Congratulations!

[Valid RSS] This is a valid RSS feed.

Recommendations

This feed is valid, but interoperability with the widest range of feed readers could be improved by implementing the following recommendations.

Source: http://techblog.gis-ag.info/feed/

  1. <?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
  2. xmlns:content="http://purl.org/rss/1.0/modules/content/"
  3. xmlns:wfw="http://wellformedweb.org/CommentAPI/"
  4. xmlns:dc="http://purl.org/dc/elements/1.1/"
  5. xmlns:atom="http://www.w3.org/2005/Atom"
  6. xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
  7. xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
  8. >
  9.  
  10. <channel>
  11. <title>GIS Techblog</title>
  12. <atom:link href="http://techblog.gis-ag.info/feed/" rel="self" type="application/rss+xml" />
  13. <link>http://techblog.gis-ag.info</link>
  14. <description></description>
  15. <lastBuildDate>Thu, 01 Dec 2016 08:54:41 +0000</lastBuildDate>
  16. <language>en-US</language>
  17. <sy:updatePeriod>hourly</sy:updatePeriod>
  18. <sy:updateFrequency>1</sy:updateFrequency>
  19. <generator>https://wordpress.org/?v=4.7</generator>
  20. <item>
  21. <title>Automatic WebSphere plugin modification II &#8211; PowerShell for Windows</title>
  22. <link>http://techblog.gis-ag.info/2016/12/01/automatic-websphere-plugin-modification-ii-powershell-for-windows/</link>
  23. <comments>http://techblog.gis-ag.info/2016/12/01/automatic-websphere-plugin-modification-ii-powershell-for-windows/#respond</comments>
  24. <pubDate>Thu, 01 Dec 2016 08:54:40 +0000</pubDate>
  25. <dc:creator><![CDATA[Julius Schwarzweller]]></dc:creator>
  26. <category><![CDATA[IBM Connections]]></category>
  27. <category><![CDATA[automatic modification]]></category>
  28. <category><![CDATA[BackupServers]]></category>
  29. <category><![CDATA[high availability]]></category>
  30. <category><![CDATA[plugin-cfg.xml]]></category>
  31. <category><![CDATA[PowerShell]]></category>
  32. <category><![CDATA[PrimaryServers]]></category>
  33. <category><![CDATA[two-line concept]]></category>
  34. <category><![CDATA[WebSphere Plugins]]></category>
  35. <category><![CDATA[windows]]></category>
  36.  
  37. <guid isPermaLink="false">http://techblog.gis-ag.info/?p=2095</guid>
  38. <description><![CDATA[Automatic WebSphere plugin modification II &#8211; PowerShell for Windows Hi, some months ago I published a shell script to automatically modify the Primary / BackupServer definition in a WebSphere plugin-cfg.xml file. As we have several Windows customers we decided to transfer this script to PowerShell so that it is also useable for a Windows Cluster installation. [&#8230;]]]></description>
  39. <content:encoded><![CDATA[<p><strong>Automatic WebSphere plugin modification II &#8211; PowerShell for Windows</strong></p>
  40. <p>Hi,</p>
  41. <p>some months ago I <a href="http://techblog.gis-ag.info/2016/07/06/automatic-modification-of-websphere-plugin-primary-backupservers-to-maintain-two-line-concept/">published</a> a shell script to automatically modify the Primary / BackupServer definition in a WebSphere plugin-cfg.xml file.</p>
  42. <p>As we have several Windows customers we decided to transfer this script to PowerShell so that it is also useable for a Windows Cluster installation. My colleague Jan Bruns did a great job implementing this script.</p>
  43. <p>It basically works the same way as the Linux script:</p>
  44. <p><a href="http://techblog.gis-ag.info/2016/12/01/automatic-websphere-plugin-modification-ii-powershell-for-windows/modifywasplugin-ps1/" rel="attachment wp-att-2096">modifywasplugin-ps1</a></p>
  45. <p><em>Please note that using the script is at your own risk! You should carefully test the script! It might need some more error handling!</em></p>
  46. <p>This script has four different operation modes:</p>
  47. <ul>
  48. <li>./modifyWasPlugin.ps1 -manual –&gt; Manual selection process</li>
  49. <li>./modifyWasPlugin.ps1 -automatic –&gt; Automatic execution process. Modify array “backupServerList” in this script.</li>
  50. <li>./modifyWasPlugin.ps1 -setbackup SERVER –&gt; Remove SERVER from PrimaryServer definition and declare it as BackupServer</li>
  51. <li>./modifyWasPlugin.ps1 -list –&gt; List all servers declared as PRIMARY</li>
  52. </ul>
  53. <p><em>Preparation</em></p>
  54. <p>Open the script and modify the variable “fileToUse” &amp;&amp; &#8220;outputPath&#8221; to match your plugin-cfg.xml</p>
  55. <pre>#Path to the plugin-cfg.xml file
  56. $filetoUse = "D:\IBM\WebSphere\Plugins\webserver1\plugin-cfg.xml"
  57.  
  58. #Path to the Output XML file
  59. $outputPath = "D:\IBM\WebSphere\Plugins\webserver1\plugin-cfg.xml"</pre>
  60. <p>For the automatic mode, please fill the variable with the BackupServers:</p>
  61. <pre>[System.Array]$BackupServerList = "ic55Node02_CommonCluster_server2", "xxx", "yyy"</pre>
  62. <p>Then add the script to your Windows Task Scheduler and run it each 10 minutes or so&#8230;</p>
  63. <p>Hope this helps someone out there <img src="https://s.w.org/images/core/emoji/2.2.1/72x72/1f609.png" alt="&#x1f609;" class="wp-smiley" style="height: 1em; max-height: 1em;" /></p>
  64. ]]></content:encoded>
  65. <wfw:commentRss>http://techblog.gis-ag.info/2016/12/01/automatic-websphere-plugin-modification-ii-powershell-for-windows/feed/</wfw:commentRss>
  66. <slash:comments>0</slash:comments>
  67. </item>
  68. <item>
  69. <title>IBM Connections Docs – file preview not possible for some CCM pdf files</title>
  70. <link>http://techblog.gis-ag.info/2016/11/17/ibm-connections-docs-file-preview-not-possible-for-some-ccm-pdf-files/</link>
  71. <comments>http://techblog.gis-ag.info/2016/11/17/ibm-connections-docs-file-preview-not-possible-for-some-ccm-pdf-files/#respond</comments>
  72. <pubDate>Thu, 17 Nov 2016 07:15:52 +0000</pubDate>
  73. <dc:creator><![CDATA[Julius Schwarzweller]]></dc:creator>
  74. <category><![CDATA[IBM Connections]]></category>
  75. <category><![CDATA[applications/pdf]]></category>
  76. <category><![CDATA[CCM]]></category>
  77. <category><![CDATA[CLFSF402W]]></category>
  78. <category><![CDATA[document type not supported]]></category>
  79. <category><![CDATA[Fileviewer]]></category>
  80. <category><![CDATA[firefox]]></category>
  81. <category><![CDATA[IBM Connections 5.5]]></category>
  82. <category><![CDATA[IBM Docs 2.0.1]]></category>
  83. <category><![CDATA[image/pcl]]></category>
  84. <category><![CDATA[mime-types.rdf]]></category>
  85. <category><![CDATA[pdf]]></category>
  86.  
  87. <guid isPermaLink="false">http://techblog.gis-ag.info/?p=2076</guid>
  88. <description><![CDATA[IBM Connections Docs – file preview not possible for some CCM pdf files Hi all, last week we had trouble in a customer environment using the file preview functionality for some pdf files (only those that were uploaded using CCM). Instead of a preview the message was displayed: At the same time we saw the [&#8230;]]]></description>
  89. <content:encoded><![CDATA[<p><strong>IBM Connections Docs – file preview not possible for some CCM pdf files</strong></p>
  90. <p>Hi all,</p>
  91. <p>last week we had trouble in a customer environment using the file preview functionality for some pdf files (only those that were uploaded using CCM).</p>
  92. <p>Instead of a preview the message was displayed:</p>
  93. <p><a href="http://techblog.gis-ag.info/2016/11/17/ibm-connections-docs-file-preview-not-possible-for-some-ccm-pdf-files/bildschirmfoto-2016-11-16-um-08-29-59/#main" rel="attachment wp-att-2077"><img class="alignnone size-large wp-image-2077" src="http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-16-um-08.29.59-1024x201.png" alt="bildschirmfoto-2016-11-16-um-08-29-59" width="640" height="126" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-16-um-08.29.59-1024x201.png 1024w, http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-16-um-08.29.59-300x59.png 300w, http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-16-um-08.29.59-768x151.png 768w, http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-16-um-08.29.59.png 1198w" sizes="(max-width: 640px) 100vw, 640px" /></a></p>
  94. <p>At the same time we saw the following warning in the log:</p>
  95. <p><a href="http://techblog.gis-ag.info/2016/11/17/ibm-connections-docs-file-preview-not-possible-for-some-ccm-pdf-files/bildschirmfoto-2016-11-15-um-12-02-38/#main" rel="attachment wp-att-2080"><img class="alignnone size-large wp-image-2080" src="http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-15-um-12.02.38-1024x36.png" alt="bildschirmfoto-2016-11-15-um-12-02-38" width="640" height="23" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-15-um-12.02.38-1024x36.png 1024w, http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-15-um-12.02.38-300x10.png 300w, http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-15-um-12.02.38-768x27.png 768w, http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-15-um-12.02.38.png 1405w" sizes="(max-width: 640px) 100vw, 640px" /></a></p>
  96. <p>The mime-type was set to “image/pcl” instead of “application/pdf”… this mime-type is not supported by IBM Docs File viewer. We had to dig deep into the customers’ environment in order to find the solution…</p>
  97. <p>If you browse to <a href="https://connections.server.com/acce">https://connections.server.com/acce</a> we filtered all files with this buggy mime-type:</p>
  98. <p><a href="http://techblog.gis-ag.info/2016/11/17/ibm-connections-docs-file-preview-not-possible-for-some-ccm-pdf-files/bildschirmfoto-2016-11-15-um-12-02-07/#main" rel="attachment wp-att-2078"><img class="alignnone size-full wp-image-2078" src="http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-15-um-12.02.07.png" alt="bildschirmfoto-2016-11-15-um-12-02-07" width="889" height="233" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-15-um-12.02.07.png 889w, http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-15-um-12.02.07-300x79.png 300w, http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-15-um-12.02.07-768x201.png 768w" sizes="(max-width: 889px) 100vw, 889px" /></a></p>
  99. <p>Testing this issue with different browsers:</p>
  100. <ul>
  101. <li><strong><em>FF – does not work</em></strong></li>
  102. <li>IE – works</li>
  103. <li>Chrome – works</li>
  104. <li>Safari – works</li>
  105. <li>Connections Desktop Plugins &#8211; works</li>
  106. </ul>
  107. <p>Our idea was that the mime-type is set based on a specific browser setting…</p>
  108. <p>Firefox has its own mime-types table definition: mimeTypes.rdf in the FF profile folder. Looking into this file we found the ambiguous entry:</p>
  109. <p><a href="http://techblog.gis-ag.info/2016/11/17/ibm-connections-docs-file-preview-not-possible-for-some-ccm-pdf-files/mime-types/#main" rel="attachment wp-att-2079"><img class="alignnone size-full wp-image-2079" src="http://techblog.gis-ag.info/wp-content/uploads/2016/11/mime-types.gif" alt="mime-types" width="579" height="240" /></a></p>
  110. <p>This seems to be a known problem:</p>
  111. <p><a href="https://support.mozilla.org/en-US/questions/932120">https://support.mozilla.org/en-US/questions/932120</a></p>
  112. <p><strong>The fix: </strong></p>
  113. <ul>
  114. <li>Close FF</li>
  115. <li>Delete the mime-types.rdf file</li>
  116. <li>Start FF (the mime-types.rdf file is recreated without the erroneous entry)</li>
  117. </ul>
  118. <p>Uploading a pdf file with this new setting creates the correct mime-type within CCM so that the file preview for CCM files starts working again.</p>
  119. <p>Unfortunately, we could not find a solution how to change the mime-type for already uploaded files (with wrong mime-type) – only re-uploading with the correct setting works here. Changing stuff in the Filenet databases is no fun <img src="https://s.w.org/images/core/emoji/2.2.1/72x72/1f609.png" alt="&#x1f609;" class="wp-smiley" style="height: 1em; max-height: 1em;" /></p>
  120. ]]></content:encoded>
  121. <wfw:commentRss>http://techblog.gis-ag.info/2016/11/17/ibm-connections-docs-file-preview-not-possible-for-some-ccm-pdf-files/feed/</wfw:commentRss>
  122. <slash:comments>0</slash:comments>
  123. </item>
  124. <item>
  125. <title>IBM Connections 5.5 CR2 released</title>
  126. <link>http://techblog.gis-ag.info/2016/11/10/ibm-connections-5-5-cr2-released/</link>
  127. <comments>http://techblog.gis-ag.info/2016/11/10/ibm-connections-5-5-cr2-released/#respond</comments>
  128. <pubDate>Thu, 10 Nov 2016 08:13:51 +0000</pubDate>
  129. <dc:creator><![CDATA[Julius Schwarzweller]]></dc:creator>
  130. <category><![CDATA[IBM Connections]]></category>
  131. <category><![CDATA[Community surveys updates]]></category>
  132. <category><![CDATA[CR2]]></category>
  133. <category><![CDATA[Filenet Fixes]]></category>
  134. <category><![CDATA[IBM Connections 5.5]]></category>
  135. <category><![CDATA[WAS 8.5.5 FP9]]></category>
  136.  
