Professional Documents
Culture Documents
Version 7.0
for Windows, AIX, Solaris, and i5/OS
G210-1998-00
Lotus QuickPlace
Version 7.0
for Windows, AIX, Solaris, and i5/OS
G210-1998-00
Note Before using this information and the product it supports, read the information in Notices on page 65.
First Edition (August 2005) This edition applies to version 7.0 of IBM Lotus QuickPlace (product number L-GHUS-5Z7NQE) and to all subsequent releases and modifications until otherwise indicated in new editions. Copyright International Business Machines Corporation 2005. All rights reserved. US Government Users Restricted Rights Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
Contents
Chapter 1 Getting Started . . . . . . . 1
Whats new in Lotus QuickPlace 7.0 New features for administrators . New features for users . . . . New features for developers . . Additional documentation . . . . Additional resources for i5/OS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1 3 4 4 5 Creating a /QP organizational unit certifier for local users . . . . . . . . . . . . . . Creating an Offline Security Policy document . . . LDAP distinguished name translation for offline use How to configure translation . . . . . . . Table of expressions . . . . . . . . . . Translating LDAP distinguished names for offline use . . . . . . . . . . . . . . . . Example of translating names that contain the dc attribute . . . . . . . . . . . . . . Encypting offline places . . . . . . . . . . Using Lotus QuickPlace sign in passwords for offline use . . . . . . . . . . . . . . . Configuring Lotus QuickPlace for offline in different environments . . . . . . . . . . . . . . To configure an IBM Network Dispatcher cluster environment . . . . . . . . . . . . . To configure a Sun Java System Portal Server environment . . . . . . . . . . . . . To configure a Netegrity SiteMinder environment To configure a passthru server environment . . To use an alternate Web server for Domino Off-Line Services downloads . . . . . . . Hiding the Work Offline link from users . . . . . Offline setup FAQs . . . . . . . . . . . . 26 27 28 28 29 30 30 31 31 32 32 32 33 33 33 34 34
21 21 21 22 23 23 23
23 23 24 24 24 25
iii
Expanded membership feature . . . . . . . Performance enhancements . . . . . . . . New security features . . . . . . . . . . New My Places settings . . . . . . . . . New setting for disabling browser page caching New features for users in release 6.5.1 . . . . Support for importing and publishing Office 2003 documents. . . . . . . . . . . . . . Updated pages show last editor . . . . . . Lotus QuickPlace 7.0 upgrade process . . . . . Upgrading Lotus QuickPlace in a non-clustered environment . . . . . . . . . . . . . Upgrading Lotus QuickPlace servers in a cluster Backing up places and PlaceTypes . . . . . . Upgrading the server to Lotus QuickPlace 7.0 . . Upgrading the design of databases on the server Upgrading places and PlaceTypes . . . . . .
47 47 48 48 48 48 48 48 48 49 49 50 50 54 54
Unregistering and re-registering places with the PlaceCatalog . . . . . . . . . . . . Clearing the browser cache on offline clients . Upgrading the on-disk structure of places . . Updating Lotus Sametime integration features .
. . . .
56 57 57 57
Notices . . . . . . . . . . . . . . 65
Trademarks . . . . . . . . . . . . . . 66
Index . . . . . . . . . . . . . . . 67
iv
v The new server notes.ini file setting $h_Debug=1 enables the browser to display detailed messages about JavaScript errors that occur on the client, rather than the general Lotus QuickPlace message, Unable to process your request at this time. v The new server notes.ini file setting $h_ClientDebugConsole=<level> displays a console log on all clients that access the server. Use this setting on a temporary basis to help IBM Support troubleshoot a client-side problem. v The new server notes.ini file setting QuickPlaceHTTPInterfaceLogging=<level> logs the interaction between Lotus QuickPlace and the Domino HTTP server during the processing of a URL. This setting is useful primarily as a first step toward isolating user authentication problems or problems related to the interaction between Lotus QuickPlace and Domino. v The new server notes.ini file setting h_ExceptionDetail=1 adds the source code name and line number from which errors and warnings are generated to the error and warning messages that the server sends to the browser. Use this setting on a temporary basis to help IBM Support troubleshoot a problem. v Additional messages have been added for a number of existing logging settings. v Additional logging settings have been documented. For more information, see the IBM Lotus QuickPlace Administrators Guide.
can make any font that is already installed in the servers operating system fonts directory available for use in graphic text. You can make a font unavailable by using the removegraphicfont command. For more information, see the Lotus QuickPlace Administrators Guide.
i5/OS documentation
The Lotus QuickPlace Administrators Guide, the Lotus QuickPlace Installation and Upgrade Guide, the Lotus QuickPlace Developers Guide, and the Lotus QuickPlace Release Notes now incorporate information for iSeries (i5/OS) administrators. The installing and managing guide and the Readme files specifically for iSeries no longer exist for Lotus QuickPlace 7.0
Nested folders
In previous versions of Lotus QuickPlace, folders could contain only documents. Now folders can contain other folders (subfolders). If you use any of the new
Chapter 1 Getting Started
themes, you can access these subfolders through the table of contents. If you use any of the themes previously available in Lotus QuickPlace, you can access these subfolders through the folder list.
Offline passwords
Users can now use their Lotus QuickPlace sign in passwords for offline places. Users are no longer required to set or remember a password for each offline place to which they belong.
Offline encryption
Offline Lotus QuickPlaces can be encrypted whenever an offline place is created or synchronized. An administrator can set the encryption server-wide, while a place manager can set the encryption for a specific place.
Improved My Places
In earlier versions of Lotus QuickPlace, when a user displayed the places of which he or she was a member, the performance was poor if a user belonged to a large number of places. In Lotus QuickPlace 7.0, the performance has improved. In addition, a Last Update column has been added, and the places may be sorted by any of the columns (size, title, last updated date, last modified date, name, or title).
Additional documentation
Refer to the following documentation in addition to this guide. This documentation is available on the Web at http://www.lotus.com/ldd/doc. Under Documentation Links, click by product, and then click the appropriate product. IBM Lotus QuickPlace Administrators Guide -- Describes how to administer Lotus QuickPlace, including how to configure a user directory, the Place Catalog, PlaceTypes, clustering, security, and other features, and how to use QPTool commands for administration.
IBM Lotus QuickPlace Developers Guide -- Describes the Lotus QuickPlace design architecture, and describes how to create and customize place objects, how to access the Java API using XML, how to automate tasks with PlaceBots, and how to customize the look and layout of a place. IBM Lotus QuickPlace Release Notes -- Describes system requirements, support for backward compatibility with earlier versions, new features, workarounds for known problems, and documentation updates for Lotus QuickPlace. IBM Lotus Domino Administrator Help -- Describes how to install, configure, and administer Lotus Domino. IBM Lotus Notes, Domino, and Domino Designer Release Notes -- Describes software requirements, new features and enhancements, troubleshooting tips, and documentation updates for Lotus Notes, Domino Designer, and Lotus Domino. IBM Lotus Sametime Installation Guide -- Describes how to install Lotus Sametime on each supported platform. You must install Lotus Sametime if you want to integrate Lotus Sametime features with Lotus QuickPlace.
3. 4. 5.
6. 7. 8. 9. 10.
11. After installation is complete, click Next in the QuickPlace Server Configuration window that opens automatically. 12. In the Specify name and password window, type the user name and password for the first Lotus QuickPlace server administrator, and then click Next. This administrator is a local user who signs in to Lotus QuickPlace to configure Lotus QuickPlace server settings, and gives other users access to create places or administer the server. Type a name that is not used in a user directory that you will use with Lotus QuickPlace. For more information on connecting to a user directory, see the Lotus QuickPlace Administrators Guide. 13. In the Congratulations dialog box, click Finish. 14. If multi-server session-based authentication (single sign-on) is enabled on the Domino server, peform the following steps to confirm that it is set up correctly to work with Lotus QuickPlace. If single sign-on is not enabled, ignore this step. a. Start the Domino server. b. Follow the steps for setting up single sign-on authentication described in the chapter Setting Up Security in the Lotus QuickPlace Administrators Guide. Note that after you enable Session authentication in the Server document in the Domino Directory, you must also create a mapping form in the domcfg.nsf database as described in the guide. If the mapping form does not exist when you start Lotus QuickPlace, you will not be able to sign in as the Lotus QuickPlace server administrator specified during installation. c. Stop the Domino server. Do not skip this step. 15. Continue to the topic Starting Lotus QuickPlace on Windows.
