoli Directory Integrator
Solution files are extracted, the file is located in the following directory:
TDI/conf/LotusConnections-config
3. Modify the file to indicate the property to extend, the property's name, data
type, and key. Use the following parameters:
Table 17. Custom extension attribute parameters
Parameter
Description
extensionId
The ID of the extension attribute.
This parameter is required.
sourceKey
The name of the LDAP attribute that maps to the extension
attribute.
This parameter is required.
userLabel
An administrator-defined label for the extension attribute
that is populated into the database. This string does not
display in the user interface or API.
This parameter is optional.
userTypeString
An administrator-defined string defining the data type of
the extension attribute. This string does not display in the
user interface or API.
This parameter is optional.
For example, to add a simple attribute called spokenLangs, the configuration
would look very similar to the configuration in the profiles-config.xml file:
<simpleAttribute extensionId="spokenLangs"
length="64"
userLabel="Spoken Languages"
userTypeString="String"
sourceKey="spokenLang"/>
Note: The formatting is compatible between the tdi-profile-config.xml file
and the profiles-config.xml file, allowing you to copy and paste configuration
information between the files.
4. Save your changes to tdi-profile-config.xml and then close the file.
What to do next
The properties in the map_dbrepos_from_source.properties file have the default
values defined in the table below. Many of them are null. You must determine
which LDAP properties to map to your database fields and edit this file to specify
values that apply to your configuration. Any values you omit or set to null will
not be populated in the database.
Chapter 1. Installing
87
Table 18. Default values for properties in the map_dbrepos_from_source.properties file
TCI property
Default LDAP Attribute Mapping
alternateLastname
null
blogUrl
null
bldgId
null
calendarUrl
null
courtesyTitle
null
deptNumber
null
description
null
displayName
cn
employeeNumber
employeenumber
employeeTypeCode
employeetype
experience
null
faxNumber
facsimiletelephonenumber
freeBusyUrl
null
floor
null
givenName
givenName
groupwareEmail
null
guid
See Note.
ipTelephoneNumber
null
countryCode
c
isManager
null
jobResp
null
loginId
See Note.
email
mail
managerUid
$manager_uid
Note: This property represents a lookup of the UID of the
manager using the Distinguished Name in the manager
field.
88
mobileNumber
mobile
nativeFirstName
null
nativeLastName
null
orgId
ou
pagerNumber
null
pagerId
null
pagerServiceProvider
null
pagerType
null
officeName
physicaldeliveryofficename
preferredFirstName
null
preferredLanguage
preferredlanguage
preferredLastName
null
secretaryUid
null
IBM Lotus Lotus Connections 2.5 Installation Guide
Table 18. Default values for properties in the map_dbrepos_from_source.properties
file (continued)
TCI property
Default LDAP Attribute Mapping
shift
null
distinguishedName
$dn
surname
sn
Note: You must provide this field because the Search
feature relies on it being present in the Profiles database.
telephoneNumber
telephonenumber
timezone
null
title
null
uid
See Note.
workLocationCode
postallocation
surnames
sn
givenNames
gn
logins
null
Note: The guid property identifies the global unique ID of a user. This property's
value is created by the LDAP directory and is unique, complex, and never changes.
It is essential in that it maps each user's Lotus Connections data to their User ID
when using the Profiles database as the user repository. The mapping of the guid
property must be handled differently depending on the type ofLDAP directory that
you are using:
v Active Directory
guid={function_map_from_objectGUID}You must use a Javascript function to
define the value for Active Directory because objectGUID is stored in Active
Directory as a binary value, but is mapped to guid, which is stored as a string in
the Profiles database. Also, keep in mind that the samAccountName property
used by Active Directory has a 20-character limit, as opposed to the
256-character limit of the other IDs used by Lotus Connections.
v Active Directory Application Mode (ADAM)
guid={function_map_from_objectSID}
v Domino
guid={function_map_from_dominoUNID}
v IBM Directory Server
guid=ibm-entryUuid
v Sun Java System Directory Server
guid=nsUniqueID
v Novell eDirectory
guid={function_map_from_GUID}
If you edited the wimconfig.xml file to use a custom global unique ID, be sure to
specify that custom ID here.
The uid property, not to be confused with the guid property, defines the unique ID
of a user. This property differs from a guid in that it is the 'organization-specific'
permanent identifier for a user – often a login id or some value based on the user's
employee code. The uid is a critical field in the Profiles database. By default, this
property links a given person's user record back to LDAP data. The value you map
to uid must meet the following requirements:
Chapter 1. Installing
89
v
v
v
v
It must be present in every entry which is to be added to the database
It must be unique
In a multi-LDAP environment, it must be unique across LDAP directories
It must be 256 characters or fewer in length
In Microsoft Active Directory, although there often is a UID field available, this is
not always the best choice for mapping to uid because it is not guaranteed to be
present for all entries. A better choice is sAMAccountName because it usually does
exist for all entries. Other values are acceptable also, as long as they meet the
requirements.
Notes:
v If you are mapping the uid from an LDAP field, specify the name of the field.
However, if you need to parse it from the distinguished name and it is in the
DN in the form of uid=value, use the following mapping function:
{func_map_to_db_UID}
v Use the isManager and managerUid properties to set up the organizational
structure of the organization. The isManager field determines whether the
current person is a manager or not. You must assign a Y (Yes) or N (No) value
to this property for each entry. Y identifies the person as a manager. The
managerUid identifies the UID of the current person's manager. By default,
managerUid is mapped to $manager_uid, which represents a lookup of the UID
of the manager (using the Distinguished Name contained in the LDAP manager
field). If a user's manager information is not contained in the $manager_uid
field, you should adjust the mapping accordingly. These two properties work
together to identify manager/employee relationships and create a report-to chain
out of individual user entries.
v If users intend to log into Profiles using a single-valued user name other than
the value specified in the uid or email properties, you must map that user name
value to the loginId property. To do so, complete the following steps:
– Set the loginId property in the map_dbrepos_from_source.propeties file equal
to the LDAP property you want to use as the login ID. For example, if you
are using Active Directory and want to use the samAccountName property as
the login property, edit the property value as follows:
loginId=samAccountName
Note: If you have more than one additional login ID (such as with a long and
short form user ID) and you wish to allow the user to login with either of their
login IDs, you can populate multiple additional login IDs by using one of the
following settings:
logins=multiValuedLdapAttribute
or
logins={function_to_get_multiple_ldap_values}
For more information, read the Tivoli Directory Integrator product documentation.
90
IBM Lotus Lotus Connections 2.5 Installation Guide
Related tasks
Synchronizing user data between Profiles and the LDAP directory
Ensure that data in the LDAP directory is kept current by synchronizing any
changes made to the Profiles directory back to the LDAP server.
“Specifying a custom ID attribute for users or groups” on page 33
Specify custom global unique ID attributes to identify users and groups in the
LDAP directory.
Related reference
“Supplemental user data for Profiles” on page 93
When you map LDAP data to the Profiles database, you can use that data to create
additional tables.
“Report-to chains for Profiles” on page 92
When you map manager data to the Profiles database, you can use that data to
create report-to chains.
Profiles attributes
Choose from among the predefined Profiles attributes to identify the job, contact,
and associated information attributes that are included in the Profiles user
interface.
“Attribute mapping for Profiles”
When the Profiles directory service is enabled, Lotus Connections relies on the
Profiles database to provide user data such as user name, ID, and e-mail.
“Population functions for populating ID into PROF_GUID” on page 92
The following table shows the population functions that are used in TDI scripts to
populate ID into PROF_GUID.
Attribute mapping for Profiles:
When the Profiles directory service is enabled, Lotus Connections relies on the
Profiles database to provide user data such as user name, ID, and e-mail.
The following table shows the mapping relationships between Profiles, the Profiles
directory service, Virtual Member Manager, and LDAP.
Table 19. Attribute mapping table
Profiles database
column
Profiles
Directory
Service
Virtual Member Manager LDAP
PROF_GUID
ID
uniqueId
UUID/GUID/UNID
(defined in RFC4122)
PROF_DISPLAY
_NAME
Name
cn
cn
PROF_MAIL
Mail
mail/ibm-primaryEmail
mail/ibm-primaryEmail
PROF_SOURCE
_UID
DN
uniqueName
DN
UID or
samAccountName (in
MS AD/ADAM only)
PROF_UID
UID
UID
PROF_LOGIN
LOGIN
Login attributes other than LDAP login attributes
UID and mail
other than UID and mail
Chapter 1. Installing
91
Related tasks
“Mapping fields manually” on page 85
To populate the Profiles database with data from the enterprise LDAP directory,
map the content of the fields in the database to the fields in the LDAP directory.
Population functions for populating ID into PROF_GUID:
The following table shows the population functions that are used in TDI scripts to
populate ID into PROF_GUID.
Purpose
Table 20. Population functions for populating ID into PROF_GUID
LDAP
implementations
LDAP
attribute type
names
LDAP syntax
TDI scripts with
functions
IBM Lotus Domino
Server
dominoUNID
Directory String (in
Byte String Format)
{function_map_from_
dominoUNID}
Novell eDirectory
Server
GUID
Octet String (in Binary
Format)
{function_map_from_
GUID}
Microsoft AD/ADAM
Server/Service
objectGUID
Octet String (in Binary
Format)
{function_map_from_
objectGUID}
Microsoft AD/ADAM
Server/Service
objectSID
Octet String (in Binary
Format)
{function_map_from_
objectSID}
IBM Tivoli Directory
Server
ibmentryUUID
Directory String (in
Canonical Format)
n/a
Sun Java Directory
Server
nsuniqueid
Directory String (in
Canonical Format)
n/a
.
Related tasks
“Mapping fields manually” on page 85
To populate the Profiles database with data from the enterprise LDAP directory,
map the content of the fields in the database to the fields in the LDAP directory.
Report-to chains for Profiles
When you map manager data to the Profiles database, you can use that data to
create report-to chains.
Mark manager
The Mark manager mapping task in the Profiles population wizard marks the
profiles of those users who are also managers. That data is referenced when
displaying profile data and is also used to generate report-to chains for users. The
data is stored in theprofiles_tdi.properties file.
The Mark manager mapping task for Profiles maps this data as follows:
Mark managers
A Y or N attribute is assigned to an employee to indicate whether the
employee is listed as a manager of other employees. The reason to run this
task is because the isManager field in an employee record might not be
able to be determined from the LDAP or by means of a function. The task
iterates through all of the employee records and sets the isManager to Y
for any referenced managers.
92
IBM Lotus Lotus Connections 2.5 Installation Guide
For information on configuring the display of the report-to field for your
organization, see the Enabling the display of organizational structure information .
Related tasks
“Mapping fields manually” on page 85
To populate the Profiles database with data from the enterprise LDAP directory,
map the content of the fields in the database to the fields in the LDAP directory.
Enabling the display of organizational structure information
Use scripts to enable or disable the display of organizational structure information
in Profiles.
Supplemental user data for Profiles:
When you map LDAP data to the Profiles database, you can use that data to create
additional tables.
Mapping user data
You can map additional user data to supplemental tables within the Profiles
database and then display that data in a user's profile. When the LDAP directory
provides a code or abbreviation for a particular setting, the supplemental table can
provide extra data. For example, an employeeType of P in the LDAP directory
might correspond to Permanent. If the employee-type table is populated with data
such as p;permanent, this extra data can be displayed in the profile.
The profiles_tdi.properties file stores the settings that determine how the tables
are populated.
The mapping task for Profiles maps your user data to the following entities:
Fill countries
Add country data to each profile.
Fill departments
Add country data to each profile.
Fill organization
Add organization data to each profile.
Fill employee types
Add employee-type data to each profile.
Fill work locations
Add location data to each profile.
CSV files
A CSV (comma separated value) file is required as input for each of these tasks.
The following sample shows common properties of a CSV file:
country_table_csv_separator=;
country_table_csv_file=isocc.csv
department_table_csv_separator=;
department_table_csv_file=deptinfo.csv
emp_type_table_csv_separator=;
emp_type_table_csv_file=emptype.csv
organization_table_csv_separator=;
Chapter 1. Installing
93
organization_table_csv_file=orginfo.csv
workloc_table_csv_separator=;
workloc_table_csv_file=workloc.csv
The data that can be populated in these tables is usually provided as two values
per line: code;description.
For the workloc code, the values can be code;addr1;addr2;city;state;zip. For example:
WSF;FIVE TECHNOLOGY PARK DR;;WESTFORD;MA;01886-3141.
Fields that you do not require in your mapping can be omitted from the file; the
example above uses only one addr field.
Sample CSV file
This sample shows some lines from the isocc.csv file, which can be used to fill
countries data:
ad;Andorra, Principality of
ae;United Arab Emirates
af;Afghanistan, Islamic State of
ag;Antigua and Barbuda
ai;Anguilla
al;Albania
am;Armenia
an;Netherlands Antilles
ao;Angola
aq;Antarctica
ar;Argentina
You can find more sample CSV files in the <wizard_files_directory>/
TDIPopulation/TDISOL/<aix|lin|win>/samples directory, where the
<wizard_files_directory> is the location of the various Wizard files that you
downloaded or received on disk, and <aix|lin|win> is the AIX, Linux, or Microsoft
Windows version of the directory.
For information on configuring the display of the report-to field for your
organization, see Enabling the display of organizational structure information.
Related tasks
“Mapping fields manually” on page 85
To populate the Profiles database with data from the enterprise LDAP directory,
map the content of the fields in the database to the fields in the LDAP directory.
Installing Lotus Connections
Select the Lotus Connections features that you plan to use and install them in a
stand-alone or clustered deployment.
94
IBM Lotus Lotus Connections 2.5 Installation Guide
Related tasks
“Installing in silent mode” on page 124
Use a silent installation to perform an identical installation on multiple systems.
“Migrating a stand-alone deployment” on page 274
Migrate your Lotus Connections 2.0.1 stand-alone deployment to release 2.5.
“Migrating a network deployment” on page 289
Migrate your Lotus Connections 2.0.1 network deployment to release 2.5.
Related reference
“Lotus Connections detailed system requirements” on page 13
A variety of hardware and software is required to run IBM Lotus Connections.
“Lotus Connections detailed system requirements” on page 13
Use the updateLC command to run the update wizard in silent mode.
Installing a stand-alone deployment
Install a stand-alone deployment of Lotus Connections on WebSphere Application
Server.
Before you begin
Before running the installation wizard, ensure that you have installed all the
prerequisite software and completed the preinstallation tasks. Ensure also that the
system or systems where you are installing the features meet the system
requirements.
Check the online release notes for late-breaking issues.
Notes:
v The Lotus Connections installation wizard supports the creation of new server
instances.
v You can use the SQL Server JDBC driver in both the app_server_root/lib
directory and the driver downloaded from Microsoft The wizard checks the
connection for the Microsoft JDBC driver only. If you are using the bundled
driver, you need to manually test the connection after installation.
v (AIX only). If you are downloading the wizard, the TAR program available by
default with AIX does not handle path lengths longer than 100 characters. To
overcome this restriction, use the GNU file archiving program instead. This
program is an open source package that IBM distributes through the AIX
Toolbox for Linux Applications at the IBM AIX Toolbox Web site. Download and
install the GNU-compatible TAR package. You do not need to install the RPM
Package Manager because it is provided with AIX.
After you have installed the GNU-compatible TAR program, change to the
directory where you downloaded the Lotus Connections TAR file, and enter the
following command to extract the files from it:
gtar -xvf <Lotus_Connections_wizard>_aix.tar
This command creates a directory named after the wizard.
About this task
A stand-alone deployment uses a single WebSphere Application Server profile and
single server instance where you can install a set of Lotus Connections features.
You can choose the Advanced stand-alone deployment option to install the features
on multiple server instances.
Chapter 1. Installing
95
To install Lotus Connections in a stand-alone deployment, complete the following
steps:
Procedure
1. Stop all WebSphere Application Server processes on the system where you
plan to install Lotus Connections.
2. From the Lotus_Connections set-up directory or installation media, run the
following script to launch the installation wizard:
v AIX or Linux:
./install.sh
Note: If the script does not run, you might need to enable its Executable
attribute by running the chmod command first. The Executable attribute of
a script can become disabled after the script is copied from a read-only
medium such as DVD.
v Microsoft Windows:
install.bat
3. Select an installation language and click OK. The wizard skips this step when
it detects the default language on your system.
4. On the Welcome page, click Launch Information Center to open the Lotus
Connections Information Center in a browser window. Click Next to continue.
5. Review and accept the license agreement by clicking the I accept both the
IBM and non-IBM terms. Click Next.
6. On the Response file page, select one of the options to save a response file if
you want to run the wizard in silent mode for future installations.
Option
Description
Install Lotus Connections only.
Install the product without saving a
response file.
Create response file only
Create a response file that you can use in a
silent installation on another system. This
option does not install any software on your
system. You can select this option to modify
an existing response file.
Note: Use the installation wizard to modify
response files that you have already created.
Manual modifications to a response file
might cause a silent installation to fail.
Install Lotus Connections and create a
response file.
Install the product and save a response file.
Enter a location for the response file or accept the default location. Click Next.
7. On the Deployment options page, select one of the following options and click
Next.
96
Option
Description
Stand-alone deployment
All features are deployed on one server
instance within a single WebSphere
Application Server profile. Select this option
to support a workgroup or small
organization.
IBM Lotus Lotus Connections 2.5 Installation Guide
Option
Description
Advanced stand-alone deployment
All features are deployed on two or more
server instances within a single WebSphere
Application Server profile. Select this option
to support a medium-size organization.
8. Select the directory where you want to install Lotus Connections: you can
accept the default directory, enter a new directory name, or click Browse to
select an existing directory.
9. Select the features that you want to install and click Next. The wizard checks
for any conflicts between the WebSphere Application Server profile and
installation directories. Select from the following options:
Option
Description
Activities
Collaborate with colleagues
Blogs
Write personal perspectives for colleagues
Communities
Discussion forums
Dogear
Bookmark important Web sites
Note: In Lotus Connections 2.5, the Dogear feature in the
user interface is renamed as Bookmarks.
Files
Share files among users
Profiles
Find people in the organization
Wikis
Create content for your Web site
10. Select the extended features that you want to install and click Next. You can
select from the following options:
Option
Description
Home page
Access features and widgets from a central point
Mobile
Access Lotus Connections from mobile devices
Search
Search data across all Lotus Connections features
News repository
Stay informed about updates
Note: The Home page and Mobile features rely on the features that you
selected in the previous step. The Search and News features provide services
to the features that you selected in the previous step.
11. Select the WebSphere Application Server installation that will host Lotus
Connections and click Next. For example:
v AIX:
/usr/IBM/WebSphere/AppServer
v Linux:
/opt/IBM/WebSphere/AppServer
v Windows:
C:\Program Files\IBM\WebSphere\AppServer
After you identify the location of the WebSphere Application Server instance,
the installer checks to make sure that security is enabled on that server.
Note: If the location of the server that you want to use is not displayed, click
Cancel to exit the installation wizard and complete the following steps:
Chapter 1. Installing
97
a. Open a command prompt on the system where you installed WebSphere
Application Server.
b. Change to the Lotus_Connections_Install directory on the same system
and enter the following command:
v AIX or Linux:
./install.sh -W inputWasLocation.propertyValue=true
v Windows:
install -W inputWasLocation.propertyValue=true
Note: Use Progra~1 to represent the Program Files directory name; the
installation command does not recognize file path parameters that
contain spaces.
c. Re-start the installation wizard. You are directed to a page where you can
manually specify the location of the WebSphere Application Server. Enter
the location, based on the following format, and click Next:
v AIX:
/usr/IBM/WebSphere/AppServer
v Linux:
/opt/IBM/WebSphere/AppServer
v Windows:
C:\Progra~1\IBM\WebSphere\AppServer
12. Enter values for the WebSphere Application Server profile and server instance:
a. Select a WebSphere Application Server profile.
b. Select an existing server instance from the Server instance list or create a
server instance by selecting Create new server (a new page appears where
you can enter the name of the new server instance).
c. Click Next.
13. Enter the User ID and Password of the default administrative user for Lotus
Connections. You must have already created this user ID in your LDAP
directory or in WebSphere Identity Manager. The ID is mapped to an
authentication alias called connectionsAdmin. The installed features use this
authentication alias for internal administrative roles, including the
search-admin, dsx-admin, and widget-admin roles.
Notes:
v If you plan to use a third-party Single Sign-On solution such as Tivoli
Access Manager or SiteMinder, this user ID must exist in your LDAP
directory.
v If you want to change the connectionsAdmin alias to use a different user
ID, follow the relevant procedures in the Managing stored credentials topic.
You also need to update the SIBus references to the user ID. For more
information, see the Updating the messaging bus configuration when the
connectionsAdmin user ID changes topic.
14. Enter the host name of the WebSphere Application Server installation and
click Next. The wizard retrieves HTTP port values for WebSphere Application
Server.
Note: Use the fully-qualified DNS name or short DNS name for the host
server. Do not use the IP address of the host.
15. Select a database type from one of the following options:
98
IBM Lotus Lotus Connections 2.5 Installation Guide
v DB2 Universal Database™
v Oracle Enterprise Edition
v SQL Server 2005 Enterprise Edition
16. Specify whether the databases for the features are located on the same server:
Select Yes or No and then click Next. The sub-steps that follow provide
detailed information about each of these options.
Note: The installation wizard tests your database connection with the
database values that you supplied. You can change the database configuration
later in the WebSphere Application Server Integrated Solutions Console.
Option
Description
Yes, the database same
server.
Enter the following database information:
1. Enter the fully-qualified domain name of the database
server. For example:
appserver.enterprise.example.com.
2. Enter the port number of the database service. The
default values are: 50000 for DB2, 1521 for Oracle, and
1433 for SQL Server.
3. Enter the location of the JDBC driver library. For
example:
v AIX:
/usr/ibm/WebSphere/AppServer/lib
v Linux:
/opt/ibm/WebSphere /AppServer/lib
v Windows:
C:\IBM\WebSphere\Appserver\lib
Ensure that the following JDBC driver libraries are
present in the JDBC directory:
DB2
db2jcc.jar and db2jcc_license_cu.jar
Oracle
ojdbc14.jar
SQL Server
Download the SQL Server 2005 JDBC 1.2 driver
from the Microsoft Web site to the WebSphere
Application Server lib directory and enter that
directory name in the JDBC driver library
field.
Note: The wizard can use this JDBC driver to
test your database connection. You can leave
the field unchanged and skip this page. After
you complete this installation, Lotus
Connections uses the Websphere Application
Server internal SQL Server JDBC driver.
4. Click Next.
5. For each Lotus Connections feature, enter the
Application user password. You specified this
password when you created a database for each feature.
Chapter 1. Installing
99
Option
Description
No, different database
servers
Enter the following database information:
1. Type the path to the JDBC driver library.
2. For each feature, enter the following information:
a. Type the Host name of the database server. For
example: appserver.enterprise.example.com.
b. Type the Port number of the database server. The
default values are: 50000 for DB2, 1521 for Oracle,
and 1433 for SQL Server.
c. Type the database name.
d. Type the Application user ID of the account to use
to connect to the database.
e. Type the Application user password. You specified
this password when you created a database for each
feature.
Note: If your database type is Oracle, you must connect to the database with
the user ID that you used when you created the feature databases.
17. Set up data directories for the features, using either one of the following
methods:
v Specify a data directory for Lotus Connections. The wizard creates a parent
directory with sub-directories for each feature.
v Specify a data directory for each feature.
18. Optional: This step is required only if you selected the option to specify a data
directory for each feature. For each feature that you are installing, enter the
required directory information.
Table 21. Data directories for features
Feature
Directory (samples only)
Description
Activities
statistics files
v AIX or Linux:
Statistics files that store
statistics generated by
Activities. The file format is
CSV
– /usr/IBM/LotusConnections/Data/
activities/statistic
v Windows:
– C:\Program Files\
LotusConnections\Data\
activities\statistic
Activities
content files
v AIX or Linux:
– /usr/IBM/LotusConnections/Data/
activities/content
v Windows:
– C:\Program Files\
LotusConnections\Data\
activities\content
Blogs upload
files
v AIX or Linux:
– /usr/IBM/LotusConnections/Data/
blogs/upload
v Windows:
– C:\Program Files\
LotusConnections\Data\blogs\
upload
100
IBM Lotus Lotus Connections 2.5 Installation Guide
Content directory to store files
uploaded to Activities by
users. This directory is
additional storage space
outside the database and
stores files such as images.
File upload directory for
adding files such as images to
Blogs.
Ensure that the directory has
enough disk space because
these files can become very
large.
Table 21. Data directories for features (continued)
Feature
Directory (samples only)
Description
Communities
statistics files
(See Note)
Statistics files for Communities
Note: The Communities
statistics directories are not
used in release 2.5. Accept the
default location provided by
the installation wizard and
click Next.
Communities
discussion
forum content
v AIX or Linux:
Content store for the
discussion forums, storing
additional content such as
images and presentations
– /usr/IBM/LotusConnections/Data/
communties/content
v Windows:
– C:\Program Files\
LotusConnections\Data\communties\
content
Dogear favicon v AIX or Linux:
files
– /usr/IBM/LotusConnections/Data/
dogear/favorite
v Windows:
Favicon files directory, used
for the favicons (favorite icons)
that are generated by Dogear
users
– C:\Program Files\
LotusConnections\Data\dogear\
favorite
Files
v AIX or Linux:
Files content
– /usr/IBM/LotusConnections/Data/
files/contentstore
v Windows:
– C:\Program Files\
LotusConnections\Data\files\
contentstore
Profiles
statistics files
v AIX or Linux:
– /usr/IBM/LotusConnections/Data/
profiles/statistic
Statistics files, used for storing
statistics generated by Profiles.
The file format is CSV
v Windows:
– C:\Program Files\
LotusConnections\Data\profiles\
statistic
Profiles cache
v AIX or Linux:
Cached files
– /usr/IBM/LotusConnections/Data/
profiles/cache
v Windows:
– C:\Program Files\
LotusConnections\Data\profiles\
cache
Chapter 1. Installing
101
Table 21. Data directories for features (continued)
Feature
Directory (samples only)
Description
Search
dictionary
v AIX or Linux:
Search dictionary files
– /usr/IBM/LotusConnections/Data/
search/dictionary
v Windows:
– C:\Program Files\
LotusConnections\Data\search\
dictionary
Search index
Search index files
v AIX or Linux:
– /usr/IBM/LotusConnections/Data/
search/index
v Windows:
– C:\Program Files\
LotusConnections\Data\search\
index
Wikis
Wikis content
v AIX or Linux:
– /usr/IBM/LotusConnections/Data/
wikis/contentstore
v Windows:
– C:\Program Files\
LotusConnections\Data\wikis\
contentstore
19. Decide whether you want to enable e-mail notification. If you click No, the
installer skips the next step, and you can configure notification later.
20. Optional: If you decided to enable e-mail notification, you can select one of
the following notification options:
Option
Description
WebSphere Java mail session
Use a single mail server for all notifications.
Choose this option if you can access an
SMTP server directly using the host name.
DNS MX records
Use a Domain Name System (DNS) server to
find an available SMTP messaging server.
Choose this option if you need to use a DNS
server to access the SMTP server.
Note: The choice you make in this step determines which of the following
two steps you need to complete.
21. Optional: If you selected the Java notification option, specify the properties of
the SMTP server and then click Next:
Fill out the following fields to identify the mail server to use for sending
e-mail:
v Host name of the SMTP messaging server. Type the host name or IP
address of the preferred SMTP mail server if you have a specific SMTP
messaging server.
v Fill out the following fields, if required, to identify the mail server to use
for sending e-mail:
102
IBM Lotus Lotus Connections 2.5 Installation Guide
– User ID and Password – Enter these values if the SMTP server requires
authentication.
– Enable SSL – Enable SSL if you want to encrypt outgoing mail to the
SMTP server."
– Port – Accept the default port of 25, or enter port 465 if you are using
SSL.
22. Optional: If you selected DNS MX records as the notification solution, enter
the following information and then click Next:
v Messaging domain name. Type the name or IP address of a messaging
domain.
v DNS server for the messaging servers. Type the host name or IP address of
the DNS server.
v DNS port that is used for sending queries over the messaging server.
v User ID. If SMTP authentication is required, type the administrator user ID
for the SMTP server.
v Password. If SMTP authentication is required, type the password for the
administrator user of the SMTP server.
v Encrypt outgoing mail traffic to the SMTP messaging server using SSL.
Select the check box if you want to use the Secure Sockets Layer (SSL)
when connecting to the SMTP server.
v Port. Specify the port number to use for the SMTP server connection. The
default port number for the SMTP protocol is 25. The default port number
for SMTP over SSL is 465.
23. (Only required if you installed the Profiles feature.) Select a directory to use
when searching for users. You can choose the Profiles database or your LDAP
directory.
Note:
v If you select the Profiles database, the features retrieve user data from the
Profile database. Ensure that you have followed the steps in the Populating
the Profiles database topic. By selecting this option, you are also enabling the
Profiles directory service extension. This service extension allows other
Lotus Connections features to access Profiles data. For more information,
see the Common directory services topic.
v If you select LDAP, all the features except Profiles retrieve user data from
the LDAP directory through the WebSphere Application Server Virtual
Member Manager. The Profiles feature uses its own database.
24. Review the information that you have entered. To revise your selections, click
Back. To finalize the installation, click Next.
25. Review the result of the installation. Click Finish to exit the installation
wizard
Results
The installation wizard has installed Lotus Connections in a stand-alone
deployment.
The lcinstalllog.txt log file is stored in a temporary directory and is overwritten by
subsequent installations. If you plan to install additional features on the same
system and want to be able to refer to the log file generated by the installer,
change the file name or copy the lcinstalllog.txt file from the following directory:
v AIX or Linux:
Chapter 1. Installing
103
/tmp/lcinstalllog.txt
v Windows:
C:\Documents and Settings\<user_name>\ Local Settings\temp\1\
lcinstalllog.txt
into this directory:
Note: These examples assume that you installed Lotus Connections in the default
directories. If you selected different installation directories, change the file paths
accordingly.
v AIX:
/usr/IBM/WebSphere/LotusConnections/lcinstalllog.txt
v Linux:
/opt/IBM/WebSphere/LotusConnections/lcinstalllog.txt
v Windows:
C:\Program Files\IBM\WebSphere\LotusConnections\lcinstalllog.txt
What to do next
Open a Web browser and navigate to the URL of each feature to ensure that the
installation was successful. Complete this test before performing any
customizations or any post-installation tasks.
If you selected the Advanced stand-alone option to install Lotus Connections on
multiple server instances, you need to manually link the buses that forward
messages between the News repository and other features. For more information,
see the Linking buses manually for non-federated servers topic.
Related concepts
“Stand-alone deployment” on page 9
A stand-alone deployment is an installation of one or more Lotus Connections
features. Use this small-scale production deployment for deployment to
workgroups and small businesses.
Related tasks
“Installing the first node of a cluster” on page 105
Install the first node of a network deployment of Lotus Connections.
Installing a network deployment
Installing Lotus Connections on a network deployment provides better
performance and improved availability of features.
A Lotus Connections network deployment consists of the following components:
v WebSphere Application Server nodes
– One node with IBM WebSphere Application Server Network Deployment
Manager (DM) installed.
– One WebSphere Application Server node on which Lotus Connections has
been installed. This node is referred to as the first node in this documentation
and serves as a template for subsequent nodes. This node must not be a
managed node.
– More WebSphere Application Server nodes that can be federated into the DM
cell if required. These nodes are hosts for cluster members. and are referred to
as subsequent nodes in this documentation.
v A system with a database server installed
104
IBM Lotus Lotus Connections 2.5 Installation Guide
v A system with IBM HTTP Server installed
Important considerations
Before creating a cluster, note the following considerations:
v If you are changing to a network deployment from a stand-alone deployment of
Lotus Connections, review the possible configurations of WebSphere Application
Server profiles and server processes. See Planning a product installation.
v You cannot use an existing network deployment if the databases that you used
in the deployment are not robust enough to support a network deployment. You
should upgrade the databases before you run the installation wizard.
v You cannot install Lotus Connections on a managed node.
v Make sure that the clock time on the nodes that you plan to add to a cluster are
set to within one minute of each other.
Related concepts
“Network deployment” on page 11
The network deployment option is the best overall choice for ease of deployment,
maintenance, scalability, and performance for most scenarios. This deployment
scenario can provide component redundancy to support operational high
availability and failover. It also provides a way of scaling Lotus Connections
features to support large system loads and concurrent user populations.
Installing the first node of a cluster
Install the first node of a network deployment of Lotus Connections.
Before you begin
Ensure that you have installed WebSphere Application Server Network
Deployment (Application Server option). The Deployment Manager can exist on
the same system as the first node or on a separate system.
Note: If the Deployment Manager and first node are on the same system, use the
Profiles Management Tool to create an Application Server on the first node. After
creating the Application Server, enable Administrative and Application Security for
that profile.
Before running the installation wizard on the first node, ensure that you have
installed WebSphere Application Server Network Deployment (Application Server
option) on this node and enabled Administrative and Application Security. The
installation wizard fails if Administrative Security is not enabled on the node's
Application Server, while logging into Lotus Connections features can fail if
Application Security is not enabled..
Check the Release notes for late-breaking issues.
Notes:
v The Lotus Connections installation wizard supports the creation of new server
instances.
v The installation wizard automatically detects the name of the node where you
are installing Lotus Connections and updates the corresponding attribute in the
wkplc.properties file.
v (AIX only). If you are downloading the wizard, the TAR program available by
default with AIX does not handle path lengths longer than 100 characters. To
overcome this restriction, use the GNU file archiving program instead. This
Chapter 1. Installing
105
program is an open source package that IBM distributes through the AIX
Toolbox for Linux Applications at the IBM AIX Toolbox Web site. Download and
install the GNU-compatible TAR package. You do not need to install the RPM
Package Manager because it is provided with AIX.
After you have installed the GNU-compatible TAR program, change to the
directory where you downloaded the Lotus Connections TAR file, and enter the
following command to extract the files from it:
gtar -xvf <Lotus_Connections_wizard>_aix.tar
This command creates a directory named after the wizard.
v If you experience a SOAP time-out error during installation, go to this
SocketTimeoutException support page and follow the instructions to resolve the
potential causes of the error. Alternatively, you can disable the time out by
setting the value of the com.ibm.SOAP.requestTimeout parameter in
WebSpheApplicationion Server to 0.
v You can use the native SQL Server JDBC driver in either the app_server_root/lib
directory or the driver from Microsoft. The wizard checks the connection for the
Microsoft JDBC driver only. If you are using the native driver, you need to
manually test the connection after installation. For more information, see the
Testing a database connection topic.
About this task
A network deployment supports load balancing and failover, and is synchronized
by a WebSphere Application Server Deployment Manager.
Run the installation wizard on the system that you plan to use as the first node in
the cluster.
To install Lotus Connections on the first node of a cluster in a network
deployment, complete the following steps:
Procedure
1. Start WebSphere Application Server Network Deployment manager.
2. If the WebSphere Application Server instance on which you plan to install
Lotus Connections is running, stop it.
3. Required: Ensure that the system clocks on the Deployment Manager system
and each clustered node are set to within one minute of each other. If the
system clocks are further than one minute apart, you are likely to experience
synchronization errors.
4. From the Lotus_Connections set-up directory, run the script file to launch the
installation wizard:
v AIX or Linux:
./install.sh
v Windows:
install.bat
5. On the Welcome panel, click Launch Information Center to open the Lotus
Connections Information Center in a browser window. Click Next to continue.
6. Review and accept the license agreement by clicking the I accept both the
IBM and non-IBM terms. Click Next.
106
IBM Lotus Lotus Connections 2.5 Installation Guide
7. On the Response file panel, select one of the options. Save a response file if
you want to run the wizard in silent mode for future installations. Enter a
location for the response file or accept the default location, and then click
Next.
Option
Description
Install Lotus Connections only
Install the product without saving a
response file.
Create response file only
Create a response file but without installing
the product. Select this option if you need to
modify the current response file for use in
another installation.
Note: Always use the installation wizard to
modify the response file. Manual
modifications might cause a new installation
to fail.
Install Lotus Connections and create a
response file
Install the product and save a response file.
8. On the Deployment options panel, select the Network deployment option and
click Next.
9. Select the type of cluster member that you want to create.
Option
Description
Install the first node
Create the first node of a Lotus Connections
cluster
Convert stand-alone deployment to
network deployment
Convert an existing stand-alone installation
of Lotus Connections to become the first
node of a cluster
10. Select the directory where you want to install Lotus Connections: you can
accept the default directory, enter a new directory name, or click Browse to
select an existing directory.
11. Select the features that you want to install and click Next. Select from the
following options:
Option
Description
Activities
Collaborate with colleagues
Blogs
Write personal perspectives about projects
Communities
Discuss projects in the user forums
Dogear
Bookmark important Web sites
Note: In Lotus Connections 2.5, the Dogear feature in the
user interface is renamed as Bookmarks.
Files
Share files among users
Profiles
Find people in the organization
Wikis
Create content for your Web site
12. Select the extended features that you want to install and click Next. You can
select from the following options:
Option
Description
Home page
Access all features from a central point
Chapter 1. Installing
107
Option
Description
Mobile
Access Lotus Connections from mobile devices
Search
Search Lotus Connections data
News repository
Stay informed about updates
Note: The Home page and Mobile features rely on the features that you
selected in the previous step. The Search and News features provide services
to the features that you selected in the previous step.
13. Select the WebSphere Application Server installation that will host Lotus
Connections and click Next. For example:
v AIX:
/usr/IBM/WebSphere/AppServer
v Linux:
/opt/IBM/WebSphere/AppServer
v Windows:
C:\Program Files\IBM\WebSphere\AppServer
After you identify the location of the WebSphere Application Server instance,
the installer checks to make sure that security is enabled on that server.
Note: If the location of the server that you want to use is not displayed, click
Cancel to exit the installation wizard and complete the following steps:
a. Open a command prompt on the system where you installed WebSphere
Application Server.
b. Change to the Lotus_Connections_Install directory on the same system
and enter the following command:
v AIX or Linux:
./install.sh -W inputWasLocation.propertyValue=true
v Windows:
install -W inputWasLocation.propertyValue=true
Note: Use Progra~1 to represent the Program Files directory name; the
installation command does not recognize file path parameters that
contain spaces.
c. Re-start the installation wizard. You are directed to a page where you can
manually specify the location of the WebSphere Application Server. Enter
the location, based on the following format, and click Next:
v AIX:
/usr/IBM/WebSphere/AppServer
v Linux:
/opt/IBM/WebSphere/AppServer
v Windows:
C:\Progra~1\IBM\WebSphere\AppServer
14. Enter values for the WebSphere Application Server profile and server instance:
a. Select a WebSphere Application Server profile.
b. Select an existing server instance from the Server instance list or create a
server instance by selecting Create new server (a new panel appears
where you can enter the name of the new server instance).
108
IBM Lotus Lotus Connections 2.5 Installation Guide
c. Click Next.
15. Enter the properties of the WebSphere Application Server Deployment
Manager (DM) and then click Next:
Host name
Name or IP address of the host DM server
SOAP port
The SOAP port number
Administrative ID
The Administrative ID of the DM
Password
The password for the Administrative ID of the DM
Note: The installation wizard checks the size of the Java Virtual Machine
(JVM) heap on the Deployment Manager and displays a warning if it is less
than 512 MB. If the heap size is less than 512 MB, you are likely to encounter
an out-of-memory error. To increase the heap size, go to this Troubleshooting
Web page and follow the instructions for your platform.
After you have increased the heap size of the JVM, stop and restart the
Deployment Manager. When that is complete, click OK to continue the
installation.
16. Enter the names of the clusters that you want to create: for each installed
feature, select a server instance name; for each selected server instance, enter
a cluster name. Each server instance is added as the first member of its
cluster. For improved performance and administration, add each server
instance to its own cluster.
17. Enter the User ID and Password of the default administrative user for Lotus
Connections. You must have already created this user ID in your LDAP
directory or in WebSphere Identity Manager. The ID is mapped to an
authentication alias called connectionsAdmin. The installed features use this
authentication alias for internal administrative roles, including the
search-admin, dsx-admin, and widget-admin roles.
Notes:
v If you plan to use a third-party Single Sign-On solution such as Tivoli
Access Manager or SiteMinder, this user ID must exist in your LDAP
directory.
v If you want to change the connectionsAdmin alias to use a different user
ID, follow the relevant procedures in the Managing stored credentials topic.
You also need to update the SIBus references to the user ID. For more
information, see the Updating the messaging bus configuration when the
connectionsAdmin user ID changes topic.
18. Enter the host name of the WebSphere Application Server installation and
click Next. The wizard retrieves HTTP port values for WebSphere Application
Server.
Note: Use the fully-qualified DNS name or short DNS name for the host
server. Do not use the IP address of the host.
19. Select a database type from one of the following options:
v DB2 Universal Database
v Oracle Enterprise Edition
Chapter 1. Installing
109
v SQL Server 2005 Enterprise Edition
20. Specify whether the databases for the features are located on the same server:
Select Yes or No and then click Next. The substeps that follow provide
detailed information about each of these options.
Note: The installation wizard tests your database connection with the
database values that you supplied. You can change the database configuration
later in the WebSphere Application Server Integrated Solutions Console.
Option
Description
Yes, the database same
server.
To enter the database information, complete the following
substeps:
1. Enter the fully-qualified domain name of the database
server. For example:
appserver.enterprise.example.com.
2. Enter the port number of the database service. The
default values are: 50000 for DB2, 1521 for Oracle, and
1433 for SQL Server.
3. Enter the location of the JDBC driver library. For
example:
v AIX:
/usr/ibm/WebSphere/AppServer/lib
v Linux:
/opt/ibm/WebSphere/AppServer/lib
v Windows:
C:\IBM\WebSphere\Appserver\lib
Ensure that the following JDBC driver libraries are
present in the JDBC directory:
DB2
db2jcc.jar and db2jcc_license_cu.jar
Oracle
ojdbc14.jar
SQL Server
Download the SQL Server 2005 JDBC 1.2 driver
from the Microsoft Web site to the WebSphere
Application Server lib directory and enter that
directory name in the JDBC driver library
field.
4. Click Next.
5. For each feature, enter the Application user password.
You specified this password when you created the
databases for the features.
110
IBM Lotus Lotus Connections 2.5 Installation Guide
Option
Description
No, different database
servers
Enter the following database information:
1. Enter the path to the JDBC driver library.
2. For each feature, enter the following information:
a. Enter the Host name of the database server. For
example: appserver.enterprise.example.com.
b. Enter the Port number of the database server. The
default values are: 50000 for DB2, 1521 for Oracle,
and 1433 for SQL Server.
c. Enter the database name.
d. Enter the Application user ID of the account to use
toconnect to the database.
e. Enter the Application user password. You specified
this password when you created the databases for
the features.
Note: If your database type is Oracle, you must connect to the database with
the user ID that you used when you created the feature databases.
21. Set up data directories for the features, using one of the following methods:
v Specify a data directory for Lotus Connections. If you are using a Windows
shared-file system, specify the file location using the Universal Naming
Convention (UNC) format. For example: \\server_name\share_name. The
wizard creates a parent directory with sub-directories for each feature.
v Specify a data directory for each feature.
Note: The data directories usually reside in a shared repository that grants
read-write access to all the nodes. Use one of the following methods to create
a shared data directory:
v Network-based file shares (for example: NFS, SMB/Samba, and so on)
v Storage area network drives (SAN)
22. Optional: (This step is required only if you selected the option to specify a
data directory for each feature.) For each feature that you are installing, enter
the required directory information.
Note: Some of the data directories in this table must be specified as local
directories so that they can be accessed by only one application server.
Table 22. Data directories for features
Feature
Directory (samples only)
Description
Activities
statistics files
v AIX or Linux:
Statistics files that store
statistics generated by
Activities. The file format is
CSV.
Note: This directory must be
a local directory, not a shared
directory.
– /usr/IBM/LotusConnections/Data/
activities/statistic
v Windows:
– \Program Files\LotusConnections\
Data\activities\statistic
Chapter 1. Installing
111
Table 22. Data directories for features (continued)
Feature
Directory (samples only)
Description
Activities
content files
v AIX or Linux:
Content directory to store files
uploaded to Activities by
users. This directory is
additional storage space
outside the database and
stores files such as images.
– /mnt/IBM/LotusConnections/Data/
activities/content
v Windows:
– \\<server_name>\<share_name>\
LotusConnections\Data\activities\
content
Blogs upload
files
v AIX or Linux:
– /mnt/IBM/LotusConnections/Data/
blogs/upload
v Windows:
– \\<server_name>\<share_name>\
LotusConnections\Data\blogs\
upload
File upload directory for
adding files such as images to
Blogs.
These files can become very
large. Ensure that the
directory has enough disk
space
Communities
statistics files
(See Note)
Statistics files for
Communities.
Note: The Communities
statistics directories are not
used in release 2.5. Accept the
default location provided by
the installation wizard and
click Next.
Communities
discussion
forum content
v AIX or Linux:
Content store for the
discussion forums, storing
additional content such as
images and presentations
– /mnt/IBM/LotusConnections/Data/
communties/content
v Windows:
– \\<server_name>\<share_name>\
LotusConnections\Data\communties\
content
Dogear favicon v AIX or Linux:
files
– /mnt/IBM/LotusConnections/Data/
dogear/favorite
v Windows:
Favicon files directory, used
for the favicons (favorite icons)
that are generated by Dogear
users
– \\<server_name>\<share_name>\
LotusConnections\Data\dogear\
favorite
Files
v AIX or Linux:
– /mnt/IBM/LotusConnections/Data/
files/contentstore
v Windows:
– \\<server_name>\<share_name>\
LotusConnections\Data\files\
contentstore
112
IBM Lotus Lotus Connections 2.5 Installation Guide
Files content
Table 22. Data directories for features (continued)
Feature
Directory (samples only)
Description
Profiles
statistics files
v AIX or Linux:
Statistics files, used for storing
statistics generated by Profiles.
The file format is CSV.
Note: This directory must be
a local directory, not a shared
directory.
– /usr/IBM/LotusConnections/Data/
profiles/statistic
v Windows:
– \Program Files\LotusConnections\
Data\profiles\statistic
Profiles cache
v AIX or Linux:
– /usr/IBM/LotusConnections/Data/
profiles/cache
v Windows:
Cached files.
Note: This directory must be
a local directory, not a shared
directory.
– \Program Files\LotusConnections\
Data\profiles\cache
Search
dictionary
Search dictionary files
v AIX or Linux:
– /mnt/IBM/LotusConnections/Data/
search/dictionary
v Windows:
– \\<server_name>\<share_name>
\LotusConnections\Data\search\
dictionary
Search index
Search index files
v AIX or Linux:
– /mnt/IBM/LotusConnections/Data/
search/index
v Windows:
– \\<server_name>\<share_name>\
LotusConnections\Data\search\
index
Wikis
Wikis content
v AIX or Linux:
– /mnt/IBM/LotusConnections/Data/
wikis/contentstore
v Windows:
– \\<server_name>\<share_name>\
LotusConnections\Data\wikis\
contentstore
23. Decide whether you want to enable e-mail notification. If you click No, the
installer skips the next step, and you can configure notification later.
24. Optional: If you decided to enable e-mail notification, you can select one of
the following notification options:
Option
Description
WebSphere Java mail session
Use a single mail server for all notifications.
Choose this option if you can access an
SMTP server directly using the host name.
DNS MX records
Use a Domain Name System (DNS) server to
find an available SMTP messaging server.
Choose this option if you need to use a DNS
server to access the SMTP server.
Chapter 1. Installing
113
Note: The choice you make in this step determines which of the following
two steps you need to complete.
25. Optional: If you selected the Java notification option, specify the properties of
the SMTP server and then click Next:
Fill out the following fields to identify the mail server to use for sending
e-mail:
v Host name of the SMTP messaging server. Enter the host name or IP
address of the preferred SMTP mail server if you have a specific SMTP
messaging server.
v Fill out the following fields, if required, to identify the mail server to use
for sending e-mail:
– User ID and Password – Enter these values if the SMTP server requires
authentication.
– Enable SSL – Enable SSL if you wish to encrypt outgoing mail to the
SMTP server."
– Port – Accept the default port of 25, or enter port 465 if you are using
SSL.
26. Optional: If you selected DNS MX records as the notification solution, enter
the following information and then click Next:
v Messaging domain name. Enter the name or IP address of the messaging
domain.
v DNS server for the messaging servers. Enter the host name or IP address of
the DNS server.
v DNS port that is used for sending queries over the messaging server.
v User ID. If SMTP authentication is required, enter the administrator user ID
for the SMTP server.
v Password. If SMTP authentication is required, enter the password for the
administrator user of the SMTP server.
v Encrypt outgoing mail traffic to the SMTP messaging server using SSL.
Select the check box if you want to use the Secure Sockets Layer (SSL)
when connecting to the SMTP server.
v Port. Specify the port number to use for the SMTP server connection. The
default port number for the SMTP protocol is 25. The default port number
for SMTP over SSL is 465.
27. (Only required if you installed the Profiles feature.) Select a directory to use
when searching for users. You can choose the Profiles database or your LDAP
directory.
Note: If you select the Profiles database, ensure that you have followed the
steps in the Populating the Profiles database topic. By selecting this option, you
are also enabling the Profiles directory service extension. This service
extension allows other Lotus Connections features to access Profiles data. For
more information, please see the Common directory services topic.
28. Review the information that you have entered. To revise your selections, click
Back. To finalize the installation, click Next.
29. Review the result of the installation. Click Finish to exit the installation
wizard
114
IBM Lotus Lotus Connections 2.5 Installation Guide
Results
The installation wizard has installed Lotus Connections on the first node of a
cluster in a network deployment.
Note: You can always identify the first node because its lotus_connections_root
directory contains a version directory. Subsequent nodes do not have a version
directory under the lotus_connections_root directory.
The lcinstalllog.txt log file that is stored in a temporary directory is overwritten by
subsequent installations. If you plan to install additional features on the same
system and want to be able to refer to the log file generated by the installer,
change the file name or copy the lcinstalllog.txt file from the following directory:
v AIX or Linux:
/tmp/lcinstalllog.txt
v Windows:
C:\Documents and Settings\<user_name>\Local Settings\temp\1\
lcinstalllog.txt
into this directory:
v AIX:
/usr/IBM/WebSphere/LotusConnections/lcinstalllog.txt
v Linux:
/opt/IBM/WebSphere/LotusConnections/lcinstalllog.txt
v Windows:
C:\Program Files\IBM\WebSphere\LotusConnections\lcinstalllog.txt
Note: These examples assume that you installed Lotus Connections in the default
directories. If you selected different installation directories, change the file paths
accordingly.
What to do next
Accessing network shares
If you installed WebSphere Application Server on Microsoft Windows and
configured it to run as a service, change the Log On attribute of the service to
ensure that you can access network shares. For more information, see the Accessing
network shares topic.
If you are using the bundled SQL Server driver, test the database connection. For
more information, see the Testing the SQL Server database connection topic.
Chapter 1. Installing
115
Related tasks
“Defining IBM HTTP Server for a node” on page 140
Define IBM HTTP Server to manage Web connections for a node.
Installing the first node
Manually install Lotus Connections on the first node of a cluster.
Installing a subsequent node
If you prefer not to use the cluster installation wizard, you can manually install
Lotus Connections on the subsequent nodes of a cluster.
“Installing a stand-alone deployment” on page 95
Install a stand-alone deployment of Lotus Connections on WebSphere Application
Server.
“Testing a database connection” on page 171
After installing Lotus Connections, test each feature's connection to the database to
ensure that is working correctly.
“Configuring shared message stores for buses” on page 156
Configure shared message stores for buses to make the message store available to
all nodes in a cluster.
“Installing IBM WebSphere Application Server” on page 36
Install WebSphere Application Server Network Deployment.
Related reference
“The InstallResponse.txt file” on page 126
Perform silent installations by using a response file.
Adding subsequent nodes to a cluster
Add more nodes to an existing cluster.
Before you begin
v You must already have a cluster with at least one member. For more
information, see the Installing the first node of a cluster topic.
v Ensure that you have installed WebSphere Application Server Network
Deployment (Application Server option) on each subsequent node. Do not
enable Administrative or Application Security on the subsequent nodes. The
Deployment Manager will configure security on these nodes.
v Ensure that the shared folders that are used for the content stores in the first
node are accessible from each subsequent node: from a subsequent node, try to
access the shared directories. For file paths to the shared directories, see the Data
directories for features table in the Installing the first node of a cluster topic. Also,
follow the steps in the Configuring shared message stores for buses topic to ensure
the message stores are available to all nodes.
About this task
Perform this task on each node that you want to add to the cluster.
Notes:
v You do not need to create server instances on the subsequent nodes in a cluster.
The Deployment Manager (DM) will create new server instances as required.
v Each subsequent node must be an unmanaged node before you start this task.
Completing the task transforms the node into a managed, or federated, node.
v Perform this task for each node that you want to add to the cluster.
To add a node to a cluster, complete the following steps:
116
IBM Lotus Lotus Connections 2.5 Installation Guide
Procedure
1. Add a subsequent node to the DM cell:
a. Start WebSphere Application Server Deployment Manager on the first node.
b. Log into the subsequent node; that is, the node that you want to add to the
cluster.
c. Open a command prompt and change to the bin directory of the local
WebSphere Application Server profile:
app_server_root/profiles/<profile_name>/bin
where <profile_name> is the name of the applicable WebSphere Application
Server profile on this node.
d. Run the addNode command to add this node to the DM cell: .
addnode [dmgr_host] [dmgr_port] [-username uid] [-password pwd]
[-localusername localuid] [-localpassword localpwd]
where dmgr_host is the host name of the Deployment Manager, dmgr_port is
the SOAP port of the deployment manager (the default is 8879), uid and
pwd are the DM administrator username and password, and localuid and
localpwd are the username and password for the node's WebSphere
Application Server administrator.
e. Open the addNode.log file and confirm that the node was successfully
added to the DM cell. The file is stored in the following location:
app_server_root/profiles/<profile_name>/log/addNode.log
2. Copy the relevant JDBC files from the first node in the cluster to the
subsequent node, placing them in the same location as the JDBC files on the
first node. If, for example, you copied the db2jcc.jar file from the
C:\IBM\SQLLIB directory on the first node, you need to copy the same file to the
C:\IBM\SQLLIB directory in each of the subsequent nodes in the same cluster.
The files to copy, depending on your database type, are:
Option
Description
DB2
db2jcc.jar
db2jcc_license_cu.jar sql
Oracle
ojdbc14.jar
SQL Server
sqljdbc.jar
3. Copy the Stellent binary to the subsequent node:
a. Copy the lotus_connections_root/search/search/search/dcs directory from
the first node to the subsequent node. Ensure that the file paths to the dcs
directory on the first node and subsequent node are identical.
b. (AIX and Linux only.) Add the following text to the end of the
/etc/profile file on the subsequent node:
export PATH=$PATH:<SearchInstallHome>/dcs/oiexport
where <SearchInstallHome> is the full, absolute path to the directory where
the Search feature is installed. For example: lotus_connections_root/search/
search/search.
c. (AIX only.) Add the following text to the end of the /etc/profile file on the
subsequent node:
export LIBPATH =$LIBPATH:<SearchInstallHome>/dcs/oiexport
d. (Linux only.) Add the following text to the end of the /etc/profile file on
the subsequent node:
Chapter 1. Installing
117
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:<SearchInstallHome>/dcs/
oiexport
4. Add additional members to an existing Lotus Connections cluster:
a. Login to the Deployment Manager Administrative Console.
b. Click Servers>Clusters>cluster_name>Cluster members>New. Specify the
following information about the new cluster member:
Member name
The name of the server instance that is created for the cluster. The
DM will create a new server instance with this name
Note: Each member name in the same cluster must be unique. The
admin console will prevent you from re-using the same member
name in a cluster.
Select node
The node where the server instance resides.
Click Add Member to add this member to the cluster member list.
c. Click Next to go to the summary page where you can examine detailed
information about this cluster member. Click Finish to complete this step or
click Previous to modify the settings.
d. Click Save to save the configuration.
e. Click Server>Servers>Clusters>cluster_name>Cluster members. In the
member list, click the new member that you added in the previous step.
f. On the detailed configuration page, click Port to expand the port
information of the member. Make a note of the WC_defaulthost and
WC_defaulthost_secure port numbers. For example, the WC_defaulthost port
number is typically 9084, while the WC_defaulthost_secure port number is
typically 9447.
g. Click Environment>Virtual Hosts>default_host>Host Aliases>New. Enter
the following information for the host alias for the WC_defaulthost port:
Host name
The IP address or DNS host name of the node where the new
member resides.
Port: The port number for WC_defaulthost. For example, 9084.
Click OK to complete the virtual host configuration.
h. Click Save to save the configuration.
i. Repeat the previous two sub-steps to add the host alias for the
WC_defaulthost_secure port.
j. Click System administration>Nodes,
k. In the node list page, select all the nodes where the target cluster members
reside, and then click Synchronize to perform a synchronization between
the nodes.
What to do next
Configure IBM HTTP Server to connect to this node. For more information, see the
Configuring IBM HTTP Server and Defining IBM HTTP Server for a node topics.
Repeat this task for each subsequent node that you want to add to a cluster.
118
IBM Lotus Lotus Connections 2.5 Installation Guide
Configure a shared message store for the cluster. For more information, see the
Configuring shared message stores for buses topic.
If you experience interoperability failure, you might be running two servers on the
same host with the same name. This problem can cause the Search and News
features to fail. For more information, go to the NameNotFoundException from
JNDI lookup operation Web page.
Related concepts
“Configuring IBM HTTP Server” on page 139
Configure IBM HTTP Server to manage Web requests to Lotus Connections.
Related tasks
“Defining IBM HTTP Server for a node” on page 140
Define IBM HTTP Server to manage Web connections for a node.
“Converting a stand-alone deployment”
Convert a stand-alone deployment of Lotus Connections to a node in a network
deployment.
“Configuring shared message stores for buses” on page 156
Configure shared message stores for buses to make the message store available to
all nodes in a cluster.
“Installing IBM WebSphere Application Server” on page 36
Install WebSphere Application Server Network Deployment.
Converting a stand-alone deployment
Convert a stand-alone deployment of Lotus Connections to a node in a network
deployment.
Before you begin
Ensure that there are no existing nodes in the Deployment Manager (DM) cell. The
converted node will become the first Lotus Connections node in the DM cell.
Before running the wizard, ensure that you have installed all the prerequisite
software, including WebSphere Application Server ND, and completed the
preinstallation tasks.
Check the online release notes for late-breaking issues or limitations.
Notes:
v The Lotus Connections installation wizard supports the creation of new server
instances.
v You can use the Microsoft SQL Server JDBC driver in both the
app_server_root/lib directory and the driver downloaded from Microsoft, but the
wizard checks the connection for the Microsoft JDBC driver only. If you are
using the bundled driver, you need to manually test the connection after
installation.
About this task
A clustered deployment supports load balancing and failover, and is synchronized
by WebSphere Application Server Deployment Manager.
To convert a stand-alone deployment of Lotus Connections, complete the following
steps:
Chapter 1. Installing
119
Procedure
1. Start WebSphere Application Server Network Deployment manager.
2. Stop the WebSphere Application Server instance on which you want to install
the converted deployment of Lotus Connections.
3. From the Lotus_Connections_Install directory on the installation media, run
the following file to launch the installation wizard:
v AIX or Linux:
./install.sh
Note: If the script does not run, you might need to enable its Executable
attribute by running the chmod command first. The Executable attribute of
a script can become disabled after the script is copied from a read-only
medium such as DVD.
v Microsoft Windows:
install.bat
4. On the Welcome panel, click Launch Information Center to open the Lotus
Connections Information Center in a browser. Click Next to continue.
5. Review and accept the license agreement by clicking the I accept both the
IBM and non-IBM terms. Click Next.
6. On the Response file page, select one of the options to save a response file if
you want to run the wizard in silent mode for future installations.
Option
Description
Install Lotus Connections only
Install the product without saving a
response file.
Create response file only
Create a new response file but without
installing the product. Select this option if
you need to modify the current response file
for use in another installation.
Note: You should always use the installation
wizard to modify the response file. Manual
modifications might cause a new installation
to fail.
Install Lotus Connections and create a
response file
Install the product and save a response file.
Enter a location for the response file or accept the default location. Click Next.
7. On the Deployment options panel, select the Network deployment option and
click Next.
8. Select the type of cluster member that you want to create.
Option
Description
Install the first node
Create the first node of a Lotus Connections
cluster
Convert stand-alone deployment to
network deployment
Convert an existing stand-alone installation
of Lotus Connections to become the first
node of a cluster
9. Select the directory where you have previously installed Lotus Connections
features.
10. Enter the properties of the WebSphere Application Server Deployment
Manager (DM) and click Next:
120
IBM Lotus Lotus Connections 2.5 Installation Guide
Option
Description
Host name
Type the name or IP address of the host DM
server
SOAP port
Type the SOAP port number
Administrative ID
Type the Administrative ID of the DM
Password
Type the password for the Administrative ID
of the DM
11. For each server instance where Lotus Connections features are installed, enter
a cluster name.
12. Review the information that you have entered. To make changes, click Back.
To finalize the installation, click Next.
13. Review the result of the installation. Click Finish to exit the installation
wizard
Results
The installation wizard has converted an existing stand-alone deployment of Lotus
Connections to a clustered deployment.
The lcinstalllog.txt log file that is stored in a temporary directory will be
overwritten by subsequent installations. If you plan to install additional features on
the same system and want to be able to refer to the log file generated by the
installer, change the file name or copy the lcinstalllog.txt file from the following
directory:
v AIX or Linux:
/tmp/lcinstalllog.txt
v Windows:
C:\Documents and Settings\<user_name>\ Local Settings\temp\1\
lcinstalllog.txt
into this directory:
Note: These examples assume that you installed Lotus Connections in the default
directories. If you selected different installation directories, change the file paths
accordingly.
v AIX:
/usr/IBM/WebSphere/LotusConnections/ lcinstalllog.txt
v Linux:
/opt/IBM/WebSphere/LotusConnections/ lcinstalllog.txt
v Windows:
C:\Program Files\IBM\WebSphere\LotusConnections\lcinstalllog.txt
What to do next
Add more nodes to the cluster, if required. For more information, see the Adding
subsequent nodes to a cluster topic.
Update the node's WebSphere Variables to point to network share directories
instead of local directories. For more information, see the Converting data directories
manually topic.
Chapter 1. Installing
121
Related tasks
“Converting data directories manually”
If the paths to your Lotus Connections data directories use local directories instead
of network shares, convert the paths by updating the WebSphere Variables
environment variables on your system.
“Adding subsequent nodes to a cluster” on page 116
Add more nodes to an existing cluster.
Converting data directories manually
If the paths to your Lotus Connections data directories use local directories instead
of network shares, convert the paths by updating the WebSphere Variables
environment variables on your system.
Before you begin
If you have installed the first node of a cluster, or converted a stand-alone
deployment, but have not specified network shares, then you need to convert the
WebSphere Variables for Lotus Connections data directories to point to network
shares instead of to local directories.
About this task
In a network deployment, the system paths to the Lotus Connections data
directories must point to network shares, using the NFS Version 4 protocol for AIX
or Linux, and the UNC naming convention for Microsoft Windows.
To convert the WebSphere Variables environment variables on your system to point
to network share directories, complete the following steps:
Procedure
1. Log into the Deployment Manager Administration Console.
2. Click Environment → WebSphere Variables. The default view shows all
variables.
3. In the WebSphere Variables page, update the environment variables in the
following table:
Table 23. WebSphere Application Server environment variables for network shares
Feature
Description
Variable name
Activities
Content store
ACTIVITIES_CONTENT_DIR
Blogs
File uploads
BLOGS_CONTENT_DIR
Dogear
Favorite Icons for
bookmarks
DOGEAR_FAVICON_DIR
Files
Content store
FILES_CONTENT_DIR
Search
Index
SEARCH_INDEX_DIR
Dictionary
SEARCH_DICTIONARY_DIR
Temporary Files
download location
FILE_CONTENT_CONVERSION
Content store
WIKIS_CONTENT_DIR
Wikis
Notes:
v Change the WebSphere Variables for every server in the cluster.
122
IBM Lotus Lotus Connections 2.5 Installation Guide
v The file paths to network share directories must use the NFSv4 format for
AIX or Linux, and the UNC format for Windows.
v The installation wizard automatically configures the
<feature>_JDBC_DRIVER_HOME and the <feature>_HOME directories.
4. Stop and restart all Lotus Connections clusters.
Related tasks
“Converting a stand-alone deployment” on page 119
Convert a stand-alone deployment of Lotus Connections to a node in a network
deployment.
“Configuring shared message stores for buses” on page 156
Configure shared message stores for buses to make the message store available to
all nodes in a cluster.
Running the installation wizard from a console
Run the IBM Lotus Connections installation wizard from a non-graphical console
interface.
About this task
A console interface presents the same content as a graphical wizard, except in text
form. Indicate your selections by entering a number corresponding to your choice
and pressing Enter.
Procedure
v To launch the installation program from the console interface, complete the
following steps:
– AIX or Linux:
1. If you are installing the product from DVD, copy the contents of the disk
to your hard disk drive. This step helps avoid a situation where the disk
becomes unmountable.
2. From a command prompt, change to the Lotus_Connections_Install
directory.
3. Enter the following command:
./install.sh -console
– Microsoft Windows:
1. From a command prompt, change to the Lotus_Connections_Install
directory on the installation media.
2. Enter the following command:
install.bat -console
v To launch the uninstallation program from the console interface, complete the
following steps:
– AIX or Linux:
1. From a command prompt, change to the lotus_connections_root/uninstall
directory.
2. Enter the following command:
./uninstall.sh -console
– Windows:
1. From a command prompt, change to the lotus_connections_root/uninstall
directory.
2. Enter the following command:
Chapter 1. Installing
123
uninstall.bat -console
Example
This sample shows the console interface process of selecting a language to use for
the installation:
D:>install -console
Licensed Materials - Property of IBM
IBM Lotus Connections 2.5
(C) Copyright IBM Corp. 2009 All Rights Reserved.
-----------------------------------------------------------------------Select a language to be used for this wizard.
[ ]
[ ]
[ ]
[ ]
[ ]
[ ]
[ ]
[X]
[ ]
[ ]
1
2
3
4
5
6
7
8
9
10
-
German
Italian
Japanese
Korean
French
Simplified Chinese
Traditional Chinese
English
Portuguese (Brazil)
Spanish
To select an item enter its number, or 0 when you are finished: [0]
Related reference
“Accessibility features for installing Lotus Connections” on page 2
Learn about the accessibility features for installing IBM Lotus Connections.
Installing in silent mode
Use a silent installation to perform an identical installation on multiple systems.
Before you begin
A silent installation uses a response file to automate installation. You must create a
response file during a standard installation before you can use the file to perform a
silent installation. By default, the location of the file is:
v AIX or Linux: /tmp/InstallResponse.txt
v Microsoft Windows: C:\DOCUME~1\db2admin\LOCALS~1\Temp\1\
InstallResponse.txt
About this task
To perform a silent installation, complete the following steps:
Procedure
1. Run the installation wizard in interactive mode and select the option to create a
response file. If you plan to silently install a subset of features, provide a
feature-specific name for the response file, such as
blogs_communities_homepage_response-file.txt.
2. Using a text editor, open the response file that the installer created. Change the
value of the <response_option> parameter to one of the options in the table:
-W responseFilePanel.enableResponseFile="<response_option>"
124
IBM Lotus Lotus Connections 2.5 Installation Guide
Option
Description
ResponseFileOnly
Creates a new response file.
InstallOnly
Installs Lotus Connections (this value is
automatically added by the installer).
ResponseFileAndInstall
Installs Lotus Connections and creates a new
response file.