  137. <guid isPermaLink="false">http://techblog.gis-ag.info/?p=2069</guid>
  138. <description><![CDATA[IBM Connections 5.5 CR2 released Hi all, IBM released CR2 for IBM Connections 5.5: The Fix list Download the CR Database updates are mandatory (Activities, Files, Homepage, Mobile, Wikis) Filenet updates are mandatory Updates for Community Surveys (Fixes the TLS 1.2 issues) A prerequisite for CR2 is at least WAS 8.5.5 FP9 (let`s see when [&#8230;]]]></description>
  139. <content:encoded><![CDATA[<p><strong>IBM Connections 5.5 CR2 released</strong></p>
  140. <p>Hi all,</p>
  141. <p>IBM released CR2 for IBM Connections 5.5:</p>
  142. <ul>
  143. <li>The <a href="http://www-01.ibm.com/support/docview.wss?uid=swg21991630&amp;myns=swglotus&amp;mynp=OCSSYGQH&amp;mync=R&amp;cm_sp=swglotus-_-OCSSYGQH-_-R">Fix list</a></li>
  144. <li><a href="http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Collaboration%2BSolutions&amp;product=ibm/Lotus/Lotus+Connections&amp;release=5.5.0.0&amp;platform=Linux&amp;function=fixId&amp;fixids=5.5.0.0-IC-Multi-CR02-LO89068&amp;includeRequisites=1&amp;includeSupersedes=0&amp;downloadMethod=http&amp;source=fc">Download the CR</a></li>
  145. <li><a href="http://www-01.ibm.com/support/docview.wss?uid=swg21991529&amp;myns=swglotus&amp;mynp=OCSSYGQH&amp;mync=R&amp;cm_sp=swglotus-_-OCSSYGQH-_-R">Database updates</a> are mandatory (Activities, Files, Homepage, Mobile, Wikis)</li>
  146. <li><a href="http://www-01.ibm.com/support/docview.wss?uid=swg21991528&amp;myns=swglotus&amp;mynp=OCSSYGQH&amp;mync=R&amp;cm_sp=swglotus-_-OCSSYGQH-_-R">Filenet updates</a> are mandatory</li>
  147. <li><a href="http://www-01.ibm.com/support/docview.wss?uid=swg21991532&amp;myns=swglotus&amp;mynp=OCSSYGQH&amp;mync=R&amp;cm_sp=swglotus-_-OCSSYGQH-_-R">Updates for Community Surveys</a> (Fixes the TLS 1.2 issues)</li>
  148. </ul>
  149. <p>A prerequisite for CR2 is at least WAS 8.5.5 FP9 (let`s see when FP10 will be officially supported)</p>
  150. <p>A general <a href="http://www-01.ibm.com/support/docview.wss?uid=swg21992449&amp;myns=swglotus&amp;mynp=OCSSYGQH&amp;mync=R&amp;cm_sp=swglotus-_-OCSSYGQH-_-R">step-by-step</a> guide installing CR2 is provided by IBM.</p>
  151. <p>A new <a href="http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Collaboration%2BSolutions&amp;product=ibm/Lotus/Lotus+Connections&amp;release=5.5.0.0&amp;platform=Linux&amp;function=fixId&amp;fixids=5.5.0.0-IC-CR2-CognosWizard-LO90612-Linux&amp;includeRequisites=1&amp;includeSupersedes=0&amp;downloadMethod=http&amp;source=fc">CR2 version</a> of the Cognos wizard can be downloaded</p>
  152. <p>If you take a look at the Fix list, there are some nice new features (I need to install CR2 first in order to have an overview about this new stuff):</p>
  153. <ul>
  154. <li>Implemented a setting that allows community owners to change the sharing of the root folder of a CCM Library via a sharing panel and/or sharing dialog very similar to the existing features for folder and file sharing. This feature is enabled by the setting &lt;librarySharingPanel&gt;true&lt;/librarySharingPanel&gt; to the library-config.xml</li>
  155. <li>Implemented a method so Administrators could remove obsolete widgets, like Media Gallery, from communities</li>
  156. <li>Improvements to the maximum size settings for uploading a file</li>
  157. <li>Added Device Passcode Configuration Support</li>
  158. <li>Include type restriction information from files-config in mobile config feed</li>
  159. <li>Added the &#8220;Open in Mobile&#8221; link for File Comment / Community Status Comment in notifications</li>
  160. <li>General improvements for TDISOL</li>
  161. </ul>
  162. <p>as there are TDISOL improvements you should also replace your TDISOL with the newest version in your IBM Connections folder.</p>
  163. <p>&nbsp;</p>
  164. ]]></content:encoded>
  165. <wfw:commentRss>http://techblog.gis-ag.info/2016/11/10/ibm-connections-5-5-cr2-released/feed/</wfw:commentRss>
  166. <slash:comments>0</slash:comments>
  167. </item>
  168. <item>
  169. <title>IBM Connections &#8211; How to switch to a custom global unique ID for users</title>
  170. <link>http://techblog.gis-ag.info/2016/11/07/ibm-connections-how-to-switch-to-a-custom-global-unique-id-for-users/</link>
  171. <comments>http://techblog.gis-ag.info/2016/11/07/ibm-connections-how-to-switch-to-a-custom-global-unique-id-for-users/#respond</comments>
  172. <pubDate>Mon, 07 Nov 2016 07:59:21 +0000</pubDate>
  173. <dc:creator><![CDATA[Julius Schwarzweller]]></dc:creator>
  174. <category><![CDATA[IBM Connections]]></category>
  175. <category><![CDATA[customUserID]]></category>
  176. <category><![CDATA[dominoUNID]]></category>
  177. <category><![CDATA[IBM Connections 5.5]]></category>
  178. <category><![CDATA[inactive users]]></category>
  179. <category><![CDATA[TDI problems]]></category>
  180. <category><![CDATA[TDI synchronization]]></category>
  181. <category><![CDATA[uniqueID]]></category>
  182.  
  183. <guid isPermaLink="false">http://techblog.gis-ag.info/?p=2052</guid>
  184. <description><![CDATA[IBM Connections &#8211; How to switch to a custom global unique ID for users Hi, many of our todays support cases is related to non-working profiles in IBM Connections. If users change their name, switch from one to another location or simply get a new account their profile in IBM Connections might get inactivated because [&#8230;]]]></description>
  185. <content:encoded><![CDATA[<p><strong>IBM Connections &#8211; How to switch to a custom global unique ID for users<br />
  186. </strong></p>
  187. <p>Hi,</p>
  188. <p>many of our todays support cases is related to non-working profiles in IBM Connections.</p>
  189. <p>If users change their name, switch from one to another location or simply get a new account their profile in IBM Connections might get inactivated because the hash key between LDAP and database has changed.</p>
  190. <p>There are three possible hash keys:</p>
  191. <ul>
  192. <li>UID: Often a bad choice, as this might change</li>
  193. <li>eMail: Also a bad choice</li>
  194. <li>GUID: Unique ID &#8211; a good choise</li>
  195. </ul>
  196. <p>So GUID is the attribute you should go for if you have non-unique eMail or UID values in LDAP.</p>
  197. <p>GUID is a canonical String that is generated from:</p>
  198. <ul>
  199. <li>AD: objectGUID / objectSID</li>
  200. <li>Domino: dominoUNID</li>
  201. </ul>
  202. <p>But in daily use the GUID value is not really as shiny as it seems&#8230; Due to the fact that many Domino administrators copy documents (STRG-C + STRG-V) duplicate dominoUNIDs can occur &#8211; which might kill an IBM Connections profile. I heard from customers with Active Directories who delete an AD account and recreate it if a person changes names&#8230; The IBM Connections profile gets inactivated.</p>
  203. <p>But some customers implemented another unique key (such as employee number) into their LDAP in order to avoid such problems. The question comes up, how do I need to configure IBM Connections to make use of this new unique ID?</p>
  204. <p>Everything is <a href="http://www.ibm.com/support/knowledgecenter/SSYGQH_5.5.0/admin/install/t_specify_dif_guid.html">documented</a> in detail and works very well (<strong><em>Please note that you should be very careful using this approach if you have CCM libraries in use &#8211; this change might break the access rights for all users!!!</em></strong>):</p>
  205. <p>1. Depending on what attribute shall be used you need to first define a wim extension:</p>
  206. <p>1.1 <strong>Attributes that are not part of PersonAccount schema</strong> &#8211; go to ../DMGR/config/cells/CELLNAME/wim/model and create a file &#8220;wimxmlextension.xml&#8221;</p>
  207. <pre class="codeblock"><code>&lt;?xml version="1.0" encoding="UTF-8"?&gt;
  208. &lt;sdo:datagraph xmlns:sdo="commonj.sdo"
  209. xmlns:wim="http://www.example.com/websphere/wim"&gt;
  210. &lt;wim:schema&gt;
  211. &lt;wim:propertySchema
  212. nsURI="http://www.example.com/websphere/wim"
  213. dataType="STRING" multiValued="false"
  214. propertyName="customerUserID"&gt;
  215. &lt;wim:applicableEntityTypeNames&gt;PersonAccount
  216. &lt;/wim:applicableEntityTypeNames&gt;
  217. &lt;/wim:propertySchema&gt;
  218. </code></pre>
  219. <p>1.2 If your customer uses a LDAP <strong>attribute that is already part of the PersonAccount schema</strong> you can directly go to 2)</p>
  220. <p>2) Open the wimconfig.xml (here we add customerUserID as an supported attribute):</p>
  221. <pre class="codeblock"><code>...
