portals

One of my IBM US colleagues, Richard Robbins, hit a problem with the Web Application Integrator portlet and WebSphere Portal 6.1.5 / 6.1.3.0.

This document contains links to new information and current key technical support documents for IBM WebSphere Portal and IBM Lotus Web Content Management (WCM) that are frequently requested or identified by IBM as valuable. This is key information to help you derive the most value from software licenses, find answers to common questions, and work through current issues that might affect your environment.

Saw this from Adrian Sutton via the power of Twitter, so thought I'd share it here as well: -

After a number of years out on loan, an old IBM Ideascan USB scanner came back into my life, and after a few weeks of dust-gathering, I decided to pull it into use for a particular project on which we were working.

Trouble is - I bought the scanner back in the 90s and it was a Windows-only device, and I don't use Windows any more ( as most readers will know ).

No problems, I thought, the Mac will just recognise it .... #FAIL, the Mac did not recognise the scanner, and a Google search didn't suggest a short-term solution.

Thankfully, I have a number of PCs running Ubuntu. I plugged in the scanner and .... no joy there either.

Thankfully, a further Google search led me to George Notaras' blog G-Loaded Journal which, in a few simple steps, showed me how to add support for the scanner, using the Viceo drivers, which I was able to add to the stock SANE tool that Ubuntu uses for scanning etc.

The actual blog thread is here: -

Viceo Backend for SANE with libusb support

One thing; using scanimage, I did see: -

scanimage: WARNING: read more data than announced by backend (2979990/2977443)

with a similar message appearing when I used xsane.

Nice one, George, that saved another bit of kit from going in the skip ...

Just a quick and dirty tip...

I'm working on a new Lotus Connections 2.5 environment, mated to Active Directory.  When it came to populating Profiles, the Collect_DNs script was pulling 1000 names out of the directory before stopping with a "LDAP: error code 4 - Sizelimit Exceeded" error.  It appeared that the maximum number of results returned by this AD configuration was 1000 records, and thus the collect process was falling over on the 1001st record.

Thankfully, the TDI import process allows for this using the LDAP Page Size attribute specified in the profiles_tdi.properties file.  Simply set to the maximum number of records your LDAP repository will return, e.g.:

source_ldap_page_size=1000
and the Collect_DNs.bat/sh script will complete successfully.

My IBM colleagues, En Hui Chen and Chao Feng Yang, have produced a potentially very useful document showing how IBM Tivoli Access Manager for e-Business ( aka TAMeB ) can be used to secure Lotus Connections, via a "front-end" reverse web proxy server.

I should hope that no organisation is still running Lotus Connections 1.0.x in production, but just in case, here are the details on support being withdrawn:

Software withdrawal and support discontinuance: IBM Lotus Connections 1.0

Effective on the dates listed below, IBM will withdraw from marketing, part numbers from the following product releases licensed under the IBM International Program License Agreement:

Program  VRM      Withdrawal    Program release name
number            from
                marketing
                date

5724-S68 1.0.0    04/08/10      IBM Lotus Connections V1.0.0
5724-S68 1.0.2    04/08/10      IBM Lotus Connections V1.0.2

Effective on the dates listed below, IBM will withdraw support from the following product releases licensed under the IBM International Program License Agreement:

Program  VRM      Withdrawal    Program release name
number            from
                support
                date

5724-S68 1.0.2    04/30/11      IBM Lotus Connections
5724-S68 1.0.0    04/30/11      IBM Lotus Connections
The end-of-support date of April 30, 2011, applies to Lotus Connections 1.0, 1.0.1, and 1.0.2.

So you have just over a year to get upgraded to Connections 2.5 - I wouldn't wait that long!

Having spent some time playing around with the new blog and wiki templates in WP/WCM 6.1.5, one of my clients asked how a non-administrative user could create new blogs and add comments to existing blogs.

I realised that, in my limited exposure to the new components ( which are a very clever combination of portal page automation - creating new pages and adding components via a very nice GUI - and Lotus WCM content and resource libraries ), I'd done everything as the wpsadmin ID, which isn't particularly useful outside of my own Ubuntu-based demonstration environment.

Therefore, I dug into things a little bit more, and wrote up the following: -

---

In order to meet the requirement of a non-admin user creating/editing blogs, you'd need to add the required additional users/groups to the Editor role of the WCM library that forms the basis of the blog itself.

As an example, I created a new page called My Blogs, and then used the Blog Template library to create a blogging site called Blog-o-matic ( I did this via the Edit Page -> Customise -> Add Blog Library dialogue, as the portal administrator - wpsadmin ).

This allowed me to create blogs within the library, and add posts and comments. Other users could see the page/blog library/blogs/comments, but weren't able to create their own blogs etc.

Therefore, as wpsadmin, I navigated to the Administration page, and selected Portal Content -> Web Content Libraries and then clicked the Set Permissions button. From the Resource Permissions page, I then hit the Edit Role button for the Editor role and, in my case, added the "group" All Authenticated Portal Users to that role.

This means that any portal user can now log in, access the My Blogs page, create a new blog, view and comment upon other people's blogs etc.

Depending upon your requirements, you may want to restrict the usage of certain blogs to certain user groups ( in LDAP ) rather than using All Authenticated Portal Users.

---

And it looks sweet  ..

Whilst helping out a friend, Mike, with a Lotus Mobile Connect on Ubuntu issue, I realised that I'd never actually written the solution up.

Mike was connected, via LMC to a VPN within the company network, whilst being connected to the intranet via a wired connection. All was well, apart from the fact that he was then unable to log in to the Sametime server that's on the intranet.

When we checked, it appeared that the LMC connection was updating the DNS name resolution ( on Linux, this is driven by the /etc/resolv.conf file ).