3. Edit any other values, if required. For example, the silent installation might use
a different server or a different user name. If the values of the
password-encoding attribute are different for the silent installation, you can
add a new password by changing the attribute's value to true and then typing
the new password:
-W passwordHandler.encodePassword=false
You can specify new password values as follows:
install -options "c:\InstallResponse.txt" -silent
-W <passwordattributename1>=<password1>
-W <passwordattributename2>=<password2>
See the following table for a list of password parameters for each feature.
4. Open a command prompt and change to the directory in which the installer is
located.
5. To launch the silent installer, enter the following command:
v AIX / Linux:
./install.sh -options <response_file> -silent
Note: If the script does not run, you might need to enable its Executable
attribute by running the chmod command first. The Executable attribute of a
script can become disabled after the script is copied from a read-only
medium such as DVD.
v Windows:
install.bat -options <response_file> -silent
where <response_file> is the file path location of the response file. If you saved
the response file to a different file path than the default, or renamed it, ensure
that you specify the correct response path and file.
a. Optional: If you are specifying a different database password, add any of
the following parameters (before the -silent parameter):
Table 24. Password parameters
Feature
Password attribute name
Activities
-W jdbcDatasourcePanel_activities.appUserPassword
Field
Blogs
-W jdbcDatasourcePanel_blogs.appUserPasswordField
Communities
-W jdbcDatasourcePanel_communities.appUserPassword
Field
Dogear
-W jdbcDatasourcePanel_dogear.appUserPasswordField
Files
-W jdbcDatasourcePanel_files.appUserPasswordField
Home page
-W jdbcDatasourcePanel_homepage.appUserPasswordField
News
-W jdbcDatasourcePanel_news.appUserPasswordField
Profiles
-W jdbcDatasourcePanel_profiles.appUserPasswordField
Chapter 1. Installing
125
Table 24. Password parameters (continued)
Feature
Password attribute name
Search
-W jdbcDatasourcePanel_search.appUserPasswordField
Wikis
-W jdbcDatasourcePanel_wikis.appUserPasswordField
Note: The Mobile feature does not need a data source.
b. Optional: If you plan to use an SMTP server to handle notifications, add
one of the following parameters (before the -silent parameter):
Table 25. SMTP parameters
Mail type
SMTP parameter
Java mail session
-W
notificationConfigJavaMailSession.smtp
PasswordField
DNS MX records
-W notificationConfigLegacy.smtpPassword
Field
6. After the installation is complete, see the Configuring Blogs topic. For more
information about customizing the features, see the Administering Lotus
Connections section of the Lotus Connections information center.
Related concepts
“Installing Lotus Connections” on page 94
Select the Lotus Connections features that you plan to use and install them in a
stand-alone or clustered deployment.
Related tasks
“Configuring Blogs” on page 153
Configure the Blogs feature so that you and other users can create blogs.
The InstallResponse.txt file
Perform silent installations by using a response file.
When you install a Lotus Connections feature, you can record your selections in a
response file. After the initial installation, you can perform similar installations by
starting the installer from the command line and passing the response file in as an
argument.
During the installation, the path and name of the default file are displayed:
v AIX / Linux:
/tmp/InstallResponse.txt
v Microsoft Windows:
C:\DOCUME~1\<user>\LOCALS~1\Temp~1\InstallResponse.txt
If you do not change the file name, several common properties are overwritten if
you install a subsequent feature to the same machine. The Installing in silent mode
topic explains how to edit the default name of the response file.
Whether or not you rename it, the response file collects a specific set of values.
Examples of those values are described in the following tables.
Note: Spaces and line breaks have been added to some entries in the Response
columns to improve readability.
126
IBM Lotus Lotus Connections 2.5 Installation Guide
Table 26. InstallResponse.txt file common properties
Response
Description
-G licenseAccepted=true
Identifies whether you accept the license agreement. Options are
true or false.
-W responseFilePanel.enableResponseFile
="InstallOnly"
Identifies whether to collect and store the selections you make while
using the installer. The available options are ResponseFileAndInstall,
InstallOnly, and ResponseFileOnly.
-W responseFilePanel.responseFileLocation
="C:\InstallResponse.txt"
Location in which to store the response file.
-W passwordHandler.encodePassword ="true" Identifies whether to enable password encryption. Options are true
or false.
-W deploymentTopology.selection ="network" Identifies the topology of installation. Options are Stand-alone,
Network, and Advanced stand-alone.
-W ndOptionsPanel.ndoptions ="primary"
Identifies the install type of current node. Options are primary and
convert.
-P installLocation ="/usr/IBM/WebSphere/
LotusConnections"
The installation location of Lotus Connections. Specify a valid
directory where the product should be installed. If the directory
contains spaces, enclose it in double-quotes. For example, to install
the product to C:\Program Files\Lotus Connections, use -P
installLocation="C:\Program Files\Lotus Connections"
-W featureSelectionPanel.features
="activities,blogs,communities,dogear,files,
profiles,wikis"
Identifies features of Lotus connections to be installed.
-W extensionFeatureSelectionPanel.consumer
Features="homepage,mobile"
Identifies the consumer features of Lotus connections to be installed.
-W
extensionFeatureSelectionPanel.infraFeatures
="news,search"
Identifies the infrastructure features of Lotus connections to be
installed.
-W wasSelection.wasselected
="/usr/IBM/WebSphere/AppServer"
Identifies the location of the WebSphere Application Server instance
on which to install Lotus Connections.
-W hostname.name
="appserver.enterprise.example.com"
Host name of the WebSphere Application Server.
-W dbTypePanel.dbType="db2"
Specifies which database product you want to use. Options are DB2,
oracle, or sqlserver.
-W dbOnSameServerOrNot.sameserver="yes"
Whether all the features are using the same database server.
-W jdbcProviderPanel.jdbcHostField
="database.enterprise.example.com"
Host name of the database server.
-W jdbcProviderPanel.jdbcPortField="50000"
The port number for the database connection. By default, the port
number for a DB2 database is 50000, the port number for an Oracle
database is 1521, and the port number for SQL Server is 1433.
Chapter 1. Installing
127
Table 26. InstallResponse.txt file common properties (continued)
Response
Description
-W "/opt/IBM/db2/v9.0/SQLLIB/java"
Fully-qualified file path to the directory in which the JAR files that
are used for the database JDBC connection are stored.
DB2: Specify one of the following JAR files to support the DB2 JDBC
driver: db2jcc.jar – the DB2 universal driver file.
db2jcc_license_cu.jar – this license file permits a connection to the
Cloudscape server and all DB2 databases for AIX, Linux and
Windows servers. Note: Lotus Connections does not support
Cloudscape, DB2 for z/OS®, nor DB2 Universal Database for
iSeries®.
Oracle: The JAR file that supports the Oracle JDBC driver is
ojdbc14.jar.
SQL Server: The JAR file that supports the SQL Server JDBC driver
is sqljdbc.jar. Download the SQL Server 2005 JDBC 1.2 driver from
the Microsoft Web site and follow the instructions to extract the
driver files.
-W jdbcDatasourcePanel_activities.jdbc
DatabaseField="$J(activities.dbname.default)"
Activities database name.
-W
jdbcDatasourcePanel_activities.appUserField
="$J(activities.dbuser.default)"
Activities database user ID.
-W jdbcDatasourcePanel_activities.app
UserPasswordField="Lz4sLChvLTs="
Password associated with the Activities database user ID. This value
is base64 encoded to encrypt the real password when it is stored in
this file. Note: You can edit the appUserPassword field only when
the "passwordHandler.encodePassword" field is set to false.
-W
Blogs database name.
jdbcDatasourcePanel_blogs.jdbcDatabaseField
="$J(blogs.dbname.default)"
-W jdbcDatasourcePanel_blogs.appUserField
="$J(blogs.dbuser.default)"
Blogs database user ID.
-W jdbcDatasourcePanel_blogs.appUser
PasswordField="Lz4sLChvLTs="
Password associated with the Blogs database user ID. This value is
base64 encoded to encrypt the real password when it is stored in
this file. Do not edit this value.
-W jdbcDatasourcePanel_communities.jdbc
DatabaseField="$J(communities.
dbname.default)"
Communities database name.
-W jdbcDatasourcePanel_communities.app
UserField="$J(communities.dbuser.default)"
Communities database user ID.
-W jdbcDatasourcePanel_communities.app
UserPasswordField="Lz4sLChvLTs="
Password associated with the Communities database user ID. This
value is base64 encoded to encrypt the real password when it is
stored in this file. Do not edit this value.
-W jdbcDatasourcePanel_dogear.jdbcDatabase Dogear database name.
Field="$J(dogear.dbname.default)"
-W jdbcDatasourcePanel_dogear.appUserField Dogear database user ID.
="$J(dogear.dbuser.default)"
-W jdbcDatasourcePanel_dogear.appUser
PasswordField="Lz4sLChvLTs="
128
Password associated with the Dogear database user ID. This value is
base64 encoded to encrypt the real password when it is stored in
this file. Do not edit this value.
IBM Lotus Lotus Connections 2.5 Installation Guide
Table 26. InstallResponse.txt file common properties (continued)
Response
Description
-W
jdbcDatasourcePanel_profiles.jdbcDatabase
Field="$J(profiles.dbname.default)"
Profiles database name.
-W
jdbcDatasourcePanel_profiles.appUserField
="$J(profiles.dbuser.default)"
Profiles database user ID.
-W jdbcDatasourcePanel_profiles.appUser
PasswordField="Lz4sLChvLTs="
Password associated with the Profiles database user ID. This value is
base64 encoded to encrypt the real password when it is stored in
this file. Do not edit this value.
-W
Wikis database name.
jdbcDatasourcePanel_wikis.jdbcDatabaseField
="$J(wikis.dbname.default)"
-W jdbcDatasourcePanel_wikis.appUserField
="$J(wikis.dbuser.default)"
Wikis database user ID.
-W jdbcDatasourcePanel_wikis.appUser
PasswordField="MTE="
Password associated with the Wikis database user ID. This value is
base64 encoded to encrypt the real password when it is stored in
this file. Do not edit this value.
-W
jdbcDatasourcePanel_files.jdbcDatabaseField
="$J(files.dbname.default)"
Files database name.
-W jdbcDatasourcePanel_files.appUserField
="$J(files.dbuser.default)"
Files database user ID.
-W jdbcDatasourcePanel_files.appUser
PasswordField="OTk="
Password associated with the Files database user ID. This value is
base64 encoded to encrypt the real password when it is stored in
this file. Do not edit this value.
Home page, Search, News repository database name. Note: the
-W
jdbcDatasourcePanel_homepage.jdbcDatabase Homepage, Search, and News features use the same database.
Field="$J(homepage.dbname.default)"
Home page, Search, News repository database user ID.
-W
jdbcDatasourcePanel_homepage.appUserField
="$J(homepage.dbuser.default)"
-W jdbcDatasourcePanel_homepage.appUser
PasswordField="Lz4sLChvLTs="
Password associated with the Home page, Search, News repository
database user ID. This value is base64 encoded to encrypt the real
password when it is stored in this file. Do not edit this value.
-W dataDir.selection="specifyparent"
Identifies whether specify data directories for storing customer data
feature by feature or specify parent only. Options are specifyparent
or specifyeach.
-W dataDir.datadir ="/usr/IBM/WebSphere/
LotusConnections/Data"
Identifies the parent directory for data directory storing customer
data of Lotus Connections in the file system.
-W notificationEnablement.selection="true"
Identifies whether to enable notification cross features. Options are
true or false.
-W notificationSolution.notificationSolution
="javamailsession"
Identifies notification solution. Options are legacy or javamailsession.
Legacy stands for DNX MX record, while javamailsession stands for
Java™ mail session.
-W
Host name of the SMTP server.
notificationConfigJavaMailSession.smtpServer
NameField="my.company.com"
-W notificationConfigJavaMailSession.smtp
UserField="smtpuser"
User for SMTP basic authentication under Java mail session solution.
Chapter 1. Installing
129
Table 26. InstallResponse.txt file common properties (continued)
Response
Description
-W notificationConfigJavaMailSession.smtp
PasswordField="OSkrKiw6LQ=="
Password associated with the user for SMTP basic authentication.
-W notificationConfigJavaMailSession.useSSL
Checkbox=""
Identify whether use SSL for SMTP connection. Options are true or
blank for false.
-W notificationConfigJavaMailSession.smtp
PortNumberField="25"
Port number for SMTP service under Java mail session solution.
Options are 25 for HTTP and 465 for HTTPS.
-W
notificationConfigLegacy.smtpDomainField
="enterprise.example.com"
Domain name of SMTP server for legacy solution. Note: These
legacy items won't take effect until you've chosen the notification
solution as Legacy solution. -W
notificationSolution.notificationSolution="legacy"
-W
notificationConfigLegacy.smtpDNSHostField
="domainserver"
Host name of the domain name server for legacy solution
-W
notificationConfigLegacy.smtpDNSPortField
="53"
Port number for the domain name server look-up service
-W notificationConfigLegacy.smtpUserField
="smptuser"
User for SMTP basic authentication under legacy solution.
-W
notificationConfigLegacy.smtpPasswordField
="OSkrKiw6LQ=="
Password associated with the user for SMTP basic authentication.
-W
notificationConfigLegacy.useSSLCheckbox=""
Identify whether to use SSL for SMTP connection. Options are true
or blank for false.
-W notificationConfigLegacy.smtpPort
NumberField="25"
Port number for SMTP service under legacy solution. Options are 25
for HTTP and 465 for HTTPS.
-W wpiPanel.selection="true"
Identifies whether to enable searching user in PEOPLEDB. Options
are true or false.
Table 27. Covert a stand-alone deployment to network deployment
Response
Description
-W ndOptionsPanel.ndoptions="convert"
Specify the installation option to convert a stand-alone deployment
to a network deployment.
-W lcExistingLocation.location=""
Specify the directory where Lotus Connection features are to be
installed.
-W dmInfoPanel_conversion.hostname=""
Host name for the deployment manager.
-W dmInfoPanel_conversion.port="8879"
Port for deployment manager connection.
-W dmInfoPanel_conversion.wasid=""
Administrative ID for deployment manager.
-W dmInfoPanel_conversion.password=""
Administrative password for deployment manager.
-W clusterNamePanel_convert.cluster=":"
Specify the cluster name(s) for the server(s) that you're going to
create the cluster. Use a semicolon-separated string if there are
multiple servers. Example:
serverAc:activitiesCluster;ServerBl:blogCluster
Table 28. Network deployment settings
Response
Description
-W dmInfoPanel.hostname=""
Host name for the deployment manager.
-W dmInfoPanel.port="8879"
Port for deployment manager connection.
130
IBM Lotus Lotus Connections 2.5 Installation Guide
Table 28. Network deployment settings (continued)
Response
Description
-W dmInfoPanel.wasid=""
Administrative ID for deployment manager.
-W dmInfoPanel.password=""
Administrative password for deployment manager.
-W clusterNamePanel.cluster=":"
Table 29. Stand-alone deployment settings
Response
Description
-W profileServerSelectStandalone.profile=""
Name of the profile to use under stand-alone typology.
-W profileServerSelectStandalone.server=""
Name of the server process within the profile to use under
stand-alone typology.
-W newServerStandalone.profile="item1"
Name of the server process that will be created within the profile to
use under stand-alone typology. Note: This item won't take effect
until the corresponding setting of server name is set as "<create new
server>" in -W profileServerSelectStandalone.server="<create new
server>"
Table 30. Advanced stand-alone settings
Response
Description
-W profileServerSelectAdvanced.profile
="AppSrv01"
Name of the WebSphere Application Server profile
-W
profileServerSelectAdvanced.activitiesServer
="server1"
Name of the server process within the profile to use for Activities.
Note: The options are: an existing server name and <new_server>. If
you select <new_server>, you need to specify the new server name in
another response setting,: -W
newServerAdvanced.activitiesServer="<new_server>"
-W profileServerSelectAdvanced.blogsServer
="server1"
Name of the server process within the profile to use for Blogs.
Note: The options are: an existing server name and <new_server>. If
you select <new_server>, you need to specify the new server name in
another response setting,: -W
newServerAdvanced.activitiesServer="<new_server>"
-W profileServerSelectAdvanced.communities Name of the server process within the profile to use for
Server="server1"
Communities.
Note: The options are: an existing server name and <new_server>. If
you select <new_server>, you need to specify the new server name in
another response setting,: -W
newServerAdvanced.activitiesServer="<new_server>"
-W profileServerSelectAdvanced.dogearServer Name of the server process within the profile to use for Dogear.
="server1"
Note: The options are: an existing server name and <new_server>. If
you select <new_server>, you need to specify the new server name in
another response setting,: -W
newServerAdvanced.activitiesServer="<new_server>"
-W profileServerSelectAdvanced.filesServer
="server1"
Name of the server process within the profile to use for Files.
Note: The options are: an existing server name and <new_server>. If
you select <new_server>, you need to specify the new server name in
another response setting,: -W
newServerAdvanced.activitiesServer="<new_server>"
-W
Name of the server process within the profile to use for Homepage.
profileServerSelectAdvanced.homepageServer Note: The options are: an existing server name and <new_server>. If
you select <new_server>, you need to specify the new server name in
="server1"
another response setting,: -W
newServerAdvanced.activitiesServer="<new_server>"
Chapter 1. Installing
131
Table 30. Advanced stand-alone settings (continued)
Response
Description
-W profileServerSelectAdvanced.mobileServer Name of the server process within the profile to use for Mobile.
="server1"
Note: The options are: an existing server name and <new_server>. If
you select <new_server>, you need to specify the new server name in
another response setting,: -W
newServerAdvanced.activitiesServer="<new_server>"
-W profileServerSelectAdvanced.newsServer
="server1"
Name of the server process within the profile to use for News
repository.
Note: The options are: an existing server name and <new_server>. If
you select <new_server>, you need to specify the new server name in
another response setting,: -W
newServerAdvanced.activitiesServer="<new_server>"
-W
profileServerSelectAdvanced.profilesServer
="server1"
Name of the server process within the profile to use for Profiles.
Note: The options are: an existing server name and <new_server>. If
you select <new_server>, you need to specify the new server name in
another response setting,: -W
newServerAdvanced.activitiesServer="<new_server>"
-W profileServerSelectAdvanced.searchServer
="server1"
Name of the server process within the profile to use for Search.
Note: The options are: an existing server name and <new_server>. If
you select <new_server>, you need to specify the new server name in
another response setting,: -W
newServerAdvanced.activitiesServer="<new_server>"
-W profileServerSelectAdvanced.wikisServer
="server1"
Name of the server process within the profile to use for Wikis.
Note: The options are: an existing server name and <new_server>. If
you select <new_server>, you need to specify the new server name in
another response setting,: -W
newServerAdvanced.activitiesServer="<new_server>"
-W newServerAdvanced.activitiesServer
="server1"
Name of the server process that will be created within the profile to
use for Activities.
Note: This response setting will take effect only when the
corresponding server setting
profileServerSelectAdvanced.activitiesServer is set to <new_server>
-W profileServerSelectAdvanced.activitiesServer="<new_server>"
-W newServerAdvanced.blogsServer
="server1"
Name of the server process that will be created within the profile to
use for Blogs.
Note: This response setting will take effect only when the
corresponding server setting
profileServerSelectAdvanced.activitiesServer is set to <new_server>
-W profileServerSelectAdvanced.activitiesServer="<new_server>"
-W newServerAdvanced.communitiesServer
="server1"
Name of the server process that will be created within the profile to
use for Communities.
Note: This response setting will take effect only when the
corresponding server setting
profileServerSelectAdvanced.activitiesServer is set to <new_server>
-W profileServerSelectAdvanced.activitiesServer="<new_server>"
-W newServerAdvanced.dogearServer
="server1"
Name of the server process that will be created within the profile to
use for Dogear.
Note: This response setting will take effect only when the
corresponding server setting
profileServerSelectAdvanced.activitiesServer is set to <new_server>
-W profileServerSelectAdvanced.activitiesServer="<new_server>"
132
IBM Lotus Lotus Connections 2.5 Installation Guide
Table 30. Advanced stand-alone settings (continued)
Response
Description
-W newServerAdvanced.filesServer ="server1" Name of the server process that will be created within the profile to
use for Files.
Note: This response setting will take effect only when the
corresponding server setting
profileServerSelectAdvanced.activitiesServer is set to <new_server>
-W profileServerSelectAdvanced.activitiesServer="<new_server>"
-W newServerAdvanced.homepageServer
="server1"
Name of the server process that will be created within the profile to
use for Homepage.
Note: This response setting will take effect only when the
corresponding server setting
profileServerSelectAdvanced.activitiesServer is set to <new_server>
-W profileServerSelectAdvanced.activitiesServer="<new_server>"
-W newServerAdvanced.mobileServer
="server1"
Name of the server process that will be created within the profile to
use for Mobile.
Note: This response setting will take effect only when the
corresponding server setting
profileServerSelectAdvanced.activitiesServer is set to <new_server>
-W profileServerSelectAdvanced.activitiesServer="<new_server>"
-W newServerAdvanced.newsServer
="server1"
Name of the server process that will be created within the profile to
use for News repository.
Note: This response setting will take effect only when the
corresponding server setting
profileServerSelectAdvanced.activitiesServer is set to <new_server>
-W profileServerSelectAdvanced.activitiesServer="<new_server>"
-W newServerAdvanced.profilesServer
="server1"
Name of the server process that will be created within the profile to
use for Profiles.
Note: This response setting will take effect only when the
corresponding server setting
profileServerSelectAdvanced.activitiesServer is set to <new_server>
-W profileServerSelectAdvanced.activitiesServer="<new_server>"
-W newServerAdvanced.searchServer
="server1"
Name of the server process that will be created within the profile to
use for Search.
Note: This response setting will take effect only when the
corresponding server setting
profileServerSelectAdvanced.activitiesServer is set to <new_server>
-W profileServerSelectAdvanced.activitiesServer="<new_server>"
-W newServerAdvanced.wikisServer
="server1"
Name of the server process that will be created within the profile to
use for Wikis.
Note: The responses in the following table only take effect if you selected No
when asked if all features are using the same database server.
Chapter 1. Installing
133
Table 31. Database-specific response settings
Response
Description
-W
jdbcProviderPanelSeparate.jdbcLibraryPath
Field="$J(jdbclibpath.default)"
Fully-qualified path to the directory in which the JAR files that are
used for the database JDBC connection are stored.
DB2: Specify one of the following JAR files to support the DB2 JDBC
driver: db2jcc.jar – the DB2 universal driver file.
db2jcc_license_cu.jar – this license file permits a connection to the
Cloudscape- server and all DB2 databases for AIX, Linux and
Windows servers. Note: Lotus Connections does not support
Cloudscape, DB2 for z/OS-, nor DB2 Universal Database- for
iSeries-.
Oracle: The JAR file that supports the Oracle JDBC driver is
ojdbc14.jar.
SQL Server: The JAR file that supports the SQL Server JDBC driver
is sqljdbc.jar. Download the SQL Server 2005 JDBC 1.2 driver from
the Microsoft Web site and follow the instructions to extract the
driver files.
-W
jdbcDatasourcePanelSeparate_activities.jdbc
HostField="$J(activities.dbhost.default)"
Host name of the Activities database server.
-W
jdbcDatasourcePanelSeparate_activities.jdbc
PortField="$J(activities.dbport.default)"
Port number for the Activities database connection. By default, the
port number for a DB2 database is 50000, the port number for an
Oracle database is 1521, and the port number for SQL Server is 1433.
-W
jdbcDatasourcePanelSeparate_activities.jdbc
DatabaseField="$J(activities.dbname.default)"
Activities database name.
-W
jdbcDatasourcePanelSeparate_activities.app
UserField="$J(activities.dbuser.default)"
Activities database user ID.
-W
jdbcDatasourcePanelSeparate_activities.app
UserPasswordField
="$J(activities.dbpassword.default)"
Password associated with the Activities database user ID. This value
is base64 encoded to encrypt the real password when it is stored in
this file.
Note: You can edit the appUserPassword field only when the
"passwordHandler.encodePassword" field is set to false.
-W jdbcDatasourcePanelSeparate_blogs.jdbc
HostField="$J(blogs.dbhost.default)"
Host name of the Blogs database server.
-W jdbcDatasourcePanelSeparate_blogs.jdbc
PortField="$J(blogs.dbport.default)"
The port number for the Blogs database connection. By default, the
port number for a DB2- database is 50000, the port number for an
Oracle database is 1521, and the port number for SQL Server is 1433.
-W jdbcDatasourcePanelSeparate_blogs.jdbc
DatabaseField="$J(blogs.dbname.default)"
Blogs database name.
-W jdbcDatasourcePanelSeparate_blogs.app
UserField="$J(blogs.dbuser.default)"
Blogs database user ID.
-W jdbcDatasourcePanelSeparate_blogs.app
UserPasswordField
="$J(blogs.dbpassword.default)"
Password associated with the Blogs database user ID. This value is
base64 encoded to encrypt the real password when it is stored in
this file.
Note: You can edit the appUserPassword field only when the
"passwordHandler.encodePassword" field is set to false.
-W
jdbcDatasourcePanelSeparate_communities
.jdbcHostField
="$J(communities.dbhost.default)"
Host name of the Communities database server.
134
IBM Lotus Lotus Connections 2.5 Installation Guide
Table 31. Database-specific response settings (continued)
Response
Description
-W
jdbcDatasourcePanelSeparate_communities
.jdbcPortField
="$J(communities.dbport.default)"
The port number for the Communities database connection. By
default, the port number for a DB2- database is 50000, the port
number for an Oracle database is 1521, and the port number for SQL
Server is 1433.
-W
jdbcDatasourcePanelSeparate_communities
.jdbcDatabaseField
="$J(communities.dbname.default)"
Communities database name.
-W
jdbcDatasourcePanelSeparate_communities
.appUserField
="$J(communities.dbuser.default)"
Communities database user ID.
-W
jdbcDatasourcePanelSeparate_communities
.appUserPasswordField
="$J(communities.dbpassword.default)"
Password associated with the Communities database user ID. This
value is base64 encoded to encrypt the real password when it is
stored in this file.
Note: You can edit the appUserPassword field only when the
"passwordHandler.encodePassword" field is set to false.
-W jdbcDatasourcePanelSeparate_dogear.jdbc
HostField="$J(dogear.dbhost.default)"
Host name of the Dogear database server.
-W jdbcDatasourcePanelSeparate_dogear.jdbc
PortField="$J(dogear.dbport.default)"
The port number for the Dogear database connection. By default, the
port number for a DB2- database is 50000, the port number for an
Oracle database is 1521, and the port number for SQL Server is 1433.
-W jdbcDatasourcePanelSeparate_dogear.jdbc
DatabaseField="$J(dogear.dbname.default)"
Dogear database name.
-W jdbcDatasourcePanelSeparate_dogear.app
UserField="$J(dogear.dbuser.default)"
Dogear database user ID.
-W jdbcDatasourcePanelSeparate_dogear.app
UserPasswordField
="$J(dogear.dbpassword.default)"
Password associated with the Dogear database user ID. This value is
base64 encoded to encrypt the real password when it is stored in
this file.
Note: You can edit the appUserPassword field only when the
"passwordHandler.encodePassword" field is set to false.
-W jdbcDatasourcePanelSeparate_profiles.jdbc Host name of the Profiles database server.
HostField="$J(profiles.dbhost.default)"
-W jdbcDatasourcePanelSeparate_profiles.jdbc The port number for the Profiles database connection. By default,
PortField="$J(profiles.dbport.default)"
the port number for a DB2- database is 50000, the port number for
an Oracle database is 1521, and the port number for SQL Server is
1433.
-W jdbcDatasourcePanelSeparate_profiles.jdbc Profiles database name.
DatabaseField="$J(profiles.dbname.default)"
-W jdbcDatasourcePanelSeparate_profiles.app Profiles database user ID.
UserField="$J(profiles.dbuser.default)"
-W jdbcDatasourcePanelSeparate_profiles.app Password associated with the Profiles database user ID. This value is
base64 encoded to encrypt the real password when it is stored in
UserPasswordField
this file.
="$J(profiles.dbpassword.default)"
Note: You can edit the appUserPassword field only when the
"passwordHandler.encodePassword" field is set to false.
-W jdbcDatasourcePanelSeparate_wikis.jdbc
HostField="$J(wikis.dbhost.default)"
Host name of the Wikis database server.
-W jdbcDatasourcePanelSeparate_wikis.jdbc
PortField="$J(wikis.dbport.default)"
The port number for the Wikis database connection. By default, the
port number for a DB2- database is 50000, the port number for an
Oracle database is 1521, and the port number for SQL Server is 1433.
Chapter 1. Installing
135
Table 31. Database-specific response settings (continued)
Response
Description
-W jdbcDatasourcePanelSeparate_wikis.jdbc
DatabaseField="$J(wikis.dbname.default)"
Wikis database name.
-W jdbcDatasourcePanelSeparate_wikis.app
UserField="$J(wikis.dbuser.default)"
Wikis database user ID.
-W jdbcDatasourcePanelSeparate_wikis.app
UserPasswordField="$J(wikis.dbpassword.
default)"
Password associated with the Wikis database user ID. This value is
base64 encoded to encrypt the real password when it is stored in
this file.
Note: You can edit the appUserPassword field only when the
"passwordHandler.encodePassword" field is set to false.
-W jdbcDatasourcePanelSeparate_files.jdbc
HostField="$J(files.dbhost.default)"
Host name of the Files database server.
-W jdbcDatasourcePanelSeparate_files.jdbc
PortField="$J(files.dbport.default)"
The port number for the Files database connection. By default, the
port number for a DB2- database is 50000, the port number for an
Oracle database is 1521, and the port number for SQL Server is 1433.
-W jdbcDatasourcePanelSeparate_files.jdbc
DatabaseField="$J(files.dbname.default)"
Files database name.
-W jdbcDatasourcePanelSeparate_files.app
UserField="$J(files.dbuser.default)"
Files database user ID.
-W jdbcDatasourcePanelSeparate_files.app
UserPasswordField
="$J(files.dbpassword.default)"
Password associated with the Files database user ID. This value is
base64 encoded to encrypt the real password when it is stored in
this file.
Note: You can edit the appUserPassword field only when the
"passwordHandler.encodePassword" field is set to false.
-W
jdbcDatasourcePanelSeparate_homepage.jdbc
HostField="$J(homepage.dbhost.default)"
Host name of the Home page, News repository, Search database
server.
Note: Home page, News repository, Search will use the same
database for service.
-W
jdbcDatasourcePanelSeparate_homepage.jdbc
PortField="$J(homepage.dbport.default)"
The port number for the Home page, News repository, Search
database connection. By default, the port number for a DB2database is 50000, the port number for an Oracle database is 1521,
and the port number for SQL Server is 1433.
-W
Home page, News repository, Search database name.
jdbcDatasourcePanelSeparate_homepage.jdbc
DatabaseField="$J(homepage.dbname.default)"
-W
jdbcDatasourcePanelSeparate_homepage.app
UserField="$J(homepage.dbuser.default)"
Home page, News repository, Search database user ID.
-W
jdbcDatasourcePanelSeparate_homepage.app
UserPasswordField
="$J(homepage.dbpassword.default)"
Password associated with the Home page, News repository, Search
database user ID. This value is base64 encoded to encrypt the real
password when it is stored in this file.
Note: You can edit the appUserPassword field only when the
"passwordHandler.encodePassword" field is set to false.
Note: The response settings in the following table take effect only if you selected
the option specify each data directory when you first ran the installation wizard.
You can specify this option in the -W dataDir.selection="specifyeach" response
setting.
136
IBM Lotus Lotus Connections 2.5 Installation Guide
Table 32. Data directory response settings
Response
Description
-W activitiesDataDirPanel.statistic
="$PATH($P(absoluteInstallLocation),
Data/activities/statistic)"
Data directory of Activities statistics in the file system
-W activitiesDataDirPanel.content
="$PATH($P(absoluteInstallLocation),
Data/activities/content)"
Data directory of Activities content store in the file system.
-W blogsDataDirPanel.upload
="$PATH($P(absoluteInstallLocation),
Data/blogs/upload)"
Data directory in which to store files uploaded to Blogs
-W communitiesDataDirPanel.statistic
="$PATH($P(absoluteInstallLocation),
Data/communities/statistic)"
Data directory in which Communities statistics are stored.
-W dogearDataDirPanel.favorite
="$PATH($P(absoluteInstallLocation),
Data/dogear/favorite)"
Data directory in which Dogear favorite icons are stored.
-W profilesDataDirPanel.statistic
="$PATH($P(absoluteInstallLocation),
Data/profiles/statistic)"
Data directory in which Profiles statistics are stored.
-W profilesDataDirPanel.cache
="$PATH($P(absoluteInstallLocation),
Data/profiles/cache)"
Data directory in which Profiles cache are created.
-W searchDataDirPanel.index
="$PATH($P(absoluteInstallLocation),
Data/search/index)"
Data directory in which Search index are stored.
-W searchDataDirPanel.dictionary
="$PATH($P(absoluteInstallLocation),
Data/search/dictionary)"
Data directory in which Search dictionary are stored.
-W wikisDataDirPanel.upload
="$PATH($P(absoluteInstallLocation),
Data/wikis/upload)"
Data directory in which to store files uploaded to Wikis.
-W filesDataDirPanel.upload
="$PATH($P(absoluteInstallLocation),
Data/files/upload)"
Data directory in which to store files uploaded to Files.
Related tasks
“Installing the first node of a cluster” on page 105
Install the first node of a network deployment of Lotus Connections.
Installing from the command line on AIX systems
If you want to install Lotus Connections using the command line rather than using
the installation wizard, you can perform a silent installation, specifying a required
set of parameters.
Before you begin
Most silent installations require that you run through the installation wizard at
least once. The values you specify in the wizard pages are saved to the
InstallResponse.txt file. On AIX systems, you can perform a silent installation
without first having to run through the installation wizard. However, you must
specify values for a set of command parameters when you run the silent
installation.
Chapter 1. Installing
137
About this task
To install Lotus Connections from the command line on an AIX system, complete
the following steps:
Procedure
1. Using a text editor, create a text file and name it InstallResponse.txt.
2. Referring to the table in the topic, InstallResponse.txt file, add to the file the
appropriate properties and associated values for your system configuration.
Include the following properties, but do not specify values for them:
v jdbcProviderPanelSeparate.appUserPasswordField
v outgoingEmailConfigurationPanel.smtpPasswordField
These properties represent password values, which you can specify as
arguments of the command when you run it later.
3. Optional: If you are downloading the product, download the Lotus
Connections installer executable file, which has a .TAR extension for AIX
systems, from the Lotus Connection Web site, and then change to the directory
to which you downloaded the TAR file, and type the following command to
extract the files from it:
tar -xvf Lotus_Connections_Install.tar
This command creates a Lotus_Connections_Install directory.
Note: If you are installing the product from the DVD, skip this step.
4. Perform a silent installation by opening a command prompt, and then changing
to the directory in which the install.sh file is stored.
5. Enter the following command (without the carriage returns):
./install.sh -options <response_file>
-W setDbPass.value=<jdbcConnection_user_password> -silent
where <response_file> is the file path location of the InstallResponse.txt file you
created and <jdbcConnection_user_password> is the password to use for
connecting to the database.
If you are installing Activities and want to use an SMTP server to handle
notifications, include the following parameter (before the -silent parameter) as
well:
-W setOASmtpPassword.value=<smtp_password>
where <smtp_password> is the password associated with the administrative user
of the SMTP server if the server requires authentication.
Post-installation tasks
After installation, you need to perform further tasks that will ensure an efficient
and secure deployment.
After running the wizards to install features and create databases, you should
consider performing the following additional tasks.
Tasks to be completed
Each of these tasks is described in separate topics. See the list of links below for
more information.
138
IBM Lotus Lotus Connections 2.5 Installation Guide
Mandatory tasks for all deployments
Complete the following post-installation tasks.
Configuring IBM HTTP Server
Configure IBM HTTP Server to manage Web requests to Lotus Connections.
When you have successfully installed Lotus Connections to run on WebSphere
Application Server, you can configure IBM HTTP Server to handle Web traffic by
completing the following tasks:
Related tasks
“Adding subsequent nodes to a cluster” on page 116
Add more nodes to an existing cluster.
Defining IBM HTTP Server:
Define IBM HTTP Server as the Web server for Lotus Connections.
Before you begin
This task applies only to a stand-alone deployment of Lotus Connections with IBM
HTTP Server. To define Web servers for a network deployment of Lotus
Connections, complete the steps described in the Defining IBM HTTP Server for a
node topic.
About this task
There are other ways to create a Web server. See the IBM WebSphere Application
Server information center for more information.
To define IBM HTTP Server as the Web server for Lotus Connections, complete the
following steps:
Procedure
1. Start IBM HTTP Server, if it is not already running.
2. From the WebSphere Application Server Integrated Solutions Console, select
Servers → Web servers, and then click New.
3. Provide values for the following fields:
Server name
Enter the name of your Web server. The default value is webserver1
Type
Choose IBM HTTP Server
Host Name
Enter the fully qualified DNS host name for IBM HTTP Server. For
example: webserver.example.com
Platform
Choose the operating system type that hosts your IBM HTTP Server
4. Click Next.
5. Select the default Web server template and click Next.
6. On the Enter the properties for the new Web server page, check the paths and
make adjustments if necessary, and then enter the user name and password
that you specified when you installed IBM HTTP Server. Confirm the password
and click Next.
Chapter 1. Installing
139
7. Confirm that you want to create the new Web server.
8. Click Finish, and then click Save.
What to do next
Install Web server plug-ins for IBM HTTP Server, if they are not already installed.
For more information, go to the Installing Web server plug-ins web site.
Configure IBM HTTP Server to handle file downloads from the Files and Wikis
features. For information on this configuration, see the Configuring Files and Wikis
downloads topic.
Defining IBM HTTP Server for a node:
Define IBM HTTP Server to manage Web connections for a node.
About this task
In a network deployment, a web server is used as the entry point for all the
features.
This procedure describes how to create a Web server using the Integrated Solutions
Console. There are other ways to create the Web server. See the IBM WebSphere
Application Server information center for more information.
To define IBM HTTP Server for a node, complete the following steps:
Procedure
1. Start IBM HTTP Server, if it is not already running.
2. From the WebSphere Application Server Integrated Solutions Console for the
Deployment Manager, select System administration → Nodes → Add Node.
3. Select Unmanaged node and click Next.
4. Specify the properties of the node by providing values in the following fields:
Name Enter the name of the node
Host Name
Enter the fully qualified DNS host name for IBM HTTP Server. For
example: webserver.example.com
Platform
Choose the operating system type that hosts your IBM HTTP Server
Click OK and then click Save.
5. Select Servers → Web servers and click New.
6. Provide values for the following fields:
Select node
Choose the node that you specified in Step 4.
Server name
Enter the name of the your Web server. The default value is
webserver1
Type Choose IBM HTTP Server.
7. Click Next.
8. Select the default Web server template and click Next.
140
IBM Lotus Lotus Connections 2.5 Installation Guide
9. On the Enter the properties for the new Web server page, check the paths
and make adjustments if necessary, and then enter the user name and
password that you specified when you installed IBM HTTP Server. Confirm
the password and click Next.
10. Confirm that you want to create the new Web server.
11. Click Finish, and then click Save.
What to do next
If you selected Use SSL on the Enter the properties for the new Web server page,
complete the steps in the Configuring IBM HTTP Server for SSL topic.
Install Web server plug-ins for IBM HTTP Server, if they are not already installed.
For more information, go to the Installing Web server plug-ins web site.
Configure IBM HTTP Server to handle file downloads from the Files and Wikis
features. For information on this configuration, see the Configuring Files and Wikis
downloads topic.
Related tasks
“Adding subsequent nodes to a cluster” on page 116
Add more nodes to an existing cluster.
“Installing the first node of a cluster” on page 105
Install the first node of a network deployment of Lotus Connections.
Configuring IBM HTTP Server for SSL:
Configure IBM HTTP Server to use the SSL protocol.
Before you begin
Start IBM HTTP Server, if is not already running. For more information about the
key store and setting up the IBM HTTP Server, see the IBM WebSphere Application
Server Information Center.
About this task
To support SSL, you must add WebSphere Application Server's SSL certificate to
IBM HTTP Server's trust store and then configure IBM HTTP Server for SSL traffic.
Notes:
v If you have installed a network deployment of Lotus Connections, you must
extract the certificates for each federated profile.
v The plugin-key.kdb file of each federated profile can be shared between two
HTTP servers, thus providing failover capability.
To configure IBM HTTP Server for SSL, complete the following steps for each
WebSphere Application Server profile:
Procedure
1. From the WebSphere Application Server Integrated Solutions Console for the
Deployment Manager, select Servers → Web servers. From the list of Web
servers, click the Web server that you defined for this profile.
2. Click the Configuration tab and then click Edit beside the Configuration file
name field.
Chapter 1. Installing
141
3. Add the following text to the foot of the existing content in the configuration
file:
LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
<IfModule mod_ibm_ssl.c>
Listen 0.0.0.0:443
<VirtualHost *:443>
ServerName <server_name>
#DocumentRoot C:\IBM\HTTPServer\htdocs
SSLEnable
</VirtualHost>
</IfModule>
SSLDisable
Keyfile "<path_to_key_file>"
SSLStashFile "<path_to_stash_file>"
where <server_name> is the name of the Web server, <path_to_key_file> is the
path to the KDB file, and <path_to_stash_file> is the path to the associated stash
file. For example:
v AIX:
– Keyfile: /usr/IBM/HTTPServer/Plugins/config/webserver1/plugin-key.kdb
– SSLStashFile: /usr/IBM/HTTPServer/Plugins/config/webserver1/pluginkey.sth
v Linux:
– Keyfile: /opt/IBM/HTTPServer/Plugins/config/webserver1/plugin-key.kdb
– SSLStashFile: /opt/IBM/HTTPServer/Plugins/config/webserver1/pluginkey.sth
v Microsoft Windows:
– Keyfile: C:\IBM\HTTPServer\Plugins\config\webserver1\plugin-key.kdb
– SSLStashFile: C:\IBM\HTTPServer\Plugins\config\webserver1\pluginkey.sth
4. Click Apply to save your changes and then click OK.
5. Restart IBM HTTP Server to apply the changes.
6. Test the new configuration: Open a Web browser and ensure that you can
successfully reach https://<Web_server_name>.
Results
Lotus Connections users can access features through the HTTPS protocol.
What to do next
For more information about securing Web communications, go to the IBM
WebSphere Application Server Information Center or read the IBM WebSphere
Application Server V6.1 Security Handbook.
142
IBM Lotus Lotus Connections 2.5 Installation Guide
Related tasks
“Mapping applications to IBM HTTP Server” on page 148
After you install IBM Lotus Connections, map the applications to IBM HTTP
Server.
Related information
“Adding certificates to a network deployment with IBM HTTP Server” on page 144
Add signer certificates to an IBM HTTP Server plug-in for a network deployment.
Adding certificates to IBM HTTP Server:
Add signer certificates to an IBM HTTP Server plug-in for a stand-alone
deployment.
Before you begin
Before you complete this procedure, ensure that IBM HTTP Server is configured to
support SSL. For more information, see the Configuring IBM HTTP Server for SSL
topic.
About this task
To establish trusted communication between IBM HTTP Server and a Web browser,
import signer certificates from WebSphere Application Server.
Note:
There are different types of certificates that you can use. This procedure describes
how to import the self-signed certificate that is shipped with Websphere
Application Server. You can also import a certificate that you purchased from a
third-party Certificate Authority, or create a new self-signed certificate. To help
decide a key strategy for your environment, go the IBM HTTP Server information
center.
To import a public WebSphere Application Server certificate into the IBM HTTP
Server plug-in, complete the following steps:
Procedure
1. Copy the plugin-key.kdb file from the ibm_http_server_root/Plugins/config/
webserver1 directory to the app_server_root/profiles/AppSrv01/config/cells/
<cell_name>/nodes/<node_name>/servers/<Webserver_name> directory, where
<cell_name>, <node_name>, and <Webserver_name> are the names of your
WebSphere Application Server cell, the name of the node that you are
configuring, and your Web server, respectively.
2. Log into the IBM WebSphere Application Server Integrated Solutions Console
and select Security → SSL Certificate and key management → Key stores and
certificates.
3. Click NodeDefaultKeyStore.
4. Click Personal Certificates.
5. Select the check box beside the default certificate and click Extract.
6. Enter a fully-qualified Certificate file name. If you do not specify a directory
path, the certificate is stored in the app_server_root/profiles/<profile_name>/
etc directory, where <profile_name> is the name of the current WebSphere
Application Server profile.
7. Click OK to extract the file.
Chapter 1. Installing
143
8. In the IBM WebSphere Application Server Integrated Solutions Console, select
Servers → Web servers.
9. Click <Webserver_name>, where <Webserver_name> is the name of your IBM
HTTP Server Web server.
10. Click Plug-in properties and then click Manage keys and certificates.
11. Under Additional Properties, click Signer certificates, and then click Add.
12. Enter the certificate Alias and its fully-qualified File name, and click OK.
13. Click Save to import the file.
14. In the IBM WebSphere Application Server Integrated Solutions Console, select
Servers → Web servers → Plug-in properties.
15. From the Plug-in properties page, click Copy to Web server key store
directory to synchronize the KDB file with IBM HTTP Server.
16. Restart IBM HTTP Server to apply the changes.
Results
If your configuration changes aren't successful, ensure that you have applied the
instructions to configure a default personal certificate.
What to do next
The proxy-config.tpl file allows the proxy to work with self-signed certificates.
This is true out-of-the-box but for improved security you should set the value of
the unsigned_ssl_certificate_support property to false when your deployment is
ready for production.
Related tasks
“Mapping applications to IBM HTTP Server” on page 148
After you install IBM Lotus Connections, map the applications to IBM HTTP
Server.
Adding certificates to a network deployment with IBM HTTP Server:
Add signer certificates to an IBM HTTP Server plug-in for a network deployment.
Before you begin
Before you complete this procedure, ensure that IBM HTTP Server is configured to
support SSL. For more information, see the Configuring IBM HTTP Server for SSL
topic.
About this task
To establish trusted communication between IBM HTTP Server and a Web browser,
import signer certificates from WebSphere Application Server.
Note:
There are different types of certificates that you can use. This procedure describes
how to import the self-signed certificate that is shipped with Websphere
Application Server. You can also import a certificate that you purchased from a
third-party Certificate Authority, or create a new self-signed certificate. To help
decide a key strategy for your environment, go the IBM HTTP Server information
center.
144
IBM Lotus Lotus Connections 2.5 Installation Guide
To import a public WebSphere Application Server certificate into the IBM HTTP
Server plug-in, complete the following steps:
Procedure
1. Copy the plugin-key.kdb file from the ibm_http_server_root/Plugins/config/
webserver1 directory to the app_server_root/profiles/DMgr01/config/cells/
<cell_name>/nodes/<http_node_name>/servers/<Webserver_name> directory on
the system that hosts the Deployment Manager, where <cell_name>,
<http_node_name>, and <Webserver_name> are the names of your WebSphere
Application Server cell, the name of the node that you are configuring, and
your Web server, respectively.
2. Log into the IBM WebSphere Application Server Integrated Solutions Console
and select Security → SSL Certificate and key management → Key stores and
certificates.
3. Click CellDefaultTrustStore.
4. Click Signer Certificates.
5. Select the check box beside the certificate that you want to extract. You
probably have several options, such asdefault_1, default_2, to default_n , and
so on. When you have selected a certificate, click Extract.
6.
7.
8.
9.
Note: The number of certificates that you should extract depends on the
number of nodes in your deployment; extract one certificate per node.
Enter a fully-qualified Certificate file name. If you do not specify a directory
path, the certificate is stored in the app_server_root/profiles/<profile_name>/
etc directory, where <profile_name> is the name of the current WebSphere
Application Server profile.
Click OK to extract the file.
Repeat steps 4-7 for each managed node.
In the IBM WebSphere Application Server Integrated Solutions Console, select
Servers → Web servers.
10. Click <Webserver_name>, where <Webserver_name> is the name of your IBM
HTTP Server Web server.
11. Click Plug-in properties and then click Manage keys and certificates.
12. Under Additional Properties, click Signer certificates, and then click Add.
13. Enter the certificate Alias and its fully-qualified File name, and click OK.
14. Click Save to import the file.
15. Repeat steps 11-14 for each managed node.
16. In the IBM WebSphere Application Server Integrated Solutions Console, select
Servers → Web servers → <webserver> → Plug-in properties, where <webserver>
is the name of your webserver.
17. From the Plug-in properties page, click Copy to Web server key store
directory to synchronize the KDB file with IBM HTTP Server.
18. Restart IBM HTTP Server to apply the changes.
Results
If your configuration changes aren't successful, ensure that you have applied the
instructions to configure a default personal certificate.
Chapter 1. Installing
145
What to do next
The proxy-config.tpl file allows the proxy to work with self-signed certificates.
This is true out-of-the-box but for improved security you should set the value of
the unsigned_ssl_certificate_support property to false when your deployment is
ready for production.
Related information
“Configuring IBM HTTP Server for SSL” on page 141
Configure IBM HTTP Server to use the SSL protocol.
Instructing Web browsers to cache content:
Configure IBM HTTP Server to cache static content such as images, style sheets,
and JavaScript code.
Before you begin
Ensure that you have mapped all the installed Lotus Connections features to IBM
HTTP Server.
About this task
Improve performance on slow, high-latency networks by adjusting the expiry
period on cached files that are associated with HTTP requests.
To instruct Web browsers and proxies to cache content, complete the following
steps:
Procedure
1. With a text editor, open the httpd.conf file from the ibm_http_server_root/conf
directory.
2. Adjust the expiry period on cached files by adding the following rules:
LoadModule expires_module modules/mod_expires.so
ExpiresActive On
<LocationMatch /*/(nav|static|common/styles|images)/ >
ExpiresByType application/x-javascript "access plus 1 day"
ExpiresByType application/javascript "access plus 1 day"
ExpiresByType text/javascript "access plus 1 day"
ExpiresByType text/css "access plus 1 day"
ExpiresByType text/plain "access plus 1 day"
ExpiresByType text/xsl "access plus 1 day"
ExpiresByType image/gif "access plus 1 day"
ExpiresByType image/jpeg "access plus 1 day"
ExpiresByType image/png "access plus 1 day"
ExpiresByType image/bmp "access plus 1 day"
ExpiresByType image/icon "access plus 1 day"
</LocationMatch>
These rules force the browser to cache static content by adding Expires and
Cache-Control: max-age headers to static content.
3. Save and close the file.
4. Restart IBM HTTP Server.
146
IBM Lotus Lotus Connections 2.5 Installation Guide
Related tasks
“Mapping applications to IBM HTTP Server” on page 148
After you install IBM Lotus Connections, map the applications to IBM HTTP
Server.
Determining which files to compress:
If you are not compressing content with the IBM WebSphere Application Server
Edge components or a similar device, consider configuring the IBM HTTP Server
to compress certain types of content to improve browser performance.
Before you begin
This is an optional configuration. You do not need to perform this procedure if you
are compressing content elsewhere in your network. Compression requires a
significant amount of CPU; you must monitor resource availability if you choose to
use this option.
About this task
Some versions of Microsoft Internet Explorer 6 have issues when dealing with
certain compressed content, including images and JavaScript. The directives below
do not compress images, but do compress JavaScript. If you encounter issues with
Microsoft Internet Explorer 6 after applying these directives, note that you should
uncomment the final line in the directives in Step 5.
When adding directives to the httpd.conf file, be sure to add them in the same
order in which they are defined in these steps.
To specify which types of files to compress, complete the following steps:
Procedure
1. Using a text editor, open the httpd.conf file. The file is stored in the following
directory by default:
v AIX: /usr/IBM/HTTPServer/conf
v Linux: /opt/IBM/HTTPServer/conf
v Microsoft Windows: C:\IBM\HTTPServer\conf
2. Find the following entry in the configuration file:
LoadModule deflate_module modules/mod_deflate.so
If this entry is not present, add it.
3. If the following line is present in the httpd.conf file, comment it out or remove
it. This line will cause all served content to be compressed, which will cause
issues with Microsoft Internet Explorer 6:
#setOutputFilter DEFLATE
4. Add the following statements to compress multiple content types used by
Lotus Connections:
#Only the specified MIME types will be compressed.
AddOutputFilterByType
AddOutputFilterByType
AddOutputFilterByType
AddOutputFilterByType
AddOutputFilterByType
DEFLATE
DEFLATE
DEFLATE
DEFLATE
DEFLATE
text/html
application/xhtml+xml
text/plain text/xml
application/x-javascript
text/css text/javascript
Chapter 1. Installing
147
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/atom+xml
AddOutputFilterByType DEFLATE text/javascript
5. Add the following statement to compress binary content downloaded from
Activities to work around a Microsoft Internet Explorer 6 issue with some
binary content:
<Location /activities >
AddOutputFilterByType DEFLATE application/octet-stream
</Location>
6. Add the following statements to specifically indicate that only text/html
content should be compressed for older browsers. Uncomment the final line if
your environment includes support for Microsoft Internet Explorer 6 SP1 or if
you experience web browser hangs or other issues with Microsoft Internet
Explorer 6 releases after SP1.
#Ensure that only text/html content is compressed for older browsers
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
# Uncomment the following line if you encounter freezing issues with Internet Explorer 6
#BrowserMatch \bMSIE\s6.0 gzip-only-text/html
7. Add the following statement to specifically indicate that image files and
binaries must not be compressed to prevent Web browser hangs:
# Ensures that images and executable binaries are not compressed
SetEnvIfNoCase Request_URI \\.(?:gif|jpe?g|png|exe)$ no-gzip dont-vary
8. Add the following statement to ensure that proxy servers do not modify the
User Agent header needed by the above statements:
# Make sure proxies do not deliver the wrong content
Header append Vary User-Agent env=!dont-vary
If the following line is commented out, remove the commenting from it:
LoadModule headers_module modules/mod_headers.so
9. Save and close the configuration file.
10. Restart IBM HTTP Server.
Mapping applications to IBM HTTP Server:
After you install IBM Lotus Connections, map the applications to IBM HTTP
Server.
Before you begin
If you do not install a Web server, users must include the correct port number in
the Web address that they type into the Web browser to access the application. The
Blogs and Dogear applications force login credentials to be submitted over a secure
channel. When you use IBM HTTP Server, it monitors all traffic sent over HTTP.
Create a Web server for each profile or node that you want to map before you
begin this task. All Lotus Connections applications are automatically mapped by
default to the newly-created web server.
This task updates the plugin-cfg.xml file on IBM HTTP Server. This configuration
file defines how IBM HTTP Server should access the applications when they are
requested from a Web browser.
If you are using the Files or Wikis applications, configure IBM HTTP Server to
handle file downloads from those applications. For more information, see the
148
IBM Lotus Lotus Connections 2.5 Installation Guide
Configuring Files and Wikis downloading topic. If you choose to let the WebSphere
Application Server redirect servlet manage file downloading, you must configure
the server to transfer data synchronously instead of asynchronously. This
configuration helps avoid errors caused by using too much memory. See the
Excessive native memory use in IBM WebSphere Application Server tech note for
instructions.
About this task
When you map Lotus Connections applications to IBM HTTP Server, you configure
it to redirect requests to the appropriate port for each application. Each Lotus
Connections application is made up of one or more modules and you must map
each module to IBM HTTP Server.
The following steps describe how to map all the modules for all the applications. If
you have not installed all the applications, perform the steps that are relevant to
the applications that you have installed.
To map Lotus Connections applications to IBM HTTP Server, complete the
following steps:
Procedure
1. Make sure that IBM HTTP Server is installed and running.
2. Open the WebSphere Application Server Integrated Solutions Console on the
system where you installed the Deployment Manager.
3. Select Applications → Enterprise Applications.
4. Map a Lotus Connections application to IHS:
Note: This step instructs you to select webserver1. Ensure that you have
defined this Web server before you attempt to complete these steps. See
Defining IBM HTTP Server.
a. Select <application> → Manage Modules, where <application> is a Lotus
Connections application.
b. In the Clusters and Servers box, select both of the following servers:
Note: Use the Ctrl key to select more than one server at a time.
v <server_name>
where <server_name> is the name of the profile on which you installed
the application.
v webserver1
c. Select the check boxes for all the modules and then click Apply.
d. Review the Server details and ensure that both servers are listed there.
Click OK, and then click Save.
5. Specify a virtual host for the port from which each application can be
accessed. To specify a virtual host, complete the following steps:
Note: This step is required when you have installed multiple applications to a
single WebSphere Application Server profile.
a. From the WebSphere Application Server Integrated Solutions Console of
the server that hosts the profile, expand Environment, and then select
Virtual Hosts.
Chapter 1. Installing
149
b. Click default_host → Host Aliases, click New, and then add the following
values to the fields:
v Host Name – <application_name>
v Port – <port_number_for_application>
Refer to the serverindex.xml file stored in the node directory to discover
port assignments if you did not make a note of them during the
installation. For example, if you installed all applications to a single
profile, and Wikis was assigned the port number 9085, you would specify
the following values here:
v Host Name – wikis
v Port – 9085
c. Click OK, and then click Save.
d. Repeat these steps to add a virtual host for each application in the profile.
6. From the WebSphere Application Server Integrated Solutions Console, select
Servers → Web servers, select the check box beside the Web server
(webserver1), and then click Generate Plug-in.
7. Select the check box beside your web server again, and then click Propagate
Plug-in.
Note: If you have trouble propagating the plug-in on Linux, restart the IBM
HTTP Server using the following commands:
./adminctl start
./apachectl -k stop
./apachectl -k start
8. (Communities only) Select Environment → Update global Web Server plug-in
configuration, and then click OK to update the plug-in.
9. Stop and restart the Web server.
10. Restart the servers for Lotus Connections application by doing the following:
a. From the WebSphere Application Server Integrated Solutions Console,
select Applications → Enterprise Applications.
b. Select the check box beside each application that you want to restart.
c. Click Stop.
d. Select the same check boxes again, and then click Start.
11. Log out of the WebSphere Application Server Integrated Solutions Console.
12. Test the mappings: open a Web browser and try to access each of the
applications by specifying the Web address using the following syntax:
http://<hostname>/<application_name>
where <hostname> is the host name of the Web server to which you mapped
the application and <application_name> is the name of the application. Do not
specify the port number.
13. The Web address currently used to access the applications includes the port
numbers. Update the Web addresses by editing the LotusConnectionsconfig.xml file:
a. Stop WebSphere Application Server.
b. Check out the LotusConnections-config.xml file. For more information
about editing configuration files, see the Editing configuration files topic.
Open the LotusConnections-config.xml file from the following directory:
v AIX:
150
IBM Lotus Lotus Connections 2.5 Installation Guide
/usr/IBM/WebSphere/AppServer/profiles/<profile_name>/config/cells/
<cell_name>/LotusConnections-config
v Linux:
/opt/IBM/WebSphere/AppServer/profiles/<profile_name>/config/cells/
<cell_name>/LotusConnections-config
v Windows:
C:\IBM\WebSphere\AppServer\profiles\<profile_name>\config\cells\
<cell_name>\LotusConnections-config
c. Update the Web addresses specified in the href and ssl_href properties for
each application.
<sloc:serviceReference enabled="true"
serviceName="<application>" ssl_enabled="true">
<sloc:static href="http://<webserver>"
ssl_href="https://<webserver>">
<sloc:interService
href="https://<webserver>">
where <webserver> is the address of your IBM HTTP Server and
<application> is the name of a Lotus Connections application.
Note:
Each href attribute in the LotusConnections-config.xml file is
case-sensitive and must specify a fully-qualified domain name.
For example, to update the Web address for Activities, edit the file in the
following way:
<sloc:serviceReference enabled="true"
person_card_service_name_js_eval=
"generalrs.label_personcard_activitieslink"
person_card_service_url_pattern=
"/service/html/mainpage#dashboard%2Cmyactivities
%2Cuserid%3D{userid}%2Cname%3D{displayName}"
serviceName="activities"
ssl_enabled="true">
<sloc:href>
<sloc:hrefPathPrefix>/activities
</sloc:hrefPathPrefix>
<sloc:static href="http://<webserver>"
ssl_href="https://<webserver>">
<sloc:interService href="https://<webserver>">
</sloc:href>
</sloc:serviceReference>
Notes:
v If you plan to use a reverse proxy, the Web addresses defined in this file
must be updated to reflect the appropriate proxy server URLs. Go to the
Lotus Connections wiki for more information about deployment
scenarios, including how to configure a reverse proxy.
v If you installed each application to a separate profile, repeat this step for
each application. There is one LotusConnections-config.xml file
associated with each profile, so you must edit each of them.
d. Save and check in the LotusConnections-config.xml file.
14. Restart WebSphere Application Server and then log into each application to
make sure that the Web address links for the applications in the navigation
bar have been updated.
Chapter 1. Installing
151
Results
You should now be able to access each application without needing to specify a
port number.
Related tasks
“Configuring IBM HTTP Server for SSL” on page 141
Configure IBM HTTP Server to use the SSL protocol.
“Adding certificates to IBM HTTP Server” on page 143
Add signer certificates to an IBM HTTP Server plug-in for a stand-alone
deployment.
“Instructing Web browsers to cache content” on page 146
Configure IBM HTTP Server to cache static content such as images, style sheets,
and JavaScript code.
Lotus Connections wiki
Configuring an administrative user for Home Page and Blogs
Set up administrative access to each feature that you want to configure and
customize.
Before you begin
Perform this task only if you want to administer the Home page or if you have
installed Blogs.
About this task
Use the WebSphere Application Server Integrated Solutions Console to grant
yourself (and anyone else whom you want to designate as an administrator)
administrative access to a feature.
Without administrative access to Blogs, you cannot configure a home page for the
Blogs feature. Without administrative access to the Home page, you cannot add,
enable, or disable widgets. The administrator role is also useful for determining
who is allowed to read server metrics statistics.
To configure administrative access to a feature, complete the following steps:
Procedure
1. From the WebSphere Application Server Integrated Solutions Console, select
Applications → Enterprise Applications, and then find and click the link to
the feature that you want to configure.
2. Click the Security role to user/group mapping link.
3. To map a user to the administrative role, select the check box beside the
admin role, and then click the Look up users or groups button.
4. In the Search String box, type the name of the person whom you would like
to set as an administrator, and then click Search. If the user exists in the
LDAP directory, it is found and displayed in the Available list.
5. Select the name from the Available box, and then move it into the Selected
column by clicking the right arrow button.
6. Repeat Steps 4 and 5 to add more users to the administrative role.
7. Click OK.
8. To map a user to the administrative role for another feature, repeat steps 1–7.
152
IBM Lotus Lotus Connections 2.5 Installation Guide
9. From the Enterprise Applications → <feature> → Security role to user/group
mapping page, click OK, and then click Save to save the changes.
10. Synchronize and restart all your WebSphere Application Server instances.
Related tasks
“Configuring Blogs”
Configure the Blogs feature so that you and other users can create blogs.
Configuring Blogs
Configure the Blogs feature so that you and other users can create blogs.
Before you begin
You must configure an administrative user before you complete this procedure. For
more information, see the Configuring an administrative user topic.
About this task
Before you can start using the Blogs feature, you need to configure it.
To configure the Blogs feature, complete the following steps:
Procedure
1. Open a Web browser and go to the Blogs Web address that you specified for
the Blogs feature.
2. From the Welcome to Blogs page, click the New Blog Creation Page link and
then log in using the credentials of the Blog site administrator.
Note: You must be a user with administrative level access to the Blog site to
create a page.
3. Enter details about the Blog site's home page on the Create Blog form. Specify
the following information:
Name
Enter a name for the My Blog page. For example: home.
Description
Enter a description of the My Blog page.
Blog Tags
Enter a variety of tags for the My Blog page.
Handle
Enter a value to use as the keyword for the home page. For example,
home.
Theme
Choose homepage.
Note: This value must be changed from its default of blogs to
homepage to ensure that user blogs are visible on the Blogs site.
4. Click Create Blog.
5. From the My Blog tab, click Server administration to open the site
configuration settings document, and then enter the Handle value that you
specified in Step 3 in the Handle of blog to serve as frontpage blog field.
You can also provide values for the following site settings:
Chapter 1. Installing
153
v Site name – Enter a name for the blog site which is displayed on the home
page of the blog site.
v Short name – Enter a short name for the blog which is displayed in the blog
site banner.
v Site Description – Enter a description which is displayed below the site
name on the home page and is provided as the feed description.
For information about other configuration options, see the Administration
Guide.
6. Click Save.
Results
The Blogs feature with the default configuration is ready to be used.
When you click My Blog, the default Blog Site configuration is displayed. This is
what users see when they access the site. Initially, there are no Blog entries. After
users create Blogs and Blog entries, their entries are displayed on the Blogs Home
page. Click the Help link for information about how to post entries and create a
blog.
What to do next
Before you start using Blogs, you should edit the default e-mail address from
which system notifications are sent. If you do not edit this default e-mail address,
recipients might receive a delivery failure notification when they try to respond to
any automatic notifications. Specify a legitimate administrator e-mail address that
has access rights to send mail. For detailed instructions, see the Specifying an
administrator e-mail address for Blogs notifications topic in the Administration section
of the information center.
For information about other configuration options, and how to implement them,
refer to the Administration section.
Related tasks
Specifying an administrator e-mail address for Blogs notifications
Edit configuration property settings to change the administrator e-mail address for
notifications. This is the address used to send system notifications, such as
notifications sent to users who have posted inappropriate content.
“Configuring an administrative user for Home Page and Blogs” on page 152
Set up administrative access to each feature that you want to configure and
customize.
Related information
“Installing in silent mode” on page 124
Use a silent installation to perform an identical installation on multiple systems.
Scheduling Activities jobs
Configure Activities to run a subset of jobs on a dedicated node.
Before you begin
This procedure is required whether you are installing Activities in a network or
stand-alone deployment.
To edit configuration files, you must use the wsadmin client. See Starting the
wsadmin client for details.
154
IBM Lotus Lotus Connections 2.5 Installation Guide
About this task
Activities uses the open source Quartz scheduler. The following jobs must be
scheduled to run on a dedicated node; otherwise Quartz will lose the JDBC
connection to the database when it attempts to run them:
v AutoComplete
v DatabaseRuntimeStats
v TrashAutoPurge
For more information about the Quartz scheduler, go to the following external Web
site:
http://www.opensymphony.com/quartz
To schedule Activities jobs to run on a dedicated node, complete the following
steps:
Procedure
1. Use the wsadmin client to access and check out the Activities configuration
files.
a. Use one of the following commands to access the Activities configuration
file:
v Stand-alone deployment:
execfile("activitiesAdmin.py")
v Network deployment:
execfile("profile_root/config/bin_lc_admin/activitiesAdmin.py")
If you are prompted to specify which server to connect to, enter the number
associated with the server representing the node that you want to change.
For example, in a cluster with two nodes, the following information might
be displayed:
1: WebSphere:cell=tdilx104Cell01,name=ActivityService,node=tdilx103,
process=server1
2: WebSphere:cell=tdilx104Cell01,name=ActivityService,node=tdilx104Node01,
process=server1
Which service do you want to connect to?
If you want to make the change to the tdilx103 node, enter 1.
b. Check out the Activities configuration files using the following command:
ActivitiesConfigService.checkOutConfig("/<working_directory>",
"<cell_name>")
where:
v /<working_directory> is the temporary working directory to which the
configuration XML and XSD files are copied. The files are kept in this
working directory while you make changes to them.
v <cell_name> is the name of the WebSphere Application Server cell hosting
the Lotus Connections application. This argument is required even in
stand-alone deployments. This argument is also case-sensitive. If you do
not know the cell name, you can determine it by typing the following
command while in the wsadmin command processor:
print AdminControl.getCell()
For example:
ActivitiesConfigService.checkOutConfig("/temp", "foo01Cell01")
Chapter 1. Installing
155
2. Open the oa-jobs.xml file in a text editor, and then specify a specific server on
which to run each job in the following elements:
v AutoComplete
v DatabaseRuntimeStats
v TrashAutoPurge
Use the syntax <cell_name>\<node_name>\<server_name> to specify the
dedicated node on which you want the job to run. For example:
MyServerNode01Cell\MyServerNode01\server1
3. Clear any existing jobs from memory and from the database by entering the
following command:
Scheduler.purgeJobs("cluster")
4. Disable the cluster scheduler by running the following command:
ActivitiesConfigService.updateConfig("clusterScheduler.enabled","false")
5. After making changes, you must check the file back in, and you must do so
during the same wsadmin session in which you checked it out for the changes
to take effect. Check in the changed configuration properties by entering the
following wsadmin client command:
ActivitiesConfigService.checkInConfig()
6. To exit the wsadmin client, enter exit at the prompt.
7. Network deployment only: Synchronize your changes to the other nodes of the
cluster.