  222. &lt;config:attributeConfiguration&gt;
  223. &lt;config:attributes name="userPassword" propertyName="password"/&gt;
  224. &lt;config:attributes name="customUserID" propertyName="customUserID"/&gt;
  225. &lt;config:propertiesNotSupported name="homeAddress"/&gt;
  226. &lt;config:propertiesNotSupported name="businessAddress"/&gt;
  227. &lt;/config:attributeConfiguration&gt;
  228. </code></pre>
  229. <p>3) open and edit the LotusConnectionsconfig.xml file and add the following part:</p>
  230. <pre>&lt;sloc:serviceReference profiles_directory_service_extension_enabled="true" serviceName="directory" <strong><em>custom_user_id_attribute="customUserID"</em></strong>/&gt;
  231. </pre>
  232. <p>4) Make a full resync of all nodes<br />
  233. 5) TDI: edit the file &#8220;map_dbrepos_from_source.properties&#8221; and map the new customerUserId to GUID:<br />
  234. &#8230;<br />
  235. GUID=customerUserID<br />
  236. &#8230;</p>
  237. <p><a href="http://techblog.gis-ag.info/2016/11/07/ibm-connections-how-to-switch-to-a-custom-global-unique-id-for-users/bildschirmfoto-2016-11-06-um-12-35-43/#main" rel="attachment wp-att-2058"><img class="alignnone size-full wp-image-2058" src="http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-06-um-12.35.43.png" alt="bildschirmfoto-2016-11-06-um-12-35-43" width="582" height="414" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-06-um-12.35.43.png 582w, http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-06-um-12.35.43-300x213.png 300w" sizes="(max-width: 582px) 100vw, 582px" /></a><br />
  238. 6) TDI: open the file &#8220;profiles_tdi.properties&#8221; and change the field &#8220;sync_updates_hash_field&#8221; from:</p>
  239. <p>sync_updates_hash_field=guid</p>
  240. <p>to</p>
  241. <p>sync_updates_hash_field=uid (or mail)</p>
  242. <p><a href="http://techblog.gis-ag.info/2016/11/07/ibm-connections-how-to-switch-to-a-custom-global-unique-id-for-users/bildschirmfoto-2016-11-06-um-12-35-15/#main" rel="attachment wp-att-2059"><img class="alignnone size-full wp-image-2059" src="http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-06-um-12.35.15.png" alt="bildschirmfoto-2016-11-06-um-12-35-15" width="660" height="382" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-06-um-12.35.15.png 660w, http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-06-um-12.35.15-300x174.png 300w" sizes="(max-width: 660px) 100vw, 660px" /></a></p>
  243. <p>7) start sync_all_dns.sh and check if the profiles have been correctly updated:</p>
  244. <p>db2 &#8220;select PROF_GUID from EMPINST.EMPLOYEE&#8221; should show the new customerUserID`s</p>
  245. <p>8) Revert back the change in profiles_tdi.properties so that the sync_updates_hash_field is set back to the guid value</p>
  246. <p>sync_updates_hash_field=guid</p>
  247. <p>&nbsp;</p>
  248. <p>That`s it.</p>
  249. <p><strong>A profile with the canonical String from a dominoUNID:</strong></p>
  250. <p><a href="http://techblog.gis-ag.info/2016/11/07/ibm-connections-how-to-switch-to-a-custom-global-unique-id-for-users/bildschirmfoto-2016-11-04-um-12-48-20/#main" rel="attachment wp-att-2057"><img class="alignnone size-large wp-image-2057" src="http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-04-um-12.48.20-1024x564.png" alt="bildschirmfoto-2016-11-04-um-12-48-20" width="640" height="353" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-04-um-12.48.20-1024x564.png 1024w, http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-04-um-12.48.20-300x165.png 300w, http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-04-um-12.48.20-768x423.png 768w, http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-04-um-12.48.20.png 1080w" sizes="(max-width: 640px) 100vw, 640px" /></a></p>
  251. <p><strong>A profile with the customUserID as identifier:</strong></p>
  252. <p><a href="http://techblog.gis-ag.info/2016/11/07/ibm-connections-how-to-switch-to-a-custom-global-unique-id-for-users/bildschirmfoto-2016-11-04-um-12-50-42/#main" rel="attachment wp-att-2056"><img class="alignnone size-full wp-image-2056" src="http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-04-um-12.50.42.png" alt="bildschirmfoto-2016-11-04-um-12-50-42" width="1006" height="532" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-04-um-12.50.42.png 1006w, http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-04-um-12.50.42-300x159.png 300w, http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-04-um-12.50.42-768x406.png 768w" sizes="(max-width: 1006px) 100vw, 1006px" /></a></p>
  253. ]]></content:encoded>
  254. <wfw:commentRss>http://techblog.gis-ag.info/2016/11/07/ibm-connections-how-to-switch-to-a-custom-global-unique-id-for-users/feed/</wfw:commentRss>
  255. <slash:comments>0</slash:comments>
  256. </item>
  257. <item>
  258. <title>IBM Connections &#8211; add additional login attribute</title>
  259. <link>http://techblog.gis-ag.info/2016/10/12/ibm-connections-add-additional-login-attribute/</link>
  260. <comments>http://techblog.gis-ag.info/2016/10/12/ibm-connections-add-additional-login-attribute/#respond</comments>
  261. <pubDate>Wed, 12 Oct 2016 08:17:34 +0000</pubDate>
  262. <dc:creator><![CDATA[Julius Schwarzweller]]></dc:creator>
  263. <category><![CDATA[IBM Connections]]></category>
  264. <category><![CDATA[custom Login attribute]]></category>
  265. <category><![CDATA[IBM Connections 5.5]]></category>
  266. <category><![CDATA[loginID]]></category>
  267. <category><![CDATA[PersonAccount]]></category>
  268. <category><![CDATA[TDI]]></category>
  269. <category><![CDATA[WIM]]></category>
  270. <category><![CDATA[wimconfig.xml]]></category>
  271.  
  272. <guid isPermaLink="false">http://techblog.gis-ag.info/?p=2045</guid>
  273. <description><![CDATA[IBM Connections &#8211; add additional login attribute Hi, last week I got the question if it is possible to use another login attribute for IBM Connections than uid, cn or email. Yes, this is possible and can be done very easy. It just needs some small adjustments (I assume that you already extended your LDAP [&#8230;]]]></description>
  274. <content:encoded><![CDATA[<p><strong>IBM Connections &#8211; add additional login attribute</strong></p>
  275. <p>Hi,</p>
  276. <p>last week I got the question if it is possible to use another login attribute for IBM Connections than uid, cn or email.</p>
  277. <p>Yes, this is possible and can be done very easy. It just needs some small adjustments (I assume that you already extended your LDAP schema and that the custom attribute is available in LDAP!!):<br />
  278. 1. Open a wsadmin session ./wsadmin -lang jacl<br />
  279. 2. Make a custom login attribute from LDAP known to the PersonAccount entity:</p>
  280. <pre>$AdminTask addIdMgrPropertyToEntityTypes {-name customLoginAttribute -dataType string -entityTypeNames PersonAccount}</pre>
  281. <p>3. Open the wimconfig.xml file and check if the following entry was added correctly (in the section of your ldap definition)</p>
  282. <pre>&lt;config:attributes name="customLoginAttribute" propertyName="customLoginAttribute"&gt;
  283. &lt;config:entityTypes&gt;PersonAccount&lt;/config:entityTypes&gt;
  284. &lt;/config:attributes&gt;</pre>
  285. <p><a href="http://techblog.gis-ag.info/2016/10/12/ibm-connections-add-additional-login-attribute/bildschirmfoto-2016-10-12-um-10-11-26/#main" rel="attachment wp-att-2046"><img class="alignnone size-full wp-image-2046" src="http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-12-um-10.11.26.png" alt="bildschirmfoto-2016-10-12-um-10-11-26" width="845" height="545" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-12-um-10.11.26.png 845w, http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-12-um-10.11.26-300x193.png 300w, http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-12-um-10.11.26-768x495.png 768w" sizes="(max-width: 845px) 100vw, 845px" /></a></p>
  286. <p>4. Add the custom login attribute:<br />
  287. &#8230;</p>
  288. <pre>&lt;config:loginProperties&gt;uid&lt;/config:loginProperties&gt;
  289. &lt;config:loginProperties&gt;mail&lt;/config:loginProperties&gt;
  290. &lt;config:loginProperties&gt;cn&lt;/config:loginProperties&gt;
  291. &lt;config:loginProperties&gt;customLoginAttribute&lt;/config:loginProperties&gt;
  292. </pre>
  293. <p>5. open the file &#8220;map_dbrepos_from_source.properties and add the following mapping and start a TDI sync:</p>
  294. <pre>loginId=customLoginAttribute</pre>
  295. <p>6. Ensure that loginId is enabled as allowed login attribute in profiles-config.xml:</p>
  296. <pre>&lt;!--Lists fields that will be used to resolve user at login time --&gt;
  297. &lt;loginAttributes&gt;
  298. &lt;loginAttribute&gt;uid&lt;/loginAttribute&gt;
  299. &lt;loginAttribute&gt;email&lt;/loginAttribute&gt;
  300. &lt;loginAttribute&gt;loginId&lt;/loginAttribute&gt;
  301. &lt;/loginAttributes&gt;
  302. </pre>
  303. <p>7. Perform a full node resync and restart the cell</p>
  304. <p>Not you are able to login using the LDAP attribute customLoginAttribute <img src="https://s.w.org/images/core/emoji/2.2.1/72x72/1f609.png" alt="&#x1f609;" class="wp-smiley" style="height: 1em; max-height: 1em;" /></p>
  305. <p>&nbsp;</p>
  306. ]]></content:encoded>
  307. <wfw:commentRss>http://techblog.gis-ag.info/2016/10/12/ibm-connections-add-additional-login-attribute/feed/</wfw:commentRss>
  308. <slash:comments>0</slash:comments>
  309. </item>
  310. <item>
  311. <title>IBM Connections &#8211; Set read-only access to CCM libraries</title>
  312. <link>http://techblog.gis-ag.info/2016/10/06/ibm-connections-set-read-only-access-to-ccm-libraries/</link>
  313. <comments>http://techblog.gis-ag.info/2016/10/06/ibm-connections-set-read-only-access-to-ccm-libraries/#comments</comments>
  314. <pubDate>Thu, 06 Oct 2016 09:28:46 +0000</pubDate>
  315. <dc:creator><![CDATA[Julius Schwarzweller]]></dc:creator>
  316. <category><![CDATA[IBM Connections]]></category>
  317. <category><![CDATA[acce]]></category>
  318. <category><![CDATA[CCM]]></category>
  319. <category><![CDATA[FIlenet]]></category>
  320. <category><![CDATA[files]]></category>
  321. <category><![CDATA[IBM Connections 5.5]]></category>
  322. <category><![CDATA[migrate]]></category>
  323. <category><![CDATA[read-only]]></category>
  324.  