2. Install Domino 7.0 on the AIX or Solaris system and then run the Domino Server Setup program. For instructions, see Domino Administrator Help available on the Web at http://www.lotus.com/ldd/doc. v During Domino installation choose to install the Enterprise server. v You can choose to install partitioned Domino servers, and then install Lotus QuickPlace on the partitioned servers. If you do, you must configure the server for TCP/IP using IP Aliasing, not Port Mapping. For more information on configuring the server for TCP/IP, see Domino Administrator Help. v During Domino Server Setup, choose to install HTTP services, which Lotus QuickPlace requires. 3. Stop the Domino server. 4. Open a terminal window and log in to the server as a root user. 5. Navigate to the directory that contains the Lotus QuickPlace installation kit. 6. Enter this command to start the Lotus QuickPlace installation:
./install
7. When prompted, type the number that corresponds to the language in which you prefer to read the Lotus Software Agreement. Press Enter to continue, and then press Enter again to display the license agreement. 8. When you have read the agreement, press 1 to accept the agreement and continue with the installation. Note: Many of the following steps require that you accept a default or type a new value. To change a default, press Enter and type a new value. After you enter a new setting, press Enter to accept the change and continue with the installation. Specify the Domino program directory as the directory where the Lotus QuickPlace program files will be installed. The default Domino program directory is opt/ibm/lotus. You must install the Lotus QuickPlace program files to the directory that holds the Domino program files. Press TAB to continue. Specify the Domino data directory as the directory where the Lotus QuickPlace data files will be installed. The default Domino data directory is /local/notesdata. You must install the Lotus QuickPlace data files into the directory that holds the Domino data files. Press TAB to continue. Specify the UNIX user who will own the Lotus QuickPlace server files. This must be the same user who owns the Domino server files. Specify the UNIX group that will own the Lotus QuickPlace server files. This must be the same group that owns the Domino server files. The UNIX user specified in the previous step must be a member of this group. Type the name and password of the first Lotus QuickPlace administrator. This administrator is a local user that signs in to Lotus QuickPlace to configure Lotus QuickPlace server settings, and to give other users the access to create places or administer the server. Type a name that is not used in a user directory that you will use with Lotus QuickPlace. When the installation program displays Configuration of the Install program is complete, press TAB to review your installation settings. For example: Installation type: New Install Program directory: /opt/ibm/lotus Data directory: /local/notesdata UNIX user: UNIX user
Chapter 2 Installing Lotus QuickPlace
9.
10.
11. 12.
13.
14.
UNIX group: UNIX group 15. Press TAB to install Lotus QuickPlace. 16. If multi-server session-based authentication (single sign-on) is enabled on the Domino server, peform the following steps to confirm that it is set up correctly to work with Lotus QuickPlace. a. Start the Domino server. b. Follow the steps for setting up single sign-on authentication described in the chapter Setting Up Security in the Lotus QuickPlace Administrators Guide. Note that after you enable Session authentication in the Server document in the Domino Directory, you must also create a mapping form in the domcfg.nsf database as described in the guide. If the mapping form does not exist when you start Lotus QuickPlace, you will not be able to sign in as the Lotus QuickPlace server administrator specified during installation. c. Stop the Domino server. Do not skip this step. 17. Continue to the topic Starting Lotus QuickPlace on AIX or Solaris.
For example, if you used the default Domino program directory, enter:
/opt/ibm/lotus/bin/server
10
v Install Lotus QuickPlace v Add Lotus QuickPlace to a Domino server v Start the Domino server and access Lotus QuickPlace
11
v v v v v
Add TCP/IP interface and host name Verify TCP/IP configuration of other Domino servers Verify TCP/IP configuration of Sametime servers Verify TCP/IP configuration of IBM Directory Server (LDAP) Verify TCP/IP configuration of IBM HTTP Server (powered by Apache)
2. 3. 4. 5. 6.
12
http://www-10.lotus.com/ldd/doc
13
v In the right pane, right-click HTTP Administration and select Stop Instance-->All. 2. Start the HTTP Administration server. v Click Network. v Click Servers. v Click TCP/IP. v In the right pane, right-click HTTP Administration and select Start. 3. Open the IBM HTTP server configurations page. v Start your Web browser. v Enter the following URL: http://mysystem:2001 where mysystem is the name of your system. v Click IBM Web Administration for iSeries. v Select the Manage tab. v Select the HTTP Servers tab. 4. Select a configuration from the menu at the top of the screen, and complete the following items for each configured instance of the IBM HTTP server. v From the list on the left pane, select General Server Configuration. v In the right pane, find the IP address and port table in the section called Server IP address and ports to listen on. v If one of the rows in the table has an asterisk (*) in the IP Address column, then the server is listening on all IP addresses. Select that row. Replace the asterisk (*) with the IP address for this server and click Continue. v When finished updating the server IP address table, click Apply to save your changes. 5. When each instance of the IBM HTTP server is configured to use a specific IP address, restart the HTTP servers. v Open iSeries Navigator. v Open the system where you plan to install Lotus QuickPlace. v Click Network. v Click Servers. v Click TCP/IP. v In the right pane, right-click HTTP Administration and select either Start Instance-->All, or select the particular server instances you would like to start. For more information on managing IBM HTTP server, see the IBM eServer iSeries Information Center at http://www.ibm.com/eserver/iseries/infocenter
14
Your Domino server must be bound to the IP address prepared for use with Lotus QuickPlace. For more information, see Preparing your TCP/IP connection. To bind the Domino server to the IP address set aside for Lotus QuickPlace, follow these steps: v Open the Server document of the Domino server. v Select Internet Protocols. v Select the HTTP tab. v In the Host name(s) field, enter the TCP/IP address set aside for Lotus QuickPlace. v In the Bind to host name field, select Enabled. v Restart the Domino server to make any changes take effect.
The Work with Licensed Programs display appears. 3. From the Work with Licensed Programs (LICPGM) menu, select option 5 (Prepare for install) and press Enter. The Prepare for Install display appears. 4. Type 1 in the option field next to Work with software agreements. Press Enter. When the Work with Software Agreements display appears, you see all IBM licensed programs that require software agreement acceptance and whether the agreement has been accepted. Only licensed programs that are not yet installed appear on this display. The software agreements for Lotus QuickPlace will not appear in the list until you restore them from the CD in a later step. 5. Press F22 (shift-F10) to restore the Software Agreements from the Lotus QuickPlace CD. For the Device parameter, specify the name of your optical drive. For example, OPT01. Press Enter to restore the QuickPlace software agreements to the system. 6. Once the Software agreements are restored from the QuickPlace CD, the following message is displayed:
Waiting for reply to message on message queue QSYSOPR.
You can sign on to another session to respond to the message or ask the system operator to respond. To view and respond to the message from another session: a. Enter the following command on an i5/OS command line:
wrkmsgq qsysopr
b. Select option 5 to display the messages in the QSYSOPR message queue. c. Locate the following message in the queue: Load the next volume in optical device OPT01. (X G) The Lotus QuickPlace software agreements have already been restored. If you want to restore more software agreements from another CD, insert the
15
next CD and respond with G. When the sofware agreements have been restored from the next CD, the message is issued again. When you are done, respond to the message with X. 7. The Work with software agreements display should now include an entry for Lotus QuickPlace: Licensed Program 5724J24. 8. For each entry for Licensed Program 5724J24, type 5 in the option field and press Enter to display the Software Agreement. Then press F14 (Accept) to accept the terms of the software agreement.
6. On the LODRUN display, type the following value in the Device field and press Enter:
*opt
7. In the Directory field, type the following value and press Enter:
/os400
8. When the Lotus QuickPlace option screen is displayed, type a 1 beside the Lotus QuickPlace product option and press Enter to begin the installation. The system loads the Lotus QuickPlace programs to the appropriate system libraries and /QIBM directories. Note: If the Domino server ID files are password protected, you will be prompted to enter the password. After the password has been entered, press Enter to continue with the installation of Lotus QuickPlace. If your server ID file has multiple passwords, the passwords must be entered one at a time. 9. If you prefer to use a non-English version of Lotus QuickPlace, you should install the Lotus QuickPlace Language Pack at this time. The Language Pack can either be installed from CD-ROM or downloaded from the Web. Language Pack installation instructions are included with the Language Pack.
16
1. From any i5/OS command line, type the following command and press Enter:
WRKDOMSVR
2. On the Work with Domino Servers display, type a 1 next to the Lotus QuickPlace server and press Enter. Tip: You can also start a Lotus QuickPlace server by entering the following command: STRDOMSVR SERVER(servername) where servername is the name of the Lotus QuickPlace server. 3. Periodically press F5 to refresh the screen and wait for the server status to be *STARTED. 4. To verify Lotus QuickPlace and HTTP are working properly, use option 8 to display the console for the Lotus QuickPlace server. You should see messages that indicate Lotus QuickPlace has started and HTTP has started. Press F5 periodically to refresh the console screen. Note: If the server status does not change from Starting to Started and your Domino server ID file is password protected, you may need to enter the server ID password from the Domino console. For more information on accessing the Domino console, see the Lotus book Installing and Managing Domino for i5/OS. 5. Once the Lotus QuickPlace server is started, open a Web browser and type the servers host name appended by /QuickPlace. For example:
http://twpserver.acme.com/QuickPlace
6. To sign in as the administrator: v Click Sign In. v Type the Lotus QuickPlace Administrator name and password that you specified when you ran the ADDLQPDOM command. v Click Server Settings in the table of contents. For information on the administration place and assigning administrators to a Lotus QuickPlace server, see the Lotus QuickPlace Administrators Guide.
17
Note: The actual path of your servers data directory may be different. Substitute values appropriate for your environment to find your servers data directory. 8. Right-click quickplaceinstall.log and select Edit. The text file will launch in a new window, and provide information on configuration and upgrade status.