8. Stop and restart the server or servers hosting the Activities application.
Mandatory tasks for a network deployment
Complete the following post-installation tasks.
Configuring shared message stores for buses
Configure shared message stores for buses to make the message store available to
all nodes in a cluster.
Before you begin
Make a note of which IBM Lotus Connections features are deployed to the cluster
that you going to configure.
About this task
In a network deployment environment with multiple nodes, the Service Integration
Bus used by Lotus Connections requires the file-based message store to be
available to all nodes in a cluster. In practice, this means that the message store
must be a network-mounted share. For more information about store topologies,
go to the WebSphere Application Server information center.
When more than one node is a member of a cluster, the message store must be
available to all nodes in the cluster at the same physical location. You can
accomplish this by mounting a network share at the physical location.
Notes:
v Alternatively, you can change the location of the message stores to another
directory or file system. For more information about changing the location of the
message stores, see the Changing the location of message stores topic.
156
IBM Lotus Lotus Connections 2.5 Installation Guide
v By default, in a Network Deployment installation, the Lotus Connections
installation wizard creates a message store for each defined cluster in the
following directories:
– AIX or Linux: /opt/IBM/LotusConnections/messagestore/<cluster_name>
– Windows: C:\Program Files\IBM\LotusConnections\messagestore\
<cluster_name>
The <cluster_name> directory contains a log and store directory. When all servers
are stopped, you can delete the existing log and store directories. You can also
delete any existing message store directory provided that the directory that you
mount has the same structure with the same <cluster_name> subdirectories. The
subdirectories will be created the next time the servers start.
To convert the existing message store directory to a shared directory, complete the
following steps:
Procedure
1. Stop all WebSphere Application Server processes.
2. Delete the existing message store directory on each node. For example:
/opt/IBM/LotusConnections/messagestore.
3. Create a network directory or SAN space to store the message store. Each
cluster requires 500 MB of disk space.
4. Mount the network share or SAN space on each node. For example: mount the
share or space on /opt/IBM/LotusConnections/messagestore.
5. Ensure that the operating system user who runs the WebSphere Application
Server processes has read and write access to the mounted directory.
6. Create a directory under the message store directory for each cluster. The name
of the directory should match the name of the cluster.
Related tasks
“Converting data directories manually” on page 122
If the paths to your Lotus Connections data directories use local directories instead
of network shares, convert the paths by updating the WebSphere Variables
environment variables on your system.
“Adding subsequent nodes to a cluster” on page 116
Add more nodes to an existing cluster.
“Installing the first node of a cluster” on page 105
Install the first node of a network deployment of Lotus Connections.
Changing the location of message stores:
Change the location of message stores to another directory or file system.
Before you begin
Make a note of which IBM Lotus Connections features are deployed to the cluster
that you going to configure.
About this task
When more than one node is a member of a cluster, the message store must be
available to all nodes in the cluster at the same physical location. You can
accomplish this by changing the location of the message stores to another directory
or file system.
Chapter 1. Installing
157
Notes:
v Alternatively, you can mount a network share at a physical location. For more
information about mounting a network share at a physical location, see the
Configuring shared message stores for buses topic.
v You do not need to define the message store of each cluster in the same physical
location.
To change the location of message stores, complete the following steps:
Procedure
1. Delete the bus member that is defined for the cluster.
a. Stop all cluster processes.
b. From the WebSphere Application Server Integrated Solutions Console,
select Service Integration → Buses → ConnectionsBus → Bus Members.
c. Select the bus member to delete and click Remove.
2. Add the new cluster bus member.
a. From the WebSphere Application Server Integrated Solutions Console,
select Service Integration → Buses → ConnectionsBus → Bus Members.
b. Click Add. In the first step of the wizard, select Cluster and then select the
cluster name that you removed in Step 1c. Click Next.
c. The File Store message store type is selected by default. Click Next.
3. Provide the message store properties.
a. Enter the Log directory path. For example: If the message store share is
located at /mnt/messagestore/clusterB, then the value of this field
is/mnt/messagestore/clusterB/log.
b. Enter the Permanent store directory path. For example: If the message
store share is located at /mnt/messagestore/clusterB, then the value of
this field is/mnt/messagestore/clusterB/store.
c. Ensure that the Same settings for permanent and temporary stores setting
is selected.
4. Click Next.
5. Review your changes. When you are satisfied that the settings are correct,
click Finish.
6. Add destinations for the new bus member. For each Lotus Connections
feature, complete the following substeps for each destination. Refer to the
following table for examples.
a. From the WebSphere Application Server Integrated Solutions Console,
select Service Integration → Buses → ConnectionsBus → Destinations and
then click New.
b. The Queue option is selected by default. Click Next.
c. Enter a destination name in the Identifier field. For example:
connections.blogs.events.outbound. Click Next.
d. Select the Bus Member that you created earlier and then click Next.
e. Click Finish.
f. Select the destination that you created.
g. On the Details page, enter the value from the Default forward routing path
column in the Default forward routing path field. For example:
ConnectionsBus:connections.news.events.inbound. Click OK.
158
IBM Lotus Lotus Connections 2.5 Installation Guide
Note: Carriage returns have been added to some table entries to improve
readability.
Table 33. Destination settings
Feature
Destination Destination name
type
Default forward routing path
Activities
Outbound
connections.activities.events
.outbound
ConnectionsBus:connections.news.events.inbound
Blogs
Outbound
connections.blogs.events.outbound
ConnectionsBus:connections.news.events.inbound
Outbound
connections.communities.events
.outbound
ConnectionsBus:connections.news.events.inbound
Inbound
connections.communities.events
.inbound
None
Dogear
Outbound
connections.dogear.events.outbound
ConnectionsBus:connections.news.events.inbound
Files
Outbound
connections.files.events.outbound
ConnectionsBus:connections.news.events.inbound
Outbound
connections.homepage.events
.outbound
ConnectionsBus:connections.news.events.inbound
Inbound
connections.homepage.events
.inbound
None
Communities
Home page
Communities connections.news.events.outbound
Outbound
.communities
ConnectionsBus:connections.communities.events
.inbound
Home page
Outbound
connections.news.events.outbound
.homepage
ConnectionsBus:connections.homepage.events
.inbound
Inbound
connections.news.events.inbound
None
Profiles
Outbound
connections.profiles.events.outbound
ConnectionsBus:connections.news.events.inbound
Wikis
Outbound
connections.wikis.events.outbound
ConnectionsBus:connections.news.events.inbound
News
7. Optional: If there are more destinations for this cluster, repeat this step for
each destination.
8. Click Save.
9. Perform a full synchronization of each node.
10. Restart the cluster.
Results
Check the SystemOut.log file for startup messages. For example:
SibMessage
I
[ConnectionsBus:clusterA.000-ConnectionsBus] CWSIS1585I:
The file store is attempting to start its permanent store
(/local/IBM/LotusConnections/messagestore2/clusterA/store/PermanentStore)
and temporary store (/local/IBM/LotusConnections/messagestore2/clusterA/store
/TemporaryStore).
SibMessage
I
[ConnectionsBus:clusterA.000-ConnectionsBus] CWSIS1588I:
The file store has started successfully.
What to do next
Repeat this task for each cluster in your deployment.
Reconfiguring the Search default configuration
Reconfigure the default configuration of the Search feature to facilitate optimal
workload management of nodes in a cluster and to ensure correct failover of the
Search feature.
Chapter 1. Installing
159
Before you begin
Perform this task only if you have installed a network deployment of Lotus
Connections.
About this task
In a clustered environment, Lotus Connections uses WebSphere workload
management capabilities to achieve high availability of resources. The clusterName,
bootstrapHost, and bootstrapPort settings determine the node where the Search
feature is running. In Lotus Connections 2.5, you need to manually reconfigure
these settings after installation.
Specifically, you must edit the values for bootstrapHost, booststrapPort, and
clusterName attributes in the serviceReference element for the Search feature in the
LotusConnections-config.xml file.
To reconfigure the default configuration settings, complete the following steps:
Procedure
1. Start the wsadmin tool and use the following command to access the
LotusConnections-config.xmlfile:
execfile("<WAS_HOME>/profiles/<DMGR>/config/bin_lc_admin/
connectionsConfig.py")
where
v <WAS_HOME> is the location of your WebSphere Application Server
Network Deployment installation.
v <DMGR> is the name of the IBM WebSphere Application Server Deployment
Manager for the cell.
2. Check out the LotusConnections-config.xml file using the following command:
LCConfigService.checkOutConfig("/<working_directory>", "<cell_name>")
where
v <working_directory> is the temporary working directory to which the
configuration file is copied. The file is kept in this working directory while
you edit it.
v <cell_name> is the name of the IBM WebSphere Application Server cell
hosting the Search feature of Lotus Connections. This argument is case
sensitive. If you do not know the cell name, type the following command in
the wsadmin command processor:
print AdminControl.getCell()
For example:LCConfigService.checkOutConfig("/temp","foo01Cell01")
3. Open the LotusConnections-config.xmlfile in a text editor and perform the
following edits in the serviceReference element for the Search feature:
Note: The serviceReference element for the Search feature contains the
following text:
serviceName="search"
a. Change the bootstrapHost setting to a null value:
bootstrapHost=""
b. Change the bootstrapPort setting to a null value:
bootstrapPort=""
160
IBM Lotus Lotus Connections 2.5 Installation Guide
c. If necessary, change the clusterName setting to match the name of your
Search cluster:
clusterName="<searchCluster>"
where <searchCluster> is the name of the cluster where the Search feature is
installed.
Note: Do not change any other bootstrap attributes. The News and Home page
features also have bootstrapPort and bootstrapHost attributes but you must not
change their values.
4. Save and close the LotusConnections-config.xml file.
5. Check in the LotusConnections-config.xml file using the following
command:LCConfigService.checkInConfig()
6. Enter the following command to deploy the changes: synchAllNodes()
7. Stop and restart the WebSphere Application Server instance hosting Lotus
Connections.
Related concepts
Administering search
In IBM Lotus Connections 2.5, the search capability provides a point for
performing full text and tag searches across all the deployed Lotus Connections
features. Search is a required application for all Lotus Connections features, and it
must be running to prevent unexpected behaviors in the other features.
Mandatory tasks for Microsoft Windows in a network deployment
Complete the following post-installation tasks.
Accessing Windows network shares:
Log into network shares in an IBM Lotus Connections deployment on the
Microsoft Windows operating system with a user account instead of a system
account.
Before you begin
This task applies only to deployments of Lotus Connections environments where
the data is located on network file shares, and where you have installed
WebSphere Application Server on Microsoft Windows and configured it to run as a
service.
About this task
When WebSphere Application Server runs as a Windows service, it uses the local
system account to log in with null credentials. When WebSphere Application
Server tries to access a Lotus Connections network share using Universal Naming
Convention (UNC) mapping, the access request fails because the content share is
accessible only to valid user IDs.
Note: When using a Windows service to start WebSphere Application Server, you
must use UNC mapping; you cannot use drive letters to reference network shares.
To resolve this problem, configure the WebSphere Application Server service login
attribute to log in with a user account that is authorized to access the content
share.
Chapter 1. Installing
161
To configure the WebSphere Application Server service, complete the following
steps:
Procedure
1. Click Start → Control Panel and select Administrative Tools → Services.
2. Open the service for the first node in the list of WebSphere Application Server
services.
3. Click the Log On tab and select This account.
4. Enter a user account name or click Browse to search for a user account.
5. Enter the account password, and then confirm the password.
6. Click OK to save your changes and click OK again to return to the Services
window.
7. Stop and restart the service.
8. Repeat steps 3-7 for each node.
What to do next
Your corporate password policy might require that you change this login attribute
periodically. If so, remember to update the service configuration. Otherwise, your
access to network shares might fail again.
Mandatory tasks for an advanced stand-alone deployment
Complete the following post-installation tasks.
Linking buses manually for non-federated servers
Link buses between non-federated application servers to allow the news repository
to collect messages from the other features
Before you begin
This task is only necessary if you selected the Advanced stand-alone option to
install IBM Lotus Connections on multiple server instances using WebSphere
Application Server Base, or on multiple server instances in a non-federated
WebSphere Application Server Network Deployment environment, or a
combination of the two.
About this task
In a single server or network deployment, all installed features are deployed onto
the same bus and the news repository can collect event messages from them.
However, in an advanced stand-alone deployment on non-federated multiple
server instances, each server has its own bus. After installation, you need to
manually link the news repository bus and these buses so that messages can pass
between them.
The Lotus Connections installation wizard creates a bus on each application server.
Each bus contains:
v The SiBus destination resources for the installed features
v The JMS resources, including Queues, Queue Connection Factories, and
Activation Specifications, for the installed features
To propagate these events to the news repository server, you must define a link
between the bus for each feature and the bus for the news repository.
162
IBM Lotus Lotus Connections 2.5 Installation Guide
Note: Apart from the news repository, you do not need to link the buses for
features to each other.
Related concepts
“Stand-alone deployment” on page 9
A stand-alone deployment is an installation of one or more Lotus Connections
features. Use this small-scale production deployment for deployment to
workgroups and small businesses.
Preparing to create bus links:
Collect data about your servers before creating the bus links.
About this task
To create bus links between servers, you first need to record information about the
servers.
To prepare to create bus links, complete the following steps:
Procedure
1. Record the user ID and password that is used in the connectionsAdmin
authentication alias for bus communication. You selected this ID and password
during the installation process.
2. Collect the details of the server and the bus that host the News repository (you
will need this information later when you are creating the bus links):
Table 34. Server and bus data
Data
Description
Comment
Server
Name of the WebSphere
Application Server hosting
the feature; for example, for
the News repository:
NewsServer; for other
features: ActivitiesServer
You can find this name in the WebSphere
Application Server Integrated Solutions
Console under Servers → Application
Servers.
Host name
The fully qualified host name To obtain the host name, run an IP checking
of the system that hosts the
utility on your system.
server; for example:
server.example.com
Bus name
You can find this name in the WebSphere
The name of the Service
Application Server Integrated Solutions
Integration Bus created for
this server by the Lotus
Console under Service Integration → Buses.
Connections installation
wizard; for example:
Connections_NewsServer_Bus.
SIB secure
endpoint port
The port number on which
the SIB service listens for
secure connection requests;
for example: 7286.
You can find this name in the WebSphere
Application Server Integrated Solutions
Console under Servers → Application
Servers; from there, navigate to
<server_name> → Communications → Ports
→ SIB_ENDPOINT_SECURE_ADDRESS
Messaging
engine
The name of the messaging
engine for this server; for
example:
home1Node01.NewsServerConnections_NewsServer_Bus
You can find this name in the WebSphere
Application Server Integrated Solutions
Console under Service Integration → Buses
→ <bus_name> → Messaging engines. You
should see only one engine defined here.
Chapter 1. Installing
163
3. Using the above table as a reference, collect the details of the server and the
bus that host the other features. You will need this information later when you
are creating the bus links.
4. Exchange SSL certificates between each server.
Note: If the servers are managed by different WebSphere Application Server
profiles, on the same machine or different machines, then you must exchange
SSL certificates between each server and the server hosting the News
Repository. You do not need to do this for servers that are managed by the
same WebSphere Application Server profile because they share the same SSL
settings.
Linking buses on different servers:
For each server containing features other than the news repository, you need to
create a link between that server and the server hosting the news repository.
About this task
To create a link between buses on two different servers, complete the following
tasks for each server:
Related tasks
“Installing IBM WebSphere Application Server” on page 36
Install WebSphere Application Server Network Deployment.
Defining a foreign bus on a feature server:
Create a foreign bus from each of the feature servers to the news repository server.
This bus represents the physical bus for the news repository.
Before you begin
You can follow the steps listed below to create a foreign bus using the WebSphere
Application Server Integrated Solutions Console. Alternatively, you can use the
wsadmin tool. For more information on creating a foreign bus using the wsadmin
tool, go to the following Web page: http://publib.boulder.ibm.com/infocenter/
wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.pmc.doc/ref/
rjj_fbus_create.html
About this task
Defining a foreign bus on each feature server allows the feature bus to address
destinations on the news repository bus.
Important: When defining a foreign bus, you must give it the same name as the
target bus that it represents.
To define a foreign bus on one of the feature servers, complete the following steps:
Procedure
1. Log in to the WebSphere Application Server Integrated Solutions Console for
the server on which you are going to define the foreign bus.
2. Select Service Integration → Buses.
164
IBM Lotus Lotus Connections 2.5 Installation Guide
3.
4.
5.
6.
7.
8.
9.
10.
11.
Select the bus defined for the feature server.
In the content pane under Topology, click Foreign Buses.
Click New.
Enter the name of the foreign bus. This name must match the name of the bus
used by the news repository that you recorded in the Preparing to create bus
links topic.
Leave the remaining options unchanged and click Next.
Click Next again.
Enter the user ID for the connectionsAdmin alias in the Inbound user ID and
Outbound user ID fields and then click Next.
Click Finish.
Save your changes to the master configuration.
Related tasks
“Preparing to create bus links” on page 163
Collect data about your servers before creating the bus links.
Defining a foreign bus on the News repository server:
Create a foreign bus from the News repository server to each of the feature servers.
This bus represents the physical bus for each feature server.
Before you begin
You can follow the steps below to create a foreign bus using the WebSphere
Application Server Integrated Solutions Console. Alternatively, you can use the
wsadmin tool. For more information on creating a foreign bus using the wsadmin
tool, go to the Creating a foreign bus using the wsadmin tool Web page.
About this task
Defining a foreign bus from the News repository server to a feature server allows
the News repository bus to address destinations on the feature bus.
Important: When defining a foreign bus, you must give it the same name as the
target bus that it represents.
To define a foreign bus on one of the News repository server, complete the
following steps:
Procedure
1. Log in to the WebSphere Application Server Integrated Solutions Console for
the News repository server.
2. Select Service Integration → Buses, and then select the bus that corresponds to
the server hosting the News service.
3. Select the bus defined for the News repository server.
4. In the content pane under Topology, click Foreign Buses.
5. Click New.
6. Enter the name of the foreign bus. This name must match the name of the bus
used by the feature server that you defined in the Preparing to create bus links
topic.
7. Leave the remaining options unchanged and click Next.
8. Click Next again.
Chapter 1. Installing
165
9. Enter user ID defined for the connectionsAdmin alias in the Inbound user ID
and Outbound user ID fields and click Next.
10. Click Finish.
11. Save your changes to the master configuration.
Related tasks
“Preparing to create bus links” on page 163
Collect data about your servers before creating the bus links.
Defining a SIBus link on a feature server:
After defining the foreign buses, you need to create the SIBus link that handles the
communication between the buses. This needs to be completed on both sides – the
News repository server side and the feature server side. Start by creating the link
on the feature server.
About this task
To create a SIBus link on a feature server, complete the following steps:
Procedure
1. Log in to the WebSphere Application Server Integrated Solutions Console for
the server on which you are going to define the SIBus link.
2. Select Service Integration → Buses, and then select the bus that corresponds to
the server hosting the feature.
3. In the content pane under Topology, click Messaging Engines.
4. Select the messaging engine. There should be only one messaging engine
listed.
5. Under Additional Properties, click Service integration bus links.
6. Click New.
7. Enter a unique name for the link. Define it as the name of the feature and
News repository servers using the following format:
<feature_server>_<news_server>_link
For example:
ActivitiesServer_NewsServer_link
8. Select the name of the foreign bus representing the News repository server
from the Foreign bus name drop-down list. For example:
Connections_NewsServer_Bus.
9. Enter the name of the messaging engine on the News repository server that
you recorded in the Preparing to create bus links topic.
10. Enter InboundSecureMessaging in the Target inbound transport chain field.
11. In the Bootstrap endpoints field, specify the following:
<hostname>:<SIB endpoint port>:BootstrapSecureMessaging
where <hostname> and <SIB endpoint port> are the values for the news
repository server that you recorded in the Preparing to create bus links topic.
For example:
server.example.com:7286:BootstrapSecureMessaging
12. Under Authentication Alias, select connectionsAdmin.
13. Click OK.
14. Save your changes to the master configuration.
166
IBM Lotus Lotus Connections 2.5 Installation Guide
Related tasks
“Preparing to create bus links” on page 163
Collect data about your servers before creating the bus links.
Defining a SIBus link on the News repository server:
After creating the SIBus link on the feature server side, create a corresponding
SIBus link on the News repository server. The link must have the same name on
both sides.
About this task
To create a SIBus link on the News repository server, complete the following steps:
Procedure
1. Log in to the WebSphere Application Server Integrated Solutions Console for
the server hosting the News repository.
2. Select Service Integration → Buses.
3. In the content pane under Topology, click Messaging Engines.
4. Select the messaging engine. There should be only one messaging engine
listed.
5. Under Additional Properties, click Service integration bus links.
6. Click New.
7. Enter a name for the link.
Important: The name must be the same name that you entered when defining
the SIBus link on the feature server.
8. Select the name of the foreign bus representing the feature server from the
Foreign bus name drop-down list. For example,
Connections_ActivitiesServer_Bus.
9. Enter the name of the messaging engine on the feature server that you
recorded in the Preparing to create bus links topic.
10. Enter InboundSecureMessaging in the Target inbound transport chain field.
11. In the Bootstrap endpoints field, specify the following values:
<hostname>:<SIB endpoint port>:BootstrapSecureMessaging
where <hostname> and <SIB endpoint port> are the values for the feature server
that you recorded in the Preparing to create bus links topic.
For example:
server.example.com:7288:BootstrapSecureMessaging
12. Under Authentication Alias, select connectionsAdmin.
13. Click OK.
14. Save your changes to the master configuration.
Related tasks
“Preparing to create bus links” on page 163
Collect data about your servers before creating the bus links.
Validating SIBus links:
After defining the SIBus link on the feature server and the News repository,
validate the link.
Chapter 1. Installing
167
About this task
You can validate an SIBus link by stopping and restarting the servers and then
checking the log files for confirmation, or you can use the WebSphere Application
Server Integrated Solutions Console.
Note: If you choose to use the administrative console, you can only view the
runtime status of objects through the console for that particular server. If you are
using WebSphere Application Server Base and multiple server instances, then you
need to log into each administrative console to validate.
Procedure
To validate an SIBus link, do one of the following:
v Stop and start both of the application servers, the feature server and the News
repository server. When the link is successfully defined and started, the
following log messages are displayed in the SystemOut.log file on each server:
[25/02/09 22:18:18:281 GMT] 00000026 SibMessage
[25/02/09 22:18:30:359 GMT] 0000002a SibMessage
I
I
[:] CWSIT0032I: The inter-bus connection CoreServer_server1_link from messaging engine homedev3
[Connections_server1_Bus:homedev3Node01.server1-Connections_server1_Bus] CWSIP0382I: Messaging
v To use the WebSphere Application Server Integrated Solutions Console:
1. Log into the console for one of the servers participating in the link.
2.
3.
4.
5.
6.
Select Service Integration → Buses
In the content pane under Topology, click Messaging Engines.
Select the named messaging engine. Only one just be listed.
Under Additional Properties, click Service integration bus links.
Check that the SIBus link is displayed and that its state displays as started.
If the link is in a starting or unavailable state, this means that the server has not
successfully initiated the link. This result might indicate one of the following:
– One of the servers is not started. The link is reattempted after an interval and
should establish once both servers are started.
– The configuration is incorrect. This is the most likely cause of the link being
in a starting or unavailable state. Check and recheck the configuration of the
foreign bus and SIBus links on both servers, paying attention to the following:
- Foreign Bus names. Ensure that the foreign bus name matches the exact
name of the bus on the other server.
- SIBus Link name. Check that this is the same on both ends.
- SIBus Link settings. Make sure that the settings are correct, especially that
the bootstrap endpoint definition is using the correct host name and port.
- A communication error occurred. This problem is likely to have occurred
because SSL certificates have not been exchanged between the two servers
if they are not in the same WebSphere Application Server profile.
What to do next
If you encounter problems with the foreign bus, see Chapter 24, Foreign bus problem
determination, in the WebSphere Application Server V6.1: JMS Problem
Determination IBM Redpaper.
Configuring authorization for foreign bus connections:
Configure authorization for foreign bus connections to enable buses to forward
messages to foreign buses. You must perform this task using the wsadmin client.
168
IBM Lotus Lotus Connections 2.5 Installation Guide
Before you begin
To configure authorization for foreign bus connections, you must use the
WebSphere Application Server wsadmin client. See Starting the wsadmin client for
details.
About this task
You can authorize foreign bus connections by running the
addUserToForeignBusRole command in the wsadmin client. The command needs
to be run on both servers involved in the link.
Note: You must take care to connect to the correct server when running the
command.
To configure authorization for foreign bus connections:
Procedure
1. Run the following command on the feature server that has a foreign bus
defined for the news repository server:
AdminTask.addUserToForeignBusRole(’[-bus <busName>
-foreignBus <foreignBusName> -role <roleName>
-user <userName>]’)
The command takes the following parameters:
Table 35. Parameters for the addUserToForeignBusRole command
Parameter
Description
- bus
The name of the bus on the server.
- foreign bus
The name of the foreign bus.
- role
This is always set to Sender.
- user
The user name defined in step 1 of the topic,
Preparing to create bus links.
For example:
AdminTask.addUserToForeignBusRole(’[-bus Connections_ActivitiesServer_Bus -foreignBus Connections_NewsServer_Bus -role Sender -user [email protected]
AdminConfig.save()
2. Using the wsadmin tool, connect to the server hosting the news repository and
run the command from step 1.
For example:
AdminTask.addUserToForeignBusRole(’[-bus Connections_NewsServer_Bus -foreignBus Connections_ActivitiesServer_Bus -role Sender -user [email protected]
AdminConfig.save()
What to do next
Repeat the steps above for every feature server in your configuration to link it to
the server hosting the news repository.
Configuring default forward routing paths:
Configure the default forward routing paths for the bus destinations used by IBM
Lotus Connections.
Chapter 1. Installing
169
Before you begin
Ensure that you have defined all of the bus links. To view the defined destinations
for each bus, do the following:
1. Log in to the WebSphere Application Server Integrated Solutions Console for
each server.
2. Select Service Integration → Buses.
3. Select a bus to view the destinations associated with it.
4. Click Destinations in the Destination resources area.
About this task
The forward routing path routes a message from a destination on one bus to
another destination, in this instance, on the foreign bus. To configure default
forward routing paths, map the destinations that are deployed for each bus.
To configure default forward routing paths, complete the following steps:
Procedure
1. Log in to the WebSphere Application Server Integrated Solutions Console for
each server.
2. Select Service Integration → Buses.
3. Select the bus that you want to configure.
4. Click Destinations in the Destination resources area.
5. Click the name of one of the destinations in the Identifier column. For
example, connections.communities.events.outbound.
6. Scroll down to the bottom of the destination properties page and edit the
contents of the Default forward routing path field by replacing the existing
entry with the details of the mapping between the forward routing bus and the
forward routing destination that you recorded in the bus destination mapping
table. Use the following format:
<Forward_Routing_Bus_Name>:<Forward_Routing_Destination_Name>
For example:
Connections_NewsServer_Bus:connections.news.events.inbound
7. Click OK.
8. Repeat steps 5-7 for each destination in the Destination resources area.
9. Click Save.
Example
For an example of mappings from outbound destinations to inbound destinations,
see the Sample bus destination mapping table topic.
Sample bus destination mapping table:
Refer to a table with sample mappings from outbound destinations to inbound
destinations.
In this sample mapping table, each IBM Lotus Connections service has its own
server and bus named Connections_<Server>_Bus.
170
IBM Lotus Lotus Connections 2.5 Installation Guide
Table 36. Source bus and forward routing bus destination mappings
Source destination
Forward routing destination
Source bus
Forward routing bus
connections.activities
.events.outbound
connections.news.events
.inbound
Connections_Activities
Server_Bus
Connections_News
Server_Bus
connections.blogs
.events.outbound
connections.news.events
.inbound
Connections_Blogs
Server_Bus
Connections_News
Server_Bus
connections.communities
.events.outbound
connections.news.events
.inbound
Connections_Communities
Server_Bus
Connections_News
Server_Bus
connections.dogear
.events.outbound
connections.news.events
.inbound
Connections_Dogear
Server_Bus
Connections_News
Server_Bus
connections.files.events
.outbound
connections.news.events
.inbound
Connections_Files
Server_Bus
Connections_News
Server_Bus
connections.homepage
.events.outbound
connections.news.events
.inbound
Connections_Homepage
Server_Bus
Connections_News
Server_Bus
connections.news.events
.outbound.communities
connections.communities
.events.inbound
Connections_News
Server_Bus
Connections_Communities
Server_Bus
connections.news.events
.outbound.homepage
connections.homepage
.events.inbound
Connections_News
Server_Bus
Connections_Homepage
Server_Bus
connections.profiles.events
.outbound
connections.news.events
.inbound
Connections_Profiles
Server_Bus
Connections_News
Server_Bus
connections.wikis.events
.outbound
connections.news.events
.inbound
Connections_Wikis
Server_Bus
Connections_Wikis
Server_Bus
Optional tasks for all deployments
Complete the following post-installation tasks.
Testing a database connection
After installing Lotus Connections, test each feature's connection to the database to
ensure that is working correctly.
Before you begin
The installation wizard automatically tests each connection. Use this procedure if
you want to manually test the connection to a database.
Note: You can use the SQL Server JDBC driver in both the app_server_root/lib
directory and the driver downloaded from Microsoft, but the installation wizard
checks the connection for the Microsoft JDBC driver only. If you are using the
bundled driver, use this topic to manually test the connection.
About this task
To test a database connection, complete the following steps:
Procedure
1. From the main page of the Integrated Solutions Console, select Resources →
JDBC → Data sources.
2. Select the check box beside the feature whose data source you want to test. The
data sources are named as follows:
v Activities: activities
v Blogs: blogs
v Communities: communities
v Dogear: dogear
Chapter 1. Installing
171
v
v
v
v
v
Files: files
Homepage: homepage
News: news
Profiles: profiles
Search: search
v Wikis: wikis
3. Click Test connection.
4. If the connection fails, make sure the JAAS Auth alias information is correct.
a. Click a data source to review its settings.
b. Click JAAS - J2C authentication data and then click the JAAS entry for the
feature. The JAAS entries are named as follows:
v Activities: activitiesJAASAuth
v Blogs: blogsJAASAuth
v Communities: communitiesJAASAuth
v Dogear: dogearJAASAuth
v Files: filesJAASAuth
v
v
v
v
v
Homepage: homepageJAASAuth
News: newsJAASAuth
Profiles: profilesJAASAuth
Search: searchJAASAuth
Wikis: wikisJAASAuth
c. Make sure that the ID in the user ID field is the same User ID that you
provided during installation when you were asked to specify a user ID for
the database connector.
The user ID should be one of the following:
Table 37. Default user ID for Lotus Connections databases
Feature
DB2 database
DB2
User ID
Oracle
Oracle User ID
database
SQL Server
database
SQL Server User
ID
Activities
OPNACT
lcuser
ORCL
ACTIVITIES
OPNACT
OAUSER
Blogs
BLOGS
lcuser
ORCL
BLOGS
BLOGS
BLOGSUSER
Communities
SNCOMM
lcuser
ORCL
SNCOMMUSER
SNCOMM
SNCOMMUSER
Dogear
DOGEAR
lcuser
ORCL
DOGEARUSER
DOGEAR
DOGEARUSER
Files
FILES
lcuser
ORCL
FILESUSER
FILES
FILESUSER
Homepage
HOMEPAGE
lcuser
ORCL
HOMEPAGE
HOMEPAGE
HOMEPAGEUSER
News
HOMEPAGE
lcuser
ORCL
HOMEPAGE
HOMEPAGE
HOMEPAGEUSER
Profiles
PEOPLEDB
lcuser
ORCL
PROFUSER
PEOPLEDB
PROFUSER
Search
HOMEPAGE
lcuser
ORCL
HOMEPAGE
HOMEPAGE
HOMEPAGEUSER
Wikis
WIKIS
lcuser
ORCL
WIKISUSER
WIKIS
WIKISUSER
Consider reentering the password to make sure that the value that you
specified is correct.
d. After applying any changes, click OK. Return to the data source properties
page, and then click Test connection.
5. If the connection fails again, make sure the JDBC driver library location
information is getting picked up by WebSphere Application Server.
172
IBM Lotus Lotus Connections 2.5 Installation Guide
a. From the Integrated Solution Console navigation bar, expand Environment,
and then click WebSphere Variables.
b. Scroll down the list to find the database location variable. The variables are
named as follows:
v Activities: ACTIVITIES_JDBC_DRIVER_HOME
v Blogs: BLOGS_JDBC_DRIVER_HOME
v Communities: COMMUNITIES_JDBC_DRIVER_HOME
v Dogear: DOGEAR_JDBC_DRIVER_HOME
v Files: FILES_JDBC_DRIVER_HOME
v Homepage: HOMEPAGE_JDBC_DRIVER_HOME
v News: NEWS_JDBC_DRIVER_HOME
v Profiles: PROFILES_JDBC_DRIVER_HOME
v Search: SEARCH_JDBC_DRIVER_HOME
v Search: WIKIS_JDBC_DRIVER_HOME
c. Make sure that the corresponding file path in the Value column is the same
file path that you specified in the JDBC driver library field when you ran
the installation wizard. For example:
C:\IBM\DB2\SQLLIB\java
If the file path is incorrect, click the variable name and edit the file path in
the Value field.
d. Select JDBC → Data sources to return to the data source. Select the check
box next to the data source, and then click Test connection.
Related tasks
“Installing the first node of a cluster” on page 105
Install the first node of a network deployment of Lotus Connections.
Configuring a reverse caching proxy
Configure a reverse proxy that directs all traffic to your Lotus Connections
deployment to a single server.
Before you begin
This is an optional configuration. It is recommended for optimal performance,
especially if users will be accessing Lotus Connections from a wide area network
(WAN).
Ensure that you have installed IBM WebSphere Edge Components v6.1, which is
supplied with WebSphere Application Server Network Deployment. For more
information, go to the WebSphere Edge Components information center.
You must also have completed the basic configuration of WebSphere Edge
Components, set up a target backend server, and created an administrator account.
About this task
A reverse proxy configuration intercepts requests from Lotus Connections users,
forwards them to the appropriate content host, caches the returned data, and
delivers that data to the users. The proxy delivers requests for the same content
directly from the cache, which is much quicker than retrieving it again from the
content host. Information can be cached depending on when it will expire, how
Chapter 1. Installing
173
large the cache should be, and when the information should be updated.
(Excerpted from the WebSphere Edge Components information center.)
The IBM WebSphere Application Server Edge components provide a caching proxy
that you can use to optimize your deployment. Edge components are provided
with the WebSphere Application Server Network Deployment software.
This topic describes how to configure the Edge components to optimize the
performance of Lotus Connections.
Procedure
1. Open the ibmproxy.conf configuration file for the Edge components in a text
editor. The file is stored in the following directory:
v AIX or Linux: /etc/
v Microsoft Windows: C:\Program Files\IBM\edge\cp\etc\
2. Make the following edits to the file:
a. In the SendRevProxyName Directive section, add or enable the following
rule:
SendRevProxyName yes
b. In the PureProxy Directive section, add or enable the following rule:
PureProxy off
c. In the SSL Directives section, add or enable the following rules:
SSLEnable On
SSLCaching On
d. In the Keyring Directive section, add or enable the following rules:
KeyRing C:\ProxyKey\proxykey.kdb
KeyRingStash C:\ProxyKey\proxykey.sth
e. In the Mapping Rules section, add the following reverse pass rules:
ReversePass http://<httpserver>/* http://<proxyserver>/*
ReversePass https://<httpserver>/* https://<proxyserver>/*
where <httpserver> is the host name of the HTTP server. The HTTP server is
usually IBM HTTP Server, but could be a load balancer or another proxy,
depending on your deployment. <proxyserver> is the host name of the proxy
server.
Note: You can only specify * in the URL (to indicate that all URLs for the
server can be passed) if Lotus Connections is the only application installed
on the server. Alternatively, you can use a more specific URL such as
http://<httpserver>/connections. More than one ReversePass rule can be
used if you need to specify different servers for each component.
f. Set the CacheTimeMargin rule to zero seconds. When a document's expiry
date is set to “soon” and soon is defined by the CacheTimeMargin rule,
setting this rule to zero disables the calculation and forces all documents to
be cached regardless of their expiry date. This setting is required for Blogs
caching to function properly; it does not negatively affect the other
applications.
CacheTimeMargin 0s
g. Prevent the validation of a cache object from sending multiple requests for
the same resource to the backend server by setting the KeepExpired rule to
on. An expired or stale copy of the resource will be returned for the brief
time that the resource is being updated on the proxy.
174
IBM Lotus Lotus Connections 2.5 Installation Guide
KeepExpired On
h. In the Method Directives section, add the following methods:
Enable CONNECT
Enable PUT
Enable DELETE
i. Add the following NoCaching rules for HTTP addresses to the Mapping
rules section:
Table 38. NoCaching rules for HTTP addresses
NoCaching rules (HTTP)
NoCaching http://*/activities/service/ajax/*
NoCaching http://*/activities/service/atom/*
NoCaching http://*/activities/service/atom2/*
NoCaching http://*/activities/service/atom2/forms/*
NoCaching http://*/activities/service/download/*
NoCaching http://*/activities/service/download/forms/*
NoCaching http://*/activities/service/getnonce
NoCaching http://*/activities/service/getnonce/forms
NoCaching http://*/blogs/api*
NoCaching http://*/blogs/api_form*
NoCaching http://*/blogs/approvedmsg.jsp*
NoCaching http://*/blogs/confirmflagged.jsp*
NoCaching http://*/blogs/notify.jsp*
NoCaching http://*/blogs/notifyedit.jsp*
NoCaching http://*/blogs/notifyflagged.jsp*
NoCaching http://*/blogs/notifyquarantined.jsp*
NoCaching http://*/blogs/ownermsg.jsp*
NoCaching http://*/blogs/roller-ui/admin*
NoCaching http://*/blogs/roller-ui/createWebsite.do*
NoCaching http://*/blogs/roller-ui/favorites*
NoCaching http://*/blogs/roller-ui/myupdates*
NoCaching http://*/blogs/roller-ui/rendering/api/*
NoCaching http://*/blogs/roller-ui/rendering/api_form/*
NoCaching http://*/blogs/roller-ui/scripts/authCheck.jsp*
NoCaching http://*/blogs/roller-ui/servermetrics.do*
NoCaching http://*/blogs/roller-ui/yourWebsites.do*
NoCaching http://*/blogs/services/atom*
NoCaching http://*/blogs/services/atom_form*
NoCaching http://*/blogs/services/xmlrpc*
NoCaching http://*/bookmarklet/post/*
NoCaching http://*/communities/dsx/*
NoCaching http://*/communities/forum/service/atom/*
NoCaching http://*/communities/service/atom/communities/my*
Chapter 1. Installing
175
Table 38. NoCaching rules for HTTP addresses (continued)
NoCaching rules (HTTP)
NoCaching http://*/communities/service/atom/community*
NoCaching http://*/communities/service/forum/get/nonce
NoCaching http://*/communities/service/json/communityview*
NoCaching http://*/dogear/atom/inbox/*
NoCaching http://*/dogear/atom/mybookmarks/*
NoCaching http://*/dogear/atom/mynotifications/*
NoCaching http://*/dogear/atom/mysentnotifications/*
NoCaching http://*/dogear/html/inbox/*
NoCaching http://*/dogear/html/mybookmarks/*
NoCaching http://*/dogear/html/mynotifications/*
NoCaching http://*/dogear/html/mysentnotifications/*
NoCaching http://*/dogear/seedlist/*
NoCaching http://*/dogear/templates/*
NoCaching http://*/files/form/authenticated
NoCaching http://*/homepage/web/getuserpref
NoCaching http://*/homepage
NoCaching http://*/homepage/web/widgets
NoCaching http://*/homepage/web/jsp/*.jsp
NoCaching http://*/homepage/web/servermetrics
NoCaching http://*/homepage/admin/admin.jsp
NoCaching http://*/homepage/atom/search/*
NoCaching http://*/homepage/atom/mysearch/*
NoCaching http://*/mobile/activities/*
NoCaching http://*/mobile/blogs/*
NoCaching http://*/mobile/profiles/*
NoCaching http://*/profiles/aboutView.do
NoCaching http://*/profiles/home.do*
NoCaching http://*/profiles/atom/*reportingChain.do*
NoCaching http://*/profiles/auth/*
NoCaching http://*/profiles/atom/*tagCloud.do*
NoCaching http://*/profiles/html/*.do
NoCaching http://*/search/atom/mysearch
NoCaching http://*/search/serverStats
NoCaching http://*/search/web/*
NoCaching http://*/wikis/basic/api/*
NoCaching http://*/wikis/dm/atom/*
NoCaching http://*/wikis/form/api/*
NoCaching http://*/wikis/form/authenticated
NoCaching http://*/wikis/seedlist/*
NoCaching http://*/wikis/templates/about.jsp*
176
IBM Lotus Lotus Connections 2.5 Installation Guide
Table 38. NoCaching rules for HTTP addresses (continued)
NoCaching rules (HTTP)
NoCaching http://*/wikis/templates/demo.jsp*
NoCaching http://*/wikis/templates/faq/en/tour1.jsp*
NoCaching http://*/wikis/templates/statistics.jsp*
NoCaching http://*/wikis/templates/toolbox.jsp*
j. Add the following NoCaching rules for HTTPS addresses to the Mapping
rules section:
Table 39. NoCaching rules for HTTPS addresses
NoCaching rules (HTTPS)
NoCaching https://*/activities/service/atom/*
NoCaching https://*/activities/service/atom2/*
NoCaching https://*/activities/service/atom2/forms/*
NoCaching https://*/activities/service/download/*
NoCaching https://*/activities/service/download/forms/*
NoCaching https://*/activities/service/getnonce
NoCaching https://*/activities/service/getnonce/forms
NoCaching https://*/blogs/api*
NoCaching https://*/blogs/api_form*
NoCaching https://*/blogs/approvedmsg.jsp*
NoCaching https://*/blogs/confirmflagged.jsp*
NoCaching https://*/blogs/notify.jsp*
NoCaching https://*/blogs/notifyedit.jsp*
NoCaching https://*/blogs/notifyflagged.jsp*
NoCaching https://*/blogs/notifyquarantined.jsp*
NoCaching https://*/blogs/ownermsg.jsp*
NoCaching https://*/blogs/roller-ui/admin*
NoCaching https://*/blogs/roller-ui/createWebsite.do*
NoCaching https://*/blogs/roller-ui/favorites*
NoCaching https://*/blogs/roller-ui/myupdates*
NoCaching https://*/blogs/roller-ui/rendering/api/*
NoCaching https://*/blogs/roller-ui/rendering/api_form/*
NoCaching https://*/blogs/roller-ui/scripts/authCheck.jsp*
NoCaching https://*/blogs/roller-ui/servermetrics.do*
NoCaching https://*/blogs/roller-ui/yourWebsites.do*
NoCaching https://*/blogs/services/atom*
NoCaching https://*/blogs/services/atom_form*
NoCaching https://*/blogs/services/xmlrpc*
NoCaching https://*/bookmarklet/post/*
NoCaching https://*/communities/dsx/*
NoCaching https://*/communities/forum/service/atom/*
Chapter 1. Installing
177
Table 39. NoCaching rules for HTTPS addresses (continued)
NoCaching rules (HTTPS)
NoCaching https://*/communities/service/atom/communities/my*
NoCaching https://*/communities/service/atom/community*
NoCaching https://*/communities/service/forum/get/nonce
NoCaching https://*/communities/service/json/communityview*
NoCaching https://*/dogear/atom/inbox/*
NoCaching https://*/dogear/atom/mybookmarks/*
NoCaching https://*/dogear/atom/mynotifications/*
NoCaching https://*/dogear/atom/mysentnotifications/*
NoCaching https://*/dogear/html/inbox/*
NoCaching https://*/dogear/html/mybookmarks/*
NoCaching https://*/dogear/html/mynotifications/*
NoCaching https://*/dogear/html/mysentnotifications/*
NoCaching https://*/dogear/seedlist/*
NoCaching https://*/dogear/templates/*
NoCaching https://*/files/form/authenticated
NoCaching https://*/homepage/web/getuserpref
NoCaching https://*/homepage
NoCaching https://*/homepage/web/widgets
NoCaching https://*/homepage/web/jsp/*.jsp
NoCaching https://*/homepage/web/servermetrics
NoCaching https://*/homepage/admin/admin.jsp
NoCaching https://*/homepage/atom/search/*
NoCaching https://*/homepage/atom/mysearch/*
NoCaching https://*/mobile/activities/*
NoCaching https://*/mobile/blogs/*
NoCaching https://*/mobile/profiles/*
NoCaching https://*/profiles/aboutView.do
NoCaching https://*/profiles/home.do*
NoCaching https://*/profiles/html/*.do
NoCaching https://*/profiles/atom/*reportingChain.do*
NoCaching https://*/profiles/auth/*
NoCaching https://*/profiles/atom/*tagCloud.do*
NoCaching https://*/search/atom/mysearch
NoCaching https://*/search/serverStats
NoCaching https://*/search/web/*
NoCaching https://*/wikis/basic/api/*
NoCaching https://*/wikis/dm/atom/*
NoCaching https://*/wikis/form/api/*
NoCaching https://*/wikis/form/authenticated
NoCaching https://*/wikis/seedlist/*
178
IBM Lotus Lotus Connections 2.5 Installation Guide
Table 39. NoCaching rules for HTTPS addresses (continued)
NoCaching rules (HTTPS)
NoCaching https://*/wikis/templates/about.jsp*
NoCaching https://*/wikis/templates/demo.jsp*
NoCaching https://*/wikis/templates/faq/en/tour1.jsp*
NoCaching https://*/wikis/templates/statistics.jsp*
NoCaching https://*/wikis/templates/toolbox.jsp*
k. Add the following rule to the CacheQueries Directives section:
CacheQueries PUBLIC
l. Configure the proxy to allow large file uploads by editing and
uncommenting the LimitRequestBody directive:
LimitRequestBody n M
where n is the maximum file size in MB. For example: LimitRequestBody 50
M allows a file size of up to 50 MB.
3. Save and close the ibmproxy.conf file.
4. Update the dynamicHosts attribute in the LotusConnections-config.xml file to
reflect the URL of the proxy server:
<dynamicHosts enabled="true">
<host href="http://proxy.example.com"
ssl_href="https://proxy.example.com"/>
</dynamicHosts>
Note:
Each href attribute in the LotusConnections-config.xml file is case-sensitive
and must specify a fully-qualified domain name.
5. Restart the Edge server.
Related reference
Wiki - reverse-proxy
Changing the context root of a feature
The Web address from which a Lotus Connections feature is available contains a
default context root value. After installing the feature, you can change this value to
a different context root to conform to corporate restrictions or policies that limit
where server applications can be deployed and how they can be addressed.
Before you begin
This is an optional configuration. If you do decide to change the context roots of
the features, be sure to do so before you map the features to the IBM HTTP Server
or edit the IBM HTTP Server configuration file for any other reason, such as to
redirect HTTP requests to support third-party authentication mechanisms.
About this task
For example, the Blogs feature is available from <your_host_server>/blogs by
default. You can change that base Web address to <your_host_server>/
LotusConnectionsBlogs to differentiate it from another available blogging service or
conform to corporate guidelines.
Chapter 1. Installing
179
To change the context root of a feature, complete the following steps:
Procedure
1. Log into the WebSphere Application Server Integration Solutions Console for
the server hosting the Lotus Connections feature for which you want to
change the context root.
2. Expand Applications, and then click Enterprise Applications.
3. Click the name of the server hosting the feature with the context root that you
want to change, and then under Web Module Properties, click Context Root
For Web Modules.
4. Edit the values in the Context Root column of the table to change the term
that identifies the feature. The paths must continue to begin with a forward
slash (/) and must not contain spaces.
Do not specify a single forward slash (/) as the full context root because it
prevents features from being able to retrieve Atom feeds properly. Using the
default application context ("/") is not supported.
5. Click OK, and then click OK from the server properties page to save the
change.
6. Update the Lotus Connections configuration file to reflect this context root
change. To do so, start the wsadmin client. See Starting the wsadmin client for
details.
7. Use the wsadmin client to access and check out the Lotus Connections
configuration files.
a. Use one of the following commands to access the Lotus Connections
configuration file:
v Stand-alone deployment: execfile("connectionsConfig.py")
v Network deployment: execfile("<$WAS_HOME>/profiles/<DMGR>/config/
bin_lc_admin/connectionsConfig.py")
If you are prompted to specify which server to connect to, type 1.
Note: This information is not used by the wsadmin client when you are
making configuration changes.
b. Check out the Lotus Connections configuration files using the following
command:
LCConfigService.checkOutConfig("<working_directory>","<cell_name>")
where:
v <working_directory> is the temporary working directory to which the
configuration XML and XSD files are copied and are stored while you
make changes to them. Use forward slashes to separate directories in the
file path, even if you are using the Microsoft Windows operating
system.
v <cell_name> is the name of the WebSphere Application Server cell
hosting the Lotus Connections feature. This argument is required even
in stand-alone deployments. This argument is also case-sensitive, so type
it with care. If you do not know the cell name, do one of the following
to determine it:
– Stand-alone deployment: Look at the directory name in the following
directory in the file system:
<$WAS_HOME>\profiles\<profile_name>\config\cells\
– Network deployment: Type the following command while in the
wsadmin command processor:
180
IBM Lotus Lotus Connections 2.5 Installation Guide
print AdminControl.getCell()
For example:
v AIX/Linux:
LCConfigService.checkOutConfig("/opt/temp","foo01Cell01")
v Microsoft Windows:
LCConfigService.checkOutConfig("c:/temp","foo01Cell01")
8. Update the value of the href prefix using the following command:
LCConfigService.updateConfig("<web_module_name>.href.prefix",
"<new_context_root_value>")
where:
<web_module_name>
Name of the Web module for the feature. Each feature has one or
more Web modules that are configured in WebSphere Application
Server. The options are the following:
Table 40. Feature Web modules
Feature or Service name
Web modules
Activities
activities
Blogs
blogs
Communities
communities
Dogear
dogear
Files
files
Home page
homepage, news
Mobile
mobile
Profiles
personTag, profiles
Search
search
Wikis
wikis
<new_context_root_value>
Value you defined for the feature's Web UI context root in Step 4.
Note: Do not specify a single forward slash (/) as the full context root
because it prevents features from being able to retrieve Atom feeds
properly.
For example, to change the context root of the Profiles feature, you would use
the following commands:
LCConfigService.updateConfig("profiles.href.prefix","/contacts")
LCConfigService.updateConfig("personTag.href.prefix","/contacts")
9. Save your changes to the LotusConnections-config.xml file.
10. After making changes, you must check the configuration files back in and you
must do so during the same wsadmin session in which you checked them out
for the changes to take effect. See Applying common configuration property
changes for information about how to save and apply your changes.
11. Files and Wikis only: Perform the following steps:
a. Check out the Files and Wikis configuration files. See the topic Changing
configuration property values in the Files and Wikis sections of the
information center.
Chapter 1. Installing
181
b. Locate the following property:
<security>
<logout href="/files/ibm_security_logout" />
</security>
c. Change it to this:
<security>
<logout href="<new_context_root_value>/ibm_security_logout" />
</security>
12. Perform either of the following actions to update existing links to uploaded
files:
v Update the old links manually.
v Redirect requests made to links that contain the old context root to links
with the new one by completing the steps below.
Note: You can only use this option if the old and new context roots are
defined on the same IBM HTTP Server.
a. Open the configuration file for the IBM HTTP Server. It is called
httpd.conf and is located in the following directory:
AIX: /usr/IBM/HTTPServer/conf
Linux: /opt/IBM/HTTPServer/conf
Microsoft Windows: C:\IBM\HTTPServer\conf
b. Uncomment the following line or add it if it is not present:
LoadModule rewrite_module modules/mod_rewrite.so
c. Add redirection rules for each feature for both HTTP and secure HTTP.
The following XML is an example of redirection rules added for the
Blogs feature:
RewriteEngine on
RewriteRule /blogs/(.*) http://<your_host_server>/LotusConnectionsBlogs /$1 [R,L]
Listen 0.0.0.0:443
<VirtualHost *:443>
RewriteEngine on
RewriteRule /blogs/(.*) http://<your_host_server>/LotusConnectionsBlogs /$1 [R,L]
ServerName <your_host_server>
SSLEnable
</VirtualHost>
SSLDisable
d. Save and close the httpd.conf file, and then restart the IBM HTTP
Server.
13. Regenerate the plugin-cfg.xml file for the IBM HTTP Server in the WebSphere
Application Server Integrated Solutions Console. To do so, complete the
following steps:
a. Open the WebSphere Application Server Integrated Solutions Console.
b. Expand Servers, and then click Web servers.
c. Select the check box beside the IBM HTTP Server name. For example:
webserver1.
d. Click Generate Plug-in to regenerate the plugin-cfg.xml file.
e. If necessary. click Propagate Plug-in to copy the plugin-cfg.xml file from
the local directory where the Application Server is installed to the remote
machine.
14. Restart the IBM HTTP Server.
15. Communities and Profiles only: If you change the context root for the
Communities or Profiles feature, you must also update the property that
182
IBM Lotus Lotus Connections 2.5 Installation Guide
defines the Web address of the feature for the directory extension services. To
do so, start the wsadmin client, and complete the following steps:
a. Use one of the following commands to access the Lotus Connections
configuration file:
v Stand-alone deployment: execfile("connectionsConfig.py")
v Network deployment: execfile("<$WAS_HOME>/profiles/<DMGR>/config/
bin_lc_admin/connectionsConfig.py")
If you are prompted to specify which server to connect to, type 1.
Note: This information is not used by the wsadmin client when you are
making configuration changes.
b. Check out the Lotus Connections configuration files using the following
command:
LCConfigService.checkOutConfig("<working_directory>","<cell_name>")
where:
v <working_directory> is the temporary working directory to which the
configuration XML and XSD files are copied and are stored while you
make changes to them. Use forward slashes to separate directories in the
file path, even if you are using the Microsoft Windows operating
system.
v <cell_name> is the name of the WebSphere Application Server cell
hosting the Lotus Connections feature. This argument is required even
in stand-alone deployments. This argument is case-sensitive, so type it
with care. If you do not know the cell name, do one of the following to
determine it:
– Stand-alone deployment: Look at the directory name in the following
directory in the file system:
<$WAS_HOME>\profiles\<profile_name>\config\cells\
– Network deployment: Type the following command while in the
wsadmin command processor:
print AdminControl.getCell()
For example:
v AIX or Linux:
LCConfigService.checkOutConfig("/opt/temp","foo01Cell01")
v Microsoft Windows:
LCConfigService.checkOutConfig("c:/temp","foo01Cell01")
c. Communities only: Use the following command to change the value of the
Web address for the Communities directory service extension:
LCConfigService.updateConfig("communities.directory.service.extension.href",
"<new_web_address_of_communities_feature>/dsx")
d. Profiles only: Use the following command to change the value of the Web
address for the Profiles directory service extension:
LCConfigService.updateConfig("profiles.directory.service.extension.href",
"<new_web_address_of_profiles_feature>/dsx")
e. Check the configuration files back in using the following command:
LCConfigService.checkInConfig()
f. To exit the wsadmin client, type exit at the prompt.
16. Rebuild the search index by deleting the index and letting the indexing task
recreate it when it runs. By default, the indexing task runs every 15 minutes.
See Deleting the index for more information.
Chapter 1. Installing
183
Related tasks
Changing configuration property values
Configuration properties control how and when various Files operations take
place. You can edit the properties to change the ways that Files operates.
Changing configuration property values
Configuration properties control how and when various Wikis operations take
place. You can edit the properties to change the ways that Wikis operates.
Configuring Files and Wikis downloading for production
deployments
You can make downloading files from the Files and Wikis features much more
efficient by configuring an IBM HTTP Server to handle most of the download
instead of the WebSphere Application Server. It is strongly recommended that you
configure production deployments this way.
Before you begin
Install an IBM HTTP Server in your WebSphere Application Server environment.
See the topic Configuring IBM HTTP Server for information.
In network deployments, Files and Wikis data must be stored on a shared file
system, as described in the topic Installing the first node of a cluster. All IBM HTTP
Servers in the deployment must have read access to the files, and all WebSphere
Application Servers must have write access.
If you choose not to configure the IBM HTTP Server to download files, you must
configure the WebSphere Application Server to transfer data synchronously instead
of asynchronously in order to avoid errors related to using too much memory. See
the tech note Excessive native memory use in IBM WebSphere Application Server
for instructions.
With IBM HTTP Server configured to download files, active content filtering no
longer strips scripts out of XHTML or HTML files when they are downloaded from
Files or attachments downloaded from Wikis. The activeContentFilter property in
both files-config.xml and wikis-config.xml is ignored. (Active content filtering
continues to run on Wiki pages.) Active content filtering is a security measure
against cross-site scripting attacks. To protect against cross-site scripting attacks
when IBM HTTP Server is configured to perform downloads, you must create a
sub-domain. See the topic Minimizing cross-site scripting attacks for information on
creating sub-domains.
About this task
In the default deployment with an IBM HTTP Server, file download requests are
passed from the IBM HTTP Server to the WebSphere Application Server. The
WebSphere Application Server accesses the binary files in a data directory on the
file system and returns them to the IBM HTTP Server, which passes them to the
browser.
This is inefficient in deployments where large numbers of users are downloading
files, partly because WebSphere Application Server has a limited thread pool that is
tuned for short-lived transactions, and optimized for J2EE applications and not file
downloads. In this environment it is possible that you would need to create a
cluster to handle downloads, especially if you have slow transfer rates, for example
184
IBM Lotus Lotus Connections 2.5 Installation Guide
caused by people in different geographies downloading 2MB at 2KB per second.
This would cause problems, such as making it impractical to properly tune the
thread pool.
Configuring the IBM HTTP Server to download the binary files instead makes
downloading far more efficient, since IBM HTTP Server is designed specifically for
serving files. This leaves WebSphere Application Server to perform tasks such as
security checking and cache validation while leaving downloading to the IBM
HTTP Server.
To configure this environment, you install an add-on module to the IBM HTTP
Server. As in typical deployments, download requests are passed from the IBM
HTTP Server to the WebSphere Application Server. But instead of responding with
the binary data, the WebSphere Application Server only adds a special header to
its response. The add-on module recognizes the header and directs the IBM HTTP
Server to download the binary data.
This configuration requires making the Files and Wikis data directories available to
the IBM HTTP Server using an alias. This creates a security concern, so you must
configure the access control at the IBM HTTP Server level. After you configure
security, access to the Files and Wikis data directories is denied unless a specific
environment variable is set. Requests to the Files and Wikis applications on
WebSphere Application Server are then configured to set the variable. In other
words, only requests passing through WebSphere Application Server are able to
access the data directory, with WebSphere Application Server acting as the
authorizer.
Do the following tasks to configure IBM HTTP Server downloading:
Procedure
1. Install the IBM Lotus Connections Files or Wikis features.
2. On the server that you installed Lotus Connections on, navigate to the
<connections_setup_directory>/plugins/ihs/mod_ibm_local_redirect/
<platform> directory to find the module file (mod_ibm_local_redirect.so)
appropriate to your IBM HTTP Server operating system. These are the
platform directories:
v /aix_ppc32-ap20
v /aix_ppc32-ap22
v /linux390-ap20
v /linux390-ap22
v /linux_ia32-ap20
v /linux_ia32-ap22
v /win_ia32-ap20
v /win_ia32-ap22
For example, on Microsoft Windows computers:
C:\connections_install\plugins\ihs\mod_ibm_local_redirect\win_ia32-ap20\mod_ibm_local_redirect.so
Note:
v <connections_setup_directory> is the Lotus Connections setup directory where
install.bat (on Microsoft Windows) or install.sh (on AIX or Linux) is located.
v You can use these whether you installed IBM HTTP Server from the 32-bit
or 64-bit supplemental package on all supported platforms, as the IBM
HTTP Server process is 32-bits in both cases and requires 32-bit modules.
Chapter 1. Installing
185
See this support document for more information on this topic. For IBM
HTTP Server 6.1.x releases, use the ap20 versions; for version 7.x releases
use the ap22 version.
3. Copy the module to the appropriate directory location on your IBM HTTP
Server. By default, modules are located in the <ibm_http_server_root>/modules
directory.
4. Open the IBM HTTP Server httpd.conf file (in the <ibm_http_server_root>/conf
directory by default) and add the following statements to load the
ibm_local_redirect_module, and the required mod_env environment variable
module:
v LoadModule ibm_local_redirect_module <path_to_module>/
mod_ibm_local_redirect.so
For example: LoadModule ibm_local_redirect_module modules/
mod_ibm_local_redirect.so
v LoadModule env_module <path_to_mod_env>/mod_env.so
For example: LoadModule env_module modules/mod_env.so
Note: By default, the mod_env module is installed in the /modules directory. It
may already be loaded, or it may be a commented-out line that you can
remove comments from to load.
5. Do one of the following, according to your IBM HTTP Server operating
system:
v Microsoft Windows: Give the IBM HTTP Server user READ access to the
data directory root. For optimal security, do not give the user WRITE access.
v AIX and Linux: Give the IBM HTTP Server user READ and EXECUTE
access to the data directory root.
Note: You can find the <data_directory_root> path in the files-config.xml or
wikis-config.xml file, in the file.storage.rootDirectory attribute. This attribute
will contain either the path itself, or a WebSphere Application Server variable
whose value is the path. If it contains a variable, you can find the path by
opening the WebSphere Application Server console, clicking Environment →
WebSphere Variables, and finding the variable. For example, if the element's
value is ${FILES_CONTENT_DIR}, find FILES_CONTENT_DIR in the console
to find the path. See the topic Changing configuration property values for
information on opening the files-config.xml or wikis-config.xml file.
6. On all virtual hosts in the same domain as Files or Wikis, including both
HTTP and HTTPS, do the following to expose the data directory root:
a. Open the httpd.conf file.
b. Add the following to create an alias for the data directory root:
Alias /<alias> "<data_directory_root>"
For example, if the Files data directory root is C:\Program
Files\IBM\LotusConnections\Data\Files, the following line creates the
alias files_content for that directory:
Alias /files_content "C:\Program Files\IBM\LotusConnections\Data\Files"
Note:
v Do not use the application context root (/files or /wikis by default) as part
of the alias, but you can use any other value. For example, use
/files_content, but not /files/content. The application context root is the
last part of the application URL, for example the application context root of
186
IBM Lotus Lotus Connections 2.5 Installation Guide
a Files application with the URL www.my.enterprise.com/files is /files. You
can see the value in the files.href.prefix property in the
LotusConnections-config.xml file. See the topic Changing common
configuration property values for information on opening the configuration
file.
v Do not include quotes around the file path on Linux computers.
7. In the httpd.conf file, add these lines below the lines you added in Step 6, to
make the alias more secure:
<Directory "<data_directory_root>">
Order Deny,Allow
Deny from all
Allow from env=REDIRECT_<FILES or WIKIS>_CONTENT
</Directory>
For example:
<Directory "C:\Program Files\IBM\LotusConnections\Data\Files">
Order Deny,Allow
Deny from all
Allow from env=REDIRECT_FILES_CONTENT
</Directory>
Note:
v This secures the data by only allowing requests where
REDIRECT_FILES_CONTENT or REDIRECT_WIKIS_CONTENT is
specified. Use any environment variable you want, as long as it is not
already in the IBM HTTP Server environment.
8. In the httpd.conf file, add these lines below the lines you added in Step 7, to
enable the module for Files or Wikis:
<Location <application_context_root>>
IBMLocalRedirect On
IBMLocalRedirectKeepHeaders X-LConn-Auth,Cache-Control,Content-Type,Content-Disposition,
Last-Modified,ETag,Content-Language,Set-Cookie
SetEnv <FILES or WIKIS>_CONTENT true
</Location>
For example:
<Location /files>
IBMLocalRedirect On
IBMLocalRedirectKeepHeaders X-LConn-Auth,Cache-Control,Content-Type,Content-Disposition,
Last-Modified,ETag,Content-Language,Set-Cookie
SetEnv FILES_CONTENT true
</Location>
Note:
v The <application_context_root> value is the last part of the application URL,
for example the application context root of a Files application with the URL
www.my.enterprise.com/files is /files. This is /files or /wikis by default,
but can be changed during post-installation steps. You can see the value in
the files.href.prefix property in the LotusConnections-config.xml file.
See the topic Changing common configuration property values for information
on opening the configuration file.
v Specifying IBMLocalRedirectKeepHeaders instructs the plugin to keep the
specified headers from the application server, instead of recomputing them.
This is critical because the applications set such directives as the
content-type and content-disposition that the IBM HTTP Server would not
know about.
Chapter 1. Installing
187
v If your environment requires additional headers (for example for a proxy
cache), you can add them to the comma-delimited
IBMLocalRedirectKeepHeaders list above to ensure that the module retains
them during redirection.
v Header names must be comma-delimited with no space before or after
commas. Also, all header names must be on one line regardless of how
many there are.
v The SetEnv value sets the token that the data directory requires to be
accessible. It must match the value after REDIRECT_ that you set in Allow
from env= in Step 7. For example, if you set REDIRECT_FILES_CONTENT in Step
7, this value must be SetEnv FILES_CONTENT true.
v You can think of this as a lock and key mechanism: only requests that go
through the Files or Wikis applications get a key, and the applications
ensure that only the right users can unlock particular files.
9. Do the following to test that the IBM HTTP Server is configured properly and
securely:
a. Restart the IBM HTTP Server. Make sure it loads properly and there are no
log errors about loading modules or configuration. If there are problems,
make sure the load module and configuration directives do not contain
typos.
b. Try to access the alias directory directly at http/https:<host>/<alias> and
make sure you are denied permission. If you can access the directory,
make sure that the Order Deny, Allow; Deny from All; Allow from env
from Step 7 are all there.
c. Access the application and download a file to make sure it functions. The
module is not yet enabled.
10. Check out the files-config.xml or wikis-config.xml file using the steps in
the topic Changing configuration property values, and specify the following
property attributes:
<download>
<modIBMLocalRedirect enabled="true" hrefPathPrefix="/<alias>" />
</download>
Note: The alias must have a forward slash in front of it.
11. Restart Files or Wikis.
12. Download a file to make sure it works.
13. Do the following to test whether the IBM HTTP Server is downloading the
files:
a. Open the httpd.conf file and add # characters to comment out the last line
in the <Directory> element, for example:
<Directory "<data_directory_root>">
Order Deny,Allow
Deny from all
#Allow from env=REDIRECT_<FILES or WIKIS>_CONTENT
</Directory>
For example:
<Directory "C:\Program Files\IBM\LotusConnections\Data\Files">
Order Deny,Allow
Deny from all
#Allow from env=REDIRECT_FILES_CONTENT
</Directory>
b. Save the file.
188
IBM Lotus Lotus Connections 2.5 Installation Guide
c. Try to download a file from Files or Wikis. You should be denied. Test over
both HTTP and HTTPS protocols (if HTTPS is enabled).
d. Open the httpd.conf file and remove the # characters from the last line
specified in Step a.
Check the standard IBM HTTP Server error and request logs for any
problems.