  325. <guid isPermaLink="false">http://techblog.gis-ag.info/?p=2034</guid>
  326. <description><![CDATA[IBM Connections &#8211; Set read-only access to CCM libraries Hi, we are in the middle of several migrations to IBM Connections 5.5 and most of our customers come up with the question: What do I need CCM for if I can use nested folders in Files now? Many customers decide to manually migration CCM libraries [&#8230;]]]></description>
  327. <content:encoded><![CDATA[<p><strong>IBM Connections &#8211; Set read-only access to CCM libraries</strong></p>
  328. <p>Hi,</p>
  329. <p>we are in the middle of several migrations to IBM Connections 5.5 and most of our customers come up with the question: What do I need CCM for if I can use nested folders in Files now?<br />
  330. Many customers decide to manually migration CCM libraries to Files&#8230; This time a customer asked us if it is possible to set access to libraries to read-only so that no new files or folders are added to CCM.</p>
  331. <p>This is possible using the following workaround (might not be supported by IBM..):</p>
  332. <ul>
  333. <li>access Filenet acce https://server.name.com/acce</li>
  334. <li>navigate to ICObjectStore and click on Security</li>
  335. <li>Mark the entry #AUTHENTICATED-USERS</li>
  336. </ul>
  337. <p><a href="http://techblog.gis-ag.info/2016/10/06/ibm-connections-set-read-only-access-to-ccm-libraries/bildschirmfoto-2016-10-06-um-10-17-15/#main" rel="attachment wp-att-2036"><img class="alignnone size-large wp-image-2036" src="http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-06-um-10.17.15-1024x386.png" alt="bildschirmfoto-2016-10-06-um-10-17-15" width="640" height="241" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-06-um-10.17.15-1024x386.png 1024w, http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-06-um-10.17.15-300x113.png 300w, http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-06-um-10.17.15-768x290.png 768w, http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-06-um-10.17.15.png 1267w" sizes="(max-width: 640px) 100vw, 640px" /></a></p>
  338. <ul>
  339. <li>click on &#8220;Edit&#8221;</li>
  340. </ul>
  341. <p><a href="http://techblog.gis-ag.info/2016/10/06/ibm-connections-set-read-only-access-to-ccm-libraries/bildschirmfoto-2016-10-06-um-10-17-33/#main" rel="attachment wp-att-2037"><img class="alignnone size-full wp-image-2037" src="http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-06-um-10.17.33.png" alt="bildschirmfoto-2016-10-06-um-10-17-33" width="567" height="399" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-06-um-10.17.33.png 567w, http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-06-um-10.17.33-300x211.png 300w" sizes="(max-width: 567px) 100vw, 567px" /></a></p>
  342. <ul>
  343. <li>Deselect
  344. <ul>
  345. <li>Modify existing objects</li>
  346. <li>Create new objects</li>
  347. <li>delete objects</li>
  348. </ul>
  349. </li>
  350. <li>select
  351. <ul>
  352. <li>Read permissions</li>
  353. </ul>
  354. </li>
  355. <li>click &#8220;OK&#8221;</li>
  356. </ul>
  357. <p><a href="http://techblog.gis-ag.info/2016/10/06/ibm-connections-set-read-only-access-to-ccm-libraries/bildschirmfoto-2016-10-06-um-10-17-43/#main" rel="attachment wp-att-2038"><img class="alignnone size-full wp-image-2038" src="http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-06-um-10.17.43.png" alt="bildschirmfoto-2016-10-06-um-10-17-43" width="571" height="400" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-06-um-10.17.43.png 571w, http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-06-um-10.17.43-300x210.png 300w" sizes="(max-width: 571px) 100vw, 571px" /></a></p>
  358. <ul>
  359. <li>Save the changes</li>
  360. </ul>
  361. <p>If you now try to upload a new file within an existing library you will see the following error message:</p>
  362. <p><a href="http://techblog.gis-ag.info/2016/10/06/ibm-connections-set-read-only-access-to-ccm-libraries/bildschirmfoto-2016-10-06-um-10-09-36/#main" rel="attachment wp-att-2039"><img class="alignnone size-full wp-image-2039" src="http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-06-um-10.09.36.png" alt="bildschirmfoto-2016-10-06-um-10-09-36" width="635" height="378" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-06-um-10.09.36.png 635w, http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-06-um-10.09.36-300x179.png 300w" sizes="(max-width: 635px) 100vw, 635px" /></a></p>
  363. <p>If you try to create a new folder:</p>
  364. <p><a href="http://techblog.gis-ag.info/2016/10/06/ibm-connections-set-read-only-access-to-ccm-libraries/bildschirmfoto-2016-10-06-um-10-14-41/#main" rel="attachment wp-att-2040"><img class="alignnone size-full wp-image-2040" src="http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-06-um-10.14.41.png" alt="bildschirmfoto-2016-10-06-um-10-14-41" width="535" height="308" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-06-um-10.14.41.png 535w, http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-06-um-10.14.41-300x173.png 300w" sizes="(max-width: 535px) 100vw, 535px" /></a></p>
  365. <p>Also deletion of CCM files is not possible</p>
  366. <p>The only thing that works is downloading CCM files:</p>
  367. <p><a href="http://techblog.gis-ag.info/2016/10/06/ibm-connections-set-read-only-access-to-ccm-libraries/bildschirmfoto-2016-10-06-um-10-15-29/#main" rel="attachment wp-att-2041"><img class="alignnone size-full wp-image-2041" src="http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-06-um-10.15.29.png" alt="bildschirmfoto-2016-10-06-um-10-15-29" width="817" height="390" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-06-um-10.15.29.png 817w, http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-06-um-10.15.29-300x143.png 300w, http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-06-um-10.15.29-768x367.png 768w" sizes="(max-width: 817px) 100vw, 817px" /></a></p>
  368. <p>You should also disable the Library Widget from being added to communities:</p>
  369. <p>open the widget-config.xml file and change &#8220;showInPalette&#8221; from &#8220;true&#8221; to &#8220;false&#8221;:</p>
  370. <pre>&lt;widgetDef bundleRefId="lc_clib" defId="Library" description="Library.description"
  371. helpLink="{helpSvcRef}/topic/com.ibm.lotus.connections.communities.help/c_com_library_frame.html"
  372. iconUrl="{contextRoot}/nav/common/images/ManagedFiles.png" modes="view search edit fullpage" prerequisite="ecm_files"
  373. showInExternalCommunities="false" showInPalette="true" themes="wpthemeNarrow wpthemeWide wpthemeBanner"
  374. url="{webresourcesSvcRef}/web/quickr.lw/widgetDefs/LibraryWidget_QCS_Connections.xml?etag={version}"&gt;
  375. ...
  376. </pre>
  377. <p>to:</p>
  378. <pre>&lt;widgetDef bundleRefId="lc_clib" defId="Library" description="Library.description"
  379. helpLink="{helpSvcRef}/topic/com.ibm.lotus.connections.communities.help/c_com_library_frame.html"
  380. iconUrl="{contextRoot}/nav/common/images/ManagedFiles.png" modes="view search edit fullpage" prerequisite="ecm_files"
  381. showInExternalCommunities="false" showInPalette="false" themes="wpthemeNarrow wpthemeWide wpthemeBanner"
  382. url="{webresourcesSvcRef}/web/quickr.lw/widgetDefs/LibraryWidget_QCS_Connections.xml?etag={version}"&gt;</pre>
  383. <pre>...</pre>
  384. <p>then the widget is not addable anymore.</p>
  385. <p>A manual migration is maybe not the most egegant way to move CCM data to Files but an easy and cheap one <img src="https://s.w.org/images/core/emoji/2.2.1/72x72/1f609.png" alt="&#x1f609;" class="wp-smiley" style="height: 1em; max-height: 1em;" /> &#8211; with this settings you can make this process a bit easier and you can avoid possible loss of data once the CCM service is switched off. The error messages when uploading / deleting a file or a folder are not really self explaining &#8211; you should tell your user and write a proper introduction.</p>
  386. <p>One more remark: Be sure to have administrator access to the ObjectStore and only modify the #AUTHENTICATED-USERS section:</p>
  387. <p><a href="http://techblog.gis-ag.info/2016/10/06/ibm-connections-set-read-only-access-to-ccm-libraries/bildschirmfoto-2016-10-06-um-10-17-15/#main" rel="attachment wp-att-2036"><img class="alignnone size-large wp-image-2036" src="http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-06-um-10.17.15-1024x386.png" alt="bildschirmfoto-2016-10-06-um-10-17-15" width="640" height="241" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-06-um-10.17.15-1024x386.png 1024w, http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-06-um-10.17.15-300x113.png 300w, http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-06-um-10.17.15-768x290.png 768w, http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-06-um-10.17.15.png 1267w" sizes="(max-width: 640px) 100vw, 640px" /></a></p>
  388. <p>In my case &#8220;FastStartAdmin&#8221; is the main administrator that still has write access to all content.</p>
  389. ]]></content:encoded>
  390. <wfw:commentRss>http://techblog.gis-ag.info/2016/10/06/ibm-connections-set-read-only-access-to-ccm-libraries/feed/</wfw:commentRss>
  391. <slash:comments>1</slash:comments>
  392. </item>
  393. <item>
  394. <title>WebSphere custom TAI &#8211; Doing SSO the right way</title>
  395. <link>http://techblog.gis-ag.info/2016/09/06/websphere-custom-tai-doing-sso-the-right-way/</link>
  396. <comments>http://techblog.gis-ag.info/2016/09/06/websphere-custom-tai-doing-sso-the-right-way/#respond</comments>
  397. <pubDate>Tue, 06 Sep 2016 06:50:25 +0000</pubDate>
  398. <dc:creator><![CDATA[Julius Schwarzweller]]></dc:creator>
  399. <category><![CDATA[IBM Connections]]></category>
  400. <category><![CDATA[WebSphere Portal]]></category>
  401. <category><![CDATA[Interceptor]]></category>
  402. <category><![CDATA[OAuth]]></category>
  403. <category><![CDATA[SAML]]></category>
  404. <category><![CDATA[Single-Sign-On]]></category>
  405. <category><![CDATA[SPNEGO]]></category>
  406. <category><![CDATA[SSO]]></category>
  407. <category><![CDATA[TAI]]></category>
  408. <category><![CDATA[Trust Association]]></category>
  409. <category><![CDATA[WebSphere TAI]]></category>
  410.  