3. Fill in the following fields and press Enter to add Lotus QuickPlace to the Domino server.
Field Domino server name Lotus QuickPlace Administrator Explanation The name of the Domino server where you will add Lotus QuickPlace. Specifies the name of the person who is the administrator for this Lotus QuickPlace server. The administrators name should be a local user and should not be present in the external directory. The password you want to use for the Lotus QuickPlace administrators ID. Keep a record of this password as you will need it to sign on to the Lotus QuickPlace home page as the administrator. The Server ID password is only required if the Domino server is password-protected. You would have specified this password when the Domino server was created. If the ID file requires multiple passwords, then the passwords must be enclosed inside single quotation marks and separated by commas. For example: Password.......password1,password2 Start Domino Server If you press F10, an additional parameter is displayed. This parameter gives you the option of starting the Lotus QuickPlace server immediately after adding Lotus QuickPlace to the Domino server. To start the Domino server after adding Lotus QuickPlace, specify *YES.
Administrator password
Server ID Password
18
you bind each server to its assigned IP address. In addition, be sure that your server is properly sized to handle the workload. For more information, see the following: v The topic Preparing your TCP/IP connection v The document Installing and Managing Sametime 7 for i5/OS v Technote #1091353, Sametime for iSeries: Can Sametime and QuickPlace Be Installed on the Same System? You can find this technote by searching for 1091353 at the following Web site http://www.ibm.com/software/support
where dominoservername is the actual name of the Domino server. 3. Verify that you want to remove Lotus QuickPlace from the Domino server by typing a G and pressing Enter. Note: If you do not wish to remove Lotus QuickPlace from the Domino server, press any other key. 4. Restart the Domino server. 5. To verify that Lotus QuickPlace was removed from the Domino server, use a Web browser to try to access the Lotus QuickPlace home page for the Domino server at the following URL: http://dominoservername:port/QuickPlace where dominoservername is the name of your Lotus QuickPlace server and port is the associated port number. For example:
http://twpserver1:81/QuickPlace
You should get an error indicating that the file was not found.
19
20
For answers to frequently asked questions about offline setup, see the topic Offline setup FAQs later in this chapter. For information on troubleshooting offline problems, see the Lotus QuickPlace Administrators Guide.
21
6. Navigate to the Domino program directory, and open the Domino servers notes.ini file. 7. Add the two lines indicated in the following table to the notes.ini file.
Platform Windows Notes.ini settings EXTMGR_ADDINS=nqpextmgr.dll CheckCacheBeforeDSAPI=1 AIX EXTMGR_ADDINS=libqpextmgr_r.a CheckCacheBeforeDSAPI=1 Solaris EXTMGR_ADDINS=libqpextmgr.so CheckCacheBeforeDSAPI=1
8. Make sure there is a blank line at the end of the notes.ini file. Press Enter to create a blank line, if necessary. 9. Save the file. 10. Start the Domino server.
v Click Enable. v Click OK. Tip: You can also use an i5/OS command interface and enter the following command: CHGDOMSVR SERVER(servername) DOLS(*YES) where servername is the name of your Domino server. 4. Edit the notes.ini file for your Domino server: v Right-click your Domino server and select Properties. v On the Initialization File tab, click Edit and add the following settings: EXTMGR_ADDINS= qpexmgr CheckCacheBeforeDSAPI=1 Note: If these lines begin with a semicolon (;), then these lines are designated as comments, and the semicolon should be removed. v Save and close the notes.ini file.
22
New organization certifier required for external users in a different organization from the server
If external offline users are in a different organization hierarchy from the Domino server on which Lotus QuickPlace runs, you must create an organization certifier ID for their organization, cross-certify that certifier ID with the Domino servers organization certifier ID, and then attach the cross-certified ID to an Offline Security Policy document. For example, if the Domino server is within the /Org organization, but there are external users within the /Acme organization, create an /Acme organization certifier ID, cross-certify it with the /Org certifier ID, and then create an Offline Security Policy document and attach the cross-certified /Acme certifier ID to it.
Separate organizational unit certifier recommended for external users within the same organization as the server
If offline users are within the organization hierarchy of the Domino server on which Lotus QuickPlace runs, put them under their own organizational unit certifier as a security measure to limit their access to the Domino server.
Distinguished names that dont follow the Domino naming convention require translation
Domino recognizes only the following attributes in a distinguished name: CN,OU, O, and (optionally) C. If external user names use attributes that are different from these attributes, you must use the name_translation setting in the offline section of the qpconfig.xml file on the server to translate them to the Domino format. For more information, see the topic LDAP distinguished name translation for offline use. When you create an Offline Security Policy document, you specify the certifier name in Domino format.
Chapter 3 Setting Up Lotus QuickPlace for Offline Use
23
Separate Security Policy documents required for local and external users
You must create separate Security Policy documents and IDs for local users (users registered in places) and external users (users registered in a directory). You can attach only one certifier ID to each Security Policy document.
24
a. If you are using a remote Domino Administrator client, copy the Domino servers certifier ID to the local machine. By default, the servers certifier ID file is called cert.id and is located in the Domino data directory on the server. b. Verify that the Domino server is selected in the Domino Administrator. c. From the Domino Administrator, click the Configuration tab. d. Click Certification, and then click Cross Certify. e. Click Certifier ID and select the Domino server certifier ID, for example, cert.id, and then click OK. f. Type the password for the Domino servers certifier ID. The administrator who set up the Domino server created this password. g. In the Choose ID to be Cross-Certified dialog box, select the organizational certifier ID you created, for example, acme.id, h. In the Issue Cross Certificate dialog box, click Cross Certify to create a cross-certificate in the Domino Directory of the Domino server.
25
12. In the certifier password field, type a password for the new certifier. 13. Click Set ID File and specify the file name and local path name for the new organizational unit certifier ID file. Note: For security reasons, back up doladmin.nsf and delete the ID file from your system directory after this ID is attached to an Offline Security Policy document. 14. (Optional) Complete the additional fields in the Register Organizational Unit Certifier dialog box. Click ? for information on these fields. 15. Click Register to create the organizational unit certifier ID file locally and to register the new certifier in the Domino Directory of the Domino server.
26
7. (Optional) Select Overwrite existing user IDs to cause users offline IDs to be overwritten with a new ID each time they install a place offline. Note: Do not select this option if offline encryption is used. Users whose IDs are overwritten will not be able to open an offline place encrypted with a key from the previous ID. 8. Save the document.
27
You create rules for translating LDAP names to Domino names within the <from_directory_name> elment. You specify each LDAP name attribute in the from attribute, using symbols to account for any possible value the attribute might have. For example, the (.+) symbol means one or more occurrences of any character. In the preceding sample, this accounts for any value the uid and c attributes might have. You also use symbols to translate syntax that otherwise might be interpreted as a special character. For example, the \ symbol turns off the
28
special meaning of the character which follows. Without this symbol in o=ibm\.com, the dot (.) would be interpreted by its special character meaning, which is match any single character. The to attribute specifies Domino attributes using symbols to match values from the LDAP attributes and to arrange them in a way Domino recognizes. For example, the symbol \1 means whatever matched the first regular expression. So, the CN attributes value will match the first regular expression (.+) found in the from attribute. In the same way, the symbol \2 means whatever matched the second regular expression. So, the OU value will be the explicitly stated bluepages_ plus the second regular expression (.+), which in this case is the value of the country, or c, attribute. The O attribute is explicitly stated. You can have up to nine regular expressions in one rule. You create rules for translating Domino names back to LDAP names within the <to_directory_name> element using the same method. The preceding translation rules result in the following example translations:
LDAP directory name uid=Joe User/c=us/ou=bluepages/o=ibm.com uid=Nils Nilsen/c=dk/ou=bluepages/o=ibm.com Domino name CN=Joe User/OU=bluepages_us/O=ibm_com CN= Nils Nilsen/OU=bluepages_dk/O=ibm_com
Notice that the regular expressions accommodate the country, or c, code. There is no need to have a separate translation rule for each country code because they can be captured by a (.+) expression, and then inserted anywhere in the translated name with a \[number] expression. Note: The LDAP names specified in from_directory_name and to_directory_name must exactly match the case that is used for the names in the LDAP directory. The attributes of the Domino-style names specified in from_directory_name and to_directory_name (CN, OU, O, or O) must be uppercase.
Table of expressions
There are many symbols that can be used in regular expressions, but only a few are useful for the purpose of translating a non-conforming LDAP name to a Domino name. The following table lists of these symbols, with examples that show how they match a particular LDAP name. All of the examples shown here will match the LDAP distinguished name uid=Joe User/c=us/ou=People1/o=org.com. The symbols described are in bold text in the examples:
Symbol (.+) Description Represents one or more occurrences of any character. Example uid=(.+)/c=(.+)/ou=bluepages/o=ibm\.com
29
Description
Example
\1 represents a match with the CN=\1/OU=bluepages_\2/O=ibm_com first regular expression; \2 represents a match with the second regular expression, and so on. Up to 9 regular expressions may be used in one rule. Turns off the meaning of any special character c. Matches any single character. Matches any of the enclosed characters. Matches any character that is not enclosed. Matches any character in this range. Matches any number (zero or more) of the preceding character or bracketed expression. Matches one or more of the preceding character or bracketed expression. uid=Joe User/c=us/ou=People1/o=org\.com uid=Joe User/c=us/ou=People./o=org uid=Joe User/c=us/ou=People[123456789]/o=org uid=Joe User/c=us/ou=People[^2-9]/o=org uid=Joe User/c=us/ou=People[09]/o=org[._]com uid=Joe U.*/c=us/ou=People1/o=org\.com
uid=Joe [A-Zaz]+/c=us/ou=People1/o=org\.com
(regexp)
Delineates a regular expression uid=Joe User/c=(.+)/ou=People1/o=org\.com so that it can be used in the replacement string (the to string in <translate>).