The solution ?

a) Disconnect from LMC
b) Open a command prompt
c) Navigate to the directory - /home/<USERNAME>/.wclient
d) Edit the file - connX.conf - where X is the number of the LMC connection needing change e.g. 0 for the first connection, 1 for the second connection etc.
e) Change GatewaySuppliesDNS=1 to GatewaySuppliesDNS=0
f) Save the file and reconnect via LMC

Having done this, Mike was able to connect to the VPN'd hosts via LMC whilst also connecting to Sametime, Notes etc. via the normal intranet.

Seemples !!

Another video in the series, this time "It's about being smart and productive. With tags and expertise location."

Number one:

LO48384: WHEN USER HAS UID = MAIL ADDRESS, POPULATE_FROM_DN SCRIPT WILL CREATE DUPLICATE ENTRIES IN PROFILES DB.

Problem summary

When the 'uid' column is mapped to a value other than 'uid' then TDI will create duplicate entries in Profiles database.

Problem conclusion

Summary
In the SyncDBFromSource assembly line, the assembly line is hard-coded to use the work['uid'] attribute rather than the db_from_ldap mapping of the value.  As a result, it tries to match the user based on the LDAP[uid] attribute, irregardless of the configuration.

Prerequisities
None

Install Instruction:
1. Backup the profiles_tdi.xml file in TDI 2.5 solution first
2. Unzip LO48384.zip to TDI 2.5 solution directory, and replace the changed file as below:
/profiles_tdi.xml

Ouch!  Get this one on ASAP if you're not using 'uid' as your standard Connections ID.

And number two:

LO46073 Profiles: ATOM API breaks when 'reader' role is mapped to all auth

Abstract
ATOM API breaks when "reader" role is mapped to all authenticated.

Problem Description

To reproduce:

1. Map the reader role to all authenticated.
2. Attempt to access a 'read-only' Profiles ATOM API not using preemptive authentication such as the profile service document.

Expected result: prompted with basic authentication.
Actual result: prompted with forms authentication.

Conclusion Towards the end of 2.5, an unnecessary security constraint was added to the web.xml that applies FORMs auth rules to the Profiles ATOM API. As a result, when the application is locked down, rather than returning a BASIC auth prompt, the application redirects the API callers to a forms login page.

Whilst pre-dating FixPack1 (2.5.0.1) this fix seems to need reapplying after the fixpack is installed.  This is particularly important if you are looking to run the new RIM client for Lotus Connections or any other application that relies on the ATOM feeds to access Profiles content.

Saw this Flash this morning, and noted that it's relevant to a few portal projects on which I am currently working: -

Some very useful Lotus Connections troubleshooting resources from Rainier Varilla's excellent blog "RV has Parked!" here: -

Following an uninstall/reinstall of Lotus Notes 8.5.1 FP1 on my Macbook Pro, I started hitting this error message: -

Thanks to my colleague, Stuart Crump, for sharing this: -

Saw this posted today: -

Here's one that may well catch you out.

If you are running Lotus Connections 2.5, and have installed Fixpack 1 (taking your environment to 2.5.0.1) or else just the single fix LO46171, then you may begin to see HTML tags appearing in the 'About Me' and/or "Background' rich text fields.  Updating these fields does not clear the problem.  In addition, in certain situations the field seems to go into a read-only mode where updates fail.

To resolve this regression bug, there is a new fix - LO47280:

Earlier patch (LO46171) was incorrectly escaping richtext content as if it was text content.  Added logic to respect difference between richtext and non-richtext attribute styles.

Note that as well as installing the fix using the UpdateInstaller, the Websphere profile TEMP directory must also be cleared/moved sideways.
Interestingly the LO47280 fix is available for Connections 2.0.1.0, 2.0.1.1, 2.5.0.0 and 2.5.0.1 so almost all current environments should have this fix installed.  Thanks to Kieran Reid in the Dublin support centre for his help in resolving this one.

Whilst installing and configuring Lotus Connections 2.5, I hit a weird problem with the Blogs service, which refused to start properly.

The SystemOut.log showed a series of database-related SQL errors, which indicated that WAS was not able to correctly authenticate against the back-end DB2 database.

I did the normal thing of logging into the DB2 server and running the commands: -

db2cmd
db2 connect to blogs user lcuser using passw0rd

which validated that the password was correct.

I then logged into the WAS admin console and navigated to Resources -> JDBC -> Data sources, selected the blogs JDBC datasource and clicked 'Test Connection'.

This failed with

java.sql.SQLException: ... Connection authorization failure occurred. Reason: Security mechanism not supported. ERRORCODE=-4214, SQLSTATE=28000DSRA0010E: SQL State = 28000, Error Code = -4214

I then navigated into Security -> Secure administration, applications, and infrastructure -> Java Authentication and Authorization -> J2C authentication data and re-keyed the password for the blogsJAASAuth alias, using the SAME password that I'd used earlier.

Having done this, the 'Test Connection' continued to fail.

Before actually tearing ALL my hair out, I followed the advice of my mentor and yogi, Mr Stephen Hardison Esquire, and restarted the entire WAS infrastructure - clusters ( 3x ), node agent and deployment manager. However, ps auxw still showed that WebSphere JVMs were running, so I killed them with kill -9.

Having then restarted the deployment manager and node agent, I was able to SUCCESSFULLY test the JDBC connection and, when I restarted the clusters, Blogs came back up nicely.

The moral of the story - there's a possibility that WAS ( at least 6.1.0.23 ) somehow "caches" JDBC/JAAS passwords. If in doubt, bounce things, and see what happens ...

Remember, kids, YOUR MILEAGE MAY VARY