What to do next
v If you get a permission denied error trying to download a file, IBM HTTP Server
may not have access to the content. You can temporarily disable security on the
directory, and ensure you can access it directly first, then re-enable security. Note
that you can tell if WebSphere or IBM HTTP Server is encountering an issue by
the error page displayed, and by the path. If IBM HTTP Server is having a
problem with the module invoked, the path will include /<alias>.
v If you get log errors about loading the module, make sure that it is only loaded
once, that you have selected the right binary, and that you are on a supported
platform.
v If it works for HTTP but not HTTPS (or vice versa), make sure that the
configuration lines are in a global context or in each virtual host, depending on
your setup.
Related concepts
Chapter 1, “Installing,” on page 1
To install Lotus Connections, you need to follow a detailed series of procedures.
“Configuring IBM HTTP Server” on page 139
Configure IBM HTTP Server to manage Web requests to Lotus Connections.
Related tasks
“Installing the first node of a cluster” on page 105
Install the first node of a network deployment of Lotus Connections.
“Specifying a separate file download domain” on page 260
Files added to the Activities, Blogs, or Files features could potentially contain
malicious code that can exploit the cross-site scripting vulnerabilities of some
browsers. You can add rewrite rules to the IBM HTTP Server configuration file to
force any downloaded files to be recognized by the Web browser as content that is
independent from the feature from which it was downloaded, and treat it
accordingly.
Changing common configuration property values
Configuration settings control how and when various common operations take
place. You can edit the settings to change how Lotus Connections behaves.
Changing configuration property values
Configuration properties control how and when various Files operations take
place. You can edit the properties to change the ways that Files operates.
Configuring the Recent Posts widget
Configure the Recent Posts widget to display multiple feeds in a user's profile. The
widget can be extended to display additional feeds from IBM Lotus Connections
features and external services as required.
Before you begin
To edit configuration files, you must use the IBM WebSphere Application Server
wsadmin client. See Starting the wsadmin client for information about how to start
the wsadmin command-line tool.
Chapter 1. Installing
189
About this task
The Recent Posts widget that displays on a user's profile page provides an
aggregated summary of that user's recent activity in the different Lotus
Connections features. The widget is automatically configured to display tabs for all
of the Lotus Connections features, with the exception of Wikis. However you can
configure it to display tabs for only those features that are included in your
deployment.
Note: In Lotus Connections 2.5, the Recent Posts widget does not include a tab for
the Wikis feature.
To configure the Recent Posts widget, complete the following steps:
Procedure
1. Use the wsadmin client to access the Profiles configuration files.
a. Use one of the following commands to access the Profiles configuration
files:
v Stand-alone deployment:
execfile("profilesAdmin.py")
v Network deployment:
execfile("<$WAS_HOME>/profiles/<DMGR>/config/bin_lc_admin/
profilesAdmin.py")
2. Use the following command to check out the widget configuration file:
ProfilesConfigService.checkOutWidgetConfig("<working_directory>",
"<cell_name>")where:
v <working_directory> is the temporary working directory to which the
configuration XML and XSD files will be copied. The files are kept in this
working directory while you make changes to them.
v <cell_name> is the name of the WebSphere Application Server cell hosting the
Profiles feature. This argument is required even in stand-alone deployments.
For example:
ProfilesConfigService.checkOutWidgetConfig("/wsadminoutput", "jdoe30Node02Cell")
3. Open widgets-config.xml in a text editor, and specify the widget attributes
using the information in the following tables. You can find the configuration
section for this component under config > widgets > definitions > widgetDef >
defId = multiFeedReader > configData.
Table 41. Recent posts widget attributes
Attribute
Description
serviceNameResourceId
The resource string that specifies the name
of the given feed that is displayed in the tab.
serviceNameFeedUrl
The feed URL for the specified Lotus
Connections feature. A standard URL can be
used, or a serviceNameSvcRef parameter can
be used if the serviceName has been defined
in the lotusConnections-config.xml file.
Specify the following URL parameters:
190
IBM Lotus Lotus Connections 2.5 Installation Guide
Table 42. Recent posts widget URL parameters
Parameter
Description
email
A substitution variable for the user e-mail
displayed. This is used as a placeholder in
the URL; it is replaced at runtime.
serviceNameSvcRef
A substitution variable for the URL value
that is replaced at runtime. This parameter is
retrieved from the lotusConnectionsconfig.xml file for the given Lotus
Connections feature.
For example:
<widgetDef defId="multiFeedReader" url="{contextRoot}/widget-catalog/multifeedreader.xml?version={version}">
<itemSet>
<item name="numberOfEntriesToDisplay" value="5" />
<item name="communityResourceId" value="communityResourceId"/>
<item name="communityFeedUrl" value="{communitiesSvcRef}/service/atom/communities/all?userid={userid}&amp;ps=5"/>
<item name="dogearResourceId" value="dogearResourceId"/>
<item name="dogearFeedUrl" value="{dogearSvcRef}/atom?userid={userid}&amp;access=any&amp;sort=date&amp;sortOrder=desc&amp;ps=5&amp;showFavIcon
<item name="blogsResourceId" value="blogsResourceId"/>
<item name="blogsFeedUrl" value="{blogsSvcRef}/roller-ui/feed/{userid}?order=asc&amp;maxresults=5&amp;sortby=0"/>
<item name="activitiesResourceId" value="activitiesResourceId"/>
<item name="activitiesFeedUrl" value="{activitiesSvcRef}/service/atom2/activities?public=only&amp;userid={userid}&amp;authenticate=no&amp;ps=5
<item name="filesResourceId" value="filesResourceId"/>
<item name="filesFeedUrl" value="{filesSvcRef}/basic/anonymous/api/userlibrary/{userid}/feed?pagesize=5"/>
</itemSet>
</widgetDef>
4. To remove a tab, comment out or delete the <serviceNameResourceId> and
<serviceFeedUrl> attributes.
Note: To comment out the attributes, use the <!-- XML notation to open the
comment and --> to close the comment.
In the following example, the tabs for the Activities and Files features are
removed from the widget:
<!--
<item name="activitiesResourceId" value="activitiesResourceId"/>
<item name="activitiesFeedUrl" value="{activitiesSvcRef}/service/atom2/activities?public=only&amp;userid={userid}&amp;authenticate=no&amp;ps
<item name="filesResourceId" value="filesResourceId"/>
<item name="filesFeedUrl" value="{filesSvcRef}/basic/anonymous/api/userlibrary/{userid}/feed?pagesize=5"/> -->
</itemSet>
</widgetDef>
5. Save your changes and check the widgets-config.xml file back in using the
following command:
ProfilesConfigService.checkInWidgetConfig()
6. To exit the wsadmin client, type exit at the prompt.
7. Stop and restart the Profiles server.
Configuring the custom ID attribute for users or groups
Configure Lotus Connections to use custom ID attributes to identify users and
groups in the LDAP directory.
Before you begin
Ensure that you have completed the steps to specify different ID attributes for
users and groups in the Specifying a custom ID for users or groups topic. If you
specified a single ID attribute for both users and groups, you don't need to
complete this task.
Chapter 1. Installing
191
About this task
By default, Lotus Connections looks for LDAP attributes to use as the global
unique IDs to identify users and groups in the LDAP directory. You can change the
default setting to use a custom ID to identify users and groups in the directory.
To configure Lotus Connections to use the custom ID attribute that you specified
earlier, complete the following steps:
Procedure
1. Add the new attribute to the LotusConnections-config.xml file. To do so,
complete the following steps:
a. Start the wsadmin tool.
b. Use one of the following commands to access the Lotus Connections
configuration file:
Stand-alone deployment
execfile("connectionsConfig.py")
Network deployment
execfile("<$WAS_HOME>/profiles/<DMGR>/config/bin_lc_admin/
connectionsConfig.py")
If you are prompted to specify which server to connect to, type 1.
This information is not used by the wsadmin client when you are
making configuration changes.
c. Check out the Lotus Connections configuration files using the following
command: LCConfigService.checkOutConfig("/<working_directory>",
"<cell_name>")
where
v /<working_directory> is the temporary working directory to which the
configuration XML and XSD files are copied. The files are kept in this
working directory while you change them.
v <cell_name> is the name of the IBM WebSphere Application Server cell
hosting the Lotus Connections feature. This argument is required even in
stand-alone deployments. This argument is also case sensitive. If you do
not know the cell name, do one of the following to determine it:
– Stand-alone deployment: Look at the directory name in the following
directory in the file system: <$WAS_HOME>\profiles\<profile_name>\
config\cells\
– Network deployment: Type the following command while in the
wsadmin command processor: print AdminControl.getCell()
For example:
LCConfigService.checkOutConfig("/temp","foo01Cell01")
d. From the temporary directory to which you checked out the Lotus
Connections configuration files, open the LotusConnections-config.xml file
in a text editor.
e. Add the new custom properties to the LotusConnections-config.xml file.
For example:
<sloc:serviceReference serviceName="directory"
communities_directory_service_extension_auth="DSX-Admin"
communities_directory_service_extension_auth_alias="connectionsAdmin"
communities_directory_service_extension_enabled="true"
communities_directory_service_extension_href=
"http://enterprise.example.com:9080/communities/dsx/"
192
IBM Lotus Lotus Connections 2.5 Installation Guide
profiles_directory_service_extension_auth="None"
profiles_directory_service_extension_auth_alias="connectionsAdmin"
profiles_directory_service_extension_enabled="true"
profiles_directory_service_extension_href=
"http://enterprise.example.com:9080/profiles/dsx/"
custom_user_id_attribute="customUserID"
custom_group_id_attribute="customGroupID"/>
f. Save the LotusConnections-config.xml file.
g. Check in the changed configuration property files using the following
command:LCConfigService.checkInConfig()
h. (Network deployment only.) After making updates, enter the following
command to deploy the changes: synchAllNodes()
2. Stop and restart the WebSphere Application Server instance hosting Lotus
Connections.
Related tasks
“Specifying a custom ID attribute for users or groups” on page 33
Specify custom global unique ID attributes to identify users and groups in the
LDAP directory.
Uninstalling Lotus Connections
There are some additional steps you must take to uninstall a network deployment
of Lotus Connections.
Uninstalling a stand-alone deployment
Uninstall a stand-alone deployment of Lotus Connections from your system.
About this task
The uninstall wizard can uninstall the entire Lotus Connections product or selected
Lotus Connections features.
To uninstall Lotus Connections features, complete the following steps:
Procedure
1. Stop WebSphere Application Server.
2. Run the uninstaller:
v AIX or Linux:
a. Open a command prompt and change to the lotus_connections_root/
uninstall directory.
b. Enter the following commands:
./uninstall.sh
Note: If the script does not run, you might need to enable its Executable
attribute by running the chmod command first. The Executable attribute
of a script can become disabled after the script is copied from a read-only
medium such as DVD.
v Microsoft Windows:
a. Open a command prompt and change to the lotus_connections_root\
uninstall directory.
b. Enter the following command:
uninstall.bat
Chapter 1. Installing
193
3.
4.
5.
6.
Note: Alternatively, double-click the uninstall file in the uninstall directory.
Select a language to use for the installation procedure and click Next.
On the Welcome page of the Uninstall Wizard, click Next.
Select the Stand-alone deployment option and click Next.
Select the features that you want to uninstall and click Next.
Note: Do not uninstall the News or Search feature unless you are removing the
entire product or reinstalling the News or Search feature.
7. Review the summary panel to verify that the features you want to remove are
present. If you want to make any changes, click Back to edit the values that
you input. Click Next to begin the uninstallation process.
8. When the selected features have been uninstalled, click Finish to close the
Uninstall wizard.
What to do next
Clean your systems by removing files that remain after uninstalling. For more
information, see the Uninstalling: Remove files topic.
To remove all Lotus Connections application files, delete the lotus_connections_root
directory.
Note:
v Do not delete the Lotus Connections installation directory if you plan to reinstall
Lotus Connections. For more information, see the Uninstalling: Remove files topic.
v Before you begin, make a back-up copy of the lastSessionDefaults.properties
file (located in the lotus_connections_root directory). This preferences file will be
useful if you want to reinstall Lotus Connections later.
Related tasks
“Removing a pilot deployment” on page 29
Uninstall a pilot deployment of IBM Lotus Connections.
“Uninstalling: Remove files” on page 199
After uninstalling Lotus Connections, or a subset of features, clean up your system
by removing redundant files and directories.
“Uninstalling: delete databases with the database wizard” on page 202
Use the database wizard to delete databases.
“Uninstalling: Manually drop databases” on page 203
After you have uninstalled a Lotus Connections feature, you can drop related
databases by using the database wizard or by following this manual procedure.
Uninstalling a network deployment
Uninstall a network deployment of Lotus Connections or remove selected features.
Before you begin
Identify the first node in the cluster where you installed Lotus Connections, so that
you can uninstall the product in the correct sequence. You can identify the first
node by checking for the presence of the lotus_connections_root directory.
Subsequent nodes also have the lotus_connections_root, but only the first node has a
version directory.
194
IBM Lotus Lotus Connections 2.5 Installation Guide
About this task
Uninstall Lotus Connections by first removing the subsequent nodes from the
cluster and then uninstalling the product from the first node of the cluster.
Note: You can always identify the first node because its lotus_connections_root
directory contains a version directory. Subsequent nodes do not have a version
directory under the lotus_connections_root directory.
To uninstall a Lotus Connections cluster, complete the following steps:
Procedure
1. Stop all the clusters that you configured by completing the following steps:
a. Log in to the WebSphere Application Server Integrated Solutions Console of
the Deployment Manager by going to the following Web address in a
browser:
http://<dm_host_name>:9060/ibm/console
where <dm_host_name> is the host name of the Deployment Manager.
b. Select Servers → Clusters.
c. Select the check box beside the cluster that is hosting the Lotus Connections
features and then click Stop.
2. Delete the subsequent members of each cluster:
a. In the WebSphere Application Server Integrated Solutions Console, select
Servers → Clusters → <cluster_name> → Cluster members, where
<cluster_name> is the name of a cluster that you created. For example:
activitiesCluster.
b. Select the check boxes beside the subsequent members of each cluster and
click Delete. Do not delete the first node.
c. Click Save.
3. Remove the subsequent nodes from each cluster:
a. Log into a subsequent node that you want to remove from the cluster.
b. Open a command prompt and change to the profile_root/bin directory.
c. Run the removeNode script to remove this node:
v AIX or Linux:
removenode.sh
[-username uid] [-password pwd]
v Windows:
removenode.bat
[-username uid] [-password pwd]
where uid and pwd are the Deployment Manager (DM) administrator
username and password.
d. Repeat sub-steps a-c to remove other subsequent nodes.
4. Uninstall Lotus Connections from the first node of each cluster:
a. Log into a first node as the system administrator.
b. Open a command prompt and change to the lotus_connections_root/
uninstall directory.
c. Run the uninstallation wizard:
v AIX or Linux:
./uninstall.sh
Chapter 1. Installing
195
v Windows:
uninstall.bat
d. Select a language to use for the installation procedure and click Next.
e. On the Welcome page of the Uninstallation Wizard, click Next.
f. Select the Network deployment option and click Next.
g. Enter the properties of the WebSphere Application Server Deployment
Manager and click Next.
Host name
Name or IP address of the host DM server
SOAP port
SOAP port number of the DM server
Administrative ID
Administrative ID of the DM
Password
Password for the Administrative ID of the DM
h. Select the features that you want to uninstall and click Next.
Note: Do not uninstall the News or Search feature unless you are removing
the entire product or reinstalling the News or Search feature.
i. Review the summary panel to verify that the features you want to remove
are present. If you want to make any changes, click Back to edit the values
that you input. Click Next to begin the uninstallation process.
j. When the selected features have been uninstalled, click Finish to close the
uninstallation wizard.
k. To remove all Lotus Connections application files, delete the
lotus_connections_root directory.
Note:
v Do not delete the lotus_connections_root directory if you plan to reinstall
Lotus Connections. For more information, see the Uninstalling: Remove files
topic.
v Before you begin, make a back-up copy of the
lastSessionDefaults.properties file (located in the lotus_connections_root
directory). This preferences file will be useful if you want to reinstall
Lotus Connections later.
l. Repeat sub-steps a-k for the first node of each cluster.
What to do next
Clean your systems by removing files that remain after uninstalling. For more
information, see the Uninstalling: Remove files topic.
196
IBM Lotus Lotus Connections 2.5 Installation Guide
Related tasks
“Uninstalling: Remove files” on page 199
After uninstalling Lotus Connections, or a subset of features, clean up your system
by removing redundant files and directories.
“Uninstalling: delete databases with the database wizard” on page 202
Use the database wizard to delete databases.
“Uninstalling: Manually drop databases” on page 203
After you have uninstalled a Lotus Connections feature, you can drop related
databases by using the database wizard or by following this manual procedure.
Manually uninstalling Lotus Connections
Uninstall Lotus Connections without using the uninstallation wizard.
Before you begin
Perform this task only if you are having trouble using the uninstallation wizard or
if you want to clean your environment after an installation failure.
About this task
To uninstall Lotus Connections manually, complete the following steps:
Procedure
1. (Network deployment only.) Remove all the nodes from each cluster:
a. Log into a node that you want to remove from a cluster.
b. Open a command prompt and change to the profile_root/bin directory.
c. Run the removeNode script file to remove this node:
v AIX or Linux:
removenode.sh
[-username uid] [-password pwd]
v Windows:
removenode.bat
[-username uid] [-password pwd]
where uid and pwd are the Deployment Manager (DM) administrator
username and password.
d. Repeat sub-steps a-c until you have removed all the nodes in each cluster.
2. Remove Lotus Connections files from each system or node where Lotus
Connections is installed:
a. (Network deployment only.) Delete the profile_root/config/cells/
<cell_name>/LotusConnections-config directory.
where <cell_name> is the name of the cell that contains the node.
b. (Network deployment only.) Delete the registry.xml file in
profile_root/config/cells/<cell_name> directory.
c. Delete the lotus_connections_root directory.
3. Remove WebSphere Application Server settings:
a. Log in to the WebSphere Application Server Integrated Solutions Console by
going to the following Web address in a browser:
http://<web_server_host_name>:9060/ibm/console
Chapter 1. Installing
197
b. Select Applications → Enterprise Applications and Applications, select the
link for each Lotus Connections feature, and then click Uninstall.
c. Remove the following WebSphere Application Server configuration items:
Table 43. WebSphere Application Server configuration items
WebSphere Application Server menu item
Configuration setting
Resources->JDBC->JDBC Providers
<feature_name>JDBC
Resources->JDBC->Data source
<feature_name>
Resources->JMS->Queue Connection
factories
<feature_name> QCF
Resources->JMS->Queues
<feature_name> Events Outbound Queue
<feature_name> Events Inbound Queue
News Events Outbound Communities
Queue
News Events Outbound Home Page Queue
Resources->JMS->Activation Specifications
Communities Events Inbound Activation
Spec
Homepage Events Inbound Activation Spec
News Events Inbound Activation Spec
Resources->Asynchronous beans->Timer
managers
WikisTimerManager
Resources->Asynchronous beans->Work
managers
CommunitiesWorkManager
FilesTimerManager
communitiesEventQueue
FilesWorkManager
NewsWorkManager
SearchWorkManager
WikisWorkManager
Resources->Cache instances->Object cache
instances
dogear.freshness
wikis.freshness
files.freshness
Resources->Mail->Mail sessions
lcnotification
Resources->Resource Environment>Resource Environment Providers
QuickrWhitelistProvider
Resources->Resource Environment>Resource Environment entries
QuickrWhitelistProvider
JAAS - J2C authentication data
<feature_name>JAASAuth
connectionsAdmin
Bus security
Network Deployment: ConnectionsBus
Stand-alone Deployment:
Connections_<server_name>_Bus
198
IBM Lotus Lotus Connections 2.5 Installation Guide
Table 43. WebSphere Application Server configuration items (continued)
WebSphere Application Server menu item
Configuration setting
Environment->WebSphere Variables
<feature_name>_HOME
<feature_name>_JDBC_DRIVER_HOME
ACTIVITIES_CONTENT_DIR
ACTIVITIES_STATS_DIR
BLOGS_CONTENT_DIR
BLOGS_INDEX_DIR
BLOGS_LOCAL_INDEX_DIR
COMMUNITIES_INDEX_DIR
COMMUNITIES_STATS_DIR
DOGEAR_FAVICON_DIR
DOGEAR_INDEX_DIR
FORUM_CONTENT_DIR
FORUM_STATS_DIR
PROFILES_CACHE_DIR
PROFILES_INDEX_DIR
PROFILES_STATS_DIR
SEARCH_DICTIONARY_DIR
SEARCH_INDEX_DIR
4. (Network deployment only.) Repeat step 3 on WebSphere Application Server
Network Deployment.
5. (Network deployment only.) Delete all the clusters:
a. Log in to the WebSphere Application Server Integrated Solutions Console by
going to the following Web address in a browser:
http://<deployment_manager_host_name>:9060/ibm/console
b. Select Servers → Clusters.
c. Select the check box beside each cluster that hosts Lotus Connections
features and click Delete.
d. Click Save.
Uninstalling: Remove files
After uninstalling Lotus Connections, or a subset of features, clean up your system
by removing redundant files and directories.
Before you begin
Ensure that WebSphere Application Server is stopped.
Chapter 1. Installing
199
About this task
Data directories are file system directories that store feature artifacts such as
images and documents that users created in the production environment. Before
removing files and directories, ensure that you do not plan to use them again.
If you want to remove all data directories, and if all of your data directories are
stored under a single parent directory, delete the parent directory to remove all
data directories.
To remove Lotus Connections files and directories, complete the following steps:
Note: The directory locations in this task are based on the default locations
selected by the installation wizard. If you specified different locations for the data
directories during the installation, delete those directories instead.
Procedure
1. Activities: Delete the following directories:
v AIX or Linux:
– lotus_connections_root/Data/Activities/content
– lotus_connections_root/Data/Activities/statistic
v Microsoft Windows:
– lotus_connections_root\Data\Activities\content
– lotus_connections_root\Data\Activities\statistic
Note: Remove the following files, if they are present, from the
app_server_root/lib/ext directory:
v commons-codec-1.3-minus-mp.jar
v commons-collections-3.1.jar
v commons-configuration-1.1.jar
v commons-lang-2.0.jar
v lc.config.svc-1.1.jar
v oatai.jar
2. Blogs: Delete the following directories:
v AIX or Linux:
– lotus_connections_root/Data/Blogs/index
– lotus_connections_root/Data/Blogs/upload
v Windows:
– lotus_connections_root\Data\Blogs\index
– lotus_connections_root\Data\Blogs\upload
3. Communities: Delete the following directories:
v AIX or Linux:
– lotus_connections_root/Data/Communities/content
– lotus_connections_root/Data/Communities/statistic
v Windows:
– lotus_connections_root\Data\Communities\content
– lotus_connections_root\Data\Communities\statistic
4. Dogear: Delete the following directories:
v AIX or Linux:
200
IBM Lotus Lotus Connections 2.5 Installation Guide
– lotus_connections_root/Data/Dogear/favorite
– lotus_connections_root/Data/Dogear/index
v Windows:
– lotus_connections_root\Data\Dogear\favorite
– lotus_connections_root\Data\Dogear\index
5. Files: Delete the following directory:
v AIX or Linux:
– lotus_connections_root/Data/Files/upload
v Windows:
– lotus_connections_root\Data\Files\upload
6. Profiles: Delete the following directories:
v AIX or Linux:
– lotus_connections_root/Data/Profiles/cache
– lotus_connections_root/Data/Profiles/index
– lotus_connections_root/Data/Profiles/statistic
v Windows:
– lotus_connections_root\Data\Profiles\cache
– lotus_connections_root\Data\Profiles\index
– lotus_connections_root\Data\Profiles\statistic
7. Search: Delete the following directories:
v AIX or Linux:
– lotus_connections_root/Data/Search/dictionary
– lotus_connections_root/Data/Search/index
Note: If you plan to re-install Lotus Connections, complete these additional
steps to manually clear out the Stellent environment variables in your Linux
or AIX environment:
– AIX: Open the /etc/profile file for editing and remove any export
statements for the LIBPATH and PATH variables that contain the
<SEARCH_HOME>/dcs/oiexport path, where <SEARCH_HOME> is a
WebSphere Application Server environment variable that points to the
directory where the Search feature was installed.
– Linux: Open the /etc/profile file for editing and remove any export
statements for the LD_LIBRARY_PATH and PATH variables that contain
the <SEARCH_HOME>/dcs/oiexport path, where <SEARCH_HOME> is a
WebSphere Application Server environment variable that points to the
directory where the Search feature was installed.
v Windows:
– lotus_connections_root\Data\Search\dictionary
– lotus_connections_root\Data\Search\index
8. Wikis: Delete the following directory:
v AIX or Linux:
– lotus_connections_root/Data/Wikis/upload
v Windows:
– lotus_connections_root\Data\Wikis\upload
Chapter 1. Installing
201
Related tasks
“Uninstalling a stand-alone deployment” on page 193
Uninstall a stand-alone deployment of Lotus Connections from your system.
“Uninstalling a network deployment” on page 194
Uninstall a network deployment of Lotus Connections or remove selected features.
Uninstalling: delete databases with the database wizard
Use the database wizard to delete databases.
About this task
To delete databases with the database wizard, complete the following steps:
Procedure
1. Log in as the database administrator, using the account that you created when
you installed the database.
2. From the Lotus Connections wizards directory, run the following script file to
launch the wizard:
v AIX:
./dbWizard.sh
v Linux:
./dbWizard.sh
v Microsoft Windows:
dbWizard.bat
3. On the Welcome panel, click Launch Information Center to open the Lotus
Connections Information Center in a browser window. Click Next to continue.
4. Select the option to delete a database, and click Next.
5. Specify the relevant database information, and then click Next:
a. Select a database type.
b. Select the location of the database.
c. Specify a database instance.
Note: The database instance that you specify must already exist on your
system.
6. Select the feature databases that you want to delete and click Next.
Note: Feature databases that are not installed are greyed out.
7. Review the Pre-Configuration Task Summary to ensure that the values you
entered on previous panels are correct. If you want to make a change, click
Back to edit the value. Click Delete to begin deleting databases.
8. Review the Post Configuration Task Summary panel and, if necessary, click
View Log to open the log file. Click Finish to exit the wizard.
202
IBM Lotus Lotus Connections 2.5 Installation Guide
Related tasks
“Uninstalling a stand-alone deployment” on page 193
Uninstall a stand-alone deployment of Lotus Connections from your system.
“Uninstalling a network deployment” on page 194
Uninstall a network deployment of Lotus Connections or remove selected features.
Uninstalling: Manually drop databases
After you have uninstalled a Lotus Connections feature, you can drop related
databases by using the database wizard or by following this manual procedure.
Before you begin
v All database instances should be running during this procedure
v All open applications should be disconnected from the database.
v If the database server and WebSphere Application Server are on different
systems, you must copy the database creation scripts to the system that hosts the
database server.
v The Wizards directory is located in the Lotus Connections installation media.
About this task
If you prefer not to use the database wizard, use this procedure to manually drop
DB2, Oracle, or Microsoft SQL Server databases.
Complete the following steps for your database type:
Procedure
v DB2:
1. Log in to the database server with an authorized administrator account.
Note: The default administrator account is db2inst1 on AIX and Linux, and
db2admin on Windows.
2. Run the following command for each feature whose database you want to
drop:
db2 -tvf dropDb.sql
The SQL script is located in the following directory:
– AIX or Linux: Wizard/connections.sql/<feature_subdirectory>/db2
Note: Linux on System z only: If your operating system is Linux on
System z, the SQL scripts for DB2 are located in the
connections.s390.sql<feature_subdirectory> directory of the Lotus Connections
set-up directory or installation media.
– Microsoft Windows: Wizards\connections.sql\<feature_subdirectory>\
db2
where <feature_subdirectory> is the directory for a Lotus Connections feature.
v Oracle:
1. Log in to the database server with an authorized administrator account.
Note: The default administrator account is oracle.
2. Set the ORACLE_SID.
3. Run SQL Plus by typing the following command:
sqlplus /NOLOG
Chapter 1. Installing
203
4. Type the following command to log in as an administrator with the sysdba
role:
connect as sysdba
5. Run the following command for each feature that you want to drop:
– AIX or Linux:
@Wizards/connections.sql/<feature_subdirectory>/oracle/dropDb.sql
– Windows:
@Wizards\connections.sql\<feature_subdirectory>\oracle\dropDb.sql
where <feature_subdirectory> is the directory for a Lotus Connections feature.
Note: To drop the Communities forum database, run the following script,
located in the communities subdirectory:
dropDb_forum.sql
v SQL Server:
1. Launch a command prompt window.
2. Run the following command for each feature that you want to drop:
sqlcmd -U <admin_user> -P <admin_password>
-i Wizards\connections.sql\
<feature_subdirectory>\sqlserver\
dropDb.sql
where <feature_subdirectory> is the directory for a Lotus Connections feature.
Note: If your SQL Server database has multiple instances, add the following
line as the first parameter of the command:
-S <sqlserver_server_name>\<sqlserver_server_instance_name>
where <sqlserver_server_name> is the name of the SQL Server database, and
<sqlserver_server_instance_name> is the name of each database instance.
Related tasks
“Uninstalling a stand-alone deployment” on page 193
Uninstall a stand-alone deployment of Lotus Connections from your system.
“Uninstalling a network deployment” on page 194
Uninstall a network deployment of Lotus Connections or remove selected features.
204
IBM Lotus Lotus Connections 2.5 Installation Guide
Chapter 2. Security
Find out what security features are provided by default in Lotus Connections and
what procedures you can perform to further secure your implementation of the
product.
Enabling virus scanning
Edit configuration property settings to force the features that handle uploaded files
to scan all files for viruses.
Before you begin
IBM Lotus Connections does not provide virus scanning software, but it does
enable you to use existing virus scanning services implemented within your
corporate infrastructure. Before you begin this procedure, find out the location of
the virus scanning service.
Lotus Connections supports the Internet Content Adaptation Protocol (ICAP) and
its features use this protocol to communicate with virus detection products. Ensure
that the virus detection product used in your enterprise supports the ICAP 1.0
protocol. Lotus Connections is certified to work with Symantec AntiVirus Scan
Engine 5.1 and McAfee Web Security Appliance (3400) and (3300).
To edit configuration files, you must use the wsadmin client. See Starting the
wsadmin client for details.
About this task
The Bookmarks and Home page features do not implement virus scanning because
no files or images are uploaded to those feature databases.
To enable virus scanning for Activities, Blogs, Communities, Files, Profiles, and
Wikis, complete the following steps:
Procedure
1. Use the wsadmin client to access and check out the Lotus Connections
configuration files.
a. Use one of the following commands to access the Lotus Connections
configuration file:
v Stand-alone deployment: execfile("connectionsConfig.py")
v Network deployment: execfile("<$WAS_HOME>/profiles/<DMGR>/config/
bin_lc_admin/connectionsConfig.py")
If you are prompted to specify which server to connect to, type 1.
Note: This information is not used by the wsadmin client when you are
making configuration changes.
b. Check out the Lotus Connections configuration files using the following
command:
LCConfigService.checkOutConfig("<working_directory>","<cell_name>")
where:
© Copyright IBM Corp. 2007, 2010
205
v <working_directory> is the temporary working directory to which the
configuration XML and XSD files are copied and are stored while you
make changes to them. Use forward slashes to separate directories in the
file path, even if you are using the Microsoft Windows operating system.
v <cell_name> is the name of the WebSphere Application Server cell hosting
the Lotus Connections feature. This argument is required even in
stand-alone deployments. This argument is also case-sensitive, so type it
with care. If you do not know the cell name, do one of the following to
determine it:
– Stand-alone deployment: Look at the directory name in the following
directory in the file system:
<$WAS_HOME>\profiles\<profile_name>\config\cells\
– Network deployment: Type the following command while in the
wsadmin command processor:
print AdminControl.getCell()
For example:
v AIX/Linux:
LCConfigService.checkOutConfig("/opt/temp","foo01Cell01")
v Microsoft Windows:
LCConfigService.checkOutConfig("c:/temp","foo01Cell01")
2. From the temporary directory to which you just checked out the Lotus
Connections configuration files, open the LotusConnections-config.xml file in a
text editor.
3. Uncomment the following block of XML, which can be found in the avFilter
section:
<!--avFilter class="AVScannerICAP">
<property>av.scanner.servers=<myscanner.host.com></property>
<property>exception.on.virus=yes</property>
<property>av.scanner.service=<scanner.service></property>
</avFilter-->
4. Replace references to <scanner.service> with the name of the ICAP response
modification service on the ICAP-enabled scanner. Select one of the following
options:
RESPMOD
Represents McAfee virus scanning software
AVSCAN
Represents Symantec virus scanning software
Or add the ICAP response modification service for the virus scanning software
that you want to support.
5. Replace references to <myscanner.host.com> with the server name or IP address
of the system hosting the virus scanner. To specify more than one server,
separate multiple server names or IP addresses with commas. For example:
<avFilter class="AVScannerICAP">
<property>av.scanner.servers=my.virus.scanning.server.com</property>
<property>exception.on.virus=yes</property>
<property>av.scanner.service=RESPMOD</property>
</avFilter>
6. To support scanning large files, specify values for the av.chunk.size and
first.read.timeout properties: For example:
206
IBM Lotus Lotus Connections 2.5 Installation Guide
<avFilter class="AVScannerICAP">
...
<property>av.chunk.size=50000</property>
<property>first.read.timeout=120000</property>
</avFilter>
7. Save your changes to the LotusConnections-config.xml file.
8. After making changes, you must check the configuration files back in and you
must do so during the same wsadmin session in which you checked them out
for the changes to take effect. See Applying common configuration property changes
for information about how to save and apply your changes.
Forcing users to log in before they can access a feature
Change the access levels of members or groups to require them to provide
credentials before they can access a Lotus Connections feature.
Before you begin
Do not perform this task if you plan to use the Lotus Connections Multi-Service
Portlet plug-in or Lotus Connections Plug-in for Sametime. These extensions do
not function as expected when Lotus Connections is configured to force
authentication.
The reader role of the Communities feature is set to Everyone by default. If you
perform this procedure to change the reader role access level for any of the
features that have widgets that are displayed within the Communities feature, you
must also make the same change to the Communities reader role or the widget
will no longer work in Communities.
About this task
In an effort to invite people to join the social networking community, many of the
Lotus Connections features allow users to read public information, such as public
blogs or user profiles without requiring users to log in to the feature first. In many
cases, it is not until you want to edit your own profile or blog that credentials are
required. If you do not want people or a subset of people to be able to freely
browse through public information, you can force them to log in to each feature
before they can view any content.
To force users to log in before they can access a feature, complete the following
steps:
Procedure
1. Open the Integrated Solutions Console of the WebSphere Application Server
hosting the feature for which you want to restrict access.
2. Expand Applications, and then select Enterprise Applications.
3. Select the feature.
Note: If you select the Profiles feature and the Profiles directory service
extension is enabled, you must also enable single sign-on for LDAP. See
Enabling single sign-on for standalone LDAP for more details.
4. Click Security role to user/group mapping.
5. Select the check box in the All authenticated? column, and then select the
check box in the Select column next to the reader role.
Chapter 2. Security
207
6. If you want to require only a subset of users to authenticate before they gain
access, click Look up users or Look up groups to retrieve a list of users and
groups from your directory, and then select a user or group to apply this
access level to.
7. Repeat the previous steps for each feature that you want to force user to
authenticate with before using.
Note:
v Activities and Home page require users to authenticate by default. The
other features do not.
v As long as you have configured single sign-on between the features,
requiring authentication for each feature does not prompt the same users
for credentials as they move from one feature to another within a single
session. It only prompts for credentials when users log in to the first
feature. See Enabling single sign-on between all features for more information.
v If you restrict access to the reader role for the Profiles feature, then you
must enable the Lotus Connections directory service extensions. See
Enabling Lotus Connections directory service extensions for details. If you do
not, then users might have trouble logging in to the other features.
8. Click OK. Click Apply, and then click OK.
9. If you restrict access to the reader role and the product is configured to use
the Profiles database to search for users, then you must also specify an
authentication mechanism for the directory service extension. If you do not,
then users might have trouble logging in to the other features.
a. Use one of the following commands to access the Lotus Connections
configuration file:
v Stand-alone deployment: execfile("connectionsConfig.py")
v Network deployment: execfile("<$WAS_HOME>/profiles/<DMGR>/config/
bin_lc_admin/connectionsConfig.py")
If you are prompted to specify which server to connect to, type 1.
Note: This information is not used by the wsadmin client when you are
making configuration changes.
b. Check out the Lotus Connections configuration files using the following
command:
LCConfigService.checkOutConfig("<working_directory>","<cell_name>")
where:
v <working_directory> is the temporary working directory to which the
configuration XML and XSD files are copied and are stored while you
make changes to them. Use forward slashes to separate directories in the
file path, even if you are using the Microsoft Windows operating
system.
v <cell_name> is the name of the WebSphere Application Server cell
hosting the Lotus Connections feature. This argument is required even
in stand-alone deployments. This argument is also case-sensitive, so type
it with care. If you do not know the cell name, do one of the following
to determine it:
– Stand-alone deployment: Look at the directory name in the following
directory in the file system:
<$WAS_HOME>\profiles\<profile_name>\config\cells\
– Network deployment: Type the following command while in the
wsadmin command processor:
208
IBM Lotus Lotus Connections 2.5 Installation Guide
print AdminControl.getCell()
For example:
v AIX/Linux:
LCConfigService.checkOutConfig("/opt/temp","foo01Cell01")
v Microsoft Windows:
LCConfigService.checkOutConfig("c:/temp","foo01Cell01")
c. Use the following command to change the type of authentication that is
used:
LCConfigService.updateConfig("profiles.directory.service.extension.auth",
"DSX-Admin")
d. After making changes, you must check the configuration files back in and
you must do so during the same wsadmin session in which you checked
them out for the changes to take effect. See Applying common configuration
property changes for information about how to save and apply your
changes.
10. Blogs only: Create rewrite rules in the configuration file for the IBM HTTP
Server to remap Atom API requests. Open the httpd.conf file which is stored
in the ibm_http_server_root/conf directory, and then add the following rules
to the file:
RewriteCond %{REQUEST_URI} !^/blogs/roller-ui/rendering/(.*)
RewriteRule ^/blogs/(.*)/api/(.*) /blogs/roller-ui/rendering/api/$1/api/$2 [R,L]
RewriteCond %{REQUEST_URI} !^/blogs/roller-ui/rendering/(.*)
RewriteRule ^/blogs/(.*)/feed/tags/atom(.*) /blogs/roller-ui/rendering/feed/ $1/tags/atom/ [R,L]
RewriteCond %{REQUEST_URI} !^/blogs/roller-ui/rendering/(.*)
RewriteRule ^/blogs/(.*)/feed/entries/atom(.*) /blogs/roller-ui/rendering/ feed/$1/entries/atom/ [R,L]
RewriteCond %{REQUEST_URI} !^/blogs/roller-ui/rendering/(.*)
RewriteRule ^/blogs/(.*)/feed/comments/atom(.*) /blogs/roller-ui/rendering/
feed/$1/comments/atom/ [R,L]
Configuring single sign-on
Set up single sign-on integration between IBM Lotus Connections and other IBM
products and third-party security products.
How single sign-on works
Lotus Connections uses Single Sign-on (SSO) to secure the transfer of user ID and
password information that is used to authenticate with the system. With SSO, users
can switch to different features without needing to authenticate again.
SSO is automatically enabled when Lotus Connections is installed on a single
WebSphere Application Server profile or when different profiles are federated into
the same cell.
You can configure SSO in different ways — through WebSphere Application Server
using LTPA keys, by using an authenticating reverse proxy such as WebSeal or
SiteMinder (neither of which needs to rely on LTPA), or with your own customized
implementation integrated into WebSphere Application Server through JAAS and
JACC.
Server-to-server authentication
SSO solutions can inadvertently block back-end server-to-server communication.
Lotus Connections 2.5 adds a server-to-server authenticator that prevents internal
communication being blocked by your SSO solution. The configuration settings for
Chapter 2. Security
209
the authenticator are stored in the customAuthenticator element in the
LotusConnections-config.xml file.
Using Single sign-on LTPA keys
Use single sign-on (SSO) with Lightweight Third-Party Authentication (LTPA) to
allow Lotus Connections users to re-use their authentication details for accessing
Profiles data and Communities membership.
Before you begin
This task assumes that you have already configured federated repositories and that
you are familiar with setting up SSO on WebSphere Application Server. For more
information, see the Single sign-on settings topic in the WebSphere Application
Server information center.
Notes:
v You can enable SSO whether the features are all on one server or are distributed
across different servers.
v If you are enabling SSO between Lotus Connections and a product that is
deployed on a pre-6.1 version of WebSphere Application Server, or if the product
is using IBM Lotus Domino, you must first complete the steps described in the
Enabling SSO with stand-alone LDAP topic.
About this task
Complete the following steps to use SSO LTPA keys in Lotus Connections.
Procedure
1. Check out the LotusConnections-config.xml file. For more information about
editing configuration files, see the Editing configuration files topic.
2.
3.
4.
5.
6.
7.
8.
9.
10.
To enable SSO, set the communities_directory_service_extension_auth
attribute to SSO.
Optional: By default, the Profiles feature uses lazy authentication and the
profiles_directory_service_extension_auth attribute is set to none. To force
authentication for Profiles, set the value of the
profiles_directory_service_extension_auth attribute to SSO.
Optional: To disable private membership for the Communities feature, set the
value of the communities_directory_service_extension_auth attribute to
None.
Save and check in the LotusConnections-config.xml file.
Stop and restart WebSphere Application Server.
Log in to the WebSphere Application Server Integrated Solutions Console.
Click Security > Secure Administration, applications and infrastructure.
Under Authentication, expand Web security and select single sign-on (SSO).
Type your domain name in the Domain name field, ensuring that you add a
dot (.) before the domain name. For example: .example.com.
Notes:
v The domain name must be part of the host name.
v If you are installing the pilot version of Lotus Connections, enter the host
name of the server here, using the same value that you used in the pilot
installation wizard.
210
IBM Lotus Lotus Connections 2.5 Installation Guide
11. Select the Interoperability mode and Web inbound security attribute
propagation check boxes.
12. Restart all your installed features and check that you can switch between
them without needing to authenticate more than once.
Example
Use the following excerpt from a sample LotusConnections-Config.xml file as a
guide:
<sloc:serviceReference
communities_directory_service_extension_auth="DSX-Admin"
communities_directory_service_extension_auth_alias="connectionsAdmin"
communities_directory_service_extension_enabled="true"
communities_directory_service_extension_href=
"http://enterprise.acme.com:9080/communities/dsx/"
profiles_directory_service_extension_auth="None"
profiles_directory_service_extension_auth_alias="connectionsAdmin"
profiles_directory_service_extension_enabled="true"
profiles_directory_service_extension_href=
"http://enterprise.acme.com:9080/profiles/dsx/"
serviceName="directory"
/>
Note:
Each href attribute in the LotusConnections-config.xml file is case-sensitive and
must specify a fully-qualified domain name.
What to do next
If you are using SSL or TLS, you must update the href setting with "HTTPS" and
the port number.
Related tasks
“Creating a user information file” on page 17
Use actual user identities with the pilot deployment of Lotus Connections.
Enabling single sign-on for Tivoli Access Manager
Configure Lotus Connections to use single sign-on with Tivoli Access Manager.
Before you begin
Before you begin this task, ensure that the Realm Name field in the Federated
repositories section of the WebSphere Application Server Integrated Solutions
console uses the same value as the LDAP name, including the port number. For
example, if the primary repository host name is ldapserver.example.com and the port
number is 389, then you would enter ldapserver.example.com:389 in the Realm Name
field.
You must first install Lotus Connections and successfully access the installed
features from a Web browser before you can enable single sign-on. You must also
have IBM Tivoli Access Manager for e-business, version 6.0, installed before you
can perform this procedure.
The WebSphere Application Server single sign-on domain must be set to the same
value as that of the Tivoli Access Manager server.
Notes:
Chapter 2. Security
211
v This is an optional configuration. For more information about IBM Tivoli Access
Manager, go to the Tivoli Access Manager information center.
v If you are enabling SSO between Lotus Connections and a product that is
deployed on a pre-6.1 version of WebSphere Application Server, or if the product
is using IBM Lotus Domino, you must first complete the steps described in the
Enabling SSO with stand-alone LDAP topic.
v The connectionsAdmin J2C alias that you specified during installation must
correspond to a valid user in your LDAP directory or it cannot be authenticated
for SSO. If you need to update the credentials for this alias, see the Changing
references to administrative credentials topic.
v Lotus Connections supports the WebSphere cookie-based lightweight third-party
authentication (LTPA) mechanism as an SSO solution for Tivoli Access Manager.
Lotus Connections does not support other SSO solutions that WebSEAL supports
such as WebSphere Trust Association Interceptor (TAI), Forms SSO,
Cross-domain SSO, or E-community SSO.
v Lotus Connections supports the use of SSL Transparent Path junctions with
Tivoli Access Manager. Lotus Connections does not support TCP type junctions
or Tivoli Access Manager Standard junctions.
v Lotus Connections does not support the use of SPNEGO with Tivoli Access
Manager.
About this task
Single sign-on (SSO) enables users to log into one feature of Lotus Connections and
switch to other features and resources without having to authenticate again.
There are several different ways to configure SSO. This procedure describes one
approach. It uses a WebSphere Application Server LTPA key and WebSEAL
Transparent Junctions.
To set up SSO using Tivoli Access Manager, complete the following steps:
Procedure
1. To support SSO with the Lightweight Third-Party Authentication (LTPA) key,
the same keys and passwords must be shared by the Tivoli Access Manager
and WebSphere Application Server. Export keys and passwords from the
WebSphere Application Server key store and configure Tivoli Access Manager
to use them. To export the key from WebSphere Application Server, complete
the following steps:
a. Log into the WebSphere Application Server Integrated Solutions Console
as an administrator, expand Security, and then click Secure
administration, applications, and infrastructure.
b. Click Authentication mechanisms and expiration, and then in the
Cross-cell single sign-on section, provide values for the following fields:
v Password – Type a secure password that you will remember. You will
need to provide this password later
Note: Confirm the password.
v Fully qualified key file name – Specify a valid path and a file name for
the file that will hold the exported keys
c. Click Export keys.
2. Click OK to return to the Secure administration, applications, and
infrastructure page, expand Web security, and then click General settings.
212
IBM Lotus Lotus Connections 2.5 Installation Guide
Select Use available authentication data when an unprotected URI is
accessed if it is not already selected, and then click Apply. Click OK.
3. If you are using SSL junctions and IBM HTTP Server, import your IBM HTTP
Server certificate into the Tivoli Access Manager keystore. For more
information, see the Configuring IBM HTTP Server topics.
4. Optional: Use the exported LTPA key to configure the transparent path
junctions in Tivoli Access Manager. To do so, complete the following steps:
a. Open the pdadmin command line utility, which is installed as part of the
Tivoli Access Manager runtime package.
b. Enter the following command once for each junction; you must set up one
transparent path junction for each installed feature:
Note: Do not include the carriage returns in the command. They were
added for printing purposes.
server task <WebSEAL-instance-name> create -t ssl
-h <backend-server-name> -x -p <backend-server-port> -i -b ignore -f
-A -2
-F <ltpa-token> -Z <ltpa-password> <transparent-path-jct>
where:
v <WebSEAL-instance-name> is the name of the WebSEAL server. Use the
following syntax:
<WebSEAL_instance>-webseald-<tam_host_name>
where <WebSEAL_instance> is the name of the instance of the WebSEAL
server set up to manage Lotus Connections, such as default, and
<tam_host_name> is the host name of the Tivoli Access Manager server,
such as server.name.example.com.
v
v
v
v
For example: default-webseald-server.name.example.com
<backend-server-name> – Domain name of the server for which Tivoli
Access Manager is managing authentication. For example, the IBM
HTTP Server
<backend-server-port> is the port used by the backend server
<ltpa-token> – The name of the file you created to hold the keys
exported from WebSphere Application Server
<ltpa-password> – The password that you defined and that was used to
encrypt the key file
v <transparent-path-jct> – The transparent path junction for the feature. The
<transparent path-jct> must match the URL pattern and must be created
once for each URL pattern. The options are as follows:
– /activities
–
–
–
–
–
–
–
–
/blogs
/communities
/dogear
/files
/homepage
/news
/mobile
/profiles
– /search
– /wikis
Chapter 2. Security
213
For example:
server task default-webseald-server.name.example.com create -t ssl
-h another.server.name.example.com -x -p 443 -i -b ignore -f -A -2
-F c:\jcts\was-sso-key -Z password /profiles
Notes:
v The -2 parameter is needed only if you are using LTPA type 2.
WebSphere Application Server allows both LTPA 1 and LTPA 2.
v If an invalid certificate error occurs, import your<backend-servername> certificate into the WebSEAL certificate store before you create the
junctions.
For more information about using the pdadmin command line utility, go to
the Using pdadmin to create junctions Web page in the Tivoli Access
Manager information center.
5. Create a default Lotus Connections ACL to override the default WebSEAL
ACL by running the following commands:
acl create <default-acl-name>
acl
acl
acl
acl
acl
modify
modify
modify
modify
modify
<default-acl-name>
<default-acl-name>
<default-acl-name>
<default-acl-name>
<default-acl-name>
set
set
set
set
set
user sec_master TcmdbsvaBRlrx
any-other Tmdrx
unauthenticated T
group iv-admin TcmdbsvaBRrxl
group webseal-servers Tgmdbsrxl
6. Attach the ACL to the new junctions by running the following commands:
acl attach /WebSEAL/<server.name.example.com>-default/activities
<default-acl-name>
acl attach /WebSEAL/<server.name.example.com>-default/blogs
<default-acl-name>
acl attach /WebSEAL/<server.name.example.com>-default/communities
<default-acl-name>
acl attach /WebSEAL/<server.name.example.com>-default/dogear
<default-acl-name>
acl attach /WebSEAL/<server.name.example.com>-default/files
<default-acl-name>
acl attach /WebSEAL/<server.name.example.com>-default/homepage
<default-acl-name>
acl attach /WebSEAL/<server.name.example.com>-default/mobile
<default-acl-name>
acl attach /WebSEAL/<server.name.example.com>-default/news
<default-acl-name>
acl attach /WebSEAL/<server.name.example.com>-default/profiles
<default-acl-name>
acl attach /WebSEAL/<server.name.example.com>-default/search
<default-acl-name>
acl attach /WebSEAL/<server.name.example.com>-default/wikis
<default-acl-name>
7. The Atom feeds from Lotus Connections servers use Basic Authentication
because most feed readers are unable to authenticate with Forms Based
Authentication. In this step, instruct Tivoli Access Manager to pass the Atom
HTTP requests through to WebSphere Application Server as unprotected
214
IBM Lotus Lotus Connections 2.5 Installation Guide
resources, which, together with the Lotus Connections features, authenticates
requests via Basic Authentication as needed. To do so, you must define the
access control list (ACL) and then attach the request patterns to it using the
pdadmin command line utility.
a. To define the access control list, enter the following commands:
acl create <acl-name>
acl modify <acl-name> set user sec_master TcmdbsvaBRlrx
acl modify <acl-name> set any-other Tmdrx
acl modify <acl-name> set unauthenticated Tmdrx
acl modify <acl-name> set group iv-admin TcmdbsvaBRrxl
acl modify <acl-name> set group webseal-servers Tgmdbsrxl
where <acl-name> is a name that you define for the access control list. For
example, connections-acl-default.
Note: The any-other parameter refers to authenticated users who are not
defined by other parameters such as sec_master or iv-admin.
b. To attach the access control list to resources that do not require
authentication, run the following command:
acl attach /WebSEAL/<server.name.example.com>-default/
<object-path> <acl-name>
where <server.name.example.com> is the domain, <object-path> is the path to
the resource on that domain, and <acl-name> is the access control list that
you defined in the previous step.
Table 44. Resources that do not require authentication
Feature
Unprotected URL
/activities/bookmarklet/tools/blet.js
/activities/email
Activities
/activities/notify
/activities/serviceconfigs
/activities/service/html/mainpage
/blogs/bookmarklet/tools/blet.js
/blogs/msg.jsp
/blogs/approvedmsg.jsp
/blogs/confirmflagged.jsp
/blogs/notify.jsp
/blogs/notifyedit.jsp
Blogs
/blogs/notifyflagged.jsp
/blogs/notifyquarantined.jsp
/blogs/ownermsg.jsp
/blogs/roller-ui/images
/blogs/nav/footer.html
/blogs/services/xmlrpc
/blogs/serviceconfigs
Chapter 2. Security
215
Table 44. Resources that do not require authentication (continued)
Feature
Unprotected URL
/communities/bookmarklet/tools/blet.js
Communities
/communities/mail
/communities/images
/communities/serviceconfigs
/dogear/bookmarklet/tools/blet.js
Dogear
/dogear/templates
/dogear/serviceconfigs
/files/basic/anonymous/api
Files
/files/form/anonymous/api
/homepage/bookmarklet/tools/blet.js
Home page
/homepage/search
/homepage/serviceconfigs
News
/news/serviceconfigs
/news/atom/stories/public
/profiles/ajax/deleteNewsEntry.do
/profiles/bookmarklet/tools/blet.js
Profiles
/profiles/mail
/profiles/images
/profiles/serviceconfigs
Search
Wikis
/search/atom/search
/search/bookmarklet/tools/blet.js
/wikis/basic/anonymous/api
/wikis/form/anonymous/api
c. To attach the ACL to resources that Lotus Connections protects with basic
authentication, run the following command:
acl attach /WebSEAL/<server.name.example.com>-default/<object-path>
<acl-name>
Table 45. Resources that require basic authentication
Feature
Protected URL
/activities/service/atom
/activities/service/atom2
Activities
/activities/service/getnonce
/activities/service/html/autocompletemembers
/activities/service/html/autocompleteactivityname
/activities/service/html/autocompleteentryname
216
IBM Lotus Lotus Connections 2.5 Installation Guide
Table 45. Resources that require basic authentication (continued)
Feature
Protected URL
/blogs/roller-ui/feed
/blogs/roller-ui/rendering/api
/blogs/services/atom
Blogs
/blogs/roller-ui/rendering/feed
/blogs/api
/blogs/atom
/blogs/roller-ui/blog
/communities/service/atom
Communities
/communities/service/json
/communities/forum/service/atom
/dogear/api
/dogear/atom
/dogear/json
/dogear/snippet
/dogear/count
Dogear
/dogear/lisnippet
/dogear/tagsets
/dogear/tagslike
/dogear/people
/dogear/peoplelike
/dogear/tags
/dogear/xbel
Files
/files/basic/api
Home page
/homepage/atom/mysearch
/news/atom/stories/top
News
/news/atom/stories/saved
/news/atom/service
/news/atom/stories/container
/profiles/atom
/profiles/json
Profiles
/profiles/vcard
/profiles/photo.do
/profiles/audio.do
/profiles/atom2
Wikis
/wikis/basic/api
d. Attach the default Connections ACL (that you created earlier) to resources
that are protected by forms authentication. To attach the ACL to resources
that are protected by forms authentication, run the following command:
acl attach /WebSEAL/<server.name.example.com>-default/<object-path>
<default-acl-name>
Chapter 2. Security
217
Table 46. Resources that require forms authentication
Feature
Protected URL
/activities/service/getnonce/forms
Activities
/activities/service/atom2/forms
/blogs/roller-ui/feed_form
/blogs/roller-ui/rendering/api_form
/blogs/services/atom_form
Blogs
/blogs/roller-ui/rendering/feed_form
/blogs/api_form
/blogs/atom_form
/communities/forum/service/atom/forms
Communities
/communities/service/atom/forms
/dogear/atom_fba
Dogear
/dogear/api_fba
Home page
/homepage/atomfba/mysearch
/news/atomfba/service
/news/atomfba/stories/top
News
/news/atomfba/stories/saved
/news/atomfba/stories/container
/profiles/atom/forms
Profiles
/profiles/atom2/forms
Search
search/atom/mysearch
e. If you are using the Lotus Connections plug-in for SharePoint, set the
required unprotected URLs by running the following command:
acl attach /WebSEAL/<server.name.example.com>-default/<object-path>
<acl-name>
Table 47. Realms for the SharePoint plug-in.
Feature
Unprotected URL resource
Profiles
/profiles/ibm_semantictagservlet/css/semantictagstyles.css
/profiles/nav/common/styles/base/standalonevcard.css
/profiles/resources/js-resources.js
/profiles/resources/js-attr-resources.js
/profiles/javascript/persontag.js
/profiles/javascript/persontagui.js
/profiles/ibm_semantictagservlet/rest/unsecure
/profiles/ibm_semantictagservlet/javascript/semantictagservice.js
/profiles/css/sametime/main.css
/profiles/nav/common/styles/images
/profiles/dojolite_1.2.3/dojo/nls
/profiles/resourcestrings.do
/profiles/nav/common/styles/base/semantictagstyles.css
/profiles/nav/blankIE.html
218
IBM Lotus Lotus Connections 2.5 Installation Guide
8. Specify a dynamic URL pattern to support the Blogs feature and mail
notification:
a. Create a dynurl configuration file named dynurl.conf. The dynurl.conf
file is a plain text file that contains mappings from objects to patterns.
Using a text editor, create the file and add the following content to it:
/blogs/blogsfeed /blogs/*/feed/*
/blogs/blogsapi /blogs/*/api/*
Save the file in the <webseal-instance-docroot>/lib directory. For
example:
v AIX: /usr/Tivoli/PDWeb/www-default/lib
v Linux: /opt/Tivoli/PDWeb/www-default/lib
v Windows: C:\Program Files\Tivoli\PDWeb\www-default\lib
b. To attach the ACL that you created earlier to the dynurl acl, open the
pdadmin command line utility and enter the following commands:
Note: Do not include the carriage returns in the commands. They were
added for printing purposes.
acl attach /WebSEAL/<server.name.example.com>-default/blogs/
blogsfeed <acl-name>
acl attach /WebSEAL/<server.name.example.com>-default/blogs/blogsapi
<acl-name>
where:
v <server.name.example.com> is the host name of the Tivoli Access Manager
server
v <acl-name> is the name of the access control list that you defined earlier
For example:
acl attach /default/<server.name.example.com>
-default/blogs/blogsfeed open
c. To allow large Blogs posts, open the webseald.conf file and add (or
modify) the following parameter: dynurl-allow-large-posts = yes
d. Stop and restart your WebSEAL instance.
9. Configure Tivoli Access Manager to use forms-based authentication over https
by updating the webseald-<server-name>.conf file with the following line in
the [forms] stanza:
forms-auth = https or both
Note: You cannot specify HTTP-only authentication.
10. Configure content filtering by adding the following lines to the
webseald-<server-name>.conf file:
[filter-content-types]
type = text/xml
type = application/atom+xml
[script-filtering]
script-filter = yes
rewrite-absolute-with-absolute = yes
11. Configure Tivoli Access Manager as the reverse proxy for Lotus Connections
by updating the webseald-<server-name>.conf file with the following lines:
Chapter 2. Security
219
Add the following line to the [server] stanza: web-host-name =
<fully-qualified-host-name>
Add the following line to the [session] stanza: use-same-session = yes
12. Update the LotusConnections-config.xml file and update the dynamicHosts
configuration element with the following information:
<dynamicHosts enabled="true">
<host href="http://fully-qualified-host-name"
ssl_href="https://fully-qualified-host-name"/>
</dynamicHosts>
Notes:
v You can also accomplish this task by running the connectionConfig.py script
in the wsadmin client.
v Each href attribute in the LotusConnections-config.xml file is case-sensitive
and must specify a fully-qualified domain name.
v The fully-qualified host name for the web-host-name and the dynamicHosts
configuration must be identical.
13. Determine how you want the system to behave when users log out of Lotus
Connections. By default, when users click the Log out button in the SSO
environment, they are not fully logged out of Lotus Connections. Edit the IBM
HTTP Server configuration file to implement the post-log out behavior. The
IBM HTTP Server configuration file is called httpd.conf and is stored by
default in the following directory:
v AIX: /usr/IBM/HTTPServer/conf
v Linux: /opt/IBM/HTTPServer/conf
v Windows: C:\IBM\HTTPServer\conf
To capture requests to /ibm_security_logout and redirect them to
/pkmslogout, add the following rewrite rules to the httpd.conf file:
RewriteEngine On
RewriteCond %{REQUEST_URI} /(.*)/ibm_security_logout(.*)
RewriteRule ^/(.*) /pkmslogout [noescape,L,R]
Note: You must add these rules to both the HTTP and HTTPS entries.
Ensure that the line that enables mod_rewrite is not commented out by
removing the preceding # symbol. For example:
LoadModule rewrite_module modules/mod_rewrite.so
The following example illustrates a typical portion of the httpd.conf file after
you have implemented the steps described in this task:
RewriteEngine On
RewriteCond %{REQUEST_URI} /(.*)/ibm_security_logout(.*)
RewriteRule ^/(.*) /pkmslogout [noescape,L,R]
LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
<IfModule mod_ibm_ssl.c>
Listen 0.0.0.0:443
<VirtualHost *:443>
ServerName <connections.example.com>
SSLEnable
RewriteEngine On
220
IBM Lotus Lotus Connections 2.5 Installation Guide
RewriteCond %{REQUEST_URI} /(.*)/ibm_security_logout(.*)
RewriteRule ^/(.*) /pkmslogout [noescape,L,R]
</VirtualHost>
</IfModule>
SSLDisable
14. Add a Tivoli Access Manager authenticator property to the Lotus Connections
configuration by editing the LotusConnections-config.xml file.
a. Use the following command to check out the configuration file:
v Stand-alone deployment:
execfile("connectionsConfig.py")
LCConfigService.checkOutConfig("<working_directory>","<cell_name>")
v Network deployment:
execfile("<$WAS_HOME>/profiles/<DMGR>/config/bin_lc_admin/
connectionsConfig.py")
Note: If you are prompted to specify which server to connect to, type 1.
LCConfigService.checkOutConfig("<working_directory>","<cell_name>")
where:
v <working_directory> is the temporary working directory to which the
configuration XML and XSD files are copied and are stored while you
make changes to them. Use forward slashes to separate directories in the
file path, even if you are using the Microsoft Windows operating
system.
v <cell_name> is the name of the WebSphere Application Server cell
hosting the Lotus Connections feature. This argument is required even
in stand-alone deployments. This argument is also case-sensitive. If you
do not know the cell name, do one of the following commands to
determine it:
– Stand-alone deployment: Look at the directory name in the following
directory in the file system:
<$WAS_HOME>\profiles\<profile_name>\config\cells\
– Network deployment: Type the following command while in the
wsadmin client:
print AdminControl.getCell()
For example:LCConfigService.checkOutConfig("/
temp","foo01Cell01")orLCConfigService.checkOutConfig("c:/
temp","foo01Cell01")
b. Update the custom authenticator values by running the following
commands:
1) Configure the custom authenticator to support server-to-server
authentication for Tivoli Access Manager:
LCConfigService.updateConfig("customAuthenticator.name",
"TAMAuthenticator")
2) Set the value of the customAuthenticator.CookieTimeout parameter to
be equal to or less than the maximum timeout and idle timeout values
that you configured in Tivoli Access Manager. Specify the timeout
value in minutes.
LCConfigService.updateConfig
("customAuthenticator.CookieTimeout","<timeout>"
Chapter 2. Security
221
where <timeout> is a value in minutes that is less than or equal to the
Tivoli Access Manager timeout values.
c. If you are using the Profiles database as the user directory, complete the
steps in the Enabling Lotus Connections directory service extensions topic.
d. Check the LotusConnections-config.xml file back in by running the
following command:
LCConfigService.checkInConfig()
15. The value of the cookie timeout attribute in the LotusConnections-config.xml
file must be smaller than the values of the timeout and inactive-timeout
attributes in the webseald-<server-name>.conf file. Check these values in the
[session] stanza of the webseald-<server-name>.conf file and edit them if
necessary.
Note: The values of the timeout parameters in the Tivoli Access Manager
configuration file are given in seconds but the CookieTimeout value in the
LotusConnections-config.xml file is given in minutes.
Use the following example as a guide:
# Maximum lifetime (in seconds) for an entry in the credential cache
# Setting this to zero allows entries in the cache to fill without
expiry until the
# cache contains the number of entries specified by max-entries. After
that
# point, entries are expired according to a least recently used
algorithm.
timeout = 3600
# Lifetime (in seconds) of inactive entries in the credential cache.
# To disable, set to 0.
inactive-timeout = 600
16. Optional: (Only required if you have enabled the Communities or Profiles
directory service extensions.) Configure the Lotus Connections directory
service extensions to point to the Tivoli Access Manager server. Open the
configuration file that is appropriate to your deployment and execute the
command to change the web server, using the following example as a guide:
<sloc:serviceReference
communities_directory_service_extension_auth="DSX-Admin"
communities_directory_service_extension_auth_alias="connectionsAdmin"
communities_directory_service_extension_enabled="true"
communities_directory_service_extension_href=
"http://<your_tam_server>/communities/dsx/"
profiles_directory_service_extension_auth="DSX-Admin"
profiles_directory_service_extension_auth_alias="connectionsAdmin"
profiles_directory_service_extension_enabled="true"
profiles_directory_service_extension_href=
"http://<your_tam_server>/profiles/dsx/"
serviceName="directory"/>
Note: For more information about editing configuration settings, see the
Enabling Lotus Connections directory service extensions and Lotus Connections
directory service extensions topics.
222
IBM Lotus Lotus Connections 2.5 Installation Guide
Related concepts
Securing Lotus Connections
Ensure that your deployment is secure.
Enabling single sign-on for SiteMinder
Configure IBM Lotus Connections to use Computer Associates' SiteMinder to
implement user authentication and single sign-on (SSO).
Before you begin
Before you can enable SSO, you must first install Lotus Connections features and
ensure that you can access the installed features from a Web browser. You must
also have completed the TAI/ASA installation and configuration instructions that
are included with SiteMinder, including registering the TAI/ASA with WebSphere
Application Server.
Notes:
v If you are using a reverse proxy, you must change the HREF URLs for each
feature in the LotusConnections-Config.xml file to refer to the URL of the proxy
server. For more information, see the Configuring a reverse caching proxy topic.
v Each href attribute in the LotusConnections-config.xml file is case-sensitive and
must specify a fully-qualified domain name.
v If you are enabling SSO between Lotus Connections and a product that is
deployed on a pre-6.1 version of WebSphere Application Server, or if the product
is using IBM Lotus Domino, you must first complete the steps described in the
Enabling SSO with stand-alone LDAP topic.
v The connectionsAdmin J2C alias that you specified during installation must
correspond to a valid user in your LDAP directory or it cannot be authenticated
for SSO. If you need to update the credentials for this alias, see the Changing
references to administrative credentials topic.
v WebSphere Application Server 6.1 Fix Pack 23 does not provide the key Java
libraries that you need to install and configure SiteMinder Web agents with
WebSphere Application Server. The procedure to update your files is described
in Step 1 of this task.
About this task
You need to create a domain with realms, rules, and a policy that is related to IBM
HTTP Server and WebSphere Application Server.
When a user logs in, the Web agent creates an smsession cookie with the user's
authentication details and sends it to the WebSphere Application Server agent. This
agent then checks the login credentials in the cookie against the LDAP directory.
The Lotus Connections features can share the authentication details and thus
enable single sign-on (the user can browse all the features without needing to log
in again).
This task describes a configuration that uses SiteMinder Policy Server 6.0 SP5,
SiteMinder ASA 6.0 Agent for WebSphere Application Server (with CR0006 hotfix),
and SiteMinder Web Agent v6qmr5-cr011.