30
<from_directory_name> <translate from="cn=(.+)/ou=People1/dc=acme/dc=com" to="CN=\1/OU=People1/O=acme_com" /> </from_directory_name> <to_directory_name> <translate from="CN=(.+)/OU=People1/O=acme_com" to="cn=\1/ou=People1/dc=acme/dc=com" /> </to_directory_name> </name_translation> </offline> </server_settings>
4. Verify that the offline section of the qpconfig.xml file looks similar to the following example:
<offline enabled="true"> <encryption enabled="true"> <level>2</level> </encryption> </offline>
5. Save the qpconfig.xml file. 6. Enter the following server console command:
restart task http
31
the option to specify place-specific offline passwords through their Member Profiles. If you do not enable this setting server-wide through the qpconfig.xml file, managers of places can enable the feature for places they manage through the Customize - Basics page. Note: If any of a users places is encrypted offline, the users password for all offline places must be the same. This applies to external as well as local users. To enable Lotus QuickPlace sign in passwords for offline use for all places on the server: 1. Open the qpconfig.xml file in the Domino data directory. See the Lotus QuickPlace Administrators Guide for instructions on creating this file if it does not already exist. 2. In the offline section, type true for the use_login_passwords attribute, for example:
<offline enabled="true" use_login_passwords="true"></offline>
3. Save the qpconfig.xml file. 4. Enter the following server console command:
restart task http
32
The required order of the three DSAPI filters (Domino Off-Line Services, Netegrity SiteMinder, and QuickPlace) in the DSAPI filter file names field is: 1. Domino Off-Line Services DSAPI filter 2. Netegrity Siteminder DSAPI filter 3. QuickPlace DSAPI filter Note: Lotus QuickPlace on i5/OS does not support Netegrity SiteMinder.
33
To create an alternate Domino Off-Line Services download Web site, do the following: 1. Copy the contents of the <server_data_directory>\domino\html\download\filesets directory, located in the Domino data directory, from the Lotus QuickPlace server to any directory the Web server used for downloads. 2. Sign in to the Lotus QuickPlace server as an administrator. 3. Click Server Settings in the table of contents. 4. Click Other Options in the table of contents. 5. Click Edit Options. 6. In the Alternate Offline download URL section, type an alternate URL that points to the directory with the copied offline files. 7. Click Next.
3. Save the qpconfig.xml file. 4. Enter the following server console command:
restart task http
34
Question: In our organizational hierarchy, our organization (O) is ACME, our organizational unit (OU) is ACMEWEB, and our domain is ACMEWEB. Our Lotus QuickPlace server is W1SERVER/ACMEWEB/ACME. Should the certifier for our local users be QP/ACMEWEB/ACME? Answer: Yes, this would be the correct hierarchical name for the certifier ID, which would allow your local users to take places offline. However, for easier management, we recommend that all of your Lotus QuickPlace users be made external users (meaning their information is stored in a user directory). Question: We have a large organization. To set up our external users to take places offline, is it necessary to create a different Offline Security Policy document and certifier ID for each of our organizational units? Answer: The number of different Offline Security Policy documents and certifier IDs you must create depends on your organizations hierarchy. When a user takes a place offline, an ID is automatically generated by the Notes registration API. This ID is based on the certifier ID attached to the Offline Security Policy document. The Notes registration API can only create ID files for users as far as one organizational unit down from the root organizational unit for the certifier ID. For example, the following local users can take places offline with the certifier ID QP/<Organization>: Fred/QP/<Organization> John/MyWorld/QP/<Organization> However, the user Mike/Westford/MyWorld/QP/<Organization> cannot take places offline with this certifier ID. For Mike to take places offline, you must create a new Offline Security Policy document, then create and attach one of the following certifier IDs: Westford/MyWorld/QP/<Organization> or MyWorld/QP/<Organization> If all your external users are in the same hierarchy except for the last organizational unit before their user name, you only need one certifier ID for all of those users. Otherwise, you must create multiple certifier IDs. For example, both the following external users can take places offline with the certifier ID /ACME: Joe/PHIL/ACME Will/BOS/ACME However, the following users require two separate certifier IDs: Mary/PHIL/PA/ACME Caroline/BOS/MA/ACME Mary can use either PA/ACME or PHIL/PA/ACME. Caroline can use either MA/ACME or BOS/MA/ACME.
35
Question: The documentation says to create an organizational unit (OU)/Organization certifier. Do we need to create duplicate certifier IDs, or can we make copies of the certifier ID files that were used to create the users? Answer: For security reasons, we do not recommend using existing Domino certifiers. We recommend that you create new certifiers, even if they are based on existing certifiers, because new certifiers based on existing certifiers are duplicates in name only. If you create new certifiers, you do not have to worry about the original certifiers falling into the wrong hands. You must create ID files for users as far as one organizational unit down from the root organizational unit for the certifier ID. See the previous question for more information. Question: Do the offline certifier ID files need to be stored on the Lotus QuickPlace server permanently? Answer: Yes, but only in the doladmin.nsf database. You do not need to store these ID files on the servers file system, only in the doladmin.nsf. Please note that you should always back up this database. Question: How exactly are these certifier ID files used by Lotus QuickPlace? Answer: They are used to generate an offline ID file that maintains secure access between the online and offline versions of a place. When users install a place offline, an ID based on the certifier ID is generated for them and installed on their computer. This offline ID authenticates users when they synchronize the place. The offline ID file password is set by users in the offline password field in their Member page in the online version of the place. Question: Does Domino Off-Line Services support Windows XP? Answer: Yes, a user with administrator access on a Windows XP Professional client workstation can install a place offline to that computer. After the installation is complete, any user can then work with the place normally. This functionality is the same as Lotus QuickPlace offline with Windows 2000 workstations. Please note that Microsoft Windows XP Home Edition is not supported.
36
37
Note: These steps assume that you first installed Lotus Sametime or Lotus QuickPlace and are now integrating with the other product. If instead you are installing both of the products at the same time, you should set up multi-server session-based authentication (single sign-on) between the Domino servers before installing Lotus Sametime and Lotus QuickPlace on them. Using this approach, you can first isolate and solve any authentication problems that might arise between the Domino servers. 1. Make sure that you have installed or upgraded to Lotus QuickPlace 7.0. When prompted for the Lotus QuickPlace administrator name and password during a new installation, type a name that is not in the user directory. For information on installing or upgrading, see the chapters Installing Lotus QuickPlace or Upgrading to Lotus QuickPlace 7.0. 2. Connect Lotus QuickPlace to the same LDAP user directory that you will also use for Lotus Sametime. Both servers must use the same user directory. For more information on configuring a user directory, see the Lotus QuickPlace Administrators Guide. 3. Make sure that you have installed Lotus Sametime 7. For more information, see the Lotus Sametime installation guide that is appropriate for your platform, available on the Web at http://www.lotus.com/ldd/doc. The installation guides are also provided with the Lotus Sametime product. v On the Windows, Solaris, or i5/OS platforms, install Lotus Sametime 7.0 on a different Domino server than the server used for Lotus QuickPlace. v On AIX install on the same partitioned server used for Lotus QuickPlace or on a different server. v If you install Lotus Sametime on a different server, the server must be in the same Domino and DNS domain as the Lotus QuickPlace server. v When you are prompted for a user directory during Lotus Sametime installation, type the fully qualified host name of the directory server that you also use for Lotus QuickPlace. v Configure the Lotus Sametime server to use HTTP port 80 or to tunnel over port 80; this step is required for the awareness feature. 4. Verify that awareness and instant messaging are working for Lotus Sametime. If you plan to integrate Web conferencing (Sametime meetings) with Lotus QuickPlace, also verify that Web conferencing is working. 5. Update the Web SSO Configuration for Ltpa token document that was created when you installed Lotus Sametime: a. Ensure that the Domino Directory on the server has replicated throughout the Domino domain since you installed Lotus Sametime. b. Using Lotus Notes, open the Domino Directory on the Lotus Sametime server. c. Click the Configuration - Web - Web Configurations view. d. From within this view, expand the list of Web SSO Configurations. e. Open the Web SSO Configuration for Ltpa Token document in edit mode. If you cannot edit the document, record the settings in the document, delete the document, and then create a new one with the same settings. f. Make sure that the Domino Server Names field contains the name of each of the Lotus QuickPlace and Lotus Sametime servers that should participate in single sign-on. g. Make sure that the DNS Domain field contains the fully-qualified domain name of the Lotus QuickPlace and Lotus Sametime servers.
