Professional Documents
Culture Documents
Note Before using this information and the product it supports, read the information in Notices on page A-1.
First Edition This edition applies to version 8, release 0 of IBM Lotus Quickr and to all subsequent releases and modifications until otherwise indicated in new editions. Copyright International Business Machines Corporation 2007. All rights reserved. US Government Users Restricted Rights Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
Contents
Part 1. Welcome to the Administrators Guide for IBM Lotus Quickr Version 8.0
Deciding on the services to use . . . 1-1 Supported hardware and software . . 2-1
Configuring collaborative installations . . . . . 5-1
Creating a Lotus Domino cluster. . . . . Implementing a method for distributing HTTP requests . . . . . . . . . . . . . Load balancing . . . . . . . . . Failover to a hot-spare . . . . . . . Modifying scheduled qptool commands in the notes.ini file . . . . . . . . . . . Setting up the Place Catalog for a cluster . .
. . . . . .
Translating LDAP distinguished names for offline use . . . . . . . . . . . . . . . . 13-7 How to configure translation . . . . . . . 13-7 Table of expressions . . . . . . . . . . 13-9 Example of translating names that contain the dc attribute . . . . . . . . . . . . . 13-9 Configuring offline use for specific environments 13-10 Configuring offline use in an environment that uses IBM Network Dispatcher . . . . . . 13-10 Configuring offline use in an environment that uses Sun Java System Portal Server . . . . 13-10 Configuring offline use in an environment that uses CA SiteMinder . . . . . . . . . 13-10 Using a passthru server for offline use . . . 13-10 Performing optional offline configuration tasks 13-11 Using an alternate Web server for offline downloads. . . . . . . . . . . . . 13-11 Using Lotus Quickr login passwords for offline use . . . . . . . . . . . . . 13-11 Hiding the Work Offline link from users . . . 13-12 Offline setup FAQs . . . . . . . . . . . 13-12
. . . . . 14-1
14-1 14-2 14-2 14-3 14-5 14-6 14-7 14-7 14-7 14-8 14-8 14-9 14-9 14-9
12-1
12-1 12-1 12-1 12-2 12-2 12-4 12-6
Configuring connectors . . . . . . . . . . Enabling connector uploads of 10MB or larger files . . . . . . . . . . . . . . . Preventing the use of connectors . . . . . . Enabling Lotus Sametime features in places . . . Preparing the servers to enable Lotus Sametime features in places . . . . . . . . . . . Enabling awareness and instant messaging in places. . . . . . . . . . . . . . . Enabling online meetings . . . . . . . .
Enabling or disabling context menus or document drag-and-drop . . . . . . . . . . . . . Displaying user images and user information in user context menus . . . . . . . . . . . Specifying a footer that appears on all pages . . Adding and removing graphic text fonts . . . . Changing the maximum allowed attachment size Disabling ActiveX . . . . . . . . . . . Disabling Java applets . . . . . . . . . . Displaying CGI variables in HTML source pages Disabling page compression . . . . . . . . Customizing user notifications settings . . . . Configuring where the server routes undeliverable e-mails . . . . . . . . . Disabling calendar subscriptions . . . . . . Configuring an email URL prefix when using a gateway server . . . . . . . . . . . Using qpconfig.xml settings to configure notifications . . . . . . . . . . . .
15-1
. 15-1 . 15-1 . 15-2
Specifying rules for a reverse proxy configuration . . . . . . . . . . . 16-1 Customizing Web page cache settings . . . . . . . . . . . . . 17-1 Configuring cross-place searching 18-1
iv
To extract the names of users from log files on AIX and Solaris . . . . . . . . . . . Example of extracting names from one log file Example of extracting names from multiple log files . . . . . . . . . . . . . . . Example of extracting names from log files on multiple servers . . . . . . . . . . . To extract the names of users from log files on Windows . . . . . . . . . . . . . Example of extracting names from multiple log files on Windows . . . . . . . . . . . Example of extracting names from log files on multiple servers on Windows . . . . . . .
Managing places
. . . . . . . . . 20-1
Using My Places for place administration . . . . 20-1 Using My Places to display place statistics . . 20-1 Using My Places to perform place administration tasks . . . . . . . . . . 20-1 Sending mail to place members . . . . . . . 20-2 Sample template file . . . . . . . . . . 20-3 Sending newsletters to subscribers . . . . . . 20-3 Locking and unlocking places on the server . . . 20-4 Archiving places . . . . . . . . . . . . 20-5 Restoring an archived place that you removed 20-6 Renaming places . . . . . . . . . . . . 20-7 Moving a place from one current-release server to another . . . . . . . . . . . . . . . 20-7 Removing places and PlaceTypes from the server 20-8 Reactivating a place mistakenly removed using QPTool remove . . . . . . . . . . . 20-9 Completing the deletion of a place mistakenly deleted through the file system . . . . . . 20-9 Generating reports about places . . . . . . 20-10 Registering and unregistering places . . . . . 20-11
Writing client-side JavaScript to extend place functionality . . . . . . 26-1 Using XML to access the Lotus Quickr Java API . . . . . . . . . . 27-1
Setting up the server to access the Java API . . Setting up the server for Java API access (Windows, AIX, Solaris) . . . . . . . Setting up the server to access the API (i5/OS) Accessing the Java API . . . . . . . . . Accessing the API from a command line . . Accessing the API from a Java program . . Accessing the API using qptool execute . . . XML details . . . . . . . . . . . . . 27-1 . 27-1 27-1 . 27-2 . 27-2 . 27-3 . 27-5 . 27-5
21-1
. . . . 21-1 21-1 21-1 21-1 21-6 21-7 21-8 21-8 21-8
. . . .
29-1
. . . . 29-1 29-1 29-3 29-3
Contents
Debugging a PlaceBot . . . . . . LotusScript PlaceBots . . . . . Java PlaceBots . . . . . . . . Disabling PlaceBots for tighter security Running PlaceBots offline . . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . 30-1
. 30-1 30-4 . 30-5 . 30-6 . 30-6 . 30-7
Theme layouts . . . . . . . . . . . . <QuickPlaceSkinComponent> tag in layouts <IteratingValue> tag in layouts . . . . . One HTML file for multiple layouts . . . Creating a new theme . . . . . . . . . Editing a custom theme. . . . . . . . .
A second cn component in distinguished name is preventing user authentication . . . . . . . A user cant log in to a place after a distinguished name change . . . . . . . . . . . . . User cant log in after name change in Domino Directory . . . . . . . . . . . . . . In a third-party authentication environment, users with non-standard names are unable to authenticate . . . . . . . . . . . . . In a third-party authentication environment, users with multi-character delimiters in their names are unable to authenticate . . . . . . . . . . Users are rechallenged for credentials when publishing and lose their edits . . . . . . . If place member and super user have same name, the super user gets member access . . . . . . A user who is a member of a group is not getting the expected access . . . . . . . . . . .
36-1
37-1
37-1 37-1 37-1 37-1 37-1 37-2 37-2 37-2 37-2 37-3 37-3
Troubleshooting connectors
. . . . 33-1
You receive the error The path specified is too long when using connectors to add a document to a place . . . . . . . . . . . . . . 33-1
Changehierarchy command adds entries to the Place Catalog in situations when it shouldnt . . Addmember command fails when you mistakenly use the -g argument to add an individual user . . Must unlock archived place before moving it back and registering . . . . . . . . . . . . qptool changemember appears to change a user to a group . . . . . . . . . . . . . . . qptool report returns the error Database is not full-text indexed . . . . . . . . . . . . Uppercase place names specified in XML input are converted to lowercase . . . . . . . . . . qptool does not archive a place that already exists in the specified archive directory . . . . . . Cant use qptool commands on a place whose name begins with a hyphen . . . . . . . . qptool changemember does not change the name in existing page banners . . . . . . . . . qptool remove -cleanup after qptool remove -p placename not working . . . . . . . . . . Problem using nqptool commands on server/program command line . . . . . . .
38-1
. 38-1 . 38-1 . 38-1 . 38-1 . 38-2 . 38-2 . 38-2
36-1
. 38-2 38-2
Offline not working for external users after changemember or changehierarchy commands used . . . . . . . . . . . . . . . Offline is not working for a super user . . . Offline users cant use places and rooms accessed through group membership . . . . . . . Offline authors or readers see synchronization errors . . . . . . . . . . . . . . . Problem installing places offline on Windows XP Cannot install places with the same name from two different servers . . . . . . . . . .
Client logging settings . Other settings . . . . . 38-3 . 38-3 . 38-3 . 38-3 38-3 . 38-3
. .
. .
. .
. .
. .
. .
. .
. .
. 41-4 . 41-4
Part 8. Reference
notes.ini settings . . . . . . . . . 41-1
Web page cache settings Offline settings . . . Server logging settings . . . . . . . . . . . . . . . . . . . . . . . . . . 41-1 . 41-1 . 41-1
Part 9. Appendixes
Notices . . . . . . . . . . . . . . A-1
Trademarks . . . . . . . . . . . . . . A-3
Contents
vii
viii
Part 1. Welcome to the Administrators Guide for IBM Lotus Quickr Version 8.0
Welcome to the administrators guide for IBM Lotus Quickr. In this guide you can find information about how to install, configure, and administer the server.
1-1
1-2
2-1
2-2
3-1
3-2
Security planning
By default, users can connect to a Lotus Quickr server anonymously or through basic name-and-password authentication. Server access is controlled through the Ports Internet Ports Web tab in the Server document in the Domino Directory. By default, any user who can connect to the server can create places. The local Lotus Quickr administrator, created at the end of Lotus Quickr installation, can use the Site Administration Security link on the home page to limit the ability to create places to specific authenticated users. The local administrator can also designate additional administrators, who then have the ability to create and delete places, use the Site Administration link, and create and delete PlaceTypes. Users who create places have super user access to the places, meaning they can see and edit all place content, as well as control all access to place content. The available places access levels are: Author, Reader, Editor, Manager, and Super User. An administrator can use the qpconfig.xml file to specify the name of a user or group in a user directory that has super user access to all places on the server. Note that if you want to use Lotus Sametime integration features, or to use My Places Show Usage Statistics to run qptool commands on places, you must configure the server to use single sign-on authentication.
International considerations
For this release, if you use any non-English version of Lotus Quickr server, you must set up the server to generate output using UTF-8 encoding so that page content displays correctly in non-English languages. See the Installation section of the infocenter for more information. To enable people who use double-byte character set (DBCS) languages, such as Japanese or Chinese, to use My Places, you must enable single sign-on authentication on the server. In addition, you must use the notes.ini file to configure the DBCS language to use. See the Configuring section of the infocenter for more information.
Part 2.Planning
Part 3. Installing
This section describes installing services for Lotus Domino and installing connectors on users desktops.
Installing on Windows
Perform the following steps to install IBM Lotus Quickr on a Microsoft Windows system. 1. Review the hardware and software requirements on the IBM Support Site. See the detailed system requirements document at: http://www.ibm.com/support/docview.wss?rs=3264&uid=swg27009740. 2. Review the known issues that are described on the IBM Support Site. To see a list of all current known issues in this release, use the following URL: http://www.ibm.com/support/ search.wss?rs=3264&tc=SSVGKL&atrn=SWVersion&atrv=8.0. To see just installation issues, select Installation in the Product Category list. 3. Install IBM Lotus Domino version 7.0.2. Keep the following points in mind: v Select Domino Enterprise Server as the server type. v If you install partitioned Lotus Domino servers so that you can install Lotus Quickr on each partition, when you configure the server for TCP/IP, assign a separate IP address to each partition rather than using port mapping. For more information, see the topic Partitioned servers and IP addresses in Domino 7 Administrator Help. For information on installing the Lotus Domino server, see the topic Installing Domino on Windows systems in Domino 7 Administrator Help. 4. Run the Domino Server Setup program. Keep the following points in mind: v Choose to set up HTTP services. v Use a Domino server certifier that includes no more than two organizational units (OUs). For example, the certifier /OU=Dallas/OU=Div1/O=Acme is acceptable, but the certifier /OU=Sales/OU=Dallas/OU=Div1/O=Acme is not acceptable. Otherwise the internal names of local users defined in Lotus Quickr places will be truncated and these users will be unable to log in to the server. The local administrator specified at the end of the installation is a required local user. For information on setting up the Domino server, see the topic Using the Domino Server Setup program in Domino 7 Administrator Help. Install Lotus Domino 7.0.2 Fix Pack 1. See the following Support Technote for information on this fix pack: http://www.ibm.com/support/docview.wss?rs=899&uid=swg21254159. Stop the Lotus Domino server if it is running. Stop any other Windows programs that are running. Stop any Web applications that listen on TCP/IP port 80. Skype is an example of such an application. Insert and start the Lotus Quickr installation CD. If you are installing from a network drive, navigate to the directory that contains the installation kit. Double-click the Setup.exe file. In the Software License Agreement window, click Accept. In the Welcome window, click Next. In the Choose Destination Location window, select the directory that holds the Lotus Domino program files, and then click Next. In the Start Copying Files window, review the directory path names that are displayed, and if they are correct, click Next to begin the installation.
4-1
15. After installation is complete, click Next in the Lotus Quickr Server Configuration window that opens automatically. 16. In the Specify name and password window, type the user name and password for the first Lotus Quickr server administrator. Specify the name for a new, local administrator. Do no specify the name of the Lotus Domino server administrator or any other name from a user directory that Lotus Quickr uses. 17. In the Congratulations dialog box, click Finish. Related tasks Enabling the Domino Servlet Engine on page 4-26 After you have installed or upgraded to IBM Lotus Quickr, enable the Domino Servlet Engine. This step enables place managers to use place administration actions, such as qptool lock and unlock from My Places Show Usage Statistics. Enabling UTF-8 character encoding for non-English server versions on page 4-27 If you use any non-English version of the IBM Lotus Quickr server, you must set up the server to generate output using UTF-8 encoding so that page content displays correctly in non-English languages. Modifying TCP/IP registry settings on Windows servers on page 4-27 If your IBM Lotus Quickr server runs on Microsoft Windows, you must modify specific TCP/IP registry parameters to ensure good performance.
4-2
8. Navigate to the directory that contains the installation kit. 9. Enter this command to start the installation:
./install
10. When prompted, type the number that corresponds to the language in which you prefer to read the Lotus Software Agreement. Press Enter to continue, and then press Enter again to display the license agreement. 11. When you have read the agreement, press 1 to accept the agreement and continue with the installation. Note: Many of the following steps require that you accept a default or type a new value. To change a default, press Enter and type a new value. After you enter a new setting, press Enter to accept the change and continue with the installation. Specify the Lotus Domino program directory as the directory where the Lotus Quickr program files will be installed. The default Domino program directory is opt/ibm/lotus. You must install the Lotus Quickr program files to the directory that holds the Domino program files. Press TAB to continue. Specify the Lotus Domino data directory as the directory where the Lotus Quickr data files will be installed. The default Domino data directory is /local/notesdata. You must install the Lotus Quickr data files into the directory that holds the Domino data files. Press TAB to continue. Specify the UNIX user who will own the Lotus Quickr server files. This must be the same user who owns the Domino server files. Specify the UNIX group that will own the Lotus Quickr server files. This must be the same group that owns the Domino server files. The UNIX user specified in the previous step must be a member of this group. Type the name and password of the first Lotus Quickr administrator. Specify the name for a new, local administrator. Do no specify the name of the Lotus Domino server administrator or any other name from a user directory that Lotus Quickr uses. When the installation program displays Configuration of the Install program is complete, press TAB to review your installation settings. For example: Installation type: New Install Program directory: /opt/ibm/lotus Data directory: /local/notesdata UNIX user: UNIX user UNIX group: UNIX group
12.
13.
14. 15.
16.
17.
18. Press TAB to install Lotus Quickr. Related tasks Enabling the Domino Servlet Engine on page 4-26 After you have installed or upgraded to IBM Lotus Quickr, enable the Domino Servlet Engine. This step enables place managers to use place administration actions, such as qptool lock and unlock from My Places Show Usage Statistics. Enabling UTF-8 character encoding for non-English server versions on page 4-27 If you use any non-English version of the IBM Lotus Quickr server, you must set up the server to generate output using UTF-8 encoding so that page content displays correctly in non-English languages.
4-3
Enabling the Domino Servlet Engine on page 4-26 After you have installed or upgraded to IBM Lotus Quickr, enable the Domino Servlet Engine. This step enables place managers to use place administration actions, such as qptool lock and unlock from My Places Show Usage Statistics. Enabling UTF-8 character encoding for non-English server versions on page 4-27 If you use any non-English version of the IBM Lotus Quickr server, you must set up the server to generate output using UTF-8 encoding so that page content displays correctly in non-English languages.
4-4
4-5
http://www-10.lotus.com/ldd/doc
4-6
v Click Servers. v Click TCP/IP. v In the right pane, right-click HTTP Administration and select Stop Instance-->All. 2. Start the HTTP Administration server. v Click Network. v Click Servers. v Click TCP/IP. v In the right pane, right-click HTTP Administration and select Start. 3. Open the IBM HTTP server configurations page. v Start your Web browser. v Enter the following URL: http://hostname.yourco.com:2001/HTTPAdmin where hostname.yourco.com is the fully qualified host name of your system. v Click IBM Web Administration for i5/OS. v Select the Manage tab. v Select the HTTP Servers tab. 4. Select a configuration from the menu at the top of the screen, and complete the following items for each configured instance of the IBM HTTP server. v From the list on the left pane, select General Server Configuration. v In the right pane, find the IP address and port table in the section called Server IP address and ports to listen on. v If one of the rows in the table has an asterisk (*) in the IP Address column, then the server is listening on all IP addresses. Select that row. Replace the asterisk (*) with the IP address for this server and click Continue. v When finished updating the server IP address table, click Apply to save your changes. 5. When each instance of the IBM HTTP server is configured to use a specific IP address, restart the HTTP servers. v Open iSeries Navigator. v Open the system where you plan to install Lotus Quickr. v Click Network. v Click Servers. v Click TCP/IP. v In the right pane, right-click HTTP Administration and select either Start Instance-->All, or select the particular server instances you would like to start. For more information on managing IBM HTTP server, see the IBM eServer iSeries Information Center at http://www.ibm.com/eserver/iseries/infocenter
4-7
v Your Domino server must be bound to the IP address prepared for use with Lotus Quickr. For more information, see Preparing your TCP/IP connection. To bind the Domino server to the IP address set aside for Lotus Quickr, follow these steps: Open the Server document of the Domino server. Select Internet Protocols. Select the HTTP tab. In the Host name(s) field, enter the TCP/IP address set aside for Lotus Quickr. In the Bind to host name field, select Enabled. Restart the Domino server to make any changes take effect. v Use a Domino server certifier that includes no more than two organizational units (OUs). For example, the certifier /OU=Dallas/OU=Div1/O=Acme is acceptable, but the certifier /OU=Sales/OU=Dallas/ OU=Div1/O=Acme is not acceptable. Otherwise the internal names of local users defined in Lotus Quickr places will be truncated and these users will be unable to log in to the server. The local administrator specified at the end of the installation is a required local user.
3. 4.
5.
6.
The Work with Licensed Programs display appears. From the Work with Licensed Programs (LICPGM) menu, select option 5 (Prepare for install) and press Enter. The Prepare for Install display appears. Type 1 in the option field next to Work with software agreements. Press Enter. When the Work with Software Agreements display appears, you see all IBM licensed programs that require software agreement acceptance and whether the agreement has been accepted. Only licensed programs that are not yet installed appear on this display. The software agreements for Lotus Quickr will not appear in the list until you restore them from the CD in a later step. Press F22 (shift-F10) to restore the Software Agreements from the Lotus Quickr CD. For the Device parameter, specify the name of your optical drive. For example, OPT01. Press Enter to restore the Lotus Quickr software agreements to the system. Once the Software agreements are restored from the Lotus Quickr CD, the following message is displayed:
Waiting for reply to message on message queue QSYSOPR.
You can sign on to another session to respond to the message or ask the system operator to respond. To view and respond to the message from another session: a. Enter the following command on an i5/OS command line:
wrkmsgq qsysopr
b. Select option 5 to display the messages in the QSYSOPR message queue. c. Locate the following message in the queue:
Load the next volume in optical device OPT01. (X G)
4-8
The Lotus Quickr software agreements have already been restored. If you want to restore more software agreements from another CD, insert the next CD and respond with G. When the sofware agreements have been restored from the next CD, the message is issued again. When you are done, respond to the message with X. 7. The Work with software agreements display should now include an entry for Lotus Quickr: Licensed Program 5724S31. 8. For each entry for Licensed Program 5724S31, type 5 in the option field and press Enter to display the Software Agreement. Then press F14 (Accept) to accept the terms of the software agreement.
6. On the LODRUN display, type the following value in the Device field and press Enter:
*opt
7. In the Directory field, type the following value and press Enter:
/os400
8. When the Lotus Quickr option screen is displayed, type a 1 beside the Lotus Quickr product option and press Enter to begin the installation. The system loads the Lotus Quickr programs to the appropriate system libraries and /QIBM directories. Note: If the Domino server ID files are password protected, you will be prompted to enter the password. After the password has been entered, press Enter to continue with the installation of Lotus Quickr. If your server ID file has multiple passwords, the passwords must be entered one at a time. 9. If you prefer to use a non-English version of Lotus Quickr, you should install the Lotus Quickr Language Pack at this time. The Language Pack can either be installed from CD-ROM or downloaded from the Web. Language Pack installation instructions are included with the Language Pack.
4-9
3. Fill in the following fields and press Enter to add Lotus Quickr to the Domino server.
Field Domino server name Explanation The name of the Domino server where you will add Lotus Quickr. Specifies the name of the person who is the administrator for this Lotus Quickr server. The administrators name should be a local user and should not be present in the external directory. The password you want to use for the Lotus Quickr administrators ID. Keep a record of this password as you will need it to sign on to the Lotus Quickr home page as the administrator. The Server ID password is only required if the Domino server is password-protected. You would have specified this password when the Domino server was created. If the ID file requires multiple passwords, then the passwords must be enclosed inside single quotation marks and separated by commas. For example: Password.......password1,password2 Start Domino Server If you press F10, an additional parameter is displayed. This parameter gives you the option of starting the Lotus Quickr server immediately after adding Lotus Quickr to the Domino server. To start the Domino server after adding Lotus Quickr, specify *YES.
Administrator password
Server ID Password
where dominoservername is the actual name of the Domino server. 3. Verify that you want to remove Lotus Quickr from the Domino server by typing a G and pressing Enter. Note: If you do not wish to remove Lotus Quickr from the Domino server, press any other key. 4. Restart the Domino server.
4-10
5. To verify that Lotus Quickr was removed from the Domino server, use a Web browser to try to access the Lotus Quickr home page for the Domino server at the following URL: http://dominoservername:port/lotusquickr where dominoservername is the name of your Lotus Quickr server and port is the associated port number. For example:
http://twpserver1:81/lotusquickr
Note: If removing an earlier release of Lotus QuickPlace, access the following URL instead: http://dominoservername:port/QuickPlace You should get an error indicating that the file was not found.
Whats new?
Read about the new features in this release.
4-11
Atom feed
The Atom feed is an XML-formatted feed that can pull content from various place document repository areas such as folder document listings, forms listings, members listings, and a Whats New document.
Known issues and system requirements documented on IBM Support Site replace release notes
No Release Notes are provided in this release. System requirements and known issues are now documented exclusively on the IBM Support Site. Related tasks Configuring collaborative installations on page 5-1 Users of the connector for Lotus Sametime and the connector for Lotus Notes can invite others to download the connectors by sending URL links to the servers to use for the downloads. You can configure which servers to use for these collaborative installations. Enabling or disabling context menus or document drag-and-drop on page 14-1 You can use the qpconfig.xml file to control the extent to which context menus are enabled in the user
4-12
interface. Context menus are menus that are available from documents, folders, user names, and My Places by hovering over a drop-down arrow. You can also enable or disable the ability to drag and drop documents in folders. Context menus and document drag-and-drop are enabled by default. Displaying user images and user information in user context menus on page 14-2 The Lotus Quickr user interface provides context menus next to member names. You can use the qpconfig.xml file to display images and LDAP directory attributes of external members in these context menus. The images are accessed through a Web service URL that you specify. Using My Places for place administration on page 20-1 External members who have at least reader access to places can use My Places to display statistics about the places. External members with manager access can use My Places to perform place administration tasks. Writing client-side JavaScript to extend place functionality on page 26-1 You can enhance the functionality of a place by using client-side JavaScript in themes, imported HTML forms, imported HTML pages, and any other object within the product that will render its HTML or JavaScript, to extend to your own JavaScript code off of any JavaScript function within the product.
Upgrading servers
Upgrade a server by performing the steps described for your operating system. If you are upgrading a server in a clustered environment, you must prevent servers from replicating during the upgrade process. To prevent replication of clustered servers during the upgrade process: 1. Disable replication of one server in the cluster, and then stop the server. If you are using Network Dispatcher, redirect HTTP traffic to the other cluster members. 2. Upgrade the server, following one of the procedures referenced below. 3. Restart the server. 4. Repeat steps 1 -3 for each server in the cluster. Do not allow IBM Lotus QuickPlace Version 6.5.1 or Version 7.0 servers to replicate with IBM Lotus Quickr Version 8.0 servers. 5. When all servers in the cluster are running Lotus Quickr Version 8.0, re-enable cluster replication and enable qptool replicamaker between the servers.
4-13
Note: Users will need to re-install places offline after the upgrade is complete. 2. Stop the IBM Lotus Domino server if it is running. 3. Stop any other Windows programs that are running. 4. Upgrade the Lotus Domino server to Version 7.0.2, if you have not already done so. For instructions, see the book Upgrading to IBM Lotus Notes/Domino 7 available on the Web at www.lotus.com/ldd/doc. Note: If you start the upgraded Lotus Domino server before upgrading to Lotus Quickr, ignore the java.dll could not be found error message if it is displayed. After you upgrade to IBM Lotus Quickr Version 8.0 the error will no longer be displayed. 5. Perform the following steps to upgrade to Lotus Quickr Version 8.0. a. Insert and start the Lotus Quickr installation CD. If you are installing Lotus Quickr from a network drive, navigate to the directory with the installation kit. Double-click Setup.exe. In the Software License Agreement window, click Accept. In the Welcome window, click Next. In the Choose Destination Location window, select the directory that holds the Lotus Domino program files, and then click Next. f. In the Start Copying Files window, review the directory path names that are displayed, and if they are correct, click Next to begin the installation. g. After installation is complete, in the Lotus QuickrServer Configuration window, click Next. 6. In the Congratulations dialog box, click Finish. b. c. d. e.
e. When prompted, type the number that corresponds to the language in which you prefer to read the Lotus Software Agreement. Press Enter to continue, then press Enter again to display the license agreement. f. When you have read the agreement, press 1 to accept the agreement and continue with the installation.
4-14
Note: Many of the following steps require that you accept a default or type a new value. To change a default, press Enter and type a new value. After you enter a new setting, press Enter to accept the change and continue with the installation. g. Specify the Domino program directory as the directory where the Lotus Quickr program files will be installed. The default Domino program directory is opt/ibm/lotus. You must install the Lotus Quickr program files to the directory that holds the Domino program files. Press TAB to continue. h. Specify the Domino data directory as the directory where the Lotus Quickr data files will be installed. The default Domino data directory is /local/notesdata. You must install the Lotus Quickr data files into the directory that holds the Domino data files. Press TAB to continue. i. Specify the UNIX user who will own the Lotus Quickr server files. This must be the same user who owns the Domino server files. j. Specify the UNIX group that will own the Lotus Quickr server files. This must be the same group that owns the Domino server files. The UNIX user specified in the previous step must be a member of this group. k. When the installation program displays Configuration of the Install program is complete, press TAB to review your installation settings. For example: v Installation type: New Upgrade. v v v v v Program directory: /opt/ibm/lotus Data directory: /local/notesdata UNIX user: UNIX user UNIX group: UNIX group Press TAB to install Lotus QuickPlace.
where PROGRAM_ID is the licensed program ID of the version you are upgrading from: v 5733LQP (Lotus Quickplace 6.5.1) v 5724J24 (Lotus Quickplace 7.0) To delete the hotfixes, type the following command and press Enter:
RMVPTF LICPGM(PROGRAM_ID) SELECT(PTF#)
3. Delete the Lotus QuickPlace licensed program by typing the following command and pressing Enter:
DLTLICPGM LICPGM(PROGRAM_ID)
where PROGRAM_ID is the licensed program ID of the version you are upgrading from: v 5733LQP (Lotus Quickplace 6.5.1) v 5724J24 (Lotus Quickplace 7.0) 4. Upgrade your Lotus QuickPlace server to a Domino release compatible with Lotus Quickr 8.0. For more information on installing Domino and upgrading your server, see the book Installing and Managing Domino for System i. 5. Prepare the Domino server for the addition of Lotus Quickr.
4-15
v If you plan to install Lotus Quickr in a language other than English, visit the Lotus Quickr for i5/OS Web site at the following address for a link to the latest information regarding Domino language versions and the additional steps that may be necessary to prepare the Domino server for your preferred language: http://www.ibm.com/systems/i/software/quickr/ v Start the Domino server and use Domino Administrator to edit the Server document. Verify that the Fully qualified internet host name field on the Basics tab contains the fully qualified name of the Domino server and not the name of the system. If necessary, edit the field and save the Server document. Before proceeding to the next step, end the Domino server. 6. Insert the Lotus Quickr for i5/OS CD in your systems optical drive. 7. On any i5/OS command line, type the following command and press F4:
LODRUN
8. On the LODRUN display, type the following value in the Device field and press Enter:
*opt
9. In the Directory field, type the following value and press Enter:
/os400
10. When the Lotus Quickr option screen appears, type a 1 beside the Lotus Quickr product option and press Enter to begin the installation. The system loads the Lotus Quickr programs to the appropriate system libraries and /QIBM directories. You will see status messages as the system installs the software. Note: If you already have Domino installed on your system and the server ID files are password protected, you will be prompted to enter the password. After the password has been entered, press Enter to continue with the installation of Lotus Quickr. If your server ID file has multiple passwords, the passwords must be entered one at a time. 11. If you prefer to use a non-English version of Lotus Quickr, you should install the Lotus Quickr Language Pack at this time. The Language Pack can either be installed from CD-ROM or downloaded from the Web. Language Pack installation instructions are included with the Language Pack as file Read1st. 12. Perform the following manual steps to ensure the Lotus Quickr home page uses the updated Version 8 template: a. Enter the following command on an i5/OS command line:
CPY OBJ(/server_data_dir/lotusquickr/*) TODIR(/server_data_dir/quickplace) SYMLNK(*YES) SUBTREE(*ALL) REPLACE(*YES) OWNER(*KEEP)
where server_data_dir is your server data directory. b. Open the notes.ini file and add the following line:
QuickPlaceSubdirectory=QuickPlace
c. Save and close the notes.ini file. 13. Start the Lotus Quickr server. Note: When you start the Domino server you also start the Lotus Quickr server. Upgrade the design of all databases on the server. See the topic Upgrading the design of databases on the server. 15. Upgrade places and PlaceTypes. See the topic Upgrading places and PlaceTypes. 16. Register the server and all places with the Place Catalog. See the topic Unregistering and re-registering places with the Place Catalog. 14. Note: Old PlaceTypes cannot be used to create new places, and old places cannot be used to create new PlaceTypes. Old places cannot be refreshed from their PlaceTypes, and old PlaceTypes cannot be refreshed from their places, until both are upgraded.
