Add admin users to Connections security roles – the easy way
It happened again some weeks ago when I installed the Connections 3.0.1.1 fixpack, all the users I added to the security roles of the different apps were gone after the update 
But instead of adding them again manually through the Admin console I searched for a better solution and found an old blog entry from Marco Ensing:
This was the basis for this little jython script, which you can use to recreate your settings:
Just download it & open it with a text editor. It’s rather self-explaining, add your users and change roles where needed.
Finally run the script via wsadmin tool:
wsadmin.bat -lang jython -port 8879 -username wasadmin -pw YOURPW -f ConfigureConnectionsRoles.py
Have fun!
Using SSL in Sametime 8.5.x for LDAP connections Part 2
Took me a little bit longer as expected but here is now part 2, how to enable SSL for LDAP connections on the community server.
In part 1 described how you can enable SSL for LDAP connections on the WAS servers.
You can find some information on this topic in the Sametime Wiki but I found it rather confusing and misleading.
First of all I had to set up iKeyman and the GSKit on the community server to support Cryptographic Message Syntax (CMS) and create the Keystore DBs. We need 3 different Keystore databases:
- CMS Keystore key.kdb -> used by different Sametime server components to connect securely to LDAP server
- Java Keystore stkeys.jks -> used by the userinfo servlet (Business Card) to connect securely to LDAP server
- Keyring File sametime85.kyr -> used by the Domino server (directory assistance) to connect securely to LDAP server
Install GSKit
- Go to the folder where you extracted the Sametime Standard Server Installation files. In there you find a folder “GSKit” – “Win32″. Run gsk8crypt32.exe as Admin
- Use standard values for installation wizard
- Run gsk8ssl32.exe as Admin and use standard values for installation wizard
- Add you Domino java folder as JAVA_HOME system variable
Update iKeyman to support CMS
- copy gskikm.jar and ibmcmsprovider.jar from you Sametime System Console (SSC) server to the community server and replace the older ones. You can find these files in the C:\WAS_INSTALL_DIR\WebSphere\UpdateInstaller\java\jre\lib\ext\ folder. Copy them to C:\DOMINO_INSTALL_DIR\ibm-jre\jre\lib\ext\ folder.
- Edit the file java.security in folder C:\DOMINO_INSTALL_DIR\ibm-jre\jre\lib\security\
- after security.provider.5=com.ibm.security.sasl.IBMSASL add following line:
security.provider.6=com.ibm.security.cmskeystore.CMSProvider
Create CMS and Java Keystore files
- Start iKeyman (double click ikeyman.exe) which you can find in C:\DOMINO_INSTALL_DIR\ibm-jre\jre\bin\ folder
- Check the “Help” – “About iKeyman”, you should see
If you see an older Version# check if you copied gskikm.jar and ibmcmsprovider.jar from you Sametime System Console (SSC)
- Now create a new CMS database by clicking on “Key Database file” – “New”. Choose CMS as type, name it key.kdb (has to be exactly this name!) and place it in C:\DOMINO_INSTALL_DIR\ (D:\IBM\Lotus\Domino in my example)
- Define a password and activate “Stash password to a file”
- Go to the “Signer Certificates” and click on “Add”
- Click “Browse” and open the Root.cer file (which you have create before on the SSC Server in Part 1)
- Enter a Label for the Certificate (i.e. GeoTrust Root Certificate)
- Do the same for the Intermediate Certificate
- You should now see 2 Signer Certificates in your keyDB
- Now create a new JKS database by clicking on “Key Database file” – “New”. Choose JKS as type, name it stkeys.jks and place it in C:\DOMINO_INSTALL_DIR\ (D:\IBM\Lotus\Domino in my example)
- Repeat all steps to import the root certificate and the intermediate certificate
Create the Domino Keyring file
- open the Server Certificate Admin DB (certsrv.nsf) on your Community Server with your Notes Client
- click on “1. Create Key Ring” to create a new keyring file
- fill in a name and a password and define your key size
- fill in your server name as Common Name, add your Organization/State/Country and click “Create Key Ring”