38
h. Click Keys - Create Domino SSO Keys if you want to create a new key for SSO. i. Click Save & Close. j. Replicate the edits to the Lotus QuickPlace server. 6. Enable single sign-on authentication on the Lotus QuickPlace server: a. From Lotus Notes, open the Domino Directory for the domain. b. Open the Server document for the Lotus QuickPlace server in edit mode. c. Click Ports - Internet Ports - Web and then in the Name & password field for the Web port select Yes. d. Click Internet Protocols - Domino Web Engine, in the Session authentication field select Multiple Servers (SSO), and then click OK. e. In the Web SSO Configuration field, select LtpaToken. f. Click Save & Close. g. Add the following setting to the notes.ini file on the Lotus QuickPlace server: NoWebFileSystemACLs=1 h. Create a database from the Domino Web Server Configuration template (domcfg5.ntf), giving the database the file name domcfg.nsf. i. Open the database you created and click Add Mapping to open a mapping document. j. In the Target Database field of the mapping document, type quickplace/resources.nsf. k. In the Target Form field, type QuickPlaceLoginForm, and then click Save & Close to save the document. 7. Restart the Domino servers. 8. Verify that single sign-on is working between Lotus QuickPlace and Lotus Sametime: a. From a browser, connect to the Lotus QuickPlace server. Because multi-server sign-on is enabled, you must enter the fully qualified host name to connect, for example, http://qpserver.acme.com/quickplace b. Sign on to Lotus QuickPlace using the name of an external user registered in the user directory. c. Create a test place and verify that you can add several members from the user directory. d. Using the same browser session, connect to the Lotus Sametime server. For example, enter http://stserver.acme.com/stcenter.nsf. e. Go to the Attend Meeting page and verify that you are still logged on to the server. If you can authenticate once and remain logged on to both Lotus QuickPlace and Lotus Sametime, multi-server sign-on is working. If you must authenticate more than once, multi-server sign-on is not working and you must resolve the problem before continuing. 9. Follow the instructions in the remainder of this chapter to enable Sametime awareness and instant messaging and Web conferencing (Sametime meetings) for Lotus QuickPlace.
39
Step 1: Copy the required Java files from the Lotus Sametime Java Toolkit:
1. Download the IBM Lotus Sametime 7.0 Java Toolkit to a convenient directory. This directory does not have to be on the Lotus Sametime server. Find the tookit on the Downloads section of the Lotus Sametime Developers Web site at http://www.ibm.com/developerworks/lotus/products/instantmessaging. 2. Unzip the download file to a convenient directory to access the contents of the bin subdirectory. 3. In the Lotus Sametime server data directory, create the subdirectory path Domino\html\QuickPlace\peopleonline. For example, on Windows, if the path to the data directory is C:\Lotus\Domino\Data, the path to the peopleonline subdirectory should be C:\Lotus\Domino\Data\Domino\html\QuickPlace\peopleonline. 4. (i5/OS only) Change the owner of the new subdirectories to QNOTES. For example, enter the following commands:
CHGOWN OBJ(<ST_server_data_dir>/Domino/html/QuickPlace) NEWOWN(QNOTES) CHGOWN OBJ(<ST_server_data_dir>/Domino/html/QuickPlace/peopleonline) NEWOWN(QNOTES)
5. Copy the files listed below to the QuickPlace\peopleonline subdirectory you just created on the Lotus Sametime server:
File name STComm.jar Copy from bin subdirectory of the Sametime Java Toolkit Copy to \Domino\html\QuickPlace\ peopleonline subdirectory of the Lotus Sametime server data directory \Domino\html\QuickPlace\ peopleonline subdirectory of the Lotus Sametime server data directory \Domino\html\QuickPlace\ peopleonline subdirectory of the Lotus Sametime server data directory
CommRes.jar
PeopleOnline31.jar
On Windows, AIX, and Solaris, the QuickPlace subdirectory of the Lotus QuickPlace server data directory. For example: On Windows: C:\Lotus\Domino\Data\ QuickPlace\PeopleOnline31.jar On AIX and Solaris: /opt/notesdata/QuickPlace /PeopleOnline31.jar On i5/OS the following directory: /qibm/proddata/lotus/ quickplace/DATA/ QUICKPLACE/ PeopleOnline31.jar
6. Verify that the QuickPlace\peopleonline subdirectory contains the three files. 7. (i5/OS only) Enter the following command to ensure that QNOTES is the owner of each of the files:
40
Step 2: Specify the Lotus Sametime server for Lotus QuickPlace to use
1. In a browser, enter the URL of the Lotus QuickPlace server, using the fully distinguished host name. For example, enter http://qpserver.acme.com/QuickPlace 2. Click Sign In and type the user name and password of a Lotus QuickPlace administrator. 3. Click Server Settings in the table of contents. 4. Click Other Options in the table of contents. 5. Click Edit Options. 6. Under the Sametime Servers heading, type the URL for the Lotus Sametime server in the Sametime Community Server field, specifying the fully qualified host name of the Lotus Sametime server, for example http://stserver.acme.com. Note: If your Lotus Sametime server is configured to use Secure Sockets Layer (SSL), type https:// in the URL rather than http://, otherwise users see a warning each time they open a page in a place. 7. Click Next. 8. Wait a few minutes for the setting to take effect, or restart the Lotus QuickPlace server to enable awareness and instant messaging immediately .
Step 3: Verify that places are enabled for awareness and instant messaging
1. Verify the Lotus QuickPlace settings: a. Sign in to a place as a Manager. b. Click Customize. c. Click Basics. d. Click Change Basics. e. On the Change Basics page, scroll down to the bottom. Under the Real-time collaboration heading, make sure the box next to Members can see who is online and send instant messages is checked. f. Click Done. 2. To verify that awareness is working, sign in to a place as an external user and check for the awareness icon next to your sign in name. Note: You must sign in as an external user. Sametime features are not available to local users. 3. To verify that instant messaging is working, find a document that was created by a user listed as online and click the users name. Then select Chat, or click the Chat link beside your name in the top left corner of the screen.
41
Domino program directory of Domino program directory of the the Lotus Sametime server, for Lotus QuickPlace server, for example: example: C:\Program Files\Lotus\Domino C:\Program Files\Lotus\Domino Domino program directory of the Lotus QuickPlace server. Domino program directory of the Lotus QuickPlace server. Domino program directory of the Lotus QuickPlace server
STCore.jar
ServiceLocator.properties Domino program directory of the Lotus Sametime server. sametime.ini Domino program directory of the Lotus Sametime server.
On AIX:
File STMtgManagement.jar Copy from Copy to
Domino program directory of Domino program directory of the the Lotus Sametime server, for Lotus QuickPlace server, for example: example: /opt/lotus/notes/<latest>/ ibmpow/ /opt/lotus/notes/<latest>/ ibmpow/ Domino program directory of the Lotus QuickPlace server. Lotus QuickPlace server data directory, for example: /opt/notesdata Lotus QuickPlace server data directory.
STCore.jar
ServiceLocator.properties Lotus Sametime server data directory, for example: /opt/notesdata sametime.ini Lotus Sametime server data directory.
42
On Solaris:
File STMtgManagement.jar Copy from Copy to
Domino program directory of Domino program directory of the the Lotus Sametime server, for Lotus QuickPlace server, for example: example: /opt/lotus/notes/<latest>/ sunspa/ /opt/lotus/notes/<latest>/ sunspa/ Domino program directory of the Lotus QuickPlace server. Lotus QuickPlace server data directory, for example: /opt/notesdata Lotus QuickPlace server data directory.
STCore.jar
ServiceLocator.properties Lotus Sametime server data directory, for example: /opt/notesdata sametime.ini Lotus Sametime server data directory.
On i5/OS:
File Copy from Copy to The following recommended directory on the i5/OS server on which you installed Lotus QuickPlace: /QIBM/UserData/Lotus/ QuickPlace/
STMtgManagement.jar The following directory on i5/OS server where you installed Lotus Sametime: /qibm/proddata/lotus/ sametime STCore.jar
The following directory on the The following recommended i5/OS server where you directory on the i5/OS server on installed Lotus Sametime: which you installed Lotus QuickPlace: /qibm/proddata/lotus/ sametime /QIBM/UserData/Lotus/ QuickPlace/ Lotus QuickPlace server data directory. Lotus QuickPlace server data directory.
ServiceLocator.propertiesLotus Sametime server data directory. sametime.ini Lotus Sametime server data directory.