4-16
When the upgrade is finished, the qptool.upgrade.xml file is created in the Domino program directory. This file indicates if the upgrade was successful. qptool.upgrade.xml contains the following xml:
<?xml version="1.0"?> <service> <servers> <server> <hostname>servername</hostname> <placetypes/> <places/> <action_status action="upgrade"> <code>code number(0 if successful)</code> <message>error message(if theres an error)</message> </action_status> </server> </servers> </service>
Note: The qptool.upgrade.xml file is overwritten each time qptool upgrade is run. Therefore you should check this file to ensure that the upgrade was successful before continuing on to the next step, upgrading places and PlaceTypes.
4-17
To upgrade all places and PlaceTypes at once, enter the following command from the Domino server console:
load qptool upgrade -a
When the upgrade is finished, the file qptool.upgrade.xml is created by default in the Domino program folder. This file indicates whether the upgrade was successful. It contains the following xml:
<?xml version="1.0"?> <service> <servers> <server> <hostname>servername/hostname> <placetypes/> <places> <place> <name>placename</name> <action_status action="upgrade"> <code>code number(0 if successful)/code> <message>error message(if theres an error)/message> </action_status> </place> </places </server> </servers> </service>
When the upgrade is finished, the file qptool.upgrade.xml is created by default in the Domino program folder. This file indicates whether the upgrade was successful. It contains the following xml:
<?xml version="1.0"?> <service> <servers> <server> <hostname>servername</hostname> <placetypes/> <places/> <action_status action="upgrade"> <code>code number(0 if successful)</code> <message>error message(if theres an error)</message>
4-18
2. From the Domino server console, enter the following command to re-register all places:
load qptool register -a -placecatalog
When unregistration or registration is finished, the file qptool.register.xml is created by default in the Domino program directory. This file indicates whether the command was successful, for example:
<?xml version="1.0"?> <service> <servers> <server> <hostname>servername</hostname> <places> <place> <name>placename</name> <action_status action="RegisterInPlaceCatalog"> <code>code number(0 if successful)</code> <message>error message(if theres an error)</message> </action_status> </place> </places> </server> </servers> </service>
4-19
Note: You can specify multiple places, separated by spaces. 2. From the Domino server console, enter the following command to re-register the place or places:
load qptool register -p place -placecatalog
When unregistration or registration is finished, the file qptool.register.xml is created by default in the Domino program directory. This file indicates whether the command was successful, for example:
<?xml version="1.0"?> <service> <servers> <server> <hostname>servername</hostname> <places> <place> <name>placename</name> <action_status action="RegisterInPlaceCatalog"> <code>code number(0 if successful)</code> <message>error message(if theres an error)</message> </action_status> </place> </places> </server> </servers> </service>
4-20
4. In the Tools pane at the right, click Database Compact. Or drag the selected database(s) to the Compact tool. 5. Optional: Select options to control how the Compact task runs. 6. Click OK.
2. (i5/OS only) Enter the following command to ensure that QNOTES is still the owner of the file:
CHGOWN OBJ(<ST_server_data_dir>/Domino/html/QuickPlace/peopleonline/*) NEWOWN(QNOTES)
3. Start the LDAP directory server, then start the IBM Lotus Sametime server, and then IBM Lotus Quickr server.
4-21
a. Download the Lotus Sametime Software Development Kit (SDK) Version 7.5x to a convenient directory. This directory does not have to be on the Lotus Sametime server. You can find the kit at the IBM developerWorks web site at http://www.ibm.com/developerworks/lotus/downloads/ toolkits.html. b. Extract the download file to a convenient directory. c. Copy the files listed below to the QuickPlace\peopleonline subdirectory on the Lotus Sametime server:
File name STComm.jar Copy from client\stjava\bin subdirectory of the extracted SDK Copy to \Domino\html\QuickPlace\ peopleonline subdirectory of the Lotus Sametime server data directory \Domino\html\QuickPlace\ peopleonline subdirectory of the Lotus Sametime server data directory
CommRes.jar
d. (IBM i5/OS only) Enter the following command to ensure that QNOTES is the owner of each of the files:
CHGOWN OBJ(<ST_server_data_dir>/Domino/html/QuickPlace/peopleonline/*) NEWOWN(QNOTES)
2. To upgrade the Web conferencing integration after the Lotus Sametime upgrade: a. Open the notes.ini file on the IBM Lotus QuickPlace server. b. Edit the JavaUserClassesExt setting in the notes.ini file. If upgrading from Lotus QuickPlace 6.5.1, note that the entries for the xercesImpl.jar, xalan.jar, xml-apis.jar, and ibmjsee.jar files are no longer needed for Lotus Sametime releases after 6.5.1 and should be removed: v (Microsoft Windows) Edit the JavaUserClassesExt setting so it appears as follows; where a path is indicated, substitute your own Domino program directory path.
JavaUserClassesExt=QPJC1,QPJC2,QPJC3,QPJC4 QPJC1=C:\PROGRAM FILES\LOTUS\DOMINO\quickplace.jar QPJC2=C:\PROGRAM FILES\LOTUS\DOMINO\log4j-118compat.jar QPJC3=C:\PROGRAM FILES\LOTUS\DOMINO\STCore.jar QPJC4=C:\PROGRAM FILES\LOTUS\DOMINO\STMtgManagement.jar
v (IBM AIX) Edit the JavaUserClassesExt setting so it appears as follows; where a path is indicated, substitute your own Domino program directory path.
JavaUserClassesExt=QPJC1,QPJC2,QPJC3,QPJC4 QPJC1=/opt/lotus/notes/<latest>/ibmpow/quickplace.jar </latest> QPJC2=/opt/lotus/notes/<latest>/ibmpow/log4j-118compat.jar </latest> QPJC4=/opt/lotus/notes/<latest>/ibmpow/STMtgManagement.jar </latest>
v (Sun Solaris) Edit the JavaUserClassesExt setting so it appears as follows; where a path is indicated, substitute your own Domino program directory path.
JavaUserClassesExt=QPJC1,QPJC2,QPJC3,QPJC4 QPJC1=/opt/lotus/notes/<latest>/sunspa/quickplace.jar QPJC2=/opt/lotus/notes/<latest>/sunspa/log4j-118compat.jar QPJC3=/opt/lotus/notes/<latest>/sunspa/STCore.jar QPJC4=/opt/lotus/notes/<latest>/sunspa/STMtgManagement.jar
v (i5/OS) Edit the JavaUserClassesExt setting so it appears as follows. The path name shown is the recommended one for storing the STCore.jar and STManagement.jar files. If currently you use a different directory, you can continue to use it or you can copy the files to the recommended directory.
JavaUserClassesExt=LQPJava1,LQPJava2,LQPJava3,LQPJava4 LQPJava1=/QIBM/ProdData/Lotus/QuickPlace/quickplace.jar LQPJava2=/QIBM/ProdData/Lotus/QuickPlace/log4j-118compat.jar LQPJava3=/QIBM/UserData/Lotus/QuickPlace/STCore.jar LQPJava4=/QIBM/UserData/Lotus/QuickPlace/STMtgManagement.jar
4-22
c. Save and close the notes.ini file. d. Copy files from the Lotus Sametime server to the Lotus Quickr server, as indicated in the following tables: On Windows
File STMtgManagement.jar Copy from Domino program directory of the Lotus Sametime server, for example: C:\Program Files\Lotus\Domino STCore.jar Domino program directory of the Lotus Sametime server. Domino program directory of the Lotus Sametime server. Domino program directory of the Lotus Sametime server. Copy to Domino program directory of the Lotus Quickr server, for example: C:\Program Files\Lotus\Domino Domino program directory of the Lotus Quickr server. Domino program directory of the Lotus Quickr server. Domino program directory of the Lotus Quickr server.
ServiceLocator.properties
sametime.ini
On AIX:
File STMtgManagement.jar Copy from Domino program directory of the Lotus Sametime server, for example: /opt/lotus/notes/<latest>/ibmpow/ STCore.jar Domino program directory of the Lotus Sametime server. Copy to Domino program directory of the Lotus Quickr server, for example: /opt/lotus/notes/<latest>/ibmpow/ Domino program directory of the Lotus Quickr server.
ServiceLocator.properties
Lotus Sametime server data directory, Lotus Quickr server data directory, for example: for example: /opt/notesdata /opt/notesdata
sametime.ini
Lotus Sametime server data directory. Lotus Quickr server data directory.
On Solaris:
File STMtgManagement.jar Copy from Domino program directory of the Lotus Sametime server, for example: /opt/lotus/notes/<latest>/sunspa/ STCore.jar Domino program directory of the Lotus Sametime server. Copy to Domino program directory of the Lotus Quickr server, for example: /opt/lotus/notes/<latest>/sunspa/ Domino program directory of the Lotus Quickr server.
4-23
File ServiceLocator.properties
Copy from
Copy to
Lotus Sametime server data directory, Lotus Quickr server data directory, for example: for example: /opt/notesdata /opt/notesdata
sametime.ini
Lotus Sametime server data directory. Lotus Quickr server data directory.
On i5/OS:
File STMtgManagement.jar Copy from The following directory on the system where you installed Lotus Sametime: /qibm/proddata/lotus/sametime Copy to The directory specified in the JavaUserClassesExt setting in Step 2b on the system where you installed Lotus Quickr, for example: /QIBM/UserData/Lotus/ QuickPlace/ STCore.jar The following directory on the system where you installed Lotus Sametime: /qibm/proddata/lotus/sametime ServiceLocator.properties sametime.ini Lotus Sametime server data directory. Lotus Quickr server data directory. Lotus Sametime server data directory. Lotus Quickr server data directory. The directory specified in the JavaUserClassesExt setting in Step 2b.
e.
(IBM i5/OS only) Use the CHGOWN command to change the owner of the files copied in the previous step to QNOTES. For example, enter the following commands:
CHGOWN OBJ(/qibm/userdata/lotus/quickplace/ST*) NEWOWN(QNOTES) CHGOWN OBJ(<QP_server_data_directory>/sametime.ini) NEWOWN(QNOTES) CHGOWN OBJ(<QP_server_data_directory>/ServiceLocator.properties) NEWOWN(QNOTES)
4-24
6. Copy the file HaikuCommonForms.ntf, located in the directory C:\Lotus\Domino\data\LotusQuickr\ AreaTypes\, to the directory C:\Lotus\Domino\data\QuickPlace\AreaTypes\. 7. Open the notes.ini file in the domino_server_root directory with a text editor. 8. Specify the following settings, replacing the existing QuickPlace values:
QuickPlaceSubdirectory=LotusQuickr DisableUserCacheForUrl=/LotusQuickr/ DisableUserLookupForUrl=/LotusQuickr/
9. Close and save the file. 10. Start the Lotus Quickr server.
2. Use a file system command to copy the places directory and contents from the domino_data_root\ QuickPlace directory on the original server to the domino_data_root\LotusQuickr directory on the target server. 3. Enter the following command on the Lotus Quickr 8 server to unlock the place you copied:
load qptool unlock -p placename
4. Enter the following command on the Lotus Quickr 8 server to upgrade the place:
load qptool upgrade -p placename
5. Enter the following command on the Lotus Quickr 8 server to update the places information in the place and in the Place Catalog:
load qptool register -p placename -install
6. Enter the following command to delete the place from the original server:
Installing services for Lotus Domino
4-25
7. Run the Domino server compact task on the places databases on the Lotus Quickr server. This step upgrades the database format and results in improved performance. For more information on upgrading databases, see Domino Administrator Help. If the original and target servers use different user directories, and the external members of a place have different distinguished names in each directory, use the qptool changemember or changehierarchy command to change the names in the place so these users can continue to access it. Related tasks Upgrading to Lotus Quickr 8 on page 4-11 Follow the steps below in the order indicated to upgrade IBM Lotus QuickPlace Version 6.5.1 or 7.0 to IBM Lotus Quickr Version 8.0. The process of upgrading a server and places is separated into independent stages. This separation minimizes the downtime required to upgrade. After you upgrade a server, you can choose to upgrade places and PlaceTypes to enable new features in them when it is convenient. Users can continue to work in their existing places before you upgrade places and PlaceTypes, and can continue to create new places and PlaceTypes, as long as they do not use existing places or PlaceTypes to create them. The existing places remain available except when they are locked for the relatively short time when they are being upgraded.
4-26
Configuring multi-server single sign-on authentication on page 11-1 With multi-server single sign-on, users can log in to a server once and during that session access servers enabled for single sign-on in the DNS domain without providing names and passwords again.
Related tasks Installing on Windows on page 4-1 Perform the following steps to install IBM Lotus Quickr on a Microsoft Windows system. Installing on AIX or Solaris on page 4-2 Perform the following steps to install IBM Lotus Quickr on an IBM AIX or Sun Solaris system. Installing on IBM i5/OS on page 4-3 This section provides instructions on how to install IBM Lotus Quickr on IBM i5/OS. Upgrading to Lotus Quickr 8 on page 4-11 Follow the steps below in the order indicated to upgrade IBM Lotus QuickPlace Version 6.5.1 or 7.0 to IBM Lotus Quickr Version 8.0. The process of upgrading a server and places is separated into independent stages. This separation minimizes the downtime required to upgrade. After you upgrade a server, you can choose to upgrade places and PlaceTypes to enable new features in them when it is convenient. Users can continue to work in their existing places before you upgrade places and PlaceTypes, and can continue to create new places and PlaceTypes, as long as they do not use existing places or PlaceTypes to create them. The existing places remain available except when they are locked for the relatively short time when they are being upgraded.
4-27
Related tasks Installing on Windows on page 4-1 Perform the following steps to install IBM Lotus Quickr on a Microsoft Windows system.
4-28
Installing connectors
Connectors enable your users to work with documents on an IBM Lotus Quickr server from IBM Lotus Notes, IBM Lotus Sametime, Microsoft Windows Explorer, and Microsoft Office applications. Users install connectors themselves. Administrators can control which servers are available for collaborative connector installations, which are installations user initiate by sending others links to connector download locations.
where value is the fully-qualified host name of a Lotus Quickr server to use. v To prevent collaborative installations from a particular server, leave the connector_install_url element blank:
<webservices enabled="true"> <connector_install_url></connector_install_url> </webservices>
3. Save the modified file. 4. Enter the following command at the server console to restart the HTTP task:
restart task http
For example, to use the server quickr.acme.com for collaborative installations, specify the following settings:
<webservices enabled="true"> <connector_install_url>http://quickr.acme.com/qkrconn.msi</connector_install_url> </webservices>
Related concepts
5-1
Whats new? on page 4-11 Read about the new features in this release. Related information Creating and using the qpconfig.xml file on page 6-3 You use an XML configuration file, qpconfig.xml file, to perform many server configuration tasks. The server comes with a sample file, qpconfig_sample.xml, which is installed in the server data directory and which you use as a template.
5-2
For example, if you used the default Domino program directory and want to run the server console in the background, enter:
/opt/ibm/lotus/bin/server &
2. On the Work with Domino Servers display, type 1 in the Opt column next to the Lotus Quickr server you wish to start and press Enter. 3. If the server is password protected, type 8 next to the Lotus Quickr server to work with the console, and press Enter. 4. Enter the password at the appropriate prompt. 5. Press F3 to exit the console.
6-1
Tip: You can also start the server by entering STRDOMSVR SERVER(servername) where servername is the name of the Lotus Quickr server. 6. Periodically press F5 to refresh your screen and wait for the server status to be *STARTED. Note: Starting the server may take a few minutes. You can verify that the HTTP task and the Lotus Quickr task have started by displaying the console, which is option 5 from the Work with Domino Servers display. 7. You can verify that the Lotus Quickr server has started by using a Web browser to access the server home page at the following URL: http://DominoServerName:port/Quickr where DominoServerName is the fully qualified host name of the Lotus Domino server and port is the TCP/IP port number. Note: Specifying a port number is only required if the port defined for Lotus Quickr is not the default port 80.
or
quit
2. On the Work with Domino Servers display, type 6 in the Opt column next to the IBM Lotus Quickr server and press Enter. Note: This will stop the server in a controlled state. 3. Press Enter to confirm your server selection. Tip: You can also stop the server by entering the following command: ENDDOMSVR SERVER(servername) where servername is the name of the Lotus Quickr server. 4. Periodically press F5 to refresh your screen and wait for the server status to be *ENDED. Note: Stopping the server may take a few minutes. You can verify that all server jobs have ended by viewing the Work with Active Jobs display, which is option 9 from the Work with Domino Servers display.
6-2
5. From the Work with Domino Servers display, record the subsystem that is used by the Lotus Quickr server. 6. On the command line, type the following command and press Enter:
WRKSBS
7. In the Opt column next to the subsystem you recorded in step 5, type 4 and press Enter to end the subsystem. 8. Press Enter to confirm your subsystem selection. 9. Press Enter again to return to the Work with Domino Servers display.
4. Remove the following two lines from the located section, to enable the sample settings between the lines
<!-=================== START OF SAMPLE ====================== =================== END OF SAMPLE ======================== -->
5. Modify the sample settings as needed. For example, to configure a server to use a Place Catalog on the remote server, qkcat/acme, change the sample values from this:
<place_catalog enabled="true" log_level="0"> <connection_pool size="8"/> <place_catalog_servers> <server> <domino_server_name>qpcat/IBM</domino_server_name> <nsf_filename>PlaceCatalog.nsf</nsf_filename> </server> </place_catalog_servers> </place_catalog>
to this:
<place_catalog enabled="true" log_level="0"> <connection_pool size="8"/> <place_catalog_servers> <server> <domino_server_name>qkcat/acme</domino_server_name>
6-3
6. Close the file and save it in the server data directory, for example, save it in C:\Program Files\Lotus\Domino\Data. 7. Type the following command to restart the HTTP task so that the server recognizes the changes:
restart task http
Related concepts Sample user directory settings on page 8-14 If IBM Lotus Quickr control directory services, the following qpconfig.xml customizations are examples of ones you might use on Sun Java System Directory Server Server or IBM Tivoli Directory Server. Related tasks Configuring the qpconfig.xml file for online meetings on page 12-9 Specify online meeting settings in the qpconfig.xml file on the Lotus Quickr server. Using qpconfig.xml settings to configure notifications on page 14-9 Use the qpconfig.xml file to specify a variety of user notification settings. For example use qpconfig.xml settings to specify the text displayed in the password prompt of place invitations or to specify whether notifications sent to groups show the members of the groups. Using Lotus Quickr login passwords for offline use on page 13-11 Use the qpconfig.xml file to enable users to use their IBM Lotus Quickr login passwords when they log in to any offline places so they do not have to remember a separate password for each offline place. Customizing searches for login names on page 8-9 When an external member logs in to a place, by default the server searches the cn, uid, and shortname attributes in the LDAP directory for matches to the login name. You can use the qpconfig.xml file to specify other attributes for which to search. Customizing the search hint in the directory lookup interface on page 8-12 By default the directory lookup interface prompts users to search for user names by typing last name, first name. If you have customized the user lookup search, also customize the search hint to reflect the change. Customizing the search used to determine group membership on page 8-11 After the server authenticates a user, it searches for all the groups of which the user is a member, in order to determine user access to places through group membership. By default the server searches for the users names in the member attribute of groups defined as as objectclass=groupOfNames You can use the qpconfig.xml file to specify a different attribute for which to search and a different group object class definition. Customizing the search base used for group searches on page 8-14 By default, the search base you specify when you connect to an LDAP directory server is used for both user and group searches. You can use the qpconfig.xml file to specify a search base specifically for group searches. Customizing the group lookup search on page 8-10 When someone types the name of a group in the directory lookup interface to search for a group name to add as a place member, by default the server searches for the group name in the cn attribute of groups defined as objectclass=groupOfNames You can use the qpconfig.xml file to specify a different attribute for which to search and a different group object class definition. Customizing SSL connections on page 8-15 If you selected the option Check for SSL connection with LDAP user directory when you set up the connection to the LDAP directory server, optionally use qpconfig.xml settings to customize the Secure Sockets Layer (SSL) connection.
6-4
Customizing search filters on page 8-8 If IBM Lotus Quickr control directory services, you can use the qpconfig.xml file to customize the attributes it looks for during various types of searches. Customizing the display of search results on page 8-13 By default, when a user searches for users in the directory, the search results show the values for the sn and givename attributes in the first column, distinguished names in the second column, and the sn attribute in the range field at the top of the search results box. To display different attribute values, change the values for the member_lookup_ui and search_ui_index elements in the qpconfig.xml file. Opening places in a new browser window on page 15-1 Places opened through My Places open in the current browser window, by default. Use the qpconfig.xml file to open places accessed through My Places in a new browser window, instead. Disabling page compression on page 14-7 By default IBM Lotus Quickr compresses the content in HTML pages it transmits to clients if the browser supports compression. If the browsers in your environment do not support page compression, you can use the qpconfig.xml file to disable it. Specifying who has super user access from a browser on page 11-8 Use the qpconfig.xml file to specify who has super user access to the server when accessing it from a browser. You can specify only one name as a super user, either an external user or an external group name. Blocking HTML attachments that contain cross-site scripts on page 11-14 By default, users can attach HTML files that contain cross-site scripts to posts. Cross-site scripts can run on other users browsers. For tighter security, use the qpconfig.xml file to prevent users from attaching HTML files that contain cross-site scripts. Hiding the Work Offline link from users on page 13-12 At times you might want to hide the Work Offline link to prevent users from installing places offline, for example, during server maintenance. Using a custom application for My Places on page 15-2 Use the qpconfig.xml file to specify a URL to call a custom portal application for displaying My Places. Customizing the user lookup search on page 8-9 When someone types a name in the directory lookup interface to search for name to add as a place member, by default the server expects a last name, optionally followed by a comma (,) and first name, and searches for the last name in the sn attribute and the first name in the givenname attribute. By default the server also assumes that names are found in entries defined as objectclass=person. You can use the qpconfig.xml file to specify other attributes for which to search and a different object class definition. Customizing the attributes displayed for users and groups on page 8-8 Users and groups in an LDAP directory are described by a variety of attributes. For example, the value for a users first name is often stored as the givenname attribute and the last name as the sn (surname) attribute. Not all LDAP directories define attributes in the same way. Preventing caching of pages that contain data on browsers on page 11-16 By default, the server caches on browsers all IBM Lotus Quickr pages that users access. As a security measure, use the qpconfig.xml file to allow the server to cache only pages that do not contain data. Blocking specific protocols referenced in link URLs on page 11-14 By default, the server posts pages that contain links without considering the protocols specified in the link URLs. For tighter security, use the qpconfig.xml file to prevent the server from posting pages with URL links that reference specific protocols. Enabling or disabling context menus or document drag-and-drop on page 14-1 You can use the qpconfig.xml file to control the extent to which context menus are enabled in the user interface. Context menus are menus that are available from documents, folders, user names, and My Places by hovering over a drop-down arrow. You can also enable or disable the ability to drag and drop documents in folders. Context menus and document drag-and-drop are enabled by default.
6-5
Displaying user images and user information in user context menus on page 14-2 The Lotus Quickr user interface provides context menus next to member names. You can use the qpconfig.xml file to display images and LDAP directory attributes of external members in these context menus. The images are accessed through a Web service URL that you specify. Specifying a footer that appears on all pages on page 14-2 You can use the qpconfig.xml file to specify an HTML footer to display on the bottom of all pages in all places on the server. For example you might specify a corporate logo, administrative message, or corporate disclaimer. Clearing Lotus Quickr files from the Internet Explorer cache on page 11-15 As a security measure, configure the server to clear the IBM Lotus Quickr files (files from any URL that contains /quickplace/ or /quickr/ ) from the browser cache when users click Log Out from places. This feature is supported for Internet Explorer only. Hiding the Log In and Log Out links on page 11-15 After a user logs in to a place, the interface displays the Log Out link, and when the user logs out, the Log In link. You can hide the Log In and Log Out links after a user logs in. You might want to do this if single sign-on is enabled on the server, or if the server is running on a public pedestal, for example, at a trade show. Setting up the Place Catalog for a cluster on page 10-3 To ensure that a shared Place Catalog works properly for servers in a cluster, replicate the Place Catalog on the Place Catalog server to the other IBM Lotus Quickr servers in the cluster, and specify the details of the cluster environment in the qpconfig.xml file of each server in the cluster. All servers in a cluster should use the same qpconfig.xml settings. Preventing the use of connectors on page 12-1 Connectors are available for use by default, but you can prevent them from being used. Displaying CGI variables in HTML source pages on page 14-7 By default, IBM Lotus Quickr HTML source pages viewed through a browser do not display Common Gateway Interface (CGI) variables because they contain potentially sensitive information, for example information about the remote host and its users. However, you can enable the display of CGI variables, for example if you want to copy the variables from the source pages for use in custom applications. Configuring the Place Catalog on page 9-1 The Place Catalog is a database that collects information about IBM Lotus Quickr places and servers. A local Place Catalog is enabled by default on each Lotus Quickr server. You can customize the Place Catalog configuration, for example, set up a Place Catalog server, which is a server with a Place Catalog that multiple servers share. Enabling expanded membership on the server on page 11-11 To enable expanded membership on the server, use the qpconfig.xml file. Configuring collaborative installations on page 5-1 Users of the connector for Lotus Sametime and the connector for Lotus Notes can invite others to download the connectors by sending URL links to the servers to use for the downloads. You can configure which servers to use for these collaborative installations. Configuring cross-place searching on page 18-1 Configure cross-place searching to enable external place members to use the advanced search feature to search multiple places. Translating LDAP distinguished names for offline use on page 13-7 Domino recognizes only distinguished names that contain the traditional Domino CN,OU, O, and (optionally) C components. If the distinguished names of external members in an LDAP directory do not follow this model and you use Domino Off-Line Services with IBM Lotus Quickr, you must use qpconfig.xml settings to translate users names into a format that Domino recognizes, and then translate those names back into their original LDAP format. Related information A second cn component in distinguished name is preventing user authentication on page 36-1
6-6
In a third-party authentication environment, users with multi-character delimiters in their names are unable to authenticate on page 36-2 In a third-party authentication environment, users with non-standard names are unable to authenticate on page 36-1
Using qptool
qptool is a server task that you run with commands and associated arguments to perform a variety of administration tasks related to managing places and place membership. You can run qptool from the IBM Lotus Quickr server console or from an operating system command prompt. Use qptool while the server is running. Perform the following steps to run qptool from the server console:
load qptool [command] [arguments]
Perform the following steps to run qptool from the command prompt: 1. Navigate to the Domino program directory (the root installation directory). For example, navigate to C:\Program Files\Lotus\Domino. 2. Enter one of the following commands: v On Microsoft Windows:
nqptool [command] [argument]
v On IBM i5/OS:
qptool server [servername][command] [arguments]
where [servername] is the name of the Lotus Quickr vserver. For example, to lock a place called place1 by running qptool from the server console, enter the following command:
load qptool lock -p place1
The Place Catalog reflects changes that result from qptool commands. You can also run qptool from a batch file or other program.
2. Click Login and type a Lotus Quickr server administrator user name and password, for example, the name and password of the local administrator created during installation. 3. Click Site Administration. 4. Click Security to control access to the server, for example, to control who can create places and who can use Site Administration to perform administration tasks. 5. Click User Directory to connect to a user directory to maximize the features that are available to you and to make user management easier. 6. Click Other Options to perform any of the following configuration tasks:
Understanding the basics
6-7
Disable support for ActiveX file attachment and import features. Disable support for Java applet rich text features. Disable form agents (PlaceBots). Change the maximum allowed attachment size. Connect to IBM Lotus Sametime servers to enable Lotus Sametime features in places. Specify an offline passthru server or specify an alternate download location for installation of the offline client software. v Configure an email URL prefix. v Disable calendar subscriptions. Related information Configuring access to the server on page 11-5 A user with administrator access controls who has administrator access to the IBM Lotus Quickr server, who can create places on the server, and who has super user access to the server. v v v v v v User directories on page 8-1 When you set up directory services to connect the server to a user directory, administrators and place managers can add members to places by selecting names from the directory. Without a user directory, they must instead register local members in the membership database (Contacts1.nsf) of individual places. Disabling ActiveX on page 14-6 ActiveX controls are enabled by default, providing Internet Explorer users with additional file attachment and file import features. You can disable ActiveX controls. You might want to do this, for example, if you do not allow user installation of ActiveX controls and want to prevent users from seeing the prompt to install them, or if you want to provide a homogenous user experience for all browser users. Disabling Java applets on page 14-7 Java applets, enabled on the server by default, allow users who do not use Internet Explorer to use rich text controls (bold, italic, and so forth) when editing. You can disable Java applets on the server. Disabling form agents (PlaceBots) PlaceBots, known as agents in IBM Lotus Domino, are enabled by default. Place managers can import PlaceBots in custom forms, to run when pages are created from the forms. You can disable form PlaceBots, for example, for tighter security. Changing the maximum allowed attachment size on page 14-5 You can change the maximum size allowed for file attachments. By default, attachments can be no larger than 50MB. You can also remove the maximum attachment size restriction, and allow only system limitations, for example, IBM Lotus Domino attachment size limits or available disk space, to restrict attachment size. Enabling Lotus Sametime features in places on page 12-2 You can enable the awareness, instant messaging, and Web conferencing (meeting) features of IBM Lotus Sametime in places. Then members of a place can see when other members are online, chat with other members, and schedule and participate in online meetings with other members all from within the place. Setting up Lotus Quickr for offline use on page 13-1 Domino Off-Line Services provides the means for users to take places offline, make changes to the places, and then synchronize the changes with the online version on the server. A user must be an individual member of a place to take it offline; users who access a place through group membership cannot take places offline. Configuring an email URL prefix when using a gateway server on page 14-9 Use the Site Administration link to specify an alternate email URL prefix if the server is accessed through a gateway server. The prefix is used in place links displayed in outgoing e-mail messages.
6-8
Disabling calendar subscriptions on page 14-9 By default, place members have subscriptions to receive e-mails that are integrated with their personal calendars. You can use the Site Administration link to disable these subscriptions.
6-9
6-10
3. On the Work with Domino Servers display, type a 2 in the Opt column next to the server name and press Enter. 4. On the Change Domino Server display, make any necessary changes to the values and press Enter. 5. Restart the Lotus Quickr server to make the changes take effect.
2. Press Page Down until you see the object link called wpdic.dic displayed. 3. Enter option 7 next to the wpdic.dic object link to rename the object. 4. In the New Object field, change the name of the object link to the following and press Enter:
wpdic.bak
5. Select the language file that you want to use and enter option 7 to rename the file. 6. In the New Object field change the name of the object link to the following and press Enter:
wpdic.dic
7-1
that you assign a separate TCP/IP address to each server and that you bind each server to its assigned IP address. In addition, be sure that your server can handle the workload. For more information, see the following: v The topic Preparing your TCP/IP connection v The document Installing and Managing Sametime 8 for i5/OS v Technote #1091353, Sametime for iSeries: Can Sametime and QuickPlace Be Installed on the Same System? You can find this technote by searching for 1091353 at the following Web site http://www.ibm.com/software/support
7-2
User directories
When you set up directory services to connect the server to a user directory, administrators and place managers can add members to places by selecting names from the directory. Without a user directory, they must instead register local members in the membership database (Contacts1.nsf) of individual places. Connecting to a user directory maximizes the features that are available to you. The following features are supported only when a user directory is in use: v IBM Lotus Sametime features integrated in places v Expanded membership v My Places v Single sign-on authentication v Super user access to the server v User names in double-byte character sets Connecting to a user directory also provides these user management features: v User information is managed in a central location, rather than in individual places. v External members use the same name and password to access any place of which they are a member, whereas local members might have different user names and passwords in each place. v Many of the qptool commands that enable you to manage member information for multiple places at once are available only for external members. For example, you can use the qptool addmember command to add external members to places, but not to add local members. If you connect to a user directory, local membership is still supported. The local administrator specified during installation is a local member of the servers Site Administration place. Related information Using the Site Administration link on page 6-7 When you log in to the server as an IBM Lotus Quickr administrator, you have access to the Site Administration link on the home page. From there you can set up a connection to a user directory, control access to the server, as well as specify other configuration options.