- you will see a confirmation window
- now import your Root Certificate, click on “3. Install Trusted Root Certificate…” and fill in a Label/Source/File Name and choose the appropriate file format
- click on “Merge Trsuted Root Certificate…” and fill in the password for the key ring file
- you will see a success window, click on “OK”
- import your intermediate certificate with same steps
- copy your keyring file and stash file to the data directory of your Community Server
- open the server document of your community server and go to “Ports” – “Internet Ports” and fill in your keyring file name
- save the document and close it
Encrypt the UserInfoServlet
- open UserInfoConfig.xml (in D:\IBM\Lotus\Domino)
- change SslEnabled to true and ensure SslPort is 636
- in the SslProperties tag add the path to your stkeys.jks file and insert your password for the keystore
Configuring Directory Assistance for SSL& Connect Sametime Community Server through SSL
- open the Directory Assistance DB (da.nsf) on your community server with your notes client and change the LDAP settings
- Click “Save and Close” and close the DB
- Now open the Sametime Community Server webpage and login as Sametime Admin and click on “Administer the Server”
- go to “LDAP Directory” > “Connectivity” and enable the use of SSL for LDAP and ensure that the used SSL port is 636
- Click on “Update”
(Optional) If you want to improve performance, you may choose to loosen security and encrypt only user credentials as follows:
- Open the sametime.ini file (in D:\IBM\Lotus\Domino)
- Locate the [Directory] section within the file and add the following setting:
ST_DB_LDAP_SSL_ONLY_FOR_PASSWORDS=1
- Save and close the file
- Restart your Community Server
That’s it, now you Security Officer is your friend again!
Using SSL in Sametime 8.5.x for LDAP connection Part 1
Securing a connection to a LDAP server sounds pretty easy but doing this for a Sametime 8.5 deployment, especially the community server, is far away from easy.
Documentation (Infocenter, Sametime Wiki) is not very clear on this topic and has some conflicting infos.
These are the steps which worked for me.
Configure WAS Servers for secure access to LDAP server
This is pretty easy and is well documented in the Sametime Wiki, you just have to import the public root CA of the LDAP server certificate. In my case I only had the .pfx file of the LDAP server and first hat to export the CA’s root and intermediate certificates.
- Choose a file name and a location where to save the file on the server
Navigate to “Security” – “SSL certificate and key management” – “Key stores and certificates” and click on “CellDefaultTrustStore”
- Click on “Signer certificates” and “Add”
I will describe what I had to change on the community server in part 2, stay tuned.
Media Gallery Image Preview in IBM Connections 3.0.1 aktivieren
Wir nutzen bei uns intern seit dem Erscheinen der IBM Connections 3.0.1 Version diese auch. Die wichtigsten Neuerungen in dieser Version waren die Ideation Blogs sowie die Media Gallery, in welcher man Bilder und Videos ablegen und mit einer nützlichen Vorschaufunktion durchsuchen kann.
Nur leider hat diese Vorschaufunktion vom Beginn weg nicht funktioniert und wir haben auf eine Nutzung der Galleries somit ersteinmal verzichtet.
Im Connections Forum habe ich dann festgestellt, dass ich nicht der einzige mit dem Problem war und das es ein Problem mit den Zugriffsrechten auf die Files Komponente war. Nur auf eine Lösung mussten wir länger warten.
Sjaak Ursinus hat nun eine Lösung gefunden und diese netterweise auch im Forum mitgeteilt. Solltet ihr also jemals ein Problem mit der Vorschau haben, hier ist eure Lösung:
Backup and Restore IBM Lotus Connections DBs Online
There are many ways to backup your DB2 environment (Offline/Online; Incremental/Delta;Transaction Log backups). I just needed a suitable way to daily backup my Lotus Connections DBs.
I decided to do an Online Backup (no downtime of DBs/Connections) to a local folder and the folder will be backuped by Symantec Backup Exec.