2. (i5/OS only) Use the CHGOWN command to change the owner of the files copied in the previous step to QNOTES. For example, enter the following commands:
CHGOWN OBJ(/qibm/userdata/lotus/quickplace/ST*) NEWOWN(QNOTES) CHGOWN OBJ(<QP_server_data_directory>/sametime.ini) NEWOWN(QNOTES) CHGOWN OBJ(<QP_server_data_directory>/ServiceLocator.properties) NEWOWN(QNOTES)
3. On the Lotus QuickPlace server, edit the JavaUserClassesExt setting in the notes.ini file. v On Windows, add the text indicated in bold below to the setting. Where a path is indicated, substitute your own Domino program directory path. JavaUserClassesExt=QPJC1,QPJC2,QPJC3,QPJC4 QPJC1=C:\PROGRAM FILES\LOTUS\DOMINO\quickplace.jar
43
QPJC2=C:\PROGRAM FILES\LOTUS\DOMINO\log4j-118compat.jar QPJC3=C:\PROGRAM FILES\LOTUS\DOMINO\STCore.jar QPJC4=C:\PROGRAM FILES\LOTUS\DOMINO\STMtgManagement.jar v On AIX, add the text indicated in bold below to the setting. Where a path is indicated, substitute your own Domino program directory path. JavaUserClassesExt=QPJC1,QPJC2,QPJC3,QPJC4 QPJC1=/opt/lotus/notes/<latest>/ibmpow/quickplace.jar QPJC2=/opt/lotus/notes/<latest>/ibmpow/log4j-118compat.jar QPJC3=/opt/lotus/notes/< latest >/ibmpow/STCore.jar QPJC4=/opt/lotus/notes/< latest >/ibmpow/STMtgManagement.jar v On Solaris, add the text indicated in bold below to the setting. Where a path is indicated, substitute your own Domino program directory path. JavaUserClassesExt=QPJC1,QPJC2,QPJC3,QPJC4 QPJC1=/opt/lotus/notes/<latest>/sunspa/quickplace.jar QPJC2=/opt/lotus/notes/<latest>/sunspa/log4j-118compat.jar QPJC3=/opt/lotus/notes/ <latest >/sunspa/STCore.jar QPJC4=/opt/lotus/notes/ <latest >/sunspa/STMtgManagement.jar v On i5/OS, add the text indicated in bold below, assuming you added the STMtgManagement.jar and STCore.jar files to the recommended directory: JavaUserClassesExt=LQPJava1,LQPJava2,LQPJava3,LQPJava4 LQPJava1=/QIBM/ProdData/Lotus/QuickPlace/quickplace.jar LQPJava2=/QIBM/ProdData/Lotus/QuickPlace/log4j-118compat.jar LQPJava3=/QIBM/UserData/Lotus/QuickPlace/STCore.jar LQPJava4=/QIBM/UserData/Lotus/QuickPlace/STMtgManagement.jar
44
5. Within the <credentials> element, type the distinguished name and Internet password of the user you created in the Domino Directory in step 1, for example:
<sametime ldap="true"> <meetings invite_servers="false"> <tools> <audio enabled="true"/> <video enabled="true"/> </tools> <credentials> <dn>cn=John Doe/o=acme</dn> <password>xw356l78</password> </credentials> </meetings> </sametime>
6. Specify other <sametime> settings as needed: v If the Lotus Sametime server is configured to invite other Lotus Sametime servers to meetings, set invite_servers=true in the <meetings> element to support that feature in Lotus QuickPlace. v If you do not want to use audio Web conferencing features, set the audio enabled attribute to false in the <tools> element. v If you do not want to use Web conferencing video features, set the video enabled attribute to false in the <tools> element. 7. Save the qpconfig.xml file and restart the server for the settings to take effect.
Step 4: Specify the Lotus Sametime server for Lotus QuickPlace to use
1. In a browser, enter the URL of the Lotus QuickPlace server, using the fully distinguished host name. For example, enter http://qpserver.acme.com/QuickPlace 2. Click Sign In and type the user name and password of a Lotus QuickPlace administrator. 3. Click Server Settings in the table of contents. 4. Click Other Options in the table of contents. 5. Click Edit Options. 6. Under the Sametime Servers heading, type the URL for the Lotus Sametime server in the Sametime Meeting Server field, specifying the fully qualified host name of the Lotus Sametime server, for example, http://stserver.acme.com. Note: If your Lotus Sametime server is configured to use Secure Sockets Layer (SSL), type https:// in the URL rather than http://, otherwise users see a warning each time they open a page in a place. 7. Click Next.
45
5. Scroll down to the bottom of the Change Basics page. Under the Real-time collaboration heading, make sure Members can schedule online meetings is checked. 6. Click Done. 7. To test that members can schedule online meetings , create a calendar entry in a Place. 8. From the place, choose Calendar - New - Online Meeting. 9. Fill in the relevant fields, and then click Publish. Users who subscribe to calendar events should receive an invitation in their mail, with a link to the meeting. For more information on subscribing to calendar events, click Help in a place.
46
Performance enhancements
The following performance enhancements result in quicker page loading. New method for retrieving system images Lotus QuickPlace takes advantage of Dominos HTTP-accessible data directories by accessing system images from the file system. In previous releases system images were accessed from the resources.nsf database. As a result of this change, pages that use system images heavily, for example the Edit Page, load much more quickly than in previous releases. For backward compatibility, system images are stored in resources.nsf as well as in the file system. Page compression Lotus QuickPlace compresses the HTML and text content in pages it transmits to clients if the browser supports compression. The compression reduces the size of HTML transmissions to 30% or less of the uncompressed size,
Copyright IBM Corp. 2005
47
with the result that users can open large pages more quickly than in previous releases. Only HTML and text content is compressed, not images or attachments. Page compression is enabled by default, but you can disable it using the new qpconfig.xml setting page_compression.
The specific Office 2003 applications supported are Microsoft Word, Microsoft PowerPoint, and Microsoft Excel. If you have multiple versions of Office, or mixed versions of Office applications, Lotus QuickPlace seeks to use them in the following order: 2003, XP, and 2000.
48
to enable new features in them when it is convenient. Users can continue to work in their existing places before you upgrade places and PlaceTypes, and can continue to create new places and PlaceTypes, as long as they do not use existing places or PlaceTypes to create them. The existing places remain available except when they are locked for the relatively short time when they are being upgraded. In a non-cluster environment, Lotus QuickPlace 7.0 servers can coexist in the same Domino domain as Lotus QuickPlace 3.0, 3.0a, 3.0.1, or Lotus QuickPlace 6.5.1 servers. Coexistence between version 3 servers and version 7.0 servers is supported only during the limited process of upgrading. Servers in a cluster should all run version 7.0. If you are upgrading in a cluster environment, see the topic Upgrading Lotus QuickPlace in a cluster. If you are upgrading in a non-cluster environment, see the topic Upgrading Lotus QuickPlace in a non-clustered environment.
49
8. Use the QPTool upgrade -a command on only one server in the cluster to upgrade places and PlaceTypes. Then delete the PlaceTypes on all the other servers and let the upgraded PlaceTypes replicate throughout the cluster. After replication, sign in to each server as an administrator and refresh the list of PlaceTypes. 9. Use the QPTool unregister and register commands on all servers in the cluster to unregister and then re-register all places. 10. If there are offline users, clear the browser cache on offline clients before installing places offline in Lotus QuickPlace 7.0 11. Upgrade the on-disk structure of places. 12. Update Lotus Sametime integration features, if used.
50
6. Perform the following steps to upgrade Lotus QuickPlace: a. Insert and start the Lotus QuickPlace installation CD. If you are installing Lotus QuickPlace from a network drive, navigate to the directory with the Lotus QuickPlace installation kit. b. Double-click Setup.exe. c. In the Software License Agreement window, click Accept. d. In the Welcome window, click Next. e. In the Choose Destination Location window, select the directory that holds the Domino program files, and then click Next. f. In the Start Copying Files window, review the directory path names that are displayed, and if they are correct, click Next to begin the installation. g. After installation is complete, in the QuickPlace Server Configuration window, click Next. 7. In the Congratulations dialog box, click Finish.
e. When prompted, type the number that corresponds to the language in which you prefer to read the Lotus Software Agreement. Press Enter to continue, then press Enter again to display the license agreement. f. When you have read the agreement, press 1 to accept the agreement and continue with the installation.
51
Note: Many of the following steps require that you accept a default or type a new value. To change a default, press Enter and type a new value. After you enter a new setting, press Enter to accept the change and continue with the installation. g. Specify the Domino program directory as the directory where the Lotus QuickPlace program files will be installed. The default Domino program directory is opt/ibm/lotus. You must install the Lotus QuickPlace program files to the directory that holds the Domino program files. Press TAB to continue. h. Specify the Domino data directory as the directory where the Lotus QuickPlace data files will be installed. The default Domino data directory is /local/notesdata. You must install the Lotus QuickPlace data files into the directory that holds the Domino data files. Press TAB to continue. i. Specify the UNIX user who will own the Lotus QuickPlace server files. This must be the same user who owns the Domino server files. j. Specify the UNIX group that will own the Lotus QuickPlace server files. This must be the same group that owns the Domino server files. The UNIX user specified in the previous step must be a member of this group. k. When the installation program displays Configuration of the Install program is complete, press TAB to review your installation settings. For example: v Installation type: New Upgrade. v Program directory: /opt/ibm/lotus v Data directory: /local/notesdata v UNIX user: UNIX user v UNIX group: UNIX group l. Press TAB to install Lotus QuickPlace.
To delete the hotfixes, type the following command and press Enter:
RMVPTF LICPGM(5733LQP) SELECT(PTF#)
3. Delete the QuickPlace licensed program by typing the following command and pressing Enter:
DLTLICPGM LICPGM(5733LQP)
4. Upgrade your Lotus QuickPlace server to Domino 7. For more information on installing Domino 7 and upgrading your server, see the book Installing and Managing Domino 7 for i5/OS. 5. Prepare the Domino 7 server for the addition of Lotus QuickPlace.