To set up SSO using SiteMinder, complete the following steps:
Chapter 2. Security
223
Procedure
1. Download and apply the Unrestricted JCE policy files:
a. Go to the J2SE 5 SDK Security information Web page.
b. Authenticate with your universal IBM user ID and password.
c. Download the Unrestricted JCE Policy files for SDK for all newer
versions package.
d. Extract the files from the downloaded package.
e. Back up your existing copies (if any) of the US_export_policy.jar and
local_policy.jar files, located in the app_server_root/java/jre/lib/
security directory.
f. Copy the new jar files from the extracted package to the same directory,
overwriting any existing files.
g. Restart all Lotus Connections servers, node agents, and deployment
managers.
2. Configure SiteMinder to recognize only one Web address as the logout Web
address. Add the following Agent Configuration Object parameters to the
SiteMinder configuration and then uncomment one of them by removing the
number sign (#) character:
#LogOffUri="/activities/service/html/ibm_security_logout"
#LogOffUri="/blogs/ibm_security_logout"
#LogOffUri="/communities/communities/ibm_security_logout"
#LogOffUri="/dogear/ibm_security_logout"
#LogOffUri="/files/ibm_security_logout"
#LogOffUri="/homepage/web/ibm_security_logout"
#LogOffUri="/profiles/ibm_security_logout"
#LogOffUri="/search/ibm_security_logout"
#LogOffUri="/wikis/ibm_security_logout"
Notes:
v When activated, the LogOffUri parameter clears the SMSESSION cookie and
ensures that the user is logged out of all Lotus Connections browser
sessions
v If you are using forms authentication, you must create an FCC file on the
form authentication server
v To add parameters, edit the Agent Configuration Object on the SiteMinder
Policy Server. Alternatively, you can edit the LocalConfig.conf file on the
HTTP server if the web agent is configured to use it. You must surround
the values of SiteMinder configuration parameters with quotation marks (")
if you are editing the SiteMinder configuration file directly. For example:
BadCSSChars="<,>". If you are changing these parameters from the
SiteMinder Policy Server, do not use quotation marks.
3. Enable Home page widgets by adding the following Agent Configuration
Object parameter:
CookieDomain=<your_domain>
where <your_domain> is your Lotus Connections domain. If, for example, the
URL is http://activities.example.com/activities, your host name is
activities.example.com and your domain is example.com. In this example, you
would set CookieDomain=.example.com. The leading period is required.
4. To enable the Invite colleagues functionality in Profiles, modify the
BadCSSChars parameter as follows:
224
IBM Lotus Lotus Connections 2.5 Installation Guide
5.
6.
7.
8.
BadCSSChars=<,>
To support basic authentication but without requiring all API client programs
to support cookies, add the following Agent Configuration Object parameter
to the SiteMinder configuration:
RequireCookies=NO
Specify your SiteMinder Authentication Scheme configuration:
a. Open the SiteMinder administration console and navigate to the
Authentication Scheme Properties dialog box.
b. Select the Forms-based scheme that you created for your deployment.
c. Clear the Use Relative Target check box.
d. Enter the URL of your Lotus Connections HTTP server in the Web Server
Name field.
On the SiteMinder Policy Server, create a domain for the IBM HTTP Server
Web agent.
Create protected realms under the IBM HTTP Server Web agent domain:
a. Create SiteMinder realms that are protected by forms authentication:
Table 48. Realms that require forms authentication
Feature
Protected URL resource
ConnectionsDefault
Realm
/
Activities
/activities/service/atom2/forms
/activities/service/getnonce/forms
/blogs/api_form
/blogs/atom_form
/blogs/roller-ui/feed_form
Blogs
/blogs/roller-ui/rendering/api_form
/blogs/roller-ui/rendering/feed_form
/blogs/services/atom_form
/blogs/roller-ui/BlogsWidgetEventHandler.do
Communities
Dogear
Home page
/communities/forum/service/atom/forms
/communities/service/atom/forms
/dogear/api_fba
/dogear/atom_fba
/homepage/atomfba/mysearch
/news/atomfba/stories/container
News
/news/atomfba/stories/saved
/news/atomfba/stories/top
/news/atomfba/service
Profiles
Search
/profiles/atom/forms
/profiles/atom2/forms
/search/atom/mysearch
b. Create SiteMinder realms that are protected by basic authentication:
Chapter 2. Security
225
Table 49. Realms that require basic authentication
Feature
Protected URL resource
/activities/service/download
/activities/service/html/autocompleteactivityname
/activities/service/html/autocompleteentryname
Activities
/activities/service/html/autocompletemembers
/activities/service/atom
/activities/service/atom2
/activities/service/getnonce
/blogs/api
/blogs/atom
/blogs/services/atom
Blogs
/blogs/roller-ui/blog
/blogs/roller-ui/feed
/blogs/roller-ui/rendering/api
/blogs/roller-ui/rendering/feed
/communities/service/atom
Communities
/communities/service/json
/communities/forum/service/atom
/dogear/api
/dogear/atom
/dogear/json
/dogear/snippet
/dogear/count
Dogear
/dogear/lisnippet
/dogear/tagsets
/dogear/tagslike
/dogear/people
/dogear/peoplelike
/dogear/tags
/dogear/xbel
Files
Home page
/files/basic/api
/homepage/atom/search
/homepage/atom/mysearch
/news/atom/stories/container
News
/news/atom/stories/saved
/news/atom/stories/top
/news/atom/service
226
IBM Lotus Lotus Connections 2.5 Installation Guide
Table 49. Realms that require basic authentication (continued)
Feature
Protected URL resource
/profiles/atom
/profiles/atom2
/profiles/audio.do
Profiles
/profiles/photo.do
Note: If you are using the Lotus Connections plug-in for
SharePoint, move this URL resource to the list of unprotected
realms.
/profiles/json
/profiles/vcard
Wikis
/wikis/basic/api
c. Protect login credentials with encryption: create a SiteMinder
Authentication Scheme, using the Basic over SSL Template scheme. Apply
the new Authentication Scheme to all your SiteMinder realms.
9. Create a Delete Action for the SiteMinder Web Agent. By default, the
WebAgent has only the Get, Post, and Put Actions available. To add the Delete
Action, complete the following steps:
a. In the SiteMinder Administration Console, click View and select Agent
Types.
b. Select Agent Types in the Systems pane.
c. Double-click Web Agent in the Agent Type list.
d. In the Agent Type Properties dialog box, click Create.
e. Enter Delete in the New Agent Action dialog box and click OK.
f. Click OK again to save the new Action.
10. Create the following rules for each realm:
Table 50. Rules for the IBM HTTP Server realms
GetPostPutDel rule
OnAuthAccept rule
Realm: CurrentRealm
Realm: CurrentRealm
Resource: * (not /*)
Resource: * (not /*)
Action: Web Agent actions ->
Get,Post,Put,Delete
Action: Authentication events ->
OnAuthAccept
When this Rule fires: Allow Access
When this Rule fires: Allow Access
Enable or Disable this Rule: Enabled
Enable or Disable this Rule: Enabled
11. Create a policy and add the new rules to the new policy.
12. Specify realms that are not protected by SiteMinder.
Note: You must configure notification templates and some Atom feeds as
unprotected URLs. The Blogs footer page must also be unprotected because
Blogs uses the Velocity template to extract footer pages.
Chapter 2. Security
227
Table 51. Realms that do not require authentication
Feature
Unprotected URL resource
/activities/email
Activities
/activities/images
/activities/serviceconfigs
/blogs/msg.jsp
/blogs/approvedmsg.jsp
/blogs/confirmflagged.jsp
/blogs/notify.jsp
/blogs/notifyedit.jsp
Blogs
/blogs/notifyflagged.jsp
/blogs/notifyquarantined.jsp
/blogs/ownermsg.jsp
/blogs/nav/footer.html
/blogs/services/xmlrpc
/blogs/serviceconfigs
/blogs/roller-ui/images
/communities/mail
Communities
/communities/images
/communities/serviceconfigs
Dogear
Files
Home page
News
Profiles
/dogear/templates
/dogear/serviceconfigs
/files/basic/anonymous/atom
/files/form/anonymous/atom
/homepage/search
/homepage/serviceconfigs
/news/atom/stories/public
/news/serviceconfigs
/profiles/images
/profiles/mail
/profiles/serviceconfigs
Search
Wikis
/search/atom/search
/wikis/basic/anonymous/atom
/wikis/form/anonymous/atom
13. If you are using the Lotus Connections plug-in for SharePoint, set the
following unprotected URLs:
228
IBM Lotus Lotus Connections 2.5 Installation Guide
Table 52. Realms for the SharePoint plug-in.
Feature
Unprotected URL resource
Profiles
/profiles/photo.do
Note: Remove this URL resource from the list of realms that
require basic authentication.
/profiles/ibm_semantictagservlet/css/semantictagstyles.css
/profiles/nav/common/styles/base/standalonevcard.css
/profiles/resources/js-resources.js
/profiles/resources/js-attr-resources.js
/profiles/javascript/persontag.js
/profiles/javascript/persontagui.js
/profiles/ibm_semantictagservlet/rest/unsecure
/profiles/ibm_semantictagservlet/javascript/semantictagservice.js
/profiles/css/sametime/main.css
/profiles/nav/common/styles/images
/profiles/dojolite_1.2.3/dojo/nls
/profiles/resourcestrings.do
/profiles/nav/common/styles/base/semantictagstyles.css
/profiles/nav/blankIE.html
14. On the SiteMinder Policy Server, create a domain for the WebSphere
Application Server agent.
15. Add the following realm to the new WebSphere Application Server domain:
Table 53. SiteMinder realms for WebSphere Application Server
Realm name
Protected resource
SM TAI Validation
/siteminderasssertion
16. Set the timeout value of the session by clicking the Session tab from the
SiteMinder Policy Server. The maximum timeout and the idle timeout must be
longer than the LTPA token timeout, which is defined on the WebSphere
Application Server. The LTPA token timeout is set to 120 minutes by default..
17. Create rewrite rules in the configuration file for the IBM HTTP Server to
remap Atom API requests. Open the httpd.conf file which is stored in the
ibm_http_server_root/conf directory, and then add the following rules to the
file:
Note: You must add these rules to both the HTTP and HTTPS sections of the
file.
RewriteCond %{REQUEST_URI} !^/blogs/roller-ui/rendering/(.*)
RewriteRule ^/blogs/(.*)/api/(.*) /blogs/roller-ui/rendering/api/$1/
api/$2 [R,L]
RewriteCond %{REQUEST_URI} !^/blogs/roller-ui/rendering/(.*)
RewriteRule ^/blogs/(.*)/feed/tags/atom(.*) /blogs/roller-ui/rendering/
feed/$1/tags/atom/ [R,L]
RewriteCond %{REQUEST_URI} !^/blogs/roller-ui/rendering/(.*)
RewriteRule ^/blogs/(.*)/feed/entries/atom(.*) /blogs/roller-ui/
rendering/feed/$1/entries/atom/ [R,L]
Chapter 2. Security
229
RewriteCond %{REQUEST_URI} !^/blogs/roller-ui/rendering/(.*)
RewriteRule ^/blogs/(.*)/feed/comments/atom(.*) /blogs/roller-ui/
rendering/feed/$1/comments/atom/ [R,L]
RewriteCond %{REQUEST_URI} !^/blogs/roller-ui/rendering/(.*)
RewriteRule ^/blogs/(.*)/feed/blogs/atom(.*) /blogs/roller-ui/
rendering/feed/$1/blogs/atom/ [R,L]
Do not close the httpd.conf file until after the next step.
18. Create rewrite rules that redirect URLs when users log out of the product.
Add the following rules to the httpd.conf file:
RewriteEngine On
RewriteCond %{REQUEST_URI} /(.*)/ibm_security_logout(.*)
RewriteCond %{QUERY_STRING} !=logoutExitPage=<your_logout_url>
RewriteRule /(.*)/ibm_security_logout(.*)
<LogOffUri>?logoutExitPage=<your_logout_url> [noescape,L,R]
where <LogOffUri> is the URL that you uncommented earlier. The client's
browsers will be sent to<your_logout_url> after logging out of Lotus
Connections. This URL could be your corporate home page or the SiteMinder
login page.
Note: You must add these rules to both the HTTP and HTTPS entries.
The following example illustrates a typical portion of the httpd.conf file after
you have implemented the steps described in this task:
RewriteEngine on
RewriteCond %{REQUEST_URI} /(.*)/ibm_security_logout(.*)
RewriteCond %{QUERY_STRING} !=logoutExitPage=http://corphome.example.com
RewriteRule /(.*)/ibm_security_logout(.*) /homepage/web/ibm_security_logout?logoutExitPage=http://corphome.example.com [noescape,L,R]
RewriteCond
RewriteRule
RewriteCond
RewriteRule
RewriteCond
RewriteRule
RewriteCond
RewriteRule
RewriteCond
RewriteRule
%{REQUEST_URI} !^/blogs/roller-ui/rendering/(.*)
^/blogs/(.*)/api/(.*) /blogs/roller-ui/rendering/api/$1/api/$2 [R,L]
%{REQUEST_URI} !^/blogs/roller-ui/rendering/(.*)
^/blogs/(.*)/feed/tags/atom(.*) /blogs/roller-ui/rendering/feed/$1/tags/atom/ [R,L]
%{REQUEST_URI} !^/blogs/roller-ui/rendering/(.*)
^/blogs/(.*)/feed/entries/atom(.*) /blogs/roller-ui/rendering/feed/$1/entries/atom/ [R,L]
%{REQUEST_URI} !^/blogs/roller-ui/rendering/(.*)
^/blogs/(.*)/feed/comments/atom(.*) /blogs/roller-ui/rendering/feed/$1/comments/atom/ [R,L]
%{REQUEST_URI} !^/blogs/roller-ui/rendering/(.*)
^/blogs/(.*)/feed/blogs/atom(.*) /blogs/roller-ui/rendering/feed/$1/blogs/atom/ [R,L]
#Connections Config for SSL
LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
<IfModule mod_ibm_ssl.c>
Listen 0.0.0.0:443
<VirtualHost *:443>
ServerName connections.example.com
SSLEnable
RewriteEngine on
RewriteCond %{REQUEST_URI} /(.*)/ibm_security_logout(.*)
RewriteCond %{QUERY_STRING} !=logoutExitPage=http://corphome.example.com
RewriteRule /(.*)/ibm_security_logout(.*) /homepage/web/ibm_security_logout?logoutExitPage=http://corphome.example.com [noescape,L,R]
RewriteCond
RewriteRule
RewriteCond
RewriteRule
RewriteCond
RewriteRule
RewriteCond
RewriteRule
RewriteCond
230
%{REQUEST_URI} !^/blogs/roller-ui/rendering/(.*)
^/blogs/(.*)/api/(.*) /blogs/roller-ui/rendering/api/$1/api/$2 [R,L]
%{REQUEST_URI} !^/blogs/roller-ui/rendering/(.*)
^/blogs/(.*)/feed/tags/atom(.*) /blogs/roller-ui/rendering/feed/$1/tags/atom/ [R,L]
%{REQUEST_URI} !^/blogs/roller-ui/rendering/(.*)
^/blogs/(.*)/feed/entries/atom(.*) /blogs/roller-ui/rendering/feed/$1/entries/atom/ [R,L]
%{REQUEST_URI} !^/blogs/roller-ui/rendering/(.*)
^/blogs/(.*)/feed/comments/atom(.*) /blogs/roller-ui/rendering/feed/$1/comments/atom/ [R,L]
%{REQUEST_URI} !^/blogs/roller-ui/rendering/(.*)
IBM Lotus Lotus Connections 2.5 Installation Guide
RewriteRule ^/blogs/(.*)/feed/blogs/atom(.*) /blogs/roller-ui/rendering/feed/$1/blogs/atom/ [R,L]
</VirtualHost>
</IfModule>
SSLDisable
19. Save and close the httpd.conf file.
20. Update the Lotus Connections AJAX proxy configuration file:
a. Open a command-line window to start the wsadmin client, and use the
following commands to check out the proxy configuration file:
execfile("connectionsConfig.py")
LCConfigService.checkOutProxyConfig("<working_directory>",
"<cell_name>")
where <working_directory> is a temporary directory of your choice. Use
forward slashes to separate directories in the file path, even if you are
using the Microsoft Windows operating system. <cell_name> is the name of
the cell where the Lotus Connections feature that uses the global proxy file
is located. This argument is required even in stand-alone deployments.
This argument is also case sensitive, so enter it with care.
b. To support access to SiteMinder-protected URLs through the AJAX proxy,
add the following declaration to each occurrence of the <proxy:policy>
element in the proxy configuration file:
Note: If the <proxy:cookie> element is not present in the file, add the
element after the <proxy:headers> element. Add the element once for each
feature. If you created a custom template file, make the same changes to
the custom file as well. For information about how to check out and edit
the proxy configuration template file, see Configuring the Ajax proxy topic.
<proxy:cookies>
<proxy:cookie>JSESSIONID</proxy:cookie>
<proxy:cookie>SMSESSION</proxy:cookie>
</proxy:cookies>
c. Use the following commands to check in the proxy configuration file:
LCConfigService.checkInProxyConfig("<temp_directory>",
"<cell_name>")
21. Add a SiteMinder authenticator property to the Lotus Connections
configuration by editing the LotusConnections-config.xml file.
a. Use the following command to check out the configuration file:
v Stand-alone deployment:
execfile("connectionsConfig.py")
LCConfigService.checkOutConfig("<working_directory>","<cell_name>")
v Network deployment:
execfile("<$WAS_HOME>/profiles/<DMGR>/config/bin_lc_admin/
connectionsConfig.py")
Note: If you are prompted to specify which server to connect to, type 1.
LCConfigService.checkOutConfig("<working_directory>","<cell_name>")
where:
v <working_directory> is the temporary working directory to which the
configuration XML and XSD files are copied and are stored while you
edit them. Use forward slashes to separate directories in the file path,
even if you are using the Microsoft Windows operating system.
Chapter 2. Security
231
v <cell_name> is the name of the WebSphere Application Server cell
hosting the Lotus Connections feature. This argument is required even
in stand-alone deployments. This argument is also case sensitive. If you
do not know the cell name, execute one of the following commands to
determine it:
– Stand-alone deployment: Look at the directory name in the following
directory in the file system:
<$WAS_HOME>\profiles\<profile_name>\config\cells\
– Network deployment: Type the following command while in the
wsadmin client:
print AdminControl.getCell()
For example:
LCConfigService.checkOutConfig("/temp","foo01Cell01")
or
LCConfigService.checkOutConfig("c:/temp","foo01Cell01")
b. Update the custom authenticator values by running the following
commands:
1) Configure the custom authenticator to support server-to-server
authentication for SiteMinder:
LCConfigService.updateConfig("customAuthenticator.name",
"SiteMinderAuthenticator")
2) Set the value of the custom.authenticator.cookieTimeout parameter to
be equal to or less than the maximum timeout and idle timeout values
that you configured in a previous step. Specify the timeout value in
minutes.
LCConfigService.updateConfig("customAuthenticator.CookieTimeout","<timeout>"
where <timeout> is a value in minutes that is less than or equal to the
SiteMinder timeout values.
c. If you are using the Profiles database as the user directory, complete the
steps in the Enabling Lotus Connections directory service extensions topic.
d. Check the LotusConnections-config.xml file back in by running the
following command:
LCConfigService.checkInConfig()
22. Optional: (Only required if you have installed the Communities or Profiles
feature.) Configure the Lotus Connections directory service extensions to point
to your webserver. You must have enabled the SiteMinder Web agent on the
webserver. Open the configuration file that is appropriate to your deployment
and run the command to change the webserver, using the following example
as a guide:
<sloc:serviceReference
communities_directory_service_extension_auth="DSX-Admin"
communities_directory_service_extension_auth_alias="connectionsAdmin"
communities_directory_service_extension_enabled="true"
communities_directory_service_extension_href=
"http://<your-webserver>/communities/dsx/"
profiles_directory_service_extension_auth="DSX-Admin"
profiles_directory_service_extension_auth_alias="connectionsAdmin"
profiles_directory_service_extension_enabled="true"
profiles_directory_service_extension_href=
232
IBM Lotus Lotus Connections 2.5 Installation Guide
"http://<your-webserver>/profiles/dsx/"
serviceName="directory"/>
Note: For more information about editing configuration settings, see the
Enabling Lotus Connections directory service extensions topic.
What to do next
Advise your users to close all browser windows when they log out of Activities.
This precaution avoids potential security problems that could arise because the
SiteMinder session cookie in a browser window might still be updating while a
user is logging out from a different browser window.
Related concepts
Securing Lotus Connections
Ensure that your deployment is secure.
Related information
CA SiteMinder Web Access Manager Agent for WebSphere
Enabling single sign-on between all features
If you have a network deployment in which the features are installed on separate
nodes, and you have installed the Home page feature or enabled the Profiles
directory service, you must configure Lotus Connections to allow single sign-on
(SSO) between all of the features. When SSO is enabled, users can log into one
feature of Lotus Connections and then switch to other features without having to
authenticate again.
Before you begin
If the Home page feature is on a different node than the other features, all the
servers must be using the same user repository. Thus, if you are using federated
repositories, the realm name must be identical on each server. Furthermore, the
base entry and DN of the base entry for the user repository must also be identical
on each server.
You must configure the SSO domain. This should be the common domain for all
your servers. An example might be enterprise.example.com.
You must be able to access your installed features from a Web browser before you
can enable SSO for them.
Note:
v If you are enabling SSO between Lotus Connections and a product that is
deployed on a pre-6.1 version of WebSphere Application Server, or if the product
is using IBM Lotus Domino, you must first complete the steps described in the
Enabling SSO with stand-alone LDAP topic.
About this task
Note: This procedure is only required if you have chosen to install an advanced
stand-alone deployment and installed different features into different WebSphere
Application Server cells.
You must ensure that all the servers share the same LTPA keys. To do this, you
must export the keys from one server and import them into the others.
Chapter 2. Security
233
To set up SSO between all of the features, complete the following steps:
Procedure
1. On each node where features other than Home page are installed, enable SSO:
a. Log into the WebSphere Application Server Integrated Solutions Console as
an administrator, expand Security, and then click Secure administration,
applications, and infrastructure.
b. Expand Web security, and then click single sign-on (SSO).
c. Type the domain name into the Domain name field. You must include a dot
(.) before the domain name. For example:
.enterprise.acme.com
2. On the node where Home page is installed, complete the following steps:
a. Log into the WebSphere Application Server Integrated Solutions Console as
an administrator, and click Secure administration, applications, and
infrastructure.
b. Click Authentication mechanisms and expiration, and then in the
Cross-cell single sign-on section, provide values for the following fields:
v Password: Type a secure password that you will remember. You will need
to provide this password later, when you configure to the keys you are
exporting.
Note: Confirm the password.
v Fully qualified key file name: Specify a valid path and a file name for the
file that will hold the exported keys. This file is encrypted using the
password specified above.
c. Click Export keys.
3. On each node where the other features are installed, complete the following
steps:
a. Log into the WebSphere Application Server Integrated Solutions Console as
an administrator, and click Secure administration, applications, and
infrastructure.
b. Click Authentication mechanisms and expiration, and then in the
Cross-cell single sign-on section, provide values for the following fields:
v Password: Type the password that you used for the key file that you
exported from the node where Home page is installed.
Note: Confirm the password.
v Fully qualified key file name: Specify the file name of the key file that
you exported from the node where Home page is installed.
c. Click Import keys.
4. Restart all the nodes.
What to do next
By default, WebSphere Application Server regenerates LTPA keys periodically. You
must disable this automatic regeneration if you want to maintain SSO. However,
for better security, you should manually regenerate a new set of LTPA keys.
234
IBM Lotus Lotus Connections 2.5 Installation Guide
Related tasks
Single sign-on
Exporting LTPA keys
Importing LTPA keys
Enabling single sign-on for Lotus Quickr
Before installing the Lotus Connections Connector for Lotus Quickr, enable single
sign-on (SSO) between Lotus Connections and Lotus Quickr.
Before you begin
Notes:
v This is an optional task.
v If you are enabling SSO between Lotus Connections and a product that is
deployed on a pre-6.1 version of WebSphere Application Server, or if the product
is using IBM Lotus Domino, you must first complete the steps described in the
Enabling SSO with stand-alone LDAP topic.
About this task
This task describes the steps required to enable single sign-on (SSO) between Lotus
Connections and Lotus Quickr when they are on different Websphere Application
Server cells. (Applications deployed on servers within the same WebSphere
Application Server cell are enabled by default for SSO.)
You should set the realm name in the LTPA token to that of the LDAP server
before you export the LTPA token. For example, if you connect to an LDAP server
at ldapserver.example.com over port 389, then you must set the realm name to
ldapserver.example.com:389.
To allow SSO between Lotus Connections and Lotus Quickr, complete the
following steps:
Procedure
1. On the server where Lotus Connections is installed, enable SSO:
a. Log into the WebSphere Application Server Integrated Solutions Console as
an administrator, expand Security, and then click Secure administration,
applications, and infrastructure
b. Expand Web security, and then click Single sign-on (SSO)
c. Enter the domain name
Note: Ensure that the domain name you enter is valid: On the node where
Lotus Quickr is installed, log into the WebSphere Application Server 6.0
Integrated Solutions Console as an administrator, click Global Security >
Authentication Mechanisms > LTPA > Single Sign On
and verify that the domain name is present.
2. On the node where Lotus Quickr is installed, complete the following steps:
a. Log into the WebSphere Application Server 6.0 Integrated Solutions Console
as an administrator, and click Global Security
b. Click Authentication mechanisms > LTPA, and then in the General
properties section, provide values for the following fields:
Chapter 2. Security
235
v Password – Type a secure password that you will remember. You will
need to provide this password later, when you configure to the keys you
are exporting
Note: Confirm the password.
v Fully qualified key file name – Specify a valid path and name for the file
that will hold the exported keys
c. Click Export keys
3. On each node where Lotus Connections is installed, complete the following
steps:
a. Log into the WebSphere Application Server Integrated Solutions Console as
an administrator, and click Secure administration, applications, and
infrastructure
b. Click Authentication mechanisms and expiration, and then in the
Cross-cell single sign-on section, provide values for the following fields:
v Password – Type the password that you used for the Lotus Quickr key
file that you exported
Note: Confirm the password.
v Fully qualified key file name – Specify the path and name of the Lotus
Quickr key file that you exported
c. Click Import keys
4. On each node where Lotus Connections is installed, complete the following
steps:
a. Log into the WebSphere Application Server Integrated Solutions Console as
an administrator, and click Secure administration, applications, and
infrastructure
b. Click Authentication mechanisms and expiration, and then in the
Cross-cell single sign-on section, provide values for the following fields:
v Password – Type a secure password that you will remember. You will
need to provide this password later, when you export the key file
Note: Confirm the password.
v Fully qualified key file name – Specify a valid path and a name for the
file that will hold the exported keys
c. Click Export keys.
5. On the node where Lotus Quickr is installed, complete the following steps:
a. Log into the WebSphere Application Server 6.0 Integrated Solutions Console
as an administrator, and click Global Security
b. Click Authentication mechanisms > LTPA, and then in the General
properties section, provide values for the following fields:
v Password – Type the password that you used for the Lotus Connections
key file that you exported
Note: Confirm the password.
v Fully qualified key file name – Specify the name of the Lotus Connections
key file that you exported
c. Click Import keys
6. Restart all the nodes.
236
IBM Lotus Lotus Connections 2.5 Installation Guide
Enabling single sign-on for Domino
If your organization uses Lotus Connections in a Domino environment, you can
enable user authentication and single sign-on (SSO).
Before you begin
You must first install all Lotus Connections features and successfully access them
from a Web browser before you can enable SSO.
Notes:
v This is an optional configuration.
v If you are using a reverse proxy, you must enter the reverse proxy address in the
LotusConnections-Config.xml file.
v If you are enabling SSO between Lotus Connections and a product that is
deployed on a pre-6.1 version of WebSphere Application Server, or if the product
is using IBM Lotus Domino, you must first complete the steps described in the
Enabling SSO with stand-alone LDAP topic.
About this task
Single sign-on enables users to log into one feature of Lotus Connections and
switch to other features and resources without having to authenticate again.
Procedure
To set up SSO in a Domino environment, go to the Enabling single sign-on for
Domino wiki page and follow the instructions there.
Enabling single sign-on for standalone LDAP
Lotus Connections requires a federated repositories configuration, but there are
steps you can take to enable Lotus Connections features to perform Single sign-on
(SSO) for a standalone LDAP directory.
Before you begin
Note: This procedure is required if you want to do one of the following:
v Enable SSO between a Lotus Connections feature and an application hosted by a
version of WebSphere Application Server that is earlier than 6.1, which is the
version in which federated repositories were introduced.
v Set up SSO between a Domino server and a Lotus Connections feature, which is
required if, for example, you want to enable Sametime® presence to be displayed
in the Profiles feature.
Before you perform this procedure, you must configure federated repositories on
WebSphere Application Server.
About this task
By default, applications deployed on servers within the same WebSphere
Application Server cell are enabled for single-sign-on. To support this, the servers
share the same set of LTPA keys and the same LDAP directory configuration. Use
this configuration if you want to set up SSO between applications that use
different LDAP directory configurations.
Chapter 2. Security
237
To enable SSO between a Lotus Connections feature and a WebSphere Application
Server configured for standalone LDAP, complete the following steps:
Procedure
1. Log in to the WebSphere Application Server Integrated Solutions Console by
going to the following Web address in a browser:
http://<Web.server.host.name>:9060/ibm/console
2. Log in to the Welcome page.
3. Click Security → Secure Administration, applications and infrastructure.
4. Select Federated Repositories from the Available realm definitions field, and
then click Configure.
5. On the Federated repositories page, add the <host_name>:<port> of the
standalone LDAP server to the Realm name field.
For example:
enterprise.st.acme.com:389
6. Click Apply, and then click Save to save this setting.
7. Do one of the following:
v Standalone deployment: Restart the servers.
v Network deployment: Synchronize the nodes with the deployment manager,
and then restart the servers by completing the following steps:
a. Log into the Integrated Solutions Console for the deployment manager.
b. From the Integrated Solutions Console, expand System administration →
Nodes. Select the name of the node that you have updated, and then click
Full Resynchronize.
c. From the main Integrated Solutions Console page, select Servers → Clusters.
Select the check box beside the cluster you want to restart, click Stop, and
then click Start.
Enabling single sign-on for the Windows desktop
Use the Kerberos authentication protocol to enable the IBM Lotus Connections and
client Web browsers to prove their identities to one another in a secure manner.
This configuration enables users to sign onto the Windows desktop and then be
automatically signed into Lotus Connections features without having to
authenticate.
About this task
The Kerberos authentication protocol is supported in environments in which
Microsoft Active Directory is used as the LDAP directory.
The Kerberos authentication protocol uses strong cryptography, which enables a
client to prove its identity to a server across an insecure network connection. After
the client and server have proven their identity, the authentication protocol
encrypts the subsequent data sent back and forth.
To configure Lotus Connections to use the Kerberos authentication protocol,
complete the following procedures:
Creating a service principal name and keytab file
Create a service account in Microsoft Active Directory to support a service
principal name (SPN) for IBM Lotus Connections, and then create a keytab file that
the Kerberos authentication service can use to establish trust with the Web browser.
238
IBM Lotus Lotus Connections 2.5 Installation Guide
Before you begin
Lotus Connections must be configured to use Active Directory as the user
directory. See Setting up federated repositories for more information. Also, do not
perform this procedure until after you have populated the Profiles database. See
Populating the Profiles database for more details.
About this task
A service principal name (SPN) account uniquely identifies an instance of a service.
Before the Kerberos authentication service can use an SPN to authenticate a
service, you must register the SPN on the account object that the service instance
uses to log on. You must then create a keytab file. When a Web browser tries to
access the service, it must get a ticket from the Active Directory key distribution
center to send with the access request. The keytab file is used to decrypt the ticket
sent from the Web browser to establish that the application server can trust the
browser.
A service principal name consists of the following information:
Service type
Specifies the protocol to use, such as HTTP.
Instance
Specifies the name of the server hosting the application. For example:
finance1.us.example.com. If you have a network deployment, use the IBM
HTTP Server name or the virtual host name through which users access
Lotus Connections features. You do not need to specify a port number.
Realm Specifies the domain name of the server hosting the application. For
example: US.EXAMPLE.COM.
and is specified using the following syntax:
service_type/[email protected]
For example:
HTTP/[email protected]
To create a service principal name and keytab file, complete the following steps:
Procedure
1. Kerberos requires the clocks of the involved hosts to be synchronized. If the
host clock is not synchronized with the Kerberos server clock, authentication
will fail. Use the domain controller as the time server and run the Windows
schedule task on the Lotus Connections servers to do a time synchronization
with the domain controller. For more information about how to use the domain
controller as the time server, see http://support.microsoft.com/kb/816042. For
more information about running the Windows schedule task, see
http://support.microsoft.com/kb/875424
For example, if finance1.us.example.com is the domain controller and the NTP
time server, the TimeSyn.bat file would contain the following commands:
w32tm /config /manualpeerlist:finance1.us.example.com,0x8 /syncfromflags:MANUAL
net stop w32time
net start w32time
w32tm /resync
2. Install Windows Support Tools. You must have access to these tools to run the
ktpass command later in this procedure.
Chapter 2. Security
239
Go to the following external Web site for more information: Install Windows
Support Tools
3. Log in to the Windows Domain Controller. You must know which server is the
domain controller and have an administrative level user name and password.
4. Create a new account for Lotus Connections by accessing the Active Directory
Users and Computers settings.
5. In the New Object - User window, type a user name into the User logon name
field and specify the domain in the corresponding field. For example, in the
User logon name field, you could add lcserver01 and in the domain field, you
could enter @us.example.com. Click Next.
6. Type a password for the logon name in the Password field.
7. On the Account page, select the User cannot change password and Password
never expires check boxes. By preventing the password from expiring, you
avoid having to recreate the keytab file (which you do in the next step) after
the password is changed. Click OK to save the new user information.
8. Map the service principal name to the Lotus Connections user account that you
created, and then generate a keytab file by running the ktpass command on the
domain controller. If you have a network deployment, generate one keytab file
using the IBM HTTP Server name or the virtual host name through which
users access Lotus Connections features as the instance in the service principal
name. Run the ktpass command:
ktpass –princ <SPN> -out <path_to_keytab>
-mapuser <account_name> -mapOp set –pass <account_password>
where you provide values for the following variables:
<SPN>
The Kerberos service principal name.
<path_to_keytab>
File path to which you want to store the generated keytab file.
<account_name>
The service account name.
<account_password>
Password associated with the service account.
For example:
ktpass -princ HTTP/[email protected] -out c:\finance1.keytab
-mapuser lcserver01 -mapOp set -pass Passw0rd1
9. Create a Kerberos configuration file named krb5.conf for the IBM WebSphere
Application Server hosting Lotus Connections. If you have a network
deployment, create one configuration file for each node. You do not need to
create a configuration file for the deployment manager. To create a Kerberos
configuration file, complete the following steps:
a. If Lotus Connections is installed on a different server from the one hosting
the domain controller, copy the keytab file to the server on which Lotus
Connections is installed.
b. On the wsadmin command line, enter the following command:
$AdminTask createKrbConfigFile
{
-krbPath <appserver>\java\jre\lib\security\krb5.conf
-realm <REALM>
240
IBM Lotus Lotus Connections 2.5 Installation Guide
-kdcHost <kdc_hostname>
-dns <dns_hostname>
-keytabPath <path_to_keytab>
}
where you provide values for the following variables:
<appserver>
The path to the WebSphere Application Server root directory. Do not
specify the path to the Lotus Connections application. The krbPath
parameter defines where the resulting krb5.conf configuration file
is stored.
<REALM>
The Kerberos realm. Specify the realm in all uppercase letters.
<kdc_hostname>
The name of the Active Directory key distribution center host. This
name is typically the domain controller server.
<dns_hostname>
The DNS server name of the domain controller server.
<path_to_keytab>
The file path to the directory in which the keytab file is stored.
Here is a sample configuration file:
C:\IBM\WebSphere\AppServer\java\jre\lib\security\krb5.conf
[libdefaults]
default_realm = EXAMPLE.COM
default_keytab_name = FILE:C:\finance1.keytab
default_tkt_enctypes = des-cbc-md5 rc4-hmac
default_tgs_enctypes = des-cbc-md5 rc4-hmac
kdc_default_options = 0x54800000
# forwardable = true
# proxiable = true
# noaddresses = true
[realms]
IBM.COM = {
kdc = finance1.us.example.com:88
default_domain = finance1.us.example.com
}
[domain_realm]
.finance1.us.example.com = EXAMPLE.COM
Enabling a trust association interceptor for SPNEGO
Configure and enable a SPNEGO trust association interceptor (TAI) on IBM
WebSphere Application Server.
About this task
To configure and enable a SPNEGO TAI, complete the following steps:
Procedure
1. Create an HTML page to redirect users whose Web browsers do not support
SPNEGO to a non SPNEGO-protected page that asks for authentication
credentials. Store the HTML file on a publicly accessible directory on the
server and include HTML like the following example:
<!DOCTYPE HTML PUBLIC "-//W3C/DTD HTML 4.0 Transitional//EN">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html">
<!-Notes:
Chapter 2. Security
241
- This file should be served from an unprotected Web site. Alternatively,
it can be loaded from the WebSphere Application Server file system.
- Any imbedded graphics/javascript/css MUST BE loaded from an unprotected
Web site.
- This file will be loaded after when the WebSphere Application Server is
initialized. If changes to this file are necessary, the Application Server
should be restarted.
- This file is returned whenever the SPNEGO TAI receives an NTLM
token for ANY application in the cell. In other words, this file is
generic for all applications. However, by using the Javascipt
document.location, we can get the original URL, and redirect to that
original URL with the "?noSPNEGO" text added - thus forcing the standard
application userid/password challenge.
-->
<html>
<script language="javascript">
var origUrl=""+document.location;
if (origUrl.indexOf("noSPNEGO")<0) {
if (origUrl.indexOf(’?’)>=0) origUrl+="&noSPNEGO";
else origUrl+="?noSPNEGO";
}
function redirTimer() {
self.setTimeout("self.location.href=origUrl;",0);
}
</script>
<META HTTP-EQUIV = "Pragma" CONTENT="no-cache">
<script language="javascript">
document.write("<title> Redirect to "+origUrl+ " </title>");
</script>
<head>
</head>
<body onLoad="redirTimer()"/>
</html>
2. Log in to the WebSphere Application Server Integrated Solutions Console of
the server hosting IBM Lotus Connections if you have a stand-alone
deployment or of the deployment manager if you have a network
deployment.
3. Add custom properties to the Web Security settings by completing the
following steps:
a. Expand Security and then select Secure administration, applications, and
infrastructure. Expand Web Security, and then click Trust association.
b. Select Enable trust association.
c. Click Interceptors →
com.ibm.ws.security.spnego.TrustAssociationInterceptorImpl → Custom
properties.
d. Click New to add each property and then enter the details of the
properties shown in the table:
Table 54. SPNEGO TAI custom properties
Name
Value
com.ibm.ws.security.spnego.SPN1.hostName
<hostname>
com.ibm.ws.security.spnego.SPN1.NTLMToken
ReceivedPage
<TAIRedirectPage_location>
com.ibm.ws.security.spnego.SPN1.spnegoNot
SupportedPage
<TAIRedirectPage_location>
com.ibm.ws.security.spnego.SPN1.filter
request-url!=/seedlist/authverify;request-url!=/seedlist/
server;request-url!=/seedlist/myserver;requesturl!=noSPNEGO
242
IBM Lotus Lotus Connections 2.5 Installation Guide
Table 54. SPNEGO TAI custom properties (continued)
Name
Value
com.ibm.ws.security.spnego.SPN1.filterClass
com.ibm.ws.security.spnego.HTTPHeaderFilter
where
<hostname>
Name of the server from which the Lotus Connections features are
accessed.
<TAIRedirectPage_location>
File path to the HTML redirect file that you created in Step 1. For
example: file:///c:/share/TAIRedirect.html
e. Click OK and then Save to save each new custom property.
4. Set a custom property that disables SPNEGO-TAI authentication when an
unprotected URI is accessed:
a. Select Security → Secure administration, applications, and infrastructure →
Custom properties.
b. Click New and enter the details of the property:
Table 55. General Properties
Field
Value
Name
com.ibm.websphere.security.performTAIForUnprotectedURI
Value
False
c. Click OK and then click Save to save the new property.
5. From the main Integrated Solutions Console, expand Servers, and then select
Application servers.
6. Click the server name (for example: server1), expand Java and Process
Management, and then click Process Definition → Java Virtual Machine →
Custom Properties.
7. Add the following custom properties:
v com.ibm.ws.security.spnego.isEnabled = true
v java.security.krb5.conf =<path_to_krb5.conf>
where <path_to_krb5.conf> is the file path to the Kerberos configuration file
that you created in the previous topic.
Note: If you installed Lotus Connections on multiple server instances, repeat
the previous step for each server instance.
8. For each server instance where Lotus Connections is installed, configure a web
container custom property:
a. From the main Integrated Solutions Console, expand Servers, and then
select Application servers.
b. Click the name of a server instance (for example: server1).
c. Select Container Settings → Web Container → Settings → Web Container.
d. Expand Additional Properties and then click Custom Properties.
e. Set the value of the
com.ibm.ws.webcontainer.assumefiltersuccessonsecurityerror property to
true.
Chapter 2. Security
243
Note: Repeat these steps for each server instance where Lotus Connections is
installed.
9. To fix a potential security error related to the disablesecuritypreinvokeonfilters
custom property, apply iFix PK77465.
10. Configure the Ajax proxy to proxy LtpaToken cookies by editing the
proxy-config.tpl file to include the following parameters:
<proxy:cookies>
<proxy:cookie>JSESSIONID</proxy:cookie>
<proxy:cookie>LtpaToken</proxy:cookie>
<proxy:cookie>LtpaToken2</proxy:cookie>
</proxy:cookies>
For more information, see Enabling the AJAX proxy to forward user credentials.
11. Edit the httpd.conf file to force a log out to be directed to an unprotected
Web page to prevent SPNEGO from presenting the user with a login page.
Open the httpd.conf file in a text editor. The file is stored in the following
directory by default:
v AIX: /usr/IBM/HTTPServer/conf
v Linux: /opt/IBM/HTTPServer/conf
v Microsoft Windows: C:\IBM\HTTPServer\conf
Add the following statements to the end of the file:
RewriteEngine On
RewriteCond %{REQUEST_URI} /(.*)/ibm_security_logout(.*)
RewriteCond %{QUERY_STRING} !=logoutExitPage=<your-logout-url>
RewriteRule /(.*)/ibm_security_logout(.*)
/$1/ibm_security_logout?logoutExitPage=<your-logout-url>
[noescape,L,R]
where <your-logout-url> must be an unprotected URL that the user is directed
to after logging out of Lotus Connections. Save and close the httpd.conf file.
12. Restart the WebSphere Application Servers hosting the Lotus Connections
features.
Related tasks
“Enabling the AJAX proxy to forward user credentials” on page 256
Edit the proxy configuration template file to instruct the IBM Lotus Connections
server to accept LTPA tokens. This task is necessary is you want to configure single
sign-on between Lotus Connections and the servers defined in the proxy
configuration file.
Configuring Web browser preferences to support Kerberos
authentication
Configure your Web browser to support Kerberos authentication.
About this task
To edit the Web browser preferences, complete the following steps:
Procedure
Do one of the following:
v Microsoft Internet Explorer:
1. From the Internet Explorer menu, select Tools → Internet Options, and then
click the Security tab.
2. Click the Local intranet icon, and then click Sites.
244
IBM Lotus Lotus Connections 2.5 Installation Guide
3. Click Advanced, and then add the Web address of the host name of the IBM
Lotus Connections server into the Add this website to the zone field. For
example: *.enterprise.example.com.
4. Click OK to save the change and return to the main Security page.
5. Click Custom level, scroll to find User Authentication → Logon, and then
select Automatic logon only in Intranet zone. Click OK to save the change
and return to the main Security page.
6. Click the Advanced tab, scroll to find Security, and then select Enable
Integrated Windows Authentication. Click OK to save the change.
7. Restart the Web browser to apply the configuration changes.
v Mozilla Firefox: Add the Lotus Connections Web address to the list of sites that
are permitted to engage in SPNEGO authentication with the browser by
completing the following steps:
1. Open Firefox, and then type about:config into the location bar.
2. Type network.n into the Filter field, double-click network.negotiateauth.trusted-uris, and then type the protocol and host name of the server
that hosts Lotus Connections. For example: http://enterprise.example.com
or https://enterprise.example.com if you want to use HTTPS. To specify
more than one server, separate them with a comma.
3. Click OK to save the change.
4. If the deployed SPNEGO solution is using the advanced Kerberos feature of
Credential Delegation, double-click network.negotiate-auth.delegation-uris.
This preference defines the sites for which the browser can delegate user
authorization to the server. Enter a comma-delimited list of trusted domains
or URLs.
5. Restart Firefox to apply the configuration change.
Adding features to the SSL trust store
If you have enabled SSL and Common directory services for Profiles or
Communities, you must add that feature to the SSL trust store.
Before you begin
If the features are not added to the SSL trust store, you might experience
application exceptions.
About this task
To add a feature to the SSL trust store, complete the following steps for:
Procedure
1. Start WebSphere Application Server and log in to the WebSphere Application
Server Integrated Solutions Console.
2. Click Security > SSL certificate and key management > Key stores and
certificates > NodeDefaultTrustStore > Signer certificates.
3. Click Retrieve from port.
4. Type your host name in the Host field. For example: acme.com.
5. Type the port number in the Port field. The default for HTTPS is 443.
6. Type an Alias that is easy to remember.
7. Click Retrieve signer information, and then click OK.
Chapter 2. Security
245
8. Save your changes.
9. Repeat this task for each server instance.
10. Restart WebSphere Application Server.
Configuring the AJAX proxy
By default, the IBM Lotus Connections AJAX proxy is configured to allow cookies,
headers or mime types, and all HTTP actions to be exchanged among the Lotus
Connections features. However, from any non-Lotus Connections service, it only
allows HTTP GET requests and it prevents all cookies or headers from being
directed to the features. If you want to change the traffic that is allowed from other
services, you must explicitly configure it.
Before you begin
This task is not required. Only perform it if you want to allow an external service
to do more than retrieve information from the Lotus Connections features.
About this task
The proxy-config.tpl template file defines rules about which HTTP requests,
headers, and cookies are allowed to be redirected to the Lotus Connections
features. When a Lotus Connections server is started, it reads information about
the features from the LotusConnections-config.xml file, and, based on the rules
defined in the proxy-config.tpl template file, configures the proxy to be used by
any Web browsers or other servers that send requests to Lotus Connections.
For example, if you want to allow one feature, such as Home page, to proxy a
widget, but not allow any of the other features to proxy it, you must create a
feature-specific version of the proxy-config.tpl file and edit that. See Configuring
the AJAX proxy for a specific feature for more details.
Note: The Search feature provides a Search-specific Ajax proxy configuration file
called proxy-search-config.xml. It is not created from the proxy-config.tpl
template file at runtime. See Configuring the Ajax proxy for Search for more details.
To configure the AJAX proxy, complete the following steps:
Procedure
1. Access the common AJAX proxy configuration template file:
a. Open a command-line window, start the wsadmin tool, and then use the
following commands to check out the proxy configuration file:
v Stand-alone deployments:
execfile("connectionsConfig.py")
v Network deployments:
execfile("<$WAS_HOME>/profiles/<DMGR>/config/bin_lc_admin/
connectionsConfig.py")
b. Check out the configuration file using the following command:
LCConfigService.checkOutProxyConfig("<temp_directory>",
"<cell_name>")
where <temp_directory> is a temporary directory of your choice, and
<cell_name> is the name of the cell where the Lotus Connections feature that
uses the global proxy template file is located.
246
IBM Lotus Lotus Connections 2.5 Installation Guide
2. From the temporary directory to which you checked out the configuration files,
open the proxy-config.tpl file in a text editor.
3. Make your edits. For example, you can do the following things:
v To explicitly refuse all traffic from a specific site, add a policy as follows:
<proxy:policy url="malicious.site.com" acf="none">
<proxy:actions/>
<proxy:headers/>
<proxy:cookies/>
</proxy:policy>
v To allow a particular service on your network to display a custom widget,
you can add the following policy entry to the file:
<proxy:policy url="http://my.network.com/widget/*" acf="none">
<proxy:actions>
<proxy:method>GET</proxy:method>
</proxy:actions>
<proxy:headers>
<proxy:header>User-Agent</proxy:header>
<proxy:header>Accept.*</proxy:header>
<proxy:header>Content.*</proxy:header>
<proxy:header>Authorization.*</proxy:header>
<proxy:header>If-.*</proxy:header>
<proxy:header>Pragma</proxy:header>
<proxy:header>Cache-Control</proxy:header>
</proxy:headers>
<proxy:cookies>
<proxy:cookie>JSESSIONID</proxy:cookie>
</proxy:cookies>
</proxy:policy>
v If a service requires authentication, you can configure it to also allow basic
authentication requests by adding a basic-auth-support="true" attribute to
the <proxy:policy> element. For example:
<proxy:policy
url="http://my.network.com/service/*"
acf="none"
basic-auth-support="true">
...
</proxy:policy>
If this attribute is not added, when an unauthenticated request is sent to a
service that requires authentication, the service does not display the basic
authentication dialog, but returns an HTTP 403 status code instead.
v To allow a particular service to run on your network and to pass cookies for
LTPA tokens to the features:
<proxy:policy url="http://my.network.com/service/*" acf="none">
<proxy:actions>
<proxy:method>GET</proxy:method>
</proxy:actions>
<proxy:headers>
<proxy:header>User-Agent</proxy:header>
<proxy:header>Accept.*</proxy:header>
<proxy:header>Content.*</proxy:header>
<proxy:header>Authorization.*</proxy:header>
<proxy:header>If-.*</proxy:header>
<proxy:header>Pragma</proxy:header>
<proxy:header>Cache-Control</proxy:header>
</proxy:headers>
<proxy:cookies>
<proxy:cookie>JSESSIONID</proxy:cookie>
Chapter 2. Security
247
<proxy:cookie>LtpaToken</proxy:cookie>
<proxy:cookie>LtpaToken2</proxy:cookie>
</proxy:cookies>
</proxy:policy>
Note: Specify the headers using regular expressions.
4. Add any new policy blocks before the default policy setting in the template file.
The default policy setting serves as a catch-all for all other requests and looks
like this:
<proxy:policy url="*" acf="none">
<proxy:actions>
<proxy:method>GET</proxy:method>
</proxy:actions>
<proxy:headers/>
<proxy:cookies/>
</proxy:policy>
By default, it allows all services to send GET requests to the Lotus Connections
features, and it prevents all cookies or headers from being directed to the
features.
5. Specify values for the following proxy configuration properties:
circular_redirects
Specifies that circular redirects are allowed. This property accepts a
Boolean value of true or false specified in lower-case letters. If set to
true, it supports using a proxy for a site that redirects to the same URL
but with different parameters. Such a change is not recognized as a
new URL. The default value of this property is true.
connection-timeout
Amount of time before an attempt to connect to a host times out.
Specified in milliseconds, the default value of this property is 60,000,
which is 1 minute.
max_circular_redirects
Maximum number of times a circular redirect is allowed before the
proxy rejects it. Specified as an integer, the default value of this
property is 100.
maxconnectionsperhost
Maximum number of simultaneous connections between the proxy and
a given host. Specified as an integer, the default value of this property
is 20.
maxtotalconnections
Maximum number of simultaneous connections between the proxy and
all of the hosts together. Specified as an integer, the default value of
this property is 50.
socket-timeout
Amount of time before an attempt to use a socket times out. Specified
in milliseconds, the default value of this property is 60,000, which is 1
minute.
unsigned_ssl_certificate_support
Specifies that self-signed SSL certificates are supported. This property
accepts a Boolean value of true or false specified in lower-case letters.
The default value of this property is true. Change it to false when the
system is ready for production.
6. Save and close the file.
248
IBM Lotus Lotus Connections 2.5 Installation Guide
7. Check the proxy-config.tpl file in during the same session in which you
checked it out. Use the following command to check the file in:
LCConfigService.checkInProxyConfig("<temp_directory>",
"<cell_name>")
where <temp_directory> is the temporary directory to which you checked out
the configuration files, and <cell_name> is the name of the cell where the
feature that uses the common proxy-config.tpl file is located.
8. Restart the application server hosting Lotus Connections.
Configuring the AJAX proxy for Search
By default, the AJAX proxy for the Search feature is configured to allow cookies,
headers or mime types, and all HTTP actions to allow data to be exchanged
between Search and the other IBM Lotus Connections features. If you want to
make changes to the traffic that is allowed to other services, you must explicitly
configure it.
Before you begin
This task is not required. Only perform it if you want to change the type of traffic
that can be exchanged with the Search feature.
About this task
To configure the AJAX proxy for Search, complete the following steps:
Procedure
1. Access the AJAX proxy configuration file:
a. Open a command-line window, start the wsadmin tool, and then use the
following commands to check out the proxy configuration file:
v Stand-alone deployments:
execfile("searchConfig.py")
v Network deployments:
execfile("<$WAS_HOME>/profiles/<DMGR>/config/bin_lc_admin/searchConfig.py")
b. Check out the configuration file using the following command:
SearchCellConfig.checkOutProxyConfig("<temp_directory>",
"<cell_name>")
where <temp_directory> is a temporary directory of your choice, and
<cell_name> is the name of the cell where the Connections feature that uses
the global proxy template file is located.
2. From the temporary directory to which you checked out the configuration files,
open the proxy-search-config.tpl file in a text editor.
3. Make your edits. For example, you can do the following things:
v To explicitly refuse all traffic from a specific site, add a policy like this:
<proxy:policy url="malicious.site.com" acf="none">
<proxy:actions/>
<proxy:headers/>
<proxy:cookies/>
</proxy:policy>
v To allow a particular service on your network to display a custom widget,
you can add the following policy entry to the file:
Chapter 2. Security
249
<proxy:policy url="http://my.network.com/widget/*" acf="none">
<proxy:actions>
<proxy:method>GET</proxy:method>
</proxy:actions>
<proxy:headers>
<proxy:header>User-Agent</proxy:header>
<proxy:header>Accept.*</proxy:header>
<proxy:header>Content.*</proxy:header>
<proxy:header>Authorization.*</proxy:header>
<proxy:header>X-Method-Override</proxy:header>
<proxy:header>If-.*</proxy:header>
<proxy:header>Pragma</proxy:header>
<proxy:header>Cache-Control</proxy:header>
</proxy:headers>
<proxy:cookies>
<proxy:cookie>JSESSIONID</proxy:cookie>
</proxy:cookies>
</proxy:policy>
v To allow a particular service to run on your network and to pass cookies for
LTPA tokens to the features:
<proxy:policy url="http://my.network.com/service/*" acf="none">
<proxy:actions>
<proxy:method>GET</proxy:method>
</proxy:actions>
<proxy:headers>
<proxy:header>User-Agent</proxy:header>
<proxy:header>Accept.*</proxy:header>
<proxy:header>Content.*</proxy:header>
<proxy:header>Authorization.*</proxy:header>
<proxy:header>If-.*</proxy:header>
<proxy:header>Pragma</proxy:header>
<proxy:header>Cache-Control</proxy:header>
</proxy:headers>
<proxy:cookies>
<proxy:cookie>JSESSIONID</proxy:cookie>
<proxy:cookie>LtpaToken</proxy:cookie>
<proxy:cookie>LtpaToken2</proxy:cookie>
</proxy:cookies>
</proxy:policy>
Note: Specify the headers using regular expressions.
4. Add any new policy blocks before the default policy setting in the template file.
The default policy setting serves as a catch-all for all other requests and looks
like this:
<proxy:policy url="*" acf="none">
<proxy:actions>
<proxy:method>GET</proxy:method>
</proxy:actions>
<proxy:headers/>
<proxy:cookies/>
</proxy:policy>
By default, it allows all services to send GET requests to the Lotus Connections
features, and it prevents all cookies or headers from being directed to the
features.
5. Specify values for the following proxy configuration properties:
circular_redirects
Specifies that circular redirects are allowed. This property accepts a
Boolean value of true or false specified in lower-case letters. If set to
true, it supports using a proxy for a site that redirects to the same URL
250
IBM Lotus Lotus Connections 2.5 Installation Guide
but with different parameters. Such a change is not recognized as a
new URL. The default value of this property is true.
connection-timeout
Amount of time before an attempt to connect to a host times out.
Specified in milliseconds, the default value of this property is 60,000,
which is 1 minute.
max_circular_redirects
Maximum number of times a circular redirect is allowed before the
proxy rejects it. Specified as an integer, the default value of this
property is 100.
maxconnectionsperhost
Maximum number of simultaneous connections between the proxy and
a given host. Specified as an integer, the default value of this property
is 20.
maxtotalconnections
Maximum number of simultaneous connections between the proxy and
all of the hosts together. Specified as an integer, the default value of
this property is 50.
socket-timeout
Amount of time before an attempt to use a socket times out. Specified
in milliseconds, the default value of this property is 60,000, which is 1
minute.
unsigned_ssl_certificate_support
Specifies that self-signed SSL certificates are supported. This property
accepts a Boolean value of true or false specified in lower-case letters.
The default value of this property is true. Change it to false when the
system is ready for production.
6. Save and close the file.
7. Check the proxy-search-config.tpl file back in during the same session in
which you checked it out. Use the following command to check the file in:
SearchCellConfig.checkInProxyConfig("<temp_directory>",
"<cell_name>")
where <temp_directory> is the temporary directory to which you checked out
the configuration files, and <cell_name> is the name of the cell where the
feature that uses the proxy-search-config.tpl file is located.
8. Restart the application server hosting Lotus Connections.
Configuring the AJAX proxy for a specific feature
The AJAX proxy configuration for all of the IBM Lotus Connections features is
defined in the proxy-config.tpl file. If you want to specify different AJAX proxy
settings for a specific feature only, you can do so by creating a new, feature-specific
version of the proxy-config.tpl template file.
Before you begin
This task is not required. Only perform it if you want to allow an external service
to do more than retrieve information from one of the Lotus Connections features.
You can define a custom proxy configuration for the Activities, Communities,
Home page and Profiles features, but not the other Lotus Connections features.
Chapter 2. Security
251
Note: The Search feature does not use the common Lotus Connections
configuration template file; it provides its own Ajax proxy configuration file.
About this task
By default, the Lotus Connections AJAX proxy is configured to allow cookies,
headers or mime types, and all HTTP actions to be exchanged among the Lotus
Connections features. However, from any non-Lotus Connections service, it only
allows HTTP GET requests and it prevents all cookies or headers from being
directed to the features. If you want to make changes to the traffic that is allowed
from other services, you must explicitly configure it.
To configure the AJAX proxy for a specific feature, complete the following steps:
Procedure
1. Go to the directory on the WebSphere Application Server in which the
configuration files are stored. For example: C:\IBM\WebSphere\AppServer\
profiles\AppSrv01\config\cells\<cell_name>\LotusConnections-config. Find
the proxy-config.tpl file, and then make a copy of the file, naming it using the
following syntax:
proxy-<feature_name>-config.tpl
where <feature_name> is the name of the feature for which you want to create a
custom proxy configuration. Save the copy in the same directory as the
proxy-config.tpl file.
2. Access the common AJAX proxy configuration template file:
a. Open a command-line window, start the wsadmin tool, and then use the
following commands to check out the proxy configuration file:
v Stand-alone deployments:
execfile("connectionsConfig.py")
v Network deployments:
execfile("<$WAS_HOME>/profiles/<DMGR>/config/bin_lc_admin/
connectionsConfig.py")
b. Check out the configuration file using the following command:
LCConfigService.checkOutProxyConfig("<temp_directory>",
"<cell_name>")
where <temp_directory> is a temporary directory of your choice, and
<cell_name> is the name of the cell where the Lotus Connections feature that
uses the global proxy template file is located.
3. Open the custom template file that you created earlier in a text editor.
4. Make your edits. For example, you can do the following things:
v To explicitly refuse all traffic from a specific site, add a policy as follows:
<proxy:policy url="malicious.site.com" acf="none">
<proxy:actions/>
<proxy:headers/>
<proxy:cookies/>
</proxy:policy>
v To allow a particular service on your network to display a custom widget,
you can add the following policy entry to the file:
<proxy:policy url="http://my.network.com/widget/*" acf="none">
<proxy:actions>
<proxy:method>GET</proxy:method>
</proxy:actions>
252
IBM Lotus Lotus Connections 2.5 Installation Guide
<proxy:headers>
<proxy:header>User-Agent</proxy:header>
<proxy:header>Accept.*</proxy:header>
<proxy:header>Content.*</proxy:header>
<proxy:header>Authorization.*</proxy:header>
<proxy:header>If-.*</proxy:header>
<proxy:header>Pragma</proxy:header>
<proxy:header>Cache-Control</proxy:header>
</proxy:headers>
<proxy:cookies>
<proxy:cookie>JSESSIONID</proxy:cookie>
</proxy:cookies>
</proxy:policy>
v If a service requires authentication, you can configure it to also allow basic
authentication requests by adding a basic-auth-support="true" attribute to
the <proxy:policy> element. For example:
<proxy:policy
url="http://my.network.com/service/*"
acf="none"
basic-auth-support="true">
...
</proxy:policy>
If this attribute is not added, when an unauthenticated request is sent to a
service that requires authentication, the service does not display the basic
authentication dialog, but returns an HTTP 403 status code instead.
v To allow a particular service to run on your network and to pass cookies for
LTPA tokens to the features:
<proxy:policy url="http://my.network.com/service/*" acf="none">
<proxy:actions>
<proxy:method>GET</proxy:method>
</proxy:actions>
<proxy:headers>
<proxy:header>User-Agent</proxy:header>
<proxy:header>Accept.*</proxy:header>
<proxy:header>Content.*</proxy:header>
<proxy:header>Authorization.*</proxy:header>
<proxy:header>If-.*</proxy:header>
<proxy:header>Pragma</proxy:header>
<proxy:header>Cache-Control</proxy:header>
</proxy:headers>
<proxy:cookies>
<proxy:cookie>JSESSIONID</proxy:cookie>
<proxy:cookie>LtpaToken</proxy:cookie>
<proxy:cookie>LtpaToken2</proxy:cookie>
</proxy:cookies>
</proxy:policy>
Note: Specify the headers using regular expressions.
5. Add any new policy blocks before the default policy setting in the template file.
The default policy setting serves as a catch-all for all other requests and looks
like this:
<proxy:policy url="*" acf="none">
<proxy:actions>
<proxy:method>GET</proxy:method>
</proxy:actions>
<proxy:headers/>
<proxy:cookies/>
</proxy:policy>
Chapter 2. Security
253
By default, it allows all services to send GET requests to the Lotus Connections
features, and it prevents all cookies or headers from being directed to the
features.
6. Specify values for the following proxy configuration properties:
circular_redirects
Specifies that circular redirects are allowed. This property accepts a
Boolean value of true or false specified in lower-case letters. If set to
true, it supports using a proxy for a site that redirects to the same URL
but with different parameters. Such a change is not recognized as a
new URL. The default value of this property is true.
connection-timeout
Amount of time before an attempt to connect to a host times out.
Specified in milliseconds, the default value of this property is 60,000,
which is 1 minute.
max_circular_redirects
Maximum number of times a circular redirect is allowed before the
proxy rejects it. Specified as an integer, the default value of this
property is 100.
maxconnectionsperhost
Maximum number of simultaneous connections between the proxy and
a given host. Specified as an integer, the default value of this property
is 20.
maxtotalconnections
Maximum number of simultaneous connections between the proxy and
all of the hosts together. Specified as an integer, the default value of
this property is 50.
socket-timeout
Amount of time before an attempt to use a socket times out. Specified
in milliseconds, the default value of this property is 60,000, which is 1
minute.
unsigned_ssl_certificate_support
Specifies that self-signed SSL certificates are supported. This property
accepts a Boolean value of true or false specified in lower-case letters.
The default value of this property is true. Change it to false when the
system is ready for production.
7. Save and close the file.
8. Add the file you created to the appropriate configuration service using one of
the following commands:
v Activities:
ActivitiesConfigService.checkInProxyConfig("<temp_directory>",
"<cell_name>")
v Blogs or Communities:
CommunitiesConfigService.checkInProxyConfig("<temp_directory>",
"<cell_name>")
v Home page:
HomepageCellConfig.checkInProxyConfig("<temp_directory>",
"<cell_name>")
v Profiles:
ProfilesConfigService.checkInProxyConfig("<temp_directory>",
"<cell_name>")
254
IBM Lotus Lotus Connections 2.5 Installation Guide
where <temp_directory> is the temporary directory to which you checked out
the configuration files, and <cell_name> is the name of the cell where the
feature that uses the proxy template file is located.
9. Restart the WebSphere Application Server hosting Lotus Connections.
What to do next
To make subsequent changes to the feature-specific proxy template file, you must
complete the following steps to check it out:
1. Access the configuration service files for the feature to which you want to
apply special proxy configuration rules. Use one of the following commands:
v Stand-alone deployment:
execfile("<py_file_name>")
v Network deployment:
execfile("<$WAS_HOME>/profiles/<DMGR>/config/bin_lc_admin/
<py_file_name>")
If you are prompted to specify which server to connect to, type 1. This
information is not used by the wsadmin client when you are making
configuration changes.
where <py_file_name> is one of the following depending on the feature to which
you are applying the proxy configuration settings:
v Activities: activitiesAdmin.py
v Communities: communitiesAdmin.py
v Home page: homepageAdmin.py
v Profiles: profilesAdmin.py
2. Check out the configuration service for the feature. Use one of the following
commands:
v Activities:
ActivitiesConfigService.checkOutProxyConfig("<temp_directory>",
"<cell_name>")
v Communities:
CommunitiesConfigService.checkOutProxyConfig("<temp_directory>",
"<cell_name>")
v Home page:
HomepageCellConfig.checkOutProxyConfig("<temp_directory>",
"<cell_name>")
v Profiles:
ProfilesConfigService.checkOutProxyConfig("<temp_directory>",
"<cell_name>")
where <py_file_name> is one of the following depending on the feature to which
you are applying the proxy configuration settings:
v Activities: activitiesAdmin.py
v Communities: communitiesAdmin.py
v Home page: homepageAdmin.py
v Profiles: profilesAdmin.py
3. Open the template file in a text editor, and make the changes that you want to
make.
Chapter 2. Security
255
Enabling the AJAX proxy to forward user credentials
Edit the proxy configuration template file to instruct the IBM Lotus Connections
server to accept LTPA tokens. This task is necessary is you want to configure single
sign-on between Lotus Connections and the servers defined in the proxy
configuration file.
About this task
To enable the AJAX proxy to forward user credentials, complete the following
steps:
Procedure
1. Open a command line window, start the wsadmin tool, and then do one of the
following things:
v If you want all of the features to pass LTPA tokens, access the common AJAX
proxy configuration template file using the following command:
– Stand-alone deployments:
execfile("connectionsConfig.py")
– Network deployments:
execfile("<$WAS_HOME>/profiles/<DMGR>/config/bin_lc_admin/
connectionsConfig.py")
If you are prompted to specify which server to connect to, type 1. This
information is not used by the wsadmin client when you are making
configuration changes.
v If you want only a single feature to be able to pass LTPA tokens, access the
custom proxy configuration template file that you created for that feature.
See Configuring the AJAX proxy for information about how to create this file.
To access the custom configuration template file, use the following command:
– Stand-alone deployments:
execfile("<feature_name>Config.py")
– Network deployments:
execfile("<$WAS_HOME>/profiles/<DMGR>/config/bin_lc_admin/
<feature_name>Config.py")
where <feature_name> is the name of the feature for which you created a
custom proxy configuration template file. For example:
- Activities: activitiesAdmin.py
- Blogs or Communities: communitiesAdmin.py
- Home page: homepageAdmin.py
- Profiles: profilesAdmin.py
If you are prompted to specify which server to connect to, type 1. This
information is not used by the wsadmin client when you are making
configuration changes.