Following steps have to be done to Backup data:
- Update DBs configuration to be ready for Online backups and to store only the latest backup in backup folder. Open a DB2 command window and issue following commands:
db2 update database configuration for BLOGS using LOGARCHMETH1 LOGRETAIN AUTO_DEL_REC_OBJ ON num_db_backups 1 rec_his_retentn 0
db2 update database configuration for DOGEAR using LOGARCHMETH1 LOGRETAIN AUTO_DEL_REC_OBJ ON num_db_backups 1 rec_his_retentn 0
db2 update database configuration for FILES using LOGARCHMETH1 LOGRETAIN AUTO_DEL_REC_OBJ ON num_db_backups 1 rec_his_retentn 0
db2 update database configuration for FORUM using LOGARCHMETH1 LOGRETAIN AUTO_DEL_REC_OBJ ON num_db_backups 1 rec_his_retentn 0
db2 update database configuration for HOMEPAGE using LOGARCHMETH1 LOGRETAIN AUTO_DEL_REC_OBJ ON num_db_backups 1 rec_his_retentn 0
db2 update database configuration for OPNACT using LOGARCHMETH1 LOGRETAIN AUTO_DEL_REC_OBJ ON num_db_backups 1 rec_his_retentn 0
db2 update database configuration for PEOPLEDB using LOGARCHMETH1 LOGRETAIN AUTO_DEL_REC_OBJ ON num_db_backups 1 rec_his_retentn 0
db2 update database configuration for SNCOMM using LOGARCHMETH1 LOGRETAIN AUTO_DEL_REC_OBJ ON num_db_backups 1 rec_his_retentn 0
db2 update database configuration for WIKIS using LOGARCHMETH1 LOGRETAIN AUTO_DEL_REC_OBJ ON num_db_backups 1 rec_his_retentn 0 - To activate these new settings you have to stop and start your db instance:
db2stop
db2start
or use force flag if DB is locked
db2stop force
db2start - Now backup your DBs to a folder (i.e. Backup_Online):
db2 backup database BLOGS to D:\Backup_Online
db2 backup database DOGEAR to D:\Backup_Online
db2 backup database FILES to D:\Backup_Online
db2 backup database FORUM to D:\Backup_Online
db2 backup database HOMEPAGE to D:\Backup_Online
db2 backup database OPNACT to D:\Backup_Online
db2 backup database PEOPLEDB to D:\Backup_Online
db2 backup database SNCOMM to D:\Backup_Online
db2 backup database WIKIS to D:\Backup_Online - From now on do regular compressed backups of the DBs and include log files (do not forget to backup the folder with you backup agent):
db2 backup database BLOGS ONLINE to D:\Backup_Online COMPRESS INCLUDE LOGS
db2 backup database DOGEAR ONLINE to D:\Backup_Online COMPRESS INCLUDE LOGS
db2 backup database FILES ONLINE to D:\Backup_Online COMPRESS INCLUDE LOGS
db2 backup database FORUM ONLINE to D:\Backup_Online COMPRESS INCLUDE LOGS
db2 backup database HOMEPAGE ONLINE to D:\Backup_Online COMPRESS INCLUDE LOGS
db2 backup database OPNACT ONLINE to D:\Backup_Online COMPRESS INCLUDE LOGS
db2 backup database PEOPLEDB ONLINE to D:\Backup_Online COMPRESS INCLUDE LOGS
db2 backup database SNCOMM ONLINE to D:\Backup_Online COMPRESS INCLUDE LOGS
db2 backup database WIKIS ONLINE to D:\Backup_Online COMPRESS INCLUDE LOGS
To Restore all your Data you first have to recreate all 9 DBs with the Lotus Connections DB Wizard:
- Run the DB wizard and recreate all 9 DBs
- Run following commands inside a DB2 command window to restore the data:
db2 restore database BLOGS from D:\Backup_Online REPLACE EXISTING
db2 restore database DOGEAR from D:\Backup_Online REPLACE EXISTING
db2 restore database FILES from D:\Backup_Online REPLACE EXISTING
db2 restore database FORUM from D:\Backup_Online REPLACE EXISTING
db2 restore database HOMEPAGE from D:\Backup_Online REPLACE EXISTING
db2 restore database OPNACT from D:\Backup_Online REPLACE EXISTING
db2 restore database PEOPLEDB from D:\Backup_Online REPLACE EXISTING
db2 restore database SNCOMM from D:\Backup_Online REPLACE EXISTING