Copyright IBM Corp. 2007
8-1
Supports only Domino basic Supports any user authentication name-and-password authentication or method configured on the Lotus multi-server session-based (single Domino server sign-on) authentication. Not supported and Domino server cannot use Supports one LDAP directory, and an optional additional LDAP directory for Lotus Quickr expanded membership use Supported Supported Supports access to any directory that Lotus Domino server can access, including multiple directories accessed through Domino directory assistance Not supported
Secure Sockets Layer (SSL) connections SSL protocol to use Whether expired SSL certificates accepted Whether server certificate must include host name
qpconfig.xml
Different search bases for groups and qpconfig.xml users Control of attributes that display in Lotus Quickr interface qpconfig.xml
8-2
Table 8-2. Location of LDAP directory connection options (continued) Option Control of attributes that display in Lotus Quickr directory lookup interface Searches narrowed to names that are part of place name Distinguished names that do not conform to the Domino naming convention Custom search filter for user authentication Custom search filter for group authorization Custom search filter for adding group members to places Custom search filter for adding user members to places Control whether nested groups are searched Control levels of nested group searches Search timeout Location when Lotus Quickr controls directory services qpconfig.xml Location when Lotus Domino controls directory services None
None
qpconfig.xml
qpconfig.xml
qpconfig.xml
None
qpconfig.xml
None
qpconfig.xml
notes.ini
None
Maximum entries returned Attribute to be used as name in SSO token Control over alias dereferencing
None
8-3
Table 8-3 summarizes the differences users see when accessing places through external group membership.
Table 8-3. Behavior differences when accessing places through membership in external groups Feature Current user link User experience when accessed through external group membership Link shows the members name rather than the group name. There is no member profile available through the link. When a member of a group edits a page, other members of the group do not see the status of the page as checked out. Members list shows the group name rather than the names of the members. Member profile for the group shows the group name. Members of the group do not have profiles, unless they also have access through individual membership. Page author shows the members of a group rather than the group name. You can search by member of a group, not by group name. A place invitation is sent to each member of a group. A page notification shows the e-mail address of the member of the group who sent it. The sender can send to the group name or can select specific members to send to. Ability to select specific members is controlled through the qpconfig.xml file. Members of a group cannot receive whats new e-mails or calendar event subscriptions because they do not have profiles in which to set the preferences to receive them. Members of groups cannot submit or approve workflow pages because they dont have a required Member profile. Customizations to the member lookup interface do not apply to groups. Awareness is not available for members of a group from the Members Online window, but is available elsewhere in the context of a place. Members of groups cannot work offline.
Editor access
Custom member lookup interface controlled through the qpconfig.xml file (when IBM Lotus Quickr controls directory services) IBM Lotus Sametime awareness
Work offline
8-4
Table 8-4. Support for special characters in names (continued) Special character > & : ; ^ , (comma) = ( ) # \ / | * + (apostrophe) Allowed for local users No No No No No No No No No No No No No No No No Yes Allowed for local groups No No No No No No No No No No No No No No No No Yes Allowed for external users and groups No Yes No No Yes Yes Yes Yes Yes Yes Yes Yes No No Yes No Yes
8-5
d. Click Change Directory. e. In the Type list select Domino Server. f. Select one of the following options v To allow place managers to create local members, click Allow managers to create new users in each place. v To prevent place managers from creating local members and require them to select members from a user directory, click Disallow new users. 3. Click Next. Make sure to complete this step so your changes take effect. Note: When Domino controls directory services, you cannot use expanded membership. For information on setting up directory services on the Domino server, see the Directory Services section in the Contents view of Domino Administrator Help.
Or to make the same change in all places, use the following command:
load qptool changehierarchy -sourceh ou=boston,o=acme -targeth ou=boston/o=acme -a
3. Restart the server by entering the following command at the server console:
restart server
8-6
9. Optional: Select Check for SSL connection with LDAP user directory. If you select this option and SSL is configured on the Lotus Quickr server and the LDAP server, the Lotus Quickr server will initiate all requests to the LDAP user directory as SSL encrypted requests. 10. Optional: In the Search base field type a distinguished name that represents the location in the directory name hierarchy at which to begin searches, for example, o=acme, ou=sales,o=acme, or dc=acme,dc=com. By default the Search base you specify applies to both user and group searches. However, you can use the qpconfig.xml file to specify a different search base for group searches. 11. Optional: Click Narrow searches to the place name to confine searches launched from a place to user directory names that include the name of that place. For example, with this option checked, if a user does a directory search from a place called Sales Support, the search looks only for users who have Sales Support in their user names. Important: Do not select this setting if your organization uses only three organizational units in names, because it will restrict you to a maximum of three places. 12. If a user name and password are required to access directory information on the LDAP server, perform the following steps: a. Click Check to use credentials specified below when searching the directory. b. Type the user name, an LDAP distinguished name, for example cn=admin,o=acme. c. Type the password. Note: If the password has an expiration date, make a note of it, because you will need to update this field with a new password then. 13. Optional: In the Authentication Timeout and Search Timeout fields, change the maximum amount of time, in seconds, the server can take to authenticate a user from the user directory or to perform a search. The default value for both time-out settings is 120 seconds and is adequate in most environments. If connections to the LDAP server are very slow, consider increasing the time-out values. If connections are very fast, consider reducing the values. If you leave the fields blank, the default settings are used. The LDAP server might also have time-out limits configured. In this case, the effective time-out limits are whichever are lowest between the Lotus Quickr server and the LDAP server. Note: Specifying 0, which allows the Lotus Quickr server to take an unlimited amount of time for user authentication and searches, is not recommended. 14. Select one of the following options: v To allow place managers to create local members, select Allow managers to create new users in each place. v To prevent place managers from creating local members and require them to select members from a user directory, click Disallow new users. 15. Click Next. Make sure to compete this step so your changes take effect. If in the future you want to change the LDAP directory that uses, repeat these steps. If there are distinguished names in the new directory that are different from the names in the original directory, use the qptool changehierarchy or changemember command to update the names in places. Note: The distinguished names of users and groups should be unique. If there are two identical distinguished names in the directory, only one of the names can be added to a place as a member. If two distinguished names are identical, add a middle initial or other distinguishing character to one of the names to make each name unique.
8-7
Note: Using distinguished names as the display name is not supported. 2. Save the modified qpconfig.xml file. 3. Enter the following command at the server console to restart the HTTP task on the server:
restart task http
4. If there are existing places, use the qptool updatemember command to update places to reflect the change. This step is not necessary if you have updated only attributes that are used in authentication, for example <display_name>, because these are updated automatically when you restart the http task. If your LDAP directory server allows anonymous access, ensure it will return the attributes you specify. Related information Creating and using the qpconfig.xml file on page 6-3 You use an XML configuration file, qpconfig.xml file, to perform many server configuration tasks. The server comes with a sample file, qpconfig_sample.xml, which is installed in the server data directory and which you use as a template.
8-8
Creating and using the qpconfig.xml file on page 6-3 You use an XML configuration file, qpconfig.xml file, to perform many server configuration tasks. The server comes with a sample file, qpconfig_sample.xml, which is installed in the server data directory and which you use as a template. Customizing searches for login names: When an external member logs in to a place, by default the server searches the cn, uid, and shortname attributes in the LDAP directory for matches to the login name. You can use the qpconfig.xml file to specify other attributes for which to search. Note: The qpconfig.xml file is case-sensitive, so when typing the names of attributes you must use the same character case used in your directory. Specifying case incorrectly causes directory lookup problems. Perform the following steps: 1. Change values in the <authentication> element (within search_filters element) of the qpconfig.xml file as required by your LDAP directory. Values shown below are the default values.
<user_directory> <ldap> <search_filters> <authentication><![CDATA[(I(cn={0})(uid={0})(shortname={0}))]]> </authentication> <user_lookup><![CDATA[(&(objectclass=person)(sn={0})(givenname={1}))]]> </user_lookup> <group_lookup><![CDATA [(&(objectclass=groupOfNames)(cn={0}))]]> </group_lookup> <group_membership><![CDATA [(&(objectclass=groupOfNames)(member={0}))]]> </group_membership> </search_filters> </ldap> </user_directory>
2. Save the modified qpconfig.xml file. 3. Enter the following command at the server console to restart the HTTP task on the server:
restart task http
For example, to look for a login name in the cn attribute or in the mail attribute, change the authentication element in qpconfig.xml to: <authentication><![CDATA[(| (cn={0})(mail={0}))] ]></authentication> Note that the zero {0} is required and indicates that Lotus Quickr looks for only one name value in an attribute. Related information Creating and using the qpconfig.xml file on page 6-3 You use an XML configuration file, qpconfig.xml file, to perform many server configuration tasks. The server comes with a sample file, qpconfig_sample.xml, which is installed in the server data directory and which you use as a template. Customizing the user lookup search: When someone types a name in the directory lookup interface to search for name to add as a place member, by default the server expects a last name, optionally followed by a comma (,) and first name, and searches for the last name in the sn attribute and the first name in the givenname attribute. By default the server also assumes that names are found in entries defined as objectclass=person. You can use the qpconfig.xml file to specify other attributes for which to search and a different object class definition. Note: The qpconfig.xml file is case-sensitive, so when typing the names of attributes you must use the same character case used in your directory. Specifying case incorrectly causes directory lookup problems.
Connecting to a user directory
8-9
Perform the following steps: 1. Change values in the <user_lookup> element of the qpconfig.xml file as required by your LDAP directory. Values shown below are the default values.
<user_directory> <ldap> <search_filters> <authentication><![CDATA[(|(cn={0})(uid={0})(shortname={0}))]]> </authentication> <user_lookup><![CDATA[(&(objectclass=person)(sn={0})(givenname={1}))]]> </user_lookup> <group_lookup><![CDATA [(&(objectclass=groupOfNames)(cn={0}))]]> </group_lookup> <group_membership><![CDATA [(&(objectclass=groupOfNames)(member={0}))]]> </group_membership> </search_filters> </ldap> </user_directory>
2. Save the modified qpconfig.xml file. 3. Enter the following command at the server console to restart the HTTP task on the server:
restart task http
For example, to search for the second specified name as a value for the mail attribute rather than the givename attribute, change the line as follows:
<![CDATA[(&(objectclass=person)(sn={0})(mail={1}))]]>
Note that zero (0) and one (1) indicate the first and second, comma-separated input values, respectively. Lotus Quickr does not accept more than two input values for the name. If you customize this search filter, you should also customize the hint the interface provides for searching and possibly other directory lookup user interface settings. Related information Creating and using the qpconfig.xml file on page 6-3 You use an XML configuration file, qpconfig.xml file, to perform many server configuration tasks. The server comes with a sample file, qpconfig_sample.xml, which is installed in the server data directory and which you use as a template. Customizing the group lookup search: When someone types the name of a group in the directory lookup interface to search for a group name to add as a place member, by default the server searches for the group name in the cn attribute of groups defined as objectclass=groupOfNames You can use the qpconfig.xml file to specify a different attribute for which to search and a different group object class definition. Note: The qpconfig.xml file is case-sensitive, so when typing the names of attributes you must use the same character case used in your directory. Specifying case incorrectly causes directory lookup problems. Perform the following steps: 1. Change values in the group_lookup element of the qpconfig.xml file as required by your LDAP directory. Values shown below are the default values.
<user_directory> <ldap> <search_filters> <authentication><![CDATA[(|(cn={0})(uid={0})(shortname={0}))]]> </authentication> <user_lookup><![CDATA[(&(objectclass=person)(sn={0})(givenname={1}))]]> </user_lookup> <group_lookup><![CDATA [(&(objectclass=groupOfNames)(cn={0}))]]>
8-10
2. Save the modified qpconfig.xml file. 3. Enter the following command at the server console to restart the HTTP task on the server:
restart task http
For example, to search for the objectclass value groupOfUniqueNames and search for the name in the grouptitle attribute, change the line as follows:
<group_lookup><![CDATA [(&(objectclass=groupOfUniqueNames)(grouptitle={0}))]]></group_lookup>
The zero (0) indicates that Lotus Quickr looks for only one name as input for a group name. Related information Creating and using the qpconfig.xml file on page 6-3 You use an XML configuration file, qpconfig.xml file, to perform many server configuration tasks. The server comes with a sample file, qpconfig_sample.xml, which is installed in the server data directory and which you use as a template. Customizing the search used to determine group membership: After the server authenticates a user, it searches for all the groups of which the user is a member, in order to determine user access to places through group membership. By default the server searches for the users names in the member attribute of groups defined as as objectclass=groupOfNames You can use the qpconfig.xml file to specify a different attribute for which to search and a different group object class definition. Note: The qpconfig.xml file is case-sensitive, so when typing the names of attributes you must use the same character case used in your directory. Specifying case incorrectly causes directory lookup problems. Perform the following steps: 1. Change values in the group_membership element of the qpconfig.xml file as required by your LDAP directory. Values specified below in bold are the default values.
<user_directory> <ldap> <search_filters> <authentication><![CDATA[(|(cn={0})(uid={0})(shortname={0}))]]> </authentication> <user_lookup><![CDATA[(&(objectclass=person)(sn={0})(givenname={1}))]]> </user_lookup> <group_lookup><![CDATA [(&(objectclass=groupOfNames)(cn={0}))]]> </group_lookup> <group_membership><![CDATA [(&(objectclass=groupOfNames)(member={0}))]]> </group_membership> </search_filters> </ldap> </user_directory>
2. Save the modified qpconfig.xml file. 3. Enter the following command at the server console to restart the HTTP task on the server:
restart task http
For example, to search for the objectclass attribute value groupOfUniqueNames and the uniquemember attribute value, change the line as follows:
<group_membership><![CDATA[(&(objectclass=groupOfUniqueNames)(uniquemember={0}))]]></group_membership>
8-11
The zero (0) indicates that Lotus Quickr looks for only one name as input for a group name. Related information Creating and using the qpconfig.xml file on page 6-3 You use an XML configuration file, qpconfig.xml file, to perform many server configuration tasks. The server comes with a sample file, qpconfig_sample.xml, which is installed in the server data directory and which you use as a template. How the Exact Match lookup option affects search filters: When a user searches the directory for a user or group to add to a place, whether or not the user selects the Exact Match search option has an effect on the search filters that is used. For example, Table 8-5 describes the search filter used for user name lookups when one value and two comma-separated values are entered, depending on the Exact Match setting.
<user_lookup><![CDATA[(&(objectclass=person)(sn={0})(mail={1}))]]></user_lookup> Table 8-5. Effect of Exact Match lookup option Exact Match setting Selected Search filter used when users searches for: smi sn=smi mail=* Not selected sn=smi* mail=* Search filter used when user searches for: smi, @acme sn=smi mail=@acme sn=smi* mail=@acme*
2. Save the modified qpconfig.xml file. 3. Enter the following command at the server console to restart the HTTP task on the server:
restart task http
For example, if you specified the following line in the <user_lookup> element of qpconfig.xml:
8-12
<user_lookup><![CDATA[(&(objectclass=person)(sn={0})(mail={1}))]]></user_lookup>
you might then specify the following line in the <search_ui_hint> element:
<![CDATA[( enter <B>last name, email</B>)]]>
Note: You can specify a maximum of 250 characters. Related information Creating and using the qpconfig.xml file on page 6-3 You use an XML configuration file, qpconfig.xml file, to perform many server configuration tasks. The server comes with a sample file, qpconfig_sample.xml, which is installed in the server data directory and which you use as a template. Customizing the display of search results: By default, when a user searches for users in the directory, the search results show the values for the sn and givename attributes in the first column, distinguished names in the second column, and the sn attribute in the range field at the top of the search results box. To display different attribute values, change the values for the member_lookup_ui and search_ui_index elements in the qpconfig.xml file. Note: The qpconfig.xml file is case-sensitive, so when typing the names of attributes you must use the same character case used in your directory. Specifying case incorrectly causes directory lookup problems. Perform the following steps: 1. To change the attributes that display in the first and second columns of search results, change values in the <member_lookup_ui> element of the qpconfig.xml file. Values specified below in bold are the default values. Change the value of the column_name element to change the attributes that display in the first column of results, and change the value of the column_disambiguate element to change the attribute that displays in the second column.
<user_directory> <ldap> <member_lookup_ui> <column_name> <person>sn, givenname</person> </column_name> <column_disambiguate> <person>dn</person> </column_disambiguate> </member_lookup_ui> </ldap> </user_directory>
2. To change the attribute value used to display the current range of names at the top of the results box, change the value of the <search_ui_index> element in qpconfig.xml. By default the value for the sn attribute shows in the range.
<user_directory> <ldap> <search_ui_index>sn</search_ui_index> </ldap> </user_directory>
3. Save the modified qpconfig.xml file. 4. Enter the following command at the server console to restart the HTTP task on the server:
restart task http
For example, display the sn and mail attribute values in the first results column, specify:
<column_name> <person>sn, mail</person> </column_name>
8-13
Related information Creating and using the qpconfig.xml file on page 6-3 You use an XML configuration file, qpconfig.xml file, to perform many server configuration tasks. The server comes with a sample file, qpconfig_sample.xml, which is installed in the server data directory and which you use as a template.
Related information Creating and using the qpconfig.xml file on page 6-3 You use an XML configuration file, qpconfig.xml file, to perform many server configuration tasks. The server comes with a sample file, qpconfig_sample.xml, which is installed in the server data directory and which you use as a template.
8-14
3. Enter the following command at the server console to restart the HTTP task on the server:
restart task http
Related information Creating and using the qpconfig.xml file on page 6-3 You use an XML configuration file, qpconfig.xml file, to perform many server configuration tasks. The server comes with a sample file, qpconfig_sample.xml, which is installed in the server data directory and which you use as a template.
where value represents the number of levels of groups the server can search. By default the level is 1, meaning that the server doesnt search nested groups. Note: Specifying a value much larger than needed can degrade LDAP lookup performance. 3. Make sure to leave a blank line at the end of the file, and then close and save the file. 4. Enter the following command at the server console to restart the server so the change takes effect:
restart server
Table 8-6 describes the settings. 2. Save the modified qpconfig.xml file. 3. Enter the following command at the server console to restart the HTTP task on the server:
restart task http Table 8-6. SSL settings in the qpconfig.xml file Setting protocol=number Description Type one of the following numbers to specify the SSL protocol used for the connection to the LDAP server: 0 - Negotiated (default) 1 - LDAP V2.0 only 2 - LDAP V3.0 handshake 3 - LDAP V3.0 only 4 - LDAP V3.0 with V2.0 handshake
8-15
Table 8-6. SSL settings in the qpconfig.xml file (continued) Setting accept_expired_certs=value Description Type false to prevent Lotus Quickr from accepting a certificate from the LDAP server if the certificate has expired. Type true (the default) to accept a certificate that has expired. Type false to prevent Lotus Quickr from verifying whether the LDAP server host name matches the host name in the SSL certificate. Type true (the default) to require that the host name matches the host name in the certificate. Note: If the value is set to true but the host name does not match the host name in the certificate, then LDAP authentications fail.
verify_servername=value
Related information Creating and using the qpconfig.xml file on page 6-3 You use an XML configuration file, qpconfig.xml file, to perform many server configuration tasks. The server comes with a sample file, qpconfig_sample.xml, which is installed in the server data directory and which you use as a template.
8-16
8-17
8-18
See Table 9-1 on page 9-2 for a description of the settings. c. Save the modified file. d. Enter the following command at the server console to restart the HTTP task:
restart task http
Note: If you use clustering, you must complete additional steps to set up the Place Catalog for the cluster environment. 2. If you will use a Place Catalog server with a Place Catalog that multiple servers share, perform the following steps on the Place Catalog server: a. Make sure the server is accessible to other Lotus Quickr servers over Lotus Notes RPC (TCP/IP port 1352) and the HTTP protocols. This is set up by default. b. Open the Place Catalog: from IBM Lotus Notes, click File Database Open, select the Place Catalog server in the Server field, and then type placecatalog.nsf in the Filename field. Note: You must type the file name because, by default, the Open Database window does not display the Place Catalog database for you to select. c. Click File Database Access Control, and give access only to Lotus Quickr servers and system administrators. By default, the database has the following listed as Managers in the ACL: Lotus Quickr Place Catalog server, the IBM Lotus Dominoadministrator, LocalDomainServers, and QuickPlaceAdministratorsSUGroup. d. Click File Database Properties, click the second-to-the-last tab on the right, and click Create Index to create a full-text index. The Place Catalog database must be full-text indexed for the qptool report command and the My Places feature to work. For more information on creating and updating full-text indexes, see Domino Administrator Help.
Copyright IBM Corp. 2007
9-1
Table 9-1. Place Catalog settings in the qpconfig.xml file Element or attribute place_catalog enabled Description The place_catalog section contains settings to enable the server to use a Place Catalog. Set the enabled attribute to true to tell the server to search for an existing Place Catalog. The default setting is enabled=true. To prevent the server from looking for a Place Catalog, change the enabled attribute to enabled=false or remove the entire <place_catalog> section. log_level You can log operations related to the Place Catalog in the Domino server console as follows: Level 1 - Logs all Catalog database open and close operations Level 2 - Logs all server registration operations Level 3 - Logs all place registration operations Level 4 - Logs all member registration operations Each level also includes the information in the levels below it. connection_pool size For efficiency, the Lotus Quickr server creates a pool of connections to the Place Catalog that can be shared by the different requests the server receives. This number should reflect the number of simultaneous requests that could result in a query or update to the Place Catalog. These types of requests include creation of places, the addition of or changes to place membership, and administration requests made by qptoo1. You may want to start with a number representing a third of the maximum HTTP threads. For example, if the server uses 90 threads, then set this value to 30. domino_server_name Type the Domino hierarchical name of the Place Catalog server, for example, PlaceCatalog/Acme. If this server will use a Place Catalog on a different server, specify the name of that server. Specify the name of the Place Catalog database, for example, PlaceCatalog.nsf. If this server will use a Place Catalog on a different server, specify the database name of that Place Catalog on that server.
nsf_filename
Related tasks Setting up the Place Catalog for a cluster on page 10-3 To ensure that a shared Place Catalog works properly for servers in a cluster, replicate the Place Catalog on the Place Catalog server to the other IBM Lotus Quickr servers in the cluster, and specify the details of the cluster environment in the qpconfig.xml file of each server in the cluster. All servers in a cluster should use the same qpconfig.xml settings.
9-2
Related information Creating and using the qpconfig.xml file on page 6-3 You use an XML configuration file, qpconfig.xml file, to perform many server configuration tasks. The server comes with a sample file, qpconfig_sample.xml, which is installed in the server data directory and which you use as a template.
9-3
The following figure shows a Place Catalog entry for a Lotus Quickr server called server1.acme.com.
9-4
9-5
The following table describes the events that cause immediate updates to the Place Catalog:
Table 9-2. Events that are create or update Place Catalog entries in real time Event Server registration or unregistration Description A server becomes part of the service when qptool register -server command is issued, or when a place is created on the server. When a place is created, an entry for the server is immediately created in the Catalog if one does not already exist. Similarly, when qptool unregister -server is issued, the entry for the server is immediately removed from the Catalog. The servers place entry is removed. If the place is part of a Lotus Quickr server cluster with a virtual server, the virtual server place entry is also removed. A new entry is created. The Place Catalog server must be running for users to create new places in the service. If the place is created on one server in a cluster, an entry for the virtual server is also created. Place creation on a cluster server node by qptool replicamaker Place deletion from a browser or by qptool remove A place entry for that server cluster node is created.
The places entry is deleted. Its name cannot be used for a new place until the qptool remove -cleanup command has run, either automatically overnight, or manually by the administrator. In a cluster environment, this would have to be done on all cluster nodes. The places entry for that server node is deleted from the catalog. The new member is added to the place entry with the proper access level. The member is removed from the place entry. The member moves to the field appropriate to their new access level. The PlaceLastAccessed field is updated, which can take up to a minute. The LoginCounts field value is incremented. The DocReadCounts field value is incremented. The PostingCounts field value is incremented. The PlaceIsLocked field of the Place Catalog entry is set to 1. If the place is in a cluster with a virtual server, the PlaceIsLocked field in the virtual server entry is also set to 1.
Place deletion in a cluster server node by qptool remove -cleanup Member creation
Place accessed Place login Document read Posting Place locking by qptool lock
9-6
Table 9-2. Events that are create or update Place Catalog entries in real time (continued) Event Place unlocking by qptool unlock Description The PlaceIsLocked field of the Place Catalog entry is set to 0. If the place is in a cluster with a virtual server, the PlaceIsLocked field in the virtual server entry is also set to 0.
Note: You can use the qptool placecatalog -reset command to reset the place login, document read, and posting values to 0.
9-7
9-8
10-1
1. From the Domino Administrator, click File Open Server to open the administration server or another server in the Lotus Domino domain of the IBM Lotus Quickr servers. 2. Click the Configuration tab. 3. Click Server All Server Documents. 4. Select the servers that you want to add to the cluster. 5. Click Add to Cluster. 6. When asked to choose the cluster you want to add the servers to, click Create New Cluster, and then click OK. 7. Type the name for the new cluster, and click OK. 8. Click Yes to add the servers to the cluster immediately, or click No to submit a request to the administration process to add the servers to the cluster. 9. If you chose Yes in the previous step, the cluster information is added immediately to the Domino Directory of the server you used to create the cluster. If this server is not part of the new cluster, replicate the changes to one of the servers you added to the cluster. If you chose No in the previous step, perform the following steps: a. If you used a server other than the administration server to create the cluster, force replication between the server you used and the administration server so that the administration server receives the requested changes sooner. b. Force replication between the administration server and the cluster servers so the cluster servers receive all the changes sooner.
Load balancing
The typical method is installing and setting up load balancing software. With load balancing, a virtual server is used to distribute HTTP requests so that the physical servers share the user load. The maximum capacity of the cluster is approximately the sum of the capacities of the servers in the cluster. For example, a cluster of three servers that each support 1,000 users has approximately a maximum capacity of 3,000 concurrent users. However, if one server goes offline, the capacity of the cluster is reduced correspondingly (to 2,000 users in the example). Therefore, the average capacity of a load-balanced cluster is less than the maximum possible, and allowance should be made for server downtime so that response times do not significantly decrease when a single server becomes unavailable. Having more than two servers in a cluster provides greater flexibility and reliability because when a server is taken offline for scheduled maintenance, failover can still occur among the remaining available servers. You purchase a load balancing product separately, and set it up following the product documentation. When you use load balancing, each physical server and place has an entry in the Place Catalog. In addition, there is an entry for the virtual server that represents the combination of all physical servers, and an entry for each place in the cluster that represents all the replicas of the place in the cluster. Real-time updates to the Place Catalog (such as place creation, locking of a place, and place membership changes) are made in the place entries that correspond to the virtual server. The non-real time updates (such as place size, time last accessed, and time last modified) are made to the place entries that correspond to the physical servers in the cluster. This information allows the administrator to know the differences in access and size for the places in each of the physical servers in the cluster. Use the qptool
10-2
placecatalog -update command to synchronize the place entries that correspond to the physical servers and the place entries that correspond to the virtual server.
Failover to a hot-spare
A less common method for distributing HTTP requests is failover to a hot spare, in which a primary server and a secondary server are clustered. The primary server handles user requests, and the secondary server is held in reserve in case the primary server fails or requires a scheduled stoppage. When the primary server is taken offline, user requests fail over to the hot spare until the primary server comes back online. In this type of cluster, the resources of the hot spare are not utilized while the primary server is active: the capacity of the cluster is the capacity of the primary server. Therefore, if a given server specification supports 1,000 concurrent users, two such servers are required to support 1,000 users. If the hot spare is identical to the primary server, the capacity remains the same after the primary server fails over. With the hot-spare solution data is maintained in separate entries in the Place Catalog for each physical server, and for each place on a physical server.
b. Enter the following command at the server console to flush the database cache:
dbcache flush
c. Delete the file PlaceCatalog.nsf from the server data directory. d. Create a replica of PlaceCatalog.nsf from the PlaceCatalog server to this server.
Configuring clustered servers
10-3
2. Perform the following steps on each server in the cluster, including the Place Catalog server. a. Open the qpconfig.xml file in the Domino data directory or create the file if it does not exist already. b. Specify the following settings in the file, replacing values shown below with ones required by your environment:
<cluster> <master virtual="true" ssl="false"> <port>80</port> <hostname>master.acme.com</hostname> <path_prefix><path_prefix /> </master> </cluster>
Table 10-1 describes the settings. c. Save the modified file. d. Enter the following command at the server console to restart the HTTP task: restart task http 3. Restart the Place Catalog server. 4. Restart the other Lotus Quickr servers. 5. Enter the following command at the server console of each server, one server at a time:
load qptool register -server Table 10-1. Cluster settings in the qpconfig.xml file Setting virtual=value Description The master server in a cluster acts as a users entry point to places on other servers in the cluster. If you use the failover to a hot-spare clustering solution in which the master server is a physical IBM Lotus Quickr server, specify virtual=false. If you use the load balancing clustering solution, in which the master server is an IP sprayer that acts as a virtual server, specify virtual=true. ssl=value If SSL is enabled on the master server, specify ssl=true, otherwise specify ssl=false. Note: Regardless if you use clustering, setting this to true populates the My Places list with URLs that begin with https rather than http. Specify the TCP port used to access requests by browsers, depending on whether SSL is enabled on the master server. The default port is 80 for non-SSL connections and 443 for SSL connections. Specify the DNS hostname of the master server (for example, master.acme.com).
<port>value</port>
<hostname>value</hostname>
10-4
Table 10-1. Cluster settings in the qpconfig.xml file (continued) Setting <path_prefix> value</path_prefix> Description If the Place Catalog (PlaceCatalog.nsf) is located in a subdirectory of the Lotus Domino data directory, type the subdirectory as the path_prefix. This information is used to create URLs to the master server. For example, on Microsoft Windows, if you put the Place Catalog in the directory C:\domino\data\catalog, type catalog as the path_prefix value. Or if you put the Place Catalog in the directory C:\domino\data\other\catalog, type other\catalog.
Related tasks Configuring the Place Catalog on page 9-1 The Place Catalog is a database that collects information about IBM Lotus Quickr places and servers. A local Place Catalog is enabled by default on each Lotus Quickr server. You can customize the Place Catalog configuration, for example, set up a Place Catalog server, which is a server with a Place Catalog that multiple servers share. Related information Creating and using the qpconfig.xml file on page 6-3 You use an XML configuration file, qpconfig.xml file, to perform many server configuration tasks. The server comes with a sample file, qpconfig_sample.xml, which is installed in the server data directory and which you use as a template.