2. Check out the proxy configuration template file using one of the following
commands:
v If you want all of the features to be able to pass LTPA tokens, use the
following command to check out the proxy-config.tpl file.
LCConfigService.checkOutProxyConfig("<temp_directory>","<cell_name>")
v If you want only a single feature to be able to pass LTPA tokens, use the
following command:
256
IBM Lotus Lotus Connections 2.5 Installation Guide
<feature_name>ConfigService.checkOutProxyConfig(
"<temp_directory>","<cell_name>")
where <feature_name> is the name of the feature for which you created a
custom proxy configuration template file. For example:
– Activities:
ActivitiesConfigService.checkOutProxyConfig("<temp_directory>",
"<cell_name>")
– Blogs or Communities:
CommunitiesConfigService.checkOutProxyConfig("<temp_directory>",
"<cell_name>")
– Home page:
HomepageCellConfig.checkOutProxyConfig("<temp_directory>",
"<cell_name>")
– Profiles:
ProfilesConfigService.checkOutProxyConfig("<temp_directory>",
"<cell_name>")
3. From the temporary directory to which you checked out the files, open the
proxy configuration template file in a text editor.
4. Include the following declarations in the proxy:policy block of the service to
allow cookies for LTPA tokens to be passed to the features:
<proxy:cookies>
<proxy:cookie>JSESSIONID</proxy:cookie>
<proxy:cookie>LtpaToken</proxy:cookie>
<proxy:cookie>LtpaToken2</proxy:cookie>
</proxy:cookies>
5. Save and close the file.
6. Check in the proxy configuration template file during the same session in
which you checked it out. To do so, complete the following steps:
v If you edited the proxy-config.tpl file, use the following command to check
it back in:
LCConfigService.checkInProxyConfig("<temp_directory>",
"<cell_name>")
where <temp_directory> is the temporary directory to which you checked out
the configuration files, and <cell_name> is the name of the cell where the
feature that uses the common proxy-config.tpl file is located.
v If you made configuration changes for a specific feature, check that custom
template file back in using one of the following commands:
– Activities:
ActivitiesConfigService.checkInProxyConfig("<temp_directory>",
"<cell_name>")
– Blogs or Communities:
CommunitiesConfigService.checkInProxyConfig("<temp_directory>",
"<cell_name>")
– Home page:
HomepageCellConfig.checkInProxyConfig("<temp_directory>",
"<cell_name>")
– Profiles:
ProfilesConfigService.checkInProxyConfig("<temp_directory>",
"<cell_name>")
Chapter 2. Security
257
where <temp_directory> is the temporary directory to which you checked out
the configuration files, and <cell_name> is the name of the cell where the
feature that uses the proxy template file is located.
7. Restart the application server hosting Lotus Connections.
Securing features from malicious attack
Lotus Connections provides security measures, such as an active content filter and
content upload limits, that you can use to mitigate the risk of malicious attacks.
Because these security measures can also limit the flexibility of the features, you, as
the system administrator, must evaluate the security of your network and
determine whether or not you need to implement them.
Any software that displays user authored content can be vulnerable to cross-site
scripting (XSS) attacks. Attackers can introduce JavaScript into their content that
can, among other things, steal a user's session. Session stealing in a single sign-on
(SSO) environment poses particular challenges because any vulnerability to XSS
attacks can render the entire single sign-on domain vulnerable.
One of the ways that Lotus Connections provides a defense against this type of
attack is by implementing an active content filter. The active content filter removes
JavaScript and other potentially harmful content from a post or entry before
adding it to a feature. By default, all user-provided content is sent through this
filter. You can turn off the active content filter if you determine that your network
is safe from the threat of malicious attacks.
Considerations
While securing Lotus Connections against malicious attacks mitigates the
vulnerability to XSS attacks, it also limits what trusted users can do. For example,
it removes the ability to add dynamic JavaScript content to a blog. Some areas to
consider when deciding which security measures to implement are:
Text-based fields
When active content filtering is enabled, users cannot add embedded
content, such as JavaScript code to text-based fields. In addition, they
cannot add videos to text-based fields in any feature except Blogs. These
restrictions prevents users from adding such content to the About Me and
Background fields in their profile, to any of the Description fields, such as
those used for a community, bookmark , or activity description, and
prevents users from adding JavaScript code to a blog posting.
File uploads
Activities, Blogs, and Files enable users to upload files, and Wikis enables
users to attach files to wiki pages. In Activities, users can attach HTML
and text files to an activity by default. There is no way to guarantee that
the content they attach will not contain malicious code. The capability of
such an attack is limited in that for all non-image activity attachments,
users must download the content to their local machine before viewing it.
This download forces content to be executed in isolation, and prevents
downloaded content from accessing data associated with an authenticated
activity session. By contrast, while Blogs allows certain file types to be
uploaded, HTML files are not one of the types. If you choose to modify the
file upload settings to allow HTML file uploads, be aware that these pages
can contain JavaScript. Enabling the uploading of HTML files introduces a
vulnerability to XSS attacks. Files allows all types of content to be
258
IBM Lotus Lotus Connections 2.5 Installation Guide
uploaded and Wikis allows all types of content to be attached to wiki
pages. Both support running the active content filter on the files when they
are downloaded.
Custom templates
Blogs supports the use of custom templates, which provide the ability for
the blog owner to change the look of the blog. A custom template page is
not filtered by the active content filter. Allowing custom template use
introduces a XSS attack vulnerability.
Mitigating a cross site scripting attack
If you deem that your network is secure enough to turn off the active content filter,
consider using one of the configuration options described in this topic to mitigate
an attack should one occur.
About this task
If you decide to disable active content filtering in favor of providing maximum
flexibility, you must take steps to contain a cross site scripting (XSS) attack. For
example, your organization might believe that as long as the XSS exposure is
limited only to your blog site, the risk is acceptable. If that is the case, consider
adopting the following best practices to contain an attack:
Use isolated domains
Ensure that the component at risk of attack is installed in a completely
separate domain. For example, if the Blogs feature will allow posting of
active content, install it in a separate domain such as: blogs.acme.org. If the
Activities feature will allow active content, install it in a separate domain
such as: activities.acme.org. Also consider using multiple domains for a
single feature, using a separate domain for the file downloads of the
feature.
Do not use single sign-on
To contain any attack, ensure that single-sign-on (SSO) authentication is not
used to authenticate a user in a feature that allows active content. When
single sign-on is enabled, a user's cookie can be stored and used to access
data in another domain. While it is not recommended that single sign-on
be used when a component has turned off active content filtering, it is
possible to use single sign-on with HTTP Only Cookies. WebSphere
Application Server version 6.1.0.11 introduced the ability to produce "HTTP
Only" cookies for the single sign-on cookies. If this feature is used in
conjunction with an HTTP-only browser, then the XSS vulnerability can be
contained.
Configure files to be downloaded from a separate domain
Add rewrite rules to the IBM HTTP Server configuration file to force any
downloaded files to be recognized by the Web browser as content that is
independent from the feature it was downloaded from, and treat it
accordingly. Without downloading in a subdomain with non-shared
authentication, there is a vulnerability because other content types can
allow execution of content with the hosting domain's credentials. An
example of another content type that can get executed in the hosted
domain is Adobe Flash. If Flash Player 9 is used, all hosted Flash will be
allowed to call the hosting domain's services and execute XSS attacks. With
Flash Player 10, if Content-Disposition: inline is used this vulnerability still
Chapter 2. Security
259
exists. Blogs uses this Content-Disposition mode, so for maximum security
on Blogs, a separate download domain must be used or Flash must be
disabled.
If you choose to set up a subdomain for file downloads, determine
whether or not to enable single sign-on between the subdomain and the
domain of the core feature:
v If you choose to enable single sign-on, configure HTTP-only cookies. To
do so, complete the following steps:
1. Open the WebSphere Application Server Integrated Solution Console.
2. Expand Security, and then select Secure administration,
applications, and infrastructure.
3. Click Custom properties.
4. Find the com.ibm.ws.security.addHttpOnlyAttributeToCookies
property, and set its value to true.
v If you choose not to enable single sign-on, users will be asked to
re-authenticate when they download a file.
See Specifying a separate file download domain for information about how to
create the subdomain.
Specifying a separate file download domain
Files added to the Activities, Blogs, or Files features could potentially contain
malicious code that can exploit the cross-site scripting vulnerabilities of some
browsers. You can add rewrite rules to the IBM HTTP Server configuration file to
force any downloaded files to be recognized by the Web browser as content that is
independent from the feature from which it was downloaded, and treat it
accordingly.
Before you begin
Most Web browsers have security features that prevent scripts which originate
from one domain from accessing information in a browser session in another
domain. This security feature is loosely called the same origin policy. A domain is
made up of a protocol (such as HTTP) and the domain (host name) that the page
is loaded from. You can implement the following procedure to force files
downloaded from Activities, Blogs, or Files to be identified as coming from a
different domain than the feature's Web browser session.
Note: When Siteminder is configured, the cookie domain is determined by the
Siteminder CookieDomain configuration, which defines a single, fixed domain in
IBM HTTP Server. This means without additional effort, downloads must share
single sign-on with the application if Siteminder is used. See Mitigating a cross site
scripting attack for more information about this risk.
About this task
To minimize the cross-site scripting risk posed by files downloaded from an
activity, blog, or file collection, complete the following steps:
Procedure
1. Register a new DNS domain alias for downloads from the Activities, Blogs, or
Files sites, which points to the Activities, Blogs, or Files domain respectively.
For example, if your server domain name for Activities is activities.acme.com,
260
IBM Lotus Lotus Connections 2.5 Installation Guide
you could name the alias activities-downloads.acme.com and have it point to
the same IP address as activities.acme.com does.
2. You might need a secondary certificate for the download domain. If so, get the
certificate and configure it for use through the virtual host options. See the IBM
HTTP Server documentation for more information.
3. Open the httpd.conf file, which is the configuration file for IBM HTTP Server,
in a text editor. By default, the file is stored in the following directory:
v AIX: /usr/IBM/HTTPServer/conf
v Linux: /opt/IBM/HTTPServer/conf
v Microsoft Windows: C:\IBM\HTTPServer\conf
4. Enable the rewrite module. If the following line of text is commented out,
uncomment it. If the statement is not present, add it.
LoadModule rewrite_module modules/mod_rewrite.so
5. Edit the configuration to indicate that the download domain allows download
and login actions only and forbids all other actions. To do so, add the following
block of text to the non-SSL virtual host section of the configuration file:
v Activities:
RewriteEngine On
RewriteCond %{SERVER_NAME} !activities-downloads.acme.com$ [NC]
RewriteCond $1 !.*activitiesExtendedDescription.*$ [NC]
RewriteRule ^/activities/service/download/(.+)$ http://activities-downloads.acme.com/
activities/service/download/$1 [L]
RewriteCond
RewriteCond
RewriteCond
RewriteRule
%{SERVER_NAME} ^activities-downloads.acme.com$ [NC]
%{REQUEST_METHOD} !^(GET|HEAD)$ [NC]
%{REQUEST_URI} !^/activities/auth/j_security_check$
.* - [F]
RewriteCond
RewriteCond
RewriteCond
RewriteCond
RewriteCond
RewriteCond
RewriteCond
RewriteCond
RewriteRule
%{SERVER_NAME} ^activities-downloads.acme.com$ [NC]
%{REQUEST_METHOD} ^(GET|HEAD)$ [NC]
%{REQUEST_URI} !^/activities/auth/login.jsp$
%{REQUEST_URI} !^/activities/auth/j_security_check$
%{REQUEST_URI} !^/activities/nav/.+$
%{REQUEST_URI} !^/activities/bundles/.+$
%{REQUEST_URI} !^/activities/styles/.+$
%{REQUEST_URI} !^/activities/javascript/.+$
!^/activities/service/download/(.+)$ - [F]
v Blogs:
RewriteEngine On
RewriteCond %{SERVER_NAME} !^blogs-downloads.acme.com$ [NC]
RewriteCond %{REQUEST_METHOD} ^(GET|HEAD)$ [NC]
RewriteRule ^/blogs/(.+)/resource(/.+)?$ http://blogs-downloads.acme.com/
blogs/$1/resource$2 [L]
RewriteCond
RewriteCond
RewriteCond
RewriteRule
%{SERVER_NAME} ^blogs-downloads.acme.com$ [NC]
%{REQUEST_METHOD} !^(GET|HEAD)$ [NC]
%{REQUEST_URI} !^/blogs/j_security_check$
.* - [F]
RewriteCond
RewriteCond
RewriteCond
RewriteCond
RewriteCond
RewriteCond
%{SERVER_NAME} ^blogs-downloads.acme.com$ [NC]
%{REQUEST_METHOD} ^(GET|HEAD)$ [NC]
%{REQUEST_URI} !^/blogs/roller-ui/login.do$
%{REQUEST_URI} !^/blogs/roller-ui/login-redirect.jsp$
%{REQUEST_URI} !^/blogs/j_security_check$
%{REQUEST_URI} !^/blogs/bundles/css/.+$
Chapter 2. Security
261
RewriteCond
RewriteCond
RewriteCond
RewriteRule
%{REQUEST_URI} !^/blogs/nav/.+$
%{REQUEST_URI} !^/blogs/roller-ui/images/.+$
%{REQUEST_URI} !^/blogs/.+/resource(/.+)?$
.* - [F]
v Files:
For Files:
RewriteEngine On
RewriteCond %{SERVER_NAME} !^files-downloads.acme.com$ [NC]
RewriteCond %{REQUEST_METHOD} ^(GET|HEAD)$ [NC]
RewriteRule ^/files(/.*)?/(document|draft|attachment|version)/([^/]*)/
media(/[^/]*/*)?$ http://files-downloads.acme.com/files$1/$2/$3/media$4 [L]
#
#
#
#
If SSL is enabled for the component, remove the commenting from the two
lines below to redirect the login.
RewriteCond %{SERVER_NAME} ^files-downloads.acme.com$ [NC]
RewriteRule ^/files/login$ https://files-downloads.acme.com/files/login [L]
RewriteCond
RewriteCond
RewriteCond
RewriteRule
%{SERVER_NAME} ^files-downloads.acme.com$ [NC]
%{REQUEST_METHOD} !^(GET|HEAD)$ [NC]
%{REQUEST_URI} !^/files/j_security_check$
.* - [F]
RewriteCond %{SERVER_NAME} ^files-downloads.acme.com$ [NC]
RewriteCond %{REQUEST_METHOD} ^(GET|HEAD)$ [NC]
RewriteCond %{REQUEST_URI} !^/files/login$
RewriteCond %{REQUEST_URI} !^/files/j_security_check$
RewriteCond %{REQUEST_URI} !^/files/images/.+$
RewriteCond %{REQUEST_URI} !^/files/nav/.+$
RewriteCond %{REQUEST_URI} !^/files/js/.+$
RewriteCond %{REQUEST_URI} !^/files(/.*)?/(document|draft|attachment|version)/
([^/]*)/media(/[^/]*/*)?$
# If the IHS fast file serving module (mod_ibm_local_redirect.so) is enabled,
# then you need to add access on the download domain for the alias you added
# when configuring the module by replacing <FILES_CONTENT_DIR> with this value
# and uncommenting the rule below.
# See Configuring Files and Wikis downloading for production deployments
# RewriteCond %{REQUEST_URI} !^/<FILES_CONTENT_DIR>/.+$
RewriteRule .* - [F]
Note: If you are cutting and pasting these statements into the configuration
file, be advised that we have added hard returns to long statements to enable
them to be displayed on the Web page. Be sure to remove the hard-coded
returns from long statements, such as URLs, after you paste them into the
configuration file.
Replace references to .acme.com with the alias that you created for the
download domain for files downloaded from the feature.
6. If you are sending traffic over SSL, add the same set of statements to the SSL
virtual host section of the configuration file, but update all Web address
references to indicate HTTPS instead of HTTP.
Note: There are a few statements in the snippets for Files that must be either
included or commented out depending on whether or not SSL is enabled.
7. Add the rule in the previous step to any virtual host sections of the
configuration file.
8. Save and close the configuration file.
262
IBM Lotus Lotus Connections 2.5 Installation Guide
Turning off active content filtering
Only turn off active content filtering if you have secured your network against
cross-site scripting attacks by other means.
Before you begin
Before you disable active content filtering, be sure you have considered the
security implications of this decision. See Securing features from malicious attack for
more information.
About this task
To turn off active content filtering, complete the following steps:
Procedure
1. Start the wsadmin client. See Starting the wsadmin client for details.
2. Find out what the current setting is for the active content filter property. See
Editing configuration files for details and to find out which commands to use to
check out the configuration files.
3. Change the active content filtering property for the feature using one of the
following commands:
v Activities:
ActivitiesConfigService.updateConfig("activeContentFilter.enabled", "false")
v Blogs:
BlogsConfigService.updateConfig("ACFEnabled", "false")
v Bookmarks:
DogearCellConfig.updateConfig("activeContentFilter.enabled", "false")
v Communities:
CommunitiesConfigService.updateConfig("activeContentFilter.enabled", "false")
v Files:
FilesConfigService.updateConfig("activeContentFilter.enabled","false")
v Profiles:
ProfilesConfigService.updateConfig("activeContentFilter.enabled","false")
v Wikis:
WikisConfigService.updateConfig("activeContentFilter.enabled","false")
4. Apply your changes. See Applying property changes for details.
Disabling support for flash animations
If you have enabled the active content filter in Lotus Connections, its default
behavior is to allow flash animations to be displayed in an IFRAME in Blogs and
Wikis after filtering out any malicious parameters that are found in the embedded
object description. Displaying the animation in an IFRAME limits the amount of
page data the animation can access. You can disable this support if you prefer.
Before you begin
If you disable support for flash animations, then when a person tries to add an
embedded flash animation file to a wiki or blog entry, it will be removed by the
active content filter and will not appear on the page. This procedure does not
remove flash animation files that users have already added to their blogs nor does
Chapter 2. Security
263
it prevent them from being displayed. You must explicitly remove or ask the entry
owners to remove the flash animation files from existing entries.
To edit configuration files, you must use the wsadmin client. See Starting the
wsadmin client for details.
About this task
To disable support for flash animations, complete the following steps:
Procedure
1. Use the wsadmin client to access and check out the Lotus Connections
configuration files.
a. Use one of the following commands to access the Lotus Connections
configuration file:
v Stand-alone deployment: execfile("connectionsConfig.py")
v Network deployment: execfile("<$WAS_HOME>/profiles/<DMGR>/config/
bin_lc_admin/connectionsConfig.py")
If you are prompted to specify which server to connect to, type 1.
Note: This information is not used by the wsadmin client when you are
making configuration changes.
b. Check out the Lotus Connections configuration files using the following
command:
LCConfigService.checkOutConfig("<working_directory>","<cell_name>")
where:
v <working_directory> is the temporary working directory to which the
configuration XML and XSD files are copied and are stored while you
make changes to them. Use forward slashes to separate directories in the
file path, even if you are using the Microsoft Windows operating system.
v <cell_name> is the name of the WebSphere Application Server cell hosting
the Lotus Connections feature. This argument is required even in
stand-alone deployments. This argument is also case-sensitive, so type it
with care. If you do not know the cell name, do one of the following to
determine it:
– Stand-alone deployment: Look at the directory name in the following
directory in the file system:
<$WAS_HOME>\profiles\<profile_name>\config\cells\
– Network deployment: Type the following command while in the
wsadmin command processor:
print AdminControl.getCell()
For example:
v AIX/Linux:
LCConfigService.checkOutConfig("/opt/temp","foo01Cell01")
v Microsoft Windows:
LCConfigService.checkOutConfig("c:/temp","foo01Cell01")
2. Set the value of the allowedContent.contentType.enabled parameter to false
using the following command:
LCConfigService.updateConfig("allowedContent.contentType.enabled","false")
3. After making changes, you must check the configuration files back in and you
must do so during the same wsadmin session in which you checked them out
264
IBM Lotus Lotus Connections 2.5 Installation Guide
for the changes to take effect. See Applying common configuration property changes
for information about how to save and apply your changes.
Forcing traffic to be sent over SSL
You can configure Lotus Connections to force all traffic that passes between a
Lotus Connections server and a user's Web browser to be sent over the Secure
Socket Layer (SSL).
Before you begin
Be sure that SSL is enabled in your environment before you perform this
procedure. See Configuring the IBM HTTP Server for SSL in the Installing section of
the Lotus Connections information center for more information.
To edit configuration files, you must use the wsadmin client. See Starting the
wsadmin client for details.
About this task
To force traffic to be sent over SSL, complete the following steps:
Procedure
1. Use the wsadmin client to access and check out the Lotus Connections
configuration files.
a. Use one of the following commands to access the Lotus Connections
configuration file:
v Stand-alone deployment: execfile("connectionsConfig.py")
v Network deployment: execfile("<$WAS_HOME>/profiles/<DMGR>/config/
bin_lc_admin/connectionsConfig.py")
If you are prompted to specify which server to connect to, type 1.
Note: This information is not used by the wsadmin client when you are
making configuration changes.
b. Check out the Lotus Connections configuration files using the following
command:
LCConfigService.checkOutConfig("<working_directory>","<cell_name>")
where:
v <working_directory> is the temporary working directory to which the
configuration XML and XSD files are copied and are stored while you
make changes to them. Use forward slashes to separate directories in the
file path, even if you are using the Microsoft Windows operating system.
v <cell_name> is the name of the WebSphere Application Server cell hosting
the Lotus Connections feature. This argument is required even in
stand-alone deployments. This argument is also case-sensitive, so type it
with care. If you do not know the cell name, do one of the following to
determine it:
– Stand-alone deployment: Look at the directory name in the following
directory in the file system:
<$WAS_HOME>\profiles\<profile_name>\config\cells\
– Network deployment: Type the following command while in the
wsadmin command processor:
print AdminControl.getCell()
Chapter 2. Security
265
For example:
v AIX/Linux:
LCConfigService.checkOutConfig("/opt/temp","foo01Cell01")
v Microsoft Windows:
LCConfigService.checkOutConfig("c:/temp","foo01Cell01")
2. Enter the following command:
LCConfigService.updateConfig("force.conf.comm.enabled", "true")
3. After making changes, you must check the configuration files back in and you
must do so during the same wsadmin session in which you checked them out
for the changes to take effect. See Applying common configuration property changes
for information about how to save and apply your changes.
4. Optional: To secure session cookies, complete the following steps:
a. Log in to the WebSphere Application Server Integrated Solutions Console of
the server hosting your Lotus Connections features as the administrator.
b. Select Servers → Application servers.
c. Click the server hosting Lotus Connections from the list of server names.
d. Click Session Management, and then click Enable cookies.
e. Select the Restrict cookies to HTTPS sessions check box.
f. Click Apply, and then click OK.
5. Optional: To secure LTPA tokens, complete the following steps:
a. From the WebSphere Application Server Integrated Solutions Console,
expand Security, and then click Secure administration, applications and
infrastructure.
b. Expand Web security, and then click single sign-on (SSO).
c. Select the Requires SSL check box.
d. Click Apply, and then click OK.
What to do next
Perform some additional steps to force Files and Wikis API calls to be sent over
HTTPS. See Forcing Files and Wikis authenticated API traffic to be sent over HTTPS for
more details.
Related tasks
“Forcing Files and Wikis authenticated API traffic to be sent over HTTPS”
The Files and Wikis APIs use J2EE declarative security, which does not support the
redirection of basic authentication requests to HTTPS before requesting
authentication credentials. You must take some steps to prevent credentials from
being sent unencrypted in response to authentication challenges.
Forcing Files and Wikis authenticated API traffic to be sent
over HTTPS
The Files and Wikis APIs use J2EE declarative security, which does not support the
redirection of basic authentication requests to HTTPS before requesting
authentication credentials. You must take some steps to prevent credentials from
being sent unencrypted in response to authentication challenges.
Before you begin
Configure Lotus Connections to force all feature traffic to be sent over SSL. See
Forcing traffic to be sent over SSL for more details.
266
IBM Lotus Lotus Connections 2.5 Installation Guide
About this task
Configure the IBM HTTP Server to redirect API requests that are sent over HTTP
to be sent over HTTPS.
To force API requests to be sent over HTTPS, complete the following steps:
Procedure
1. Using a text editor, open the httpd.conf file. The file is stored in the following
directory by default:
v AIX: /usr/IBM/HTTPServer/conf
v Linux: /opt/IBM/HTTPServer/conf
v Microsoft Windows: C:\IBM\HTTPServer\conf
2. Add the following statement to the file:
Redirect /files/basic/api https://<servername>:<port>/files/basic/api
Redirect /wikis/basic/api https://<servername>:<port>/wikis/basic/api
3. Save and close the configuration file.
4. Restart IBM HTTP Server.
Related tasks
“Forcing traffic to be sent over SSL” on page 265
You can configure Lotus Connections to force all traffic that passes between a
Lotus Connections server and a user's Web browser to be sent over the Secure
Socket Layer (SSL).
Chapter 2. Security
267
268
IBM Lotus Lotus Connections 2.5 Installation Guide
Chapter 3. Updating and migrating
Update or migrate Lotus Connections to the latest point release.
Migrating
Migrate Lotus Connections release 2.0.1 to release 2.5, using built-in
wizards and scripts.
Updating
Update release 2.5 with interim fixes and fix packs
Migrating a pilot
Convert a pilot deployment to a production deployment
About migrating
Migrate Lotus Connections release 2.0.1 to release 2.5, moving your data,
configuration settings, and databases.
About updating
Use the update wizard to update Lotus Connections 2.0.1 to release 2.5.
Note:
v After updating, you might need to reconfigure IBM HTTP Server. For more
information, see the Configuring IBM HTTP Server topic.
v If you have any customized header, footer, theme, or CSS files, you need to
update those customizations.
About migrating a pilot
A pilot-to-production migration can occur only within the context of a single Lotus
Connections release. You cannot migrate a Lotus Connections 2.0.1 pilot installation
to a Lotus Connections 2.5 production installation. In that scenario, you need to
migrate your 2.0.1 pilot installation to a 2.0.1 production installation and then
update the 2.0.1 production installation to 2.5.
Pilot installations use a DB2 Express database. When you migrate to a production
installation, you can choose one of the following database systems:
v DB2 Universal Database
v Oracle Enterprise Edition
v Microsoft SQL Server 2005
For more information about supported database systems, see the Hardware and
software requirements topic.
Preparing Lotus Connections for maintenance
Let your users know about the planned outage while you update or migrate IBM
Lotus Connections.
© Copyright IBM Corp. 2007, 2010
269
Before you begin
Ensure that your systems meet the requirements for Lotus Connections 2.5. For
more information, see the Lotus Connections 2.5 system requirements topic.
About this task
To bring down Lotus Connection in preparation for updating or migrating the
product, complete the following steps:
Procedure
1. Inform users of the planned outage and let them know when the maintenance
work will begin and how long it will last. You can send e-mail notifications to
community members or post a message to an area of the product that is used
to provide site status information.
2. Perform one of the following steps:
v Stop the IBM HTTP Server – only do this if no other applications are using
the IBM HTTP Server.
v Keep the webserver running but prevent user-access to the deployment
during the migration or update. To accomplish this, set up a maintenance
page and create a rewrite rule in the httpd.conf configuration file for the
IBM HTTP Server to redirect requests for Lotus Connections:
a. Create an HTML document notifying users of the server maintenance
window. The maintenance page can inform users that Lotus Connections
is temporarily unavailable because of scheduled maintenance work. Point
to the maintenance page via these ErrorDocument statements:
– ErrorDocument 401 /upgrading.htm
– ErrorDocument 403 /upgrading.htm
b. Add the following element to your httpd.conf file to block all
non-authorized IP addresses from reaching the server and to send the
user to the upgrading.html page:
<Location / >
Order Deny,Allow
Deny from all
Allow from <your.ip.address>
Allow from <ip.address.of.each.machine.in.deployment>
</Location>
Note: You must have an Allow element for every instance of WebSphere
Application Server in your deployment.
What to do next
When the migration or update is complete, remove the Location and
ErrorDocument stanzas from the httpd.conf file.
270
IBM Lotus Lotus Connections 2.5 Installation Guide
Related tasks
“Post-migration tasks” on page 339
After migration, you need to perform further tasks to ensure that your new
deployment is complete.
“Migrating a stand-alone deployment” on page 274
Migrate your Lotus Connections 2.0.1 stand-alone deployment to release 2.5.
“Migrating a network deployment” on page 289
Migrate your Lotus Connections 2.0.1 network deployment to release 2.5.
Related reference
“Lotus Connections detailed system requirements” on page 13
Use the updateLC command to run the update wizard in silent mode.
Backing up Lotus Connections
Before applying updates, back up your databases and your Lotus Connections
deployment.
About this task
Follow these steps to back up your Lotus Connections deployment. You can use
this back-up to restore your existing Lotus Connections deployment if the update
fails.
Procedure
1. Stop the WebSphere Application Server instances that are hosting Lotus
Connections.
2. Create a backup copy of the databases using native database tools. If the
update fails, use this backup to restore the databases.
3. Network deployment only: Create a back-up copy of the WebSphere
Application Server Deployment Manager profile directory that contains Lotus
Connections clusters: profile_root//Dmgr01. For example: D:\WebSphere\
AppServer\profiles\dmgr.
4. Back up your Lotus Connections deployment.
a. Create a back-up copy of the Lotus Connections installation directory:
lotus_connections_root.
b. Create a back-up copy of the WebSphere Application Server profile
directory: profile_root
Note: If Lotus Connections features are deployed on separate profiles,
archive each profile.
c. Create a back-up copy of the profileRegistry.xml file, located under
app_server_root/properties.
5. Back up the Communities forum content store: lotus_connections_root/Data/
communities/content.
Note: You do not need to back up other 2.0.1 content store directories because
they are not affected by the database wizard during migration.
6. Back up any customized configuration files. For more information, see the
Saving your customizations topic.
Chapter 3. Updating and migrating
271
Related concepts
“Saving your customizations”
Before updating or migrating, back up or make notes of your customizations.
Related tasks
“Migrating a stand-alone deployment” on page 274
Migrate your Lotus Connections 2.0.1 stand-alone deployment to release 2.5.
“Migrating a network deployment” on page 289
Migrate your Lotus Connections 2.0.1 network deployment to release 2.5.
Saving your customizations
Before updating or migrating, back up or make notes of your customizations.
The update or migration process changes several configuation files, including files
that you might have customized. Customized files can include header and footer
HTML files, CSS and JSP files, themes, and several other files that are listed in this
topic.
Maintaining Lotus Connections customizations
Your customizations to the Lotus Connections features are maintained by the
migration tool (the lc-export and lc-import commands).
If you are using Lotus Connections Connectors, such as Lotus Quickr or
Confluence, you will have to re-install them after migration. Similarly, if you
defined a server whitelist for publishing file attachments from Activities to Lotus
Quickr, back it up before migration. You will need to re-define it manually after
migration.
Related tasks
“Backing up Lotus Connections” on page 271
Before applying updates, back up your databases and Lotus Connections
environment.
“Post-migration tasks” on page 339
After migration, you need to perform further tasks to ensure that your new
deployment is complete.
Migrating to Lotus Connections 2.5
Migrate from a production installation of Lotus Connections 2.0.1 to release 2.5.
Before you begin
Choose a migration strategy that suits your needs. For more information, see the
Migration strategies topic.
Ensure that your environment meets the hardware and software requirements for
Lotus Connections 2.5. For more information, see the Lotus Connections 2.5 system
requirements topic.
272
IBM Lotus Lotus Connections 2.5 Installation Guide
About this task
There are several procedures required to migrate your Lotus Connections
deployment. Your migration strategy determines which procedures you need to
follow. Whatever strategy you decide to follow, you need to complete the steps
described in this task.
To migrate your Lotus Connections release 2.0.1 deployment to release 2.5,
complete the following steps:
Procedure
1. Prepare to stop Lotus Connections 2.0.1. For more information, see the
Preparing Lotus Connections for maintenance topic.
2. Back up your current deployment. For more information, see the Backing up
Lotus Connections topic.
3. Update your databases to release 2.5. For more information, see the Updating
databases topic.
4. Migrate Lotus Connections 2.0.1 to release 2.5. For more information, see the
Migrating a stand-alone deployment topic or the Migrating a network deployment
topic, depending on your deployment type.
5. Perform any applicable post-migration tasks. For more information, see the
Post-migration tasks topic.
Related tasks
“Migrating Lotus Connections” on page 274
Migrate Lotus Connections from release 2.0.1 to release 2.5.
Related reference
“Lotus Connections detailed system requirements” on page 13
Use the updateLC command to run the update wizard in silent mode.
Migration strategies
There are different strategies for migrating to Lotus Connections 2.5 and you need
to choose one that suits your topology, resources, and schedules.
Migration strategies
The migration strategy that you choose depends on the size of your deployment,
the downtime that you can tolerate, and your hardware environment.
The following two strategies are the most common choices:
Minimum down-time
1. Install the supporting software (including WebSphere Application Server
6.1.0.23) on new hardware
2. Stop Lotus Connections 2.0.1
3. Complete the following steps simultaneously:
v Update your databases to release 2.5, using the in-place procedure
v Install Lotus Connections 2.5 and migrate Lotus Connections 2.0.1
configuration settings and content stores to release 2.5
4. Update the URLs to point to the new deployment.
Hardware efficiency
Chapter 3. Updating and migrating
273
1.
2.
3.
4.
5.
Stop Lotus Connections 2.0.1
Back up Lotus Connections 2.0.1
Export Lotus Connections 2.0.1 data and configurations
Uninstall Lotus Connections 2.0.1
Update your databases to release 2.5
6. Update WebSphere Application Server to 6.1.0.23
7. Install Lotus Connections 2.5, using the same configuration as your release 2.0.1
deployment
8. Import Lotus Connections 2.0.1 data and configurations to Lotus Connections
2.5.
For more detailed information, see the Migrating a stand-alone deployment and
Migrating a network deployment topics.
Migration path
Choose a migration path that is applicable to the version of Lotus Connections in
your current deployment. If your current release is 2.0.1, update it to release 2.5. If
you are using an earlier release than 2.0.1, update it to the succeeding release
before finally updating to release 2.5. For example:
v if your current release is 2.0, update it to release 2.0.1 and then to release 2.5. For
more information about updating release 2.0 to 2.0.1, see the release 2.0.1
Information center.
v if your current release is 1.0.2, update it to release 2.0, then to release 2.0.1, and
finally to release 2.5. For more information, see the release 2.0 and 2.0.1
Information center.
Related tasks
“Migrating a stand-alone deployment”
Migrate your Lotus Connections 2.0.1 stand-alone deployment to release 2.5.
“Migrating a network deployment” on page 289
Migrate your Lotus Connections 2.0.1 network deployment to release 2.5.
Related reference
“Lotus Connections detailed system requirements” on page 13
Use the updateLC command to run the update wizard in silent mode.
Migrating Lotus Connections
Migrate Lotus Connections from release 2.0.1 to release 2.5.
About this task
Depending on the type of deployment you have, perform one of the following
tasks:
Related tasks
“Migrating to Lotus Connections 2.5” on page 272
Migrate from a production installation of Lotus Connections 2.0.1 to release 2.5.
Migrating a stand-alone deployment
Migrate your Lotus Connections 2.0.1 stand-alone deployment to release 2.5.
274
IBM Lotus Lotus Connections 2.5 Installation Guide
Before you begin
1. Back up your Lotus Connections 2.0.1 deployment. For more information, see
the Backing up Lotus Connections topic.
2. Update your Lotus Connections 2.0.1 databases to release 2.5. The method you
choose to update databases depends on your migration strategy. For more
information, see the Updating databases topic. That topic also instructs you to
install databases for new features such as Files and Wikis.
3. Advise users about any possible outages. For more information, see the
Preparing Lotus Connections for maintenance topic.
Notes:
v You must migrate to Lotus Connections release 2.5 from release 2.0.1. If you
have an earlier release than 2.0.1, you must migrate that release to 2.0.1 before
migrating to release 2.5. For more information, see the Migration strategies topic.
v If your 2.0.1 stand-alone deployment installed features on different WebSphere
Application Server profiles, the 2.5 migration tool will automatically migrate the
features correctly to your new 2.5 stand-alone or network deployment.
About this task
To migrate your Lotus Connections 2.0.1 stand-alone deployment to release 2.5,
complete the following tasks:
Chapter 3. Updating and migrating
275
Related concepts
“Migration strategies” on page 273
You can migrate from a production installation of Lotus Connections 2.0.1, from
the pilot installation of Lotus Connections 2.5, or from one type of data source to
another.
“Updating databases” on page 308
Update Lotus Connections 2.0.1 databases within an existing database
environment.
“Installing Lotus Connections” on page 94
Select the Lotus Connections features that you plan to use and install them in a
stand-alone or clustered deployment.
Related tasks
“Preparing Lotus Connections for maintenance” on page 269
Before you bring down Lotus Connections to apply updates, you must let your
users know about the planned outage.
“Backing up Lotus Connections” on page 271
Before applying updates, back up your databases and Lotus Connections
environment.
“Post-migration tasks” on page 339
After migration, you need to perform further tasks to ensure that your new
deployment is complete.
“Uninstalling Lotus Connections” on page 193
There are some additional steps you must take to uninstall a network deployment
of Lotus Connections.
Related reference
“Lotus Connections detailed system requirements” on page 13
Use the updateLC command to run the update wizard in silent mode.
Exporting data from a stand-alone deployment:
As part of the migration process, export data from your old deployment.
About this task
To export data from your old Lotus Connections deployment, complete the
following steps:
Procedure
1. Copy the migration directory from the Lotus Connections 2.5 installation media
to the Lotus Connections 2.0.1 installation directory: lotus_connections_root.
Ensure that you copy the migration directory to the same directory level as the
ConfigEngine directory.
2. Export your 2.0.1 data. Open a command prompt, change to the migration
directory and run the following command:
Note: The migration process can take a long time to complete, depending on
the number and size of files in your content store directories. If the directories
contain more than 1 GB of data, you should use the -DhandleData=false
parameter to bypass the export. You then need to re-use the 2.0.1 content store
directories for Lotus Connections 2.5; when you install 2.5 and you are
prompted to select content store directories, specify the 2.0.1 directories.
v AIX or Linux:
./migration.sh lc-export
276
IBM Lotus Lotus Connections 2.5 Installation Guide
v Windows:
migration.bat lc-export
Notes:
v The lc-export command exports the following data:
– Content in the data directories for each feature
– Configuration files in the LotusConnections-config directory. You can find
this directory in a the following location:
- Stand-alone deployment: profile_root/config/cells/<cell_name>/
LotusConnections-config
- Network deployment: DM_profile_root/config/cells/<DM_cell_name>/
LotusConnections-config
– Properties files in the lotus_connections_root directory
v The migration tool collects data from all the features even when they are in
different WebSphere Application Server profiles. The location of each feature
is recorded in the config engine in the lotus_connections_root directory. After
extracting the 2.0.1 data, the tool uses the same method to determine where
the 2.5 features are located and imports the data accordingly.
v The exported data is stored in the migration directory. Check the log file to
validate the export. The log is stored in the system user's home directory,
and uses the following naming format:
lc-migration-yyyyMMdd_HHmm_ss.log
For example:
– AIX or Linux:
/root/lc-migration-20090925_1534_26.log
– Windows:
C:\Documents and Settings\Administrator\lc-migration20090925_1534_26.log
3. Back up the migration directory to a location outside your 2.0.1 deployment.
4. Uninstall Lotus Connections 2.0.1. For more information, see the Uninstalling
Lotus Connections topic.
Notes:
v The release 2.5 installation wizard does not automatically uninstall release
2.0.1.
v You can keep your 2.0.1 deployment if you are installing release 2.5 on a
separate system.
What to do next
Continue with the next task in the migration process.
Uninstalling Lotus Connections for migration:
Uninstall a stand-alone deployment of Lotus Connections from your system.
About this task
The uninstall wizard can uninstall the entire Lotus Connections product or selected
Lotus Connections features.
Chapter 3. Updating and migrating
277
To uninstall Lotus Connections features, complete the following steps:
Procedure
1. Stop WebSphere Application Server.
2. Run the uninstaller:
v AIX or Linux:
a. Open a command prompt and change to the lotus_connections_root/
uninstall directory.
b. Enter the following commands:
./uninstall.sh
Note: If the script does not run, you might need to enable its Executable
attribute by running the chmod command first. The Executable attribute
of a script can become disabled after the script is copied from a read-only
medium such as DVD.
v Microsoft Windows:
a. Open a command prompt and change to the lotus_connections_root\
uninstall directory.
b. Enter the following command:
uninstall.bat
Note: Alternatively, double-click the uninstall file in the uninstall directory.
3. Select a language to use for the installation procedure and click Next.
4. On the Welcome page of the Uninstall Wizard, click Next.
5. Select the Stand-alone deployment option and click Next.
6. Select the features that you want to uninstall and click Next.
Note: Do not uninstall the News or Search feature unless you are removing the
entire product or reinstalling the News or Search feature.
7. Review the summary panel to verify that the features you want to remove are
present. If you want to make any changes, click Back to edit the values that
you input. Click Next to begin the uninstallation process.
8. When the selected features have been uninstalled, click Finish to close the
Uninstall wizard.
What to do next
Clean your systems by removing files that remain after uninstalling. For more
information, see the Uninstalling: Remove files topic.
To remove all Lotus Connections application files, delete the lotus_connections_root
directory.
Note:
v Do not delete the Lotus Connections installation directory if you plan to reinstall
Lotus Connections. For more information, see the Uninstalling: Remove files topic.
v Before you begin, make a back-up copy of the lastSessionDefaults.properties
file (located in the lotus_connections_root directory). This preferences file will be
useful if you want to reinstall Lotus Connections later.
Update WebSphere Application Server:
278
IBM Lotus Lotus Connections 2.5 Installation Guide
Update WebSphere Application Server as part of the migration process.
About this task
To update WebSphere Application Server, complete the following steps:
Procedure
1. Go to the Fix Central Web site to download the required fix packs and update
installer.
2. Download and install all of the applicable downloads from Fix Central,
including the fix packs for WebSphere Application Server, Plug-ins, IBM HTTP
Server, and Java SDK.
Note: The Java SDK must be applied to the WebSphere Application Server,
Plug-ins, and IBM HTTP Server components. For more information, see the
Lotus Connections system requirements topic.
Installing a stand-alone deployment for migration:
Install a stand-alone deployment of Lotus Connections on WebSphere Application
Server.
Before you begin
Before running the installation wizard, ensure that you have installed all the
prerequisite software and completed the preinstallation tasks. Ensure also that the
system or systems where you are installing the features meet the system
requirements.
Check the online release notes for late-breaking issues.
Notes:
v The Lotus Connections installation wizard supports the creation of new server
instances.
v You can use the SQL Server JDBC driver in both the app_server_root/lib
directory and the driver downloaded from Microsoft The wizard checks the
connection for the Microsoft JDBC driver only. If you are using the bundled
driver, you need to manually test the connection after installation.
v (AIX only). If you are downloading the wizard, the TAR program available by
default with AIX does not handle path lengths longer than 100 characters. To
overcome this restriction, use the GNU file archiving program instead. This
program is an open source package that IBM distributes through the AIX
Toolbox for Linux Applications at the IBM AIX Toolbox Web site. Download and
install the GNU-compatible TAR package. You do not need to install the RPM
Package Manager because it is provided with AIX.
After you have installed the GNU-compatible TAR program, change to the
directory where you downloaded the Lotus Connections TAR file, and enter the
following command to extract the files from it:
gtar -xvf <Lotus_Connections_wizard>_aix.tar
This command creates a directory named after the wizard.
Chapter 3. Updating and migrating
279
About this task
A stand-alone deployment uses a single WebSphere Application Server profile and
single server instance where you can install a set of Lotus Connections features.
You can choose the Advanced stand-alone deployment option to install the features
on multiple server instances.
To install Lotus Connections in a stand-alone deployment, complete the following
steps:
Procedure
1. Stop all WebSphere Application Server processes on the system where you
plan to install Lotus Connections.
2. From the Lotus_Connections set-up directory or installation media, run the
following script to launch the installation wizard:
v AIX or Linux:
./install.sh
Note: If the script does not run, you might need to enable its Executable
attribute by running the chmod command first. The Executable attribute of
a script can become disabled after the script is copied from a read-only
medium such as DVD.
v Microsoft Windows:
install.bat
3. Select an installation language and click OK. The wizard skips this step when
it detects the default language on your system.
4. On the Welcome page, click Launch Information Center to open the Lotus
Connections Information Center in a browser window. Click Next to continue.
5. Review and accept the license agreement by clicking the I accept both the
IBM and non-IBM terms. Click Next.
6. On the Response file page, select one of the options to save a response file if
you want to run the wizard in silent mode for future installations.
Option
Description
Install Lotus Connections only.
Install the product without saving a
response file.
Create response file only
Create a response file that you can use in a
silent installation on another system. This
option does not install any software on your
system. You can select this option to modify
an existing response file.
Note: Use the installation wizard to modify
response files that you have already created.
Manual modifications to a response file
might cause a silent installation to fail.
Install Lotus Connections and create a
response file.
Install the product and save a response file.
Enter a location for the response file or accept the default location. Click Next.
7. On the Deployment options page, select one of the following options and click
Next.
280
IBM Lotus Lotus Connections 2.5 Installation Guide
Option
Description
Stand-alone deployment
All features are deployed on one server
instance within a single WebSphere
Application Server profile. Select this option
to support a workgroup or small
organization.
Advanced stand-alone deployment
All features are deployed on two or more
server instances within a single WebSphere
Application Server profile. Select this option
to support a medium-size organization.
8. Select the directory where you want to install Lotus Connections: you can
accept the default directory, enter a new directory name, or click Browse to
select an existing directory.
9. Select the features that you want to install and click Next. The wizard checks
for any conflicts between the WebSphere Application Server profile and
installation directories. Select from the following options:
Option
Description
Activities
Collaborate with colleagues
Blogs
Write personal perspectives for colleagues
Communities
Discussion forums
Dogear
Bookmark important Web sites
Note: In Lotus Connections 2.5, the Dogear feature in the
user interface is renamed as Bookmarks.
Files
Share files among users
Profiles
Find people in the organization
Wikis
Create content for your Web site
10. Select the extended features that you want to install and click Next. You can
select from the following options:
Option
Description
Home page
Access features and widgets from a central point
Mobile
Access Lotus Connections from mobile devices
Search
Search data across all Lotus Connections features
News repository
Stay informed about updates
Note: The Home page and Mobile features rely on the features that you
selected in the previous step. The Search and News features provide services
to the features that you selected in the previous step.
11. Select the WebSphere Application Server installation that will host Lotus
Connections and click Next. For example:
v AIX:
/usr/IBM/WebSphere/AppServer
v Linux:
/opt/IBM/WebSphere/AppServer
v Windows:
C:\Program Files\IBM\WebSphere\AppServer
Chapter 3. Updating and migrating
281
After you identify the location of the WebSphere Application Server instance,
the installer checks to make sure that security is enabled on that server.
Note: If the location of the server that you want to use is not displayed, click
Cancel to exit the installation wizard and complete the following steps:
a. Open a command prompt on the system where you installed WebSphere
Application Server.
b. Change to the Lotus_Connections_Install directory on the same system
and enter the following command:
v AIX or Linux:
./install.sh -W inputWasLocation.propertyValue=true
v Windows:
install -W inputWasLocation.propertyValue=true
Note: Use Progra~1 to represent the Program Files directory name; the
installation command does not recognize file path parameters that
contain spaces.
c. Re-start the installation wizard. You are directed to a page where you can
manually specify the location of the WebSphere Application Server. Enter
the location, based on the following format, and click Next:
v AIX:
/usr/IBM/WebSphere/AppServer
v Linux:
/opt/IBM/WebSphere/AppServer
v Windows:
C:\Progra~1\IBM\WebSphere\AppServer
12. Enter values for the WebSphere Application Server profile and server instance:
a. Select a WebSphere Application Server profile.
b. Select an existing server instance from the Server instance list or create a
server instance by selecting Create new server (a new page appears where
you can enter the name of the new server instance).
c. Click Next.
13. Enter the User ID and Password of the default administrative user for Lotus
Connections. You must have already created this user ID in your LDAP
directory or in WebSphere Identity Manager. The ID is mapped to an
authentication alias called connectionsAdmin. The installed features use this
authentication alias for internal administrative roles, including the
search-admin, dsx-admin, and widget-admin roles.
Notes:
v If you plan to use a third-party Single Sign-On solution such as Tivoli
Access Manager or SiteMinder, this user ID must exist in your LDAP
directory.
v If you want to change the connectionsAdmin alias to use a different user
ID, follow the relevant procedures in the Managing stored credentials topic.
You also need to update the SIBus references to the user ID. For more
information, see the Updating the messaging bus configuration when the
connectionsAdmin user ID changes topic.
14. Enter the host name of the WebSphere Application Server installation and
click Next. The wizard retrieves HTTP port values for WebSphere Application
Server.
282
IBM Lotus Lotus Connections 2.5 Installation Guide
Note: Use the fully-qualified DNS name or short DNS name for the host
server. Do not use the IP address of the host.
15. Select a database type from one of the following options:
v DB2 Universal Database
v Oracle Enterprise Edition
v SQL Server 2005 Enterprise Edition
16. Specify whether the databases for the features are located on the same server:
Select Yes or No and then click Next. The sub-steps that follow provide
detailed information about each of these options.
Note: The installation wizard tests your database connection with the
database values that you supplied. You can change the database configuration
later in the WebSphere Application Server Integrated Solutions Console.
Option
Description
Yes, the database same
server.
Enter the following database information:
1. Enter the fully-qualified domain name of the database
server. For example:
appserver.enterprise.example.com.
2. Enter the port number of the database service. The
default values are: 50000 for DB2, 1521 for Oracle, and
1433 for SQL Server.
3. Enter the location of the JDBC driver library. For
example:
v AIX:
/usr/ibm/WebSphere/AppServer/lib
v Linux:
/opt/ibm/WebSphere /AppServer/lib
v Windows:
C:\IBM\WebSphere\Appserver\lib
Ensure that the following JDBC driver libraries are
present in the JDBC directory:
DB2
db2jcc.jar and db2jcc_license_cu.jar
Oracle
ojdbc14.jar
SQL Server
Download the SQL Server 2005 JDBC 1.2 driver
from the Microsoft Web site to the WebSphere
Application Server lib directory and enter that
directory name in the JDBC driver library
field.
Note: The wizard can use this JDBC driver to
test your database connection. You can leave
the field unchanged and skip this page. After
you complete this installation, Lotus
Connections uses the Websphere Application
Server internal SQL Server JDBC driver.
4. Click Next.
5. For each Lotus Connections feature, enter the
Application user password. You specified this
password when you created a database for each feature.
Chapter 3. Updating and migrating
283
Option
Description
No, different database
servers
Enter the following database information:
1. Type the path to the JDBC driver library.
2. For each feature, enter the following information:
a. Type the Host name of the database server. For
example: appserver.enterprise.example.com.
b. Type the Port number of the database server. The
default values are: 50000 for DB2, 1521 for Oracle,
and 1433 for SQL Server.
c. Type the database name.
d. Type the Application user ID of the account to use
to connect to the database.
e. Type the Application user password. You specified
this password when you created a database for each
feature.
Note: If your database type is Oracle, you must connect to the database with
the user ID that you used when you created the feature databases.
17. Set up data directories for the features, using either one of the following
methods:
v Specify a data directory for Lotus Connections. The wizard creates a parent
directory with sub-directories for each feature.
v Specify a data directory for each feature.
18. Optional: This step is required only if you selected the option to specify a data
directory for each feature. For each feature that you are installing, enter the
required directory information.
Table 56. Data directories for features
Feature
Directory (samples only)
Description
Activities
statistics files
v AIX or Linux:
Statistics files that store
statistics generated by
Activities. The file format is
CSV
– /usr/IBM/LotusConnections/Data/
activities/statistic
v Windows:
– C:\Program Files\
LotusConnections\Data\
activities\statistic
Activities
content files
v AIX or Linux:
– /usr/IBM/LotusConnections/Data/
activities/content
v Windows:
– C:\Program Files\
LotusConnections\Data\
activities\content
Blogs upload
files
v AIX or Linux:
– /usr/IBM/LotusConnections/Data/
blogs/upload
v Windows:
– C:\Program Files\
LotusConnections\Data\blogs\
upload
284
IBM Lotus Lotus Connections 2.5 Installation Guide
Content directory to store files
uploaded to Activities by
users. This directory is
additional storage space
outside the database and
stores files such as images.
File upload directory for
adding files such as images to
Blogs.
Ensure that the directory has
enough disk space because
these files can become very
large.
Table 56. Data directories for features (continued)
Feature
Directory (samples only)
Description
Communities
statistics files
(See Note)
Statistics files for Communities
Note: The Communities
statistics directories are not
used in release 2.5. Accept the
default location provided by
the installation wizard and
click Next.
Communities
discussion
forum content
v AIX or Linux:
Content store for the
discussion forums, storing
additional content such as
images and presentations
– /usr/IBM/LotusConnections/Data/
communties/content
v Windows:
– C:\Program Files\
LotusConnections\Data\communties\
content
Dogear favicon v AIX or Linux:
files
– /usr/IBM/LotusConnections/Data/
dogear/favorite
v Windows:
Favicon files directory, used
for the favicons (favorite icons)
that are generated by Dogear
users
– C:\Program Files\
LotusConnections\Data\dogear\
favorite
Files
Files content
v AIX or Linux:
– /usr/IBM/LotusConnections/Data/
files/contentstore
v Windows:
– C:\Program Files\
LotusConnections\Data\files\
contentstore
Profiles
statistics files
v AIX or Linux:
– /usr/IBM/LotusConnections/Data/
profiles/statistic
Statistics files, used for storing
statistics generated by Profiles.
The file format is CSV
v Windows:
– C:\Program Files\
LotusConnections\Data\profiles\
statistic
Profiles cache
Cached files
v AIX or Linux:
– /usr/IBM/LotusConnections/Data/
profiles/cache
v Windows:
– C:\Program Files\
LotusConnections\Data\profiles\
cache
Chapter 3. Updating and migrating
285
Table 56. Data directories for features (continued)
Feature
Directory (samples only)
Description
Search
dictionary
v AIX or Linux:
Search dictionary files
– /usr/IBM/LotusConnections/Data/
search/dictionary
v Windows:
– C:\Program Files\
LotusConnections\Data\search\
dictionary
Search index
Search index files
v AIX or Linux:
– /usr/IBM/LotusConnections/Data/
search/index
v Windows:
– C:\Program Files\
LotusConnections\Data\search\
index
Wikis
Wikis content
v AIX or Linux:
– /usr/IBM/LotusConnections/Data/
wikis/contentstore
v Windows:
– C:\Program Files\
LotusConnections\Data\wikis\
contentstore
19. Decide whether you want to enable e-mail notification. If you click No, the
installer skips the next step, and you can configure notification later.
20. Optional: If you decided to enable e-mail notification, you can select one of
the following notification options:
Option
Description
WebSphere Java mail session
Use a single mail server for all notifications.
Choose this option if you can access an
SMTP server directly using the host name.
DNS MX records
Use a Domain Name System (DNS) server to
find an available SMTP messaging server.
Choose this option if you need to use a DNS
server to access the SMTP server.
Note: The choice you make in this step determines which of the following
two steps you need to complete.
21. Optional: If you selected the Java notification option, specify the properties of
the SMTP server and then click Next:
Fill out the following fields to identify the mail server to use for sending
e-mail:
v Host name of the SMTP messaging server. Type the host name or IP
address of the preferred SMTP mail server if you have a specific SMTP
messaging server.
v Fill out the following fields, if required, to identify the mail server to use
for sending e-mail:
286
IBM Lotus Lotus Connections 2.5 Installation Guide
– User ID and Password – Enter these values if the SMTP server requires
authentication.
– Enable SSL – Enable SSL if you want to encrypt outgoing mail to the
SMTP server."
– Port – Accept the default port of 25, or enter port 465 if you are using
SSL.
22. Optional: If you selected DNS MX records as the notification solution, enter
the following information and then click Next:
v Messaging domain name. Type the name or IP address of a messaging
domain.
v DNS server for the messaging servers. Type the host name or IP address of
the DNS server.
v DNS port that is used for sending queries over the messaging server.
v User ID. If SMTP authentication is required, type the administrator user ID
for the SMTP server.
v Password. If SMTP authentication is required, type the password for the
administrator user of the SMTP server.
v Encrypt outgoing mail traffic to the SMTP messaging server using SSL.
Select the check box if you want to use the Secure Sockets Layer (SSL)
when connecting to the SMTP server.
v Port. Specify the port number to use for the SMTP server connection. The
default port number for the SMTP protocol is 25. The default port number
for SMTP over SSL is 465.
23. (Only required if you installed the Profiles feature.) Select a directory to use
when searching for users. You can choose the Profiles database or your LDAP
directory.
Note:
v If you select the Profiles database, the features retrieve user data from the
Profile database. Ensure that you have followed the steps in the Populating
the Profiles database topic. By selecting this option, you are also enabling the
Profiles directory service extension. This service extension allows other
Lotus Connections features to access Profiles data. For more information,
see the Common directory services topic.
v If you select LDAP, all the features except Profiles retrieve user data from
the LDAP directory through the WebSphere Application Server Virtual
Member Manager. The Profiles feature uses its own database.
24. Review the information that you have entered. To revise your selections, click
Back. To finalize the installation, click Next.
25. Review the result of the installation. Click Finish to exit the installation
wizard
Results
The installation wizard has installed Lotus Connections in a stand-alone
deployment.
The lcinstalllog.txt log file is stored in a temporary directory and is overwritten by
subsequent installations. If you plan to install additional features on the same
system and want to be able to refer to the log file generated by the installer,
change the file name or copy the lcinstalllog.txt file from the following directory:
v AIX or Linux:
Chapter 3. Updating and migrating
287
/tmp/lcinstalllog.txt
v Windows:
C:\Documents and Settings\<user_name>\ Local Settings\temp\1\
lcinstalllog.txt
into this directory:
Note: These examples assume that you installed Lotus Connections in the default
directories. If you selected different installation directories, change the file paths
accordingly.
v AIX:
/usr/IBM/WebSphere/LotusConnections/lcinstalllog.txt
v Linux:
/opt/IBM/WebSphere/LotusConnections/lcinstalllog.txt
v Windows:
C:\Program Files\IBM\WebSphere\LotusConnections\lcinstalllog.txt
What to do next
Open a Web browser and navigate to the URL of each feature to ensure that the
installation was successful. Complete this test before performing any
customizations or any post-installation tasks.
If you selected the Advanced stand-alone option to install Lotus Connections on
multiple server instances, you need to manually link the buses that forward
messages between the News repository and other features. For more information,
see the Linking buses manually for non-federated servers topic.
Importing data to a stand-alone deployment:
As part of the migration process, import data into your new deployment.
About this task
To import data into your new Lotus Connections deployment, complete the
following steps:
Procedure
1. Rename the lotus_connections_root. /migration directory in your 2.5 deployment
and then copy the migration directory that you backed up from your 2.0.1
deployment to the lotus_connections_root. directory in your 2.5 deployment.
2. Import your 2.0.1 data. Open a command prompt, change to the migration
directory in Lotus Connections 2.5, and run the following command:
Note: If you used the -DhandleData=false parameter during the data export,
use that parameter when you run the import command.
v AIX or Linux:
./migration.sh lc-import
v Windows:
migration.bat lc-import
Notes:
288
IBM Lotus Lotus Connections 2.5 Installation Guide
v Check the log file to validate the import. The log file is stored in the system
user's home directory, and uses the following naming format:
lc-migration-yyyyMMdd_HHmm_ss.log
For example:
– AIX or Linux:
/root/lc-migration-20090925_1534_26.log
– Windows:
C:\Documents and Settings\Administrator\lc-migration20090925_1534_26.log
v The imported data is stored in the lotus_connections_root/Data directory.
What to do next
Compete the steps in the Post-migration tasks topic.
If the migration failed, restore your Lotus Connections 2.0.1 environment. For more
information, see the Rolling back a migration or update topic.
Migrating a network deployment
Migrate your Lotus Connections 2.0.1 network deployment to release 2.5.
Before you begin
1. Back up your Lotus Connections 2.0.1 deployment. For more information, see
the Backing up Lotus Connections topic.
2. Update your Lotus Connections 2.0.1 databases to release 2.5. The method you
choose to update databases depends on your migration strategy. For more
information, see the Updating databases topic. That topic also instructs you to
install databases for new features such as Files and Wikis.
3. Advise users about any possible outages. For more information, see the
Preparing Lotus Connections for maintenance topic.
Note:
You must migrate to Lotus Connections release 2.5 from release 2.0.1. If you have
an earlier release than 2.0.1, you must migrate that release to 2.0.1 before migrating
to release 2.5. For more information, see the Migration strategies topic.
About this task
To migrate your Lotus Connections 2.0.1 network deployment to release 2.5,
complete the following tasks:
Chapter 3. Updating and migrating
289
Related concepts
“Migration strategies” on page 273
You can migrate from a production installation of Lotus Connections 2.0.1, from
the pilot installation of Lotus Connections 2.5, or from one type of data source to
another.
“Updating databases” on page 308
Update Lotus Connections 2.0.1 databases within an existing database
environment.
“Installing Lotus Connections” on page 94
Select the Lotus Connections features that you plan to use and install them in a
stand-alone or clustered deployment.
Related tasks
“Preparing Lotus Connections for maintenance” on page 269
Before you bring down Lotus Connections to apply updates, you must let your
users know about the planned outage.
“Backing up Lotus Connections” on page 271
Before applying updates, back up your databases and Lotus Connections
environment.
“Post-migration tasks” on page 339
After migration, you need to perform further tasks to ensure that your new
deployment is complete.
“Uninstalling Lotus Connections” on page 193
There are some additional steps you must take to uninstall a network deployment
of Lotus Connections.
Related reference
“Lotus Connections detailed system requirements” on page 13
Use the updateLC command to run the update wizard in silent mode.
Exporting data from a network deployment:
As part of the migration process, export data from your old deployment.
About this task
To export data from your old Lotus Connections deployment, complete the
following steps:
Procedure
1. Perform a full synchronization of all the nodes in the cluster where Lotus
Connections 2.0.1 is deployed.
2. Copy the migration directory from the Lotus Connections 2.5 installation media
to the Lotus Connections 2.0.1 installation directory on any node in the cluster.
Ensure that you copy the migration directory to the same directory level as the
ConfigEngine directory.
3. Open a command prompt, change to the migration directory and run the
following command:
Note: The migration process can take a long time to complete, depending on
the number and size of files in your content store directories. If the directories
contain more than 1 GB of data, you should use the -DhandleData=false
parameter to bypass the export. You then need to re-use the 2.0.1 content store
directories for Lotus Connections 2.5; when you install 2.5 and you are
prompted to select content store directories, specify the 2.0.1 directories.
290
IBM Lotus Lotus Connections 2.5 Installation Guide
v AIX or Linux:
./migration.sh lc-export
-DDMUserid=<dm_admin>
-DDMPassword=<dm_password>
v Windows:
./migration.bat lc-export
-DDMUserid=<dm_admin>
-DDMPassword=<dm_password>
where <dm_admin> is the administrative user ID for the WebSphere Application
Server Deployment Manager and <dm_password> is that user's password.
Notes:
v The lc-export command exports the following data:
– Content in the data directories for each feature
– Configuration files in the LotusConnections-config directory. You can find
this directory in a the following location:
- Stand-alone deployment: profile_root/config/cells/<cell_name>/
LotusConnections-config
- Network deployment: DM_profile_root/config/cells/<DM_cell_name>/
LotusConnections-config
– Properties files in the lotus_connections_root directory
v The migration tool collects data from all the features even when they are in
different WebSphere Application Server profiles. The location of each feature
is recorded in the config engine in the lotus_connections_root directory. After
extracting the 2.0.1 data, the tool uses the same method to determine where
the 2.5 features are located and imports the data accordingly.
v The exported data is stored in the migration directory. Check the log file to
validate the export. The log is stored in the system user's home directory,
and uses the following naming format:
lc-migration-yyyyMMdd_HHmm_ss.log
For example:
– AIX or Linux:
/root/lc-migration-20090925_1534_26.log
– Windows:
C:\Documents and Settings\Administrator\lc-migration20090925_1534_26.log
4. Back up the migration directory to a location outside your 2.0.1 deployment.
5. Uninstall Lotus Connections 2.0.1. For more information, see the Uninstalling
Lotus Connections topic.
Notes:
v The release 2.5 installation wizard does not automatically uninstall release
2.0.1.
v You can keep your 2.0.1 deployment if you are installing release 2.5 on a
separate system.
Chapter 3. Updating and migrating
291
What to do next
Continue with the next task in the migration process.
Uninstalling Lotus Connections before migration:
Uninstall a network deployment of Lotus Connections or remove selected features.
Before you begin
Identify the first node in the cluster where you installed Lotus Connections, so that
you can uninstall the product in the correct sequence. You can identify the first
node by checking for the presence of the lotus_connections_root directory.
Subsequent nodes also have the lotus_connections_root, but only the first node has a
version directory.
About this task
Uninstall Lotus Connections by first removing the subsequent nodes from the
cluster and then uninstalling the product from the first node of the cluster.
Note: You can always identify the first node because its lotus_connections_root
directory contains a version directory. Subsequent nodes do not have a version
directory under the lotus_connections_root directory.
To uninstall a Lotus Connections cluster, complete the following steps:
Procedure
1. Stop all the clusters that you configured by completing the following steps:
a. Log in to the WebSphere Application Server Integrated Solutions Console of
the Deployment Manager by going to the following Web address in a
browser:
http://<dm_host_name>:9060/ibm/console
where <dm_host_name> is the host name of the Deployment Manager.
b. Select Servers → Clusters.
c. Select the check box beside the cluster that is hosting the Lotus Connections
features and then click Stop.
2. Delete the subsequent members of each cluster:
a. In the WebSphere Application Server Integrated Solutions Console, select
Servers → Clusters → <cluster_name> → Cluster members, where
<cluster_name> is the name of a cluster that you created. For example:
activitiesCluster.
b. Select the check boxes beside the subsequent members of each cluster and
click Delete. Do not delete the first node.
c. Click Save.
3. Remove the subsequent nodes from each cluster:
a. Log into a subsequent node that you want to remove from the cluster.
b. Open a command prompt and change to the profile_root/bin directory.
c. Run the removeNode script to remove this node:
v AIX or Linux:
removenode.sh
[-username uid] [-password pwd]
292
IBM Lotus Lotus Connections 2.5 Installation Guide
v Windows:
removenode.bat
[-username uid] [-password pwd]
where uid and pwd are the Deployment Manager (DM) administrator
username and password.
d. Repeat sub-steps a-c to remove other subsequent nodes.
4. Uninstall Lotus Connections from the first node of each cluster:
a. Log into a first node as the system administrator.
b. Open a command prompt and change to the lotus_connections_root/
uninstall directory.
c. Run the uninstallation wizard:
v AIX or Linux:
./uninstall.sh
v Windows:
uninstall.bat
d. Select a language to use for the installation procedure and click Next.
e. On the Welcome page of the Uninstallation Wizard, click Next.
f. Select the Network deployment option and click Next.
g. Enter the properties of the WebSphere Application Server Deployment
Manager and click Next.
Host name
Name or IP address of the host DM server
SOAP port
SOAP port number of the DM server
Administrative ID
Administrative ID of the DM
Password
Password for the Administrative ID of the DM
h. Select the features that you want to uninstall and click Next.
Note: Do not uninstall the News or Search feature unless you are removing
the entire product or reinstalling the News or Search feature.
i. Review the summary panel to verify that the features you want to remove
are present. If you want to make any changes, click Back to edit the values
that you input. Click Next to begin the uninstallation process.
j. When the selected features have been uninstalled, click Finish to close the
uninstallation wizard.
k. To remove all Lotus Connections application files, delete the
lotus_connections_root directory.