52
v Install the Domino 7 update that is included on your Lotus QuickPlace 7.0 media. See the Readme.html file for detailed instructions. v If you plan to install Lotus QuickPlace in a language other than English, visit the Lotus QuickPlace for i5/OS Web site at the following address for a link to the latest information regarding Domino 7 language versions and the additional steps that may be necessary to prepare the Domino server for your preferred language: http://www.ibm.com/eserver/iseries/QuickPlace v Start the Domino server and use Domino Administrator to edit the Server document. Verify that the Fully qualified internet host name field on the Basics tab contains the fully qualified name of the Domino server and not the name of the system. If necessary, edit the field and save the Server document. Before proceeding to the next step, end the Domino server. 6. Insert the Lotus QuickPlace for i5/OS CD in your systems optical drive. 7. On any i5/OS command line, type the following command and press F4:
LODRUN
8. On the LODRUN display, type the following value in the Device field and press Enter:
*opt
9. In the Directory field, type the following value and press Enter:
/os400
10. When the Lotus QuickPlace option screen appears, type a 1 beside the Lotus QuickPlace product option and press Enter to begin the installation. The system loads the Lotus QuickPlace programs to the appropriate system libraries and /QIBM directories. You will see status messages as the system installs the software. Note: If you already have Domino installed on your system and the server ID files are password protected, you will be prompted to enter the password. After the password has been entered, press Enter to continue with the installation of Lotus QuickPlace. If your server ID file has multiple passwords, the passwords must be entered one at a time. 11. If you prefer to use a non-English version of Lotus QuickPlace, you should install the Lotus QuickPlace Language Pack at this time. The Language Pack can either be installed from CD-ROM or downloaded from the Web. Language Pack installation instructions are included with the Language Pack as file Read1st.txt. 12. Start the Lotus QuickPlace server. Note: When you start the Domino server you also start the Lotus QuickPlace server. 13. Upgrade the design of all databases on the server. See the topic Upgrading the design of databases on the server later in this chapter. 14. Upgrade places and PlaceTypes. See the topic Upgrading places and PlaceTypes later in this chapter. 15. Register the server and all places with the Place Catalog. See the topic Registering places with the Place Catalog later in this chapter. Note: Old PlaceTypes cannot be used to create new places, and old places cannot be used to create new PlaceTypes. Old places cannot be refreshed from their PlaceTypes, and old PlaceTypes cannot be refreshed from their places, until both are upgraded.
Chapter 5 Upgrading to Lotus QuickPlace 7.0
53
2. When the upgrade is finished, the qptool.upgrade.xml file is created in the Domino program directory by default. This file indicates if the upgrade was successful. It contains the following xml:
<?xml version="1.0"?> <service> <servers> <server> <hostname>servername</hostname> <placetypes /> <places /> <action_status action="upgrade"> <code>code number(0 if successful)</code> <message>error message(if theres an error)</message> </action_status> </server> </servers> </service>
The following table describes the arguments you can use with the command.
54
For more information on QPTool commands see the Lotus QuickPlace Administrators Guide.
Argument -? -server Description Prints help on the command. Runs the design task for all data on the server. Use this command right before you upgrade all places and PlaceTypes with qptool upgrade -a command or multiple specified places and PlaceTypes with -p or -pt arguments. This command provides optimal performance when you upgrade a large number of places and PlaceTypes. Upgrades all places and PlaceTypes on the server. Runs upgrade even if system has not detected it needs to be run or even if it has detected the database version does not support upgrade. Upgrades a specified place or a list of places that are separated by spaces. Upgrades a specified PlaceType or a list of PlaceTypes that are separated by spaces. If the place from which the PlaceType was created still exists, upgrade the place before upgrading the PlaceType. XML input file that specifies the places and PlaceTypes to upgrade. XML output file that logs the results of the command. By default the command logs results to qptool.upgrade.xml in the server program directory. Check the output file for any upgrade errors.
-a -f
-i -o
Run the design task on the server to >load qptool upgrade -server upgrade the design of databases before upgrading multiple places and PlaceTypes. Upgrade all places and PlaceTypes on >load qptool upgrade -a the server. Upgrade all places and PlaceTypes on >load qptool upgrade -a -f the server to the current release. Upgrade place P1. Upgrade place P1 to the current release. Upgrade PlaceTypes PT1, PT2, and PT3 and log results to the XML output file qptool.myupgrade.xml. >load qptool upgrade -p P1 >load qptool upgrade -p P1 -f >load qptool upgrade -pt PT1 PT2 PT3 -o qptool.myupgrade.xml
When the upgrade is finished, the file qptool.upgrade.xml is created by default in the Domino program folder. This file indicates whether the upgrade was successful. It contains the following xml:
55
<?xml version="1.0"?> <service> <servers> <server> <hostname>servername</hostname> <placetypes /> <places> <place> <name>placename</name> <action_status action="upgrade"> <code>code number(0 if successful)</code> <message>error message(if theres an error)</message> </action_status> </place> </places> </server> </servers> </service>
2. From the Domino server console, enter any the following commands to re-register a place or places: To re-register a specific place with the Place Catalog:
load qptool register -p placename -placecatalog
3. When unregistration or registration is finished, the file qptool.register.xml is created by default in the Domino program directory. This file indicates whether the command was successful, for example:
<?xml version="1.0"?> <service> <servers> <server>
56
<hostname>servername</hostname> <places> <place> <name>placename</name> <action_status action="RegisterInPlaceCatalog"> <code>code number(0 if successful)</code> <message>error message(if theres an error)</message> </action_status> </place> </places> </server> </servers> </service>
57
is working. These steps assume that Lotus QuickPlace server was operating successfully with the Lotus Sametime server prior to the upgrade. Note: Using a Lotus QuickPlace 6.5.1 server with a Lotus Sametime 7.0 server is not supported.
2. (i5/OS only) Enter the following command to ensure that QNOTES is still the owner of the file:
CHGOWN OBJ(<ST_server_data_dir>/Domino/html/QuickPlace/peopleonline/*) NEWOWN(QNOTES)
Note: No steps are required to update Web conferencing integration after you upgrade the Lotus QuickPlace server. 3. Perform the steps described in the topic Verifying that Lotus Sametime integration is working.
58
1. Download the IBM Lotus Sametime 7.0 Java Toolkit to a convenient directory. This directory does not have to be on the Lotus Sametime server. Click the Toolkits link on the Downloads section of the Lotus Sametime Developers Web site at http://www.ibm.com/developerworks/lotus/products/instantmessaging. 2. Unzip the download file to a convenient directory to access the contents of the bin subdirectory. 3. Copy the files listed below to the QuickPlace\peopleonline subdirectory on the Lotus Sametime server:
File name STComm.jar Copy from bin subdirectory of the Sametime Java Toolkit Copy to \Domino\html\QuickPlace\ peopleonline subdirectory of the Lotus Sametime server data directory \Domino\html\QuickPlace\ peopleonline subdirectory of the Lotus Sametime server data directory
CommRes.jar
4. (i5/OS only) Enter the following command to ensure that QNOTES is the owner of each of the files:
CHGOWN OBJ(<ST_server_data_dir>/Domino/html/QuickPlace/peopleonline/*) NEWOWN(QNOTES)
To upgrade the Web conferencing integration: To upgrade the Web conferencing integration after the upgrade to Lotus Sametime 7.0: 1. Open the notes.ini file on the Lotus QuickPlace server. 2. Edit the JavaUserClassesExt setting in the notes.ini file; note that the entries for the xercesImpl.jar, xalan.jar, xml-apis.jar, and ibmjsee.jar files are no longer needed for Lotus Sametime 7.0 and should be removed: v (Windows) Edit the JavaUserClassesExt setting so it appears as follows; where a path is indicated, substitute your own Domino program directory path. JavaUserClassesExt=QPJC1,QPJC2,QPJC3,QPJC4 QPJC1=C:\PROGRAM FILES\LOTUS\DOMINO\quickplace.jar QPJC2=C:\PROGRAM FILES\LOTUS\DOMINO\log4j-118compat.jar QPJC3=C:\PROGRAM FILES\LOTUS\DOMINO\STCore.jar QPJC4=C:\PROGRAM FILES\LOTUS\DOMINO\STMtgManagement.jar v (AIX) Edit the JavaUserClassesExt setting so it appears as follows; where a path is indicated, substitute your own Domino program directory path. JavaUserClassesExt=QPJC1,QPJC2,QPJC3,QPJC4 QPJC1=/opt/lotus/notes/<latest>/ibmpow/quickplace.jar QPJC2=/opt/lotus/notes/<latest>/ibmpow/log4j-118compat.jar QPJC3=/opt/lotus/notes/<latest>/ibmpow/STCore.jar QPJC4=/opt/lotus/notes/<latest>/ibmpow/STMtgManagement.jar v (Solaris) Edit the JavaUserClassesExt setting so it appears as follows; where a path is indicated, substitute your own Domino program directory path. JavaUserClassesExt=QPJC1,QPJC2,QPJC3,QPJC4 QPJC1=/opt/lotus/notes/<latest>/sunspa/quickplace.jar QPJC2=/opt/lotus/notes/<latest>/sunspa/log4j-118compat.jar QPJC3=/opt/lotus/notes/<latest>/sunspa/STCore.jar
Chapter 5 Upgrading to Lotus QuickPlace 7.0
59
QPJC4=/opt/lotus/notes/<latest>/sunspa/STMtgManagement.jar v (i5/OS) Edit the JavaUserClassesExt setting so it appears as follows. The path name shown is the recommended one for storing the STCore.jar and STManagement.jar files. If currently you use a different directory, you can continue to use it or you can copy the files to the recommended directory. JavaUserClassesExt=LQPJava1,LQPJava2,LQPJava3,LQPJava4 LQPJava1=/QIBM/ProdData/Lotus/QuickPlace/quickplace.jar LQPJava2=/QIBM/ProdData/Lotus/QuickPlace/log4j-118compat.jar LQPJava3=/QIBM/UserData/Lotus/QuickPlace/STCore.jar LQPJava4=/QIBM/UserData/Lotus/QuickPlace/STMtgManagement.jar 3. Save and close the notes.ini file. 4. Copy files from the Lotus Sametime server to the Lotus QuickPlace server, as indicated in the following tables: On Windows:
File STMtgManagement.jar Copy from Copy to
Domino program directory of Domino program directory of the the Lotus Sametime server, Lotus QuickPlace server, for for example: example: C:\Program Files\Lotus\Domino C:\Program Files\Lotus\Domino
STCore.jar
Domino program directory of Domino program directory of the the Lotus Sametime server. Lotus QuickPlace server.