10-5
10-6
Configuring security
Configuring security for the IBM Lotus Quickr involves configuring user authentication, configuring user access to the server, as well as performing other miscellaneous security configuration tasks.
11-1
Enabling the Domino Servlet Engine on page 4-26 After you have installed or upgraded to IBM Lotus Quickr, enable the Domino Servlet Engine. This step enables place managers to use place administration actions, such as qptool lock and unlock from My Places Show Usage Statistics.
DNS Domain
Expiration (minutes)
11-2
Action Click Enabled and specify a Minimum Timeout value, in minutes, to indicate the number of minutes of inactivity after which the token will expire.
7. Click Save & Close to save the Web SSO Configuration document in the Web - Web Configurations view. A message on the status bar indicates the number of servers or people for whom the document is encrypted. If you receive messages on the client indicating that a particular key was not found for encrypting the document, you might have to change your clients location document to point to a different mail or directory server that has all the public keys included in Server and Person documents. Editing an existing Web SSO Configuration document: A Web SSO Configuration document may already exist for the domain. This might be the case, for example, if a IBM Lotus Sametime server is also installed in the domain. In this case, add the Lotus Domino names of the IBM Lotus Quickr servers to the existing Web SSO Configuration document. 1. Open the Domino Directory (names.nsf) of an IBM Lotus Quickr server in the domain. 2. Click the Web Web Server Configurations view. 3. Open the Web SSO Configuration document in edit mode. 4. In the Domino Server Names field, add the hierarchical Domino server name of each Lotus Quickr server in the domain that will participate in single sign-on; for example, server1/acme, server2/acme. 5. Close and save the document.
11-3
e. Next to Server in the middle of the dialog box, select any server. f. Click Show advanced templates. g. Next to Template, select Domino Web Server Configuration (domcfg5.ntf). h. Click OK. 4. Create a mapping form in the Domino Web Server Configuration database to enable single-sign on to work with Lotus Quickr: a. Open the Web Server Configuration database (domcfg.nsf). b. Click Add Mapping. c. Next to Applies To, select All Web Sites/Entire Server (default) or Specific Web Site/Virtual Server. If you select Specific Web Site/Virtual Server, a new field displays in which you specify the IP addresses of the Web Site documents or Virtual Servers. d. Next to Target Database, type LotusQuickr/resources.nsf, replacing the default entry. The path is case-sensitive on UNIX. If you upgraded from an earlier release and did not change the root directory name, type QuickPlace/resources.nsf. e. Next to Target Form, type QuickPlaceLoginForm. f. Click Save & Close. g. Replicate the database to all the Lotus Quickr servers that will use single sign-on. 5. After the Domino Web Server Configuration database has replicated, at the server console of each server, enter the following command to stop and restart the server:
restart server
The message Successfully loaded Web SSO Configuration confirms single sign-on setup.
where number is a number of user entries. When the cache reaches the specified number, older entries are removed to make room for new ones that are needed. 3. To specify the length of time user entries remain in the cache before the server removes them, specify the following setting. By default, entries remain in the cache for 120 seconds.
QuickPlaceExpireCachedUsers=interval
where interval is the length of time in seconds. 4. Make sure to leave a blank line at the end of the file. Press Enter, if necessary, to create one. 5. Close and save the file. 6. Enter the following command at the server console to restart the server so your changes takes effect:
restart server
11-4
Specifying administrators
A user with administrator access can use the Site Administration link to perform a variety of administrative tasks, can create and delete places and PlaceTypes, and can control which users can create places. You created a local administrator as part of server installation. You can give additional users administrator access.
11-5
a. Below Who can administer this server, click Add. b. If the server is not connected to a user directory, type the user name, password, and e-mail address for the new local administrator, and then click Next. If the server is connected to a user directory, instead perform the following steps: 1) Click Create new users specially for access to this Lotus Quickr server. 2) Type the user name. 3) Click Next. 4) Type the password and e-mail address. 5) Click Next. 5. To modify a local administrators name, password, or e-mail address, perform the following steps: a. Below Who can administer this server?, highlight the administrator to modify. b. Click Modify. c. Change the user name, password, or e-mail address, as desired. d. Click Next. 6. To remove a local administrator, perform the following steps: a. Below Who can administer this server? click Remove. b. Select the check box next to each name that should no longer have administrator access. c. Click Next.
11-6
b. Select the check box next to each name that should no longer have the access to create places. c. Click Next.
Allowing all users who have access to the server to create places
You can allow all users who can access the server to create places on it. This access is not allowed by default. Perform the following steps: 1. 2. 3. 4. Log in to the server as an administrator. Click Site Administration. Click Security. Below Who can create new places on this server, select Anyone who can connect to the server.
Configuring security
11-7
Note the following additional points about super user access: v You can give super user access only to an external user or group. v Offline functionality is not supported when accessing a server as a super user. v You use the qpconfig.xml file to control super user access from a browser and a QuickPlaceAdministratorsSUGroup in the Domino Directory to control super user access from a Lotus Notes client. v Place managers automatically have super user access to the places they manage, and can give additional users super user access to those places. See the Help for additional information on place membership. v If a user is a super user as well as an explicit member of a place, the users level of access depends on whether the place uses standard membership or expanded membership. If the place uses standard membership, the user gets the access assigned through the explicit membership. If the place uses expanded membership, the user gets super user access to the place. For example, if a user with super user access is also a member of a place with Reader access and the place uses standard membership, the user has Reader access to the place. However, if the place uses expanded membership, the user has super user access to the place.
where name is the distinguished name of a user or group in the user directory. Type the distinguished name exactly as it is in the directory; be sure to match character case and to include any spaces in the name. 3. Save the modified file. 4. Enter the following command at the server console to restart the HTTP task:
restart task http
Related information Creating and using the qpconfig.xml file on page 6-3 You use an XML configuration file, qpconfig.xml file, to perform many server configuration tasks. The server comes with a sample file, qpconfig_sample.xml, which is installed in the server data directory and which you use as a template.
Specifying who has super user access from a Lotus Notes client
Create a group in the Lotus Domino Directory to specify who has super user access when accessing the server from a IBM Lotus Notes client. Perform the following steps: 1. Create a group called QuickPlaceAdministratorsSUGroup in the Domino Directory that the Lotus Notes clients use. 2. Add as members the names to which you want to grant super user access. Note: You can give the same user or users super user access through the browser and through Lotus Notes if the Lotus Notes clients Domino Directory is also the IBM Lotus Quickr user directory. Create the
11-8
QuickPlaceAdministratorsSUGroup as described above, and also specify CN=QuickPlaceAdministratorsSUGroup as the distinguished name in the super_user element in the qpconfig.xml file.
Expanded membership
Before you use expanded membership, learn more about this feature and its requirements. IBM Lotus Quickr by default lists the names of place members in the database access control lists (ACLs) of the rooms in a place. The combined names in an ACL cannot exceed 32K in size, which limits a place to approximately 300 to 900 members, depending on the length of the members distinguished names. Expanded membership removes this limitation by generating groups in an LDAP directory to store the names of individual members, and using these groups, rather than the individual user names, in room ACLs. Currently expanded membership is certified for a maximum of 4000 external user members in a place.
Important considerations
Consider the following points before you use expanded membership: v After you have set up a place to use expanded membership, you cannot revert the place to standard membership. v Expanded membership is supported only when Lotus Quickr, not IBM Lotus Domino, controls directory services. v If the directory server used for the expanded membership groups is also the Lotus Quickr user directory, specify a base distinguished name for the expanded membership groups that is outside the scope of the base distinguished name that Lotus Quickr uses for group lookups generally. v Do not modify the expanded membership groups. v The LDAP directory that stores the expanded membership groups must allow write access. v The user name and password used uses to manage the expanded membership groups (configured through Site Administration > User Directory page) must have write access to the base distinguished name configured for the groups. v Expanded membership is certified for 4000 external user members in a place. v LDAP directory servers can limit the number of members allowed in groups. v Places that use expanded membership cannot be used to create PlaceTypes. v Expanded membership pertains to individual external members and not to local members or to external group members. v Do not disable expanded membership on the server if there are places that use it.
11-9
cn=h_Editors,ou=placename,base_dn cn=h_Authors,ou=placename,base_dn cn=h_Readers,ou=placename,base_dn where placename is the name of the place. base_dn is a base distinguished name for the expanded membership groups that is configured through the qpconfig.xml file. When an external user member is added to the place, Lotus Quickr adds the users name to one of these groups, according to the access assigned to the user. For example, Lotus Quickr adds an external user member with Reader access to the places cn=h_Readers.... group. If someone creates a subroom, Lotus Quickr creates the following groups in the directory, and adds the groups to the subroom ACL: cn=h_Managers,ou=uniquenumber,ou=placename,base_dn cn=h_Editors,ou=uniquenumber,ou=placename,base_dn cn=h_Authors,ou=uniquenumber,ou=placename,base_dn cn=h_Readers,ou=uniquenumber,ou=placename,base_dn where uniquenumber is the unique number XXXXXXXX in the room name PageLibraryXXXXXXXX.nsf that identifies the room. placename is the name of the place that contains the room. base_dn is the base distinguished name configured for the expanded membership groups. Removing an external user member from a place removes the users name from the expanded membership groups associated with the place. Removing an external user member from a subroom, removes the users name from the appropriate Lotus Quickr group associated with the subroom. Removing a place or a subroom removes the expanded membership groups associated with the place or subroom.
11-10
Note: Be sure to type the base_dn value using the exact character case used in the directory. Table 11-1 on page 11-12 describes these settings. 3. Save the modified file. 4. Enter the following command at the server console to restart the HTTP task:
restart task http
Configuring security
11-11
Table 11-1. Description of the expanded_membership_model setting in qpconfig.xml Setting expanded_membership_model enabled=value Description Type true to enable expanded membership or false to disable it. Do not type false if any places are set up to use expanded membership. Specify true to use SSL encryption when connecting to the LDAP directory server that will store the expanded membership groups. Otherwise, specify false. Type the port number for the LDAP directory server that will store the expanded membership groups. Typically an LDAP server uses port 389 for unencrypted connections and port 636 for SSL connections. Type the host name of the LDAP directory server that will store the expanded membership groups. The host name can be the LDAP server that IBM Lotus Quickr already uses, or a different one. You must specify a host name, regardless. The directory must allow write access. Type the base distinguished name (directory node) under which to create the groups. The base distinguished name must already exist in the directory - the server does not create it. The components of the base distinguished name do not have to be O and OU. Do not use OU=QP as part of the base distinguished name because that is a reserved organizational unit in Lotus Quickr. If the directory server that stores the expanded membership groups is the same one that Lotus Quickr uses for other purposes, for better performance, specify a base distinguished name for the expanded membership groups that is outside the base used for group lookups generally. For example, if the base specified for group lookups generally is OU=groups,O=acme, use a different base for the expanded membership groups, for example OU=emmgroups,O=acme. Using separate base distinguished names for the two types of groups optimizes performance by preventing unnecessary searches of the expanded membership groups during the process of user authentication. Note: If you use Microsoft Active Directory, you must create a user entry in the directory that begins with CN=h_VirtualMember at the specified base_dn. For example, if you specify OU=emmGroups,DC=acme,DC=com as the base_dn, in Active Directory create the following user entry: CN=h_VirtualMember,OU=emmGroups,DC=acme,DC=com.
ldap_server ssl=value
Related information Creating and using the qpconfig.xml file on page 6-3 You use an XML configuration file, qpconfig.xml file, to perform many server configuration tasks. The server comes with a sample file, qpconfig_sample.xml, which is installed in the server data directory and which you use as a template.
Configuring the name and password to use to connect to the LDAP server
Configure a user name and password for the IBM Lotus Quickr server to provide when connecting to the LDAP directory server that stores the expanded membership groups. The name and password must correspond to a valid user record in the directory, and the name must have write access to the base distinguished name used for the expanded membership groups.
11-12
If the directory allows anonymous write access to the base distinguished name (not a typical configuration), this step is unnecessary. Perform the following steps: 1. Log in to the server as an administrator. 2. Click Site Administration. 3. Click User Directory. 4. Click Change Directory. 5. Below Expanded Membership Model: v Type the user name in distinguished name format, for example, cn=qpadmin,o=acme. v Type the password for the name. Note: You see the Expanded Membership Model option only after you have enabled expanded membership on the server through the qpconfig.xml file 6. Click Next.
-p places
-i inputfilename -o outputfilename
Table 11-3 on page 11-14 provides examples of using the membershipmodel command to enable expanded membership in places.
Configuring security
11-13
Table 11-3. Examples of enabling expanded membership in places Task Enable placeofmanymembers to use expanded membership. Enable all places that do not currently use expanded membership to use expanded membership. Command >load qptool membershipmodel -toexpanded -p placeofmanymembers >load qptool membershipmodel -toexpanded -a
where protocol is a protocol to allow or block. 3. Save the modified file. 4. Enter the following command at the server console to restart the HTTP task:
restart task http
For example, to allow links that reference the http: and https: protocols but block links that reference javascript, view-source, about, file, ftp, news, and mailto protocols, specify the following values:
<security> <URLfield_protocol_filter enabled="true"> <allowed>"http:","https:"</allowed> <blocked>"javascript:","view-source:","about:","file:","ftp:","news:","mailto:" </blocked> </URLfield_protocol_filter> </security>
Related information Creating and using the qpconfig.xml file on page 6-3 You use an XML configuration file, qpconfig.xml file, to perform many server configuration tasks. The server comes with a sample file, qpconfig_sample.xml, which is installed in the server data directory and which you use as a template.
11-14
1. Open the qpconfig.xml file in the domino_data_root directory, or create the file if it does not exist already. 2. Specify the following settings in the file:
<security> <XSS_ImportHTML enabled="true"/> </security>
3. Save the modified file. 4. Enter the following command at the server console to restart the HTTP task:
restart task http
Related information Creating and using the qpconfig.xml file on page 6-3 You use an XML configuration file, qpconfig.xml file, to perform many server configuration tasks. The server comes with a sample file, qpconfig_sample.xml, which is installed in the server data directory and which you use as a template.
3. Save the modified file. 4. Enter the following command at the server console to restart the HTTP task:
restart task http
Related information Creating and using the qpconfig.xml file on page 6-3 You use an XML configuration file, qpconfig.xml file, to perform many server configuration tasks. The server comes with a sample file, qpconfig_sample.xml, which is installed in the server data directory and which you use as a template.
11-15
The Log Out link is never available to anonymous users, and to users who access places in accessibility mode on a server that is not enabled for single sign-on. The Log Out link is unavailable to all users if you configure the server to hide the Log Out link. If the Log Out link is unavailable for any of these reasons, you can configure the server to prevent caching of Lotus Quickr pages on browsers. To configure the server to clear Lotus Quickr files from the Internet Explorer cache, perform the following steps: 1. Open the qpconfig.xml file in the domino_data_root directory, or create the file if it does not exist already. 2. Specify the following settings in the file:
<authentication> <sign_out enabled="true"/> <clear_browser_cache enabled="true"/> </authentication>
3. Save the modified file. 4. Enter the following command at the server console to restart the HTTP task:
restart task http
Related information Creating and using the qpconfig.xml file on page 6-3 You use an XML configuration file, qpconfig.xml file, to perform many server configuration tasks. The server comes with a sample file, qpconfig_sample.xml, which is installed in the server data directory and which you use as a template.
3. Save the modified file. 4. Enter the following command at the server console to restart the HTTP task:
restart task http
Related information Creating and using the qpconfig.xml file on page 6-3 You use an XML configuration file, qpconfig.xml file, to perform many server configuration tasks. The server comes with a sample file, qpconfig_sample.xml, which is installed in the server data directory and which you use as a template.
11-16
Configuring connectors
Connectors enable your users to work with IBM Lotus Quickr documents from IBM Lotus Notes, IBM Lotus Sametime, Microsoft Windows Explorer, and Microsoft Office applications. From these applications users can check out, modify, and check in documents on the server, add documents to the server, and share documents through e-mail and chats. To use connectors, users click the Lotus Quickr Connectors download link from the server home page, and follow simple installation steps to download the connectors they want to use (connector for Windows Explorer required.) Note: Managing document versions through connectors is not supported when accessing documents on a Lotus Quickr server running services for Lotus Domino.
12-1
4. Enter the following command at the server console to restart the HTTP task:
restart task http
If you disable Web services, users can download the connectors but cannot access the server through them. Related information Creating and using the qpconfig.xml file on page 6-3 You use an XML configuration file, qpconfig.xml file, to perform many server configuration tasks. The server comes with a sample file, qpconfig_sample.xml, which is installed in the server data directory and which you use as a template.
12-2
1. Make sure that you have installed or upgraded to Lotus Quickr. When prompted for the administrator name and password during a new installation, type a name that is not in the LDAP directory. 2. Connect Lotus Quickr to the same LDAP directory that you also use for Lotus Sametime. Both servers must use the same directory. 3. Make sure that you have installed Lotus Sametime Version 7.5 or later. For more information, see the Lotus Sametime installation guide that is appropriate for your platform, available on the Web at http://www.lotus.com/ldd/doc. Note: Configure the Lotus Sametime server to use HTTP port 80 or to tunnel over port 80; this step is required for the awareness feature. 4. Verify that awareness and instant messaging are working for Lotus Sametime. If you plan to integrate Web conferencing (meetings) with Lotus Quickr, verify, too, that Web conferencing is working. 5. Perform the following steps to update the Web SSO Configuration for Ltpa token document that was created when you installed Lotus Sametime: a. Ensure that the Lotus Domino Directory on the server has replicated throughout the Lotus Domino domain since you installed Lotus Sametime. b. Using IBM Lotus Notes open the Lotus Domino Directory on the Lotus Sametime server. c. Click the Configuration Web Server Configurations view. d. From within this view, expand the list of Web SSO Configurations. e. Open the Web SSO Configuration for Ltpa Token document in edit mode. If you cannot edit the document, contact an administrator about getting edit access or editing the document for you. f. Make sure that the Domino Server Names field contains the name of each of the Lotus Quickr and Lotus Sametime servers that should participate in single sign-on. g. Make sure that the DNS Domain field contains the fully-qualified DNS domain name of the Lotus Quickr and Lotus Sametime servers. h. Click Keys Create Domino SSO Key if you want to create a new key for SSO. i. Open the Server document for the Lotus Sametime server. j. Click Internet Protocols Domino Web Engine. k. In the HTTP Sessions section, select LtpaToken in the Web SSO Configuration field. l. Click Save & Close. m. Replicate the edits to the Lotus Quickr server. 6. Perform the following steps to enable single sign-on authentication on the Lotus Quickr server: a. From IBM Lotus Notes, open the Lotus Domino Directory for the domain. b. Open the Server document for the Lotus Quickrserver in edit mode. c. Click Ports Internet Ports Web and then in the Name & password field for the Web port select Yes. d. Click Internet Protocols Domino Web Engine , and in the Session authentication field select Multiple Servers (SSO), and then click OK. e. In the Web SSO Configuration field, select LtpaToken. f. Click Save & Close. g. Add the following setting to the notes.ini file on the Lotus Quickrserver: NoWebFileSystemACLs=1 h. Create a database from the Domino Web Server Configuration template (domcfg5.ntf), giving the database the file name domcfg.nsf. i. Open the database you created and click Add Mapping to open a mapping document. j. In the Target Database field of the mapping document, type lotusquickr/resources.nsf. k. In the Target Form field, type QuickPlaceLoginForm, and then click Save & Close to save the document.
Integrating with other applications
12-3
7. Restart the Lotus Domino servers. 8. Perform the following steps to verify that single sign-on is working between Lotus Quickr and Lotus Sametime: a. From a browser, connect to the Lotus Quickr server. Because multi-server sign-on is enabled, you must enter the fully qualified host name to connect, for example, http://qpserver.acme.com/ quickplace b. Log in to Lotus Quickr using the name of an external user registered in the LDAP directory. c. Create a test place and verify that you can add several members from the LDAP directory. d. Using the same browser session, connect to the Lotus Sametime server. For example, enter http://stserver.acme.com/stcenter.nsf. e. Go to the Attend Meeting page and verify that you are still logged on to the server. If you can authenticate once and remain logged on to both Lotus Quickr and Lotus Sametime, multi-server sign-on is working. If you must authenticate more than once, multi-server sign-on is not working and you must resolve the problem before continuing.
5. Copy the files listed below to the QuickPlace\peopleonline subdirectory you just created on the Lotus Sametime server:
File name STComm.jar Copy from client\stjava\bin subdirectory of the Lotus Sametime SDK Copy to \Domino\html\QuickPlace\ peopleonline subdirectory of the Lotus Sametime server data directory \Domino\html\QuickPlace\ peopleonline subdirectory of the Lotus Sametime server data directory
CommRes.jar
12-4
Copy from
Copy to
On WindowsIBM AIX, AIX, and \Domino\html\QuickPlace\ Solaris, the Lotus Quickr subdirectory peopleonline subdirectory of the of the Lotus Quickr server data Lotus Sametime server data directory directory. For example: On Windows: C:\Lotus\Domino\Data\ LotusQuickr\PeopleOnline31.jar On AIX and Solaris: /opt/notesdata/LotusQuickr/ PeopleOnline31.jar On i5/OS the following directory: /qibm/proddata/lotus/QuickPlace/ DATA/LOTUSQUICKR/ PeopleOnline31.jar
6. Verify that the QuickPlace\peopleonline subdirectory contains the three files. 7. (i5/OS only) Enter the following command to ensure that QNOTES is the owner of each of the files:
CHGOWN OBJ(*!ENTITY!*ST_server_data_dir>/Domino/html/QuickPlace/peopleonline/*) NEWOWN(QNOTES)
Verifying that places are enabled for awareness and instant messaging
Verify that awareness and instant messaging is enabled and working in places. Perform these steps: 1. Perform the following steps to verify the IBM Lotus Quickr settings: a. Log in to a place as a manager. b. Click Customize. c. Click Basics. d. On the Change Basics page, make sure that Chat: Show the Chat link is selected.
Integrating with other applications
12-5
e. Also ensure that Members can see who is online and send instant messages is checked. This option only appears if Sametime awareness is enabled through Site Administration. f. Click Done. 2. To verify that awareness is working, log in to a place using a name in the user directory and check for the awareness icon next to your login name. Note: Lotus Sametime features are available only to members registered in a user directory and not to members registered locally in places. 3. To verify that instant messaging is working, click the Chat link on the right side of a page, right-click your name in the members list, or the name of another member that is online, and select Message.
ServiceLocator.properties
sametime.ini
12-6
On IBM AIX:
File STMtgManagement.jar Copy from Lotus Domino program directory of the Lotus Sametime server, for example: /opt/lotus/notes/<latest>/ibmpow/ STCore.jar Lotus Domino program directory of the Lotus Sametime server. Lotus Domino program directory of the Lotus Quickr server. Copy to Lotus Domino program directory of the Lotus Quickr server, for example: /opt/lotus/notes/<latest>/ibmpow/
ServiceLocator.properties
Lotus Sametime server data directory, Lotus Quickr server data directory, for example: for example: /opt/notesdata /opt/notesdata
sametime.ini
Lotus Sametime server data directory. Lotus Quickr server data directory.
On Sun Solaris:
File STMtgManagement.jar Copy from Lotus Domino program directory of the Lotus Sametime server, for example: /opt/lotus/notes/<latest>/sunspa/ STCore.jar Lotus Domino program directory of the Lotus Sametime server. Lotus Domino program directory of the Lotus Quickr server. Copy to Lotus Domino program directory of the Lotus Quickr server, for example: /opt/lotus/notes/<latest>/sunspa/
ServiceLocator.properties
Lotus Sametime server data directory, Lotus Quickr server data directory, for example: for example: /opt/notesdata /opt/notesdata
sametime.ini
Lotus Sametime server data directory. Lotus Quickr server data directory.
On IBM i5/OS:
File STMtgManagement.jar Copy from The following directory on i5/OS server where you installed Lotus Sametime: /qibm/proddata/lotus/sametime Copy to The following recommended directory on the i5/OS server on which you installed Lotus Quickr: /QIBM/UserData/Lotus/ QuickPlace/
12-7
File STCore.jar
Copy from
Copy to
The following directory on the i5/OS The following recommended server where you installed Lotus directory on the i5/OS server on Sametime: which you installed Lotus Quickr: /qibm/proddata/lotus/sametime /QIBM/UserData/Lotus/ QuickPlace/
ServiceLocator.properties sametime.ini
Lotus Sametime server data directory. Lotus Quickr server data directory. Lotus Sametime server data directory. Lotus Quickr server data directory.
2. (i5/OS only) Use the CHGOWN command to change the owner of the files copied in the previous step to QNOTES. For example, enter the following commands:
CHGOWN OBJ(/qibm/userdata/lotus/quickplace/ST*) NEWOWN(QNOTES) CHGOWN OBJ(<QP_server_data_directory>/sametime.ini) NEWOWN(QNOTES) CHGOWN OBJ(<QP_server_data_directory>/ServiceLocator.properties) NEWOWN(QNOTES)
3. On the Lotus Quickr server, edit the JavaUserClassesExt setting in the notes.ini file. v On Windows, add the text indicated in bold below to the setting. Where a path is indicated, substitute your own Lotus Domino program directory path. JavaUserClassesExt=QPJC1,QPJC2,QPJC3,QPJC4 QPJC1=C:\PROGRAM FILES\LOTUS\DOMINO\quickplace.jar QPJC2=C:\PROGRAM FILES\LOTUS\DOMINO\log4j-118compat.jar QPJC3=C:\PROGRAM FILES\LOTUS\DOMINO\STCore.jar QPJC4=C:\PROGRAM FILES\LOTUS\DOMINO\STMtgManagement.jar v On AIX, add the text indicated in bold below to the setting. Where a path is indicated, substitute your own Lotus Domino program directory path. JavaUserClassesExt=QPJC1,QPJC2,QPJC3,QPJC4 QPJC1=/opt/lotus/notes/<latest>/ibmpow/quickplace.jar QPJC2=/opt/lotus/notes/<latest>/ibmpow/log4j-118compat.jar QPJC3=/opt/lotus/notes/< latest >/ibmpow/STCore.jar QPJC4=/opt/lotus/notes/< latest >/ibmpow/STMtgManagement.jar v On Solaris, add the text indicated in bold below to the setting. Where a path is indicated, substitute your own Lotus Domino program directory path. JavaUserClassesExt=QPJC1,QPJC2,QPJC3,QPJC4 QPJC1=/opt/lotus/notes/<latest>/sunspa/quickplace.jar QPJC2=/opt/lotus/notes/<latest>/sunspa/log4j-118compat.jar QPJC3=/opt/lotus/notes/ <latest >/sunspa/STCore.jar
12-8
QPJC4=/opt/lotus/notes/ <latest >/sunspa/STMtgManagement.jar v On i5/OS, add the text indicated in bold below, assuming you added the STMtgManagement.jar and STCore.jar files to the recommended directory: JavaUserClassesExt=LQPJava1,LQPJava2,LQPJava3,LQPJava4 LQPJava1=/QIBM/ProdData/Lotus/QuickPlace/quickplace.jar LQPJava2=/QIBM/ProdData/Lotus/QuickPlace/log4j-118compat.jar LQPJava3=/QIBM/UserData/Lotus/QuickPlace/STCore.jar LQPJava4=/QIBM/UserData/Lotus/QuickPlace/STMtgManagement.jar
5. Within the <credentials> element, type the distinguished name and Internet password of the user you configured in the Domino Directory for Lotus Quickr meeting integration.
<sametime ldap="true"> <meetings invite_servers="false"> <tools> <audio enabled="true"/> <video enabled="true"/> </tools> <credentials> <dn>cn=John Doe/o=acme</dn> <password>xw356l78</password> </credentials> </meetings> </sametime>
6. Specify other <sametime> settings as needed: v If the Lotus Sametime server is configured to invite other Lotus Sametime servers to meetings, set invite_servers=true in the <meetings> element to support that feature in Lotus Quickr. v If you do not want to use audio Web conferencing features, set the audio enabled attribute to false in the <tools> element. v If you do not want to use Web conferencing video features, set the video enabled attribute to false in the <tools> element. 7. Save the qpconfig.xml file and restart the server for the settings to take effect. Related information Creating and using the qpconfig.xml file on page 6-3 You use an XML configuration file, qpconfig.xml file, to perform many server configuration tasks. The server comes with a sample file, qpconfig_sample.xml, which is installed in the server data directory and which you use as a template.
Integrating with other applications
12-9
Specify the Lotus Sametime meeting server for Lotus Quickr to use
Use the Site Administration link on the IBM Lotus Quickr server to specify the IBM Lotus Sametime meeting server to use. Perform these steps: 1. Log in to Lotus Quickr as an administrator. 2. Click the Site Administration link. 3. Click Other Options. 4. Click Edit Options. 5. Below Sametime Servers, type the URL for the Lotus Sametime server in the Sametime Meeting Server field, specifying the fully qualified host name, for example http://stserver.acme.com. 6. Click Next.
12-10
13-1
Table 13-1. Lines to add to the notes.ini file (continued) Operating system AIX Settings EXTMGR_ADDINS=libqpextmgr_r.a CheckCacheBeforeDSAPI=1 Solaris EXTMGR_ADDINS=libqpextmgr.so CheckCacheBeforeDSAPI=1
10. Make sure there is a blank line at the end of the notes.ini file. Press Enter to create a blank line, if necessary. 11. Save the file. 12. Start the Domino server.
Note: If these lines begin with a semicolon (;), then these lines are designated as comments, and the semicolon should be removed. v Save and close the notes.ini file. v Click OK on the Properties dialog box. 5. Start the server.
13-2
New organization certifier required for external users in a different organization from the server
If external offline users are in a different organization hierarchy from the IBM Lotus Domino server on which IBM Lotus Quickr runs, you must create an organization certifier ID for their organization, cross-certify that certifier ID with the Domino servers organization certifier ID, and then attach the cross-certified ID to an Offline Security Policy document. For example, if the Domino server is within the /Org organization, but there are external users within the /Acme organization, create an /Acme organization certifier ID, cross-certify it with the /Org certifier ID, and then create an Offline Security Policy document and attach the cross-certified /Acme certifier ID to it.
Separate organizational unit certifier recommended for external users within the same organization as the server
If offline users are within the organization hierarchy of the Domino server on which Lotus Quickr runs, put them under their own organizational unit certifier as a security measure to limit their access to the Domino server.
Distinguished names that do not follow the Domino naming convention require translation
Domino recognizes only the following delimiters in a distinguished name: CN,OU, O, and (optionally) C. If the distinguished names of external member use different delimiters, you must use the name_translation setting in the offline section of the qpconfig.xml file on the server to translate them to the Domino format. When you create an Offline Security Policy document, you use the Domino format when specifying the certifier name.
13-3
Separate Security Policy documents required for local and external users
You must create separate Security Policy documents and IDs for local users (users registered in places) and external users (users registered in a directory). You can attach only one certifier ID to each Security Policy document.
13-4
13-5
2. 3. 4. 5. 6. 7. 8. 9. 10. 11.
From the Domino Administrator, select the Domino server, for example, ServerA/Org. Click Configuration. Click Registration Organizational Unit. Click Server and select the Domino server. Click Certifier ID, select the Domino server certifier ID, then click OK. Type the password for the certifier ID and click OK. The administrator who set up the Domino server created this password. If you see the message The certifier ID you have chosen does not contain recovery information, read the message and click OK. In the Register Organizational Unit Certifier dialog box, click Registration Server and choose the Domino server, for example, ServerA/Org. In the Organizational Unit field, type QP. In the Certifier Password field, type a password for the new certifier.
