Author: <span class="vcard">Kenio Carvalho</span>

I follow the steps bellow to setup my IBM Traveler 9.0.1.4 to allow the IBM Verse App.

My Domino and Traveler is on the same machine using Linux.

1 - Install or upgrade the Domino server 9.0.1 FP3

2 - Install or upgrade IBM Traveler 9.0.1.4

3 - Configure Domino HTTP for SSL.  This link was very useful for self cert.

4 - I am using iPhone. The easiest way to import the self cert was sending the cert by mail and then install the cert on the iPhone.

5 - Upgrade the Domino Directory ( http://www-01.ibm.com/support/docview.wss?uid=swg21699618). The current Domino Directory Template does not have a tab for IBM Verse.

6 - Download the IBM Verse App from the store and be happy :-)

Uncategorized

Need this kind of port today. The ssh 22 port was used on the firewall for another server. The admin publish the server using port 1234
According to man ssh:

 -p port 

Port to connect to on the remote host. This can be specified on
a per-host basis in the configuration file.


So you should be looking at:

ssh -p 1234 [email protected]


to connect to port 1234.

Uncategorized

Links on messages from IBM Connections contains links as https and http. The customer want's only https links

How to set :

1 - On the DMGR profile:

./wsadmin.sh -lang jython -user admin_user_id -password admin_password

2 -Type the following on wsadmin interface

execfile("connectionsConfig.py")

3 - Do a checkout of LotusConnections-config.xml

LCConfigService.checkOutConfig("/tmp/",AdminControl.getCell())

4 - Change de following to true

forceConfidentialCommunications enabled="false"

5 Checkin the new LotusConnections-config.xml

LCConfigService.checkInConfig()

6 - Sync and restart the nodes

Uncategorized

This week i setup Domino SSO with Windows. The customer will launch a SharePoint portal server and need a SSO with Domino Web Applications.

I follow this tutorial, the setup is very simple but some problems arrive.

The Domino server have the FQDN domino.mydomain.com.br  and the windows server  server.mydomain.com.br. The SSO doesn't work.
I read the message  Attempt by HTTP client to authenticate using Windows NTLM security is not supported on Domino console.

After the AD administrator setup the user dominostart, he issued the command SETSPN -a HTTP/domino.mydomain.com.br dominostart.

When the user try to access a url of the domino server the browser show a logon dialog but the title of the dialog show the windows server name (server.mydomain.com.br).

I asked the AD administrator to add another SPN SETSPN -a HTTP/server.mydomain.com.br dominostart

Everything works after a Domino restart. :=)

If you want to use Chrome as your browser you need to start Chrome with arguments

/path/to/chrome --auth-server-whitelist="*.domain.com"

Uncategorized

This week i spend several hours to setup a machine with IBM Cognos and IBM Connections 5 CR2 on SLES 11 SP3 using Oracle as database.

The Cognos wizard complete the CognosBI setup but Trasnformer not.

I set the logs to debug level and the messages does not help.

The problem was when the error appears the wizard roll back the installation of CognosBI removing everything from WebSphere.

After several reviews of the SLES libraries and Oracle client setup i made the setup only for CognosBI (previously i setup CognosBI + Transformer) successfully.

I try to open the cognos URL like http://server:port/cognos/servlet/dispatch/ext but the server doesn't send any response

Reading the cognos.log i found the following :

Initialization_SESS Initialization_REQ Thread-70        CM        6304        1        Audit.cms.CM        StartService Warning
CM-CFG-5063 A Content Manager configuration error was detected while connecting to the content store. sealing violation:
package oracle.jdbc is sealed Runtime Exception stack trace: java.lang.SecurityException: sealing violation: package oracle.jdbc is sealed

I don't now why but the installer copy the orajdbc6.jar into Cognos.ear.   I stop the cognos server, remove the orajdbc6.jar from the lib folder inside of cognos.ear and  start the server.

The cognosBI works and  Transformer was installed without problems.

The steps i follow

1 - Setup Cognos BI
2 - Stop the server and remove the orajdbc6.jar from the cognos.ear
3 - Start the Cognos Server
4 - Setup the Transformer
IBM Connections requires that XMLHTTP is enabled in Internet Explorer, either through ActiveX or native object, for the dynamic AJAX functionality to function correctly.

Check Enable native XMLHTTP support in the Advanced tab of the Internet Options dialog


Image:IBM Connections requires that XMLHTTP is enabled in Internet Explorer

Information from IBM TN 1698438

Some users are receiving the message bellow instead of the search results:

CLFRW0075W: Failed to load the index at startup, it may not have been created yet�

The search index on one node was created/copied.