  411. <guid isPermaLink="false">http://techblog.gis-ag.info/?p=1992</guid>
  412. <description><![CDATA[WebSphere TAI &#8211; Doing SSO the right way Hi all, one thing on my &#8220;to do blog posts&#8221; list is to write something about WebSphere TAI. A great way to introduce Single-Sign On between different systems. What is TAI? WebSphere TAI means &#8220;Trust Association Interceptor&#8221; WebSphere TAI is a well-known and proven security concept in [&#8230;]]]></description>
  413. <content:encoded><![CDATA[<p><strong>WebSphere TAI &#8211; Doing SSO the right way</strong></p>
  414. <p>Hi all,</p>
  415. <p>one thing on my &#8220;to do blog posts&#8221; list is to write something about WebSphere TAI. A great way to introduce Single-Sign On between different systems.</p>
  416. <p><em><strong>What is TAI?</strong></em></p>
  417. <p>WebSphere TAI means &#8220;Trust Association Interceptor&#8221;</p>
  418. <p>WebSphere TAI is a well-known and proven security concept in WebSphere stable for a long time. It allows to set up custom advanced (pseudo) SSO scenarios. And the clue is it is extremely easy to code and use.</p>
  419. <p>The base idea is that the TAI code is called whenever a web user is challenged to login.</p>
  420. <p>In many cases not only one TAI is configured. In this case it is up to the TAI developer to make sure that only one of them handles the request. If no TAI handles the request the default login page raises.</p>
  421. <p><em><strong>Where is a TAI used?</strong></em></p>
  422. <p>You might have already realized that also standard installations of IBM Connections or WebSphere Portal use Trust Association Interceptors to allow Single-Sign-On using various methods such as:</p>
  423. <ul>
  424. <li>OAUTH</li>
  425. <li>SPNEGO (deprecated)</li>
  426. <li>SAML</li>
  427. <li>custom &#8230;</li>
  428. <li>&#8230;</li>
  429. </ul>
  430. <p>Example SAML TAI configuration:</p>
  431. <p><a href="http://techblog.gis-ag.info/2016/09/06/websphere-custom-tai-doing-sso-the-right-way/saml1-2/#main" rel="attachment wp-att-1993"><img class="alignnone size-full wp-image-1993" src="http://techblog.gis-ag.info/wp-content/uploads/2016/09/SAML1.png" alt="SAML1" width="903" height="475" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/09/SAML1.png 903w, http://techblog.gis-ag.info/wp-content/uploads/2016/09/SAML1-300x158.png 300w, http://techblog.gis-ag.info/wp-content/uploads/2016/09/SAML1-768x404.png 768w" sizes="(max-width: 903px) 100vw, 903px" /></a></p>
  432. <p><em><strong>How does it work?</strong></em></p>
  433. <p>Sample flow how a TAI authentication may be implemented (there are also other possibilities and ways)</p>
  434. <p><a href="http://techblog.gis-ag.info/2016/09/06/websphere-custom-tai-doing-sso-the-right-way/bildschirmfoto-2016-09-05-um-19-48-15/#main" rel="attachment wp-att-2005"><img class="alignnone size-large wp-image-2005" src="http://techblog.gis-ag.info/wp-content/uploads/2016/09/Bildschirmfoto-2016-09-05-um-19.48.15-1024x617.png" alt="Bildschirmfoto 2016-09-05 um 19.48.15" width="640" height="386" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/09/Bildschirmfoto-2016-09-05-um-19.48.15-1024x617.png 1024w, http://techblog.gis-ag.info/wp-content/uploads/2016/09/Bildschirmfoto-2016-09-05-um-19.48.15-300x181.png 300w, http://techblog.gis-ag.info/wp-content/uploads/2016/09/Bildschirmfoto-2016-09-05-um-19.48.15-768x463.png 768w, http://techblog.gis-ag.info/wp-content/uploads/2016/09/Bildschirmfoto-2016-09-05-um-19.48.15.png 1556w" sizes="(max-width: 640px) 100vw, 640px" /></a></p>
  435. <p>1.The user calls a website and authenticates on the given login-form</p>
  436. <p>2.The authentication service checks the LDAP if the given credentials are valid</p>
  437. <p>3.A Cookie (authentication Token) is generated that may contain:</p>
  438. <ol>
  439. <li>username</li>
  440. <li>timestamp of request</li>
  441. <li>a shared secret</li>
  442. </ol>
  443. <p>and other security relevant information. The content of this cookie is encoded. The cookie is sent to the configured WebSphere Application Server with the activated TAI</p>
  444. <p>4. The deployed TAI received this token and evaluated if the request is trustable:</p>
  445. <ol>
  446. <li>Where does the request come from (X-Forwarded-For information in request) &#8211; does the request come from the authentication proxy? If not the request is not valid!</li>
  447. <li>Does the timestamp match?</li>
  448. <li>Does the shared secret match?</li>
  449. </ol>
  450. <p>If all of the above conditions match, the TAI trusts and logs in the user.</p>
  451. <p>There are many other possibilities how to implement a TAI!!! Note that the Cookie that contains sensitive information will never leave the &#8220;company network&#8221;. The cookie is not sent to the client. It is only visible between authentication proxy and WebSphere Application Server (this may not work with every authentication service&#8230;)</p>
  452. <p><em><strong>How to install and activate?</strong></em></p>
  453. <p>The installation and activation is quite simple. In our example the TAI only consists of a jar file that needs to be placed in the &#8220;&#8230;/WebSphere/AppServer/lib/ext&#8221; folder of the WebSphere nodes. After a restart of the server, the jar file is loaded.</p>
  454. <p>Now you need to activate the TAI or let`s say tell WebSphere Application Server to use the TAI.<br />
  455. GoTo ISC:</p>
  456. <p>&#8220;Global Security&#8221; &#8211; &#8220;Web and SIP Security&#8221; &#8211; &#8220;Trust Association&#8221;</p>
  457. <p><a href="http://techblog.gis-ag.info/2016/09/06/websphere-custom-tai-doing-sso-the-right-way/tai2/#main" rel="attachment wp-att-1996"><img class="alignnone size-full wp-image-1996" src="http://techblog.gis-ag.info/wp-content/uploads/2016/09/TAI2.png" alt="TAI2" width="1001" height="220" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/09/TAI2.png 1001w, http://techblog.gis-ag.info/wp-content/uploads/2016/09/TAI2-300x66.png 300w, http://techblog.gis-ag.info/wp-content/uploads/2016/09/TAI2-768x169.png 768w" sizes="(max-width: 1001px) 100vw, 1001px" /></a></p>
  458. <p>Make sure &#8220;Enable trust association&#8221; is checked. Then click on Interceptors</p>
  459. <p><a href="http://techblog.gis-ag.info/2016/09/06/websphere-custom-tai-doing-sso-the-right-way/tai3/#main" rel="attachment wp-att-1997"><img class="alignnone size-full wp-image-1997" src="http://techblog.gis-ag.info/wp-content/uploads/2016/09/TAI3.png" alt="TAI3" width="560" height="320" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/09/TAI3.png 560w, http://techblog.gis-ag.info/wp-content/uploads/2016/09/TAI3-300x171.png 300w" sizes="(max-width: 560px) 100vw, 560px" /></a></p>
  460. <p>Click on &#8220;New&#8230;&#8221;</p>
  461. <p><a href="http://techblog.gis-ag.info/2016/09/06/websphere-custom-tai-doing-sso-the-right-way/tai4/#main" rel="attachment wp-att-1998"><img class="alignnone size-full wp-image-1998" src="http://techblog.gis-ag.info/wp-content/uploads/2016/09/TAI4.png" alt="TAI4" width="520" height="69" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/09/TAI4.png 520w, http://techblog.gis-ag.info/wp-content/uploads/2016/09/TAI4-300x40.png 300w" sizes="(max-width: 520px) 100vw, 520px" /></a></p>
  462. <p>And enter the mandatory custom properties (this heavily depends on how you code your TAI and what additional functions you use there):</p>
  463. <p><a href="http://techblog.gis-ag.info/2016/09/06/websphere-custom-tai-doing-sso-the-right-way/tai5/#main" rel="attachment wp-att-1999"><img class="alignnone size-full wp-image-1999" src="http://techblog.gis-ag.info/wp-content/uploads/2016/09/TAI5.png" alt="TAI5" width="829" height="283" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/09/TAI5.png 829w, http://techblog.gis-ag.info/wp-content/uploads/2016/09/TAI5-300x102.png 300w, http://techblog.gis-ag.info/wp-content/uploads/2016/09/TAI5-768x262.png 768w" sizes="(max-width: 829px) 100vw, 829px" /></a></p>
  464. <p>Those values need to match the values, ips &#8230; you specified on you logon device!</p>
  465. <p>Restart the server and check if it works</p>
  466. <p><em><strong>Some code samples</strong></em></p>
  467. <p>From a developer perspective a TAI implments an interface with two methods.</p>
  468. <pre>public boolean isTargetInterceptor(HttpServletRequest request) {
  469. boolean doHandleRequest = checkToken(request);
  470. return doHandleRequest;</pre>
  471. <p>This method is called before a user is challenged to login. Typically this method is implemented in the way that a token a Cookie a request parameter or something else is in the request from which the user can be identified.<br />
  472. It returns true if the parameter is in the request otherwise returns false.</p>
  473. <p>If this method returned true, a second method is called later in the login process.</p>
  474. <pre>public TAIResult negotiateValidateandEstablishTrust(HttpServletRequest request, HttpServletResponse response)
  475. throws WebTrustAssociationFailedException {
  476.  