12. Optional: Click Set ID File to specify the file name and local path name in which to store the /QP organizational unit certifier ID file. Note: For security reasons, back up doladmin.nsf and delete the ID file from your system directory after this ID is attached to an Offline Security Policy document. 13. Optional: Complete the additional fields in the Register Organizational Unit Certifier dialog box. Click ? for information on these fields. 14. Click Register at the bottom of the dialog box to create the /QP oganizational unit certifier ID file locally and to register the organizational unit in the Domino Directory on the Domino server.
13-6
7. Optional: Click Overwrite existing user IDs to cause users offline IDs to be overwritten with a new ID each time they install a place offline. Note: Do not select this option if offline encryption is used. Users whose IDs are overwritten will not be able to open an offline place encrypted with a key from the previous ID. 8. Save the document. For security reasons, after you have created all the Offline Security Policy documents that you require, back up the doladmin.nsf database and then delete any of the new certifier ID files from your system directory.
13-7
The following example of translation rules in the qpconfig.xml file translate distinguished names that follow this pattern uid=value/c=value/ou=bluepages/o=ibm.com into the Domino-style name CN=value/OU=bluepages_value/O=ibm_com. The two <translate> elements contain the rules. The from and to attributes within the <translate> elements contain regular expressions, for example, uid=(.+)/c=(.+)/ou=bluepages/o=ibm\.com. The regular expressions contain symbols, for example, (.+) and \:
<server_settings> <offline enabled="true"> <name_translation enabled="true"> <from_directory_name> <translate from="uid=(.+)/c=(.+)/ou=bluepages/o=ibm\.com" to="CN=\1/OU=bluepages_\2/O=ibm_com" /> </from_directory_name> <to_directory_name> <translate from="CN=(.+)/OU=bluepages_(.+)/O=ibm_com" to="uid=\1/c=\2/ou=bluepages/o=ibm.com" /> </to_directory_name> </name_translation> </offline> </server_settings>
You create rules for translating LDAP names to Domino names within the <from_directory_name> elment. You specify each LDAP name attribute in the from attribute, using symbols to account for any possible value the attribute might have. For example, the (.+) symbol means one or more occurrences of any character. In the preceding sample, this accounts for any value the uid and c attributes might have. You also use symbols to translate syntax that otherwise might be interpreted as a special character. For example, the \ symbol turns off the special meaning of the character which follows. Without this symbol in o=ibm\.com, the dot (.) would be interpreted by its special character meaning, which is match any single character. The to attribute specifies Domino attributes using symbols to match values from the LDAP attributes and to arrange them in a way Domino recognizes. For example, the symbol \1 means whatever matched the first regular expression. So, the CN attributes value will match the first regular expression (.+) found in the from attribute. In the same way, the symbol \2 means whatever matched the second regular expression. So, the OU value will be the explicitly stated bluepages_ plus the second regular expression (.+), which in this case is the value of the country, or c, attribute. The O attribute is explicitly stated. You can have up to nine regular expressions in one rule. You create rules for translating Domino names back to LDAP names within the <to_directory_name> element using the same method. The preceding translation rules result in the following example translations:
Table 13-3. Example translations LDAP directory name uid=Joe User/c=us/ou=bluepages/o=ibm.com uid=Nils Nilsen/c=dk/ou=bluepages/o=ibm.com Domino name CN=Joe User/OU=bluepages_us/O=ibm_com CN= Nils Nilsen/OU=bluepages_dk/O=ibm_com
Notice that the regular expressions accommodate the country, or c, code. There is no need to have a separate translation rule for each country code because they can be captured by a (.+) expression, and then inserted anywhere in the translated name with a \[number] expression. Note: The LDAP names specified in from_directory_name and to_directory_name must exactly match the case that is used for the names in the LDAP directory. The attributes of the Domino-style names specified in from_directory_name and to_directory_name (CN, OU, O, or O) must be uppercase.
13-8
Table of expressions
There are many symbols that can be used in regular expressions, but only a few are useful for the purpose of translating a non-conforming LDAP name to a Domino name. The following table lists of these symbols, with examples that show how they match a particular LDAP name. All of the examples shown here will match the LDAP distinguished name uid=Joe User/c=us/ou=People1/o=org.com. The symbols described are in bold text in the examples:
Table 13-4. Table of expressions Symbol (.+) \1, \2, \3, etc. Description Represents one or more occurrences of any character. \1 represents a match with the first regular expression; \2 represents a match with the second regular expression, and so on. Up to 9 regular expressions may be used in one rule. Turns off the meaning of any special character c. Matches any single character. Matches any of the enclosed characters. Matches any character that is not enclosed. Matches any character in this range. Matches any number (zero or more) of the preceding character or bracketed expression. Matches one or more of the preceding character or bracketed expression. Example uid=(.+)/c=(.+)/ou=bluepages/ o=ibm\.com CN=\1/OU=bluepages_\2/ O=ibm_com
uid=Joe User/c=us/ou=People1/ o=org\.com uid=Joe User/c=us/ou=People./ o=org uid=Joe User/c=us/ ou=People[123456789]/o=org uid=Joe User/c=us/ou=People[^2-9]/ o=org uid=Joe User/c=us/ou=People[0-9]/ o=org[._]com uid=Joe U.*/c=us/ou=People1/ o=org\.com uid=Joe [A-Za-z]+/c=us/ ou=People1/o=org\.com
* +
(regexp)
Delineates a regular expression so uid=Joe User/c=(.+)/ou=People1/ that it can be used in the replacement o=org\.com string (the to string in <translate>).
13-9
where hostname is the fully-qualified host name or IP address of one Lotus Quickr server in the cluster. For example, if the servers in a cluster are blue.enterprise.com, green.enterprise.com, and red.enterprise.com, and the network dispatcher is colors.enterprise.com, you could add the following setting to the notes.ini file on blue.enterprise.com, green.enterprise.com, and red.enterprise.com:
$DOLS_TCPIPAddress=blue.enterprise.com
Configuring offline use in an environment that uses Sun Java System Portal Server
If you use Sun Java System Portal Server with IBM Lotus Quickr as a reverse proxy, use the notes.ini setting NoWebFileSystemACLS to prevent users from having to re-authenticate after installing places offline. Add the following setting to the notes.ini file of a Lotus Quickr server:
NoWebFileSystemACLS=1
4. If you make a change to the field, restart the server by entering the following command:
restart server
13-10
Perform the following steps: 1. Log in to the server as an administrator. 2. Click Site Administration. 3. Click Other Options. 4. Click Edit Options. 5. Below Domino Offline Passthru Server, type the canonical name (for example, Passthru/Acme) and the fully-qualified host name (for example, passthru.acme.com) of the passthru server. 6. Click Next.
7. Click Next.
13-11
Perform the following steps: 1. Open the qpconfig.xml file in the domino_data_root directory, or create the file if it does not exist already. 2. In the offline section, type true for the use_login_passwords attribute. 3. Save the qpconfig.xml file. 4. Enter the following server console command:
restart task http
The following example shows the qpconfig.xml file when this feature is enabled:
<offline enabled="true" use_login_passwords="true"> </offline>
Related information Creating and using the qpconfig.xml file on page 6-3 You use an XML configuration file, qpconfig.xml file, to perform many server configuration tasks. The server comes with a sample file, qpconfig_sample.xml, which is installed in the server data directory and which you use as a template.
Related information Creating and using the qpconfig.xml file on page 6-3 You use an XML configuration file, qpconfig.xml file, to perform many server configuration tasks. The server comes with a sample file, qpconfig_sample.xml, which is installed in the server data directory and which you use as a template.
13-12
Question: In our organizational hierarchy, our organization (O) is ACME, our organizational unit (OU) is ACMEWEB, and our domain is ACMEWEB. Our IBM Lotus Quickr server is W1SERVER/ACMEWEB/ ACME. Should the certifier for our local members be QP/ACMEWEB/ACME? Answer: Yes, this would be the correct hierarchical name for the certifier ID, which would allow your local members to take places offline. However, for easier management, we recommend that all of your Lotus Quickr place members be external (meaning their information is stored in a user directory). Question: We have a large organization. To set up our external members to take places offline, is it necessary to create a different Offline Security Policy document and certifier ID for each of our organizational units? Answer: The number of different Offline Security Policy documents and certifier IDs you must create depends on your organizations hierarchy. When a user takes a place offline, an ID is automatically generated by the Notes registration API. This ID is based on the certifier ID attached to the Offline Security Policy document. The Notes registration API can only create ID files for users as far as one organizational unit down from the root organizational unit for the certifier ID. For example, the following local members can take places offline with the certifier ID QP/<Organization>: Fred/QP/<Organization> John/MyWorld/QP/<Organization> However, the user Mike/Westford/MyWorld/QP/<Organization> cannot take places offline with this certifier ID. For Mike to take places offline, you must create a new Offline Security Policy document, then create and attach one of the following certifier IDs: Westford/MyWorld/QP/<Organization> or MyWorld/QP/<Organization> If all your external members are in the same hierarchy except for the last organizational unit before their user name, you only need one certifier ID for all of those users. Otherwise, you must create multiple certifier IDs. For example, both of the following external members can take places offline with the certifier ID /ACME: Joe/PHIL/ACME Will/BOS/ACME However, the following members require two separate certifier IDs: Mary/PHIL/PA/ACME Caroline/BOS/MA/ACME Mary can use either PA/ACME or PHIL/PA/ACME. Caroline can use either MA/ACME or BOS/MA/ACME. Question: The documentation says to create an organizational unit (OU)/Organization certifier. Do we need to create duplicate certifier IDs, or can we make copies of the certifier ID files that were used to create the users?
13-13
Answer: For security reasons, we do not recommend using existing Domino certifiers. We recommend that you create new certifiers, even if they are based on existing certifiers, because new certifiers based on existing certifiers are duplicates in name only. If you create new certifiers, you do not have to worry about the original certifiers falling into the wrong hands. You must create ID files for users as far as one organizational unit down from the root organizational unit for the certifier ID. See the previous question for more information. Question: Do the offline certifier ID files need to be stored on the Lotus Quickr server permanently? Answer: Yes, but only in the doladmin.nsf database. You do not need to store these ID files on the servers file system, only in the doladmin.nsf. Please note that you should always back up this database. Question: How exactly are these certifier ID files used by Lotus Quickr? Answer: They are used to generate an offline ID file that maintains secure access between the online and offline versions of a place. When users install a place offline, an ID based on the certifier ID is generated for them and installed on their computer. This offline ID authenticates users when they synchronize the place. The offline ID file password is set by users in the offline password field in their Member page in the online version of the place.
13-14
3. Save the modified file. 4. Enter the following command at the server console to restart the HTTP task:
restart task http
For example, to enable all context menus but disable document drag-and-drop, specify the following settings:
<ui_features enabled="true"> <context_menus enabled="true"> <documents enabled="true"/> <folders enabled="true"/> <user_names enabled="true"/> <my_places enabled="true"/> </context_menus> <drag_and_drop enabled="false"> </drag_and_drop> </ui_features>
Related concepts Whats new? on page 4-11 Read about the new features in this release. Related information Creating and using the qpconfig.xml file on page 6-3 You use an XML configuration file, qpconfig.xml file, to perform many server configuration tasks. The server comes with a sample file, qpconfig_sample.xml, which is installed in the server data directory and which you use as a template.
14-1
where URL is the Web service URL location for the images that refers to one or more of the following attributes values from the LDAP directory: v EMAIL={email} v CN={cn} v DN={dn} v DISPLAY_NAME={display_name) 3. Save the modified file. 4. Enter the following command at the server console to restart the HTTP task:
restart task http
The following example pulls images of external members from the URL http://web.acme.com/photos/ api/photo.jsp and displays their LDAP e-mail addresses in context menus:
<user_photo_source local="false"> <directory> <url> <![CDATA[http://web.acme.com/photos/api/photo.jsp?EMAIL={email}]]> </url> </directory> </user_photo_source>
Related concepts Whats new? on page 4-11 Read about the new features in this release. Related information Creating and using the qpconfig.xml file on page 6-3 You use an XML configuration file, qpconfig.xml file, to perform many server configuration tasks. The server comes with a sample file, qpconfig_sample.xml, which is installed in the server data directory and which you use as a template.
14-2
1. Open the qpconfig.xml file in the domino_data_root directory, or create the file if it does not exist already. 2. Specify the following setting in the file:
<server_settings> <server_messages> <footer> <![CDATA[yourfooter]]> </footer> </server_messages> </server_settings>
where yourfooter is your HTML footer. Note: To insert an image in the footer, put the image file in the ...data\domino\html directory and reference it in the footer setting as <img src=/filename>. Or put the image file in the ...data\domino\icons directory and reference it as <img src=/icons/filename>. 3. Save the modified file. 4. Enter the following command at the server console to restart the HTTP task:
restart task http
For example, to display Acme Corporation in bold text in page footers, specify the following setting:
<server_settings> <server_messages> <footer> <![CDATA[<b>Acme Corporation</b>]]> </footer> </server_messages> </server_settings>
To display the image file logo.gif located in the ....data\domino\html directory, specify the following setting:
<server_settings> <server_messages> <footer> <![CDATA[<img src="/logo.gif">]]> </footer> </server_messages> </server_settings>
Related information Creating and using the qpconfig.xml file on page 6-3 You use an XML configuration file, qpconfig.xml file, to perform many server configuration tasks. The server comes with a sample file, qpconfig_sample.xml, which is installed in the server data directory and which you use as a template.
14-3
-i inputfile
-o outputfile
Table 14-2 shows the default location of the fonts directory for each supported server operating system.
Table 14-2. Default location of the fonts directory Operating system Windows Solaris AIX i5/OS Fonts directory location C:\WINDOWS\Fonts /usr/openwin/lib/X11/fonts/ /usr/lpp/fonts/ /QIBM/ProdData/Lotus/LotusQuickr/TTFONTS/ GRAPHICFONTS
14-4
Table 14-3. Examples of qptool addgraphicfont and removegraphicfont commands (continued) Task Use an XML input file named addfont.xml to add the Arial typeface and Times New Roman typeface. Command 1. Create the addfont.xml file in the server program directory with the following XML content: <graphic_fonts> <font action="add"> <name>Arial</name> </font> <font action="add"> <name>Times New Roman</name> </font> </graphic_fonts> 2. Enter the following command: > load qptool addgraphicfont -i addfont.xml
Use an XML input file named removefont.xml to remove the Arial typeface and Times New Roman typeface.
1. Create the removefont.xml file in the server program directory with the following XML content: <graphic_fonts> <font action="remove"> <name>Arial</name> </font> <font action="remove"> <name>Times New Roman</name> </font> </graphic_fonts> 2. Enter the following command: > load qptool removegraphicfont -i removefont.xml
14-5
Administration link on the home page. From there you can set up a connection to a user directory, control access to the server, as well as specify other configuration options.
Disabling ActiveX
ActiveX controls are enabled by default, providing Internet Explorer users with additional file attachment and file import features. You can disable ActiveX controls. You might want to do this, for example, if you do not allow user installation of ActiveX controls and want to prevent users from seeing the prompt to install them, or if you want to provide a homogenous user experience for all browser users. The ActiveX features are available only to Internet Explorer browser users, and not to Mozilla Firefox or Safari users. Perform the following steps to disable ActiveX controls: 1. Log in to the server as an administrator. 2. Click Site Administration. 3. Click Other Options. 4. Click Edit Options. 5. Clear the Enable ActiveX check box. 6. Click Next. Table 14-4 compares the features available, depending on whether ActiveX is enabled or disabled. Note: T
Table 14-4. Feature comparison with ActiveX enabled or disabled Feature Drag-and-drop file import/export operations File import operations done through file attachment dialog box ActiveX enabled Yes Yes ActiveX disabled No Yes, but limited to one file per publishing cycle Yes No Yes No No Yes, but limited to one attachment per publishing cycle Yes Yes Yes No
Rendering of imported Microsoft Yes Office files (Word, Excel, PowerPoint) Import Microsoft Office files Rendering of imported HTML, JPEG, and GIF files Import of JPEG and GIF files Drag-and-drop file attachment operations File attachment operations done through the attachment dialog box Remove attachments from a page Save attachments to the client file system When opening attachments, load the attachments within their applications Do round-trip edits of imported files Yes Yes Yes Yes Yes Yes Yes Yes Yes
Related information Using the Site Administration link on page 6-7 When you log in to the server as an IBM Lotus Quickr administrator, you have access to the Site
14-6
Administration link on the home page. From there you can set up a connection to a user directory, control access to the server, as well as specify other configuration options.
3. Save the modified file. 4. Enter the following command at the server console to restart the HTTP task:
restart task http
Related information Creating and using the qpconfig.xml file on page 6-3 You use an XML configuration file, qpconfig.xml file, to perform many server configuration tasks. The server comes with a sample file, qpconfig_sample.xml, which is installed in the server data directory and which you use as a template.
14-7
The compression reduces the size of HTML transmissions to 30% or less of the uncompressed size, with the result that users can open large pages more quickly. Only HTML and text is compressed, not images or attachments. If the browsers in your environment do not support page compression, perform the following steps to disable it: 1. Open the qpconfig.xml file in the domino_data_root directory, or create the file if it does not exist already. 2. Specify the following setting in the file:
<server_settings> <page_compression enabled="false"> </page_compression> </server_settings>
3. Save the modified file. 4. Enter the following command at the server console to restart the HTTP task:
restart task http
Related information Creating and using the qpconfig.xml file on page 6-3 You use an XML configuration file, qpconfig.xml file, to perform many server configuration tasks. The server comes with a sample file, qpconfig_sample.xml, which is installed in the server data directory and which you use as a template.
where placename is the name of the place to receive the mail, and domainname is the fully qualified domain name of the server that hosts the place. For example, to send these e-mails to replyplace@quickr.acme.com, specify the following notes.ini settings:
h_UndelivMail=replyplace $h_MailDomain=quickr.acme.com
14-8
6. Click Next. Related information Using the Site Administration link on page 6-7 When you log in to the server as an IBM Lotus Quickr administrator, you have access to the Site Administration link on the home page. From there you can set up a connection to a user directory, control access to the server, as well as specify other configuration options.
14-9
<calendar> <client_types> <notes5 enabled="true"/> <msoutlook enabled="true"/> </client_types> </calendar> <recipient_rules> <expand_external_groups enabled="true"/> <allow_ambiguous_sendto enabled="false"/> </recipient_rules> </notifications> </server_settings>
3. Save the modified file. 4. Enter the following command at the server console to restart the HTTP task:
restart task http
notes5 enabled
msoutlook enabled
expand_external_groups enabled
Related information Creating and using the qpconfig.xml file on page 6-3 You use an XML configuration file, qpconfig.xml file, to perform many server configuration tasks. The server comes with a sample file, qpconfig_sample.xml, which is installed in the server data directory and which you use as a template.
14-10
3. Make sure to leave a blank line at the end of the file. Press Enter, if necessary, to create one. 4. Close and save the file. 5. Enter the following command at the server console to restart the server so your changes takes effect:
restart server
6. Perform the following steps to re-index the Place Catalog on the server: a. From IBM Lotus Notes, choose File Database Open. b. Select the IBM Lotus Quickr server in the Server field, and then type placecatalog.nsf in the Filename field. Note: The Open Database window does not display the Place Catalog database by default. 7. Click File Database Properties. 8. Click the second tab from the right, and then click Update Index.
15-1
3. Save the modified file. 4. Enter the following command at the server console to restart the HTTP task:
restart task http
Related information Creating and using the qpconfig.xml file on page 6-3 You use an XML configuration file, qpconfig.xml file, to perform many server configuration tasks. The server comes with a sample file, qpconfig_sample.xml, which is installed in the server data directory and which you use as a template.
3. Save the modified file. 4. Enter the following command at the server console to restart the HTTP task:
restart task http
Related information Creating and using the qpconfig.xml file on page 6-3 You use an XML configuration file, qpconfig.xml file, to perform many server configuration tasks. The server comes with a sample file, qpconfig_sample.xml, which is installed in the server data directory and which you use as a template.
15-2
where: <protocol> is http or https <servername> is the fully-qualified host name of a load balancing server or a Lotus Quickr server <quickrroot> is the Lotus Quickr URL root. This value is lotusquickr unless you have upgraded from Lotus QuickPlace and did not change the URL root, in which case the value is quickplace. For example:
Proxy /qphtml/* Proxy /quickr_services_for_LD/* Proxy /lotusquickr/* https://qk.acme.com/qphtml/* https://qk.acme.com/* https://qk.acme.com/lotusquickr/*
16-1
16-2
17-1
Table 17-1. Web page cache settings in the notes.ini file (continued) Setting QuickPlaceWebCacheDir= path Description Specifies the full path to the cache directory on the server. If omitted, the default path is domino_data_root/domino/lotusquickr/cache. Specifies a maximum size, in MB, for the cache. If omitted, or if a negative value is specified, the maximum size is 50 MB. Specifies the time interval, in minutes, for cache cleaning. If omitted, or if a negative value is specified, then the interval is 60 minutes. Enables caching for anonymous users only. If omitted, and by default, caching is enabled for all users. Specifies the level (1, 2, 3), for cache logging. Level 1 is the least detailed and 3 is the most detailed. Logging is written to domino_data_root/log.nsf.
QuickPlaceWebCacheLimitInMB=size
QuickPlaceWebCacheGCIntervalInMIN=interval
QuickPlaceWebCacheUsers=anonymous QuickPlaceWebCacheLogging=level
17-2
18-1
e. Wait for the Catalog task to stop on the Domain Catalog server. f. In the Server document of the Domain Catalog server, click Server Tasks Domain Indexer, and in the Schedule field, click Enabled to enable the Domain Indexer task. Specify a schedule for running the Domain Indexer. 3. Install Lotus Quickr on each Lotus Domino server you installed in the first step. 4. Perform the following steps on each server to configure the qpconfig.xml file: a. Open the qpconfig.xml file in domino_data_root or create the file if it does not exist already. b. Specify the following settings, providing values suitable for your environment, and then save the modified file:
<search_places enabled="true" anonymous="true"> <domain_catalog_server ssl="false"> <port>80</port> <domino_server_name>qkdcs/acme</domino_server_name> <path_prefix></path_prefix> <hostname>qkdcs.acme.com</hostname> </domain_catalog_server> </search_places>
Table 18-1 describes the settings. Note: Settings marked with an asterik (*) should be specified on every Lotus Quickr server except the Domain Catalog server. Do not use them on the Domain Catalog server. c. Enter the following command at the server console to restart the HTTP task:
restart task http Table 18-1. qpconfig.xml settings for cross-place searching Setting enabled Description When set to true enables cross-place searches. When set to false, prevents cross-place searching. When set to true allows anonymous users to search across places. When set to false returns an error when anonymous users issue cross-place searches. If you allow anonymous users to search across places, and the manager of a particular place does not want to expose the contents of the place to anonymous users through cross-place searching, the manager should make sure that anonymous access to the place is disabled, and limit the place membership to specified users and groups in the directory. If you allow anonymous access, make sure that anonymous users have the same access as the -Defaultaccess in the ACL for CATALOG.NSF on the Domain Catalog server. SSL* When set to true defines that SSL generates the URL for the domain catalog server (HTTPS). When set to false defines that HTTP generates the URL. Defines the port used in the URL for the Domain Catalog server.
anonymous
port*
18-2
Table 18-1. qpconfig.xml settings for cross-place searching (continued) Setting path_prefix* Description Defines a path prefix for the URL for the Domain Catalog server. Specifies the hostname of the Domain Catalog server. Specifies the Domino server name of the Domain Catalog server for example, ServerCatalog/Acme. Before removing places from this server, the server does a lookup to the Domain Catalog server to verify if the search index is cleared.
hostname* domino_server_name*
Related information Creating and using the qpconfig.xml file on page 6-3 You use an XML configuration file, qpconfig.xml file, to perform many server configuration tasks. The server comes with a sample file, qpconfig_sample.xml, which is installed in the server data directory and which you use as a template.
18-3
18-4
19-1
Table 19-1. Arguments for the qptool addmember command (continued) Argument -g Description Indicates that a name specified for the -dn argument is the name of a group. You must use this argument to add an external group. If you use qptool addmember without the -g argument to add an external group as a member of a place, users who are members of the group cant access the place through the group membership, and the group may not show up in the user interface in some places. -reader -author -editor -manager -allrooms Adds the specified name as a Reader of a place. Adds the specified name as an Author of a place. Adds the specified name as an Editor of a place. Adds the specified name as a Manager of a place. Applies the place access specified for the name to all rooms in a place. If you omit this argument, the names specified access applies only to a places main room. Adds the specified name as a member of all places on the server. Adds the specified name as a member of a specific place or space-separated list of places. XML input file located in the server program directory that specifies the places in which to add an external member. XML output file that logs the results of the command. By default the command logs results to qptool.addmember.xml in the server program directory.
-a
-p place(s)
-i inputfilename
-o outputfilename
Add the group cn=Salesgroup,o=Acme as a reader of the load qptool addmember -dn cn=Salesgroup,o=Acme -g main room in all places -reader -a
19-2
where arguments are described in Table 19-3 on page 19-4. Note: Specify names exactly, remembering to include any spaces and to use the exact character case. If a name contains spaces, put quotation marks () around it.
19-3
Table 19-3. Arguments for the qptool changemember command Argument -? -sourcedn name Description Prints help on the command. Specifies the distinguished name of an external user or group member as it currently appears in places, for example, cn=Connor Jones, ou=Sales,o=Acme. Specifies the current name of a local user member, for example, Joe Smith. Indicates that the specified source name is that of an external group. Specifies the new distinguished name of an external user or group member. for example: cn=Representatives,ou=Sales,o=Acme Note: IBM Lotus Quickr does not look up the target name in the user directory to verify it, so be sure that the name is valid. Specifies the new name of a local user, for example, Joe Smith. Indicates that the specified target name is that of an external group. Specifies a place or a space-separated list of places in which to rename the user or group. XML input file located in the server program directory that specifies the places in which to rename the user or group. XML output file that logs the results of the command. By default the command logs results to qptool.changemember.xml in the server program directory.
-sourceu name
-sourceg
-targetdn name
-targetu name
-targetg
-p place(s)
-i inputfilename
-o outputfilename
19-4
Table 19-4. Examples of qptool changemember (continued) Task Change an external group name in multiple places. Command >load qptool changemember -p PlaceName1 PlaceName2 -sourceg -sourcedn CN=External Group,O=[Organization] -targetg -targetdn CN=New External Group,O=[Organization]
where arguments are described in Table 19-5 Note: Specify the name hierarchy exactly, remembering to include any spaces and to use the exact character case that is used in the directory. If a name hierarchy contains spaces, put quotation marks () around it.
Table 19-5. Arguments for the qptool changehierarchy command Argument -? -sourceh hierarchy Description Prints help on the command. Specifies the original name hierarchy to change, for example, OU=people,O=group Specifies the new name hierarchy, for example, OU=people2,O=group. The name hierarchy you specify should correspond to a valid name hierarchy in the external directory. Changes the hierarchy of member names in all places that have member names with the original name hierarchy.
-targeth hierarchy
-a
19-5
Table 19-5. Arguments for the qptool changehierarchy command (continued) Argument -p place(s) Description Changes the hierarchy of member names in a place or space-separated list of places. Changes the hierarchy of member names in places specified in an XML input file located in the server program directory. XML output file that logs the results of the command. By default the command logs results to qptool.changehierarchy.xml in the server program directory.
-i inputfilename
-o outputfilename
19-6
where arguments are described in Table 19-7. Note: Specify names exactly, remembering to include any spaces and to use the exact character case. If a name contains spaces, put quotation marks () around it.
Table 19-7. Arguments for the qptool updatemember command Argument -? -dn name Description Prints help on the command. Specifies the name of an external user or group whose member information has changed in the user directory, for example:. cn=Connor Jones,ou=Sales,o=Acme If you use this argument, do not use -allmembers. -allmembers Updates all external member information in the specified place(s). If you use this argument, do not use -dn name. You can run qptool updatemember -allmembers -a on a schedule. How often you should run it depends on how often the contents of your user directory changes. -g Indicates that a name specified for the -dn argument is the name of a group. Updates external member information in all places Updates external member information in a specific place or space-separated list of places. XML input file located in the server program directory that specifies the places in which to update external member information. XML output file that logs the results of the command. By default the command logs results to qptool.updatemember.xml in the server program directory.
-a -p place(s)
-i inputfilename
-o outputfilename
19-7
-u name
-i inputfilename
-o outputfilename
19-8
Table 19-10. Examples of the qptool removemember command (continued) Task Remove the external group cn=managers,ou=groups,o=acme from the place P1 Remove the local user Jonathan Carter from the places P1 and P2 Remove the external user cn=connor jones,ou=sales,o=acme from all places Command >load qptool removemember -g -dn cn=managers,ou=groups,o=acme -p P1 >load qptool removemember -u Jonathan Carter -p P1 P2 >load qptool removemember -dn cn=connor jones,ou=sales,o=acme -a
Remove the external group >load qptool removemember -i qptool.myremmem.xml cn=managers,ou=groups,o=acme from places specified in -g -dn cn=managers,ou-groups,o-acme the XML input file qptool.myremmem.xml Remove the external user cn=connor jones,ou=sales,o=acme from the place P1 and log the command output to the non-default XML output file qptool.myoutfile.xml >load qptool removemember -dn cn=connor jones,ou=sales,o=acme -p P1 -o qptool.myoutfile.xml
-i inputfilename
19-9
Table 19-11. Arguments for the qptool password command (continued) Argument -o outputfilename Description XML output file that logs the results of the command. By default the command logs results to qptool.password.xml in the server program directory.
19-10
Table 19-13. Arguments for enabling expanded membership in places (continued) Argument -p places Description Runs the command on a place or a space-separated list of places. Runs on places specified in an XML input file. XML output file that logs the results of the command. By default the command logs results to qptool.membershipmodel.xml in the server program directory.
-i inputfilename -o outputfilename
Table 11-3 on page 11-14 provides examples of using the membershipmodel command to enable expanded membership in places.
Table 19-14. Examples of enabling expanded membership in places Task Enable placeofmanymembers to use expanded membership. Enable all places that do not currently use expanded membership to use expanded membership. Command >load qptool membershipmodel -toexpanded -p placeofmanymembers >load qptool membershipmodel -toexpanded -a
Changing the directory server or base distinguished name used for the expanded membership groups
Follow specific steps to change the LDAP directory server or base distinguished name used for expanded membership groups. Perform the following steps in the exact order given: 1. Enter the following command at the server console to remove all of the existing expanded membership groups from the directory server that currently stores them:
load qptool membershipmodel -rmgroups -a
2. Change the host name or base distinguished name specified in the expanded membership model section of the qpconfig.xml file. You can change one or both settings. v To change the directory server in which to store the expanded membership groups, change the hostname setting, and optionally the ssl and port setting. v To change the base distinguished name under which to store the expanded membership groups, change the base _dn setting. Make sure the new base_dn value exists on the directory server. 3. Enter the following command at the server console to restart the HTTP task:
restart task http
4. If the user name and password the IBM Lotus Quickr server will use to manage the groups at the new LDAP directory location are not the ones currently configured, use the Site Administration User Directory page to configure the correct user name and password. Make sure the name you specify has write access to the base distinguished name used for the expanded membership groups. 5. If you changed the base_dn setting, enter the following command at the server console to update the names of the groups in the place ACLs of all the places that use expanded membership:
load qptool membershipmodel -basedn -a
Managing place membership
19-11
6. Enter the following command at the server console to generate the groups at the new directory location for each place that uses expanded membership:
load qptool membershipmodel -addgroups -a
19-12
Managing places
Use My Places and qptool commands to manage places.