To solve the problem i just copy the index from another node.
1. Update strategy for IBM Connections 5.0:

http://www-01.ibm.com/support/docview.wss?uid=swg21683118

2. IBM Connections 5.0 requirements for IBM FileNet for use with Connections Content Manager (CCM):

http://www-01.ibm.com/support/docview.wss?uid=swg21683147

3. IBM Cognos Wizard for IBM Connections 5.0 Cumulative Refreshes (CRs)
http://www-01.ibm.com/support/docview.wss?uid=swg21696033

4. Fix list for IBM Connections 5.0 CR2:

http://www-01.ibm.com/support/docview.wss?uid=swg21694318

5. Updating the IBM Connections 5.0 databases to the required schema versions for Cumulative Refresh 2 (CR2):

http://www-01.ibm.com/support/docview.wss?uid=swg21694319

6. New functions included in IBM Connections 5.0 CR2
http://www-01.ibm.com/support/docview.wss?uid=swg21695145

7. Upgrade to IBM Connections 5.0 CR2 from IBM Connections 5.0 CR1 With Connections Content Manager (CCM)
http://www-01.ibm.com/support/docview.wss?uid=swg21696235
Security researchers have discovered a vulnerability in a piece of adware called Superfish that makes your computer vulnerable to all kinds of attacks. Superfish ships preloaded on many Lenovo computers, but can also be installed on any machine. Here's what's going on and how to test if you're infected.

See the full article here
Due to security vulnerabilities (CVE-2012-6153 and CVE-2014-3577) WebSphere Portal is removing the Apache commons-httpclient JAR files from all releases and replacing them with the newer version (Apache HttpClient 4.3.6).  
Note that the JAR files may not be removed by a specific interim fix but the interim fix will remove all WebSphere Portal uses of those JAR files and the JAR files will be removed by a subsequent Cumulative Fix associated with that release.

These JAR files have been on the Portal classpath in many releases.  They were never intended to be used by our customers but it is possible that they could be used by a customer's custom portlets or by a third party's custom portlets.

The specific JAR files that will be removed are the following:

        commons-httpclient-2.0.jar
        commons-httpclient-3.0.jar
        commons-httpclient-3.0.1.jar

The WebSphere Portal releases in which the removal takes place are:

        WebSphere Portal V6.1.0.6
        WebSphere Portal V6.1.5.3
        WebSphere Portal V7.0.0.2
        WebSphere Portal V8.0.0.1 (included in CF15)
        WebSphere Portal V8.5.0.0


If you do not have any custom code or third party code that uses these JAR files you do not have to do anything as consequence of this removal.  

If you do have custom code or third party code that depends on these JAR files to be in the Portal Server classpath then you will have to make a change.  There are many options.  You can simply add a copy of the JAR back into the WebSphere Application Server or WebSphere Portal classpath, add the JAR into the appropriate portlet WAR file (neither of which will protect you from the security vulnerabilities) or change your custom source code to use the new Apache HttpClient 4.3.6 JAR that does fix the security vulnerability.  Changing the source code is the best option.  Note that Apache HttpClient 4.3.6 is a complete rewrite of the library and there is no backward compatibility.  Reference the Apache web site for more details.

From TN 1695483
External collaboration is a new feature of Connections 5.

External user are any users "marked" or "selected" as a external.

External users can:
  • Only see Files and Communites that he/she has given access to
  • See people in the community and business card (limited to some information)
  • Search, but no public data will be returned.

The process is not complicated. The key is how to mark or select external users on your ldap. The options are;

1 - Map standard LDAP attribute for external users
2 - Map standard LDAP attribute using JavaScript
3 - Use an LDAP branch to store external users.

I use the option 3 because on our LDAP external users are in another branch

I am using linux .

1 - First create another folder above /opt/IBM/TDI/V7.1.1 and copy the content of the TDISOL. I create with the nameTDISOLEXTERNAL
2- Edit map_dbrepos_from_source.properties and add a line

 mode={func_mode_visitor_branch}

3 Edit profiles_tdi.properties and set the properties

source_ldap_url_visitor_confirm=ldap://:389
source_ldap_search_base_visitor_confirm=ou=external,o=Plansis
source_ldap_search_filter_visitor_confirm=(&(objectclass=inetOrgPerson))
source_ldap_search_base=ou=external,o=Plansis
source_ldap_search_filter=(&(objectclass=inetOrgPerson))
source_ldap_urlldap://:389

4- Append a string to an external user´s display name in map_dbrepos_from_source.properties

displayName={func_decorate_displayName_if_visitor}
displayNameLdapAttr=cn
decorateVisitorDisplayName=-Terceiro

5 - Run collect.dns and verify the list of users. Do not run sync_all_dns.sh or you will inactivate internal users!

6 - run populate_from_dn_file.sh

7 - Only internal users with the role EMPLOYEE_EXTENDED can share content with external users. Add the role to the users using wsadmin

execfile("profilesAdmin.py")
ProfileService.setRole("[email protected]", EMPLOYEE_EXTENDED)

Now you can collaborate with external users.





After i setup the IBM Connections 5.0 CR1 i open the homepage and the theme was show as the old IBM Connections theme not the new one.

I found on the systemout.log the following

net.jazz.ajax.internal.util.TraceSupport warn The StyleSheet "com.ibm.lconn.core.styles.oneui3/base/applications/profiles"

To solve the problem shutdown the connections server and clean the temp folder of the websphere application server on all nodes.

Restart the server and everything must be ok.

Thanks to Michael Urspinger tip