  477. String userId = myTokenHandler.getUserId(request);
  478. if (userId == null) {
  479. return redirectToLoginPage(request, response);
  480. }
  481. else {
  482. Subject subject = createSubjectForUserId(userId);
  483. }
  484. }
  485. </pre>
  486. <p>This method then identifies the user using the given request data for example against a remote repository. After this a user subject is created and the request is forwarded to the original target URL. And voila the user is authenticated.<br />
  487. There are several options to achieve this for example read the subject from the underlying user repository modify additional user attributes add the user to an additional group. In this simple example we created the user subject for our own:</p>
  488. <pre>private Subject createSubjectForUserId(String userId) throws Exception {
  489.  
  490. Subject subject = new Subject();
  491. Principal principal = new UsernamePrincipal(userid);
  492. subject.getPrincipals().add(principal);
  493. return subject;
  494. </pre>
  495. <p>Note that implementing a custom TAI is a powerful thing you have to be careful not to break the security of an environment.</p>
  496. ]]></content:encoded>
  497. <wfw:commentRss>http://techblog.gis-ag.info/2016/09/06/websphere-custom-tai-doing-sso-the-right-way/feed/</wfw:commentRss>
  498. <slash:comments>0</slash:comments>
  499. </item>
  500. <item>
  501. <title>The clever way to create IBM Connections users &#8211; GIS UserManager</title>
  502. <link>http://techblog.gis-ag.info/2016/08/08/the-clever-way-to-create-ibm-connections-users-gis-usermanager/</link>
  503. <comments>http://techblog.gis-ag.info/2016/08/08/the-clever-way-to-create-ibm-connections-users-gis-usermanager/#comments</comments>
  504. <pubDate>Mon, 08 Aug 2016 14:08:10 +0000</pubDate>
  505. <dc:creator><![CDATA[Julius Schwarzweller]]></dc:creator>
  506. <category><![CDATA[IBM Connections]]></category>
  507. <category><![CDATA[IBM Sametime]]></category>
  508. <category><![CDATA[WebSphere Portal]]></category>
  509. <category><![CDATA[create external users]]></category>
  510. <category><![CDATA[GIS UserManager]]></category>
  511. <category><![CDATA[IBM Connections 5.5]]></category>
  512. <category><![CDATA[self-service]]></category>
  513. <category><![CDATA[usermanagement]]></category>
  514.  
  515. <guid isPermaLink="false">http://techblog.gis-ag.info/?p=1923</guid>
  516. <description><![CDATA[The clever way to create IBM Connections users &#8211; GIS UserManager Hi, with this blog post I would like to promote a cool IBM Connections addon &#8211; &#8220;GIS Usermanager&#8221;. GIS UserManager is THE tool to create and maintain users for many IBM powered applications. There is no alternative solution available on market with such a [&#8230;]]]></description>
  517. <content:encoded><![CDATA[<p><strong>The clever way to create IBM Connections users &#8211; GIS UserManager</strong></p>
  518. <p>Hi,</p>
  519. <p>with this blog post I would like to promote a cool IBM Connections addon &#8211; &#8220;GIS Usermanager&#8221;.</p>
  520. <p>GIS UserManager is THE tool to create and maintain users for many IBM powered applications. There is no alternative solution available on market with such a great variety of features.</p>
  521. <p>Especially when planning external collaboration, you need to think about the creation of external users as IBM does not offer anything out of the box for this.</p>
  522. <p>Let me give you a short introduction into the tool:</p>
  523. <p><em><strong>Technical facts:</strong></em></p>
  524. <ul>
  525. <li>Java application based on standards</li>
  526. <li>Installable on each WebSphere Application Server (from version 8 on)
  527. <ul>
  528. <li>IBM Connections</li>
  529. <li>IBM Sametime</li>
  530. <li>WebSphere Portal</li>
  531. </ul>
  532. </li>
  533. <li>Customizable UI</li>
  534. <li>Works with every directory that &#8220;talks&#8221; LDAP (Tested on Domino, TDS (SDS) and AD)</li>
  535. <li>Shared secret usage to strongly encrypt bind / access passwords &#8211;&gt; see my old <a href="http://techblog.gis-ag.info/2015/03/12/configuration-of-secret-key-storage-in-websphere-application-server/">post</a></li>
  536. <li>Handsome UI</li>
  537. <li>Multi language support</li>
  538. </ul>
  539. <p><em><strong>Core features:</strong></em></p>
  540. <ul>
  541. <li>Create internal / external users</li>
  542. <li>Self-service creation of accounts
  543. <ul>
  544. <li>with / without admin confirm</li>
  545. </ul>
  546. </li>
  547. <li>Bulk creation of users</li>
  548. <li>Create an external community while creating new users</li>
  549. <li>Choose an existing community and automatically add newly create external users</li>
  550. <li>Self Service (Password reset)</li>
  551. <li>Role based user management</li>
  552. <li>Invitation eMail with security token</li>
  553. <li>activate / inactivate users</li>
  554. <li>Export / import users</li>
  555. <li>Accept terms and conditions</li>
  556. </ul>
  557. <p><em><strong>Screenshots</strong></em></p>
  558. <p><em><strong>UI</strong></em></p>
  559. <p><a href="http://techblog.gis-ag.info/2016/08/08/the-clever-way-to-create-ibm-connections-users-gis-usermanager/bildschirmfoto-2016-08-08-um-08-56-32/#main" rel="attachment wp-att-1924"><img class="alignnone size-large wp-image-1924" src="http://techblog.gis-ag.info/wp-content/uploads/2016/08/Bildschirmfoto-2016-08-08-um-08.56.32-1024x603.png" alt="Bildschirmfoto 2016-08-08 um 08.56.32" width="640" height="377" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/08/Bildschirmfoto-2016-08-08-um-08.56.32-1024x603.png 1024w, http://techblog.gis-ag.info/wp-content/uploads/2016/08/Bildschirmfoto-2016-08-08-um-08.56.32-300x177.png 300w, http://techblog.gis-ag.info/wp-content/uploads/2016/08/Bildschirmfoto-2016-08-08-um-08.56.32-768x453.png 768w, http://techblog.gis-ag.info/wp-content/uploads/2016/08/Bildschirmfoto-2016-08-08-um-08.56.32.png 1171w" sizes="(max-width: 640px) 100vw, 640px" /></a></p>
  560. <p><em><strong>Bulk creation of users</strong></em></p>
  561. <p><a href="http://techblog.gis-ag.info/2016/08/08/the-clever-way-to-create-ibm-connections-users-gis-usermanager/bildschirmfoto-2016-08-08-um-08-58-27/#main" rel="attachment wp-att-1925"><img class="alignnone size-large wp-image-1925" src="http://techblog.gis-ag.info/wp-content/uploads/2016/08/Bildschirmfoto-2016-08-08-um-08.58.27-935x1024.png" alt="Bildschirmfoto 2016-08-08 um 08.58.27" width="640" height="701" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/08/Bildschirmfoto-2016-08-08-um-08.58.27-935x1024.png 935w, http://techblog.gis-ag.info/wp-content/uploads/2016/08/Bildschirmfoto-2016-08-08-um-08.58.27-274x300.png 274w, http://techblog.gis-ag.info/wp-content/uploads/2016/08/Bildschirmfoto-2016-08-08-um-08.58.27-768x841.png 768w, http://techblog.gis-ag.info/wp-content/uploads/2016/08/Bildschirmfoto-2016-08-08-um-08.58.27.png 1093w" sizes="(max-width: 640px) 100vw, 640px" /></a></p>
  562. <p><em><strong>Create a new community or add the new user to an existing one</strong></em></p>
  563. <p><a href="http://techblog.gis-ag.info/2016/08/08/the-clever-way-to-create-ibm-connections-users-gis-usermanager/bildschirmfoto-2016-08-08-um-08-59-28/#main" rel="attachment wp-att-1927"><img class="alignnone size-large wp-image-1927" src="http://techblog.gis-ag.info/wp-content/uploads/2016/08/Bildschirmfoto-2016-08-08-um-08.59.28-1024x597.png" alt="Bildschirmfoto 2016-08-08 um 08.59.28" width="640" height="373" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/08/Bildschirmfoto-2016-08-08-um-08.59.28-1024x597.png 1024w, http://techblog.gis-ag.info/wp-content/uploads/2016/08/Bildschirmfoto-2016-08-08-um-08.59.28-300x175.png 300w, http://techblog.gis-ag.info/wp-content/uploads/2016/08/Bildschirmfoto-2016-08-08-um-08.59.28-768x448.png 768w, http://techblog.gis-ag.info/wp-content/uploads/2016/08/Bildschirmfoto-2016-08-08-um-08.59.28.png 1173w" sizes="(max-width: 640px) 100vw, 640px" /></a></p>
  564. <p><em><strong>Invitation eMail after the user was created</strong></em></p>
  565. <p><a href="http://techblog.gis-ag.info/2016/08/08/the-clever-way-to-create-ibm-connections-users-gis-usermanager/bildschirmfoto-2016-08-08-um-09-01-14/#main" rel="attachment wp-att-1928"><img class="alignnone size-full wp-image-1928" src="http://techblog.gis-ag.info/wp-content/uploads/2016/08/Bildschirmfoto-2016-08-08-um-09.01.14.png" alt="Bildschirmfoto 2016-08-08 um 09.01.14" width="859" height="522" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/08/Bildschirmfoto-2016-08-08-um-09.01.14.png 859w, http://techblog.gis-ag.info/wp-content/uploads/2016/08/Bildschirmfoto-2016-08-08-um-09.01.14-300x182.png 300w, http://techblog.gis-ag.info/wp-content/uploads/2016/08/Bildschirmfoto-2016-08-08-um-09.01.14-768x467.png 768w" sizes="(max-width: 859px) 100vw, 859px" /></a></p>