20-1
Table 20-1. Administration actions available from My Places Command Lock Place Unlock Place Update Place Data Statistics Description Issues the load qptool lock command on the server to lock and place and prevent users from accessing it. Issues the load qptool unlock command on the server to unlock a locked place. Issues the load qptool placecatalog -push command on the server to update statistics for the place in the place catalog that are not updated automatically in real-time. Issues the load qptool placecatalog -reset command to reset the login, documents reads, and posting counts to 0 in the place catalog, so that you can measure them for a specific time period. Issues the load qptool remove command on the server to mark a place for removal. Users will no longer be able to access a place marked for removal.
Remove Place
-i inputfile
-o outputfile
20-2
This mail is sent to members of place <xsl:value-of select=./name/> by qptool sendmail using xsl as a mail template. Some other fields you might want to use are:
TITLE: <xsl:value-of select="./title"/>, SIZE: <xsl:value-of select="./size"/>, LAST_ACCESSED: <xsl:value-of select="./last_accessed"/>, LAST_MODIFIED: <xsl:value-of select="./last_modified"/> </body> </mail> </xsl:template> </xsl:stylesheet>
Note: You can include information about each place in the e-mail to managers or members of that place. The tags used in the template look like: <xsl:value-of select=./fieldname/> where fieldname is the name of a field in the input XML.
Managing places
20-3
Table 20-3. Arguments for qptool newsletter (continued) Argument -daily Description Sends newsletters in daily format. By default the NOTES.INI file includes the setting ServerTasksAt1=qptool newsletter -daily -a so that daily newsletters are sent at 1 AM for all places. You can change the time when daily newsletters are sent by modifying the notes.ini file or scheduling the command through a Program document. Sends newsletters in weekly format. Using a Program document to schedule the mailing of weekly newsletters for all places is recommended. Weekly newsletters typically take longer to process then daily newsletters, especially if there are many members and places. Server performance can slow during processing. Therefore, schedule the newsletter -weekly command to run during non-business hours, for example Friday evenings or Saturdays. Note: Place members who sign up to receive weekly newsletters only receive them if you create a Program document in the Domino Directory with qptool newsletter -weekly -a and set a time and day for the server to collect and send weekly newsletters. -a -p place(s) Sends newsletters for all places. Sends newsletters for a place or a space-separated list of places. Sends newsletters for places specified in an XML input file located in the server program directory. Logs results to a specified XML output file. By default logs results to qptool.newsletter.xml in the program directory.
-weekly
-i inputfile
-o outputfile
20-4
Enter the following command the server console to lock or unlock a place:
load qptool lock[unlock] arguments
-message message
-i inputfile
-o outputfile
Unlock a place.
Archiving places
Use the qptool archive command to copy place directories and their contents to a specified archive directory. Use the archive command when you want to: v Back up active places by archiving them to a target directory without deleting them from the server. v Back up active places before moving them to another server. v Back up inactive places before removing them from the server. To archive places, enter the following command from the server console:
Managing places
20-5
-a -p place(s)
-i inputfilename
-o outputfilename
20-6
For example, suppose you used the following commands to archive placeone and remove it from the server data directory:
load qptool archive -p placeone -dir d:\archivedir load qptool remove -p placeone -now
To restore placeone, perform the following steps: 1. Copy d:\archivedir\placeone\ to the domino_data_root\LotusQuickr\ directory. 2. Enter the following commands at the server console::
load qptool unlock -p placeone load qptool register -p placeone -install
Renaming places
Use the qptool unregister and register commands to rename a place. Perform the following steps: 1. Enter the following commands from the server console:
load qptool unregister -p placename load qptool lock -p placename
where placename is the current name of the place to be renamed. 2. Enter the following command from the server console to release any open database handles to the place:
Dbcache flush
3. Through the file system, rename the places folder in the domino_data_root\LotusQuickr directory. 4. Enter the following commands from the server console:
load qptool unlock -p placename load qptool register -p placename -install
2. Enter the following command at the server console to unregister the place from the Place Catalog:
load qptool unregister -p placename
3. Use a file system command to copy the places directory and contents from the domino_data_root\ LotusQuickr directory on the original server to the same location on the target server. 4. Enter the following command to unlock the place on the target server:
load qptool unlock -p placename
5. Enter the following command on the target server to update place information in the place and in the Place Catalog:
load qptool register -p placename -install
6. Enter the following command to delete the place from the original server:
load qptool remove -p placename
Managing places
20-7
If the original and target servers use different user directories, and the external members of a place have different distinguished names in each directory, use the qptool changemember or changehierarchy command to change the names in the place so these users can continue to access it.
-cleanup
-p place(s)
-pt PlaceTypes
-i inputfilename
20-8
Argument -o outputfilename
Description XML output file that logs the results of the command. By default the command logs results to qptool.remove.xml in the server program directory.
Note: If you use Search Places on the server, do not use the -now argument to remove places. Instead use the remove command without the -now argument and mark the places for removal. After you mark the places for removal, run the Catalog and Domidx tasks on the Domain Catalog server. After the Domidx task has completed, use the remove command with the -cleanup argument to remove the places. Follow this removal procedure to ensure that information in documents from the deleted places is also removed from the search index. The following table provides examples of using the remove command.
Task Mark the place P1 for removal Mark all places on the server for removal Mark PlaceType PT1 for removal Mark places P1, P2, and P3 for removal Mark places for removal that are specified in the XML input file qptool.removeinput.xml Mark the place P1 for removal and log output to the non-default XML file qptool.removeoutput.xml Remove the place P1 immediately Remove all PlaceTypes on the server immediately. Note that you cannot use the -a argument to remove all PlaceTypes. Command >load qptool remove -p P1 >load qptool remove -a >load qptool remove -pt PT1 >load qptool remove -p P1 P2 P3 >load qptool remove -i qptool.removeinput.xml
>load qptool remove -p P1 -now >load qptool remove -pt PT1 PT2 PT3 PT4 PT5 -now
Completing the deletion of a place mistakenly deleted through the file system
If you mistakenly use a file system command to delete a place, rather than the qptool remove command or the Lotus Quickr user interface, the place still has a Place document in the Place Catalog and is still listed in My Places, although users cant access the place. To remove these references to the place, from Notes, delete the places document from the Place Catalog, and delete the places mail-in database entry from the Domino Directory.
Managing places
20-9
3. (Cluster environment only) Enter the following command at the server console to synchronize place statistics across place documents:
load qptool placecatalog -update
20-10
Table 20-8. qptool report arguments for reporting on places (continued) Argument -p place(s) Description Generates a report for a specified place or a space-separated list of places. XML output file that logs the results of the command. By default the command logs results to qptool.report.xml in the server program directory.
-o outputfilename
>load qptool report -q [PlaceLastAccessed]<5/30/2006 >load qptool report -q [PlaceLastModified]>5/30/2006 >load qptool report -a -o qptool.myout.xml
20-11
Table 20-10. Arguments for the qptool register and unregister commands for places (continued) Argument -placecatalog Description Registers/unregisters specified place(s) in the Place Catalog. Installs and resets server-specific information for places that have been: v Moved to this server from another server v Renamed on this server v Restored from archive . Note: Before you run qptool register -install -a, run qptool remove -cleanup to avoid creating partial entries in the Place Catalog associated with places marked for removal. -a -p place(s) Registers/unregisters all places. Specifies a place or a space-separated list of places to register/unregister. XML input file located in the server program directory that specifies the places to register/unregister. XML output file that logs the results of the command. By default the command logs results to qptool.register.xml or qptool.unregister.xml in the server program directory.
-install
-i inputfilename
-o outputfilename
Table 20-10 on page 20-11 provides examples of using the qptool register and unregister command for places.
Table 20-11. Examples of registering and unregistering places Task Register a place that has been moved from another server, renamed on the current server, or restored from archive Unregister a place Register a place in the Place Catalog only Register multiple places that have been moved from another server Unregister multiple places Command >load qptool register -p placename -install
>load qptool unregister -p placename >load qptool register -p placename -placecatalog >load qptool register -p place1 place2 place3 -install
Register all places on the server in the Place Catalog after >load qptool register -a -placecatalog upgrading to the current release and enabling the Place Catalog Unregister all places on the server (that is, remove from place catalog) >load qptool unregister -a
20-12
Table 20-11. Examples of registering and unregistering places (continued) Task Register places specified in an input file Unregister places specified in an input file Register a place and log results in a non-default output file Unregister a place and log results in a non-default output file Command >load qptool register -i qptool.myinput.xml >load qptool unregister -i qptool.myinput.xml >load qptool register -p placename -o qptool.myout.xml
Managing places
20-13
20-14
Refreshes
The qptool refresh command refreshes places and PlaceTypes. By default, the command runs daily at 4 AM to refresh all child places on the server, but not PlaceTypes. You can run qptool refresh from the server console or through the Working with Templates link.
Copyright IBM Corp. 2007
21-1
Place membership
If the place manager allows it, membership of a place can be passed to a PlaceType when the PlaceType is created. That membership is then passed to new places created from the PlaceType. For example, if Annie is a member of Sales with Author access, she can automatically become an Author in Sales PlaceType created from it, and in West Coast Sales created from Sales PlaceType Changes to members and membership are not inherited during a refresh, however. For example, if the manager of Sales changes Annies access to Reader, Annie still has Author access to Sales PlaceType and West Coast Sales after they are refreshed. CAUTION: When a new room is inherited, membership to the room is not inherited, but instead is determined by the rooms parent room in the place. For example, to continue the preceding example, assume that the manager of Sales adds a new room called Finances and gives only herself access to read sensitive information in it. When Sales PlaceType and then West Coast Sales are refreshed, West Coast Sales inherits the room Finances but all West Coast Sales members with Reader access or above to Sales can read Finances unless the West Coast Sales manager restricts the access.
Levels of refresh
There are two levels of refresh available for a place: basic refresh (the default level) or replace. With basic refresh, elements originating from a PlaceType but modified directly in a place are not affected by the refresh. For example, basic refresh does not affect changes a place manager makes to the Welcome page. A replace occurs only when you use qptool refresh command with the -r argument. Use replace with extreme caution because it causes all elements in a place that originated from a PlaceType to be updated, even elements modified directly in the place. Neither basic refresh nor replace modifies elements that were created directly in a place rather than originating from a PlaceType. Because changes to a PlaceType are never made directly in a PlaceType but instead can occur only through a refresh, it makes no difference which level of refresh you use to refresh PlaceTypes.
21-2
Table 21-1. The effect of basic refresh when elements have changed in a PlaceType (continued) Refresh effect on element in place if element not changed in place Updated Updated Updated Updated Updated Updated Updated No change No change Refresh effect on element in place if element changed in place No change No change No change No change No change No change No change No change No change Refresh effect on element in place if element deleted in place No change No change No change No change No change No change No change No change No change
Element modified in PlaceType Room Form Field Theme PlaceBot Room Setting Aesthetic Settings Member Local group
Table 21-2 describes the effect of a basic place refresh when elements have been deleted in its PlaceType.
Table 21-2. The effect of basic refresh when elements have been deleted in a PlaceType Refresh effect on element in place if element not changed in place Deleted Deleted* Deleted** Deleted Deleted Deleted Deleted N/A N/A No change No change Refresh effect on element in place if element changed in place No change No change No change No change No change No change No change N/A N/A No change No change Refresh effect on element in place if element deleted in place No change No change No change No change No change No change No change N/A N/A No change No change
Element deleted in PlaceType Page Folder Room Form Field Theme PlaceBot Room Setting Aesthetic Settings Member Local group
21-3
*Folders that contain pages originating from a PlaceType but modified directly in the place, or that contain pages created in the place rather than originating from a PlaceType, are not deleted. **Rooms that contain elements originating from a PlaceType but modified directly in the place, or that contain elements created in the place rather than originating from a PlaceType, are not deleted. A task page in a place derived from a PlaceType lists [h_Managers] as editor Note: In a place that is derived from a PlaceType, all task pages display [h_Managers] in Who can edit this task. Since membership is not refreshed, members removed from the place will not be added back during refresh. The [h_Managers] entry ensures that managers of the place can edit the page if all other editors are removed from the place.
Element not changed in PlaceType Page Folder Room Form Field Theme PlaceBot Room Setting Aesthetic Settings Member Local group
Table 21-4 on page 21-5 describes the effects of a place replace when elements have been modified in its PlaceType.
21-4
Table 21-4. Effect of replace when PlaceType elements are modified Replace effect on element in place if element not changed in place Updated Updated Updated Updated Updated Updated Updated Updated Updated No change No change Replace effect on element in place if element changed in place Replaced Replaced Replaced Replaced Replaced Replaced Replaced Replaced Replaced No change No change Replace effect on element in place if element deleted in place Copied back Copied back Copied back Copied back Copied back Copied back Copied back Copied back Copied back No change No change
Element modified in PlaceType Page Folder Room Form Field Theme PlaceBot Room Setting Aesthetic Settings Member Local group
Table 21-5 describes what happens as the result of a replace of a place when elements have been deleted in its PlaceType.
Table 21-5. Effect of replace when PlaceType elements are deleted Replace effect on element in place if element not changed in place Deleted Deleted* Deleted** Deleted Deleted Deleted Deleted N/A N/A Replace effect on element in place if element changed in place Deleted Deleted* Deleted** Deleted Deleted Deleted Deleted N/A N/A Replace effect on element in place if element deleted in place No change No change No change No change No change No change No change N/A N/A
Managing templates (PlaceTypes)
Element deleted in PlaceType Page Folder Room Form Field Theme PlaceBot Room Setting Aesthetic Settings
21-5
Table 21-5. Effect of replace when PlaceType elements are deleted (continued) Replace effect on element in place if element not changed in place No change No change Replace effect on element in place if element changed in place No change No change Replace effect on element in place if element deleted in place No change No change
*Folders that contain pages created directly in the place rather than originating from the PlaceType are not deleted. **Rooms that contain any element created directly in the place rather than originating in the PlaceType are not deleted.
-p place(s)
-pt placetype(s)
-d placetypes(s)
21-6
Table 21-6. Arguments for the qptool refresh command (continued) Argument -i Description XML input file located in the server program directory that specifies places and/or PlaceTypes to be refreshed. XML output file that logs the results of the command. By default the command logs results to qptool.refresh.xml in the server program directory.
-o
Replace the elements of child place P1 with the design of >load qptool refresh -p P1 -r its parent PlaceType and delete any design changes made directly to P1
21-7
Step 5 starts qptool refresh in the background. If qptool refresh is already running when you click Next, the PlaceType is not refreshed since only one instance of the command can run at a time. Check the server console to determine whether a PlaceType has been refreshed.
Deleting PlaceTypes
You can delete a PlaceType that you no longer need. Note: You cannot delete the default PlaceType. Perform the following steps: 1. Log in to the server as an administrator. 2. Click Work with Templates. 3. In the list of PlaceTypes, click the one you want to delete. 4. Click Delete.
21-8
5. In a server cluster, perform the following steps on each additional server in the cluster to remove the PlaceType from the Work with Templates link. This step is necessary because changes made through this link do not replicate in a cluster. a. Log in to the server as an administrator. b. Click Work with Templates. c. Click Refresh List. When you follow the steps above or when you use the qptool remove command without the -now argument to mark a PlaceType for deletion on the current server, it is no longer available to users. However, the file and directory are not actually deleted until the qptool remove -cleanup command runs on the server, by default, at 2 AM. You can remove the PlaceType immediately by using the qptool remove -now command.
21-9
21-10
Maintaining servers
You can perform a variety of server maintenance tasks.
2. The Work with Domino Servers display lists all the Domino servers configured on your system. The Domino Status column indicates the status of the Lotus Quickr server:
Table 22-1. Meaning of wrkdomsvr status Status *ENDED *ENDING *STARTED *STARTING *UNKNOWN Meaning All server tasks have ended. The server is not active. The primary server tasks are ending. The server is running. The primary server tasks are starting. The system cannot determine the status of the server.
22-1
Note: To confirm that all components have started, type a 5 in the Opt column to display the Domino console. On the Display Domino Console display, look for the message, Lotus Quickr Server started which indicates that all Lotus Quickr components have started. You may need to press F5 periodically to refresh the screen.
22-2
Table 22-2. Arguments for the qptool placecatalog command (continued) Argument -reset Description Resets the following place statistics to 0 so you can measure them for a specific time period: v LoginCounts v DocReadCounts v PostingCounts -update Within a cluster, a places Place document for the master server might contain different statistics than place documents for the other servers. Use the placecatalog command with the -update argument on the Place Catalog server to synchronize a places statistics across all Place documents. Use placecatalog -update, for example, before using the report command in a cluster environment to ensure that the report contains up-to-date statistics. Applies the command to all places on the server. Applies the command to a specified place or space-separated list of places. Applies the command to places specified in an XML input file located in the server program directory. Logs results to a specified XML output file. By default logs results to qptool.placecatalog.xml.
-a -p place(s)
-i inputfile
-o outputfile
Maintaining servers
22-3
Table 22-3. qptool arguments for reporting on servers (continued) Argument -o outputfilename Description XML output file that logs the results of the command. By default the command logs results to qptool.report.xml in the server program directory.
-o outputfilename
Table 22-5 provides examples of using the qptool register and unregister commands for servers.
Table 22-5. Examples of using the qptool register and unregister commands for servers Task Register a server with the Place Catalog Unregister a server with the Place Catalog Command >load qptool register -server >load qptool unregister -server
22-4
If the Place Catalog server stops, users cannot create new places, but they can continue to work with existing places. While the users work with these existing places, the following fields in the Place Catalog change automatically because of the user activity: v PlaceSize v PlaceLastAccessed v PlaceLastModified v PlaceReaders v Place Authors v PlaceManagers When the Place Catalog server starts again, perform the following steps: 1. To update PlaceSize, PlaceLastAccessed, and PlaceLastModified statistics, enter the following command at the server console command from each server:
load qptool placecatalog -push -a
2. To account for any place membership changes made during the server downtime, enter the following commands at the server console command from each server with a place membership change:
load qptool unregister -placecatalog -p place load qptool register -placecatalog -p place
Maintaining servers
22-5
To extract the names of users from log files on AIX and Solaris
There are many tools available to extract the names of users from the log files and to exclude irrelevant information. One of the simpler methods available is using native operating system commands. Following are some examples of using the tr, grep, and sort commands on a UNIX system to extract user names from log files.
The following Korn shell commands process all the log files generated by one server in the month of May to produce the unique user list.
for %f in (access05*.log) do tr "[:lower:]" "[:upper:]" < %f | grep " CN=" | sort -u -k 3,3 >> tempname.log for f in `ls -1 access05*log` do tr "[:lower:]" "[:upper:]" < %f | grep " CN=" | sort -u -k 3,3 >> tempname.log done sort -u -k 3,3 tempname.log > uniquename.log
On server Y run:
for %f in (access*.log) do tr "[:lower:]" "[:upper:]" < %f | grep " CN=" | sort -u -k 3,3 >> Y_tempname.log for f in `access*.log`
22-6
do tr "[:lower:]" "[:upper:]" < %f | grep " CN=" | sort -u -k 3,3 >> Y_tempname.log done sort -u -k 3,3 Y_tempname.log > n:log\tempname.log
Then use the following command to sort and generate the final list of names:
sort -u -k 3,3 < n:\log\tempname.log > uniquename.log
If there are many servers and log files to process, you can automate the steps by programming them in a cmd file (Microsoft Windows) or a script file (UNIX).
On server Y run:
for %f in (access*.log) do tr "[:lower:]" "[:upper:]" < %f | grep " CN=" | sort -u -k 3,3 >> Y_tempname.log tr "[:lower:]" "[:upper:]" < %f | grep " CN=" | sort -u -k 3,3 >> Y_tempname.log
Maintaining servers
22-7
Then use the following command to sort and generate the final list of names:
sort -u -k 3,3 n:\log\tempname.log > uniquename.log
22-8
Maintaining a cluster
You can perform a variety of cluster maintenance tasks.
-t targetserver
-a
-p place(s)
-pt placetype(s)
Note: You cannot use XML input and output files with this command. To ensure that replica stubs of new places, rooms and PlaceTypes are created quickly and that replication then populates the places, rooms, and PlaceTypes quickly, do the following: v Create Program documents in the Domino Directory that runs the qptool replicamaker command with the -a argument between the servers in a cluster every 10 minutes. If there are more than two servers in the cluster, you must use more than one Program document to run the qptool replicamaker command to ensure that replica stubs are created on all servers in the cluster.
23-1
v Schedule non-cluster replication between all servers in the cluster to occur at least every 20 minutes, to compensate for any lags in cluster replication. For more information on Program documents and on scheduling replication, see Domino Administrator Help. Note: To configure qptool replicamaker to run in verbose mode, so that all activity and errors are logged to the server console to help identify any problems as they arise, use the notes.ini setting QuickPlaceStubMakerLogging=3. To create replica stubs manually, enter the following command at the server console:
load qptool replicamaker arguments
For all new places, rooms, and PlaceTypes created on the Either of the following: local server, create replica stubs on Server2Acme. And >load qptool replicamaker -t Server2/Acme -a for all new places, rooms, and PlaceTypes on Server2/Acme, create replicate stubs on the local server. >load qptool replicamaker -s Server2/Acme -a
4. Enter the following command at the server console to create replica stubs for places in the cluster on the new server:
load qptool replicamaker -s remote_server_name -a
where remote_server_name is the hierarchical name of a server in the cluster, for example, Server2/Acme. 5. Wait for the replicamaker command to finish running successfully. This step may take several minutes. 6. Enter the following command at the server console of the new server to use the Domino Replicator to replicate the data and initialize the replica stubs:
23-2
replicate remote_server_name
where remote_server_name is the hierarchical name of the remote server specified previously, for example, Server2/Acme. 7. Wait for the Domino Replicator to finish. This step may take several hours, depending on the amount of data. 8. Enter the following command at the server console of the new server to start the HTTP task:
load http
9. Optional: Enter the following command at the server console of the new server to create search indexes on the newly replicated places. Creating the indexes can take several hours, and can be done while the server is running. Or, wait for the updall task to run automatically at 2 AM.
load updall
where remote_server_name is the hierarchical name of another server in the cluster, for example, Server2/Acme. 3. Wait for the replicamaker command to finish running successfully. 4. Enter the following command at the server console to use the Domino Replicator to replicate the data and initialize the replica stubs:
replicate remote_server_name
where remote_server_name is the hierarchical name of the remote server specified previously, for example, Server2/Acme. 5. Wait for the Domino Replicator to finish. 6. Enter the following command at the server console:
dbcache flush
7. Enter the following command at the server console to remove any places that have been marked for deletion:
load qptool remove -cleanup
Maintaining a cluster
23-3
23-4
Place architecture
Before you customize a place, you should have a basic understanding of place architecture. Although IBM Lotus Quickr has its own metaphors and object model independent of IBM Lotus Domino, places are implemented using core Lotus Domino technology and data structures. A place is created using Lotus Notes templates to structure data, and databases to store the data. Information in a place is stored in data notes -- the basic unit of information in an IBM Lotus Notes database. The structure of a place is further defined with objects such as rooms, folders, and pages that correspond to Lotus Domino objects. Because the place objects are based on Lotus Domino objects, you can use the Lotus Notes client and Domino Designer to view, customize, and create new objects in a place. Lotus Quickr also uses a subset of the Lotus Domino and Lotus Notes security and authentication model to manage access to a place. It is helpful if you are familiar with the Lotus Notes security model, in particular with basic access control list (ACL) settings, and the use of Reader and Author fields. For up-to-date information on Lotus Notes application security, see the latest Domino Designer Help at http://www.ibm.com/developerworks/lotus/documentation/dominodesigner/.
24-1
Table 24-1. Databases that make up places (continued) Database Room database Description Sructures the contents of a particular room in a place. The default room PlaceType is PageLibrary.ntf, which provides indexing infrastructure for maintaining the pages in a room. This PlaceType also provides security and authentication features so that access to a room can be limited to a subset of team members. The database created from the PageLibrary PlaceType is assigned a unique name by the system to allow for multiple rooms within a place.
When administrators log in to the server and use the Site Administration link, they are actually using a place to administer and secure the server. The administrators place is created from the templates CreateHaiku.ntf and Admin.ntf.
PlaceType
A collection of database (.nsf) or Notes template (.ntf) files derived from a parent place.
Room
RoomType
Folder
Page
Member
24-2
Table 24-2. Relationship between Lotus Quickr and Lotus Domino objects (continued) Lotus Quickr Object Form Lotus Domino Object Data note of type h_Form Description Manages the display of data notes. A form can contain fields for containing data and employ scripts to process and compute data. Allow for user input of data into data notes.
Field
domino_data_root\LotusQuickr\place
Place architecture
24-3
24-4
Customizing and creating objects with Lotus Notes and Domino Designer
Because IBM Lotus Quickr objects are based on Lotus Domino objects, you can use the Lotus Notes client and Lotus Domino Designer to view, customize, and create new objects in a place. All the data for objects in a place are contained in database notes. To view a places objects, change an existing object, or create a new object, you can open the place in a Lotus Notes client and customize the notes. Note: The Lotus Quickr data schema is subject to change in future versions of Lotus Quickr. Applications written to this data schema may need to be modified in order to work with future versions of the product.
25-1
25-2
Save changes?";
function qpPreHook( args ) { if( args == "abPreSubmit") { alert("prehook called " + g_PreHookFuncStackCalls + "times from these functions:\n" + g_PreHookFuncStack); g_PreHookFuncStack = ""; g_PreHookFuncStackCalls=0; } else { g_PreHookFuncStack += args + " "; g_PreHookFuncStackCalls++; } } var g_PostHookFuncStack=""; var g_PostHookFuncStackCalls = 0; function qpPostHook( args ) { if( args == "abPreSubmit") { alert("posthook called " + g_PostHookFuncStackCalls + "times from these functions:\n" + g_PostHookFuncStack); g_PostHookFuncStack = ""; g_PostHookFuncStackCalls=0; } else { g_PostHookFuncStack += args + " "; g_PostHookFuncStackCalls++;
Copyright IBM Corp. 2007
26-1
} } </script> <form name="f1"> Name: <input name="title"> Color: <input name="color"> attachment: <quickplacecontrol type="attachment"> </form> </body> </html>
Related concepts Whats new? on page 4-11 Read about the new features in this release.
26-2
Setting up the server for Java API access (Windows, AIX, Solaris)
If you run IBM Lotus Quickr on Microsoft Windows, IBM AIX, or Sun Solaris, install the Java Development Kit (JDK) and then modify environment variables. Perform the following steps on the server: 1. Install the Java 2 Platform, Standard Edition (J2SE) Development Kit (JDK), version 1.4.2, available on the Web. 2. Add the directory path and file name for the following files to your CLASSPATH environment variable. All of these files are installed with the Lotus Quickr server. v log4j-118compat.jar v quickplace.jar 3. Add the following directory paths to your PATH environment variable: v Domino server program directory (for example, C: \Lotus\Domino) v Java JDK bin directory
27-1
2. Set the PATH environment variable by entering the following command and pressing Enter:
addenvvar envvar(PATH) value(/qibm/proddata/java400/jdk14/bin:/qibm/proddata/lotus/domino702: /qibm/userdata/lotus/domino702:/qibm/proddata/lotus/notes:/qibm/userdata/lotus/notes:/notes/data)
where /notes/data is the actual path for your servers data directory. Note: When using the multi-version capable releases of Domino, the Domino-related directories change with each release. For example, in the directory above, domino702, changes to domino703 with the 7.0.3 release of Domino. Because of this behavior, it is important to avoid hard coding this directory PATH in your applications. For more information about the implications of using multi-version capable releases of Domino, go to http://www.ibm.com/eserver/iseries/domino/mv Note: If you receive an error message stating that the environment variable ServerName is missing, it may be because the command did not include the correct data directory. Verify the data directory path and enter the command again. 3. Set the current directory to the server data directory by typing the following command and pressing Enter:
chgcurdir dir(/notes/data)
where /notes/data is the actual path for your servers data directory. 4. Run the job under the QNOTES user profile, using one of the following procedures: v Inside your application, swap to the QNOTES profile by using the following system APIs: QSYGETPH - get profile handle QWTSETP - set profile v Use the Submit Job command (SBMJOB) to submit the job to run under QNOTES. Current library field is set to *CURRENT Copy environment variables field is set to *YES Allow multiple threads field is set to *YES
v From the Lotus Domino server console, enter the following command:
load java com.lotus.quickplace.api.QPAPI arguments
27-2
-session searchfile.xml
The command is processed by the Lotus Quickr processor, and the QPAPI.process() method is invoked to process the XML. The Java runtime environment you installed is responsible for executing the QPAPI class.
27-3
// call this entry point to process using a user session (only used when doing search places) // all other actions ignore the session. QPAPI.process( sessionXML, root); // this is called once for the process at shutdown QPAPI.term(); } }
QPAPI.process()
Whether or not you are creating a Java program, the entry point you use to execute your XML is: QPAPI.process() The QPAPI.process() method is responsible for parsing and processing your XML document and executing the supported Lotus Quickr Java API actions it encounters. The QPAPI.process() method can be called from multiple threads, simultaneously. The QPAPI.process() method modifies the input XML DOM tree by modifying, adding, and deleting the necessary nodes. There are several variations of the QPAPI.process() method that you can use:
27-4
-o outputfile
XML details
The XML you use to access the IBM Lotus Quickr API consists of elements that represent Lotus Quickr objects, such as a service, servers, places, people, and groups. The XML for each Lotus Quickr object has an action attribute associated with it. This action attribute represents the API to be invoked.
27-5
The processor travels down the leftmost branch of the tree, reading each node along the way. If a node contains an action, the processor performs the action, then continues. When it reaches the end of a branch, the processor returns back up the branch to the last node where there was a split and moves down the untravelled branch. As long as an action is successfully completed, the processor continues on its course. However, if there is an error and the action cannot be completed, the processor stops, backs up to the next sibling node, and continues down the branch. When the processor has read the entire file, it outputs XML (either in stdout or in another text file) with the results. The output XML is an edited version of the input XML. If an action was completed successfully, the processor removes the action attribute from the XML. The action attributes are removed when successful so that the problems in the output XML can be fixed and the XML used again. If the action caused an error and was unsuccessful, the action attribute is not removed from the XML. Instead, a <status> and a <message> element are added. The status element contains a number value related to the type of error. The message element contains a text string describing the error. The text string is pulled from the server, and is always in the servers language. Note: All XML must be well-formed, and must start with at least <?xml version=1.0?> as a processing instruction.
27-6
After the remove action is invoked and the action successfully performed, the following XML is returned as output:
<?xml version="1.0"?> <service> <servers> <server local="true"> <places> <place> <name>MyPlace</name> <action_result action="remove"> <status>0</status> </action_result> </place> </places> </server> </servers> </service>
Related information XML nodes and node actions on page 42-1 You can specify actions for the following XML IBM Lotus Quickr objects when using XML to access the Lotus Quickr Java API: service, server, place, placetype, person, group, and member. Each object is represented by an XML node.
