Tuesday, April 2, 2013

Connections Mail over SSL? There´s no need to install SSL certificate on the Domino iNotes server.

If you have deployed IBM Connections, then you have already set up the IBM HTTP Server (IHS) with a SSL certificate, right?

Well, if you are also deploying IBM Connections Mail, then the need to install a SSL certificate on the Domino iNotes server arises.
Because, if you are inside of Connections in a browser on HTTP,S then the Connections Mail communication with the iNotes server will also be on HTTPS.
And vice versa when you are on the HTTP protocol.

So when you are on HTTPS the Connections Mail will not work if you did not apply a SSL certificate on the Domino iNotes server.

But for those of you that wants to deploy Connections mail without having to buy a new SSL certificate for the Domino iNotes server, then here´s the solution:


Ok, so you already have SSL set up on the IHS server. Did you also know that the IHS server can also act as a reverse proxy server? And by setting it up as a reverse proxy server, you can leverage this and just point some junctions to the iNotes servers folders and nsf files.

This makes the communication between the client and the IHS server secure, but backend communication between the IHS server and the domino iNotes will be on HTTP. This is ok for most of the customers out there. And remember, you don´t even have to expose the iNotes server to the public internet. Only the Connections server needs to be public. (If you have deployed Connections to the web, that is).

Here´s what you need to do:

Enable 2 modules in the HTTPD.CONF

LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_module modules/mod_proxy.so

And then, the config for the junctions:
    # Disable forward proxy requests
    ProxyRequests Off
    # Allow requests from ALL hosts and domains
    <Proxy *>
        Order Allow,Deny
        Allow from all
    </Proxy>

#Configure access to iNotes
    ProxyPass     /mail/         http://inotesserver.company.com/mail/
    ProxyPass     /iNotes/     http://inotesserver.company.com/iNotes/
    ProxyPass     /domjs/     http://inotesserver.company.com/domjs/
    ProxyPass     /iredir.nsf     http://inotesserver.company.com/iredir.nsf
    ProxyPass     /names.nsf     http://inotesserver.company.com/names.nsf
    ProxyPass     /Names.nsf     http://inotesserver.company.com/names.nsf
(For some reason, the Names.nsf is case sensitive, and sometimes, when I log in to the iNotes server, I noticed that the login referenced names.nsf with a capital N)

And then you´re done. Restart the IHS server and try to login to your mailboks directly using the Connections server´s url:

https://ConnectionsServer.company.com/mail/YourMailbox.nsf

After this, you have to edit the socialmail-discovery-config.xml file to point to the new reverse proxy iNotes url aswell:

<ServerConfig name="inotesmail" enabled="true">
            <ConfigType>DOMINO</ConfigType>
            <DirectoryServer>dominoldap.company.com</DirectoryServer>
            <DirectoryServerDomain>company.com</DirectoryServerDomain>
            <DirectoryUser>LdapUser/Company</DirectoryUser>
            <DirectoryPW>password</DirectoryPW>
            <FixedServer>http://ConnectionsServer.company.com</FixedServer>
            <MailPattern type="company.com"/>
 </ServerConfig>

As you can see, the "FixedServer" url is the key here. It´s now pointing at the IHS Reverse proxy url. And don´t worry that it says "http://...". Connections changes this automatically to https if you are surfing on the Connections server on https.

Restart Connections and give it a try.





Posted by at No comments: Links to this post
Tags: , , , , , , , ,
Reactions: 

Tuesday, March 5, 2013

Discovery: @mentions fail when using Norwegian Keyboard layout in Connections 4 CR2

I followed @stuartmcintyre´s blog posting on how to enable the @mentions in IBM Connections 4 CR2.


Tested this out on my Mac in Safari, Chrome and Firefox.

Every browser worked just fine.

But the customer complained about the fact that it did not work in Windows 7.
Only Firefox worked there, IE and chrome did not work 100%.

What happens in Chrome and IE is:
Typing in @ makes the @-character dissapear. But if we keep typing in "robert" for instance, the lookup works, kind of. It looks up all users that starts with "obert", so the R is omitted.
So by typing in "rrobert" it actually works, but still, you do not see the @ character.

I then tested this myself on the customer Connections site on a windows 7 virtual pc I have.
I could confirm that I had the same experience as the customer had.

I then created a PMR on the issue.

The PMR then asked me about testing this on the Greenhouse Connections site.
So I did, and I could see the exact same issues!!

This got me thinking. What´s different between my mac and a windows 7 computer? There has to be something locally on my computer that is doing it!

I then landed on the fact that the keyboard-layout on the windows computer is in Norwegian.