  566. <p><em><strong>After clicking on this link you can complete your profile</strong></em></p>
  567. <p><a href="http://techblog.gis-ag.info/2016/08/08/the-clever-way-to-create-ibm-connections-users-gis-usermanager/bildschirmfoto-2016-08-08-um-09-01-36/#main" rel="attachment wp-att-1931"><img class="alignnone size-large wp-image-1931" src="http://techblog.gis-ag.info/wp-content/uploads/2016/08/Bildschirmfoto-2016-08-08-um-09.01.36-1024x967.png" alt="Bildschirmfoto 2016-08-08 um 09.01.36" width="640" height="604" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/08/Bildschirmfoto-2016-08-08-um-09.01.36-1024x967.png 1024w, http://techblog.gis-ag.info/wp-content/uploads/2016/08/Bildschirmfoto-2016-08-08-um-09.01.36-300x283.png 300w, http://techblog.gis-ag.info/wp-content/uploads/2016/08/Bildschirmfoto-2016-08-08-um-09.01.36-768x725.png 768w, http://techblog.gis-ag.info/wp-content/uploads/2016/08/Bildschirmfoto-2016-08-08-um-09.01.36.png 1188w" sizes="(max-width: 640px) 100vw, 640px" /></a></p>
  568. <p><em><strong>You can now use your external account</strong></em></p>
  569. <p><a href="http://techblog.gis-ag.info/2016/08/08/the-clever-way-to-create-ibm-connections-users-gis-usermanager/bildschirmfoto-2016-08-08-um-09-02-03/#main" rel="attachment wp-att-1932"><img class="alignnone size-large wp-image-1932" src="http://techblog.gis-ag.info/wp-content/uploads/2016/08/Bildschirmfoto-2016-08-08-um-09.02.03-1024x371.png" alt="Bildschirmfoto 2016-08-08 um 09.02.03" width="640" height="232" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/08/Bildschirmfoto-2016-08-08-um-09.02.03-1024x371.png 1024w, http://techblog.gis-ag.info/wp-content/uploads/2016/08/Bildschirmfoto-2016-08-08-um-09.02.03-300x109.png 300w, http://techblog.gis-ag.info/wp-content/uploads/2016/08/Bildschirmfoto-2016-08-08-um-09.02.03-768x278.png 768w, http://techblog.gis-ag.info/wp-content/uploads/2016/08/Bildschirmfoto-2016-08-08-um-09.02.03.png 1096w" sizes="(max-width: 640px) 100vw, 640px" /></a></p>
  570. <p><em><strong>Self-service</strong></em></p>
  571. <p>Password change</p>
  572. <p><a href="http://techblog.gis-ag.info/2016/08/08/the-clever-way-to-create-ibm-connections-users-gis-usermanager/bildschirmfoto-2016-08-08-um-09-27-56/#main" rel="attachment wp-att-1934"><img class="alignnone size-large wp-image-1934" src="http://techblog.gis-ag.info/wp-content/uploads/2016/08/Bildschirmfoto-2016-08-08-um-09.27.56-1024x533.png" alt="Bildschirmfoto 2016-08-08 um 09.27.56" width="640" height="333" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/08/Bildschirmfoto-2016-08-08-um-09.27.56-1024x533.png 1024w, http://techblog.gis-ag.info/wp-content/uploads/2016/08/Bildschirmfoto-2016-08-08-um-09.27.56-300x156.png 300w, http://techblog.gis-ag.info/wp-content/uploads/2016/08/Bildschirmfoto-2016-08-08-um-09.27.56-768x400.png 768w, http://techblog.gis-ag.info/wp-content/uploads/2016/08/Bildschirmfoto-2016-08-08-um-09.27.56.png 1188w" sizes="(max-width: 640px) 100vw, 640px" /></a></p>
  573. <p>Change personal data</p>
  574. <p><a href="http://techblog.gis-ag.info/2016/08/08/the-clever-way-to-create-ibm-connections-users-gis-usermanager/bildschirmfoto-2016-08-08-um-09-27-47/#main" rel="attachment wp-att-1935"><img class="alignnone size-large wp-image-1935" src="http://techblog.gis-ag.info/wp-content/uploads/2016/08/Bildschirmfoto-2016-08-08-um-09.27.47-1024x829.png" alt="Bildschirmfoto 2016-08-08 um 09.27.47" width="640" height="518" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/08/Bildschirmfoto-2016-08-08-um-09.27.47-1024x829.png 1024w, http://techblog.gis-ag.info/wp-content/uploads/2016/08/Bildschirmfoto-2016-08-08-um-09.27.47-300x243.png 300w, http://techblog.gis-ag.info/wp-content/uploads/2016/08/Bildschirmfoto-2016-08-08-um-09.27.47-768x622.png 768w, http://techblog.gis-ag.info/wp-content/uploads/2016/08/Bildschirmfoto-2016-08-08-um-09.27.47.png 1186w" sizes="(max-width: 640px) 100vw, 640px" /></a></p>
  575. <p>Password reset</p>
  576. <p><a href="http://techblog.gis-ag.info/2016/08/08/the-clever-way-to-create-ibm-connections-users-gis-usermanager/bildschirmfoto-2016-08-08-um-09-32-55/#main" rel="attachment wp-att-1938"><img class="alignnone size-large wp-image-1938" src="http://techblog.gis-ag.info/wp-content/uploads/2016/08/Bildschirmfoto-2016-08-08-um-09.32.55-1024x527.png" alt="Bildschirmfoto 2016-08-08 um 09.32.55" width="640" height="329" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/08/Bildschirmfoto-2016-08-08-um-09.32.55-1024x527.png 1024w, http://techblog.gis-ag.info/wp-content/uploads/2016/08/Bildschirmfoto-2016-08-08-um-09.32.55-300x154.png 300w, http://techblog.gis-ag.info/wp-content/uploads/2016/08/Bildschirmfoto-2016-08-08-um-09.32.55-768x395.png 768w, http://techblog.gis-ag.info/wp-content/uploads/2016/08/Bildschirmfoto-2016-08-08-um-09.32.55.png 1181w" sizes="(max-width: 640px) 100vw, 640px" /></a></p>
  577. <p>Drop us a mail if you are interested in more details: <a href="mailto:[email protected]">[email protected]</a></p>
  578. ]]></content:encoded>
  579. <wfw:commentRss>http://techblog.gis-ag.info/2016/08/08/the-clever-way-to-create-ibm-connections-users-gis-usermanager/feed/</wfw:commentRss>
  580. <slash:comments>3</slash:comments>
  581. </item>
  582. <item>
  583. <title>Why you should always use DBT for transferring IC databases&#8230;</title>
  584. <link>http://techblog.gis-ag.info/2016/07/27/why-you-should-always-use-dbt-for-transferring-ic-databases/</link>
  585. <comments>http://techblog.gis-ag.info/2016/07/27/why-you-should-always-use-dbt-for-transferring-ic-databases/#comments</comments>
  586. <pubDate>Wed, 27 Jul 2016 07:37:06 +0000</pubDate>
  587. <dc:creator><![CDATA[Julius Schwarzweller]]></dc:creator>
  588. <category><![CDATA[IBM Connections]]></category>
  589. <category><![CDATA[Constraint violation]]></category>
  590. <category><![CDATA[DB2]]></category>
  591. <category><![CDATA[dbt.jar]]></category>
  592. <category><![CDATA[ERRORCODE=-4229]]></category>
  593. <category><![CDATA[migration]]></category>
  594. <category><![CDATA[SQLSTATE=null]]></category>
  595. <category><![CDATA[transfer]]></category>
  596.  
  597. <guid isPermaLink="false">http://techblog.gis-ag.info/?p=1908</guid>
  598. <description><![CDATA[Why you should always use DBT for transferring IC databases... Hi, when talking about migrating IBM Connections from an old to the current release you have to think about migrating databases from the old to the new environment (in case you do a side-by-side migration &#8211; which is recommended if you migrate a production environment). [&#8230;]]]></description>
  599. <content:encoded><![CDATA[<p><strong>Why you should always use DBT for transferring IC databases.</strong>..</p>
  600. <p>Hi,</p>
  601. <p>when talking about migrating IBM Connections from an old to the current release you have to think about migrating databases from the old to the new environment (in case you do a side-by-side migration &#8211; which is recommended if you migrate a production environment). You have two options to do such a migration:</p>
  602. <ul>
  603. <li>db2 backup on the old server and restore on the new server</li>
  604. <li>use the dbt.jar tool to transfer databases</li>
  605. </ul>
  606. <p>I always perform my migrations using dbt. <a href="https://turtleblog.info/">Gabriella Davis</a> always prays this if you ask her and I can also encourage you to do so because of the following reasons:</p>
  607. <ul>
  608. <li>DBT is more flexible and erroneous data that exists within the source database will be detected and not transferred from one to the other version</li>
  609. <li>The process is really easy and straight forward if you prepare everything properly</li>
  610. <li>New database parameters will be set for the new database and not taken from any older version backup</li>
  611. <li>You can migrate databases from WINDOWS to LINUX (Backup / restore is not possible here without workarounds)</li>
  612. <li>You can migrate databases between DB2 / Oracle / SQL Server. This is normally only possible using third party or other special tools</li>
  613. </ul>
  614. <p>Many advantages in my opinion!!!</p>
  615. <p>I have an example where erroneous data had to be deleted in order to complete a transfer.</p>
  616. <p>When transferring the HOMEPAGE database from IBM Connections 5.0 to 5.5 the transfer failed with the following error message in the log:</p>
  617. <pre> [07/07/16 13:22:08.738 UTC] Transferring table --{ HOMEPAGE.LOGINNAME}-- to table
  618. --{HOMEPAGE.LOGINNAME }-- [07/07/16 13:22:11.913 UTC] error.executing.transfer
  619. err.dbtransfer.exception.labelclass com.ibm.db2.jcc.am.BatchUpdateException:
  620. [jcc][t4][102][10040][3.65.110] Batch failure. The batch was submitted,
  621. but at least one exception occurred on an individual member of the batch.