27-7
27-8
Creating PlaceTypes
If a manager of a place has allowed a place to be used as a PlaceType, create the PlaceType on the server to make it available for creating new places. Note the following points: v You can only create a PlaceType from a place that is less than 1 GB in size. v You cannot create a PlaceType from a place that uses expanded membership. To create a PlaceType, perform the following steps: 1. Log in to the server as an administrator. 2. Click Work with Templates. 3. Click Create PlaceType. 4. Type a name for the PlaceType. The name you type appears in the list of PlaceTypes available to users for creating places. 5. Select the name of a place from which to create a PlaceType. 6. Click Next. 7. Perform the following steps to provide a description, image, or URL link to a Web page containing more information: a. Click the PlaceType. b. Click Edit. c. Select one of the following options: v To refresh the PlaceType and edit the PlaceType information, select Yes, copy changes and update the information below. v To edit the PlaceType information without refreshing the PlaceType, select No, simply update the information below. d. Optional: Type or edit a description to display next to the PlaceType in the list of PlaceTypes. e. Optional: Select an image file that contains a thumbnail sketch of a page in the PlaceType. The image file must be a GIF or JPG file, and the image itself should be no larger than 100 pixels by 80 pixels. The thumbnail sketch appears next to the PlaceType name in the list. f. Optional: Below Optionally, you can provide a URL for users to visit for more information, specify a URL to a Web page containing more information. The PlaceType will display a More info link. 8. Click Next.
PlaceTypes
As you set up a place to meet the needs of your team or organization, you may want to preserve your customizations for use in other places. You can accomplish this by creating a PlaceType from it, a template from which users can create places. For example, if a manager has created a theme that gives a particular place the look and feel of your corporate Web site, you may want to make that design available for the creation of other places in your organization. When a PlaceType design changes, you can refresh the places created from it (child places) so they includes the changes.
28-1
Creating a PlaceType and making it available to users is a two-step process. First, a user with Manager access to a place customizes a place, allows it to be a PlaceType, and specifies which design elements will be preserved in the PlaceType. For information on completing these steps, see the Help. Second, a server administrator creates the PlaceType on the server so it is available to users, as described here.
6. Click Next.
28-2
Creating a PlaceBot
To create a PlaceBot, name the PlaceBot, specify when it should run, and import the files for the PlaceBot. The files can be either Java or LotusScript files. Perform the following steps: 1. Log in to a place in which to create the PlaceBot, and click Customize PlaceBots. 2. Click New PlaceBot. 3. Type a title for your PlaceBot. 4. Optional: Enter a description of what the PlaceBot does. 5. Perform one of the following actions to specify when the PlaceBot should run: v To run the PlaceBot when any page created from a particular form is published, select When a form is submitted, and then select a form. v To run the PlaceBot at a scheduled time, click Set Schedule, complete the fields in the page as desired, and click Next. 6. Import the Java (.java, .class, .jar, or .zip) or LotusScript (.lss) file or files for the PlaceBot. 7. Click Done. You can run a PlaceBot manually after you have created it by clicking Customize PlaceBots Run PlaceBot.
29-1
Java PlaceBot files can be of the following types: v .java files containing Java source code. These files are compiled on the Lotus Quickr server when the PlaceBot is submitted through the browser. v .class files are Java object files produced by compiling the .java files. Since these are already compiled, the files do not need to be compiled when they are submitted to the server. To compile your .java source agent files into .class files on your local system, you will need a copy of the Notes.jar files locally. Notes.jar is included with each Lotus Quickr server installation. If you do not have access to this file, ask your server administrator to make it available to you. v .jar files are zipped, or compressed, collections of files. The .jar file generally contains one or more .class files and any other files (for example, graphic files) the PlaceBot requires. A PlaceBot extends the AgentBase class, which extends the NotesThread class. The class that contains the PlaceBot code must be public. The entry point to the functional code must be public void NotesMain(). For more information on Java and Lotus Domino, refer to the Java information in the latest Domino Designer Help, available at http://www.ibm.com/developerworks/lotus/documentation/ dominodesigner/
Example
Add the following Java code to a PlaceBot. The PlaceBot writes the name of each document it processes to the log.
import lotus.domino.*; import java.util.*; public class LogTitles extends AgentBase{ public void NotesMain(){ try{ Session s = this.getSession(); AgentContext ctx = s.getAgentContext(); Database db = ctx.getCurrentDatabase(); // Prepare the agent log Log log = s.createLog("Log"); log.openAgentLog(); log.setLogActions(true); // Get all the unprocessed documents DocumentCollection dc = ctx.getUnprocessedDocuments(); if (dc.getCount() == 0) { return; } // Loop thru the documents and print the title of each document. Document doc = dc.getFirstDocument(); log.logAction("Count of documents = " + dc.getCount()); while (doc != null) { log.logAction(doc.getItemValueString("h_Name")); doc = dc.getNextDocument(); } // Mark all the documents as processed. dc.updateAll(); } catch (Exception e) { e.printStackTrace(); } } }
29-2
Example
Add the following LotusScript to a PlaceBot. The PlaceBot selects the current document and changes the subject line. This example would work best as a form agent.
Sub Initialize This agent gets the document context and changes its subject. Dim session As New NotesSession Dim doc As NotesDocument Dim subj As Variant Dim item As NotesItem Get the page being published Set doc = session.DocumentContext Get the subject subj = doc.GetItemValue( "h_Name" ) Append a prefix string before the subject Note: GetItemValue always returns an array even if there is only a single value Set item = doc.ReplaceItemValue( "h_Name","Form Agent Modified: " + subj(0)) Save the page Call doc.Save(True, False) End Sub
Managing PlaceBots
You can copy, edit, and delete PlaceBots, and display log information about PlaceBots. Perform the following steps: 1. Log in to the place that contains the PlaceBot and click Customize PlaceBots. 2. Click the PlaceBot to edit it, or click any of the following options::
Option Copy PlaceBot Description Copies the PlaceBot to a room you specify. If you are copying a form PlaceBot to a new room, you must associate the PlaceBot with a form in the room. This is not done automatically as part of the copy and paste procedure.
29-3
Description Deletes the PlaceBot. Runs the PlaceBot manually Opens the PlaceBot log. The log displays information from the last time the PlaceBot ran and any log statements you may have included in your PlaceBot code. Signs the PlaceBot using the current users name.
Sign PlaceBot
Debugging a PlaceBot
As you define and test a PlaceBot, you may need to make some adjustments to make the PlaceBot run successfully. The following are some debugging tips for problems you might encounter.
LotusScript PlaceBots
When you run a LotusScript PlaceBot, the IBM Lotus Quickr server compiles the code before executing it. Thus, the first error you might encounter would be a LotusScript compilation error or warning. The errors and warnings can be difficult to understand. For detailed information, refer to Domino Designer Help. If you get a compilation error, you can click Try Again to reimport the agent file after the compilation error(s) have been fixed.
Java PlaceBots
If you import Java source files (.java), you may get compilation errors when the PlaceBot is submitted to the Lotus Quickr server. For details on Java error messages, refer to the Java documentation. If you get a compilation error, you can click the Back button of your browser to return to your place.
29-4
29-5
29-6
Theme layouts
Each theme is composed of a group of layouts that define the appearance of specific place components. For example, the layout of a page differs from the layout of a folder. But they will probably share some style elements as part of a common theme. A theme is composed of layouts and a style sheet, as described in Table 30-1.
Table 30-1. Theme layouts Layout Page File Type .htm Purpose Defines the appearance of a page being read Defines the appearance of a page being edited Defines the appearance of a List or Response folder Defines the appearance of a Headlines folder
Edit
.htm
List Folder
.htm
Headlines Folder
.htm
30-1
Table 30-1. Theme layouts (continued) Layout Slideshow Folder File Type .htm Purpose Defines the appearance of a Slideshow folder Defines styles such as fonts and colors for all layouts
Stylesheet
.css
Note: In most cases, you can use a single theme to customize the look of a page, list folder, and slideshow folder. Tip: You can perform the following steps to see the stylesheet selectors used in any active page: 1. Right-click in the page for which you want to see the Style Sheet and choose View Source. 2. Search in the HTML source for the first occurrence of <LINK, which will locate the link tag of the prevailing stylesheet 3. Select and copy the relative URL of the stylesheet (the text inside quotes following href= inside the link tag). 4. Construct the absolute URL by prefixing the relative URL with the server domain name. 5. Enter the resulting URL into the browser address/location bar to view the stylesheet.
Customizable components
Table 30-2 lists the components you can customize for each layout. Components marked with an x are ones used in the layouts for the default theme, Quickr.
Table 30-2. Customizable components in layouts Component Name Actions AdvancedSearch x x Note 3 x x x x x x x x x x x
Page
List Folder
x x x
x x x
x x x
x x
30-2
Page
List Folder x x
x x x x x x x x x x x x x x x x x x x x x x Note 2 x x x x Note 2 x x x x x x x
Logo MyPlaces MyStatus Navigation Notify Offline Page content PageCreatedBy PageCreatedOn PageDescription PageStatus PageTitle PageUpdatedOn PageUpdatedBy Path PlaceName PeopleOnLine Print PriorityActions
x x x
x Note 1
x x x
x x x
x x x
x x x x
Creating custom place themes
QuickSearch
30-3
Table 30-2. Customizable components in layouts (continued) Component Name Revision Role RoomActions
Page x
x x
x x
Search SceneActions x x x x
Notes v Although you can include the PageTitle component in a Headlines folder, you might want to omit this component and display the page title prominently instead. v Do not use the Navigation and Jump components in the Headlines Folder layout because the Headlines Folder is designed to provide a headlines style of navigation in place of the previous and next navigation used in other folder types. v If you use the Jump component in the Page layout or the AuthorAndModified or Revision components in the List Folder layout, these components will all be displayed as empty, using the HTML parameter emptyFormat. You can import a JPEG or GIF graphic file to represent a theme in the Custom Theme Gallery.
30-4
selectedFormat=<format html> (optional) emptyFormat=<html> (optional) delimiter=<html> (optional) prefixHTML=<html> (optional) postfixHTML=<html>(optional) replaceString=<STRING_1=REPLACEMENT_1 && ... && ... (optional) > Table 30-3 describes the attributes for the <QuickPlaceSkinComponent> tag.
Table 30-3. Attributes for the <QuickPlaceSkinComponent> tag Attribute name Description Required. Specifies the name of the theme component you are modifying. Refer to the list of supportd component names In the earlier topic Customizable components. The format HTML. The keyword is replaced for each relevant entry Same as format but it applies to the selected value. For example, the format of the selected TOC entry or the selected headlines folder entry. What is returned when there are no values to iterate. The HTML placed between each of the items in a list of values. The HTML placed in front of each of the values in a list. The HTML placed at the end of each of the values in a list. Finds and replaces one or more strings with replacement strings.
format
selectedFormat
emptyFormat delimiter
prefixHTML postfixHTML
replaceString
30-5
class
Attribute types
The attribute describing the HTML link can take one of the following forms: v anchor returns all of the HTML that describes the iterating value, including the URL, and associated text. For example, anchor.href returns the URL for the value. For example, www.lotus.com v anchor.text returns text associated with the value, for example lotus. v anchor.selected returns true if the value is selected, false if it is not.
Usage
Use the tag to select a value in a list. The attribute for the value identifies all or part of the HTML link that describes a particular value in a list. Use the class attribute to add styles defined as a class in an associated style sheet.
30-6
You can use the files of existing themes as a starting point for a new theme. These files are located on the Domino server, so to use them you must have access to the server file system, or must request an administrator to provide copies.
Table 30-5. File system location of existing themes Theme name in Lotus Quickr interface Quickr Quickr (with classic navigation) QuickPlace Classic Location domino_data_root\domino\html\qphtml\skins\quickr8 domino_data_root\domino\html\qphtml\skins\r8geneva domino_data_root\domino\html\qphtml\skins\ r651expandable
You can use the Generate option to generate theme files based on files you have already supplied. This feature is a shortcut for applying a common look and feel to multiple layouts. For example, suppose you are creating a place called Haiku. You might start by creating the look and layout you want for a page being read. You can then use this file to generate files for the other layouts. You might have only minor modifications to make to the layout for a page being edited, with possibly more extensive modifications for the various folder styles. This feature also lets you develop a custom theme in stages, replacing generated layouts with custom files as the theme progresses. To create a new theme, perform the following steps: 1. Log in to the place to customize. 2. Click Customize Custom Themes Create a Custom Theme. 3. Type a title for the theme. 4. Optional: Type a description for the theme to appear next to it in the Theme Gallery. 5. In the Styles and Basic Layout section, add the following files: v A Style Sheet (.css) file to define the places visual style (fonts, colors, etc.) for all layouts. v A Page Layout (.htm) file to define the layout of pages while they are being read. v An Edit Layout (.htm) file to define the layout of pages while they are being edited. Click Browse to find an existing file on your computer, or click Generate to have IBM Lotus Quickr generate the file based on the other files that you supply. Optional: In the Folder Layouts section, add the following files: v A List Folder Layout (.htm) file to define the layout of list and discussion folders. v A Headlines Folder Layout (.htm) file to define the layout of headlines folders. v A Slideshow Folder Layout (.htm) file to define the layout of slideshow folders. Click Browse to find an existing file on your computer, or click Generate to have IBM Lotus Quickr generate the file based on the other files that you supply. Add an image representing the theme. Click Browse to find an existing file on your computer. The image appears next to the themes entry in the Theme Gallery. Click Next.
6. 7.
8. 9. 10.
If you used the Generate option, edit the generated files as needed, refresh your browser to update the files with your edits, and then click Next.
30-7
3. Select the custom theme, make the desired changes, and click Next.
30-8
31-1
31-2
32-1
32-2
Troubleshooting connectors
You receive the error The path specified is too long when using connectors to add a document to a place
If you see this error when attempting to use a connector to add a new document to a place, the file name you specified for the document is too long. Specify a file name that is 181 characters or less.
33-1
33-2
34-1
34-2
You cannot use automatic lookup to add new members if more than one match is found
The automatic lookup feature takes the input string entered and does a wildcard search for all matches in the directory. For example, a search on Joan Smith finds Joan Smith and Joan Smithe. If more than one match is found, the name is not added because IBM Lotus Quickr doesnt know which name is the correct one to add. In this situation, use the directory lookup interface to find the name to add.
35-1
You cannot create a place that has the same name as a user in the directory
If you use Lotus Domino Directory, you see an error if you attempt to create a place that has the same name as a user in the user directory. When creating a place, use a place name that is not that of a user.
OK with Anonymous access shows rather than OK with credentials when saving user directory settings
If IBM Lotus Quickr controls directory services and you configure the server to present a name and password when connecting, you notice the message OK with Anonymous access instead of OK with credentials. Ignore this message. Lotus Quickr will access the directory using the credentials you specified.
Whats New notification doesnt work for users who access rooms through group membership
Users who access rooms through group membership cannot not receive whats new email notifications. This restriction occurs because members of a group do not have a member profile that allows them to set the preference to receive the notifications.
35-2
Related information Creating and using the qpconfig.xml file on page 6-3 You use an XML configuration file, qpconfig.xml file, to perform many server configuration tasks. The server comes with a sample file, qpconfig_sample.xml, which is installed in the server data directory and which you use as a template.
In a third-party authentication environment, users with non-standard names are unable to authenticate
If IBM Lotus Quickr controls directory services and a third-party authentication application such as CA SiteMinder finds distinguished names that contain components other than the cn, ou, and o components familiar to IBM Lotus Domino, users can experience authentication failures. To workaround this problem, use the dn_incoming_is_native setting in the qpconfig.xml file. When a third-party authentication application such as CA SiteMinder finds a distinguished name that contains components other than the cn, ou, and o components familiar to Domino, it sends the name to Lotus Quickr without adding the Domino-style forward slash delimiters. For example, if CA SiteMinder
Copyright IBM Corp. 2007
36-1
finds the name uid=sblake,o=acme in the directory, it passes that name, rather than uid=sblake/o=acme, to Lotus Quickr. Because Lotus Quickr uses the forward slash delimiters in the names in places, the naming inconsistency causes authentication failures. This problem is indicated if there are authentication failures and the CA SiteMinder (or other application ) log shows that the names pulled from the directory are in the same format as the ones sent to Lotus Quickr. To correct the problem, use the following qpconfig.xml settings to indicate that Lotus Quickr should convert native names to the Domino format:
<user_directory> <ldap> <schema> <dn_incoming_is_native enabled="true"/> </schema> </ldap> </user_directory>
Related information Creating and using the qpconfig.xml file on page 6-3 You use an XML configuration file, qpconfig.xml file, to perform many server configuration tasks. The server comes with a sample file, qpconfig_sample.xml, which is installed in the server data directory and which you use as a template.
In a third-party authentication environment, users with multi-character delimiters in their names are unable to authenticate
If IBM Lotus Quickr controls directory services and you use a third-party authentication product such as CA SiteMinder, users with distinguished names that contain multi-character delimiters that include a comma or semicolon can experience user authentication failures. Use the dn_delimiter setting in the user directory section of the qpconfig.xml file to work around this problem. By default, when the server adds an external user name as a member of a place, if the name contains a multi-character delimiter that includes a comma or semicolon, it replaces the comma or semicolon with a forward slash (/) and retains the additional delimiter character(s) in the name. The forward slash is used for compatibility with Lotus Domino name syntax. When some third-party authentication applications, such as CA SiteMinder, pass these names to Lotus Quickr, they replace the entire multi-character delimiter with a forward slash (/). This naming inconsistency between the two applications causes authentication failures. For example, if the name in a user directory is cn=john doe, ou=sales, o=acme (comma space delimiter), the name becomes cn=john doe/ ou=sales/ o=acme in a place (slash space delimiter), but CA SiteMinder passes the name cn=john doe/ou=sales/o=acme to Lotus Quickr (slash delimiter). If you use a third-party authentication application and experience authentication failures due to this inconsistency in the handling of multi-character delimiters containing commas or semicolons, use the dn_delimiter setting in qpconfig.xml to specify that the server replace the entire multi-character delimiter with a forward slash, to be consistent with the authentication application. If the names of all the users in the directory use the same multi-character delimiter, specify that delimiter, terminated by the @ symbol. For example, if all names in the user directory contain the delimiter , (comma space) specify the following:
<user_directory> <ldap> <schema> <dn_delimiter>, @</dn_delimiter> </schema> </ldap> </user_directory>
36-2
If names in the directory do not use the same delimiter, use the following dn_delimiter setting instead to enable Lotus Quickr to replace any single- or multi-delimiter character with a forward slash, if the delimiter conforms to LDAP RFC 3377.
<user_directory> <ldap> <schema> <dn_delimiter robust_compare="true"/> </schema> </ldap> </user_directory>
Related information Creating and using the qpconfig.xml file on page 6-3 You use an XML configuration file, qpconfig.xml file, to perform many server configuration tasks. The server comes with a sample file, qpconfig_sample.xml, which is installed in the server data directory and which you use as a template.
Users are rechallenged for credentials when publishing and lose their edits
When a user publishes a document after a long editing session, the user can be rechallenged for credentials and lose the edits. When single sign-on is used, there is a set time at which the LTPA cookies expires, by default 30 minutes. To workaround this, set the timeout period to a higher value, for example 10 hours. Or use a different authentication mechanism that is based on user activity rather than absolute time.
If place member and super user have same name, the super user gets member access
When you create a super user, they have manager access to places on the server. But if you then open a place and add the super user (or someone with the same name) as a place member with reader access, the super user will only have reader access to the place. Conversely, if a place has a member with reader access, and you then make the member (or someone with the same name) a super user, the super user will only have reader access to that place.
36-3
36-4
Addmember command fails when you mistakenly use the -g argument to add an individual user
If you use the qptool addmember command to add an individual user as a member of a place, and you use the -g argument by mistake, the user is partially added as a group and the command fails. To correct the problem, use qptool unlock -p placename to unlock the place, then delete the partial entry from the Members view. Add the name back correctly using addmember without the -g argument.
37-1
qptool does not archive a place that already exists in the specified archive directory
If you run qptool archive on a place that already exists in the target archive directory, the archived place is not updated. No error message occurs in this situation. Delete the existing archive or rename the existing archive before running qptool archive, or archive to a different directory.
Cant use qptool commands on a place whose name begins with a hyphen
If you are unable to use qptool commands on a place whose name begins with a hyphen, use an input XML file instead of -p (or -pt) to work around the problem. For example, if you want to archive a place whose name begins with a hyphen, perform the following steps: 1. Enter the following command:
load qptool unlock -p anotherplacewithoutthisproblem
2. Open the qptool.unlock.xml file, and change anotherplacewithoutthisproblem to -placenamethat beginswithhyphen. 3. Save the file. 4. Enter the following command:
load qptool archive -i qptool.unlock.xml -dir d:\archivedirectory
qptool changemember does not change the name in existing page banners
When you use the qptool changemember command to change the name of a user in places, the original user name continues to show in the page banners of pages the user created under the original name. The h_AlternateName field shows the original authors display name. Edit the page and save it to display the new name instead.
37-2
In most instances, forcing a flush of the cache is not needed since qptool remove -cleanup runs off hours after the cache has already been cleared.
37-3
37-4
User installing offline using Sun ONE Portal Server is prompted to reauthenticate
Make sure that the IBM Lotus Quickr server has the following notes.ini setting: NoWebFileSystemACLS=1
38-1
Offline users cant edit their member profiles when Sametime is enabled and the place name begins with QuickPlace
If youve enabled Sametime integration features, users cannot see the View Profile link in the Members view needed to set their offline passwords in member profiles if the name of the place begins with the string QuickPlace. To work around this problem, temporarily disable the chat functionality and use the qptool register -install command to rename the place to begin with something other than QuickPlace. Or, leave chat active and add the offline password by clicking on the author link of a page and then clicking the View Profile menu link to bring up the member profile.
38-2
Offline not working for external users after changemember or changehierarchy commands used
Before using the qptool changemember command to change a user or the qptool changehierarchy to change several users, instruct the affected offline external users to synchronize data. After you run changemember or changehierarchy, tell the users to reinstall the offline places.
Offline users cant use places and rooms accessed through group membership
To use a place offline, users must be individual members (external or local) of the place and any rooms. A user who has access to a place or rooms through a group membership (external or local), cannot use the place or rooms offline.
Cannot install places with the same name from two different servers
If a user installs two offline places from two different servers and the places have the same name, only the most recently installed place will open offline; the other offline place is unusable. This is a known DOLS limitation.
38-3
38-4
External members with flat names cannot join online meetings that they publish
External members that have flat names, for example cn=Jack Black, cannot join online meetings that they publish. Users who publish online meetings in a place should have names with distinguishing components rather than flat names.
39-1
39-2
40-1
40-2
Part 8. Reference
notes.ini settings
Web page cache settings
The following table describes notes.ini settings used to customize the Web page cache.
Table 41-1. Web page cache notes.ini settings Setting QuickPlaceWebCacheDir QuickPlaceWebCacheEnabled QuickPlaceWebCacheGCIntervalInMIN QuickPlaceWebCacheLimitInMB QuickPlaceWebCacheLogging QuickPlaceWebCacheUsers Description Sets the cache directory Disables or enables the cache Sets the time interval for cache cleaning Sets the cache size limit Enables Web page cache logging Sets the cache for anonymous users only
Offline settings
The following table briefly describes notes.ini settings used to set up IBM Lotus Quickr for users to take places offline.
Table 41-2. offline notes.ini settings Setting $DOLS_TCPIPAddress Description Used to configure a cluster that uses the IBM Network Dispatcher to work with Domino Off-Line Services. Enables authentication to work for offline users. Enables Domino Off-Line Services to work with Lotus Quickr Used to configure a Lotus Quickr server and Sun ONE Portal Server to work with Domino Off-Line Services.
CheckCacheBeforeDSAPI EXTMGR_ADDINS
NoWebFileSystemACLS
41-1
setting=level where setting is a logging setting listed in the following table and level is the desired level of logging. For example: QuickPlaceAuthenticationLogging=5 The following table describes the logging settings and the highest level of logging available for each. The higher the level of logging you specify, the more verbose the output. The default and lowest logging level, 0, logs only errors.
Table 41-3. notes.ini server logging settings Logging setting QuickPlaceArchiveLogging QuickPlaceAuthenticationLogging Levels 1 5 Description Archive tool logging. Authentication logging for authentication events, failures, successes, group expansion, and names list generation. Calendar event logging; 0 indicates this is always on. Page compression logging. Server command performance logging. Offline place installation logging. Lotus Quickr and IBM Lotus Domino HTTP interaction logging. It is useful primarily as a first step toward isolating user authentication problems or problems related to the interaction between Lotus Quickr and Lotus Domino. Use with other logging settings, for example, QuickPlaceAuthenticationLogging, it provides a clearer picture of URL processing. Java Debug logging. Java Server logging. Java Native Interface (JNI) to C++ layer logging. Java Virtual Machine logging. Large uploads logging.
QuickPlaceCalendarSubscriptionLogging 0
QuickPlaceCompressionLogging
QuickPlaceDbCommandPerformanceLogging 3
QuickPlaceExtensionManagerIfLogging 2 QuickPlaceHTTPInterfaceLogging 2
5 3 1
QuickPlaceJvmLogging QuickPlaceLargePOSTLogging
1 1
41-2
Table 41-3. notes.ini server logging settings (continued) Logging setting QuickPlaceLockLogging QuickpPlaceLtpaLogging Levels 1 1 Description Place Lock tool logging. LTPA logging when Lotus Domino controls directory services. Lotus Quickr e-mail process logging. Expanded membership logging. My Places logging. Object model logging. ObjectPool Memory management for PlaceCatalog logging. Performance data collector logging. Place Catalog logging. Queries into Place Catalog logging; use level 4 to include more details on My Places queries and qptool report command queries. Place type refresh logging. Search across places logging. Spell checker engine logging. Style sheet processing logging. Stub creator logging for Lotus Quickr cluster support. qptool logging. Upgrade logging (upgrade places). User cache parameter logging. User directory logging (applicable only when Lotus Quickr controls directory services) . Web caching logging (caches pages sent to browser).
QuickPlaceMailLogging
QuickPlacePerformanceLogging QuickPlacePlaceCatalogLogging
1 4
QuickPlacePlaceCatalogQueryLogging 4
QuickPlaceStyleSheetAttributeCmdLogging 2 QuickPlaceStubMakerLogging 3
1 4 1 1
QuickPlaceWebCacheLogging
notes.ini settings
41-3
$h_ClientDebugConsole
5<nozeros>
h_ExceptionDetail=1
1<nozeros>
Other settings
The following table lists miscellaneous notes.ini settings not described in the other tables.
41-4
Table 41-4. Miscellaneous notes.ini settings Setting $h_MailDomain Description Specifies the domain of the server that hosts the place to which IBM Lotus Quickr routes replies to e-mail generated from places. Enables image caching in environments that do not use single sign-on authentication. Specifies the place to which Lotus Quickr routes replies to e-mail generated from places. Prevents anonymous access to files in the html directory and is part of setting up single sign-on authentication. Required on UNIX servers to support names in a user directory that contain accented characters. Specifies the length of time user entries remain in the user cache. Gives a Domain Catalog server the access to index the places on a Lotus Quickr server that uses the Search Places feature and Off-Line Services. Specifies the maximum number of users allowed in the user cache. Allows searches of nested groups in the user directory. Controls whether a server is upgraded on startup. Used to schedule qptool commands -- such as refresh, deadmail, placecatalog, and newsletter -- to run daily.
h_ScopeURLinQP
h_UndelivMail
NoWebFileSystemACLs
PLATFORM_CSID
QuickPlaceExpireCachedUsers
QuickPlaceExtensionManagerAllowServers
QuickPlaceMaxCachedUsers
notes.ini settings
41-5
41-6
Hierarchy
<?xml version="1.0"?> <service> ..... </service>
Supported actions
The <service> node supports the following named actions: v query v search
query (service)
The query action searches the Place Catalog to find places of that a specified person is a member of. The action returns a list of places that the specified person is a member of. For the query action to work, the Place Catalog must be configured in your service.
Syntax
<?xml version="1.0"?> <service action="query"> <query type="get_member_places"> <members> <person> <dn>distinguished name of person</dn> </person> </members> </query> </service>
Supported attributes
The <query> node supports the following attributes: type Values: get_member_places - Given a member name, retrieves all places in the service of which the specified name is a member. Member places are listed by server name. Server names are listed by service, which means all servers listed in the Place Catalog.
Copyright IBM Corp. 2007
42-1
Results
The results of the search are updated in the XML input tree. The <servers> node is added as a child to the <service> node. For each of the above query types, the results of the query are returned in the following format:
<?xml version="1.0"?> <service> <servers> <server> <name>server1</name> <place> <name>place1</name> </place> </server> <server> <name>server2</name> <place> <name>place2</name> </place> </server> </servers> </service>
search (service)
The search action performs a full-text search on all places on all IBM Lotus Quickr servers in the Lotus Quickr service. To use it you must first configure servers for cross-place searching. To access the search API, two input files are required: one specifying the search query, and another specifying the distinguished name of the user performing the search. The first file is run using the -i argument, the second is run using the -session argument. For example, you can create an input file specifying the query called input.xml, and another file specifying the user called session.xml. To run the search, enter the following command on the command line:
java com.lotus.quickplace.api.QPAPI -i input.xml -session session.xml
An error action status is returned if the local servers Lotus Quickr configuration specifies that the cross-place searching (Search Places) feature is disabled altogether, or disabled for anonymous users and the user performing the search is anonymous. You can also access the search functionality through the QPAPI.process( String sessionFileName, String inFileName, String outFileName) method via a JAVA program. Lotus Quickr API actions are always performed on the local server (the server executing the XML). Therefore, in order to perform a domain search, the search action must be run on the server that is configured for Domain Search and contains the Domain Index. The session file is needed to provide the identity of the user executing the search so that only documents the user has access to are returned.
42-2
Results
Below is an example of the XML returned by performing a search for the word: Lotus Quickr.
XML nodes and node actions
42-3
<?xml version="1.0"?> <service> <search_results> <search_result seqnum="1"> <document> <title> <![CDATA[Features]]> </title> <author local="false"> <dn>CN=Jane Doe,OU=Sales,O=ACME</dn> <name>Jane Doe</name> </author> <url>https://acmeteam.acme.com:443/LotusQuickr/acmeteam/ PageLibrary85256AAF005EC7BB.nsf/ 1E24BC021C381AE985256AB8004E035B/ 4CB455BB81C721AD85256C1300636F10/?OpenDocument</url> <abstract> <![CDATA[ This document describes the features that are new in Lotus Quickr]]> </abstract> <last_modified>20020812T140737,57-04</last_modified> </document> <place> <name>ACMETeam</name> </place> <relevance>100</relevance> </search_result> <search_result seqnum="2"> <document> <title> <![CDATA[Release 3 Sales Forecast]]> </title> <author local="false"> <dn>CN=John Swift,OU=Sales,O=ACME</dn> <name>John Swift</name> </author> <url>https://acmeteam.acme.com:443/LotusQuickr/acmeteam/ PageLibrary85256AAF005EC7BB.nsf/ h_Index/09A910C51A6818DA85256C0F00829ADD/ ?OpenDocument</url> <abstract> <![CDATA[ Lotus Quickr Sales Forecast Sales Staff: Please review this document for accuracy and make edits and corrections as necessary. This document is used by the ACME Global Sales staff to determine the impact of Lotus Quickr.]]> </abstract> <last_modified>20020812T140521,04-04</last_modified> </document> <place> <name>ACMETeam</name> </place> <relevance>100</relevance> </search_result> </search_results> <action_status action="search"> <code>0</code> </action_status> </service>
42-4
Full-text queries work the same way most Web search engines do (based on Boolean logic), with some very powerful enhancements. For example, you can not only search for two words which appear in the same document, but specify how close they should be to each other, what field they must be in, by their exact case, and that one should be judged as more important. Using wildcards you can also search on just a fragment of a word and Lotus Domino returns every word containing that fragment. Operators are reserved words in Lotus Domino. If you want to search for an operator as you would normal text, for example in a phrase such as Gene and Joan, you must put the phrase in quotes.