So I switched from "NO" keyboard layout to "US" keyboard layout, and it worked!! All browsers work. Both on Greenhouse and the Customers site. 

So this has to be a bug.

I will let you guys know what IBM Support says.

Posted by at 1 comment: Links to this post
Tags: , , , , , ,
Reactions: 

Friday, February 15, 2013

SPNEGO and Connections 4 CR1 or CR2 - remember this!!

From Connections 4.0.0 to 4.0.1 or 4.0.2, the SPNEGO the Filter-criteria has changed.

So if your Connections SSO solution does not work after upgrading your 4.0.0 environment, check the filter.

The values are now:

request-url!=noSPNEGO;request-url!=/mobile;request-url!=/nav;request-url!=/bundles/js;request-url!=/static;request-url!=/activities/oauth;request-url!=/blogs/oauth;request-url!=/dogear/oauth;request-url!=/communities/calendar/oauth;request-url!=/communities/service/atom/oauth;request-url!=/communities/service/opensocial/oauth/;request-url!=/communities/recomm/oauth;request-url!=/connections/opensocial/oauth;request-url!=/connections/opensocial/anonymous/rest;request-url!=/connections/opensocial/common;request-url!=/connections/opensocial/gadgets;request-url!=/connections/opensocial/ic;request-url!=/connections/opensocial/rpc;request-url!=/connections/opensocial/social;request-url!=/connections/opensocial/xrds;request-url!=/connections/opensocial/xpc;request-url!=/connections/resources/web;request-url!=/connections/resources/ic;request-url!=/files/oauth;request-url!=/forums/oauth;request-url!=/homepage/oauth;request-url!=/metrics/service/oauth;request-url!=/moderation/oauth;request-url!=/news/oauth;request-url!=/news/follow/oauth;request-url!=/profiles/oauth;request-url!=/wikis/oauth;request-url!=/search/oauth;request-url!=/connections/core/oauth/;request-url!=/resources;request-url!=/oauth2/endpoint/

Se here for more info:
http://www-10.lotus.com/ldd/lcwiki.nsf/xpDocViewer.xsp?lookupName=IBM+Connections+4.0+documentation#action=openDocument&res_title=Configuring_SPNEGO_on_WebSphere_Application_Server_ic40&content=pdcontent
Posted by at No comments: Links to this post
Tags: , , , ,
Reactions: 

Thursday, February 7, 2013

IBM Connections 4 CR2 - updating using the Silent Updater

I love using the silentinstaller to upgrade Connections. But in Connections 4 CR2, the fixes for all of the apps has the same LO number; LO72170. (Pluss, the Common app has LO73212 on top of that)

How to use the Silent Updater is described here:
http://www-10.lotus.com/ldd/lcwiki.nsf/dx/Installing_interim_fixes_ic40

Following the description on how to use the silent updater means that the command:

updateSilent.bat -fix -installDir c:\ibm\connections -fixDir C:\IBM_SW\cr2 -install -fixes LO72170 LO73212 -wasUserId xxxxxx -wasPassword xxxxxx -featureCustomizationBackedUp yes -homepageDBSchemaUpdatesHaveBeenCompleted yes
Does not work....

You will first and foremost get an error complaining about that the LO73212 requires LO72170 to be installed first as a prereq.
 (Text version:
Install prerequisite errors:
[0]: A fix prerequisite relationship was not satisfied.
[1]: The fix LO73212 has the fix LO72170-IC4000-CR02-Common as a prerequisite, but that fix is not currently installed, and is not selected for installation.)

Then, of course, I tried omitting the LO73212 with this command:

updateSilent.bat -fix -installDir c:\ibm\connections -fixDir C:\IBM_SW\cr2 -install -fixes LO72170 -wasUserId xxxxxx -wasPassword xxxxxx -featureCustomizationBackedUp yes  -homepageDBSchemaUpdatesHaveBeenCompleted yes

But then I got this error:
Text version:
Fixes were specified which do not exist:
   LO72170

So.... how do I specify that I would like to install every Applications CR2 when only having a single LO number to work from?