db2 restore database WIKIS from D:\Backup_Online REPLACE EXISTING - Now you have to extract the archive logs from BLOGS db image. Create a temp folder D:\temp and extract archive logs into that folder:
db2 restore database BLOGS LOGS from D:\Backup_Online LOGTARGET D:\temp
- Now you can apply the transactions which are stored in these log files:
db2 rollforward database BLOGS to end of logs overflow log path (D:\temp) - Complete the rollforward process, otherwise you will not have access to the DB:
db2 rollforward database BLOGS complete - Delete all files in D:\temp
- Repeat extracting the archive logs, apply logs and completion of rollforward process for DOGEAR:
db2 restore database DOGEAR LOGS from D:\Backup_Online LOGTARGET D:\temp
db2 rollforward database DOGEAR to end of logs overflow log path (D:\temp)
db2 rollforward database DOGEAR complete - Delete all files in D:\temp
- Repeat extracting the archive logs, apply logs and completion of rollforward process for FILES:
db2 restore database FILES LOGS from D:\Backup_Online LOGTARGET D:\temp
db2 rollforward database FILES to end of logs overflow log path (D:\temp)
db2 rollforward database FILES complete - Delete all files in D:\temp
- Repeat extracting the archive logs, apply logs and completion of rollforward process for FORUM:
db2 restore database FORUM LOGS from D:\Backup_Online LOGTARGET D:\temp
db2 rollforward database FORUM to end of logs overflow log path (D:\temp)
db2 rollforward database FORUM complete - Delete all files in D:\temp
- Repeat extracting the archive logs, apply logs and completion of rollforward process for HOMEPAGE:
db2 restore database HOMEPAGE LOGS from D:\Backup_Online LOGTARGET D:\temp
db2 rollforward database HOMEPAGE to end of logs overflow log path (D:\temp)
db2 rollforward database HOMEPAGE complete - Delete all files in D:\temp
- Repeat extracting the archive logs, apply logs and completion of rollforward process for OPNACT:
db2 restore database OPNACT LOGS from D:\Backup_Online LOGTARGET D:\temp
db2 rollforward database OPNACT to end of logs overflow log path (D:\temp)
db2 rollforward database OPNACT complete - Delete all files in D:\temp
- Repeat extracting the archive logs, apply logs and completion of rollforward process for PEOPLEDB:
db2 restore database PEOPLEDB LOGS from D:\Backup_Online LOGTARGET D:\temp
db2 rollforward database PEOPLEDB to end of logs overflow log path (D:\temp)
db2 rollforward database PEOPLEDB complete - Delete all files in D:\temp
- Repeat extracting the archive logs, apply logs and completion of rollforward process for SNCOMM:
db2 restore database SNCOMM LOGS from D:\Backup_Online LOGTARGET D:\temp
db2 rollforward database SNCOMM to end of logs overflow log path (D:\temp)
db2 rollforward database SNCOMM complete - Delete all files in D:\temp
- Repeat extracting the archive logs, apply logs and completion of rollforward process for WIKIS:
db2 restore database WIKIS LOGS from D:\Backup_Online LOGTARGET D:\temp
db2 rollforward database WIKIS to end of logs overflow log path (D:\temp)
db2 rollforward database WIKIS complete
That’s it, now you can work with your restored data again. Happy Social Business.
Recent Posts
Pages
Tag Cloud
Blogroll
- So gleich geht's los, erster Flug für unseren Sohn, wird sicherlich spannend. (@ Terminal B) 4sq.com/J7Vj15 5 days ago
- Die 60ger Löwen sind in Zürich, was die hier wohl machen #tsv1860 http://t.co/P5FTF0iF 1 week ago
- Mal wieder im Rheintal, wäre nur der Weg von Zürich nicht immer so weit. #tdi #day 1 week ago