Table 42-1. Full-text query operators Operator field FIELD [fieldname] (brackets) Description and examples These mean search this field. Lotus Domino then expects you to specify the field to search. In this release of IBM Lotus Quickr field operators only to find text in the $Updatedby and _RevisionDate fields. There should be spaces between FIELD and words surrounding it. Example: FIELD $Updatedby CONTAINS Simpson finds documents whose $Updatedby field contains the word Simpson. () [parentheses] These determine the order in which Lotus Domino processes sections of your query. A part of the query enclosed in parentheses will be processed before parts outside the parentheses. These find documents containing all the conditions or words linked by AND. Example: cat AND dog AND fish finds documents containing all three of these words. These find documents containing either of the conditions or words and returns them ranked by number of appearances in the document.
These make the query negative. You can put NOT between words: cat AND NOT dog finds documents containing the word cat, but not the word dog.You can put NOT before any field name: NOT[author] CONTAINS Simpson finds documents whose author field does not contain the word Simpson.You can use NOT after CONTAINS, and before a word: [author] CONTAINS NOT Simpson finds documents whose author field does not contain the word Simpson.You cannot put NOT after =, <, >, <=, or >= and before a date or number: [date1] = NOT 12/25/98 does not work.
42-5
Table 42-1. Full-text query operators (continued) Operator Description and examples Placing quotes around operators (like AND, OR, CONTAINS etc.) allows Lotus Domino to read them as normal words. Example: rock and roll finds documents containing the phrase, intact. PARAGRAPH paragraph This finds documents in which the words surrounding PARAGRAPH are in the same paragraph, and ranks them by how close they are. Example: car PARAGRAPH wheels finds documents in which car and wheels appear in the same paragraph and ranks them by how close the words are within the paragraph. SENTENCE sentence This finds documents in which the words surrounding SENTENCE are in the same sentence, and ranks them by how close they are. Example: car SENTENCE wheels finds documents in which car and wheels appear in the same sentence and ranks them by how close the words are within the sentence. ? This is a wildcard. It represents any single letter. It does not work with dates or numbers. Example: ?one finds documents containing bone, cone, done, gone (and any other four-letter words that end with one)???ck finds documents containing stack, clock, stick, truck; rack, rick, rock * This is a wildcard. It represents any extension of letters. It does not work with dates or numbers. This gives importance, or weight, to search words. You can use any value from 0 through 65537 to assign weight. This tells Lotus Domino to search for the exact case of the word following. Example: exactcase Apple finds documents containing Apple, but not APPLE or apple. CONTAINS contains This is tells Lotus Domino that the field before it must contain the text after it. There should be spaces between CONTAINS and words surrounding it.
TERMWEIGHT termweight
EXACTCASE exactcase
42-6
Table 42-1. Full-text query operators (continued) Operator = < > <= >= - (hyphen) This tells Lotus Domino to find the hyphenated word pair. Description and examples These help you search for numbers or dates in numeric or date fields only.
Hierarchy
<?xml version="1.0"?> <service> <servers> <server> ..... </server> </servers> </service>
Supported attributes
The server node supports the following attributes: local Syntax: <server local=true> </server> Values: true | false - Specifies whether or not the server is local to the executing XML script. XML must run on the local server. You must use either this attribute or the <hostname> element to specify the server that the XML will run on.
Supported elements
The <server> node supports the following named elements: <hostname>
42-7
The <hostname> element is used by the server node to specify the host name that the script is executing on. The name used should be an IP address or DNS resolvable host name. The name must be the name of the local server the script is being executed on. Syntax:
<?xml version="1.0"?> <service> <server> <hostname>qkserver.acme.com</hostname> </server> </service>
Supported actions
The <server> node supports the following named actions: v getPlaceTypes
getPlaceTypes (server)
The getPlaceTypes action retrieves specified attributes from all PlaceTypes on a server. The standard PlaceType is h_StdPlaceType.
Syntax
<?xml version="1.0"?> <service> <server action="getPlaceTypes"> </server> </service>
Supported attributes
The getPlaceTypes action supports the following attributes in the results: id Unique ID to identify the PlaceType. This value is guaranteed to be unique.
Supported elements
The getPlaceTypes action supports the following elements in the results: <name> Specifies the name of the PlaceType. <description> Provides a description of the PlaceType. This value is set in the IBM Lotus Quickr UI. It is displayed during the creation of a place. <addition_information_url> Provides an addition information url. This value is set in theLotus Quickr UI. It is displayed during the creation of a place.
42-8
Results
PlaceTypes are listed by server name. The following example demonstrates the results of the getPlaceTypes action:
<?xml version="1.0"?> <service> <server local="true"> <placetypes> <placetype id="8912471890219238"> <name>ACMETeamPlacetype</name> <description>The ACME Teams Placetype</description> <additional_information_url> http://www.acme.com/acmeteaminfo </additional_information_url> </placetype> <placetype> ...... </placetype> </placetypes> </server> </service>
Hierarchy
<?xml version="1.0"?> <service> <servers> <server> <places> <place> ..... </place> </places> </server> </servers> </service>
Supported elements
The <place> node supports the following named elements: <name> The <name> element is used by the place node to specify the name of the place being serviced. This name refers to a place on the local server executing the script. Syntax:
<?xml version="1.0"?> <service> <servers> <server local="true"> <places> <place> <name>ACMETeam</name> </place>
42-9
Required: Required for all supported place actions. <placetype> The <placetype> element is used by the place node to specify the PlaceType that is associated with the place being serviced. The placetype element is primarily used when creating places. When performing operations involving a PlaceType, you must first identify the PlaceType within the <placetypes> node and assign it an id. Then in the <place> node, define a <placetype> node that contains a <link> element. The link element refers to the PlaceType identified earlier. The following example identifies an existing PlaceType and assigns it an id. Then the XML instructs that a new place be created using the PlaceType.
?xml version="1.0"?> <service> <servers> <server local="true"> <placetypes> <placetype id="ACMETeamPlacetypelink"> <name>ACMETeamPlaceType</name> </placetype> </placetypes> <places> <place action="create"> <name>MyPlace</name> <member> <person action="add" id="ExternalMember"> <dn>cn=John Doe,ou=Sales,o=ACME</dn> </person> </member> <placetype> <link idref="ACMETeamPlacetypelink"> </placetype> </place> </places> </server> </servers> </service>
Supported actions
The <place> node supports the following named actions: v create v remove v forceRemove v update
create (place)
The create action creates the place specified, using the PlaceType specified (optional), on the server specified. You must also specify a manager of the place, who will be the first member of the place when it is created. When you create a place, the place manager is always a person. Place creation occurs on the local server executing the script. The place must not previously exist on the server at the time of place creation or an error action status code is returned.
42-10
Syntax
<?xml version="1.0"?> <service> <servers> <server> <place action="create"> <name></name> <member> <person><person> </member> </place> </server> </servers> </service>
Optional syntax
<?xml version="1.0"?> <service> <servers> <server> <placetypes> <placetype id="ACMETeamPlacetypelink"> <name>ACMETeamPlaceType</name> </placetype> </placetypes> <places> <place action="create"> <name></name> <member> <person></person> </member> <placetype> <link idref="ACMETeamPlacetypelink"> </placetype> </place> </places> </server> </servers> </service>
Example
<?xml version="1.0"?> <service> <servers> <server local="true"> <places> <place action="create"> <name>ACME_Team</name> <title>ACME Team Place</title> <members> <person local="true" action="add" id="LocalOwner"> <username>JCool</username> <password>snoopy</password> <first_name>Joe</first_name> <last_name>Cool</last_name> </person> <person action="add" id="ExternalMember"> <dn>cn=John Doe,ou=Sales,o=ACME</dn> </person> <group action="add" id="ExternalGroup"> <dn>cn=Sales,ou=East,o=ACME</dn> </group> </members> </place>
42-11
remove (place)
The remove action marks the specified place for removal from the specified server. Removal of the place is performed when the qptool remove -cleanup command runs on the server.
Syntax
<?xml version="1.0"?> <service> <servers> <server> <places> <place action="remove"> <name></name> </place> </places> </server> </servers> </service>
Example
<?xml version="1.0"?> <service> <servers> <server local="true"> <places> <place action="remove"> <name>AcmeTeam</name> </place> </places> </server> </servers> </service>
forceRemove (place)
The forceRemove action marks the specified place for removal from the specified server and attempts to delete the files immediately. If the files are being used by another process, the files are left marked for later removal.
Syntax
<?xml version="1.0"?> <service> <servers> <server> <places> <place action="forceRemove"> <name></name> </place> </places> </server> </servers> </service>
Example
<?xml version="1.0"?> <service> <servers> <server local="true">
42-12
update (place)
The update action updates the specified information in the specified place.
Syntax
<?xml version="1.0"?> service> <servers> <server> <places> <place action="update"> <name></name> </place> </places> </server> </servers> </service>
Supported elements
The update action supports the following elements: <title>
Syntax: <title>The ACME Team Place</title>
Supported Values: Any string that represents the title of the place. <meta_data> Syntax:
<meta_data> <name1>value1</name1> <name2>value2</name2> <name3>value3</name3> </meta_data>
Supported Values: Name/Value pairs are specified and are user-defined. The metadata Name/Value pairs are stored in the specified place as well as the Place Catalog.
Example
<?xml version="1.0"?> <service> <servers> <server local="true"> <places> <place action="update"> <name>AcmeTeam</name> <title>The ACME Team Place</title> <meta_data> <name1>value1</name1> <name2>value2</name2> <name3>value3</name3> </meta_data>
XML nodes and node actions
42-13
Supported attributes
The placetype node supports the following attributes: id Unique ID to identify the PlaceType.
Supported elements
The <placetype> node supports the following named elements: <name> The name element is used by the placetype node to specify the name of the placetype being serviced. This name refers to a placetype on the local server executing the script. The name element is required for all placetype actions. Syntax:
42-14
<name>ACMETeamPlaceType</name>
<description> The description elements provides an optional description of the PlaceType. This value is set in the Lotus Quickr UI. It is displayed during the creation of a place. Syntax:
<description>The ACME Teams Placetype</description>
<addition_information_url> Provides an optional additional information url. This value is set in the Lotus Quickr UI. It is displayed during the creation of a place. Syntax:
<additional_information_url>http://www.acme.com/acmeteaminfo</additional_information_url>
Hierarchy
<?xml version="1.0"?> <service> <servers> <server> <places> <place> <members> <person></person> </members> </place> </places> </server> </servers> </service>
Supported attributes
The person node supports the following attributes: id Syntax:
<person id="personid"></person> <person idref="personid"></person>
Assigning a person an id allows you to reference them in other sections of the XML. For example, if you want to create two places and add the same user as a member of both, you define and give the user an id within the first <place> node, then reference them in the second <place> node. For example:
<?xml version="1.0"?> <service> <servers> <server local="true"> <places> <place action="create">
XML nodes and node actions
42-15
<name>ACME_Team_Blue</name> <title>ACME Team Place Blue</title> <members> <person local="true" id="person1"> <username>jdoe</username> </person> <person id="person2"> <dn>cn=Charles Brown,ou=Sales,o=ACME</dn> </person> </members> </place> <place action="create"> <name>ACME_Team_Red</name> <title>ACME Team Place Red</title> <rooms> <room> <name>Main.nsf</name> <access> <managers> <member action="add"> <link idref="person1"/> </member> </managers> <authors> <member action="remove"> <link idref="person2"/> </member> </authors> </access> </room> </rooms> </place> </places> </server> </servers> </service>
local Syntax:
<person local="true"></person>
Supported Values: true | false - Specifies whether or not the person is local to the specified place. A value of true indicates that the person exists only in the specified place. A value of false indicates that the person exists in a user directory, outside the specified place. subscribed_to_newsletter Syntax:
<person subscribed_to_newsletter="true"></person>
Supported Values: true | false - Specifies whether or not the person subscribed to the places newsletter. A value of true indicates that the person is subscribed. A value of false indicates that the person is not subscribed. subscribed_to_calendar_events Syntax:
<person subscribed_to_calendar_events="true"></person>
42-16
Supported Values: true | false - Specifies whether or not the person subscribed to the calendar events in the specified place. A value of true indicates that the person is subscribed. A value of false indicates that the person is not subscribed. using_accessible_ui Syntax:
<person using_accessible_ui="true"></person>
Supported Values: true | false - Specifies whether or not the person is using an accessibility user interface in the specified place. A value of true indicates that the person is is using an accessibility user interface. A value of false indicates that the person is not is using an accessibility user interface. email_client Syntax:
<person email_client="notes5"></person>
Supported Values: notes5 | outlook | - Specifies which e-mail client the person uses. Notes5 means the person uses a IBM Lotus Notes mail client. Outlook means the person uses a Microsoft Outlook mail client.
Supported elements
The person node supports the following named elements: <dn> The <dn> element is used by the person node to specify the external name of the person being serviced. This name refers to a person in a directory external to Lotus Quickr. The format of the dn must be an LDAP distinguished name. You do not need to specify this element (nor should you) if you are operating on a person that is local to the specified place Syntax:
<dn>cn=Jane Doe,ou=Sales,o=ACME</dn>
Required: Required for all supported place actions if operating on an external user. <username> The <username> element is used by the person node to specify the person that is associated with the operation being performed. The value specified by this element represents a local user of the specified place. A local user is one that exists purely in the place and not in an external entity such as a directory. If you want to specify an external user then use the <dn> element described above. Syntax:
<username>jdoe</username>
42-17
The <first_name> element is used by the person node to specify the first name of the person that is associated with the operation being performed. The value specified by this element represents the first name of a local user of the specified place. This element is not applicable when the <dn> element is specified. Syntax:
<first_name>jane</first_name>
Required: Person attribute local=true must be specified. <last_name> The <last_name> element is used by the person node to specify the last name of the person that is associated with the operation being performed. The value specified by this element represents the last name of a local user of the specified place. This element is not applicable when the <dn> element is specified. Syntax:
<last_name>Doe</last_name>
Required: Person attribute local=true must be specified. <password> The <password> element is used by the person node to specify the password of the person that is associated with the operation being performed. The value specified by this element represents the password of a local user of the specified place. This password will be required when the specified user authenticates with the place. This element is not applicable when the <dn> element is specified. Syntax:
<password>BigSecret</password>
Required: Person attribute local=true must be specified. <phone_number> The <phone_number> element is used by the person node to specify the phone number of the person that is associated with the operation being performed. The value specified by this element represents the phone number of a local user of the specified place. This element is not applicable when the <dn> element is specified. Syntax:
<phone_number>978-555-1212</phone_number>
Required: Person attribute local=true must be specified. <offline_password> The <offline_password> element is used by the person node to specify the offline password of the person that is associated with the operation being performed. This password is used when the person authenticates with the place in offline mode. The value specified by this element can be used with either a local person or an external person. Syntax:
<offline_password>BigSecret</offline_password>
42-18
Required: N/A The <description> element is used by the person node to specify a description of the person that is associated with the operation being performed. The value specified by this element can be used with either a local person or an external person. <email> The <email> element is used by the person node to specify the e-mail address of the person that is associated with the operation being performed. The value specified by this element can be used with either a local person or an external person. This element is not applicable when the <dn> element is specified. Syntax:
<email>jdoe@acme.com</email>
Required: Person attribute local=true must be specified. <theme> The <theme> element is used by the person node to specify the name of the theme associated with the operation being performed. The value specified by this element can be used with either a local person or an external person. Syntax:
<theme>h_DefaultSkin</theme>
Required: N/A
Supported actions
The person node supports the following named actions: v add v remove v update
add (person)
The add action adds a person to the specified place. The person can exist in the place or can exist outside the place in an external directory, depending upon which attribute you specify for them. When adding an external person to a place, the external user directory is not consulted for existence or name correctness. You can specify any supported attributes or elements of the person when the add action is performed since the specified person is updated immediately following this add operation. Note: This action is performed to initially add a person to the specified place but it does not give that person any rights to access elements of the place. That action is performed by the <member> node within a room.
XML nodes and node actions
42-19
Syntax
<?xml version="1.0"?> <service> <servers> <server local="true"> <places> <place> <name></name> <members> <person local="true" action="add"> <username></username> </person> </members> </place> </places> </server> </servers> </service>
- or <?xml version="1.0"?> <service> <servers> <server local="true"> <places> <place> <members> <person action="add"> <dn></dn> </person> </members> </place> </places> </server> </servers> </service>
Optional attributes
subscribed_to_newsletter using_accessible_ui subscribed_to_calendar_events email_client
Optional elements
<password> <first_name> <last_name> <phone_number> <email> <offline_password> <theme> <description>
Example
<?xml version="1.0"?> <service> <servers> <server local="true"> <places> <place> <name>ACME_Team</name> <members> <person local="true" action="add">
42-20
<username>Jane Doe</username> <password>BigSecret</password> <first_name>Jane</first_name> <last_name>Doe</last_name> </person> <person action="add"> <dn>cn=Charles Brown,ou=Sales,o=ACME</dn> </person> </members> </place> </places> </server> </servers> </service>
remove (person)
The remove action removes a person from the specified place. The person can exist in the place or can exist outside the place in an external directory, depending upon which attribute you specify for them. If you remove a local person, that person is removed from the specified place. If you remove an external person, that person is removed from the place but is not removed from the external directory. When a person is removed from a place, the persons membership to all rooms in the place is also removed.
Syntax
<?xml version="1.0"?> <service> <servers> <server> <places> <place> <name></name> </place> </places> </server> </servers> </service>
- and <?xml version="1.0"?> <service> <servers> <server> <places> <place> <members> <person local="true" action="remove"> <username></username> </person> </members> </place> </places> </server> </servers> </service>
42-21
<places> <place> <members> <person action="remove"> <dn></dn> </person> </members> </place> </places> </server> </servers> </service>
Example
<?xml version="1.0"?> <service> <servers> <server> <hostname>qk.acme.com</hostname> <places> <place> <name>ACME_Team</name> <members> <person local="true" action="remove"> <username>JDoe</username> </person> <person action="remove"> <dn>cn=Charles Brown,ou=Sales,o=ACME</dn> </person> </members> </place> </places> </server> </servers> </service>
update (person)
The update action updates a person in the specified place. When this action is called, the specified person is updated using the attributes and values you specify. You can specify any supported attributes or elements of the person when the update action is performed. No updates are performed in the external directory if the person being updated is not local.
Syntax
<?xml version="1.0"?> <service> <servers> <server> <places> <place> <name></name> </place> </places> </server> </servers> </service>
42-22
<place> <members> <person local="true" action="update"> <username></username> </person> </members> </place> </places> </server> </servers> </service>
- or <?xml version="1.0"?> <service> <servers> <server> <places> <place> <members> <person action="update"> <dn></dn> </person> </members> </place> </places> </server> </servers> </service>
Optional attributes
subscribed_to_newsletter using_accessible_ui subscribed_to_calendar_events email_client
Optional elements
<password> <first_name> <last_name> <phone_number> <email> <offline_password> <theme> <description>
Example
<?xml version="1.0"?> <service> <servers> <server> <hostname>qk.acme.com</hostname> <places> <place> <name>ACME_Team</name> <members> <person local="true" action="update"> <username>JDoe</username> <password>BiggerSecret</password> </person> <person action="update"> <dn>cn=Charles Brown,ou=Sales,o=ACME</dn> <offline_password>Drats</offline_password> <phone_number>978-555-1212</phone_number>
XML nodes and node actions
42-23
Hierarchy
<?xml version="1.0"?> <service> <servers> <server> <places> <place> <members> <group></group> </members> </place> </places> </server> </servers> </service>
Supported elements
The group node supports the following named elements: <dn> The <dn> element is used by the group node to specify the external name of the group being serviced. This name refers to a group in a directory. Syntax:
<dn>cn=Sales,ou=Corporate,o=ACME</dn>
Required: Required for all supported place actions. <description> The <description> element is used by the group node to specify a description of the group that is associated with the operation being performed. The value specified by this element must be an external group that exists in an external directory. Syntax:
<description>The ACME Sales Team</description>
Required: N/A
42-24
Supported actions
The <group> node supports the following named actions: v add v remove v update
add (group)
The add action adds a group to the specified place. The group must exist outside the place in an external directory. When adding a group to a place, the external directory is not consulted for existence or name correctness. You can specify any supported attributes or elements of the group when the add action is performed since the specified group is updated immediately following this add operation. Note: This action is performed to initially add a group to the specified place but it does not give that group any rights to access elements of the place. That action is performed by the <member> node.
Syntax
<?xml version="1.0"?> <service> <servers> <server> <places> <place> <members> <group action="add"> <dn></dn> </group> </members> </place> </places> </server> </servers> </service>
Optional attributes
The following optional attributes are supported the group node: subscribed_to_newsletter Specifies whether the members of the group subscribe to the places newsletter.
Optional elements
The following optional elements are supported in the group node: <description> Describes the group.
Example
<?xml version="1.0"?> <service> <servers> <server> <hostname>qk.acme.com</hostname>
XML nodes and node actions
42-25
<places> <place> <name>ACME_Team</name> <members> <group action="add"> <dn>cn=Sales,ou=Corporate,o=ACME</dn> </group> </members> </place> </places> </server> </servers> </service>
remove (group)
The remove action removes a group from the specified place. The group is removed from the place but is not removed from the external directory. When a group is removed from a place, group membership to all rooms in the place is also removed.
Syntax
<?xml version="1.0"?> <service> <servers> <server> <places> <place> <members> <group action="remove"> <dn></dn> </group> </members> </place> </places> </server> </servers> </service>
Example
<?xml version="1.0"?> <service> <servers> <server> <hostname>qk.acme.com</hostname> <places> <place> <name>ACME_Team</name> <members> <group action="remove"> <dn>cn=Sales,ou=Corporate,o=ACME</dn> </group> </members> </place> </places> </server> </servers> </service>
update (group)
The update action updates a group in the specified place. When this action is called, the specified group is updated using the attributes and values you specify.
42-26
You can specify any supported attributes or elements of the group when the update action is performed. No updates are performed in the external directory.
Syntax
<?xml version="1.0"?> <service> <servers> <server> <places> <place> <members> <group action="update"> <dn></dn> </group> </members> </place> </places> </server> </servers> </service>
Optional elements
The following optional elements are supported in the group node: <description> Describes the group.
Example
<?xml version="1.0"?> <service> <servers> <server local="true"> <hostname>qk.acme.com</hostname> <places> <place> <name>ACME_Team</name> <members> <group action="update"> <dn>cn=Sales,ou=All,o=ACME</dn> <description>Global Sales Team</description> </group> </members> </place> </places> </server> </servers> </service>
42-27
When you perform actions on a member, you must define a <person> or <group> that represents the member you are processing. Operations on a member node are performed using an idref link to the <person> or <group> nodes previously defined in the script. An idref link relationship is demonstrated by the following XML. Notice that the <person> node is defined first with a corresponding link ID value. That ID value is referenced through the <link idref> element to determine which <person> the <member> node should operate on.
<?xml version="1.0"?> <service> <servers> <server local="true"> <places> <place> <members> <person local="true" id="person1"> <username>jdoe</username> </person> <person id="person2"> <dn>cn=Charles Brown,ou=Sales,o=ACME</dn> </person> </members> . . . <rooms> <room> <name>Main.nsf</name> <access> <managers> <member action="add"> <link idref="person1"/> </member> </managers> <authors> <member action="remove"> <link idref="person2"/> </member> </authors> </access> </room> </rooms> </place> </places> </server> </servers> </service>
Supported elements
The member node supports the following named elements: <link> The <link> element is used by the member node to provide a reference link by ID to a previously defined <person> or <group> node. The idref attribute is specified when <link> is used to reference the entity defined previously with the same value. The value specified by idref must match the value defined for the entity it is used to reference. For example: <person id=person1/> and <link idref=person1/> Syntax:<link idref=person1/> Required: Required for all supported <member> actions being performed on a <person> or <group>.
42-28
Supported actions
The member node supports the following named actions: v add v remove
add (member)
The add member action adds a person or group with the specified access level to the specified room of the specified place. The person or group must previously exist as a entity in the place (handled by the <person> or <group> nodes) before a membership operation can be performed. When a membership action is performed, the specified entity will have immediate access to the specified room at the specified level of access.
Syntax
<?xml version="1.0"?> <service> <servers> <server> <places> <place> <name></name> <members> <person | group id="refValue"> </person | /group> </members> <room> <name></name> <access> <managers | editors | authors | readers> <member action="add"> <link idref="refValue"/> </member> </managers | /editors| /authors | /readers> </access> </room> </place> </places> </server> </servers> </service>
Supported elements
Membership access level is controlled by the following elements: <managers> The <managers> element is used by the <room> node to specify manager access level to the room for the names specified within. Syntax:
<managers> <member action="add"> <link idref="refValue"/> </member> </managers>
Required: The name of a local or external person or group that exists in the place.
XML nodes and node actions
42-29
<editors> The <editors> element is used by the <room> node to specify editor access level to the room for the names specified within. Syntax:
<editors> <member action="add"> <link idref="refValue"/> </member> </editors>
<authors> The <authors> element is used by the <room> node to specify author access level to the room for the names specified within. Syntax:
<authors> <member action="add"> <link idref="refValue"/> </member> </authors>
Required: The name of a local or external person or group that exists in the place. <readers> The <readers> element is used by the <room> node to specify reader access level to the room for the names specified within. Syntax:
<readers> <member action="add"> <link idref="refValue"/> </member> </readers>
Required: The name of a local or external person or group that exists in the place.
Example
<?xml version="1.0"?> <service> <servers> <server local="true"> <places> <place> <name>ACMETeam</name> <members> <person local="true" id="person1"> <username>cbrown</username> </person> <person id="person2"> <dn>cn=Jane Doe,ou=Sales,o=ACME</dn> </person> </members> <rooms> <room> <name>Main.nsf</name> <access>
42-30
<managers> <member action="add"> <link idref="person1"/> </member> </managers> <authors> <member action="remove"> <link idref="person2"/> </member> </authors> </access> </room> </rooms> </place> </places> </server> </servers> </service>
remove (member)
The remove action removes a person or group access to the specified room of the specified place. The person or group must previously exist as a entity in the place (handled by the <person> or <group> nodes) before a membership operation can be performed. When a membership action is performed, the specified entitys access will be immediately removed from the specified room
Syntax
<?xml version="1.0"?> <service> <servers> <server local="true"> <places> <place> <name></name> <members> <person | group id="refValue"> </person | /group> </members> <room> <name></name> <member action="remove"> <link idref="refValue"/> </member> </room> </place> </places> </server> </servers> </service>
Example
<?xml version="1.0"?> <service> <servers> <server local="true"> <places> <place> <name>ACMETeam</name> <members> <person local="true" id="person1"> <username>cbrown</username> </person> <person id="person2"> <dn>cn=Jane Doe,ou=Sales,o=ACME</dn> </person>
XML nodes and node actions
42-31
</members> <rooms> <room> <name>Main.nsf</name> <access> <members> <member action="remove"> <link idref="person1"/> </member> <member action="remove"> <link idref="person2"/> </member> </members> </access> </room> </rooms> </place> </places> </server> </servers> </service>
42-32
Part 9. Appendixes
Notices
This information was developed for products and services offered in the U.S.A. IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the users responsibility to evaluate and verify the operation of any non-IBM product, program, or service. IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not grant you any license to these patents. You can send license inquiries, in writing, to: IBM Director of Licensing IBM Corporation North Castle Drive Armonk, NY 10504-1785 U.S.A. For license inquiries regarding double-byte (DBCS) information, contact the IBM Intellectual Property Department in your country or send inquiries, in writing, to: IBM World Trade Asia Corporation Licensing 2-31 Roppongi 3-chome, Minato-ku Tokyo 106-0032, Japan The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you. This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice. Any references in this information to non-IBM Web sites are provided for convenience only and do not in any manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for this IBM product and use of those Web sites is at your own risk. IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you. Licensees of this program who wish to have information about it for the purpose of enabling: (i) the exchange of information between independently created programs and other programs (including this one) and (ii) the mutual use of the information which has been exchanged, should contact:
A-1
IBM Director of Licensing IBM Corporation North Castle Drive Armonk, NY 10504-1785 U.S.A. Such information may be available, subject to appropriate terms and conditions, including in some cases, payment of a fee. The licensed program described in this information and all licensed material available for it are provided by IBM under terms of the IBM Customer Agreement, IBM International Program License Agreement, or any equivalent agreement between us. Any performance data contained herein was determined in a controlled environment. Therefore, the results obtained in other operating environments may vary significantly. Some measurements may have been made on development-level systems and there is no guarantee that these measurements will be the same on generally available systems. Furthermore, some measurements may have been estimated through extrapolation. Actual results may vary. Users of this document should verify the applicable data for their specific environment. Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. All statements regarding IBMs future direction or intent are subject to change or withdrawal without notice, and represent goals and objectives only. All IBM prices shown are IBMs suggested retail prices, are current and are subject to change without notice. Dealer prices may vary. This information is for planning purposes only. The information herein is subject to change before the products described become available. This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible, the examples include the names of individuals, companies, brands, and products. All of these names are fictitious and any similarity to the names and addresses used by an actual business enterprise is entirely coincidental. COPYRIGHT LICENSE: This information contains sample application programs in source language, which illustrate programming techniques on various operating platforms. You may copy, modify, and distribute these sample programs in any form without payment to IBM, for the purposes of developing, using, marketing or distributing application programs conforming to the application programming interface for the operating platform for which the sample programs are written. These examples have not been thoroughly tested under all conditions. IBM, therefore, cannot guarantee or imply reliability, serviceability, or function of these programs. Each copy or any portion of these sample programs or any derivative work, must include a copyright notice as follows: (your company name) (year). Portions of this code are derived from IBM Corp. Sample Programs. Copyright IBM Corp. _enter the year or years_. All rights reserved.
A-2
If you are viewing this information softcopy, the photographs and color illustrations may not appear.
Trademarks
The following terms are trademarks of International Business Machines Corporation in the United States, other countries, or both: AIX AIX 5L DB2 DB2 Universal Database developerWorks Domino Domino Designer i5/OS IBM Lotus Lotus Notes Notes QuickPlace Sametime Tivoli WebSphere Adobe, Acrobat, Portable Document Format (PDF), and PostScript are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, other countries, or both. Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both. Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. Linux is a trademark of Linus Torvalds in the United States, other countries, or both. UNIX is a registered trademark of The Open Group in the United States and other countries. Other company, product, or service names may be trademarks or service marks of others.
Notices
A-3
A-4
Printed in USA