ServiceLocator.properties Domino program directory of Domino program directory of the the Lotus Sametime server. Lotus QuickPlace server. sametime.ini Domino program directory of Domino program directory of the the Lotus Sametime server. Lotus QuickPlace server.
On AIX:
File STMtgManagement.jar Copy from Copy to
Domino program directory of Domino program directory of the the Lotus Sametime server, Lotus QuickPlace server, for for example: example: /opt/lotus/notes/<latest>/ ibmpow/ /opt/lotus/notes/<latest>/ ibmpow/
STCore.jar
Domino program directory of Domino program directory of the the Lotus Sametime server. Lotus QuickPlace server. Lotus QuickPlace server data directory, for example: /opt/notesdata Lotus QuickPlace server data directory.
ServiceLocator.properties Lotus Sametime server data directory, for example: /opt/notesdata sametime.ini Lotus Sametime server data directory.
60
On Solaris:
File STMtgManagement.jar Copy from Copy to
Domino program directory of Domino program directory of the the Lotus Sametime server, Lotus QuickPlace server, for for example: example: /opt/lotus/notes/<latest>/ sunspa/ /opt/lotus/notes/<latest>/ sunspa/
STCore.jar
Domino program directory of Domino program directory of the the Lotus Sametime server. Lotus QuickPlace server. Lotus QuickPlace server data directory, for example: /opt/notesdata Lotus QuickPlace server data directory.
ServiceLocator.properties Lotus Sametime server data directory, for example: /opt/notesdata sametime.ini Lotus Sametime server data directory.
On i5/OS:
File STMtgManagement.jar Copy from The following directory on the i5/OS server where you installed Lotus Sametime: /qibm/proddata/lotus/ sametime Copy to The directory specified in the JavaUserClassesExt setting in Step 2 on the i5/OS server where you installed Lotus QuickPlace, for example: /QIBM/UserData/Lotus/ QuickPlace/ STCore.jar The following directory on the i5/OS server where you installed Lotus Sametime: /qibm/proddata/lotus/ sametime ServiceLocator.properties Lotus Sametime server data directory. sametime.ini Lotus Sametime server data directory. Lotus QuickPlace server data directory. Lotus QuickPlace server data directory. The directory specified in the JavaUserClassesExt setting in Step 2.
5. (i5/OS only) Use the CHGOWN command to change the owner of the files copied in the previous step to QNOTES. For example, enter the following commands:
CHGOWN OBJ(/qibm/userdata/lotus/quickplace/ST*) NEWOWN(QNOTES) CHGOWN OBJ(<QP_server_data_directory>/sametime.ini) NEWOWN(QNOTES) CHGOWN OBJ(<QP_server_data_directory>/ServiceLocator.properties) NEWOWN(QNOTES)
6. Perform the steps described in the topic Verifying that Lotus Sametime integration is working.
61
1. Start the Lotus QuickPlace server, the Lotus Sametime server, and the LDAP directory server. 2. To verify that awareness is working, sign on to a place as an external user and check for the awareness icon next to your sign on name. 3. To verify that instant messaging is working, find a document that was created by a user listed as online, click the users name, and then click Chat. Or click the Chat link beside your name in the top left corner of the screen. 4. If Web conferencing is configured, test that members can schedule online meetings. Create a calendar entry in a Place, click Calendar - New - Online Meeting, fill in the relevant fields, and then click Publish. Users who subscribe to calendar events should receive an invitation in their mail, with a link to the meeting.
62
63
4. Run qptool register -install -p placename(s) on the new server. Verify that the local names in the places are in the correct format, for example, that they contain the /ou=placename/ou=QP components followed by the OU components (maximum of 2) from the server certifier.
64
Notices
This information was developed for products and services offered in the U.S.A. IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the users responsibility to evaluate and verify the operation of any non-IBM product, program, or service. IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not grant you any license to these patents. You can send license inquiries, in writing, to: IBM Director of Licensing IBM Corporation North Castle Drive Armonk, NY 10504-1785 U.S.A. The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you. This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice. Any references in this information to non-IBM Web sites are provided for convenience only and do not in any manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for this IBM product and use of those Web sites is at your own risk. IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you. Licensees of this program who wish to have information about it for the purpose of enabling: (i) the exchange of information between independently created programs and other programs (including this one) and (ii) the mutual use of the information which has been exchanged, should contact: IBM Corporation Office 4360
Copyright IBM Corp. 2005
65
One Rogers Street Cambridge, MA 02142 U.S.A. Such information may be available, subject to appropriate terms and conditions, including in some cases, payment of a fee. The licensed program described in this information and all licensed material available for it are provided by IBM under terms of the IBM Customer Agreement, IBM International Program License Agreement, or any equivalent agreement between us. Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible, the examples include the names of individuals, companies, brands, and products. All of these names are fictitious and any similarity to the names and addresses used by an actual business enterprise is entirely coincidental.
Trademarks
The following terms are trademarks of International Business Machines Corporation in the United States, other countries, or both: AIX Domino Domino Designer IBM iSeries i5/OS Lotus Lotus Notes Notes QuickPlace Sametime Microsoft, Windows, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both. Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. UNIX is a registered trademark of The Open Group in the United States and other countries. Other company, product, or service names may be trademarks or service marks of others.
66
Index A
Administrators signing in as 8, 10 Alternate download site offline 32 Authentication offline users 23 Installation (continued) Solaris 7, 8 troubleshooting on i5/OS Policy Director offline configuration 17 32
L
LDAP directories connecting to 21 Local users certifiers required for 63
Q
QPTool register using 56 QPTool upgrade using 54
C
Certifier IDs offline 23, 24, 25, 26 Certifiers for local users 63 Clusters upgrading 49
N
name_translation setting described 28 examples 28, 30 Names translating for offline 28, 30 Netegrity SiteMinder offline configuration 32 New features described 1, 3, 4 version 6.5.1 47
S
Sametime integration setup 37 planning 37 setting up Awareness and Chat 41 setting up awareness and instant messaging 39 setting up Web conferencing 41 upgrade 57, 58 Sametime meetings setting up 41 Servers upgrading 49 Signing in as administrator 8, 10 Software agreement i5/OS 15 Solaris installation on 8 Starting QuickPlace 8, 10, 16 Sun Java System Portal Server offline configuration 32
D
Database design upgrading 54 Documentation additional 4 for i5/OS 5 Domino compatibility i5/OS 11 on i5/OS 14 Domino Off-Line Services see 21
O
Offline alternate download site 32 and user directory 21 certifiers for 23, 24, 25, 26 clearing browser cache 57 described 21 enabling 21 enabling for i5/OS 22 FAQs 34 hiding Work Offline link 34 passwords 31 place encryption 31 Security Policy document 27 specific environment configurations 32 translating LDAP names for 28, 30 troubleshooting 21
E
Encrypting offline places 31
F
FAQs offline 34
T
TCP/IP preparing on i5/OS 11, 12, 13 Troubleshooting i5/OS installation 17
I
i5/OS additional resources 5 configuring Domino 14 enabling offline use 22 installation on 10, 16 installation troubleshooting 17 multiple servers 18 removing QuickPlace 19 software agreement 15 TCP/IP preparation 11, 12, 13 upgrading server 52 IBM Network Dispatcher offline configuration 32 Installation i5/OS 10, 16 overview 1, 7 Copyright IBM Corp. 2005
U
Upgrade clearing offline cache 57 database design 54 in cluster environment 49 installing release 7 50, 51, 52 new features and 47 non-cluster environment 49 on-disk structure 57 overview 48 place and PlaceType backups 50 Place Catalog 56 places and PlaceTypes 54 Sametime 57, 58
P
Passthru server offline configuration 32 Passwords offline 31 upgrading offline 47 Place Catalog registering places 56 Places registering 56 upgrading 54 PlaceTypes upgrading 54
67
W
Windows installation on 7
68
Printed in USA
G210-1998-00