I then found the solution:
When you run the first command, as described above, to install the LO72170 and the LO73212, you will get a listing of the efix ID´s in the Command Prompt window:

I then copied out the efix ID´s and inserted them into the updateSilent.bat command:
updateSilent.bat -fix -installDir c:\ibm\connections -fixDir C:\IBM_SW\cr2 -install -fixes LO72170-IC4000-CR02-Common LO72170-IC4000-CR02-Activities LO72170-IC4000-CR02-Blogs LO72170-IC4000-CR02-Bookmarks LO72170-IC4000-CR02-Communities LO72170-IC4000-CR02-Container LO72170-IC4000-CR02-Files LO72170-IC4000-CR02-Forums LO72170-IC4000-CR02-Homepage LO72170-IC4000-CR02-Metrics LO72170-IC4000-CR02-Mobile LO72170-IC4000-CR02-MobileAdmin LO72170-IC4000-CR02-Moderation LO72170-IC4000-CR02-News LO72170-IC4000-CR02-Profiles LO72170-IC4000-CR02-Search LO72170-IC4000-CR02-Wikis -wasUserId xxxxxx -wasPassword xxxxxx -featureCustomizationBackedUp yes -homepageDBSchemaUpdatesHaveBeenCompleted yes
And then the CR2 update worked!
As you can see, I omitted the LO73212 in the command. After this command was done, I then ran the LO73212 command:
updateSilent.bat -fix -installDir c:\ibm\connections -fixDir C:\IBM_SW\cr2 -install -fixes LO73212 -wasUserId xxxxxx -wasPassword xxxxxx -featureCustomizationBackedUp yes -homepageDBSchemaUpdatesHaveBeenCompleted yes

And there you have it. CR2 is installed!
Posted by at No comments: Links to this post
Tags: , , , , , , ,
Reactions: 

Tuesday, January 15, 2013

IBM Connections 4 - display profile tags as cloud as default

Since I published the "cloud as default" blog post for IBM Connections 3.0, my old IBM Colleague Emmar Hoel contacted me regarding how to do this in Connections 4.
We both had to pass after a lot of attempts. The procedure for doing this had changed since version 3.0.


So today, Emmar figured it out, and he sent me this in an email where he told me to post it on my blog.




So here it is:



From 2.5 the default in "My Profile" was to show tags as Cloud. In 3x and 4x its changes to Listview.
This is how to change it back to cloud in IC 4.
Thanks to Jim Antill and Joe in the Profileteam for helping me out :-)

In ver 3x this file we need to edit is in this path:
/opt/IBM/WebSphere/AppServer/profiles/AppSrv01/installedApps//Profiles.ear/lc.profiles.app.war/xslt/tags/tags.xsl
See this for more info in 3x : Change the IC 3x profiles

In ver 4x this is file is moved to the common resources, managed by osgi plugins and the Connections Common app.
Its now a .jar-file below the named like this:
Path: 
/opt/IBM/Connections/data/shared/provision/webresources/com.ibm.lconn.profiles.web.resources_3.0.0.20120817-1502.jar
where
is the WAS variable where customizations, common resource plugins, etc. reside

  1. Remember to stop the IC4 servers before starting this. Extract the com.ibm.lconn.profiles.web.resources_3.0.0.20120817-1502.jar into a temp-dir.
  2. Edit the file (with your texteditor) tags.xml in folder /resources/xslt/tags in the temp-dir 
  3. Search and added parameters for DIV's:
    Added this line: 
        <xsl:attribute name="style">display: none;</xsl:attribute> 

    for two DIV's:
    <div id="tagsYouAddedView"> and <div id="tagsList">


    Results: 
    <div id="tagsYouAddedView">
    <!-- Added Start -->
      <xsl:attribute name="style">display: none;</xsl:attribute>
    <!-- Added Stop  -->

    <div id="tagsList">
    <!-- Added Start -->
      <xsl:attribute name="style">display: none;</xsl:attribute>
    <!-- Added Stop  -->

  4. Searched for id="tagCloud" and comment the line : display: none; 

    Results: 
    <div id="tagCloud">
    <!-- <xsl:attribute name="style">display: none;</xsl:attribute> -->

  5. Save the file.
  6. Zip the files in the temp-dir into a jar-file : mynewjar.jar 
  7. Check that the structure in the new file is like this :
       
  8. Rename the orginal file com.ibm.lconn.profiles.web.resources_3.0.0.20120817-1502.jar in folder 
    /opt/IBM/Connections/data/shared/provision/webresources/ 
  9. Copy the new file mynewjar.jar into the same folder and rename it to com.ibm.lconn.profiles.web.resources_3.0.0.20120817-1502.jar 
  10. Remove all the files in the temp folder for the profiles of all nodes and appserver :
    /opt/IBM/WebSphere/AppServer/profiles/AppSrv01/temp
    and
    /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/temp 
  11. Start the was servers (IC 4) and clear the browser history and now the cloud shows as default in the profilepage

A big thank you goes out to Emmar :-)

And remember. After applying a Fix or Fixpack for your Connections environment, these changes will most likely dissappear. So you have to do it all over again :-(
Posted by at 4 comments: Links to this post
Tags: , , , ,
Reactions: 
Subscribe to: Posts (Atom)