Note:
v Do not delete the lotus_connections_root directory if you plan to reinstall
Lotus Connections. For more information, see the Uninstalling: Remove files
topic.
v Before you begin, make a back-up copy of the
lastSessionDefaults.properties file (located in the lotus_connections_root
directory). This preferences file will be useful if you want to reinstall
Lotus Connections later.
Chapter 3. Updating and migrating
293
l. Repeat sub-steps a-k for the first node of each cluster.
What to do next
Clean your systems by removing files that remain after uninstalling. For more
information, see the Uninstalling: Remove files topic.
Updating WebSphere Application Server for Network Deployment:
Update WebSphere Application Server as part of the migration process.
About this task
To update WebSphere Application Server, complete the following steps:
Procedure
1. Go to the Fix Central Web site to download the required fix packs and update
installer.
2. Download and install all of the applicable downloads from Fix Central,
including the fix packs for WebSphere Application Server, Plug-ins, IBM HTTP
Server, and Java SDK.
Note: The Java SDK must be applied to the WebSphere Application Server,
Plug-ins, and IBM HTTP Server components. For more information, see the
Lotus Connections system requirements topic.
Installing the first node of a cluster for migration:
Install the first node of a network deployment of Lotus Connections.
Before you begin
Ensure that you have installed WebSphere Application Server Network
Deployment (Application Server option). The Deployment Manager can exist on
the same system as the first node or on a separate system.
Note: If the Deployment Manager and first node are on the same system, use the
Profiles Management Tool to create an Application Server on the first node. After
creating the Application Server, enable Administrative and Application Security for
that profile.
Before running the installation wizard on the first node, ensure that you have
installed WebSphere Application Server Network Deployment (Application Server
option) on this node and enabled Administrative and Application Security. The
installation wizard fails if Administrative Security is not enabled on the node's
Application Server, while logging into Lotus Connections features can fail if
Application Security is not enabled..
Check the Release notes for late-breaking issues.
Notes:
v The Lotus Connections installation wizard supports the creation of new server
instances.
294
IBM Lotus Lotus Connections 2.5 Installation Guide
v The installation wizard automatically detects the name of the node where you
are installing Lotus Connections and updates the corresponding attribute in the
wkplc.properties file.
v (AIX only). If you are downloading the wizard, the TAR program available by
default with AIX does not handle path lengths longer than 100 characters. To
overcome this restriction, use the GNU file archiving program instead. This
program is an open source package that IBM distributes through the AIX
Toolbox for Linux Applications at the IBM AIX Toolbox Web site. Download and
install the GNU-compatible TAR package. You do not need to install the RPM
Package Manager because it is provided with AIX.
After you have installed the GNU-compatible TAR program, change to the
directory where you downloaded the Lotus Connections TAR file, and enter the
following command to extract the files from it:
gtar -xvf <Lotus_Connections_wizard>_aix.tar
This command creates a directory named after the wizard.
v If you experience a SOAP time-out error during installation, go to this
SocketTimeoutException support page and follow the instructions to resolve the
potential causes of the error. Alternatively, you can disable the time out by
setting the value of the com.ibm.SOAP.requestTimeout parameter in
WebSpheApplicationion Server to 0.
v You can use the native SQL Server JDBC driver in either the app_server_root/lib
directory or the driver from Microsoft. The wizard checks the connection for the
Microsoft JDBC driver only. If you are using the native driver, you need to
manually test the connection after installation. For more information, see the
Testing a database connection topic.
About this task
A network deployment supports load balancing and failover, and is synchronized
by a WebSphere Application Server Deployment Manager.
Run the installation wizard on the system that you plan to use as the first node in
the cluster.
To install Lotus Connections on the first node of a cluster in a network
deployment, complete the following steps:
Procedure
1. Start WebSphere Application Server Network Deployment manager.
2. If the WebSphere Application Server instance on which you plan to install
Lotus Connections is running, stop it.
3. Required: Ensure that the system clocks on the Deployment Manager system
and each clustered node are set to within one minute of each other. If the
system clocks are further than one minute apart, you are likely to experience
synchronization errors.
4. From the Lotus_Connections set-up directory, run the script file to launch the
installation wizard:
v AIX or Linux:
./install.sh
v Windows:
install.bat
Chapter 3. Updating and migrating
295
5. On the Welcome panel, click Launch Information Center to open the Lotus
Connections Information Center in a browser window. Click Next to continue.
6. Review and accept the license agreement by clicking the I accept both the
IBM and non-IBM terms. Click Next.
7. On the Response file panel, select one of the options. Save a response file if
you want to run the wizard in silent mode for future installations. Enter a
location for the response file or accept the default location, and then click
Next.
Option
Description
Install Lotus Connections only
Install the product without saving a
response file.
Create response file only
Create a response file but without installing
the product. Select this option if you need to
modify the current response file for use in
another installation.
Note: Always use the installation wizard to
modify the response file. Manual
modifications might cause a new installation
to fail.
Install Lotus Connections and create a
response file
Install the product and save a response file.
8. On the Deployment options panel, select the Network deployment option and
click Next.
9. Select the type of cluster member that you want to create.
Option
Description
Install the first node
Create the first node of a Lotus Connections
cluster
Convert stand-alone deployment to
network deployment
Convert an existing stand-alone installation
of Lotus Connections to become the first
node of a cluster
10. Select the directory where you want to install Lotus Connections: you can
accept the default directory, enter a new directory name, or click Browse to
select an existing directory.
11. Select the features that you want to install and click Next. Select from the
following options:
296
Option
Description
Activities
Collaborate with colleagues
Blogs
Write personal perspectives about projects
Communities
Discuss projects in the user forums
Dogear
Bookmark important Web sites
Note: In Lotus Connections 2.5, the Dogear feature in the
user interface is renamed as Bookmarks.
Files
Share files among users
Profiles
Find people in the organization
Wikis
Create content for your Web site
IBM Lotus Lotus Connections 2.5 Installation Guide
12. Select the extended features that you want to install and click Next. You can
select from the following options:
Option
Description
Home page
Access all features from a central point
Mobile
Access Lotus Connections from mobile devices
Search
Search Lotus Connections data
News repository
Stay informed about updates
Note: The Home page and Mobile features rely on the features that you
selected in the previous step. The Search and News features provide services
to the features that you selected in the previous step.
13. Select the WebSphere Application Server installation that will host Lotus
Connections and click Next. For example:
v AIX:
/usr/IBM/WebSphere/AppServer
v Linux:
/opt/IBM/WebSphere/AppServer
v Windows:
C:\Program Files\IBM\WebSphere\AppServer
After you identify the location of the WebSphere Application Server instance,
the installer checks to make sure that security is enabled on that server.
Note: If the location of the server that you want to use is not displayed, click
Cancel to exit the installation wizard and complete the following steps:
a. Open a command prompt on the system where you installed WebSphere
Application Server.
b. Change to the Lotus_Connections_Install directory on the same system
and enter the following command:
v AIX or Linux:
./install.sh -W inputWasLocation.propertyValue=true
v Windows:
install -W inputWasLocation.propertyValue=true
Note: Use Progra~1 to represent the Program Files directory name; the
installation command does not recognize file path parameters that
contain spaces.
c. Re-start the installation wizard. You are directed to a page where you can
manually specify the location of the WebSphere Application Server. Enter
the location, based on the following format, and click Next:
v AIX:
/usr/IBM/WebSphere/AppServer
v Linux:
/opt/IBM/WebSphere/AppServer
v Windows:
C:\Progra~1\IBM\WebSphere\AppServer
14. Enter values for the WebSphere Application Server profile and server instance:
a. Select a WebSphere Application Server profile.
Chapter 3. Updating and migrating
297
b. Select an existing server instance from the Server instance list or create a
server instance by selecting Create new server (a new panel appears
where you can enter the name of the new server instance).
c. Click Next.
15. Enter the properties of the WebSphere Application Server Deployment
Manager (DM) and then click Next:
Host name
Name or IP address of the host DM server
SOAP port
The SOAP port number
Administrative ID
The Administrative ID of the DM
Password
The password for the Administrative ID of the DM
Note: The installation wizard checks the size of the Java Virtual Machine
(JVM) heap on the Deployment Manager and displays a warning if it is less
than 512 MB. If the heap size is less than 512 MB, you are likely to encounter
an out-of-memory error. To increase the heap size, go to this Troubleshooting
Web page and follow the instructions for your platform.
After you have increased the heap size of the JVM, stop and restart the
Deployment Manager. When that is complete, click OK to continue the
installation.
16. Enter the names of the clusters that you want to create: for each installed
feature, select a server instance name; for each selected server instance, enter
a cluster name. Each server instance is added as the first member of its
cluster. For improved performance and administration, add each server
instance to its own cluster.
17. Enter the User ID and Password of the default administrative user for Lotus
Connections. You must have already created this user ID in your LDAP
directory or in WebSphere Identity Manager. The ID is mapped to an
authentication alias called connectionsAdmin. The installed features use this
authentication alias for internal administrative roles, including the
search-admin, dsx-admin, and widget-admin roles.
Notes:
v If you plan to use a third-party Single Sign-On solution such as Tivoli
Access Manager or SiteMinder, this user ID must exist in your LDAP
directory.
v If you want to change the connectionsAdmin alias to use a different user
ID, follow the relevant procedures in the Managing stored credentials topic.
You also need to update the SIBus references to the user ID. For more
information, see the Updating the messaging bus configuration when the
connectionsAdmin user ID changes topic.
18. Enter the host name of the WebSphere Application Server installation and
click Next. The wizard retrieves HTTP port values for WebSphere Application
Server.
Note: Use the fully-qualified DNS name or short DNS name for the host
server. Do not use the IP address of the host.
19. Select a database type from one of the following options:
298
IBM Lotus Lotus Connections 2.5 Installation Guide
v DB2 Universal Database
v Oracle Enterprise Edition
v SQL Server 2005 Enterprise Edition
20. Specify whether the databases for the features are located on the same server:
Select Yes or No and then click Next. The substeps that follow provide
detailed information about each of these options.
Note: The installation wizard tests your database connection with the
database values that you supplied. You can change the database configuration
later in the WebSphere Application Server Integrated Solutions Console.
Option
Description
Yes, the database same
server.
To enter the database information, complete the following
substeps:
1. Enter the fully-qualified domain name of the database
server. For example:
appserver.enterprise.example.com.
2. Enter the port number of the database service. The
default values are: 50000 for DB2, 1521 for Oracle, and
1433 for SQL Server.
3. Enter the location of the JDBC driver library. For
example:
v AIX:
/usr/ibm/WebSphere/AppServer/lib
v Linux:
/opt/ibm/WebSphere/AppServer/lib
v Windows:
C:\IBM\WebSphere\Appserver\lib
Ensure that the following JDBC driver libraries are
present in the JDBC directory:
DB2
db2jcc.jar and db2jcc_license_cu.jar
Oracle
ojdbc14.jar
SQL Server
Download the SQL Server 2005 JDBC 1.2 driver
from the Microsoft Web site to the WebSphere
Application Server lib directory and enter that
directory name in the JDBC driver library
field.
4. Click Next.
5. For each feature, enter the Application user password.
You specified this password when you created the
databases for the features.
Chapter 3. Updating and migrating
299
Option
Description
No, different database
servers
Enter the following database information:
1. Enter the path to the JDBC driver library.
2. For each feature, enter the following information:
a. Enter the Host name of the database server. For
example: appserver.enterprise.example.com.
b. Enter the Port number of the database server. The
default values are: 50000 for DB2, 1521 for Oracle,
and 1433 for SQL Server.
c. Enter the database name.
d. Enter the Application user ID of the account to use
toconnect to the database.
e. Enter the Application user password. You specified
this password when you created the databases for
the features.
Note: If your database type is Oracle, you must connect to the database with
the user ID that you used when you created the feature databases.
21. Set up data directories for the features, using one of the following methods:
v Specify a data directory for Lotus Connections. If you are using a Windows
shared-file system, specify the file location using the Universal Naming
Convention (UNC) format. For example: \\server_name\share_name. The
wizard creates a parent directory with sub-directories for each feature.
v Specify a data directory for each feature.
Note: The data directories usually reside in a shared repository that grants
read-write access to all the nodes. Use one of the following methods to create
a shared data directory:
v Network-based file shares (for example: NFS, SMB/Samba, and so on)
v Storage area network drives (SAN)
22. Optional: (This step is required only if you selected the option to specify a
data directory for each feature.) For each feature that you are installing, enter
the required directory information.
Note: Some of the data directories in this table must be specified as local
directories so that they can be accessed by only one application server.
Table 57. Data directories for features
Feature
Directory (samples only)
Description
Activities
statistics files
v AIX or Linux:
Statistics files that store
statistics generated by
Activities. The file format is
CSV.
Note: This directory must be
a local directory, not a shared
directory.
– /usr/IBM/LotusConnections/Data/
activities/statistic
v Windows:
– \Program Files\LotusConnections\
Data\activities\statistic
300
IBM Lotus Lotus Connections 2.5 Installation Guide
Table 57. Data directories for features (continued)
Feature
Directory (samples only)
Description
Activities
content files
v AIX or Linux:
Content directory to store files
uploaded to Activities by
users. This directory is
additional storage space
outside the database and
stores files such as images.
– /mnt/IBM/LotusConnections/Data/
activities/content
v Windows:
– \\<server_name>\<share_name>\
LotusConnections\Data\activities\
content
Blogs upload
files
v AIX or Linux:
– /mnt/IBM/LotusConnections/Data/
blogs/upload
v Windows:
– \\<server_name>\<share_name>\
LotusConnections\Data\blogs\
upload
File upload directory for
adding files such as images to
Blogs.
These files can become very
large. Ensure that the
directory has enough disk
space
Communities
statistics files
(See Note)
Statistics files for
Communities.
Note: The Communities
statistics directories are not
used in release 2.5. Accept the
default location provided by
the installation wizard and
click Next.
Communities
discussion
forum content
v AIX or Linux:
Content store for the
discussion forums, storing
additional content such as
images and presentations
– /mnt/IBM/LotusConnections/Data/
communties/content
v Windows:
– \\<server_name>\<share_name>\
LotusConnections\Data\communties\
content
Dogear favicon v AIX or Linux:
files
– /mnt/IBM/LotusConnections/Data/
dogear/favorite
v Windows:
Favicon files directory, used
for the favicons (favorite icons)
that are generated by Dogear
users
– \\<server_name>\<share_name>\
LotusConnections\Data\dogear\
favorite
Files
Files content
v AIX or Linux:
– /mnt/IBM/LotusConnections/Data/
files/contentstore
v Windows:
– \\<server_name>\<share_name>\
LotusConnections\Data\files\
contentstore
Chapter 3. Updating and migrating
301
Table 57. Data directories for features (continued)
Feature
Directory (samples only)
Description
Profiles
statistics files
v AIX or Linux:
Statistics files, used for storing
statistics generated by Profiles.
The file format is CSV.
Note: This directory must be
a local directory, not a shared
directory.
– /usr/IBM/LotusConnections/Data/
profiles/statistic
v Windows:
– \Program Files\LotusConnections\
Data\profiles\statistic
Profiles cache
v AIX or Linux:
– /usr/IBM/LotusConnections/Data/
profiles/cache
v Windows:
Cached files.
Note: This directory must be
a local directory, not a shared
directory.
– \Program Files\LotusConnections\
Data\profiles\cache
Search
dictionary
Search dictionary files
v AIX or Linux:
– /mnt/IBM/LotusConnections/Data/
search/dictionary
v Windows:
– \\<server_name>\<share_name>
\LotusConnections\Data\search\
dictionary
Search index
Search index files
v AIX or Linux:
– /mnt/IBM/LotusConnections/Data/
search/index
v Windows:
– \\<server_name>\<share_name>\
LotusConnections\Data\search\
index
Wikis
Wikis content
v AIX or Linux:
– /mnt/IBM/LotusConnections/Data/
wikis/contentstore
v Windows:
– \\<server_name>\<share_name>\
LotusConnections\Data\wikis\
contentstore
23. Decide whether you want to enable e-mail notification. If you click No, the
installer skips the next step, and you can configure notification later.
24. Optional: If you decided to enable e-mail notification, you can select one of
the following notification options:
302
Option
Description
WebSphere Java mail session
Use a single mail server for all notifications.
Choose this option if you can access an
SMTP server directly using the host name.
DNS MX records
Use a Domain Name System (DNS) server to
find an available SMTP messaging server.
Choose this option if you need to use a DNS
server to access the SMTP server.
IBM Lotus Lotus Connections 2.5 Installation Guide
Note: The choice you make in this step determines which of the following
two steps you need to complete.
25. Optional: If you selected the Java notification option, specify the properties of
the SMTP server and then click Next:
Fill out the following fields to identify the mail server to use for sending
e-mail:
v Host name of the SMTP messaging server. Enter the host name or IP
address of the preferred SMTP mail server if you have a specific SMTP
messaging server.
v Fill out the following fields, if required, to identify the mail server to use
for sending e-mail:
– User ID and Password – Enter these values if the SMTP server requires
authentication.
– Enable SSL – Enable SSL if you wish to encrypt outgoing mail to the
SMTP server."
– Port – Accept the default port of 25, or enter port 465 if you are using
SSL.
26. Optional: If you selected DNS MX records as the notification solution, enter
the following information and then click Next:
v Messaging domain name. Enter the name or IP address of the messaging
domain.
v DNS server for the messaging servers. Enter the host name or IP address of
the DNS server.
v DNS port that is used for sending queries over the messaging server.
v User ID. If SMTP authentication is required, enter the administrator user ID
for the SMTP server.
v Password. If SMTP authentication is required, enter the password for the
administrator user of the SMTP server.
v Encrypt outgoing mail traffic to the SMTP messaging server using SSL.
Select the check box if you want to use the Secure Sockets Layer (SSL)
when connecting to the SMTP server.
v Port. Specify the port number to use for the SMTP server connection. The
default port number for the SMTP protocol is 25. The default port number
for SMTP over SSL is 465.
27. (Only required if you installed the Profiles feature.) Select a directory to use
when searching for users. You can choose the Profiles database or your LDAP
directory.
Note: If you select the Profiles database, ensure that you have followed the
steps in the Populating the Profiles database topic. By selecting this option, you
are also enabling the Profiles directory service extension. This service
extension allows other Lotus Connections features to access Profiles data. For
more information, please see the Common directory services topic.
28. Review the information that you have entered. To revise your selections, click
Back. To finalize the installation, click Next.
29. Review the result of the installation. Click Finish to exit the installation
wizard
Chapter 3. Updating and migrating
303
Results
The installation wizard has installed Lotus Connections on the first node of a
cluster in a network deployment.
Note: You can always identify the first node because its lotus_connections_root
directory contains a version directory. Subsequent nodes do not have a version
directory under the lotus_connections_root directory.
The lcinstalllog.txt log file that is stored in a temporary directory is overwritten by
subsequent installations. If you plan to install additional features on the same
system and want to be able to refer to the log file generated by the installer,
change the file name or copy the lcinstalllog.txt file from the following directory:
v AIX or Linux:
/tmp/lcinstalllog.txt
v Windows:
C:\Documents and Settings\<user_name>\Local Settings\temp\1\
lcinstalllog.txt
into this directory:
v AIX:
/usr/IBM/WebSphere/LotusConnections/lcinstalllog.txt
v Linux:
/opt/IBM/WebSphere/LotusConnections/lcinstalllog.txt
v Windows:
C:\Program Files\IBM\WebSphere\LotusConnections\lcinstalllog.txt
Note: These examples assume that you installed Lotus Connections in the default
directories. If you selected different installation directories, change the file paths
accordingly.
What to do next
Accessing network shares
If you installed WebSphere Application Server on Microsoft Windows and
configured it to run as a service, change the Log On attribute of the service to
ensure that you can access network shares. For more information, see the Accessing
network shares topic.
If you are using the bundled SQL Server driver, test the database connection. For
more information, see the Testing the SQL Server database connection topic.
Installing subsequent nodes for migration:
Add more nodes to an existing cluster.
Before you begin
v You must already have a cluster with at least one member. For more
information, see the Installing the first node of a cluster topic.
v Ensure that you have installed WebSphere Application Server Network
Deployment (Application Server option) on each subsequent node. Do not
304
IBM Lotus Lotus Connections 2.5 Installation Guide
enable Administrative or Application Security on the subsequent nodes. The
Deployment Manager will configure security on these nodes.
v Ensure that the shared folders that are used for the content stores in the first
node are accessible from each subsequent node: from a subsequent node, try to
access the shared directories. For file paths to the shared directories, see the Data
directories for features table in the Installing the first node of a cluster topic. Also,
follow the steps in the Configuring shared message stores for buses topic to ensure
the message stores are available to all nodes.
About this task
Perform this task on each node that you want to add to the cluster.
Notes:
v You do not need to create server instances on the subsequent nodes in a cluster.
The Deployment Manager (DM) will create new server instances as required.
v Each subsequent node must be an unmanaged node before you start this task.
Completing the task transforms the node into a managed, or federated, node.
v Perform this task for each node that you want to add to the cluster.
To add a node to a cluster, complete the following steps:
Procedure
1. Add a subsequent node to the DM cell:
a. Start WebSphere Application Server Deployment Manager on the first node.
b. Log into the subsequent node; that is, the node that you want to add to the
cluster.
c. Open a command prompt and change to the bin directory of the local
WebSphere Application Server profile:
app_server_root/profiles/<profile_name>/bin
where <profile_name> is the name of the applicable WebSphere Application
Server profile on this node.
d. Run the addNode command to add this node to the DM cell: .
addnode [dmgr_host] [dmgr_port] [-username uid] [-password pwd]
[-localusername localuid] [-localpassword localpwd]
where dmgr_host is the host name of the Deployment Manager, dmgr_port is
the SOAP port of the deployment manager (the default is 8879), uid and
pwd are the DM administrator username and password, and localuid and
localpwd are the username and password for the node's WebSphere
Application Server administrator.
e. Open the addNode.log file and confirm that the node was successfully
added to the DM cell. The file is stored in the following location:
app_server_root/profiles/<profile_name>/log/addNode.log
2. Copy the relevant JDBC files from the first node in the cluster to the
subsequent node, placing them in the same location as the JDBC files on the
first node. If, for example, you copied the db2jcc.jar file from the
C:\IBM\SQLLIB directory on the first node, you need to copy the same file to the
C:\IBM\SQLLIB directory in each of the subsequent nodes in the same cluster.
The files to copy, depending on your database type, are:
Chapter 3. Updating and migrating
305
Option
Description
DB2
db2jcc.jar
db2jcc_license_cu.jar sql
Oracle
ojdbc14.jar
SQL Server
sqljdbc.jar
3. Copy the Stellent binary to the subsequent node:
a. Copy the lotus_connections_root/search/search/search/dcs directory from
the first node to the subsequent node. Ensure that the file paths to the dcs
directory on the first node and subsequent node are identical.
b. (AIX and Linux only.) Add the following text to the end of the
/etc/profile file on the subsequent node:
export PATH=$PATH:<SearchInstallHome>/dcs/oiexport
where <SearchInstallHome> is the full, absolute path to the directory where
the Search feature is installed. For example: lotus_connections_root/search/
search/search.
c. (AIX only.) Add the following text to the end of the /etc/profile file on the
subsequent node:
export LIBPATH =$LIBPATH:<SearchInstallHome>/dcs/oiexport
d. (Linux only.) Add the following text to the end of the /etc/profile file on
the subsequent node:
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:<SearchInstallHome>/dcs/
oiexport
4. Add additional members to an existing Lotus Connections cluster:
a. Login to the Deployment Manager Administrative Console.
b. Click Servers>Clusters>cluster_name>Cluster members>New. Specify the
following information about the new cluster member:
Member name
The name of the server instance that is created for the cluster. The
DM will create a new server instance with this name
Note: Each member name in the same cluster must be unique. The
admin console will prevent you from re-using the same member
name in a cluster.
Select node
The node where the server instance resides.
Click Add Member to add this member to the cluster member list.
c. Click Next to go to the summary page where you can examine detailed
information about this cluster member. Click Finish to complete this step or
click Previous to modify the settings.
d. Click Save to save the configuration.
e. Click Server>Servers>Clusters>cluster_name>Cluster members. In the
member list, click the new member that you added in the previous step.
f. On the detailed configuration page, click Port to expand the port
information of the member. Make a note of the WC_defaulthost and
WC_defaulthost_secure port numbers. For example, the WC_defaulthost port
number is typically 9084, while the WC_defaulthost_secure port number is
typically 9447.
306
IBM Lotus Lotus Connections 2.5 Installation Guide
g. Click Environment>Virtual Hosts>default_host>Host Aliases>New. Enter
the following information for the host alias for the WC_defaulthost port:
Host name
The IP address or DNS host name of the node where the new
member resides.
Port: The port number for WC_defaulthost. For example, 9084.
Click OK to complete the virtual host configuration.
h. Click Save to save the configuration.
i. Repeat the previous two sub-steps to add the host alias for the
WC_defaulthost_secure port.
j. Click System administration>Nodes,
k. In the node list page, select all the nodes where the target cluster members
reside, and then click Synchronize to perform a synchronization between
the nodes.
What to do next
Configure IBM HTTP Server to connect to this node. For more information, see the
Configuring IBM HTTP Server and Defining IBM HTTP Server for a node topics.
Repeat this task for each subsequent node that you want to add to a cluster.
Configure a shared message store for the cluster. For more information, see the
Configuring shared message stores for buses topic.
If you experience interoperability failure, you might be running two servers on the
same host with the same name. This problem can cause the Search and News
features to fail. For more information, go to the NameNotFoundException from
JNDI lookup operation Web page.
Importing data to a network deployment:
As part of the migration process, import data into your new deployment.
About this task
To import data into your new Lotus Connections deployment, complete the
following steps:
Procedure
1. Rename the lotus_connections_root/migration directory on the first node of the
cluster in your 2.5 deployment, and then copy the migration directory that you
backed up from your 2.0.1 deployment to the lotus_connections_root. directory
on the first node of the cluster in your 2.5 deployment.
2. Import your 2.0.1 data. Open a command prompt, change to the migration
directory in Lotus Connections 2.5, and run the following command:
Note: If you used the -DhandleData=false parameter during the data export,
use that parameter when you run the import command.
v AIX or Linux:
./migration.sh lc-import
-DDMUserid=<dm_admin>
Chapter 3. Updating and migrating
307
-DDMPassword=<dm_password>
v Windows:
./migration.bat lc-import
-DDMUserid=<dm_admin>
-DDMPassword=<dm_password>
where <dm_admin> is the administrative user ID for the WebSphere Application
Server Deployment Manager and <dm_password> is that user's password.
Notes:
v In this step, the migration tool pushes Lotus Connections 2.5 from the node
in the cluster on which you did the install to the Deployment Manager.
v The imported data is stored in the lotus_connections_root/Data directory.
v Check the log file to validate the import. The log file is stored in the system
user's home directory, and uses the following naming format:
lc-migration-yyyyMMdd_HHmm_ss.log
For example:
– AIX or Linux:
/root/lc-migration-20090925_1534_26.log
– Windows:
C:\Documents and Settings\Administrator\lc-migration20090925_1534_26.log
3. Perform a full synchronization of all the nodes in the newly-installed cluster.
What to do next
Compete the steps in the Post-migration tasks topic.
If the migration failed, restore your Lotus Connections 2.0.1 environment. For more
information, see the Rolling back a migration or update topic.
Updating databases
Update Lotus Connections release 2.0.1 databases to release 2.5 in an existing
database environment.
You can choose from two updating strategies:
In-place
Update the databases on the same system as the earlier release. This
strategy saves time and hardware resources.
Side-by-side
On a separate system, create new 2.0.1 databases. Transfer your existing
2.0.1 databases and then update the new databases to release 2.5. This
strategy requires more time and resources but is a good way to trial the
update while you continue to use your 2.0.1 production databases.
Perform the tasks that apply to your deployment configuration:
308
IBM Lotus Lotus Connections 2.5 Installation Guide
Related tasks
“Migrating a stand-alone deployment” on page 274
Migrate your Lotus Connections 2.0.1 stand-alone deployment to release 2.5.
“Migrating a network deployment” on page 289
Migrate your Lotus Connections 2.0.1 network deployment to release 2.5.
Related reference
“Lotus Connections detailed system requirements” on page 13
Use the updateLC command to run the update wizard in silent mode.
Updating databases in-place
Update your Lotus Connections 2.0.1 databases to release 2.5, using an in-place
update procedure.
About this task
Updating a database in-place overwrites your existing database, saving you time
and resources. Ensure that you have backed up your databases before beginning
the update.
There are two methods for updating a database in place: using the database wizard
or using SQL scripts. The wizard is a faster procedure and also validates the
update.
Updating databases with the wizard:
Update your IBM Lotus Connections 2.0.1 databases using the database wizard.
Before you begin
Before applying updates, back up your databases. For more information, see the
Backing up Lotus Connections topic.
Ensure that the forum content store is accessible from the database server before
starting this task.
About this task
Follow these steps to update your Lotus Connections 2.0.1 databases to Lotus
Connections 2.5 databases.
Note: As an alternative to using the wizard, you can update the databases
manually. For more information, see the Updating databases manually topic.
To update your databases with the database wizard, complete the following steps:
Procedure
1. Stop the WebSphere Application Server instances that are hosting Lotus
Connections 2.0.1.
2. Optional: If the database servers and Lotus Connections are on different
systems, copy the database wizard to the system that hosts your Lotus
Connections databases.
3. Log in as the database administrator.
4. Change to the directory where the database wizard is stored. The default
location is the Wizards directory on the installation media.
Chapter 3. Updating and migrating
309
5. Enter the following command and then click Next:
v AIX or Linux: ./dbWizard.sh
v Windows: dbWizard.bat
6. Select the Upgrade task and click Next.
7. Specify the database type, database instance, and the installation location, and
then click Next. The wizard detects the current database version.
8. Select the databases that you want to update and click Next:
v Activities: OPNACT
v
v
v
v
v
Blogs: BLOGS
Communities: SNCOMM
Dogear: DOGEAR
Home page: HOMEPAGE
Profiles: PEOPLEDB
Notes:
v The database wizard disables the selection of any features that were not
released in Lotus Connections 2.0.1. If any feature databases were created in
an earlier release of Lotus Connections than release 2.0.1, update that
database using the Lotus Connections 2.0.1 database wizard.
9. If you are updating the Blogs, Communities, or Profiles database, provide the
database port, administrator ID, and administrator password for the database.
Note: If you are updating Oracle databases, you need to enter the passwords
for each newly-created application user.
10. If you are updating the Communities feature, provide the file path to the
forum content store. The content store can be a network share folder or a local
folder that you can copy from the WebSphere Application Server node to the
database node.
11. Review the Pre Configuration Task Summary to ensure that the values you
entered are correct. If you want to change any values, click Back to edit the
value. To continue, click Update.
12. After the update task finishes, review the Post Configuration Task Summary
panel and, if necessary, click View Log to open the log file. Click Finish to
exit the wizard.
13. Create databases for the Files and Wikis features: run the database wizard
again, select the Create database option, and then select the Files and Wikis
options. For more information, see the Creating databases with the database
wizard topic.
Related concepts
“Updating Lotus Connections 2.5” on page 341
Update Lotus Connections 2.5.
Updating databases manually:
Manually update IBM Lotus Connections 2.0.1 databases to release 2.5 in an
existing IBM WebSphere Application Server and database environment.
Before you begin
Before applying updates, back up your databases. For more information, see the
Backing up Lotus Connections topic.
310
IBM Lotus Lotus Connections 2.5 Installation Guide
About this task
This topic describes how to manually update Lotus Connections release 2.0.1
databases to release 2.5. Use this procedure as an alternative to using the database
wizard to update your databases.
Notes:
v Ensure that the forum content store is accessible from the database server before
starting this task. To verify accessibility, determine the location of the forum
content store by looking up the WebSphere Variable called
FORUM_CONTENT_DIR. The value of this variable provides the absolute file
path of the forum content store. Your database administrator can use that
information to test access to the database.
v To improve readability, some commands and file paths on this page are
displayed on separate lines. Ignore these formatting conventions when entering
the commands.
To update databases manually, complete the following steps:
Procedure
1.
2.
3.
4.
Log in to the WebSphere Application Server Integrated Solutions Console.
Go to Applications > Enterprise Applications.
Stop all Lotus Connections features.
To update the databases, run the commands for your database type:
Notes:
v Use the Java Runtime Environment (JRE) under the Wizards directory in the
installation media. Update your PATH variable to point to this JRE, using the
instructions for your operating system. For example, the relative path to the
JRE on the Microsoft Windows operating system might be
C:\IBM\Lotus_Connections\Wizards\jvm\win\jre.
v Lotus Connections does not support GNU Java.
v The variables <dbHost>, <dbPort>, <dbAdmin>, and <dbPassword> represent
the host name of your database server, the database server port, the database
administrator ID, and the database administrator password.
v Line breaks are added to some commands to improve readability.
v After running each command, examine the output of the command for error
messages. If you find errors, resolve them before continuing with the update
process.
v DB2:
a. Log in as the database administrator.
b. For each feature, change to the directory where the SQL scripts are stored
and then enter the commands for that feature:
– Activities: Wizards/connections.sql/activities/db2
1) db2 -tvf upgrade25.sql
2) db2 -tvf clearScheduler.sql
3) db2 -tvf appGrants.sql
4) (For DB2 9.1 users only) db2 -tvf db291settings.sql
– Blogs: Wizards/connections.sql/blogs/db2
1) db2 -tvf upgrade25.sql
2) From a command prompt, change to the Wizards directory and
enter the following commands:
Chapter 3. Updating and migrating
311
- AIX or Linux:
java -classpath
<jdbc_lib_location>/db2jcc.jar:
<jdbc_lib_location>/db2jcc_license_cu.jar:
lib/blogs.migration.jar:
lib/commons-lang-2.0.jar
org.apache.roller.migrate.MigrateBlogsTo_2_5
db2 BLOGS
<dbHost> <dbPort>
<dbAdmin> <dbPassword>
- Windows:
java -classpath
<jdbc_lib_location>\db2jcc.jar;
<jdbc_lib_location>\db2jcc_license_cu.jar;
lib\blogs.migration.jar;
lib\commons-lang-2.0.jar
org.apache.roller.migrate.MigrateBlogsTo_2_5
db2 BLOGS
<dbHost> <dbPort>
<dbAdmin> <dbPassword>
3) db2 -tvf appGrants.sql
4) (For DB2 9.1 users only) db2 -tvf db291settings.sql
– Communities: Wizards/connections.sql/communities/db2
1) db2 -tvf upgrade25.sql
2) db2 -tvf upgrade25_forum.sql
3) db2 -tvf uninteg_forum.sql
4) From a command prompt, change to the Wizards directory and
enter the following commands:
- AIX or Linux:
java -classpath
<jdbc_lib_location>/db2jcc.jar:
<jdbc_lib_location>/db2jcc_license_cu.jar:
lib/forum.migrate.jar:
lib/commons-lang-2.0.jar
com.ibm.lconn.forum.migrate.Migrate201To25
db2 <dbHost> <dbPort>
SNCOMM <dbAdmin> <dbPassword>
- Windows:
java -classpath
<jdbc_lib_location>\db2jcc.jar;
<jdbc_lib_location>\db2jcc_license_cu.jar;
lib\forum.migrate.jar;
lib\commons-lang-2.0.jar
com.ibm.lconn.forum.migrate.Migrate201To25
db2 <dbHost> <dbPort>
SNCOMM <dbAdmin> <dbPassword>
5) db2 -tvf integ_forum.sql
312
IBM Lotus Lotus Connections 2.5 Installation Guide
6) db2 -tvf integOff.sql
7) From a command prompt, change to the Wizards directory and
enter the following commands:
- AIX or Linux:
java -classpath
<jdbc_lib_location>/db2jcc.jar:
<jdbc_lib_location>/db2jcc_license_cu.jar:
lib/sncomm.migrate.jar:
lib/commons-lang-2.0.jar
com.ibm.tango.migrate.MigrateCommunitiesTo_2_5
db2 SNCOMM <dbHost> <dbPort>
<dbAdmin> <dbPassword>
- Windows:
java -classpath
<jdbc_lib_location>\db2jcc.jar;
<jdbc_lib_location>\db2jcc_license_cu.jar;
lib\sncomm.migrate.jar;
lib\commons-lang-2.0.jar
com.ibm.tango.migrate.MigrateCommunitiesTo_2_5
db2 SNCOMM <dbHost> <dbPort>
<dbAdmin> <dbPassword>
8) db2 [email protected] -vf integOn.sql
9) Ensure that the forum content store is accessible: from a command
prompt, change to the Wizards directory and enter the following
commands:
- AIX or Linux:
java -classpath
<jdbc_lib_location>/db2jcc.jar:
<jdbc_lib_location>/db2jcc_license_cu.jar:
lib/forum.migrate.jar:
lib/commons-lang-2.0.jar
com.ibm.lconn.forum.migrate.DescMigrate201To25
db2 <path_to_forumContentStore>
<dbHost> <dbPort>
SNCOMM <dbAdmin> <dbPassword>
- Windows:
java -classpath
<jdbc_lib_location>\db2jcc.jar;
<jdbc_lib_location>\db2jcc_license_cu.jar;
lib\forum.migrate.jar
;lib\commons-lang-2.0.jar
com.ibm.lconn.forum.migrate.DescMigrate201To25
db2 <path_to_forumContentStore>
<dbHost> <dbPort>
SNCOMM <dbAdmin> <dbPassword>
10) db2 -tvf drop201Tables_forum.sql
11) db2 -tvf appGrants.sql
Chapter 3. Updating and migrating
313
12) db2 -tvf appGrants_forum.sql
13) (For DB2 9.1 users only) db2 -tvf db291settings.sql
– Dogear: Wizards/connections.sql/dogear/db2
1) db2 -tvf upgrade25.sql
2) db2 -tvf appGrants.sql
3) (For DB2 9.1 users only) db2 -tvf db291settings.sql
– Home page: Wizards/connections.sql/homepage/db2
1) db2 -tvf upgrade25.sql
2) db2 -tvf appGrants.sql
3) (For DB2 9.1 users only) db2 -tvf db291settings.sql
– Profiles: Wizards/connections.sql/profiles/db2
1) db2 -tvf upgrade25a.sql
2) From a command prompt, change to the Wizards directory and
enter the following commands:
- AIX or Linux:
java -classpath
<jdbc_lib_location>/db2jcc.jar:
<jdbc_lib_location>/db2jcc_license_cu.jar:
lib/profiles.migrate.jar:
lib/peoplepages.svcapi.jar:
lib/commons-logging-1.0.4.jar
com.ibm.profiles.migrate.MigrateEmployeeTable
jdbc:db2://<dbHost>:<dbPort>/peopledb
<dbAdmin> <dbPassword>
- Windows:
java -classpath
<jdbc_lib_location>\db2jcc.jar;
<jdbc_lib_location>\db2jcc_license_cu.jar;
lib\profiles.migrate.jar;
lib\peoplepages.svcapi.jar;
lib\commons-logging-1.0.4.jar
com.ibm.profiles.migrate.MigrateEmployeeTable
jdbc:db2://<dbHost>:
<dbPort>/peopledb
<dbAdmin> <dbPassword>
3) db2 -tvf upgrade25b.sql
4) db2 -tvf appGrants.sql
5) (For DB2 9.1 users only) db2 -tvf db291settings.sql
v Oracle:
Note: Ensure that the Oracle driver on your system has the same version
number as the Oracle database server. Lotus Connections does not support
the Oracle 10.2.0.1 JDBC driver.
a. Change to the directory containing the scripts, as shown in the following
list.
b. For each feature, enter the following command and then run the
appropriate scripts:
sqlplus /as sysdba
– Activities: Wizards/connections.sql/activities/oracle
314
IBM Lotus Lotus Connections 2.5 Installation Guide
1) @upgrade25.sql <dbPassword>
2) @clearScheduler.sql
3) @appGrants.sql
– Blogs: Wizards/connections.sql/blogs/oracle
1) @upgrade25.sql <dbPassword>
2) From a command prompt, change to the Wizards directory and
enter the following commands:
- AIX or Linux:
java -classpath
<jdbc_lib_location>/ojdbc14.jar:
lib/blogs.migration.jar:
lib/commons-lang-2.0.jar
org.apache.roller.migrate.MigrateBlogsTo_2_5
oracle <dbName>
<dbHost> <dbPort>
<dbAdmin> <dbPassword>
{-SID=<SID> | -SERVICENAME=<SERVICE_NAME>
-INDEXTABSPACE=<INDEXTABSPACE>}
where <SID> is the Oracle SID when the database is configured
to use SID, <SERVICE_NAME> is the Oracle SERVICE_NAME
when the database is configured to use SERVICE_NAME, and
<INDEXTABSPACE> is the index table space of a database where
you have customized the table space naming.
Note: The parameters in braces ({}) are optional.
- Windows:
java -classpath
<jdbc_lib_location>\ojdbc14.jar;
lib\blogs.migration.jar;
lib\commons-lang-2.0.jar
org.apache.roller.migrate.MigrateBlogsTo_2_5
oracle <dbName>
<dbHost> <dbPort>
<dbAdmin> <dbPassword>
{-SID=<SID> | -SERVICENAME=<SERVICE_NAME>
-INDEXTABSPACE=<INDEXTABSPACE>}
where <SID> is the Oracle SID when the database is configured
to use SID, <SERVICE_NAME> is the Oracle SERVICE_NAME
when the database is configured to use SERVICE_NAME, and
<INDEXTABSPACE> is the index table space of a database where
you have customized the table space naming.
Note: The parameters in braces ({}) are optional.
Note: For more information about using the SID or
SERVICE_NAME parameter, see the Lotus Connections V2.5
Migration for Blogs and Communities databases for Oracle
technote.
3) @appGrants.sql
– Communities: Wizards/connections.sql/communities/oracle
1) @upgrade25.sql <dbPassword>>
Chapter 3. Updating and migrating
315
2) @upgrade25_forum.sql
3) @uninteg_forum.sql
4) From a command prompt, change to the Wizards directory and
enter the following commands:
- AIX or Linux:
java -classpath
<jdbc_lib_location>/ojdbc14.jar:
lib/forum.migrate.jar:
lib/commons-lang-2.0.jar
com.ibm.lconn.forum.migrate.Migrate201To25
oracle <dbHost> <dbPort>
<dbName> <dbAdmin> <dbPassword>
{-SID=<SID> | -SERVICENAME=<SERVICE_NAME>
-INDEXTABSPACE=<INDEXTABSPACE>}
where <SID> is the Oracle SID when the database is configured
to use SID, <SERVICE_NAME> is the Oracle SERVICE_NAME
when the database is configured to use SERVICE_NAME, and
<INDEXTABSPACE> is the index table space of a database
where you have customized the table space naming.
Note: The parameters in braces ({}) are optional.
- Windows:
java -classpath
<jdbc_lib_location>\ojdbc14.jar;
lib\forum.migrate.jar;
lib\commons-lang-2.0.jar
com.ibm.lconn.forum.migrate.Migrate201To25
oracle <dbHost> <dbPort>
<dbName> <dbAdmin> <dbPassword>
{-SID=<SID> | -SERVICENAME=<SERVICE_NAME>
-INDEXTABSPACE=<INDEXTABSPACE>}
where <SID> is the Oracle SID when the database is configured
to use SID, <SERVICE_NAME> is the Oracle SERVICE_NAME
when the database is configured to use SERVICE_NAME, and
<INDEXTABSPACE> is the index table space of a database
where you have customized the table space naming.
Note: The parameters in braces ({}) are optional.
5) @integ_forum.sql
6) @oraintegOff.sql
7) From a command prompt, change to the Wizards directory and
enter the following commands:
- AIX or Linux:
java -classpath
<jdbc_lib_location>/ojdbc14.jar:
lib/sncomm.migrate.jar:
lib/commons-lang-2.0.jar
com.ibm.tango.migrate.MigrateCommunitiesTo_2_5
oracle <dbName> <dbHost> <dbPort>
<dbAdmin> <dbPassword>
316
IBM Lotus Lotus Connections 2.5 Installation Guide
{-SID=<SID> | -SERVICENAME=<SERVICE_NAME>
-INDEXTABSPACE=<INDEXTABSPACE>}
where <SID> is the Oracle SID when the database is configured
to use SID, <SERVICE_NAME> is the Oracle SERVICE_NAME
when the database is configured to use SERVICE_NAME, and
<INDEXTABSPACE> is the index table space of a database
where you have customized the table space naming.
Note: The parameters in braces ({}) are optional.
- Windows:
java -classpath
<jdbc_lib_location>\ojdbc14.jar;
lib\sncomm.migrate.jar;
lib\commons-lang-2.0.jar
com.ibm.tango.migrate.MigrateCommunitiesTo_2_5
oracle <dbName> <dbHost> <dbPort>
<dbAdmin> <dbPassword>
{-SID=<SID> | -SERVICENAME=<SERVICE_NAME>
-INDEXTABSPACE=<INDEXTABSPACE>}
where <SID> is the Oracle SID when the database is configured
to use SID, <SERVICE_NAME> is the Oracle SERVICE_NAME
when the database is configured to use SERVICE_NAME, and
<INDEXTABSPACE> is the index table space of a database
where you have customized the table space naming.
Note: The parameters in braces ({}) are optional.
8) @oraintegOn.sql
9) Ensure that the forum content store is accessible: From a
command prompt, change to the Wizards directory and enter the
following commands:
- AIX or Linux:
java -classpath
<jdbc_lib_location>/ojdbc14.jar:
lib/forum.migrate.jar:
lib/commons-lang-2.0.jar
com.ibm.lconn.forum.migrate.DescMigrate201To25
oracle <path_to_forumContentStore>
<dbHost> <dbPort>
<dbName> <dbAdmin> <dbPassword>
{-SID=<SID> | -SERVICENAME=<SERVICE_NAME>
-INDEXTABSPACE=<INDEXTABSPACE>}
where <SID> is the Oracle SID when the database is configured
to use SID, <SERVICE_NAME> is the Oracle SERVICE_NAME
when the database is configured to use SERVICE_NAME, and
<INDEXTABSPACE> is the index table space of a database
where you have customized the table space naming.
Note: The parameters in braces ({}) are optional.
- Windows:
java -classpath
<jdbc_lib_location>\ojdbc14.jar;
Chapter 3. Updating and migrating
317
lib\forum.migrate.jar;
lib\commons-lang-2.0.jar
com.ibm.lconn.forum.migrate.DescMigrate201To25
oracle <path_to_forumContentStore>
<dbHost> <dbPort>
<dbName> <dbAdmin> <dbPassword>
{-SID=<SID> | -SERVICENAME=<SERVICE_NAME>
-INDEXTABSPACE=<INDEXTABSPACE>}
where <SID> is the Oracle SID when the database is configured
to use SID, <SERVICE_NAME> is the Oracle SERVICE_NAME
when the database is configured to use SERVICE_NAME, and
<INDEXTABSPACE> is the index table space of a database
where you have customized the table space naming.
Note: The parameters in braces ({}) are optional.
10) @drop201Tables_forum.sql
11) @appGrants.sql
12) @appGrants_forum.sql
– Dogear: Wizards/connections.sql/dogear/oracle
1) @upgrade25.sql <dbPassword>
2) @appGrants.sql
– Home page: Wizards/connections.sql/homepage/oracle
1) @upgrade25.sql <dbPassword>
2) @appGrants.sql
– Profiles: Wizards/connections.sql/profiles/oracle
1) @upgrade25a.sql <dbPassword>
2) From a command prompt, change to the Wizards directory and
enter the following commands:
- AIX or Linux:
java -classpath
<jdbc_lib_location>/ojdbc14.jar:
lib/profiles.migrate.jar:
lib/peoplepages.svcapi.jar:
lib/commons-logging-1.0.4.jar
com.ibm.profiles.migrate.MigrateEmployeeTable
jdbc:oracle:thin:@
<dbHost>:<dbPort>:<dbName>
<dbAdmin> <dbPassword>
- Windows:
java -classpath
<jdbc_lib_location>\ojdbc14.jar;
lib\profiles.migrate.jar;
lib\peoplepages.svcapi.jar;
lib\commons-logging-1.0.4.jar
com.ibm.profiles.migrate.MigrateEmployeeTable
jdbc:oracle:thin:@
<dbHost>:<dbPort>:<dbName>
<dbAdmin> <dbPassword>
3) @upgrade25b.sql
318
IBM Lotus Lotus Connections 2.5 Installation Guide
4) @appGrants.sql
v SQL Server 2005
a. Log in as the database administrator.
b. Change to the directory containing the scripts.
c. For each feature, run the appropriate scripts by entering the commands
shown in the following list. In these commands, <dbPassword> is the
password for the SQL Server user named sa. If your database server has
multiple SQL Server instances installed, add the following text as the first
parameter to each command:
-S <sqlserver_server_name>\<sqlserver_server_instance_name>
where <sqlserver_server_name> is the name of your SQL Server database
server and <sqlserver_server_instance_name> is the name of your current
instance.
– Activities: Wizards\connections.sql\activities\sqlserver
1) sqlcmd -U <dbAdmin> -P <dbPassword> -i "upgrade25.sql"
2) sqlcmd -U <dbAdmin> -P <dbPassword> -i "clearScheduler.sql"
3) sqlcmd -U <dbAdmin> -P <dbPassword> -i "appGrants.sql"
– Blogs: Wizards\connections.sql\blogs\sqlserver
1) sqlcmd -U <dbAdmin> -P <dbPassword> -i "upgrade25.sql"
2) From a command prompt, change to the Wizards directory and
enter the following commands:
java -classpath
<jdbc_lib_location>\sqljdbc.jar;
lib\blogs.migration.jar;
lib\commons-lang-2.0.jar
org.apache.roller.migrate.MigrateBlogsTo_2_5
sqlserver BLOGS
<dbHost> <dbPort>
<dbAdmin> <dbPassword>
3) sqlcmd -U <dbAdmin> -P <dbPassword> -i "appGrants.sql"
– Communities: Wizards\connections.sql\communities\sqlserver
1) sqlcmd -U <dbAdmin> -P <dbPassword> -i "upgrade25.sql"
2) sqlcmd -U <dbAdmin> -P <dbPassword> -i upgrade25_forum.sql"
3) sqlcmd -U <dbAdmin> -P <dbPassword> -i "uninteg_forum.sql"
4) From a command prompt, change to the Wizards directory and
enter the following commands:
java -classpath
<jdbc_lib_location>\sqljdbc.jar;
lib\forum.migrate.jar;
lib\commons-lang-2.0.jar
com.ibm.lconn.forum.migrate.Migrate201To25
sqlserver <dbHost> <dbPort>
SNCOMM <dbAdmin> <dbPassword>
5) sqlcmd -U <dbAdmin> -P <dbPassword> -i "integ_forum.sql"
6) sqlcmd -U <dbAdmin> -P <dbPassword> -i "integOff.sql"
7) From a command prompt, change to the Wizards directory and
enter the following commands:
java -classpath
<jdbc_lib_location>\sqljdbc.jar;
Chapter 3. Updating and migrating
319
lib\sncomm.migrate.jar;
lib\commons-lang-2.0.jar
com.ibm.tango.migrate.MigrateCommunitiesTo_2_5
sqlserver SNCOMM <dbHost> <dbPort>
<dbAdmin> <dbPassword>
8) sqlcmd -U <dbAdmin> -P <dbPassword> -i "integOn.sql"
9) Ensure that the forum content store is accessible: from a command
prompt, change to the Wizards directory and enter the following
commands:
java -classpath
<jdbc_lib_location>\sqljdbc.jar;
lib\forum.migrate.jar;
lib\commons-lang-2.0.jar
com.ibm.lconn.forum.migrate.DescMigrate201To25
sqlserver <path_to_forumContentStore>
<dbHost> <dbPort>
SNCOMM <dbAdmin> <dbPassword>
10) sqlcmd -U <dbAdmin> -P <dbPassword> -i
"drop201Tables_forum.sql"
11) sqlcmd -U <dbAdmin> -P <dbPassword> -i "appGrants.sql"
12) sqlcmd -U <dbAdmin> -P <dbPassword> -i "appGrants_forum.sql"
– Dogear: Wizards\connections.sql\dogear\sqlserver
1) sqlcmd -U <dbAdmin> -P <dbPassword> -i "upgrade25.sql"
2) sqlcmd -U <dbAdmin> -P <dbPassword> -i "appGrants.sql"
– Home page: Wizards\connections.sql\homepage\sqlserver
1) sqlcmd -U <dbAdmin> -P <dbPassword> -i "upgrade25.sql"
2) sqlcmd -U <dbAdmin> -P <dbPassword> -i "appGrants.sql"
– Profiles: Wizards\connections.sql\profiles\sqlserver
1) sqlcmd -U <dbAdmin> -P <dbPassword> -i "upgrade25a.sql"
2) From a command prompt, change to the Wizards directory and
enter the following commands:
java -classpath
<jdbc_lib_location>\sqljdbc.jar;
lib\profiles.migrate.jar;
lib\peoplepages.svcapi.jar;
lib\commons-logging-1.0.4.jar
com.ibm.profiles.migrate.MigrateEmployeeTable
jdbc:sqlserver://
<dbHost>:<dbPort>;databaseName=PEOPLEDB
<dbAdmin> <dbPassword>
3) sqlcmd -U <dbAdmin> -P <dbPassword> -i "upgrade25b.sql"
4) sqlcmd -U <dbAdmin> -P <dbPassword> -i "appGrants.sql"
What to do next
1. If you plan to install the Files and Wikis features, create databases for them
now, using the Lotus Connections 2.5 database wizard.
2. Check that all the databases are working correctly.
3. Migrate your Lotus Connections release 2.0.1 deployment to release 2.5.
320
IBM Lotus Lotus Connections 2.5 Installation Guide
Related concepts
“Updating Lotus Connections 2.5” on page 341
Update Lotus Connections 2.5.
Updating databases side-by-side
Update your Lotus Connections 2.0.1 databases to release 2.5 in a side-by-side
procedure where your Lotus Connections 2.0.1 deployment remains intact.
Before you begin
Create a database instance on a new system.
About this task
You can continue to use your 2.0.1 databases until you are ready to migrate to
Lotus Connections 2.5.
To update the databases, complete the following steps:
Procedure
1. Use the Lotus Connections 2.0.1 database wizard to create new destination
databases on a separate system.
2. Optional: If you are updating the Profiles database and changing the source
database type from Oracle to IBM DB2 or Microsoft SQL Server, complete the
following steps:
a. Copy the fixup201prexfer.sql file from the Wizards/connections.sql/
profiles/oracle directory on the Lotus Connections 2.5 installation media
to the database server that hosts your Lotus Connections 2.0.1 database for
Profiles.
b. On the database server that hosts your Lotus Connections 2.0.1 database for
Profiles, change to the directory where the fixup201prexfer.sql file is
stored.
c. Run SQL Plus and enter the following commands:
1) sqlplus /NOLOG
2) conn system/<password>@<sid>
where <password> is the password for the user "system" and <sid> is the
Oracle System Identifier for Lotus Connections.
3) @fixup201prexfer.sql
3. Remove constraints from the new databases by executing the following SQL
scripts for the features that you are migrating. Run the SQL scripts from the
Lotus Connections 2.0.1 installation media.
v DB2:
a. Log in as the administrator.
b. For each feature, change to the directory where the feature scripts are
stored and enter the appropriate commands, as shown in the following
table:
Chapter 3. Updating and migrating
321
Table 58. DB2 commands for removing constraints
Feature
Directory
DB2 commands
Activities
/connections.sql/activities/
db2
db2 -tvf uninteg.sql
db2 connect to OPNACT
Change to the following directory:
/connections.sql/activities/shared
Run the following commands:
db2 -tvf predbxfer.sql
Blogs
/connections.sql/blogs/db2
db2 -tvf disableFK.sql
db2 -tvf predbxfer.sql
Communities
/connections.sql/
communities/db2
db2
db2
db2
db2
Dogear
/connections.sql/dogear/db2
db2 -tvf integOff.sql
db2 -tvf predbxfer.sql
Home page
/connections.sql/homepage/
db2
db2 -tvf integOff.sql
db2 -tvf deleteAllRows.sql
Profiles
/connections.sql/profiles/
db2
db2 connect to PEOPLEDB
db2 -tvf predbxfer.sql
db2 connect reset
-tvf
-tvf
-tvf
-tvf
integOff.sql
uninteg_forum.sql
predbxfer.sql
predbxfer_forum.sql
v Oracle:
Note: Ensure that the Oracle driver on your system has the same version
number as the Oracle database server. Lotus Connections does not support
the Oracle 10.2.0.1 JDBC driver.
a. Change to the directory containing the scripts, as shown in the following
table.
b. For each feature, enter the following commands and then run the
appropriate scripts:
sqlplus /NOLOG
conn system/<password>@<sid>
where <password> is the password for the user "system" and <sid> is the
Oracle System Identifier for Lotus Connections.
Table 59. Oracle commands for removing constraints
Feature
Directory
Oracle commands
Activities
/connections.sql/
activities/oracle
@oraIntegOff.sql
Change to the following directory:
/connections.sql/activities/shared
Run the following commands:
@predbxfer.sql
quit
Blogs
322
/connections.sql/blogs/ @disableFK.sql
@predbxfer.sql
oracle
quit
IBM Lotus Lotus Connections 2.5 Installation Guide
Table 59. Oracle commands for removing constraints (continued)
Feature
Directory
Oracle commands
Communities
/connections.sql/
communities/oracle
@oraIntegOff.sql
@oraIntegOff_forum.sql
@predbxfer.sql
@predbxfer_forum.sql
quit
Dogear
/connections.sql/
dogear/oracle
@oraIntegOff.sql
@predbxfer.sql
quit
Home page
/connections.sql/
homepage/oracle
@integOff.sql
@deleteAllRows.sql
quit
Profiles
/connections.sql/
profiles/oracle
@predbxfer.sql
quit
v SQL Server 2005
a. Login in as administrator
b. Change to the directory containing the scripts
c. For each feature, run the appropriate scripts by entering the commands
shown in the following table:
In these commands, <password> is the password for the SQL Server user
"sa".
If your database server has multiple SQL Server instances installed, add
the following parameter as the first parameter to each command below:
-S <sqlserver_server_name>\<sqlserver_server_instance_name>
Table 60. SQL Server commands for removing constraints
Feature
Directory
SQL Server commands
Activities
/connections.sql/activities/
sqlserver
sqlcmd -U sa -P <password>
-i "integOff.sql"
sqlcmd -U sa -P <password>
-i "deleteAllRows.sql"
Blogs
/connections.sql/blogs/sqlserver
sqlcmd -U sa -P <password>
-i "integOff.sql"
sqlcmd -U sa -P <password>
-i "deleteAllRows.sql"
Communities
/connect ons.sql/communities/
sqlserver
sqlcmd -U sa -P <password>
-i "integOff.sql"
sqlcmd -U sa -P <password>
-i "integOff_forum.sql"
sqlcmd -U sa -P <password>
-i "predbxfer.sql"
sqlcmd -U sa -P <password>
-i "deleteAllRows_forum.sql"
Home page
/connections.sql/homepage/
sqlserver
sqlcmd -U sa -P <password>
-i "integOff.sql"
sqlcmd -U sa -P <password>
-i "deleteAllRows.sql"
Dogear
/connections.sql/dogear/sqlserver
sqlcmd -U sa -P <password>
-i "integOff.sql"
sqlcmd -U sa -P <password>
-i "predbxfer.sql"
Chapter 3. Updating and migrating
323
Table 60. SQL Server commands for removing constraints (continued)
Feature
Directory
SQL Server commands
Profiles
/connections.sql/profiles/
sqlserver
sqlcmd -U sa -P <password>
-i "integOff.sql"
sqlcmd -U sa -P <password>
-i "deleteAllRows.sql"
4. Transfer data to the new databases, using the database transfer tool:
a. Copy the dbt.jar file from the Lotus_Connections_Install\ConfigEngine\
lib directory to <DBT_HOME> on the production database server, where
<DBT_HOME> is the path to the directory that contains the dbt.jar file.
Note:
v Use the Java Runtime Environment (JRE) under the Wizards directory in
the installation media. Update your PATH variable to point to this JRE,
using the instructions for your operating system. For example, the
relative path to the JRE on the Microsoft Windows operating system
might be C:\IBM\Lotus_Connections\Wizards\jvm\win\jre.
v Lotus Connections does not support GNU Java.
b. Create an XML configuration file under <DBT_HOME>:
<dbTransfer xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<database role="source"
driver="<JDBC_driver>"
url="<JDBC_url>"
userId="database admin user ID"
schema="<feature_db_schema_name>"
dbType="< dbType >"/>
<database role="target"
driver="<JDBC_driver>"
url="<JDBC_url>"
userId="database admin user ID"
schema="<feature_db_schema_name>"
commitFrequency="50"
dbType="< dbType >"/>
</dbTransfer>
where <JDBC_driver> is one of the following:
v DB2: com.ibm.db2.jcc.DB2Driver
v Oracle: oracle.jdbc.driver.OracleDriver
v SQL Server: com.microsoft.sqlserver.jdbc.SQLServerDriver
where <JDBC_url> is one of the following:
v DB2: jdbc:db2://<host_IP>:<port>/<feature_database_name>
v Oracle: jdbc:oracle:thin:@<host_IP>:<port>:<SID>
v SQL Server: jdbc:sqlserver://
<host_IP>:<port>;databaseName=<feature_database_name>
where <feature_database_name> is one of the following:
v Activities: OPNACT
v Blogs: BLOGS
v Communities: SNCOMM
v Dogear: DOGEAR
v Home page: HOMEPAGE
v Profiles: PEOPLEDB
where <feature_db_schema> is one of the following:
324
IBM Lotus Lotus Connections 2.5 Installation Guide
v
v
v
v
v
Activities: ACTIVITIES
Blogs: BLOGS
Communities: SNCOMM
Dogear: DOGEAR
Home page: HOMEPAGE
v Profiles: EMPINST, SNCORE (you must transfer data twice for these two
schemas)
where <dbType> is one of the following:
v DB2: DB2
v Oracle: oracle
v SQL Server: sqlserver2005
c. Prepare the JDBC driver of the 2.5 databases for transfer:
v DB2:
– Use the JDBC driver on the 2.5 database server.
v Oracle:
– Use the JDBC driver on the 2.5 database server.
Note: Ensure that the Oracle driver on your system has the same
version number as the Oracle database server. Lotus Connections does
not support the Oracle 10.2.0.1 JDBC driver.
v SQL Server
– Download the SQL Server 2005 JDBC 1.2 driver from the Microsoft
Web site and follow the instructions to extract the driver files..
d. To perform the data transfer, run the dbt.jar file:
v Linux:
"<JAVA_HOME>/bin/java"
-cp <DBT_HOME>/dbt.jar:
<DB2_HOME>/java/db2jcc.jar:
<DB2_HOME>/java/db2jcc_license_cu.jar:
<SQLSERVER_DRIVER_PATH>:
<ORACLE_HOME>/jdbc/lib/ojdbc14.jar
com.ibm.wps.config.db.transfer.CmdLineTransfer
-logDir <DBT_HOME>/logs
-xmlfile <DBT_HOME>/<dbt_config_file_name>
-sourcepassword <source_db_password>
-targetpassword <target_db_password>
where <dbt_config_file_name> is the name of the XML configuration file
you created for the dbt.jar file, and <logs> is the directory where log files
are stored. You should create the <logs> directory before running this file.
v Windows:
"<JAVA_HOME>\bin\java"
-cp <DBT_HOME>\dbt.jar;
<DB2_HOME>\java\db2jcc.jar;
<DB2_HOME>\java\db2jcc_license_cu.jar;
<SQLSERVER_DRIVER_PATH>;
<ORACLE_HOME>\jdbc\lib\ojdbc14.jar
com.ibm.wps.config.db.transfer.CmdLineTransfer
-logDir <DBT_HOME>\logs
-xmlfile <DBT_HOME>/<dbt_config_file_name>
-sourcepassword <source_db_password>
-targetpassword <target_db_password>
where <dbt_config_file_name> is the name of the XML configuration file
that you created for the dbt.jar file, and <logs> is the directory where log
files are stored.
Chapter 3. Updating and migrating
325
When the transfer is complete, you can restart the 2.0.1 features to minimize
service downtime.
Note: If the update fails and you receive an error message with DB2
SQLCODE -1476, the log file is full. Increase the size of the log file and run
the update again. You can check the current size of the log file by running
the following command:
db2 get db cfg for <feature_db_name>|grep -i logfilsiz
Increase the size of the log file by running the following command:
db2 update db cfg for <feature_db_name> USING logfilsiz 5000
db2 update db cfg for <feature_db_name> using logprimary 25
db2 update db cfg for <feature_db_name> using logsecond 50
where <feature_db_name> is one of the following:
v
v
v
v
v
Activities: OPNACT
Blogs: BLOGS
Communities: SNCOMM
Dogear: DOGEAR
Home page: HOMEPAGE
v Profiles: PEOPLEDB
5. Reapply constraints to the new 2.0.1 databases by executing the following SQL
scripts for features that you are migrating. Run the SQL scripts from the Lotus
Connections 2.0.1 installation media.
v DB2:
a. Log in as the administrator.
b. For each feature, change to the directory where the feature script is stored
and enter the appropriate commands for each feature, as shown in the
following table:
Table 61. DB2 commands for reapplying constraints
Feature
Directory
DB2 commands
Activities
/connections.sql/activities/
db2
db2 -tvf integ.sql
Blogs
/connections.sql/blogs/db2
db2 -tvf enableFK.sql
Communities
/connections.sql/
communities/db2
db2 [email protected] -vf integOn.sql
db2 -tvf integ_forum.sql
db2 connect reset
Dogear
/connections.sql/dogear/db2
db2 -tvf iteg.sql
Home page
/connections.sql/homepage/
db2
db2 -tvf integOn.sql
Profiles
/connections.sql/profiles/
db2
db2 connect to PEOPLEDB
db2 -tvf postdbxfer.sql
db2 connect reset
v Oracle:
a. Change to the directory containing the scripts, as shown in the following
table.
326
IBM Lotus Lotus Connections 2.5 Installation Guide
b. For each feature, enter the following commands and then run the
appropriate scripts:
sqlplus /NOLOG
conn system/<password>@<sid>
where <password> is the password for the user "system" and <sid> is the
Oracle System Identifier for Lotus Connections.
Table 62. Oracle commands for reapplying constraints
Feature
Directory
Oracle commands
Activities
/connections.sql/
activities/oracle
@oraIntegOn.sql
Blogs
/connections.sql/blogs/ @enableFK.sql
quit
oracle
Communities
/connections.sql/
communities/oracle
@oraIntegOn.sql
@oraIntegOn_forum.sql
quit
Dogear
/connections.sql/
dogear/oracle
@oraIntegOn.sql
quit
Home page
/connections.sql/
homepage/oracle
@integOn.sql
quit
Profiles
/connections.sql/
profiles/oracle
@postdbxfer.sql
quit
v SQL Server 2005
a. Login in as administrator
b. Change to the directory containing the scripts
c. For each feature, run the appropriate scripts by entering the commands
shown in the following table:
In these commands, <password> is the password for the SQL Server user
"sa".