  622. Use getNextException() to retrieve the exceptions for specific batched elements.
  623. ERRORCODE=-4229, SQLSTATE=null com.ibm.db2.jcc.am.BatchUpdateException
  624. </pre>
  625. <p>The reason for this failure was that the transfer tool tried to insert the same value twice into a database table which has a unique index set. db2 uses unique indexes to ensure that no identical key values are stored in a table. Normally this is NOT possible&#8230; please do not ask me how this happened&#8230; Anyway I had to remove this duplicate value:</p>
  626. <p><a href="http://techblog.gis-ag.info/2016/07/27/why-you-should-always-use-dbt-for-transferring-ic-databases/bildschirmfoto-2016-07-24-um-21-15-12/#main" rel="attachment wp-att-1911"><img class="alignnone size-large wp-image-1911" src="http://techblog.gis-ag.info/wp-content/uploads/2016/07/Bildschirmfoto-2016-07-24-um-21.15.12-1024x292.png" alt="Bildschirmfoto 2016-07-24 um 21.15.12" width="640" height="183" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/07/Bildschirmfoto-2016-07-24-um-21.15.12-1024x292.png 1024w, http://techblog.gis-ag.info/wp-content/uploads/2016/07/Bildschirmfoto-2016-07-24-um-21.15.12-300x86.png 300w, http://techblog.gis-ag.info/wp-content/uploads/2016/07/Bildschirmfoto-2016-07-24-um-21.15.12-768x219.png 768w, http://techblog.gis-ag.info/wp-content/uploads/2016/07/Bildschirmfoto-2016-07-24-um-21.15.12.png 1242w" sizes="(max-width: 640px) 100vw, 640px" /></a></p>
  627. <p>The unique index is set on the column &#8220;LOGINNAME&#8221;:</p>
  628. <p>In the &#8220;createDB.sql&#8221; script you can see this unique index creation:</p>
  629. <pre>CREATE UNIQUE INDEX HOMEPAGE.LOGINNAME_UNIQUE
  630. ON HOMEPAGE.LOGINNAME (LOGINNAME, ORGANIZATION_ID)@</pre>
  631. <p>To verify this, I ran the following queries:</p>
  632. <p><a href="http://techblog.gis-ag.info/2016/07/27/why-you-should-always-use-dbt-for-transferring-ic-databases/bildschirmfoto-2016-07-21-um-12-41-02/#main" rel="attachment wp-att-1912"><img class="alignnone size-large wp-image-1912" src="http://techblog.gis-ag.info/wp-content/uploads/2016/07/Bildschirmfoto-2016-07-21-um-12.41.02-1024x372.png" alt="Bildschirmfoto 2016-07-21 um 12.41.02" width="640" height="233" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/07/Bildschirmfoto-2016-07-21-um-12.41.02-1024x372.png 1024w, http://techblog.gis-ag.info/wp-content/uploads/2016/07/Bildschirmfoto-2016-07-21-um-12.41.02-300x109.png 300w, http://techblog.gis-ag.info/wp-content/uploads/2016/07/Bildschirmfoto-2016-07-21-um-12.41.02-768x279.png 768w, http://techblog.gis-ag.info/wp-content/uploads/2016/07/Bildschirmfoto-2016-07-21-um-12.41.02.png 1144w" sizes="(max-width: 640px) 100vw, 640px" /></a></p>
  633. <p>as you can see&#8230; two different PERSON_ID`s but twice the same LOGINNAME in the table. This is why the transfer failed because the target database judged this as not allowed and Constraint violation.</p>
  634. <p>I deleted one of the user profile in the LOGINNAME table and the transfer finished successful.</p>
  635. <p><em>Update: Thanks to Marius Meyer for his comment&#8230; You can also exclude the complete table if you add the following exclude statement in you dbt xml file for the homepage transfer:</em></p>
  636. <pre class="codeblock"><code>&lt;table sourceName="<var class="keyword varname">LOGINNAME</var>" exclude="<var class="keyword varname">true</var>"/&gt; &lt;!-- optional argument used to have dbtransfer skip a table --&gt;</code></pre>
  637. <p>This might work for this table cause it is rebuilt after each user logs into the homepage feature &#8230; but you need to use this with caution. Each other table that you skip might cause a lot of trouble. So it is always a better idea to find the root cause why the transfer fails.</p>
  638. <p>I can remember an older example where I had exactly the same issues with the IBM Connections metrics database where some kind of Vietnamese characters caused such problems.</p>
  639. <p>In both cases I was able to identify those problems because of a failing DBT transfer and a deep analysis of the transfer and db2diag.log.</p>
  640. <p>Btw. the dbt tool originally comes from WebSphere Portal where is approach is used since years to transfer data from derby to a DBMS system.</p>
  641. ]]></content:encoded>
  642. <wfw:commentRss>http://techblog.gis-ag.info/2016/07/27/why-you-should-always-use-dbt-for-transferring-ic-databases/feed/</wfw:commentRss>
  643. <slash:comments>6</slash:comments>
  644. </item>
  645. <item>
  646. <title>DB2 Instance autostart does not work on SLES 12 / RHEL 7</title>
  647. <link>http://techblog.gis-ag.info/2016/07/12/db2-instance-autostart-does-not-work-on-sles-12-rhel-7/</link>
  648. <comments>http://techblog.gis-ag.info/2016/07/12/db2-instance-autostart-does-not-work-on-sles-12-rhel-7/#respond</comments>
  649. <pubDate>Tue, 12 Jul 2016 06:46:42 +0000</pubDate>
  650. <dc:creator><![CDATA[Julius Schwarzweller]]></dc:creator>
  651. <category><![CDATA[IBM Connections]]></category>
  652. <category><![CDATA[WebSphere Portal]]></category>
  653. <category><![CDATA[DB2]]></category>
  654. <category><![CDATA[DB2 autostart]]></category>
  655. <category><![CDATA[DB2 fault monitor]]></category>
  656. <category><![CDATA[db2fmcd]]></category>
  657. <category><![CDATA[RHEL 7]]></category>
  658. <category><![CDATA[SLES 12]]></category>
  659. <category><![CDATA[systemd]]></category>
  660.  
  661. <guid isPermaLink="false">http://techblog.gis-ag.info/?p=1897</guid>
  662. <description><![CDATA[Hi all, I had to fight with a customer environment on SLES 12 where the db2 instances did not start automatically when starting the operation system. db2iauto -on db2inst1 was executed but the instance did not come up! The problem is related to the DB2 fault monitor that is not started automatically on system start. [&#8230;]]]></description>
  663. <content:encoded><![CDATA[<p>Hi all,</p>
  664. <p>I had to fight with a customer environment on SLES 12 where the db2 instances did not start automatically when starting the operation system.</p>
  665. <pre>db2iauto -on db2inst1</pre>
  666. <p>was executed but the instance did not come up! The problem is related to the DB2 fault monitor that is not started automatically on system start.<br />
  667. The fault monitor permanently monitors the instance and automatically restarts it after a crash. Furthermore, the fault monitor can auto restart an instance on machine reboot. If you issue „db2stop“ then the fault monitor will NOT start the instance automatically again &#8211; but this is the only exception.<br />
  668. In total a good mechanism &#8211; but useless when using TSAMP / HACMP Cluster Software because in this case the restart of an instance is controlled by this kind of software.</p>
  669. <p>On pre SLES 12 / RHEL 7 systems the fault monitor is started using inittab:</p>
  670. <p><a href="http://techblog.gis-ag.info/2016/07/12/db2-instance-autostart-does-not-work-on-sles-12-rhel-7/bildschirmfoto-2016-07-12-um-08-27-51/#main" rel="attachment wp-att-1899"><img class="alignnone size-large wp-image-1899" src="http://techblog.gis-ag.info/wp-content/uploads/2016/07/Bildschirmfoto-2016-07-12-um-08.27.51-1024x724.png" alt="Bildschirmfoto 2016-07-12 um 08.27.51" width="640" height="453" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/07/Bildschirmfoto-2016-07-12-um-08.27.51-1024x724.png 1024w, http://techblog.gis-ag.info/wp-content/uploads/2016/07/Bildschirmfoto-2016-07-12-um-08.27.51-300x212.png 300w, http://techblog.gis-ag.info/wp-content/uploads/2016/07/Bildschirmfoto-2016-07-12-um-08.27.51-768x543.png 768w, http://techblog.gis-ag.info/wp-content/uploads/2016/07/Bildschirmfoto-2016-07-12-um-08.27.51.png 1130w" sizes="(max-width: 640px) 100vw, 640px" /></a></p>
  671. <p>The entry was available on this system…<br />
  672. But on SLES 12 / RHEL 7 systemd replaces the default init system. This entry in inittab is not executed anymore.</p>
  673. <p>You need to configure a service for the fault monitor be to started when the operating system starts &#8211; IBM already created a <a href="http://www-01.ibm.com/support/docview.wss?uid=swg21964393">technote</a> for this:</p>
  674. <p>1) create a service file in the folder</p>
  675. <pre>/etc/systemd/system/db2fmcd.service</pre>
  676. <p>2) input the following content:</p>
  677. <pre>[Unit]
  678. Description=DB2V105
  679.  
  680. [Service]
  681. ExecStart=/ibm/db2/V10.5/bin/db2fmcd
  682. Restart=always
  683.  
  684. [Install]
  685. WantedBy=default.target
  686. </pre>
  687. <p>This tells the systemd daemon to start the db2 fault monitor on system start. Furthermore „Restart=always“ tells the daemon to restart the service if it terminates abnormally.</p>
  688. <p>3) execute the following command to refresh the configuration</p>
  689. <pre>systemctl daemon-reload</pre>
  690. <p>4) execute the following command to enable the service</p>
  691. <pre>systemctl enable db2fmcd</pre>
  692. <p>5) execute the following command to start the service</p>
  693. <pre>systemctl start db2fmcd</pre>
  694. <p>Now you need to login as your instance owner and set the instance to automatically start upon operating system start</p>
  695. <pre>db2iauto -on db2inst1</pre>
  696. <p>Check the setting using<br />
  697. db2set:</p>
  698. <p><a href="http://techblog.gis-ag.info/2016/07/12/db2-instance-autostart-does-not-work-on-sles-12-rhel-7/bildschirmfoto-2016-07-12-um-08-30-33/#main" rel="attachment wp-att-1900"><img class="alignnone size-full wp-image-1900" src="http://techblog.gis-ag.info/wp-content/uploads/2016/07/Bildschirmfoto-2016-07-12-um-08.30.33.png" alt="Bildschirmfoto 2016-07-12 um 08.30.33" width="343" height="306" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/07/Bildschirmfoto-2016-07-12-um-08.30.33.png 343w, http://techblog.gis-ag.info/wp-content/uploads/2016/07/Bildschirmfoto-2016-07-12-um-08.30.33-300x268.png 300w" sizes="(max-width: 343px) 100vw, 343px" /></a><br />
  699. Restart the operating system to check if your change was successful.</p>
  700. <p>If you want to start your application / HTTP servers automatically on operating system start you should also use systemd &#8211; once you understood the concept behind it is a powerful and better init system than the old one from the previous SLES / RHEL versions.</p>
  701. ]]></content:encoded>
  702. <wfw:commentRss>http://techblog.gis-ag.info/2016/07/12/db2-instance-autostart-does-not-work-on-sles-12-rhel-7/feed/</wfw:commentRss>
  703. <slash:comments>0</slash:comments>
  704. </item>
  705. </channel>
  706. </rss>
  707.  
  708. <!-- Dynamic page generated in 2.423 seconds. -->
  709. <!-- Page not cached by WP Super Cache. Could not get mutex lock. -->

If you would like to create a banner that links to this page (i.e. this validation result), do the following:

  1. Download the "valid RSS" banner.

  2. Upload the image to your own server. (This step is important. Please do not link directly to the image on this server.)

  3. Add this HTML to your page (change the image src attribute if necessary):

If you would like to create a text link instead, here is the URL you can use:

http://www.feedvalidator.org/check.cgi?url=http%3A//techblog.gis-ag.info/feed/

Copyright © 2002-9 Sam Ruby, Mark Pilgrim, Joseph Walton, and Phil Ringnalda