If your database server has multiple SQL Server instances installed, add
the following parameter as the first parameter to each command below:
-S <sqlserver_server_name>\<sqlserver_server_instance_name>
Table 63. SQL Server commands for reapplying constraints
Feature
Directory
SQL Server commands
Activities
/connections.sql/activities/
sqlserver
sqlcmd -U sa -P <password>
-i "integOn.sql"
Blogs
/connections.sql/blogs/sqlserver
sqlcmd -U sa -P <password>
-i "integOn.sql"
Communities
/connect ons.sql/communities/
sqlserver
sqlcmd -U sa -P <password>
-i "integOn.sql"
sqlcmd -U sa -P <password>
-i "integOn_forum.sql"
Dogear
/connections.sql/dogear/sqlserver
sqlcmd -U sa -P <password>
-i "integOn.sql"
Home page
/connections.sql/homepage/
sqlserver
sqlcmd –U sa –P <password>
-i "integOn.sql"
Profiles
/connections.sql/profiles/
sqlserver
sqlcmd -U sa -P <password>
-i "integOn.sql"
Chapter 3. Updating and migrating
327
6. (Profiles only.) Run the following commands to update the database sequence
for DB2 and Oracle databases:
v DB2
– Run the following commands on the source database:
SELECT NEXT VALUE FOR EMPINST.CHG_EMP_DRAFT_SEQ AS
CHG_EMP_DRAFT_SEQ FROM SYSIBM.SYSDUMMY1;
SELECT NEXT VALUE FOR EMPINST.EMP_DRAFT_SEQ AS EMP_
DRAFT_SEQ FROM SYSIBM.SYSDUMMY1;
SELECT NEXT VALUE FOR EMPINST.EXT_DRAFT_SEQ AS EXT
DRAFT_SEQ FROM SYSIBM.SYSDUMMY1;
Run the following commands on the target database:
ALTER SEQUENCE EMPINST.CHG_EMP_DRAFT_SEQ RESTART
WITH <query_result>;
ALTER SEQUENCE EMPINST.EMP_DRAFT_SEQ RESTART
WITH <query_result>;
ALTER SEQUENCE EMPINST.EXT_DRAFT_SEQ RESTART WITH
<query_result>;
v Oracle
– Run the following commands on the source database:
SELECT
SELECT
SELECT
SELECT
SELECT
EMPINST.EXT_DRAFT_SEQ.NEXTVAL FROM
EMPINST.EMP_DRAFT_SEQ.NEXTVAL FROM
EMPINST.CHG_EMP_DRAFT_SEQ1.NEXTVAL
EMPINST.CHG_EMP_DRAFT_SEQ2.NEXTVAL
SNCORE.STRUCT_IDENTITY_SEQ.NEXTVAL
DUAL;
DUAL;
FROM DUAL;
FROM DUAL;
FROM DUAL;
Run the following commands on the target database:
DROP SEQUENCE EMPINST.EXT_DRAFT_SEQ;
CREATE SEQUENCE EMPINST.EXT_DRAFT_SEQ START WITH
DROP SEQUENCE EMPINST.EMP_DRAFT_SEQ;
CREATE SEQUENCE EMPINST.EMP_DRAFT_SEQ START WITH
DROP SEQUENCE EMPINST.CHG_EMP_DRAFT_SEQ1;
CREATE SEQUENCE EMPINST.CHG_EMP_DRAFT_SEQ1 START
DROP SEQUENCE EMPINST.CHG_EMP_DRAFT_SEQ2;
CREATE SEQUENCE EMPINST.CHG_EMP_DRAFT_SEQ2 START
DROP SEQUENCE SNCORE.STRUCT_IDENTITY_SEQ;
CREATE SEQUENCE SNCORE.STRUCT_IDENTITY_SEQ START
<query_result>;
<query_result>;
WITH <query_result>;
WITH <query_result>;
WITH <query_result>;
where <query_result> is the result of the corresponding SELECT command that
you ran on the source database.
7. Update the databases to Lotus Connections release 2.5, using either the
database wizard or the SQL scripts on the Lotus Connections installation
media. For more information, see the Updating databases with the wizard and
Updating databases manually topics.
What to do next
If you plan to install the Files and Wikis features, create databases for them now,
using the Lotus Connections 2.5 database wizard.
Check that all the databases are working correctly, and then migrate Lotus
Connections release 2.0.1 to release 2.5.
Note: Data that you generate after restarting your 2.0.1 deployment will not
migrated to the new environment.
Restoring databases
Restore your databases if you need to roll back a failed update.
328
IBM Lotus Lotus Connections 2.5 Installation Guide
Procedure
Use the database utilities provided by your database vendor to roll back your
databases. For more information, refer to the vendor's product documentation.
Migrating a pilot to a production deployment
A pilot deployment is ideal for evaluating Lotus Connections. After evaluation is
complete, you can migrate the pilot deployment to a production deployment.
The migration process can be used to migrate a Lotus Connections pilot
deployment to a production deployment. Migration must occur within the same
release(for example, from a 2.5 pilot deployment to a 2.5 production deployment).
You cannot migrate across releases.
The benefit of performing a migration is that data created by users in the course of
their evaluation of Lotus Connections can be transferred to a robust production
environment. Preserving and migrating this data to a production environment
helps ensure the rapid adoption of Lotus Connections when it is deployed at the
enterprise level.
Migration can be accomplished only if the users that participated in the pilot
deployment are identical to the users in the LDAP directory that will be used by
the production deployment. These early adopters will seed the Lotus Connections
user community. After migration is complete, new users can be added.
Migration transfers data from a pilot to a production server, and also synchronizes
member information from the pilot user flat file with the LDAP production
environment. A user's e-mail address is the key value in synchronization. The
e-mail address must be identical in both the pilot user information file and in the
production LDAP system. If the e-mail addresses are not identical, user
synchronization cannot succeed.
Steps to successful migration
Migration includes the following general steps:
v Production database creation: The backup of the pilot database and subsequent
creation of a production database
v Application update: The installation of a production version of Lotus
Connections and connection to the new production database
v Pilot-to-production data transfer: Migration of user data from the pilot database
to the new database used by the production environment.
v LDAP synchronization: The updating of member IDs in the new database to
match the LDAP directory that is used by the production deployment
v Cleanup and completion: Tasks that finalize the production installation
Migration and individual features
The complexity of migration depends on the number of features installed as part of
the pilot deployment. If you have not installed a specific feature as part of the pilot
deployment, you can ignore instructions related to migrating data related to that
feature.
Chapter 3. Updating and migrating
329
Related concepts
“Installing a pilot deployment” on page 16
Install a pilot deployment of Lotus Connections to evaluate its features and
benefits.
“Uninstalling a pilot deployment” on page 28
Uninstall a pilot deployment of IBM Lotus Connections.
“Pilot deployment” on page 7
Use this deployment for test and evaluation purposes only. A pilot deployment
provides a quick and easy way for you to preview the features and benefits of
Lotus Connections. This basic environment provides you with an opportunity to
learn which of the Lotus Connections features might be most appropriate in your
enterprise.
Migrating a pilot deployment
Migrate a pilot deployment to a production deployment.
Before you begin
The migration process requires a new WebSphere Application Server and database
environment to host the production deployment.
During migration, Lotus Connections features are still available on the pilot, except
for a short time during the database transfer process. You do not need to stop the
WebSphere Application Server instances that host features on the pilot.
About this task
Follow these steps to migrate application artifacts and data from a pilot
deployment to a production deployment.
Procedure
1. Optional: Create a backup copy of the existing pilot deployment database
using native DB2 Express tools. This backup is useful if you want to keep an
archive of information created by users during the Lotus Connections
evaluation phase.
2. Create production databases to support the features you plan to install in the
production environment. For more information, see the Creating databases
topic.
Note: If you plan to create a Profiles database as part of this migration
process, do not populate the Profiles database. The Profiles database is
populated as part of the migration.
3. Prepare the production databases to accept data migrated from the pilot
databases: Remove constraints from the production databases by executing the
following SQL scripts for the features that you are migrating:
Notes:
v Run these SQL scripts before transferring data to the production database
v Run each script from the same directory that is used to create the
production database
v If the database server and Lotus Connections are on different systems,
copy the following libraries from the database server to the system hosting
Lotus Connections:
– DB2
330
IBM Lotus Lotus Connections 2.5 Installation Guide
- db2jcc.jar
- db2jcc_license_cu.jar
v Oracle
– ojdbc14.jar
Repeat the following procedures for each feature that you are migrating:
v DB2:
a. Log in as the administrator.
b. For each feature, change to the directory where the feature scripts are
stored and enter the appropriate commands, as shown in the following
table:
Table 64. DB2 commands for removing constraints
Feature
Directory
DB2 commands
Activities
/connections.sql/
activities/db
db2 -tvf predbxfer25.sql
Blogs
/connections.sql/blogs/db2
db2 -tvf predbxfer25.sql
Communities
/connections.sql/
communities/db2
db2 -tvf predbxfer25.sql
db2 -tvf predbxfer25_forum.sql
Dogear
/connections.sql/dogear/
db2
db2 -tvf predbxfer25.sql
Files
/connections.sql/files/db2
db2 [email protected] -vf predbxfer25.sql
Home page
/connections.sql/homepage/
db2
db2 -tvf predbxfer25.sql
Profiles
/connections.sql/profiles/
db2
db2 -tvf predbxfer25.sql
Wikis
/connections.sql/wikis/db2
db2 [email protected] -vf predbxfer25.sql
v Oracle:
a. Change to the directory containing the scripts, as shown in the
following table.
b. For each feature, enter the following commands and then run the
appropriate scripts:
sqlplus /NOLOG
conn system/<password>@<sid>
where <password> is the password for the user "system" and <sid> is the
Oracle System Identifier for Lotus Connections.
Table 65. Oracle commands for removing constraints
Feature
Directory
Oracle commands
Activities
/connections.sql/
activities/oracle
@predbxfer25.sql
Blogs
/connections.sql/blogs/
oracle
@predbxfer25.sql
Communities
/connections.sql/
communities/oracle
@predbxfer25.sql
@predbxfer25_forum.sql
Dogear
/connections.sql/dogear/
oracle
@predbxfer25.sql
Files
/connections.sql/files/
oracle
@predbxfer25.sql
Chapter 3. Updating and migrating
331
Table 65. Oracle commands for removing constraints (continued)
Feature
Directory
Oracle commands
Home page
/connections.sql/homepage/
oracle
@predbxfer25.sql
Profiles
/connections.sql/profiles/
oracle
@predbxfer25.sql
Wikis
/connections.sql/wikis/
oracle
@predbxfer25.sql
v SQL Server 2005
a. Login in as administrator
b. Change to the directory containing the scripts
c. For each feature, run the appropriate scripts by entering the commands
shown in the following table:
In these commands, <password> is the password for the SQL Server
user "sa".
If your database server has multiple SQL Server instances installed, add
the following parameter as the first parameter to each command in the
table:
-S <sqlserver_server_name>\<sqlserver_server_instance_name>
Table 66. SQL Server commands for removing constraints
Feature
Directory
SQL Server commands
Activities
/connections.sql/
activities/sqlserver
sqlcmd -U sa -P <password>
-i "predbxfer25.sql"
Blogs
/connections.sql/blogs/
sqlserver
sqlcmd -U sa -P <password>
-i "predbxfer25.sql"
Communities
/connections.sql/
communities/sqlserver
sqlcmd -U sa -P <password>
-i "predbxfer25.sql"
sqlcmd -U sa -P <password>
-i "predbxfer25_forum.sql"
Dogear
/connections.sql/dogear/
sqlserver
sqlcmd -U sa -P <password>
-i "predbxfer25.sql"
Files
/connections.sql/files/
sqlserver
sqlcmd -U sa -P <password>
-i "predbxfer25.sql"
Home page
/connections.sql/homepage/
sqlserver
sqlcmd -U sa -P <password>
-i "predbxfer25.sql"
Profiles
/connections.sql/profiles/
sqlserver
sqlcmd -U sa -P <password>
-i "predbxfer25.sql"
Wikis
/connections.sql/wikis/
sqlserver
sqlcmd -U sa -P <password>
-i "predbxfer25.sql"
4. Transfer data to the production databases, using the database transfer tool:
a. Copy the dbt.jar file from the Lotus_Connections_Install\ConfigEngine\
lib directory to <DBT_HOME> on the production database server, where
<DBT_HOME> is the path to the directory that contains the dbt.jar file.
Note:
v Use the Java Runtime Environment (JRE) under the Wizards directory in
the installation media. Update your PATH variable to point to this JRE,
using the instructions for your operating system. For example, the
332
IBM Lotus Lotus Connections 2.5 Installation Guide
relative path to the JRE on the Microsoft Windows operating system
might be C:\IBM\Lotus_Connections\Wizards\jvm\win\jre.
v Lotus Connections does not support GNU Java.
b. Create an XML configuration file under <DBT_HOME>:
<dbTransfer xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<database role="source"
driver="<JDBC_driver>"
url="<JDBC_url>"
userId="database admin user ID"
schema="<feature_db_schema_name>"
dbType="< dbType >"/>
<database role="target"
driver="<JDBC_driver>"
url="<JDBC_url>"
userId="database admin user ID"
schema="<feature_db_schema_name>"
dbType="< dbType >"/>
</dbTransfer>
where <JDBC_driver> is one of the following types:
v DB2: com.ibm.db2.jcc.DB2Driver
v Oracle: oracle.jdbc.driver.OracleDriver
v SQL Server: com.microsoft.sqlserver.jdbc.SQLServerDriver
where <JDBC_url> is one of the following types:
v DB2: jdbc:db2://<host_IP>:<port>/<feature_database_name>
v Oracle: jdbc:oracle:thin:@<host_IP>:<port>:<SID>
v SQL Server: jdbc:sqlserver://
<host_IP>:<port>;databaseName=<feature_database_name>
where <feature_database_name> is one of the following:
v Activities: OPNACT
v Blogs: BLOGS
v Communities: SNCOMM
v Dogear: DOGEAR
v Files: FILES
v Home page: HOMEPAGE
v Profiles: PEOPLEDB
v Wikis: WIKIS
where <feature_db_schema> is one of the following:
v Activities: ACTIVITIES
v Blogs: BLOGS
v Communities: SNCOMM
v
v
v
v
v
Dogear: DOGEAR
Files: FILES
Home page: HOMEPAGE
Profiles: EMPINST
Wikis: WIKIS
where <dbType> is one of the following:
v DB2: DB2
v Oracle: oracle
v SQL Server: sqlserver2005
Chapter 3. Updating and migrating
333
c. Prepare the DB2 JDBC driver of the pilot database for transfer: Copy the
JDBC driver from the pilot database to the production database server.
d. Prepare the JDBC driver of the production databases for transfer:
v DB2:
– Use the JDBC driver on the production database server.
v Oracle:
– Use the JDBC driver on the production database server.
Note: Ensure that the Oracle driver on your system has the same
version number as the Oracle database server. Lotus Connections
does not support the Oracle 10.2.0.1 JDBC driver.
v SQL Server
– Download the SQL Server 2005 JDBC 1.2 driver from the Microsoft
Web site and follow the instructions to extract the driver files.
e. To perform the data transfer, run the dbt.jar file:
v Linux:
"<JAVA_HOME>/bin/java"
-cp <DBT_HOME>/dbt.jar:
<DB2_HOME>/java/db2jcc.jar:
<DB2_HOME>/java/db2jcc_license_cu.jar:
<SQLSERVER_DRIVER_PATH>:
<ORACLE_HOME>/jdbc/lib/ojdbc14.jar
com.ibm.wps.config.db.transfer.CmdLineTransfer
-logDir <DBT_HOME>/logs
-xmlfile <DBT_HOME>/<dbt_config_file_name>
-sourcepassword <source_db_password>
-targetpassword <target_db_password>
where <dbt_config_file_name> is the name of the XML configuration file
you created for the dbt.jar file, and <logs> is the directory where log
files are stored. Create the <logs> directory before running this file.
v Windows:
"<JAVA_HOME>\bin\java"
-cp <DBT_HOME>\dbt.jar;
<DB2_HOME>\java\db2jcc.jar;
<DB2_HOME>\java\db2jcc_license_cu.jar;
<SQLSERVER_DRIVER_PATH>;
<ORACLE_HOME>\jdbc\lib\ojdbc14.jar
com.ibm.wps.config.db.transfer.CmdLineTransfer
-logDir <DBT_HOME>\logs
-xmlfile <DBT_HOME>/<dbt_config_file_name>
-sourcepassword <source_db_password>
-targetpassword <target_db_password>
where <dbt_config_file_name> is the name of the XML configuration file
you created for the dbt.jar file, and <logs> is the directory where log
files are stored.
When the transfer is complete, you can restart the pilot features to
minimize service downtime.
Note: Data that is generated after restarting the pilot is not migrated to
the new environment.
5. Reapply constraints to the production feature databases by performing the
procedures in the following table for the feature databases you migrated:
v DB2:
a. Log in as the administrator.
334
IBM Lotus Lotus Connections 2.5 Installation Guide
b. For each feature, change to the directory where the feature script is
stored and enter the appropriate commands for each feature, as shown
in the following table:
Table 67. DB2 commands for reapplying constraints
Feature
Directory
DB2 commands
Activities
/connections.sql/
activities/db2
db2 -tvf postdbxfer25.sql
db2 -tvf clearScheduler.sql
Blogs
/connections.sql/blogs/db2
db2 -tvf postdbxfer25.sql
Communities
/connections.sql/
communities/db2
db2 [email protected] -vf postdbxfer25.sql
db2 -tvf postdbxfer25_forum.sql
db2 -tvf clearScheduler.sql
Dogear
/connections.sql/dogear/
db2
db2 -tvf postdbxfer25.sql
Files
/connections.sql/files/db2
db2 [email protected] -vf postdbxfer25.sql
Home page
/connections.sql/homepage/
db2
db2 -tvf postdbxfer25.sql
db2 -tvf clearScheduler.sql
Profiles
/connections.sql/profiles/
db2
db2 -tvf postdbxfer25.sql
Wikis
/connections.sql/wikis/db2
db2 [email protected] -vf postdbxfer25.sql
c. Delete the SR_FILESCONTENT table.
1) Create an SQL script with the following content:
CONNECT TO HOMEPAGE;
DELETE FROM HOMEPAGE.SR_FILESCONTENT;
COMMIT;
CONNECT RESET;
2) Save the script as delSRfilesContent.sql on the system hosting the
database server.
3) From the DB2 command-line processor, run the script with the
following command:
db2 -tvf delSRfilesContent.sql
v Oracle:
a. Change to the directory containing the scripts, as shown in the
following table.
b. For each feature, enter the following commands and then run the
appropriate scripts:
sqlplus /NOLOG
conn system/<password>@<sid>
where <password> is the password for the user "system" and <sid> is the
Oracle System Identifier for Lotus Connections.
Table 68. Oracle commands for reapplying constraints
Feature
Directory
Oracle commands
Activities
/connections.sql/
activities/oracle
@postdbxfer25.sql
@clearScheduler.sql
Blogs
/connections.sql/blogs/
oracle
@postdbxfer25.sql
Chapter 3. Updating and migrating
335
Table 68. Oracle commands for reapplying constraints (continued)
Feature
Directory
Oracle commands
Communities
/connections.sql/
communities/oracle
@postdbxfer25.sql
@postdbxfer25_forum.sql
@clearScheduler.sql
Dogear
/connections.sql/dogear/
oracle
@postdbxfer25.sql
Files
/connections.sql/files/
oracle
@postdbxfer25.sql
Home page
/connections.sql/homepage/
oracle
@postdbxfer25.sql
@clearScheduler.sql
Profiles
/connections.sql/profiles/
oracle
@postdbxfer25.sql
Wikis
/connections.sql/wikis/
oracle
@postdbxfer25.sql
c. Delete the SR_FILESCONTENT table.
1) Create an SQL script with the following content:
DELETE FROM HOMEPAGE.SR_FILESCONTENT;
COMMIT;
QUIT;
2) Save the script as delSRfilesContent.sql on the system hosting the
database server.
3) Run the script with the following command:
@delSRfilesContent.sql
v SQL Server 2005
a. Login in as administrator
b. Change to the directory containing the scripts
c. For each feature, run the appropriate scripts by entering the commands
shown in the following table:
In these commands, <password> is the password for the SQL Server user
"sa".
If your database server has multiple SQL Server instances installed, add
the following parameter as the first parameter to each command in the
table:
-S <sqlserver_server_name>\<sqlserver_server_instance_name>
Table 69. SQL Server commands for reapplying constraints
336
Feature
Directory
SQL Server commands
Activities
/connections.sql/
activities/sqlserver
sqlcmd -U sa -P <password>
-i "postdbxfer25.sql"
sqlcmd -U sa -P <password>
-i "clearScheduler.sql"
Blogs
/connections.sql/blogs/
sqlserver
sqlcmd -U sa -P <password>
-i "postdbxfer25.sql"
Communities
/connections.sql/
communities/sqlserver
sqlcmd -U sa -P <password>
-i "postdbxfer25.sql"
sqlcmd -U sa -P <password>
-i "postdbxfer25_forum.sql"
sqlcmd -U sa -P <password>
-i "clearScheduler.sql"
IBM Lotus Lotus Connections 2.5 Installation Guide
Table 69. SQL Server commands for reapplying constraints (continued)
Feature
Directory
SQL Server commands
Dogear
/connections.sql/dogear/
sqlserver
sqlcmd -U sa -P <password>
-i "postdbxfer25.sql"
Files
/connections.sql/files/
sqlserver
sqlcmd -U sa -P <password> -i
"postdbxfer25.sql"
Home page
/connections.sql/homepage/
sqlserver
sqlcmd -U sa -P <password>
sqlcmd -U sa -P <password>
-i "clearScheduler.sql"
Profiles
/connections.sql/profiles/
sqlserver
sqlcmd -U sa -P <password>
-i "postdbxfer25.sql"
Wikis
/connections.sql/wikis/
sqlserver
sqlcmd -U sa -P <password> -i
"postdbxfer25.sql"
-i "postdbxfer25.sql"
d. Delete the SR_FILESCONTENT table.
1) Create an SQL script with the following content:
USE HOMEPAGE;
GO
DELETE FROM HOMEPAGE.SR_FILESCONTENT;
GO
2) Save the script as delSRfilesContent.sql on the system hosting the
database server.
3) Run the script with the following command:
"sqlcmd -U sa -P <password> -i delSRfilesContent.sql"
6. (Profiles only.) Run the following commands to update the database sequence
for DB2 or Oracle production databases:
v DB2
– Run the following commands on the pilot database:
SELECT NEXT VALUE FOR EMPINST.CHG_EMP_DRAFT_SEQ AS
CHG_EMP_DRAFT_SEQ FROM SYSIBM.SYSDUMMY1;
SELECT NEXT VALUE FOR EMPINST.EMP_DRAFT_SEQ AS EMP_
DRAFT_SEQ FROM SYSIBM.SYSDUMMY1;
SELECT NEXT VALUE FOR EMPINST.EXT_DRAFT_SEQ AS EXT
DRAFT_SEQ FROM SYSIBM.SYSDUMMY1;
Run the following commands on the production database:
ALTER SEQUENCE EMPINST.CHG_EMP_DRAFT_SEQ RESTART
WITH <query_result>;
ALTER SEQUENCE EMPINST.EMP_DRAFT_SEQ RESTART
WITH <query_result>;
ALTER SEQUENCE EMPINST.EXT_DRAFT_SEQ RESTART WITH
<query_result>;
v Oracle
– Run the following commands on the pilot database:
SELECT NEXT VALUE FOR EMPINST.CHG_EMP_DRAFT_SEQ AS
CHG_EMP_DRAFT_SEQ FROM SYSIBM.SYSDUMMY1;
SELECT NEXT VALUE FOR EMPINST.EMP_DRAFT_SEQ AS EMP_
DRAFT_SEQ FROM SYSIBM.SYSDUMMY1;
SELECT NEXT VALUE FOR EMPINST.EXT_DRAFT_SEQ AS EXT
DRAFT_SEQ FROM SYSIBM.SYSDUMMY1;
Run the following commands on the production database:
DROP SEQUENCE EMPINST.EXT_DRAFT_SEQ;
CREATE SEQUENCE EMPINST.EXT_DRAFT_SEQ START WITH <query_result>;
DROP SEQUENCE EMPINST.EMP_DRAFT_SEQ;
Chapter 3. Updating and migrating
337
CREATE SEQUENCE EMPINST.EMP_DRAFT_SEQ START WITH
DROP SEQUENCE EMPINST.CHG_EMP_DRAFT_SEQ1;
CREATE SEQUENCE EMPINST.CHG_EMP_DRAFT_SEQ1 START
DROP SEQUENCE EMPINST.CHG_EMP_DRAFT_SEQ2;
CREATE SEQUENCE EMPINST.CHG_EMP_DRAFT_SEQ2 START
DROP SEQUENCE SNCORE.STRUCT_IDENTITY_SEQ;
CREATE SEQUENCE SNCORE.STRUCT_IDENTITY_SEQ START
<query_result>;
WITH <query_result>;
WITH <query_result>;
WITH <query_result>;
where <query_result> is the result of the corresponding SELECT command that
you ran on the pilot database.
7. Install a production version of Lotus Connections. See the Setting up a
stand-alone deployment topic in the Lotus Connections information center.
8. Synchronize the LDAP UID properties by updating the member IDs in the
production database tables. For more information, see the Synchronizing IDs
between LDAP and the feature databases topic.
9. Export Lotus Connections pilot application artifacts:
a. Stop the WebSphere Application Server instances that host the pilot
features.
b. Copy the migration tool from the Lotus Connections 2.5 installation
directory to the pilot's WebSphere Application Server node. The migration
tool is located in the migration subfolder of the production installation
directory.
c. Open a command prompt and cd to the migration directory.
d. Run the command migration.bat <lc_pilot_25_home_path> lc-export,
where <lc_pilot_25_home_path> is the path to the pilot installation (for
example: C:\Progra~1\IBM\LotusConnections). This command creates a
subfolder called migrationData, where the pilot artifacts are stored.
e. Move the migrationData directory to the WebSphere Application Server
node that will host your Lotus Connections 2.5 production features.
10. Import Lotus Connections Pilot application artifacts:
a. Open a command prompt and change to the migrationData directory that
you moved to the WebSphere Application Server node for 2.5.
b. Run the following command to import the pilot application artifacts to the
production environment.
v AIX/Linux:
./migration.sh <lc_production_25_home_path> lc-import
v Microsoft Windows:
migration.bat <lc_production_25_home_path> lc-import
where <lc_production_25_home_path> is the path to the 2.5 installation.
11. Remove the pilot installation. See the Removing a pilot deployment topic for
more information.
12. Optional: After migrating users from the pilot to the production deployment,
you can add more LDAP users to the production database. For more
information, see the Populating the Profiles database topic.
338
IBM Lotus Lotus Connections 2.5 Installation Guide
Related tasks
“Creating a user information file” on page 17
Use actual user identities with the pilot deployment of Lotus Connections.
“Adding actual users to the pilot” on page 26
Add actual users to the pilot installation if you plan to migrate to a production
installation of Lotus Connections.
Post-migration tasks
After migration, you need to perform further tasks to ensure that your new
deployment is complete.
Before you begin
Ensure that you have successfully migrated to Lotus Connections 2.5 and that you
have completed any required post-installation tasks.
About this task
To finalize the migration process, complete the following steps:
Procedure
1. Re-apply any proxy configurations, if necessary. For more information, see the
Configuring the AJAX proxy and Configuring a reverse caching proxy topics.
2. If you have changed the root URL of any feature, and if the old and new URLs
point to the same webserver, redirect requests to the new URL:
a. Open the httpd.conf file in a text editor. The file is located in the
ibm_http_server_root/conf directory.
b. Uncomment the following line:
LoadModule rewrite_module modules/mod_rewrite.so
c. Add the following statements:
Note: This example redirects all requests to the pre-migration URL of
https://blog201.example.com/weblogs/* to the post-migration URL of
https://blog25.example.com/newblogs/*. Substitute your own URLs as
appropriate.
RewriteEngine on
RewriteRule /weblogs/(.*) https://blog25.example.com/newblogs/$1
[R,L]
Listen 0.0.0.0:443
<VirtualHost *:443>
RewriteEngine on
RewriteRule /weblogs/(.*) https://blog25.example.com/newblogs/$1
[R,L]
ServerName blog25.example.com
SSLEnable
</VirtualHost>
SSLDisable
3. Optional: Delete your pre-migration search indexes. For more information, see
the Managing the Index topic in the Lotus Connections 2.0.1 information center.
Chapter 3. Updating and migrating
339
Note: The Search feature in 2.5 stores its indexing tasks in a database, whereas
these tasks were stored in the homepage-config.xml file in 2.0.1. If you want to
edit the indexing tasks, do not edit the search-config.xml file; instead, follow
the relevant instructions in the Managing the search index topic.
4. Update the favicon.directory attribute in the 2.5 dogear-config-cell.xml file:
a. Open the 2.0.1 dogear-config-node.xml file, usually located in the
app_server_root/profiles/<profile>/config/cells/<cell>/nodes/<node>/
LotusConnections-config directory, and locate the favicon.directory
attribute.
b. If the value of the favicon.directory attribute is ${DOGEAR_FAVICON_DIR},
then your configuration is correct and you can skip the remainder of this
step.
c. Copy the value of the favicon.directory attribute from the 2.0.1 file into the
same attribute in the 2.5 dogear-config-cell.xml file, usually located in the
app_server_root/profiles/<profile>/config/cells/<cell>/
LotusConnections-config directory. The attribute should have the following
format: <stringProperty
name="favicon.directory">${DOGEAR_FAVICON_DIR}</stringProperty>
d. Save the dogear-config-cell.xml file.
e. From the WebSphere Application Server Integrated Solutions Console,
restart the Dogear feature.
Note: For more information about configuring favicons, see the Configuring
favicons topic.
5. Optional: Remove the Location and ErrorDocument stanzas if you added them
to the httpd.conf file before migrating. For more information, see the Preparing
Lotus Connections for maintenance topic.
6. Optional: If you used Lotus Connections Connectors in release 2.01, such as
Lotus Quickr and Confluence, re-install them.
7. Optional: If you defined a server whitelist in release 2.0.1 for publishing file
attachments from Activities to Lotus Quickr, re-define it after migration.
8. Update any configuration settings that you customized in 2.0.1. For more
information, see the Saving your customizations topic.
340
IBM Lotus Lotus Connections 2.5 Installation Guide
Related concepts
“Saving your customizations” on page 272
Before updating or migrating, back up or make notes of your customizations.
Managing the index
Update Lotus Connections 2.0 to Lotus Connections 2.0.1.
Related tasks
“Preparing Lotus Connections for maintenance” on page 269
Before you bring down Lotus Connections to apply updates, you must let your
users know about the planned outage.
Configuring favicons
Restore your databases if you need to roll back a failed update.
“Migrating a stand-alone deployment” on page 274
Migrate your Lotus Connections 2.0.1 stand-alone deployment to release 2.5.
“Migrating a network deployment” on page 289
Migrate your Lotus Connections 2.0.1 network deployment to release 2.5.
Rolling back a migration or update
If a migration or update fails, you can roll back your environment to the previous
one.
Before you begin
Ensure that you have met the following prerequisites:
v You have a back-up copy of your installation environment
v If you are rolling back an update, ensure that you have uninstalled the failed fix
About this task
Rolling back your Lotus Connections environment ensures that you have a clean
environment before attempting the migration or update again.
To roll back your Lotus Connections environment, complete the following steps:
Procedure
1. Restore your databases from the back-up that you made. Use your native
database tools.
2. Restore your original Lotus Connections installation directory from the back-up.
3. Restore your WebSphere Application Server profile directory and the
profileRegistry.xml file from the back-up.
4. Optional: (Network deployment only.) Restore the WebSphere Application
Server Deployment Manager profile directory: profile_root//Dmgr01. For
example: D:\WebSphere\AppServer\profiles\dmgr.
Updating Lotus Connections 2.5
Update Lotus Connections 2.5 with interim fixes or fix packs.
Use the update wizard to install or uninstall fixes on stand-alone or network
deployments. Fixes are available for download from the IBM Fix Central Web site.
Updates include the following types of fixes:
v Interim fix – An interim fix is a noncumulative fix that fixes a single issue
Chapter 3. Updating and migrating
341
v Fix pack – A cumulative fix contains multiple interim fixes and other identified
updates
Each fix pack and interim fix contains complete instructions for installation. The
following topics describe additional procedures for updating your Lotus
Connections 2.5 environment.
Related concepts
“Installing fix packs” on page 348
Install fix packs using the update wizard in interactive or silent mode.
“Installing interim fixes” on page 348
Use the update wizard in interactive or silent mode to install interim fixes.
Related tasks
“Updating databases with the wizard” on page 309
Update your Lotus Connections 2.0 databases using the database wizard.
“Updating databases manually” on page 310
Manually update Lotus Connections 2.0 databases in an existing WebSphere
Application Server and database environment.
Downloading the update wizard
Download the Lotus Connections 2.5 update wizard and use it to install fixes for
Lotus Connections.
Before you begin
Check that you have not already downloaded the 2.5 update wizard: Find the
<Update wizard directory>/version/lcui.product and check the version tag of
the file in the directory. If there is no such directory on your system, then you do
not yet have the 2.5 update wizard and you should continue with this task.
About this task
To download the update wizard, complete the following steps:
Procedure
1. Go to the Fix Central Web site and find the download link for the update
wizard for Lotus Connections Version 2.5.
2. Download the update wizard zip file to a temporary directory on your primary
WebSphere Application Server node and then unzip the file.
Note: Remove any earlier 2.5 update wizards from your system, if they are
present.
3. AIX and Linux only: From the directory where you saved the update wizard,
run the following script:
./chmod -R 755 *.sh
4. Set the WAS_HOME environment variable by running the following command:
v AIX or Linux: export WAS_HOME=<was_home>
v Windows: set WAS_HOME=<was_home>
where <was_home> is the location of the WebSphere Application Server
installation directory.
342
IBM Lotus Lotus Connections 2.5 Installation Guide
What to do next
After downloading the update wizard, download any required fix packs or interim
fixes and then update Lotus Connections.
Downloading fixes
Download fix packs and interim fixes from the IBM support Web site.
Before you begin
List all the fixes that you have already installed by running the following
command from a command prompt:
updateLC -installDir <lotus_connections_root> -fix -fixes [-feature
<feature_name>] -feature
where <feature_name> is one of the following Lotus Connections features:
v activities
v blogs
v communities
v
v
v
v
v
v
dogear
files
homepage
news
profiles
search
v wikis
Use a comma or space to delimit multiple features. If you do not provide this
variable, all installed fixes will be listed.
About this task
To download fixes, complete the following steps.
Procedure
1. Go to the Fix Central Web site.
2. Select Lotus from the product group menu, Lotus Connections from the
Product menu, your currently Installed version, your Platform, and then click
Continue.
3. Use one of the available search methods to identify the fix that you wish to
install.
4. Follow the online instructions to download the fix to a temporary directory.
5. Extract the contents of the fix file, and then copy the extracted JAR file to the
following directory:
v AIX or Linux: lotus_connections_root/update/fixes
v Microsoft Windows: lotus_connections_root\update\fixes
Note: If a fixes subdirectory does not already exist in the update directory,
create it. You need to specify this directory when you install fixes.
Chapter 3. Updating and migrating
343
Updating a stand-alone deployment
Install fixes for Lotus Connections in a stand-alone deployment.
You can update a stand-alone deployment of Lotus connections with the update
wizard.
Use one of the following procedures to update Lotus Connections:
v Install a fix pack. For more information, see the Installing fix packs topic.
v Install an interim fix. For more information, see the Installing interim fixes topic.
Updating a network deployment
Install fixes for Lotus Connections in a network deployment.
Before you begin
Download the update wizard and the latest recommended interim fix or fix pack.
Ensure that you have backed up your databases, using native database tools.
Update at a time when no one is logged into Lotus Connections. For more
information, see the Preparing Lotus Connections for maintenance topic.
You must update all the features in a network deployment; you cannot update
individual features.
About this task
You can use the update wizard to install the fix in silent or interactive mode.
To update a network deployment, complete the following steps:
Note: The download package provides full instructions for installing the fix.
Procedure
1. Install the fix pack on the WebSphere Application Server installation that hosts
the first node of the cluster. Installing the fix pack on the first node updates the
*.ear files on the Deployment Manager. The *.ear files on the first node are
updated after you synchronize the cluster.
Note: You can always identify the first node because its lotus_connections_root
directory contains a version directory. Subsequent nodes do not have a version
directory under the lotus_connections_root directory.
2. Synchronize the nodes in the cluster. The synchronization updates the *.ear
files and configuration files on the first node.
3. Verify that the *.ear files of all the Lotus Connections features have been
extracted properly by navigating to each feature in a Web browser. If you
encounter an error, restart each server that hosts a feature.
Results
Your Lotus Connections 2.5 network deployment has been updated.
344
IBM Lotus Lotus Connections 2.5 Installation Guide
Enabling and disabling synchronization
Enable or disable the synchronization of nodes in a network deployment of IBM
Lotus Connections.
About this task
You can enable the following types of synchronization from the Deployment
Manager:
v Automatic synchronization – Updates occur on a schedule. This type of
synchronization is enabled by default in network deployments
v Startup synchronization – Updates occur each time the server is started
To enable or disable synchronization, complete the following steps:
Procedure
1. Open the WebSphere Application Server Integrated Solutions Console on the
system that hosts the Deployment Manager, and click System Administration →
Node agents.
2. Click the nodeagent link for the node for which you are enabling or disabling
synchronization.
3. In the Additional Properties section, click File synchronization service.
4. Perform one of the following actions:
v To turn on synchronization, select the Automatic synchronization and
Startup synchronization check boxes.
v To turn off synchronization, clear the Automatic synchronization and
Startup synchronization check boxes.
5. Click Save.
6. Click System Administration → Node agents.
7. Select the check box of the node for which you are enabling or disabling
synchronization, and click Restart. If you are turning synchronization on or off
for more than one node, perform this step for each node.
8. Restart the Deployment Manager.
What to do next
To perform a full synchronization, see the Synchronizing updated nodes topic.
Synchronizing updated nodes:
Synchronize a network deployment update to all the nodes in a cluster.
Before you begin
Ensure that synchronization is enabled. For more information, see the Enabling and
disabling synchronization topic.
About this task
To synchronize an update to subsequent nodes, complete the following steps:
Procedure
1. Open the WebSphere Application Server Integrated Solutions Console for the
Deployment Manager system and click System Administration → Node agents.
Chapter 3. Updating and migrating
345
2. Select the check boxes for the secondary nodes and click the Full
Resynchronize button.
3. Click Save.
4. Restart the Deployment Manager.
Installing fixes
Use the update wizard in interactive or silent mode to install fixes.
Updates can include the following types of fixes:
Interim fix
An interim fix is a noncumulative fix that fixes a single issue
Fix pack
A fix pack is a cumulative fix that contains multiple interim fixes and other
identified updates
There are two modes in which you can run the wizard:
Interactive mode
Confirm each step of the process. This mode is useful when you use the
wizard for the first time or if you are updating a single installation
Silent mode
Use a series of commands and parameters to launch and run the wizard.
Silent mode is useful when you are updating multiple installations of
Lotus Connections
Installing fixes on network deployments
Perform the update procedure on the first node in a cluster and then synchronize
the nodes.
Setting the WAS_HOME environment variable
Set an environment variable that points to the WebSphere Application Server
installation directory.
About this task
The update wizard is programmed to access the WebSphere Application Server
installation by reading the WAS_HOME environment variable in the system path.
To set the WAS_HOME environment variable, complete the following step:
Procedure
1. Open a command prompt and navigate to the WebSphere/AppServer/bin
directory.
2. Execute the following script:
v AIX or Linux:
../setupCmdLine.sh
v Windows:
setupCmdLine.bat
Installing fixes as a non-root user
Grant permissions to a non-root user to install fixes.
346
IBM Lotus Lotus Connections 2.5 Installation Guide
Before you begin
This task applies only to IBM Lotus Connections deployments on AIX or Linux.
About this task
By default, only root users have the necessary permissions to install fixes for a
Lotus Connections deployment. You can permit non-root users to install fixes by
changing their permissions to access certain data directories.
To grant the necessary permissions to a non-root user, complete the following
steps:
Procedure
1. Create a non-root user.
2. Create a home directory for the new non-root user.
3. Open a command prompt and grant the appropriate permissions to the
non-root user by running the commands shown in the following table:
Table 70. Non-root user permissions
Directory
Permissions
Command
app_server_root
RWX
chown -R <non-root_user> <app_server_root>
lotus_connections_root RWX
chown -R <non-root_user>
<lotus_connections_root>
data_directory_root
RWX
chown -R <non-root_user> <data_directory_root>
<path>/tmp/ptfs
RWX
chown -R <non-root_user> tmp/ptfs
<path>/tmp/efixes
RWX
chown -R <non-root_user> tmp/efixes
where <non-root_user> is the account ID of the new non-root user and <path> is
the path to the ptfs or efixes directory.
Notes:
v The execute permission that you grant for the <data_directory_root> directory
is intended specifically for the search/dcs/stellent directory.
v The /tmp/ptfs directory stores files for fix packs and the /tmp/efixes
directory stores files for interim fixes.
v Check if the /tmp/efixes and /tmp/ptfs directories exist before running the
chown command. The update installer creates these directories but if you or
other users have not yet installed any fixes, these directories do not yet exist
Results
When you have granted the necessary permissions, the non-root user can install
interim fixes and fix packs.
Note: If different non-root users intend to install fixes, you must first delete any
files that might remain in the download directories since you installed earlier fixes.
Example
Grant permissions to a new non-root user who wants to install a fix pack for a
Lotus Connections deployment on Linux:
1. Create a non-root user account called fixinstaller.
Chapter 3. Updating and migrating
347
2. Create a home directory for the fixinstaller user account.
3. Open a command prompt and run the following commands:
a. chown -R fixinstaller /opt/IBM
Note: In this example, the /opt/IBM directory contains both the
<app_server_root> and <lotus_connections_root> directories.
b. chown -R fixinstaller /usr/IBM
Note: If the /usr/IBM directory does not exist, create it.
c. chown -R fixinstaller /tmp/ptfs
4. Advise the new non-root user to log in and then download and install the
latest fix pack for Lotus Connections.
Installing fix packs
Install fix packs with the update wizard.
Fix packs contain multiple interim fixes for your Lotus Connections installation.
You can use the update wizard in interactive or silent mode to install fix packs.
Prerequisites
Ensure that you have met the following prerequisites:
v You have backed up your files
v The WAS_HOME environment variable has been set
v You have downloaded the update installer wizard, as described in the
Downloading the update wizard topic
v You have downloaded the latest fix pack. See the Downloading fixes topic for
more information
Note: If you are updating a network deployment of Lotus Connections, you need
to consider additional prerequisites. Refer to the Updating a network deployment
topic for more information.
Instructions
The download package for each fix pack contains a ReadMe file with complete
instructions for installing the fix pack.
Related concepts
“Updating Lotus Connections 2.5” on page 341
Update Lotus Connections 2.5.
Installing interim fixes
Use the update wizard in interactive or silent mode to install interim fixes.
Prerequisites
Ensure that you have met the following prerequisites:
v You have downloaded the update wizard, as described in the Downloading the
update wizard topic
v You have download interim fixes, as described in the Downloading fixes topic
v The WAS_HOME environment variable has been set
348
IBM Lotus Lotus Connections 2.5 Installation Guide
Note: If you are updating a network deployment of Lotus Connections, you need
to consider additional prerequisites. Refer to the Updating a network deployment
topic for more information.
Related concepts
“Updating Lotus Connections 2.5” on page 341
Update Lotus Connections 2.5.
Installing interim fixes in interactive mode:
Install interim fixes with the update wizard in interactive mode.
Before you begin
See the Installing interim fixes topic for information about prerequisites.
About this task
An interim fix is a noncumulative fix that resolves a single issue. This topic
describes the steps to install an interim fix only; it does not include information
about how to prepare the production environment before installing the fix. You can
install multiple fixes at a time.
To install an interim fix in interactive mode, complete the following steps:
Procedure
1. Launch the installation wizard. From the directory where you saved the
update wizard, typically the lotus_connections_root/update directory, and run
the following script file:
v AIX/Linux:
./updateLCWizard.sh
v Microsoft Windows:
updateLCWizard.bat
2. Select a language to use in the wizard.
3. On the Welcome page, click Next to continue.
4. Select your Lotus Connections installation. If the installation location does not
appear in the list, select Other Lotus Connections install location and then
enter the location in the Installation location field, or click Browse to specify
a location. Click Next.
5. Click Install, and then click Next.
6. Enter the location of the fixes in the Fix location field, or click Browse to
navigate to the location of the fixes, and then click Next. The update wizard
will scan the location for fixes.
7. Select the check boxes of the fixes that you wish to install, and click Next.
8. Enter the WebSphere Application Server administrator ID and password for
each feature, and click Next.
9. Review the information that you have entered. To make changes, click Back.
To start the update, click Next. The installation process might take up to 15
minutes or more to complete.
10. Review the result of the update. Click Finish to exit the wizard.
Chapter 3. Updating and migrating
349
Results
The log files that are created by the wizard are located under the
lotus_connections_root/version/log directory.
What to do next
To ensure that you have a clean Lotus Connections environment, see the Rolling
back an update topic.
Installing interim fixes in silent mode:
Install interim fixes with the update wizard in silent mode.
Before you begin
See the Installing interim fixes topic for information about prerequisites.
About this task
An interim fix is a noncumulative fix that resolves a single issue. This topic
describes the steps to install an interim fix only; it does not include information
about how to prepare the production environment before installing the fix. You can
install multiple fixes at a time.
For information about additional command options, see the updateLC command
topic.
To install an interim fix in silent mode, complete the following steps:
Procedure
From the directory where the update wizard is located, open a command prompt
and enter the following commands (without the carriage returns):
v AIX:
chmod +x updateLC.sh
./updateLC.sh -fix -installDir <lotus_connections_root>
-fixDir <fix_file_location>
-install -fixes <APAR_number_of_fix>
-wasUserId <AdminUserID> -wasPassword <AdminPassword>
v Linux:
chmod +x updateLC.sh
./updateLC.sh -fix -installDir <lotus_connections_root>
-fixDir <fix_file_location>
-install -fixes <APAR_number_of_fix>
-wasUserId <AdminUserID> -wasPassword <AdminPassword>
v Windows:
updateLC.bat -fix
-installDir <lotus_connections_root>
-fixDir <fix_file_location>
-install -fixes <APAR_number_of_fix>
-wasUserId <AdminUserID> -wasPassword <AdminPassword>
where <fix_file_location> is the directory containing the downloaded fixes,
<APAR_number_of_fix> is the APAR number of the fix (such as LO36338), and where
<AdminUserId> and <AdminPwd> are the user name and password for WebSphere
Application Server.
350
IBM Lotus Lotus Connections 2.5 Installation Guide
Notes:
v If you do not know the APAR number of the fix, look in the readme.txt file that
is downloaded to the temporary directory with the fix.
v (Network deployment only.) If you are applying an interim fix to features in a
cluster, apply the fix to the first node and then carry out a full synchronization
to push the update to the other servers.
For example:
./updateLC.sh -installDir /opt/IBM/WebSphere/LotusConnections -fix
-fixDir /opt/IBM/WebSphere/LotusConnections/update/fixes -install
-fixes LO36338 LO34499 LO34327 LO35077 LO34966 -wasUserId wasadmin
-wasPassword wasadmin
Results
The log files that are created by the wizard are located under the
lotus_connections_root/version/log directory.
What to do next
updateLC command:
Use the updateLC command to run the update wizard in silent mode.
Purpose
The updateLC command:
v Installs fixes.
v Uninstalls fixes.
v Reports on the current state of applied fixes.
updateLC.{sh|bat}
Parameters
-?
Displays command usage information.
/?
Displays command usage information.
-configProperties <propertyFile>.properties
Specifies an externally supplied properties file containing Lotus Connections
properties and values. When specifying properties in a file, use the following
conventions:
v Do not include trailing spaces after property values
v Do not enclose values in quotation marks
v When typing directory paths, use a forward slash (/) instead of a backward
slash (\) regardless of the operating system
-fix
Interim fix only. Identifies the update as an interim fix update.
-fixDetails
Interim fix only. Instructs the command to display interim fix detail
information.
Chapter 3. Updating and migrating
351
-fixDir <directory>
Interim fix only. Specifies the fully qualified directory to which you
downloaded the interim fixes. The recommended directory is
lotus_connections_root/update/fixes.
-fixes <fix1> <fix2>
Interim fix only. Specifies a list of space-delimited interim fixes to install or
uninstall.
-fixJars <JAR_file1> <JAR_file2>
Interim fix only. Specifies a list of space-delimited interim fix JAR files to
install or uninstall. Each JAR file has one or more interim fixes.
-fixpack
Fix pack only. Identifies the update as a fix pack update.
-fixpackDetails
Fix pack only. Instructs the command to display fix pack detail information.
-fixpackDir <directory>
Fix pack only. Specifies the fully qualified directory to which you downloaded
the fix packs. The recommended directory is lotus_connections_root/update/
fixpacks.
-fixpackID <fixpack_ID>
Fix pack only. Specifies the ID of a fix pack to install or uninstall. The value
you specify does not include the .jar extension. The value is not the fully
qualified package file name, but is the name of the individual fix pack within
the JAR file. The current Lotus Connections strategy for fix pack JAR files is to
use one JAR file per fix pack. The fix pack ID is the name of the JAR file
before the .jar extension. For example, if the fix pack JAR file is named
LC_PTF_201.jar, the fix pack ID is LC_PTF_201.
-help
Displays command usage information.
/help
Displays command usage information.
-install
Installs the update, either interim fix or fix pack
-installDir <directory>
Specifies the fully qualified installation root of the Lotus Connections product.
By default, this directory is lotus_connections_root.
Note: If you are applying a fix pack or interim fix to features in a cluster,
apply the fix to the first node and then do a full synchronization to push the
fix to the other nodes.
-uninstall
Uninstalls the identified fix.
-uninstallAll
Interim fix only. Specifies to uninstall all applied interim fixes.
-updateFeature <feature_name>
Optional. Indicates that you want to update a subset of Lotus Connections
features. Specify the feature names as follows:
v activities
v blogs
v communities
352
IBM Lotus Lotus Connections 2.5 Installation Guide
v dogear
v homepage
v profiles
Use a comma or space to delimit multiple features. If you want to update all
features, do not use this parameter. You cannot use this parameter to apply
interim fixes to a specific set of features.
-usage
Displays command usage information.
-wasPassword <password>
Required to install or uninstall. Identifies the succeeding text as a WebSphere
Application Server administrative user password.
-wasUserId <AdminUserId>
Required to install or uninstall. Specifies the user ID of the WebSphere
Application Server administrative user.
Note: If you are installing features on different profiles with different
administrator user IDs or passwords, you can use the following types of
parameters:
v -${featureName}wasUserId <AdminUserId>. For example: -ActivitiesWasPassword
<password>
v -${featureName}wasPassword <password>. For example: -ActivitiesWasUserId
<AdminUserId>
Syntax
Use the specified syntax to perform the following common tasks:
v To display command usage information:
updateLC -help | -? | /help | /? | -usage
v To process a fix:
updateLC -installDir <lotus_connections_root>
-fix
-fixDir <lotus_connections_root/update/fixes>
-install | -uninstall | uninstallAll
-fixes <space-delimited list of fixes>
-fixJars <space-delimited list of JAR files>
-wasUserId <AdminUserId> -wasPassword <AdminPwd>
[-configProperties "property file name and path"]
[-fixDetails]
v To display a list of applied fixes:
updateLC -fix
-installDir <lotus_connections_root>
v To display a list of available fixes:
updateLC -fix
-installDir <lotus_connections_root>
-fixDir <lotus_connections_root/update/fixes>
v To process a fix pack:
updateLC -installDir <lotus_connections_root>
-fixpack
-fixpackDir <lotus_connections_root/update/fixpacks>
-install | -uninstall
-fixPackID <fix pack ID>
-wasUserId <AdminUserId> -wasPassword <AdminPwd>
[-configProperties "property file name and path"]
[-fixpackDetails]
Chapter 3. Updating and migrating
353
v To display a list of applied fix packs:
updateLC -fixpack
-installDir <lotus_connections_root>
v To display a list of available fix packs:
updateLC -fixpack
-installDir <lotus_connections_root>
-fixpackDir <lotus_connections_root/update/fixpacks>
Examples
The following examples demonstrate how to perform common tasks with the
updateLC command. They assume the following conditions:
v The location of the update wizard is: C:\IBM\WebSphere\LotusConnections\
update
v The Lotus Connections installation root is: C:\IBM\WebSphere\LotusConnections
v The fix repository is: C:\IBM\WebSphere\LotusConnections\update\fixes
v The fix pack repository is: C:\IBM\WebSphere\LotusConnections\update\fixpacks
Note: The examples include carriage returns after each parameter to make the
example easier to read. When using the command, do not add carriage returns
after the parameters.
To install a collection of interim fixes:
C:\IBM\WebSphere\LotusConnections\update
updateLC -fix
-installDir "C:\IBM\WebSphere\LotusConnections"
-fixDir "C:\IBM\WebSphere\LotusConnections\update\fixes"
-install -fixes Fix1 Fix2
-wasUserId wsadmin -wasPassword wspwd
To install a collection of interim fixes and display interim fix details:
C:\IBM\WebSphere\LotusConnections\update
updateLC -fix
-installDir "C:\IBM\WebSphere\LotusConnections"
-fixDir "C:\IBM\WebSphere\LotusConnections\update\fixes"
-install -fixes Fix1 Fix2 -fixDetails
-wasUserId wsadmin -wasPassword wspwd
To install a collection of interim fixes using a custom properties file:
C:\IBM\WebSphere\LotusConnections\update
updateLC -fix
-installDir "C:\IBM\WebSphere\LotusConnections"
-fixDir "C:\IBM\WebSphere\LotusConnections\update\fixes"
-install -fixes Fix1 Fix2
-wasUserId wsadmin -wasPassword wspwd
-configProperties .\myProp.properties
To install interim fixes from a Java archive (JAR) file:
C:\IBM\WebSphere\LotusConnections\update
updateLC -fix
-installDir "C:\IBM\WebSphere\LotusConnections"
-fixDir "C:\IBM\WebSphere\LotusConnections\update\fixes"
-install -fixJar Fix1
-wasUserId wsadmin -wasPassword wspwd
To uninstall a collection of interim fixes:
354
IBM Lotus Lotus Connections 2.5 Installation Guide
C:\IBM\WebSphere\LotusConnections\update
updateLC -fix
-installDir "C:\IBM\WebSphere\LotusConnections"
-fixDir "C:\IBM\WebSphere\LotusConnections\update\fixes"
-uninstall -fixes Fix1 Fix2
-wasUserId wsadmin -wasPassword wspwd
To display a list of interim fixes:
C:\IBM\WebSphere\LotusConnections\update
updateLC -fix
-installDir "C:\IBM\WebSphere\LotusConnections"
To display a list of interim fixes available in the repository:
C:\IBM\WebSphere\LotusConnections\update
updateLC -fix
-installDir "C:\IBM\WebSphere\LotusConnections"
-fixDir "C:\IBM\WebSphere\LotusConnections\update\fixes"
To install a fix pack:
C:\IBM\WebSphere\LotusConnections\update>
updateLC -fixpack
-installDir "C:\IBM\WebSphere\LotusConnections"
-fixpackDir "C:\IBM\WebSphere\LotusConnections\update\fixpacks"
-install -fixpackID Fixpack1
-wasUserId wsadmin -wasPassword wspwd
To install a fix pack to update a subset of features only, such as Activities and
Profiles:
C:\IBM\WebSphere\LotusConnections\update>
updateLC -fixpack
-installDir "C:\IBM\WebSphere\LotusConnections"
-fixpackDir "C:\IBM\WebSphere\LotusConnections\update\fixpacks"
-install -fixpackID Fixpack1 -updateFeature activities profiles
-wasUserId wsadmin -wasPassword wspwd
To uninstall a fix pack:
C:\IBM\WebSphere\LotusConnections\update>
updateLC -fixpack
-installDir "C:\IBM\WebSphere\LotusConnections"
-fixpackDir "C:\IBM\WebSphere\LotusConnections\update\fixpacks"
-uninstall -fixpackID Fixpack1
-wasUserId wsadmin -wasPassword wspwd
To display a list of installed fix packs:
C:\IBM\WebSphere\LotusConnections\update>
updateLC -fixpack
-installDir "C:\IBM\WebSphere\LotusConnections"
To display a list of fix packs available in the repository:
C:\IBM\WebSphere\LotusConnections\update>
updateLC -fixpack
-installDir "C:\IBM\WebSphere\LotusConnections"
-fixpackDir "C:\IBM\WebSphere\LotusConnections\update\fixpacks"
Note for users of Domino or Active Directory
This is an important note for users of Domino or Microsoft Active Directory.
Chapter 3. Updating and migrating
355
If you are upgrading from a previous version of Lotus Connections and you are
using Domino for LDAP directory services or if you are using ObjectSID as the
unique key with Active Directory, then you must run the userid synchronization
tool for each component.
Please refer to the Synchronizing IDs between LDAP and the feature databases topic.
Related tasks
Synchronizing IDs between LDAP and the feature databases
If you need to update the unique IDs that identify the people who are using the
Lotus Connections features, after an LDAP change, for example, you can do so.
Each feature provides one or more administrative commands that you can use to
synchronize the unique member IDs in the feature databases with those in the
LDAP directory.
Uninstalling updates
If the installation of a fix pack or interim fix fails, you can restore your Lotus
Connections environment to its previous state.
You can use the update wizard to uninstall fixes. There are two modes in which
you can run the wizard:
Interactive mode
You must confirm each step of the process
Silent mode
You use a series of commands and parameters to launch and run the
wizard
Uninstalling fix packs in interactive mode
If the fix pack that you installed is not working, you can uninstall it using the
update wizard in interactive mode.
Before you begin
Ensure that you have met the following prerequisites:
v You have restored your databases
v The WAS_HOME environment variable is set
About this task
To uninstall fix packs with the update wizard in interactive mode, complete the
following steps:
Procedure
1. From the directory that contains the update wizard, run the following script:
v AIX/Linux:
./updateLCWizard.sh
v Microsoft Windows:
updateLCWizard.bat
2. Select a language to use.
3. On the Welcome panel, click Next to continue.
4. From the Product list, select a product (such as Lotus Connections 2.5). If the
product does not appear in the list, select Other Lotus Connections install
356
IBM Lotus Lotus Connections 2.5 Installation Guide
location and then enter the location in the Installation location field, or click
Browse to specify a location. Click Next.
5. Click Uninstall and then click Next.
6. Enter the location of the fix pack in the Fix location field, or click Browse to
navigate to the location of the fix pack, and then click Next.
7. Select the check boxes of the fix packs that you wish to uninstall, and click
Next.
8. Enter the WebSphere Application Server administrator ID and password for
Lotus Connections features and click Next.
9. Review the information that you have entered. To make changes, click Back.
To start uninstalling, click Next.
10. Review the result of the update. Click Finish to exit the wizard.
Results
At least two logs are created by the wizard under the lotus_connections_root/
version/log directory:
v <Date>_<Time>_<ifix name>_<feature name>_install.log
v <Date>_<Time>_<ifix name>install.log
What to do next
To ensure that you have a clean Lotus Connections environment, see the Rolling
back a migration or update topic.
Uninstalling fix packs in silent mode
If the fix pack that you installed is not working, you can uninstall it using the
update wizard in silent mode.
Before you begin
Ensure that you have met the following prerequisites:
v You have restored your databases
v The WAS_HOME environment variable is set
About this task
To uninstall a fix pack in silent mode, complete the following step:
Procedure
Open a command prompt and enter the following command:
updateLC -installDir lotus_connections_root
-fixpack -uninstall
-fixPackID <fixpack_id>
-wasUserId <AdminUserId> -wasPassword <AdminPwd>
where <fixpack_file_location> is the directory containing the downloaded fix pack,
<fixpack_id> is the label of the fix pack (such as LC25_Fixpack), and where
<AdminUserId> and <AdminPwd> are the user name and password for WebSphere
Application Server.
Chapter 3. Updating and migrating
357
Results
At least two logs are created by the wizard under the lotus_connections_root/
version/log directory:
v <Date>_<Time>_<ifix name>_<feature name>_install.log
v <Date>_<Time>_<ifix name>install.log
What to do next
To ensure that you have a clean Lotus Connections environment, see the Rolling
back a migration or update topic.
Related reference
“Accessibility features for installing Lotus Connections” on page 2
Learn about the accessibility features for installing IBM Lotus Connections.
Uninstalling interim fixes in interactive mode
If the interim fix that you installed is not working, you can uninstall it using the
update wizard in interactive mode.
Before you begin
Ensure that you have met the following prerequisites:
v You have restored your databases
v The WAS_HOME environment variable is set
About this task
To uninstall interim fixes with the update wizard in interactive mode, complete the
following steps:
Procedure
1. From the directory that contains the update wizard, run the following script:
v AIX/Linux:
./updateLCWizard.sh
v Microsoft Windows:
updateLCWizard.bat
2. Select a language to use.
3. On the Welcome panel, click Next to continue.
4. From the Product list, select a product (such as Lotus Connections 2.5). If the
product does not appear in the list, select Other Lotus Connections install
location and then enter the location in the Installation location field, or click
Browse to specify a location. Click Next.
5. Click Uninstall, and then click Next.
6. Enter the location of the interim fix in the Fix location field, or click Browse
to navigate to the location of the interim fix, and then click Next.
7. Select the check boxes of the interim fixes that you wish to uninstall, and then
click Next.
8. Enter the WebSphere Application Server administrator user ID and password
and click Next.
9. Review the information that you have entered. To make changes, click Back.
To start uninstalling, click Next.
358
IBM Lotus Lotus Connections 2.5 Installation Guide
10. Review the result of the update. Click Finish to exit the wizard.
Results
At least two logs are created by the wizard under the lotus_connections_root/
version/log directory:
v <Date>_<Time>_<ifix name>_<feature name>_install.log
v <Date>_<Time>_<ifix name>install.log
What to do next
To ensure that you have a clean Lotus Connections environment, see the Rolling
back a migration or update topic.
Uninstalling interim fixes in silent mode
If the interim fix that you installed is not working, you can uninstall it using the
update wizard in silent mode.
Before you begin
Ensure that you have met the following prerequisites:
v You have restored your databases
v The WAS_HOME environment variable is set
About this task
To uninstall an interim fix in silent mode, complete the following step:
Procedure
Open a command prompt and enter the following command:
updateLC -installDir lotus_connections_root
-fix -uninstall
-fixes <fix1_id> <fix2_id>
-wasUserId <AdminUserId> -wasPassword <AdminPwd>
where <fix1_id> and <fix2_id> are the labels of the fix pack, and where
<AdminUserId> and <AdminPwd> are the user name and password for WebSphere
Application Server.
Results
The log files that are created by the wizard are located under the
lotus_connections_root/version/log directory.
What to do next
To ensure that you have a clean Lotus Connections environment, see the Rolling
back a migration or update topic.
Related reference
“Accessibility features for installing Lotus Connections” on page 2
Learn about the accessibility features for installing IBM Lotus Connections.
Chapter 3. Updating and migrating
359
360
IBM Lotus Lotus Connections 2.5 Installation Guide
Notices
This information was developed for products and services offered in the U.S.A.
IBM may not offer the products, services, or features discussed in this document in
other countries. Consult your local IBM representative for information on the
products and services currently available in your area. Any reference to an IBM
product, program, or service is not intended to state or imply that only that IBM
product, program, or service may be used. Any functionally equivalent product,
program, or service that does not infringe any IBM intellectual property right may
be used instead. However, it is the user's responsibility to evaluate and verify the
operation of any non-IBM product, program, or service.
IBM may have patents or pending patent applications covering subject matter
described in this document. The furnishing of this document does not grant you
any license to these patents. You can send license inquiries, in writing, to:
IBM Director of Licensing IBM Corporation North Castle Drive Armonk, NY
10504-1785 U.S.A.
For license inquiries regarding double-byte (DBCS) information, contact the IBM
Intellectual Property Department in your country or send inquiries, in writing,
to:IBM World Trade Asia Corporation Licensing 2-31 Roppongi 3-chome,
Minato-ku Tokyo 106-0032, Japan
The following paragraph does not apply to the United Kingdom or any other
country where such provisions are inconsistent with local law: INTERNATIONAL
BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS"
WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR
PURPOSE. Some states do not allow disclaimer of express or implied warranties in
certain transactions, therefore, this statement may not apply to you.
This information could include technical inaccuracies or typographical errors.
Changes are periodically made to the information herein; these changes will be
incorporated in new editions of the publication. IBM may make improvements
and/or changes in the product(s) and/or the program(s) described in this
publication at any time without notice.
Any references in this information to non-IBM Web sites are provided for
convenience only and do not in any manner serve as an endorsement of those Web
sites. The materials at those Web sites are not part of the materials for this IBM
product and use of those Web sites is at your own risk.
IBM may use or distribute any of the information you supply in any way it
believes appropriate without incurring any obligation to you.
Licensees of this program who wish to have information about it for the purpose
of enabling: (i) the exchange of information between independently created
programs and other programs (including this one) and (ii) the mutual use of the
information which has been exchanged, should contact:
© Copyright IBM Corp. 2007, 2010
361
Lotus Software
IBM Software Group
One Rogers Street
Cambridge, MA 02142 USA
Such information may be available, subject to appropriate terms and conditions,
including in some cases, payment of a fee.
The licensed program described in this document and all licensed material
available for it are provided by IBM under terms of the IBM Customer Agreement,
IBM International Program License Agreement or any equivalent agreement
between us.
Any performance data contained herein was determined in a controlled
environment. Therefore, the results obtained in other operating environments may
vary significantly. Some measurements may have been made on development-level
systems and there is no guarantee that these measurements will be the same on
generally available systems. Furthermore, some measurements may have been
estimated through extrapolation. Actual results may vary. Users of this document
should verify the applicable data for their specific environment.
Information concerning non-IBM products was obtained from the suppliers of
those products, their published announcements or other publicly available sources.
IBM has not tested those products and cannot confirm the accuracy of
performance, compatibility or any other claims related to non-IBM products.
Questions on the capabilities of non-IBM products should be addressed to the
suppliers of those products.
All statements regarding IBM's future direction or intent are subject to change or
withdrawal without notice, and represent goals and objectives only.
This information contains examples of data and reports used in daily business
operations. To illustrate them as completely as possible, the examples include the
names of individuals, companies, brands, and products. All of these names are
fictitious and any similarity to the names and addresses used by an actual business
enterprise is entirely coincidental.
COPYRIGHT LICENSE:
This information contains sample application programs in source language, which
illustrate programming techniques on various operating platforms. You may copy,
modify, and distribute these sample programs in any form without payment to
IBM, for the purposes of developing, using, marketing or distributing application
programs conforming to the application programming interface for the operating
platform for which the sample programs are written. These examples have not
been thoroughly tested under all conditions. IBM, therefore, cannot guarantee or
imply reliability, serviceability, or function of these programs.
Trademarks
The following terms are trademarks of International Business Machines
Corporation in the United States, other countries, or both:
400
AIX
Cloudscape
362
IBM Lotus Lotus Connections 2.5 Installation Guide
DB2
DB2 Universal Database
Domino
IBM
iSeries
Lotus
Lotus Notes
Notes
Sametime
the IBM logo
Tivoli
WebSphere
z/OS
Additional IBM copyright information can be found at: http://www.ibm.com/
legal/copytrade.shtml
Adobe, Acrobat, Portable Document Format (PDF), PostScript, and all Adobe-based
trademarks are either registered trademarks or trademarks of Adobe Systems
Incorporated in the United States, other countries, or both.
Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo,
Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or
registered trademarks of Intel Corporation or its subsidiaries in the United States
and other countries.
IT Infrastructure Library is a registered trademark of the Central Computer and
Telecommunications Agency which is now part of the Office of Government
Commerce.
ITIL is a registered trademark, and a registered community trademark of the Office
of Government Commerce, and is registered in the U.S. Patent and Trademark
Office
Microsoft, Windows, Windows NT, and the Windows logo are trademarks of
Microsoft Corporation in the United States, other countries, or both.
Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the
United States, other countries, or both.
Linux is a registered trademark of Linus Torvalds in the United States, other
countries, or both.
UNIX is a registered trademark of The Open Group in the United States and other
countries.
Other company, product, or service names may be trademarks or service marks of
others.
Notices
363
364
IBM Lotus Lotus Connections 2.5 Installation Guide
Printed in USA
GC14-7258-03
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement