IBM Workplace Services Express Front cover

advertisement
Front cover
IBM Workplace
Services Express
A new team collaboration solution with
an integrated portal
Deployment and configuration
Troubleshooting hints
and tips
Philip Monson
Robert Bry
David Scouller
Gianluigi Marchetti
Katinka Kantor
Margaret O’Connell
Evans Opot
ibm.com/redbooks
International Technical Support Organization
IBM Workplace Services Express
July 2005
SG24-6758-00
Note: Before using this information and the product it supports, read the information in
“Notices” on page ix.
First Edition (July 2005)
This edition applies to Versions 2.0 and 2.5 of IBM Workplace Services Express (product number
D54Q8LL - CPU license, D54QALL - 20 user license pack).
© Copyright International Business Machines Corporation 2005. All rights reserved.
Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP
Schedule Contract with IBM Corp.
Contents
Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix
Trademarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x
Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
The team that wrote this redbook. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
Become a published author . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv
Comments welcome. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv
Chapter 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.2 What is IBM Workplace? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.3 What is IBM Workplace Services Express? . . . . . . . . . . . . . . . . . . . . . . . . 3
1.4 Business value . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
1.5 Positioning and key differentiators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
1.6 IBM Workplace Services Express terminology . . . . . . . . . . . . . . . . . . . . . . 9
1.7 IBM Workplace Services Express architecture . . . . . . . . . . . . . . . . . . . . . 10
1.7.1 Infrastructure architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
1.7.2 Portlets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
1.8 Structure of this book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Chapter 2. Installation and administration . . . . . . . . . . . . . . . . . . . . . . . . . 17
2.1 Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
2.2 IBM Workplace Services Express installation . . . . . . . . . . . . . . . . . . . . . . 19
2.3 Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
2.3.1 Administrative console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
2.3.2 Removing the Templates link . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
2.3.3 Workplace Services Express administration . . . . . . . . . . . . . . . . . . . 35
2.4 Actions link . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
2.5 SMTP configuration for iCalendar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Chapter 3. Features and functionality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
3.1 Drag and drop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
3.2 Palette . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
3.3 Team spaces. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
3.4 Community and collaboration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
3.4.1 Instant Contacts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
3.4.2 People Finder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
3.5 Search . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
3.6 Applications and templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
© Copyright IBM Corp. 2005. All rights reserved.
iii
3.6.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
3.6.2 Applications and templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
3.6.3 Accessing templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
3.6.4 Using the templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
3.6.5 Deploying the template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
3.6.6 Editing an existing template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
3.7 Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
3.7.1 Customizing a list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
3.7.2 Communicating with Click-to-Action . . . . . . . . . . . . . . . . . . . . . . . . 135
3.7.3 Cooperative portlets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Chapter 4. Document management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
4.1 Document libraries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
4.2 Desktop integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
4.2.1 Desktop Components installation . . . . . . . . . . . . . . . . . . . . . . . . . . 147
4.2.2 Using the Desktop Components . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
4.2.3 Working with Microsoft Office applications . . . . . . . . . . . . . . . . . . . 154
4.3 Document Manager tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
4.3.1 Documents editing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
4.3.2 Document versioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
4.3.3 Workflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
4.3.4 Documents locking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
4.3.5 Folders and views . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
4.3.6 Document search . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
4.4 Document security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
4.5 Collaboration and notification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
4.6 Document conversion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
Chapter 5. Themes and skins. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
5.1 Themes and skins overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
5.2 Themes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
5.3 Skins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
5.4 Customizing themes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
5.4.1 Creating the base theme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
5.4.2 Changing the text . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
5.4.3 Adding a logo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
5.4.4 Replacing the default Workplace Services Express graphic . . . . . . 206
5.4.5 Removing the Sign up link . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
5.4.6 Changing the I forgot my password link text . . . . . . . . . . . . . . . . . . 208
5.4.7 Removing the Edit my profile link . . . . . . . . . . . . . . . . . . . . . . . . . . 210
5.4.8 Customizing the Login page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
5.4.9 Other customizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Chapter 6. Advanced configuration topics . . . . . . . . . . . . . . . . . . . . . . . . 215
iv
IBM Workplace Services Express
6.1 External HTTP server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
6.1.1 IBM HTTP Server configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
6.1.2 Microsoft IIS configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227
6.2 Single sign-on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
6.2.1 Configuring SSO on Workplace Services Express . . . . . . . . . . . . . 237
6.2.2 Configuring SSO on Domino . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
6.3 Using SSL with Workplace Services Express . . . . . . . . . . . . . . . . . . . . . 244
6.3.1 Creating a key database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244
6.3.2 Enabling SSL on an HTTP server . . . . . . . . . . . . . . . . . . . . . . . . . . 250
6.3.3 Enabling SSL on Workplace Services Express. . . . . . . . . . . . . . . . 253
6.4 Mail and calendar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
6.4.1 Configuring the Domino Web Access portlet . . . . . . . . . . . . . . . . . 261
6.4.2 Configuring the Credential Vault for Microsoft Exchange 2000 and
Exchange 5.5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
6.4.3 Configuring the Consolidated Mail portlet for Microsoft Exchange . 268
6.4.4 Configuring the Microsoft Exchange 5.5 Mail portlet. . . . . . . . . . . . 272
6.5 Supplied portlets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
6.5.1 Configuring the Domino Application portlet . . . . . . . . . . . . . . . . . . . 278
6.5.2 Configuring the Domino Databases (Notes View) portlet . . . . . . . . 280
Chapter 7. Configuring IBM Workplace Services Express for external LDAP
directories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285
7.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
7.2 LDAP basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
7.2.1 Connection information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
7.2.2 Testing your LDAP directory connection . . . . . . . . . . . . . . . . . . . . . 288
7.3 Workplace Services Express default configuration . . . . . . . . . . . . . . . . . 290
7.4 Configuring Workplace Services Express to work with Domino LDAP . . 290
7.4.1 Preparing Domino for Workplace Services Express . . . . . . . . . . . . 290
7.4.2 Setting up Domino LDAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296
7.4.3 Testing Domino LDAP: ldapsearch . . . . . . . . . . . . . . . . . . . . . . . . . 314
7.4.4 Running the LDAP configuration wizard . . . . . . . . . . . . . . . . . . . . . 317
7.4.5 Configuring Workplace Services Express: LDAP over SSL . . . . . . 337
7.5 Configuring Workplace Services Express for Active Directory . . . . . . . . 346
7.5.1 Creating the required administrative accounts . . . . . . . . . . . . . . . . 346
7.5.2 Changing the Active Directory Schema . . . . . . . . . . . . . . . . . . . . . 347
7.5.3 Configuring Workplace Services Express files . . . . . . . . . . . . . . . . 353
7.5.4 Configuring optional read-only access to Active Directory LDAP . . 355
7.5.5 Disabling Workplace Services Express security . . . . . . . . . . . . . . . 357
7.5.6 Enabling Workplace Services Express security . . . . . . . . . . . . . . . 358
7.5.7 Configuring access to Active Directory over SSL . . . . . . . . . . . . . . 379
7.6 Configuring Workplace Services Express for Tivoli Directory Server . . . 384
7.6.1 Creating the required administrative accounts . . . . . . . . . . . . . . . . 384
Contents
v
7.6.2
7.6.3
7.6.4
7.6.5
7.6.6
7.6.7
Configuring Tivoli Directory Server . . . . . . . . . . . . . . . . . . . . . . . . . 385
Configuring Workplace Services Express files . . . . . . . . . . . . . . . . 395
Configuring optional read-only access to the LDAP directory . . . . . 397
Disabling Workplace Services Express security . . . . . . . . . . . . . . . 398
Enabling Workplace Services Express security . . . . . . . . . . . . . . . 399
Configuring access to Tivoli Directory Server over SSL . . . . . . . . . 420
Chapter 8. Troubleshooting, tips, and techniques for IBM Workplace
Services Express . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 425
8.1 Troubleshooting overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 426
8.2 Troubleshooting methodology (problem isolation) . . . . . . . . . . . . . . . . . 426
8.3 Install and system logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 427
8.3.1 Install logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 427
8.3.2 WebSphere and Workplace Services Express system logs . . . . . . 428
8.3.3 WebSphere Portal log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 429
8.3.4 Trace settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 429
8.3.5 Installation issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 430
8.4 Runtime issues: Unable to install portlets . . . . . . . . . . . . . . . . . . . . . . . . 431
8.5 LDAP troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433
8.5.1 Changing the LDAP server name or port after configuration . . . . . 433
8.5.2 Adding a unique ID to an Active Directory Schema . . . . . . . . . . . . 435
8.6 Optimization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440
8.6.1 Heap size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440
8.6.2 Remove People Finder or Instant Contacts . . . . . . . . . . . . . . . . . . 444
8.6.3 Team space templatable exception . . . . . . . . . . . . . . . . . . . . . . . . 444
8.6.4 Team calendar date error . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 446
8.7 Instant messaging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 447
8.7.1 Disconnected state . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 447
8.7.2 Instant Contacts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 448
8.7.3 Instant messaging fix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 448
8.8 Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 449
8.9 Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 450
8.9.1 Deploying a team calendar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 450
8.9.2 Template Builder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 457
8.10 Themes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 458
8.11 Backup and recovery. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 462
8.12 Security: Session timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 462
8.13 Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 466
8.13.1 Browser support and Java Runtime Environment check . . . . . . . 467
8.13.2 Copying documents in Windows Explorer. . . . . . . . . . . . . . . . . . . 468
8.14 Updating Microsoft Exchange 5.5 portlets. . . . . . . . . . . . . . . . . . . . . . . 469
Appendix A. IBM Workplace Services Express Version 2.5 . . . . . . . . . . 475
vi
IBM Workplace Services Express
Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 476
External databases. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477
Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 478
Configuration wizard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 478
Upgrading from Workplace Services Express V2.0 to Workplace Services
Express V2.5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 481
Templates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 482
Flyout page for People Finder and Instant Contacts . . . . . . . . . . . . . . . . . . . 483
Appendix B. Installing Domino (optional) . . . . . . . . . . . . . . . . . . . . . . . . . 485
Installing Domino . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 486
Install Domino Administrator and Lotus Notes Client . . . . . . . . . . . . . . . . . . . 498
Appendix C. Additional material . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 503
Locating the Web material . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 504
Using the Web material . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 504
How to use the Web material . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 504
Related publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 507
IBM Redbooks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 507
Online resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 507
How to get IBM Redbooks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 508
Help from IBM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 508
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 509
Contents
vii
viii
IBM Workplace Services Express
Notices
This information was developed for products and services offered in the U.S.A.
IBM may not offer the products, services, or features discussed in this document in other countries. Consult
your local IBM representative for information on the products and services currently available in your area.
Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM
product, program, or service may be used. Any functionally equivalent product, program, or service that
does not infringe any IBM intellectual property right may be used instead. However, it is the user's
responsibility to evaluate and verify the operation of any non-IBM product, program, or service.
IBM may have patents or pending patent applications covering subject matter described in this document.
The furnishing of this document does not give you any license to these patents. You can send license
inquiries, in writing, to:
IBM Director of Licensing, IBM Corporation, North Castle Drive Armonk, NY 10504-1785 U.S.A.
The following paragraph does not apply to the United Kingdom or any other country where such provisions
are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES
THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT,
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer
of express or implied warranties in certain transactions, therefore, this statement may not apply to you.
This information could include technical inaccuracies or typographical errors. Changes are periodically made
to the information herein; these changes will be incorporated in new editions of the publication. IBM may
make improvements and/or changes in the product(s) and/or the program(s) described in this publication at
any time without notice.
Any references in this information to non-IBM Web sites are provided for convenience only and do not in any
manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the
materials for this IBM product and use of those Web sites is at your own risk.
IBM may use or distribute any of the information you supply in any way it believes appropriate without
incurring any obligation to you.
Information concerning non-IBM products was obtained from the suppliers of those products, their published
announcements or other publicly available sources. IBM has not tested those products and cannot confirm
the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on
the capabilities of non-IBM products should be addressed to the suppliers of those products.
This information contains examples of data and reports used in daily business operations. To illustrate them
as completely as possible, the examples include the names of individuals, companies, brands, and products.
All of these names are fictitious and any similarity to the names and addresses used by an actual business
enterprise is entirely coincidental.
COPYRIGHT LICENSE:
This information contains sample application programs in source language, which illustrates programming
techniques on various operating platforms. You may copy, modify, and distribute these sample programs in
any form without payment to IBM, for the purposes of developing, using, marketing or distributing application
programs conforming to the application programming interface for the operating platform for which the
sample programs are written. These examples have not been thoroughly tested under all conditions. IBM,
therefore, cannot guarantee or imply reliability, serviceability, or function of these programs. You may copy,
modify, and distribute these sample programs in any form without payment to IBM for the purposes of
developing, using, marketing, or distributing application programs conforming to IBM's application
programming interfaces.
© Copyright IBM Corp. 2005. All rights reserved.
ix
Trademarks
The following terms are trademarks of the International Business Machines Corporation in the United States,
other countries, or both:
1-2-3®
AS/400®
Cloudscape™
DB2®
Domino Designer®
Domino®
Eserver®
Everyplace®
Express Portfolio™
i5/OS™
IBM®
iSeries™
K-station™
Lotus Notes®
Lotus®
Notes®
QuickPlace®
Redbooks (logo)
Redbooks™
Sametime®
SmartSuite®
Tivoli®
WebSphere®
Word Pro®
Workplace™
™
The following terms are trademarks of other companies:
Enterprise JavaBeans, EJB, Java, JavaBeans, JavaScript, JavaServer, JavaServer Pages, JSP, JVM, J2EE,
Sun, Sun ONE, and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United
States, other countries, or both.
ActiveX, Excel, Microsoft Internet Explorer, Microsoft, NetMeeting, PowerPoint, Windows server, Windows,
and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both.
Intel, Pentium, Intel logo, Intel Inside logo, and Intel Centrino logo are trademarks or registered trademarks
of Intel Corporation or its subsidiaries in the United States, other countries, or both.
Linux is a trademark of Linus Torvalds in the United States, other countries, or both.
Other company, product, or service names may be trademarks or service marks of others.
x
IBM Workplace Services Express
Preface
IBM® Workplace™ Services Express is software that makes it easy for you, your
colleagues, your teams, and your entire organization to quickly collaborate and
effectively work together. Designed specifically for small and medium-sized
organizations with less than a thousand employees, or departmental needs in
larger organizations, Workplace Services Express enables you to easily create,
edit, and share documents from your own customized Workplace environment.
This IBM Redbook will introduce you to Workplace Services Express and its
features and tell you how to deploy and customize it.
Whether you are a line-of-business manager who wants to understand the
business value of Workplace Services Express, an administrator who wants to
install it, or an application developer who wants to customize it, this Redbook is
for you.
The team that wrote this redbook
This redbook was produced by a team of specialists from around the world
working at the International Technical Support Organization, Cambridge Center.
Philip Monson is a Project Leader at the ITSO Lotus® Center in
Cambridge, MA. Phil has been with Lotus and IBM for 15 years,
joining the company when the early versions of Lotus Notes® were
rolled out for internal use. He has served in management,
technical, and consulting roles in the IT, Sales, and Development
organizations.
Robert Bry is the Enablement Manager for Worldwide
Messaging, Collaboration and Competitive Sales, IBM Software
Group in Cambridge, MA, U.S. As an Enablement Manager,
Robert is responsible for driving key IBM Workplace, IBM
WebSphere® Portal, and Collaboration software sales initiatives
to the IBM software sales teams related competitive awareness,
positioning, content, and sales tactics. He is also leveraged in
communicating the competitive differentiators of IBM
Workplace, Portal, and Collaboration software to global customers and partners.
In his prior role with IBM Software Group, he was an IT Specialist and Lotus
Worldwide Technology Advocate Team Lead, leading a Worldwide Technical
Sales team with evangelizing the value of IBM Messaging and Collaboration
© Copyright IBM Corp. 2005. All rights reserved.
xi
software. This is Robert's 10th year with IBM Software Group, and he has been
in the messaging and collaboration software industry for 14 years.
David Scouller is an EMEA Early Programme Manager with
the Global Product Introduction Centre based in the U.K. He
has more than 17 years of experience in the IT field working for
a number of diverse companies before joining IBM. He has
worked for IBM for nearly eight years in a number of roles,
including Lotus Information Systems, Software Services for
Lotus, and the Product Introduction Centre. His areas of expertise include IBM
Workplace Services Express, IBM Workplace, IBM WebSphere Portal, IBM Lotus
Domino®, Lotus Notes, Lotus Instant Messaging and Web Conferencing
(formerly called Sametime®), and Lotus Team Workplace (formerly called
QuickPlace®).
Gianluigi Marchetti is an IT Specialist working for IBM
Software Group in Italy. He joined IBM in 1998, and after three
years experience in Services, he moved to Software Group,
where he now works as a member of the Pan EMEA technical
sales team supporting Business Partner and customer offers.
Recently, he has focused on WebSphere Portal and IBM
Workplace products. Gianluigi is WebSphere Portal product
certified as a System Administrator. He holds a degree in Computer Science
from the University of Bologna, writing his diploma on Java™ security. His areas
of expertise include Lotus products (Domino, Lotus Instant Messaging and Web
Conferencing, Lotus Team Workplace, and so on), WebSphere, Java, databases,
and architectures. His main activities include making presentations, making
demonstrations, building prototypes, and speaking at Lotus and WebSphere
conferences.
Katinka Kantor is an IBM Presales IT Specialist. Her expertise
is in IBM collaborative technologies. Katinka has been a
member of the IBM Worldwide Technical Sales team for five
years. This team covers a variety of technical roles acting as
subject matter experts for activities ranging from enablement to
customer pilots and deployments.
Margaret O’Connell is a Senior Software Engineer in IBM
Software Group. She has been with IBM nine years and has
worked on the following products: Lotus SmartSuite®, Lotus
e-Suite, Lotus K-station™, WebSphere Portal (collaboration
services API and the original Notes view portlets), and IBM
Workplace, where she was the architect for the application
templating feature. In 2005, Margaret received an IBM
Outstanding Technical Achievement Award (OTAA) for the
xii
IBM Workplace Services Express
Workplace application templating work, and she is now proud to see the feature
move “down the stack” to WebSphere Portal, which will debut in a 2006 release
of WebSphere Portal. She is currently working on the XForms effort within IBM.
Margaret holds a master’s degree in Mathematics from Boston College.
Evans Opot is a Senior Consultant with Ascendant
Technology LLC, an IBM Premier Business Partner based in
Austin, TX. He has more than 10 years of IT consulting
experience and technical knowledge in Lotus Domino and
related products, such as Lotus Instant Messaging and Web
Conferencing, Lotus Team Workplace, Extended Search, and
Domino.doc. Lately, Evans has been focusing on projects
involving WebSphere Portal and Workplace Services
Express. He is an IBM Certified Professional in Lotus Notes
Application Development and System Administration. He holds a Bachelor of
Science degree in Business Administration from Miami University, OH.
Thanks to the following people for their contributions to this project:
Travis H. Smith, WebSphere Portal Release Manager, IBM
Bruce J. Roberts, Senior Technical Staff Member, IBM
Meggan Todd, Software Engineer, IBM
John Wylie, Sales Engineer, IBM
Yuriy Veytsman, Staff Software Engineer, IBM
Peter DeSandis, Technical Sales Manager, IBM
Pete Miller, WebSphere Portal Release Manager, IBM
David Nixon, Staff Software Engineer, IBM
Wendell Crosley, Information Development Specialist, IBM
Lisa Woody, Certified SW IT Specialist, IBM
Laurisa Rodriguez, IT Specialist, IBM
Larry McCants, Developer Relations, IBM
Patrick Curtin, Common Services Engineer, IBM
Patrick Lin, Software Engineer, IBM
Preface
xiii
Become a published author
Join us for a two- to six-week residency program! Help write an IBM Redbook
dealing with specific products or solutions, while getting hands-on experience
with leading-edge technologies. You'll team with IBM technical professionals,
Business Partners and/or customers.
Your efforts will help increase product acceptance and customer satisfaction. As
a bonus, you'll develop a network of contacts in IBM development labs, and
increase your productivity and marketability.
Find out more about the residency program, browse the residency index, and
apply online at:
ibm.com/redbooks/residencies.html
Comments welcome
Your comments are important to us!
We want our Redbooks™ to be as helpful as possible. Send us your comments
about this or other Redbooks in one of the following ways:
򐂰 Use the online Contact us review redbook form found at:
ibm.com/redbooks
򐂰 Send your comments in an e-mail to:
[email protected]
򐂰 Mail your comments to:
IBM Corporation, International Technical Support Organization
Dept. HYJ Mail Station P099
2455 South Road
Poughkeepsie, New York 12601-5400
xiv
IBM Workplace Services Express
1
Chapter 1.
Introduction
In the first chapter of this IBM Redbook, we introduce you to the exciting new IBM
Workplace Services Express product.
We discuss the role IBM Workplace Services Express plays as part of the IBM
Workplace strategy and family products and some of its unique characteristics as
key differentiators. We also preview some of its capabilities and provide you an
overview of what you can expect in the remaining sections of this book.
Note: At the time this book was written, IBM Workplace Services Express
Version 2.0 was the shipping product. The Redbook team had access to IBM
Workplace Services Express Version 2.5 beta code and included as much
V2.5 information as time permitted throughout the chapters. If you are working
with Version 2.5, be sure to check the IBM Workplace Services Express library
for the most up-to-date information:
http://www.lotus.com/products/product5.nsf/wdocs/workplaceservicesexpress
library
© Copyright IBM Corp. 2005. All rights reserved.
1
1.1 Introduction
IBM Workplace Services Express provides an easy to install and use
collaborative solution with an integrated portal. It is one of the newest innovative
solutions and a key part of the IBM Workplace strategy. As the name implies, IBM
Workplace Services Express is part of the IBM Express Portfolio™. IBM Express
Portfolio offerings are:
򐂰 Affordable and priced to meet the needs and budgets of small and midsized
businesses, offering per-user or group licensing options to suit your
requirements.
򐂰 Simple to install and use, featuring templates and wizards to help you get
started quickly and begin realizing value sooner—without adding IT staff.
򐂰 Designed with flexibility, enabling you to customize functions to suit your
business needs.
򐂰 Modular and scalable, letting you add features or other Express products as
your business needs grow or change.
1.2 What is IBM Workplace?
IBM Workplace represents the front end of computing. IBM Workplace is a family
of products, innovative technologies, and solutions for creating adaptive, unified,
secure work environments that can be customized based on users' unique roles
and skill levels in the organization. IBM Workplace products are designed to
transform productivity and enable people to make more informed decisions and
take targeted actions faster.
IBM Workplace is for organizations seeking broad gains in productivity, simplified
access to information and business processes, greater operational efficiency,
reduced costs, and increased responsiveness among colleagues, customers,
and business partners.
IBM Workplace supports open standards (including J2EE™ and Eclipse), and
runs on multiple client and server operating systems (including Linux® and Mac),
so virtually any existing or new IT investment can be intelligently integrated.
IBM Workplace solutions include one or more of these product families, as
shown in Figure 1-1 on page 3:
򐂰 IBM Workplace products
򐂰 IBM Lotus Notes and Domino products
򐂰 IBM WebSphere Portal products
2
IBM Workplace Services Express
򐂰 IBM WebSphere Everyplace® products
Figure 1-1 IBM Workplace family of products
1.3 What is IBM Workplace Services Express?
IBM Workplace Services Express is software that makes it easy for you, your
colleagues, your teams, and your entire organization to quickly collaborate and
effectively work together. Designed specifically for small and medium-sized
organizations with less than a thousand employees, or departmental needs in
larger organizations, Workplace Services Express enables you to easily create,
edit, and share documents from your own customized Workplace environment.
IBM Workplace Services Express provides document management, collaborative
team spaces, instant messaging, and access to Lotus Domino or Microsoft®
Exchange e-mail and calendars (or POP3 and IMAP e-mail), all from a single,
unified interface. Colleagues and teams can work together easily using intuitive,
adaptable Workplace environments for creating, editing, and sharing documents
right from their desktop or Web browser.
Chapter 1. Introduction
3
Core capabilities of IBM Workplace Services Express include:
򐂰 Creation of team spaces: Built-in, ready-to-use templates to create
collaborative work environments for users to participate in discussions,
organize a team project calendar, chat with team members, and enable
co-workers to create, search for, edit, and share project documents from their
Microsoft Windows® desktop, Microsoft Office application, or Web browser.
򐂰 Document sharing: Workplace Services Express is a server-managed
platform, which means that your documents, your information, and your entire
customized Workplace environment are stored on the server. Documents can
be shared in central document libraries, where multiple users can share
documents, edit, participate in approvals processes, and control versioning,
enabling you and your team to work better together.
򐂰 Drag and drop customization: End users can customize a personalized
experience and add links and business applications with a simple, intuitive
interface.
򐂰 Desktop productivity: Designed to work with what you have, for example,
Microsoft users enjoy easy and elegant integration with Windows Explorer
and Microsoft Office applications, and works with existing Microsoft Office
2000 and XP licenses (as well as Office 2003), without requiring any Office
upgrades to gain advanced collaboration capabilities. Workplace Services
Express also includes editors of its own so that you and your team can edit
and share simple documents, without having to purchase and install
traditional, expensive desktop productivity suites on each PC.
򐂰 Real-time collaboration: Integrated presence awareness and instant
messaging is available throughout the solution, which helps users identify the
online status of team members and take action with a single click to either
send an e-mail, engage in an instant messaging chat session, or look up that
user in the directory to retrieve additional contact information.
򐂰 Search: Search capabilities include searching for content across document
libraries, discussion forums, team spaces, and intranet Web sites. Users can
also search for individuals through a People Finder capability and then initiate
collaboration based on the search result, such as initiating an instant
messaging session or creating an e-mail.
򐂰 Application access: This feature provides the ability to integrate business
applications and information into a single point of access and adds
collaborative services around that access in the context of a collaborative
portal. Tools are also available to help create the application access.
򐂰 Simplified installation and management: A single server configuration
process that installs the necessary server components and provides unified
management access.
4
IBM Workplace Services Express
Workplace Services Express presents the user with a Welcome page when they
log on to the system. Figure 1-2 shows the Welcome page and highlights the key
components of the page.
Main Navigator
Tools Navigation
Awareness
Search for
People
IM Contacts
Getting Started Portlet
Figure 1-2 Quick tour of the IBM Workplace Services Express Welcome page
On the Welcome page, the user has access to the following features:
򐂰 Main navigator: This navigator enables the user to select one of the four main
pages for Workplace Services Express: Welcome, Mail, Team Spaces, and
Search.
򐂰 Tools navigation: This is a list of the links to the tools included with Workplace
Services Express and the help system. Depending on the assigned policies,
the user might see links to My Workplace, Templates, Administration, Edit my
profile, Actions, Help, and Log out.
򐂰 Getting Started portlet: This briefly describes the facilities available for the
users of Workplace Services Express.
򐂰 Awareness: This is the indicator for the user’s instant messaging status. It will
normally show “I am available,” “I am away,” or “Do not Disturb.”
Chapter 1. Introduction
5
򐂰 Search for people: This is the People Finder application and enables users to
search for people registered to use Workplace Services Express or within the
Lightweight Directory Access Protocol (LDAP) server.
򐂰 Instant messaging (IM) contacts: This enables users to add users and groups
to their Instant Contacts list or start a chat with one of the contacts listed.
1.4 Business value
IBM Workplace Services Express comes with significant out-of-the-box
functionality, including document-centric collaboration capabilities and 12
ready-to-use team space templates that enable project teams and workgroups to
get up and running quickly. It can be installed and configured in less than one
hour and quickly customized by an end-user community using simple list portlet
and drag-and-drop techniques, without assistance from IT or application
programmers, speeding time to value.
By simplifying the user environment, Workplace Services Express helps people
work more efficiently. Streamlined interactions with teammates and their work
increases productivity across the organization. Server-managed control of
role-based user work environments and team spaces, with consolidated
management of collaboration tools and business applications, simplifies
deployment and upgrades while reducing IT workloads and costs.
The business value that Workplace Services Express can provide small and
midsize organizations seeking to:
򐂰 Increase their profitability and competitive advantage through broad gains in
productivity
򐂰 Enable colleagues to work together and gain greater organizational
responsiveness, regardless of location
򐂰 Give employees the tools they need to make team meetings more efficient
and make better informed decisions
򐂰 Improve overall business process efficiencies, such as working with
customers, suppliers, partners, and colleagues
򐂰 Lower total cost ownership
1.5 Positioning and key differentiators
Many organizations that seek the best of breed in collaboration, document
management, data storage, search, and portal technologies struggle to integrate
and maintain these separate offerings in their environment. A number of these
6
IBM Workplace Services Express
solutions from various vendors require multiple infrastructure components with
separate deployment, administration interfaces, and fragile yet rigid
interdependences, such as mandating certain server operating systems, certain
data repositories, specific clients at the desktop, or development tools in order to
achieve rudimentary collaboration. Because of this complexity, a significant shift
and business requirement in the industry have emerged to provide organizations
an easy to deploy, secure, standards-based, open integrated collaborative
environment with a number of integrated collaborative capabilities built-in.
Figure 1-3 is an example of this sort of vision, to move away from disparate,
stand-alone systems for application servers, collaboration, data, and portal to a
more open integrated infrastructure. It is not a representation of the capability set
of Workplace Services Express, but instead an example of this shift in the
marketplace and the market drivers that are contributing to evolving customer
needs, requirements, and adoption patterns.
Figure 1-3 Market drivers for open and integrated infrastructure
Workplace Services Express represents an example of how IBM Software Group
is uniquely qualified to blend the industries’ leading collaborative capabilities,
portal framework, and data and information management and meet this business
requirement to provide many of the capabilities of an open, integrated,
collaborative environment.
What makes IBM Workplace Services Express unique?
IBM Workplace Services Express is designed to help small and midsized
businesses or departments in larger organizations improve the productivity of
day-to-day business processes through more effective collaboration. Built on
the server-managed deployment model that is a cornerstone of the IBM vision for
the front end of computing, Workplace Services Express is unique in its
Chapter 1. Introduction
7
simplicity, out-of-the-box collaborative functionality, and support for open
standards, providing organizations with greater business value, lower costs, and
faster return on investment. Additional (competitive) differentiators include:
򐂰 Simplification: Easy to use, easy to deploy, single server installation and
deployment model, drag-and-drop customization, familiar interface to
Windows users, easy to customize, easy to manage, easy to provision team
spaces and business applications, easy to create new team spaces, and no
touch/low touch desktops (for example, network-centric, not PC-centric) help
teams work together better and be more productive; self-service
customization and provisioning reduces IT burdens.
򐂰 Rapid deployment: Quick to install, quick and easy to use, rapid creation of
new team spaces, up and running quickly with 12 ready-to-go team space
templates, easy to customize online work environment to meet your and your
team's needs and reduce burden on IT staff.
򐂰 Integrated collaboration: A dynamic environment that brings together all of
the collaborative tools, applications, and connections required by the
business situation, for example, presence awareness, real-time chat, creation
of team spaces, search, document creation, editing, and sharing are all
integrated into a single user experience. Workplace Services Express also
provides easy access to your e-mail (IBM Lotus Domino, Microsoft Exchange,
or POP3/IMAP), calendar, and address book. A company’s existing business
applications can also be integrated into the Workplace Services Express
online Workplace environment to provide a unified experience for you and
your employees to find what they need to accomplish their job.
򐂰 Built on a Portal framework: Environment aggregates capabilities based on
the user’s identity and role and targeted to the business process context.
Workplace Services Express has a built-in Portal framework, based on IBM
WebSphere Portal and leverages the extensive capabilities set, such as the
IBM Workplace and WebSphere Portal Portlet Catalog to integrate thousands
of applications into a Workplace solution.
򐂰 Standards based: Extensible by IT organizations and industry vertical partners
to increase organizational responsiveness and agility.
򐂰 Flexible desktop productivity: To help companies increase productivity while
minimizing costs, Workplace Services Express is designed to work with what
you have and leverage existing investments in Microsoft Office 2000 or XP,
with no Office upgrade required, giving users convenient drag-and-drop
access and in-place editing of centrally stored and managed Microsoft
documents (Microsoft Office 2003 is supported as well). A community of
users is not constrained to a dedicated PC with traditional PC software loaded
on it. They can access their work spaces, with the documents, business
applications, people, and information they need, using a Web browser from
wherever they happen to be.
8
IBM Workplace Services Express
򐂰 Cross-platform support: IBM Workplace Services Express provides broad
support for hardware and software platforms and can be installed on either
Microsoft Windows or Linux servers (at the time of writing, IBM AS/400®
support on IBM Eserver® iSeries™ is coming soon). It supports Windows
Internet Explorer and Linux/Mozilla browser-based clients.
򐂰 Choice and flexibility: To help companies increase productivity while
minimizing costs, Workplace Services Express supports a choice of clients
from a standard browser on Windows and Linux to a full rich client
experience, open standards, and a range of tools to create and customize
your Workplace application environment, including prebuilt templates and
forms, integration with Domino, and integration with the Microsoft desktop
environment. Workplace Services Express can leverage an existing corporate
directory (LDAP) such as Domino, Microsoft Active Directory, or provide
directory services as part of the solution, and can also integrate with external
data sources such as DB and SQL (targeted for Version 2.5).
1.6 IBM Workplace Services Express terminology
This section defines important terminology we use in this book:
򐂰 A software development kit (SDK) is a tool set for developing applications in a
particular computer language or environment.
򐂰 An application programming interface (API) enables an application to work
with an operating system or with another program.
򐂰 A service provider interface (SPI) is a common interface used to achieve
compatibility between Microsoft Windows applications.
򐂰 Click-to-Action (C2A) is the framework that facilitates the exchange of
compatible data between portlets.
򐂰 IBM WebSphere Studio Application Developer is a comprehensive, integrated
development environment for visually designing, constructing, testing, and
deploying Web services, portals, and Java 2 Enterprise Edition (J2EE)
applications. WebSphere Studio Application Developer accelerates J2EE
development with a complete set of high-productivity tools, templates, and
wizards. For further information, see:
http://www.ibm.com/software/awdtools/studioappdev/
򐂰 A template is an XML file that defines a set of instructions for instantiating an
IBM Workplace application.
򐂰 A Workplace application is a collection of portal pages that can be
provisioned with portlets and Workplace components.
Chapter 1. Introduction
9
򐂰 A Workplace application category is where similar Workplace applications
are cataloged. Each application resides in a category.
򐂰 A Workplace component is the unit of function that can be added and
removed from a Workplace application. It is represented by a portlet and
Collaborative Component EJB™.
򐂰 Membership is a group of people with specified roles in a given Workplace
application.
򐂰 The Workplace application properties define general information such as the
name, category, and owner of the Workplace application.
򐂰 A Java archive (JAR) file is a platform-independent file format that permits
many files to be aggregated into one file.
򐂰 A Web archive (WAR) file is a JAR archive that contains a J2EE Web module.
򐂰 An enterprise application archive (EAR) is a JAR archive that contains a
J2EE application.
򐂰 A portlet is a Java-based Web component, managed by a portlet container.
1.7 IBM Workplace Services Express architecture
This section describes the overall architecture on which IBM Workplace Services
Express is built. It is not intended to be a comprehensive and detailed review of
the Workplace Services Express architecture, but rather a high-level summary of
the key technologies and their various relationships, as illustrated in Figure 1-4
on page 11.
Overall, Workplace Services Express architecture is broken into the concept of
Workplace business components, leveraging Workplace services, that run on top
of IBM WebSphere Portal services. All of the Workplace components share a
common base infrastructure of IBM WebSphere Application Server, IBM
WebSphere Portal, directory services, and a data store.
10
IBM Workplace Services Express
Figure 1-4 IBM Workplace Services Express architecture diagram
1.7.1 Infrastructure architecture
There are few key infrastructure components of IBM Workplace Services
Express you should be aware of as you move forward in this book. The basic
infrastructure elements that make up Workplace Services Express are
WebSphere Member Manager, portlets, and services. There are also supporting
elements such as a database, LDAP servers and HTTP servers.
The portlets and services components represent the core applications and
services within Workplace Services Express. Within these two components,
there are a number of key elements:
򐂰 WebSphere Application Server
WebSphere Application Server is the foundation on which all the other
services and components are built.
Chapter 1. Introduction
11
򐂰 WebSphere Portal
WebSphere Portal provides a foundation for the services and components
used by Workplace Services Express. Most importantly, most of the
Workplace components run within WebSphere Portal.
򐂰 Lotus Workplace protocol server
Lotus Workplace protocol server provides components that handle the
messaging and scheduling requirements of a Workplace solution. The bulk of
Workplace services run within the WebSphere Portal server.
This logical Infrastructure can be seen when starting a Workplace Services
Express server. Table 1-1 lists the server names and what they represent.
Table 1-1 Components of Workplace Services Express infrastructure
Server name
Server
WebSphere_Portal
WebSphere Portal server
LotusWorkplace_Server
Lotus Workplace protocol server
WebSphere Application Server
WebSphere Application Server is the foundation on which all the J2EE code that
is Workplace Services Express runs. Multiple Java application server processes
are started using WebSphere Application Server capabilities.
WebSphere Application Server provides the framework for services and
components that are essential to any J2EE application. These frameworks and
containers include:
򐂰 EJB container
򐂰 Web container
򐂰 Java virtual machine (JVM™)
There are many more. However, the important point is that WebSphere
Application Server provides many components that are the base for WebSphere
Portal and Workplace Services Express.
The default application server installed with WebSphere Application Server is
server1.
Note: The WebSphere Application Server server1 is not used with Workplace
Services Express and is not active when Workplace Services Express is
started.
12
IBM Workplace Services Express
WebSphere Portal
The WebSphere Portal server runs many parts of the Workplace Services
Express product. The list of services WebSphere Portal runs includes most of the
workplace messaging (SMTP), team collaboration, collaborative learning, and
document management services.
The Workplace Services Express user interface runs within WebSphere Portal.
This user interface is made up of the various portlets. Users interact with
Workplace Services Express through the Portal server and do not directly
interact with the other servers.
The WebSphere Portal server also hosts many of the Workplace components or
enterprise applications. Each of the Workplace Services Express enterprise
applications, designated by the .ear extension, is composed of portlets, a direct
display to users, and Enterprise JavaBeans™ (EJBs) that are responsible either
for containing the business logic or connecting to another system that contains
the business logic. These EJBs are the services that Workplace Services
Express provides.
It is also important for Workplace Services Express administrators and installers
to be aware of other critical services WebSphere Portal provides. These services
are especially important when you need to trace the root of a problem. For
example, if there is a user registry problem, you can consult WebSphere Member
Manager to find where this service is running.
The key facilities implemented in this layer include:
򐂰
򐂰
򐂰
򐂰
Portlet container and API
WebSphere Member Manager
Portal Document Manager (PDM)
WebSphere Portal Content Publisher
Lotus Workplace protocol server
The LotusWorkplace_Server contains the messaging protocol elements of the
Workplace Services Express platform, such as Simple Mail Transfer Protocol
(SMTP). The bulk of the Lotus Workplace services run within the
WebSphere_Portal server Java process.
For the most part, interaction with the services in Lotus Workplace server occurs
through requests that come from the portlets running in WebSphere Portal.
However, there are two situations where users interact with the server directly:
򐂰 Outgoing SMTP traffic
򐂰 Instant messaging traffic
Chapter 1. Introduction
13
Other infrastructure elements
As mentioned at the beginning of this section, there are other equally important
components that make up Workplace Services Express. These are
predominately HTTP services and back-end components.
HTTP
The HTTP server receives the HTTP and HTTPS requests originated by browser
clients and routes them to the protocol services on a Lotus Workplace protocol
server. An external HTTP server can be installed on a separate computer.
Database and LDAP
IBM Cloudscape™ provides database services to the Workplace Services
Express infrastructure and hosts the key Workplace Services Express
databases. Persistent storage of the data for the applications in Workplace
Services Express is stored in the database server configured at install time.
An LDAP server handles all authentication and user registry capabilities in a
Workplace Services Express infrastructure. WebSphere Member Management
capabilities are also leveraged behind the scenes by Workplace Services
Express, working closely with the LDAP server to provide a complete view of
user data.
WebSphere Member Manager
WebSphere Member Manager is the component of WebSphere Portal that
manages Workplace Services Express user and group attributes or user and
group information, such as names, e-mail addresses, and telephone numbers.
WebSphere Member Manager collects attributes associated with each user and
group in profiles. All Workplace Services Express components share profiles so
that users can log on once to use any Workplace Services Express component.
When Workplace Services Express is installed, it uses WebSphere Member
Manager as the user registry unless you transfer security to an LDAP server.
When used with LDAP, the WebSphere Member Manager user directory
configuration supported by Workplace Services Express is a lookaside database
used with an LDAP directory. The LDAP directory stores attributes that are
defined in the LDAP directory schema, for example, first names, last names, and
e-mail addresses. The lookaside database stores attributes that are particular to
Lotus Workplace products. WebSphere Member Manager manages the lookups
to the LDAP directory and to the lookaside database.
14
IBM Workplace Services Express
1.7.2 Portlets
Portlets are a central part of Workplace Services Express because they provide
the ability to deliver access to wide range of business applications and services
to the end user. The term portlet refers to a small portal application, usually
depicted as a small box on a Web page. A portlet is a reusable Web module that
runs on a portal server component of Workplace Services Express. Portlets have
predefined roles such as retrieving news headlines, searching a database, or
displaying a calendar. Web pages, Web services, applications, and syndicated
content feeds can be accessed through portlets.
Portlets are more than simple views of existing Web content. A portlet is a
complete application, following a standard model-view-controller design. Portlets
have multiple states and view modes, plus event and messaging capabilities.
Portlets run inside the portlet container of the WebSphere Portal component,
similar to the way a servlet runs on an application server. The portlet container
provides a runtime environment where portlets are instantiated, used, and finally
destroyed. Portlets rely on the WebSphere Portal infrastructure to access user
profile information, participate in window and action events, communicate with
other portlets, access remote content, look up credentials, and store persistent
data.
Generally, portlets are administered more dynamically than servlets. For
example, portlet applications consisting of several portlets can be installed or
removed while the WebSphere Portal component is running. The settings and
access rights of a portlet can be changed by an administrator while WebSphere
Portal is running, even in a production environment.
1.8 Structure of this book
This book is divided into the following chapters and appendixes:
򐂰 The current chapter, “Introduction,” provides an overview of the Workplace
Services Express product, its business value, differentiators, architecture, and
place in the IBM Workplace family of products.
򐂰 Chapter 2, “Installation and administration” on page 17 walks you through the
installation of Workplace Services Express on both Microsoft Windows and
Linux platforms. We also cover the administration of your Workplace Services
Express environment.
򐂰 Chapter 3, “Features and functionality” on page 45 describes all the features
you will find in Workplace Services Express, including team spaces, search,
applications, and templates.
Chapter 1. Introduction
15
򐂰 Chapter 4, “Document management” on page 139 covers all aspects of
document management in Workplace Services Express, including document
libraries and desktop integration.
򐂰 Chapter 5, “Themes and skins” on page 187 discusses themes and skins in
detail and has a special section about customization.
򐂰 Chapter 6, “Advanced configuration topics” on page 215 discusses the
technical aspects of using Workplace Services Express, such as the external
HTTP server, single sign-on, and SSL, and ends with detailed information
about the different supported mail and calendar portlets.
򐂰 Chapter 7, “Configuring IBM Workplace Services Express for external LDAP
directories” on page 285, one of the largest chapters in this book, begins with
LDAP basics and then provides the details of configuring Workplace Services
Express to work with the most popular LDAP products on the market.
򐂰 Chapter 8, “Troubleshooting, tips, and techniques for IBM Workplace Services
Express” on page 425 says it all in its title. Be sure to read this chapter for
more than just troubleshooting best practices: It includes good ways to
optimize and enhance your Workplace Services Express installation.
򐂰 Appendix A, “IBM Workplace Services Express Version 2.5” on page 475
describes the upcoming enhancements in the next release of Workplace
Services Express.
򐂰 Appendix B, “Installing Domino (optional)” on page 485 is a step-by-step
explanation of a Domino installation targeted toward a smaller business that
wants to leverage Domino for its directory capabilities.
򐂰 Appendix C, “Additional material” on page 503 is a special appendix that
contains details about how to use and download some great utilities, such as
a search index update tool and team calendar template.
16
IBM Workplace Services Express
2
Chapter 2.
Installation and
administration
This chapter describes the installation of IBM Workplace Services Express and
the administration of the product.
The installation section covers the hardware and software requirements for IBM
Workplace Services Express implementation. We then walk you through the
installation process as performed in our environment on Microsoft Windows 2000
SP4 and Windows 2003 machines. We also validated the installation process on
Linux, and where applicable, the Linux equivalent command is highlighted.
The administration section covers the administration of Workplace Services
Express using the WebSphere Application Server administrative console and
using the Workplace Services Express administration.
This chapter contains the following topics:
򐂰 Workplace Services Express hardware requirements
򐂰 Workplace Services Express software requirements
򐂰 Workplace Services Express installation instructions
򐂰 Workplace Services Express administration
򐂰 Workplace Services Express action links
򐂰 SMTP configuration for iCalendar
© Copyright IBM Corp. 2005. All rights reserved.
17
2.1 Requirements
In this section, we provide the hardware and software requirements.
Important: These requirements are based on Workplace Services Express
Version 2.0. For the latest hardware and software requirements including
future Workplace Services Express releases, refer to the IBM Workplace
Services Express Information Center, available at:
http://publib.boulder.ibm.com/pvc/wse/200/smb/en/InfoCenter/index.html
Hardware requirements
Workplace Services Express has the following hardware requirements:
򐂰 Processor: CPU speeds of late-model, mid-range to high-end servers are
recommended. Pentium® 4 processor at 2.0 GHz or equivalent at a minimum.
򐂰 Physical memory: 2 GB at a minimum per processor; 4 GB per processor
recommended for production environments.
򐂰 Disk space: 17 GB at a minimum.
Virtual memory/swap space: This value should be equal to double your
physical memory. At a minimum, this should be at least equal to your physical
memory.
򐂰 File system size:
– Linux (Intel®) systems: The Linux ext2 file system, which is used by
default, does not allow you to change the file system size. Therefore, you
should carefully plan in advance for the size of your file system to avoid
related problems.
– Windows systems: The NTFS file system is recommended.
򐂰 Network connectivity:
– Network adapter and connection to a physical network that can carry IP
packets, for example, Ethernet, token ring, or ATM.
– Static IP address is recommended.
– Configured fully qualified host name. The fully qualified host name is used
to identify the server. To ensure that this is configured correctly, issue the
ping command from a command line, for example, ping
hostname.yourco.com, where hostname.yourco.com is the fully qualified
host name.
18
IBM Workplace Services Express
Software requirements
Workplace Services Express has the following hardware requirements:
򐂰 Linux operating systems:
– Red Hat Enterprise Linux Advanced Server 2.1 for Intel (x86), Update 3
– SUSE LINUX Enterprise Server (SLES) for Intel (x86) 8 2.4 Kernel
򐂰 Microsoft Windows operating systems:
– Microsoft Windows 2003 Enterprise
– Microsoft Windows 2003 Standard
– Microsoft Windows 2000 Advanced Server SP4
– Microsoft Windows 2000 Server SP4
Note: For Windows 2003, check to see if you have the Terminal Services
installed before you install the product.
򐂰 Web browsers:
– Microsoft Internet Explorer® 6.0 SP1
– Microsoft Internet Explorer 5.5 SP2
– Mozilla Web Browser 1.4 (supported on Linux (Intel) systems and not
Microsoft Windows systems)
– Mozilla Web Browser 1.3
– Mozilla Web Browser 1.2.1
– Netscape Communicator 7.2
2.2 IBM Workplace Services Express installation
The IBM Workplace Services Express installation includes all the necessary
software required to get the site up and running.
Important: If you plan to use an existing LDAP user registry, you must perform
the appropriate configuration steps immediately after installation, and before
you start Workplace Services Express, as outlined in Chapter 7, “Configuring
IBM Workplace Services Express for external LDAP directories” on page 285.
Complete the following steps:
1. Insert CD 1-1 to launch the installer.
Chapter 2. Installation and administration
19
The installation program might automatically start when you insert the disc if
the Autostart function is enabled. Otherwise, run the Install.bat command
from the root directory of the CD drive (run Install.bat -console to perform
the installation in console mode).
Tip: If installing Workplace Services Express on Linux, run the following
command from the root directory of the CD drive:
򐂰 ./install.sh to install in graphical mode
򐂰 ./install.sh -console to install in console mode.
Remember that the following disk space is required for each directory:
򐂰 /: 1.5 GB or more (root directory)
򐂰 /opt: 2.5 GB or more.
򐂰 /home: 500 MB or more (home directory)
The default directory to install Workplace Services Express on Linux is
/opt, which you can change to any directory you like later. By default, /opt is
under / file system in default. If you choose to install Workplace Services
Express under /usr, 3.5 GB or more of disk space is recommended.
2. Select the language to use and click OK, as shown in Figure 2-1.
Figure 2-1 Language selection
20
IBM Workplace Services Express
3. Click Next on the Welcome panel to continue, as shown in Figure 2-2.
Figure 2-2 Welcome panel
4. Accept the Terms of the License Agreement after you have read it, and click
Next.
Chapter 2. Installation and administration
21
5. Specify the Directory where you would like to install Workplace Services
Express, as shown in Figure 2-3. The default directory is C:\Program
Files\IBM\WorkplaceServicesExpress.
Figure 2-3 Installation directory
22
IBM Workplace Services Express
6. Enter the Hostname of the computer where you are installing Workplace
Services Express, as shown in Figure 2-4.
The host name can be a fully qualified DNS name, short DNS name, or IP
address.
Figure 2-4 Workplace Services Express Hostname
Chapter 2. Installation and administration
23
7. Enter the User ID and Password of the Workplace Services Express
administrator, and then click Next to continue, as shown in Figure 2-5.
Figure 2-5 User ID and Password
Important: The User ID and Password fields cannot be blank, and the
password has to be at least five characters in length.
This user ID and password will be used to log in to the site after the
installation. This user ID is only used for Workplace Services Express
administration and is not related to any user IDs that are used to access
the operating system itself.
24
IBM Workplace Services Express
8. Verify the installation information, as shown in Figure 2-6. Click Back if you
need to make any changes; otherwise, click Next to begin the installation.
The installation will proceed until it prompts you for CD 1-2, and later, CD 1-3.
Figure 2-6 Installation verification
Chapter 2. Installation and administration
25
9. Select the Start IBM Workplace Services Express option to start Workplace
Services Express, as shown in Figure 2-7. However, if you want to configure
Workplace Services Express to use LDAP, clear the Start IBM Workplace
Services Express option. Click Next.
Important: If you intend to use an existing LDAP user registry, you must
perform the appropriate configuration at this point before you start
Workplace Services Express. Refer to Chapter 7, “Configuring IBM
Workplace Services Express for external LDAP directories” on page 285.
Figure 2-7 Installation complete
26
IBM Workplace Services Express
10.Assuming you selected the Start IBM Workplace Services Express option in
the step 9 on page 26, Workplace Services Express will be launched.
Loading Workplace Services Express takes some time, so be patient.
Figure 2-8 Starting IBM Workplace Services Express
Chapter 2. Installation and administration
27
11.Select the Launch First Steps option and click Finish to complete the
installation and launch First Steps, as shown in Figure 2-9. Alternatively, you
can clear the Launch First Steps option and click Finish to complete the
installation without launching First Steps.
Figure 2-9 Launch First Steps
28
IBM Workplace Services Express
12.Launch your site and log in.
If you cleared the Launch First Steps option in step 11 on page 28, type in the
URL address and specify port number 9081 on the browser window to start
Workplace Services Express. For example, we entered the following URL for
our server:
http://wse2.cam.itso.ibm.com:9081/lwp/workplace
If you selected the Launch First Steps option in step 11 on page 28, you can
launch your site from the First Steps window by clicking the Ready to Start?
Launch IBM Workplace Services Express link on the First Steps window.
Figure 2-10 First Steps
13.Click Log in in the upper-right corner after your site opens.
14.Enter the user ID and password that you entered during the installation and
click Log in to view the Welcome page of your site. See Figure 2-11 on
page 30.
Note: Loading the site takes some time, so be patient.
Chapter 2. Installation and administration
29
Figure 2-11 Log in to Workplace Services Express
2.3 Administration
IBM Workplace Services Express has two main areas for administration, the first
is the administration interface for the administrative console and the second is
the administration interface linked on the main page. This section describes the
Workplace Services Express-focused components for administration and covers
both these areas.
2.3.1 Administrative console
The administrative console provides a number of components to assist with the
management of the Workplace Services Express environment. The console is
accessed through a browser on port 9091 using a URL with the following format:
http://wse1.cam.itso.ibm.com:9091/admin
30
IBM Workplace Services Express
When you access the administrative console, you need to supply an
administrator user account and password; in typical Workplace Services Express
environments that do not have an external LDAP service, you would use the
account specified in installation, such as wpsadmin. When an LDAP service is
used, you might need to use the adminstrator user account of wpsbind, for
example, but this depends on the values you specified when configuring
Workplace Services Express to use LDAP.
The window displayed when you have logged in to the administrative console
provides a navigator, as shown in Figure 2-12. As you can see, the Workplace
components are highlighted. This is the area of the administrative interface on
which we concentrate.
Figure 2-12 Administrative console navigator: Workplace components highlighted
The Workplace components in the administrative console are used to perform a
number of tasks, including policies, mail, directory, server, and collaboration
settings. There are a number of components defined in the interface that are not
required for the management of Workplace Services Express. These are there to
provide configuration information for key services.
Chapter 2. Installation and administration
31
The main sections for administration are:
򐂰 Licenses: This section provides Workplace Services Express with information
about licensed components of the product. You do not need to make any
adjustments in this section unless indicated by IBM. The product is installed
and configured with all the licensing components to function correctly.
򐂰 Directories: This section provides configuration settings for the directories
used with Workplace Services Express.
򐂰 Archive: This feature is not used by Workplace Services Express.
򐂰 Users:
– Manage User Policies
– Manage User Mail Accounts
򐂰 Workplace Applications:
– Manage Workplace Application Polices
– Manage Workplace Applications
򐂰 Mail Cell-Wide Settings.
򐂰 Team Collaboration Cell-Wide Settings: This is used to specify configuration
settings for instant messaging (IM) and Session Initiation Protocol (SIP).
򐂰 Workplace Client Certificate Store: This is not used with the current version of
Workplace Services Express.
2.3.2 Removing the Templates link
In Workplace Services Express, all users by default are presented with the
Templates link in the top-right area of the browser, as shown in Figure 2-13. This
link should only be available to users who really need to work with the templates
in Workplace Services Express. This link is controlled in the Manage User
Policies area and specifically the Default User Policy.
Templates link
Figure 2-13 Templates link in Workplace Services Express
To amend the users who can edit templates, you can use the following steps to
remove the Templates link. This example edits the Default User Policy to remove
32
IBM Workplace Services Express
the Templates link. You then create a new policy and assign the relevant user to
the policy that allows the Templates link. Complete the following steps:
1. Start a browser and connect to the administrative console using port 9091, as
in the example URL:
http://wse1.cam.itso.ibm.com:9091/admin
2. Log in using an administrator account, such as wpsadmin or wpsbind, or one
that is applicable to you environment. After you log in, click the Workplace
navigator to expand the menu and then click the Users link to further expand
this section, as shown in Figure 2-14.
click here
click here
Figure 2-14 Workplace administration navigator
3. Click Manage User Policies, and a list of the current policies will be displayed
in the right frame of the browser window, as shown in Figure 2-15.
Figure 2-15 Manage User Policies list
4. Click the Default User Policy link in the Policy Name column to display the
settings for this policy.Scroll down through the policy settings until you reach
the setting Allow users to create and edit Workplace templates, as shown
in Figure 2-16. Clear this option.
Figure 2-16 Policy setting for Templates link
Chapter 2. Installation and administration
33
5. Click OK to save the policy change.
6. Click New to create a new policy, as shown in Figure 2-17.
Click New
Figure 2-17 Creating a new policy
7. In the policy settings window, enter a suitable name, such as Templates, give
the policy a meaningful description, and enter the scope of the policy. In the
example in Figure 2-18 we specify a scope of cn=wpsadmin,o=ibm. This
matches the fully distinguished name for wpsadmin in the Workplace
Services Express test environment using a Domino LDAP directory. Scroll
down the policy settings and locate the Allow users to create and edit
Workplace templates setting, as shown in Figure 2-15 on page 33. Ensure
that this option is selected.
Note: If your environment does not use an LDAP directory, the value for
the Scope of user policy would be uid=wpsadmin,o=Default Organization.
With the custom user registry, you need to create individual policies for
each user that requires access to the Templates link. If you use an LDAP
server with Workplace Services Express, you have greater flexibility in
defining policies by organization structure.
Figure 2-18 Basic policy settings
34
IBM Workplace Services Express
8. Click OK at the bottom of the settings window to save this policy.
9. After the policy has been changed, test Workplace Services Express to
ensure that it is working correctly by first logging in as wpsadmin (or the user
that you specified in the scope) to check that the Templates link is still
available. Second, test the policy for a normal user to ensure that the link has
been removed, as shown in Figure 2-19.
Figure 2-19 User logged in with disabled Templates link
2.3.3 Workplace Services Express administration
This section discusses the administrative features of Workplace Services
Express that enable you to administer your site using the Administration link on
the main page.
Note: To administer applications such as team spaces and document libraries,
you would use the Templates link, as discussed in 3.6, “Applications and
templates” on page 73.
The Administration link enables you to administer the following site settings,
which we describe in this section:
򐂰 Portal User Interface
򐂰 Portlets
򐂰 Access
򐂰 Portal Settings
򐂰 Portal Analysis
򐂰 Portal Content
Portal User Interface
The Portal User Interface enables you to perform the following Workplace
Services Express administration tasks, as shown in Figure 2-20 on page 36:
򐂰 Manage Pages
With this feature, you to can add, edit, delete, reorder, and activate pages and
labels. Available tasks depend on which item is selected.
Chapter 2. Installation and administration
35
򐂰 Themes and Skins
With this feature, you can add new themes or edit and delete existing themes.
In addition, you can add new skins or edit existing ones. You can also select a
default theme and skin using this administration feature.
Figure 2-20 Portal User Interface
Portlets
The Portlets administration feature enables you to perform the following
Workplace Services Express tasks, as shown in Figure 2-21 on page 37:
򐂰 Install
When installing a portlet, a Web archive (WAR) file is uploaded to the server,
added to the portlet catalog, and then activated.
򐂰 Manage Applications
This feature enables you to update and uninstall Web modules. A Web
module is a WAR file containing portlet applications. In addition, you can
activate, copy, modify, and delete portlet applications.
򐂰 Manage Portlets
This feature enables you to activate, deactivate, rename, copy, and delete
portlets and modify portlet parameters.
򐂰 Web Clipping
The Web Clipping Editor feature enables you to identify and extract specific
portions of a document for display in a portlet. You can choose to display an
entire document by referencing a URL or tag only a key section.
36
IBM Workplace Services Express
Figure 2-21 Portlets
Access
The Access administration task enables you to perform the following tasks, as
shown in Figure 2-22 on page 38:
򐂰 Users and Groups
This feature enables you to search for, edit, and delete existing users and
groups. You can also create new users and groups and modify group
membership.
򐂰 Resource Permissions
This feature enables you to set portal access roles. You can assign users and
groups access roles to various resources and determine the level of
interaction a user can have with that resource.
򐂰 User and Groups Permissions
This feature enables you to assign roles to users and groups.
򐂰 Credential Vault
This feature enables you to perform tasks specific to vault management. You
can add or manage vault segments and vault slots.
Important: These access settings are not for applications such as a team
space. To manage applications, use the Templates link.
Chapter 2. Installation and administration
37
Figure 2-22 Access
Portal Settings
The Portal Settings administration task enables you to assign the following
settings, as shown in Figure 2-23 on page 39:
򐂰 Global Settings
With this setting, you can define what the user sees in the portal, including the
default language and the Find link. The default language specified in Global
Settings applies to all users when the language preference specified in their
browser is not supported by Workplace Services Express.
Global Settings also determines what users see when they return to the portal
on subsequent visits. For example, you can choose to display the most
recently visited page rather than a default page.
򐂰 URL Mapping
This feature enables you to create user-friendly URLs and map them to
pages. You can define names that are easily remembered by your users. The
self-defined URLs can be published externally and thereby made available to
users.
򐂰 Custom Unique Names
This feature enables you to assign unique names or user-friendly names to
site resources. These custom unique names are easier to handle than the
object IDs assigned by the portal. They make identification of site resources
much easier.
򐂰 Supported Markups
This feature enables you to determine which markups the portal recognizes.
You can add, edit, activate or deactivate, and delete a markup. The
installation default is HTML.
38
IBM Workplace Services Express
Important: Removing or changing the HTML markup will cause portal
access problems.
򐂰 Supported Clients
This feature enables you to determine the types of devices that can be used
to access the site. You can add, edit, order, or delete clients.
If you need to test a portlet with a device simulator, you might need to add the
user agent string of the device simulator to the Workplace Services Express
client list. Consult the documentation included with the device simulator to
determine the user agent strings the simulator supports and add these using
the Supported Clients administration portlet.
򐂰 Search Administration
This feature provides administration for search facilities and indexes.
Figure 2-23 Portal Settings
Portal Analysis
The Portal Analysis administration task enables you to perform the following
tasks, as shown in Figure 2-24 on page 40:
򐂰 Frequent Users
This feature shows how many users are currently logged in.
򐂰 Enable Tracing
This feature enables you to enable or disable the tracing logs.
Chapter 2. Installation and administration
39
Figure 2-24 Portal Analysis
Portal Content
The Portal Content administration feature enables you to perform the following
task, as shown in Figure 2-25:
򐂰 Manage Document Libraries
This feature enables you to perform advanced management for document
libraries.
Figure 2-25 Portal Content
2.4 Actions link
The Actions link on the top-right navigator is dynamic. It provides a number of
actions that are dependant on where you are within Workplace Services Express
and whether or not you are logged in as an administrator or a normal user. See
Figure 2-26 on page 41.
40
IBM Workplace Services Express
Actions
Figure 2-26 Actions link
For a normal user on the Welcome, Mail, and Search pages of Workplace
Services Express, it provides the following actions, if you have access to these
functions, as shown in Figure 2-27:
򐂰 New Page
򐂰 Edit Page
Figure 2-27 Menu options
On the Team Spaces pages, this option is not available unless you are in a team
space or application. If you have moderator access to the application, you will be
able to edit it from the Actions link, as shown in Figure 2-28.
Figure 2-28 Edit option
When you log in to Workplace Services Express as an administrator of
Workplace Services Express, regardless of the page of Workplace Services
Express, the Actions link provides the following actions, as shown in Figure 2-29
on page 42:
򐂰 New Page
򐂰 Edit Page
򐂰 Assign Permissions
Chapter 2. Installation and administration
41
Figure 2-29 Administrator version of Actions link
2.5 SMTP configuration for iCalendar
In this section, we describe the configuration required to allow for calendar
entries to be e-mailed to users.
To configure the Simple Mail Transfer Protocol (SMTP) service, you need to know
the host name or IP address of your company’s SMTP server. We use this to
configure Workplace Services Express to route SMTP mail to that SMTP server
ready for delivery to the end user. In the following steps, we use Workplace
Services Express configured with a Domino SMTP server and a Domino LDAP
server for the user repository.
Complete the following steps:
1. Ensure that Workplace Services Express is started and connect to the
WebSphere administrative console using a browser on port 9091, as in the
following example URL:
http://wse1.cam.itso.ibm.com:9091/admin
2. Log in with the administrator account and password, such as wpsadmin.
3. Navigate to Workplace → Mail Cell-Wide Settings → SMTP
Outbound/Local Delivery, as shown in Figure 2-30 on page 43.
42
IBM Workplace Services Express
Figure 2-30 SMTP Outbound/Local Delivery options panel
4. In the Name of relay server field, enter the host name of your SMTP server,
as shown in Figure 2-31. Click OK.
Figure 2-31 Name of relay server
5. Click Save at the top of the frame and click Save on the master configuration.
6. Stop and restart Workplace Services Express to commit the changes.
When you use the Team project component within a team space, you can create
a meeting entry and invite attendees. When saving and sending the invitations,
Workplace Services Express will process the entries and send iCalendar e-mails
through the SMTP server to all the users listed and the chairperson. The e-mail
will conform to the iCalendar standard and can be processed by messaging
systems that support the standard.
Chapter 2. Installation and administration
43
44
IBM Workplace Services Express
3
Chapter 3.
Features and functionality
This chapter describes the features and functionality of IBM Workplace Services
Express. In this chapter, we discuss the following topics:
򐂰 Drag and drop
򐂰 Palette
򐂰 Team spaces
򐂰 Community and collaboration
򐂰 Search
򐂰 Applications and templates
򐂰 Lists
© Copyright IBM Corp. 2005. All rights reserved.
45
3.1 Drag and drop
IBM Workplace Services Express enables a user to rearrange a page to be
presented in a format that they require, rather than sticking to the supplied
format. This function is drag and drop and provides the ability to drag portlets
from one area of a page to another. This feature is available to use in a number
places within Workplace Services Express, including the normal pages, within
templates, and within customization of lists.
Drag and drop obeys the Workplace Services Express security, so if a page (or
section of a page) is locked, or you do not have sufficient rights to the page, you
will not be able to reorganize the Workplace Services Express page. Drag and
drop does not allow you to drag portlets from one page to another page. When a
user rearranges a page in Workplace Services Express, these changes are
saved for that person as part of the personalization and are not reflected on any
other user’s page. This enables each user to have their own layout within
Workplace Services Express.
The following steps illustrate how drag and drop works on a normal Workplace
Services Express page:
1. Log in to Workplace Services Express.
46
IBM Workplace Services Express
2. Move the cursor over the title bar of the My Stocks portlet on the Welcome
page. The pointer will change from the standard cursor arrow to a cross, as
shown in Figure 3-1.
cross-style cursor
Figure 3-1 Cross-style cursor
Chapter 3. Features and functionality
47
3. Press and hold the left button while the cross-style cursor is displayed and
drag the My Stocks portlet toward the gap between the Instant Contacts and
Bookmarks portlets on the right side of the Welcome page until you see an
orange horizontal bar display, as shown in Figure 3-2.
Figure 3-2 Dragging the My Stocks portlet to a new location on the Welcome page
4. Release the left button to drop the My Stocks portlet into its new position. The
page will refresh, and the portlet will now reside in the new location, as shown
in Figure 3-3 on page 49.
48
IBM Workplace Services Express
Figure 3-3 My Stocks in the new location on the Welcome page after a dragging and dropping action
3.2 Palette
IBM Workplace Services Express includes a feature called the palette, which is
displayed on every page under the content root of My Workplace. The palette is a
flyout page that is fully customizable by users and the Workplace Services
Express administrator. The palette enables users to quickly deploy portlets to a
page. There are some portlets that should not be deployed by this method
because they will not deploy correctly. In these instances, the portlets should be
deployed through an application template (for more information, see 3.6,
“Applications and templates” on page 73). The following portlets cannot be
deployed to Workplace Services Express pages from either the palette or from
the Workplace Services Express administration page.
򐂰 Discussion
򐂰 Chat
򐂰 Team Task List
򐂰 Team Calendar
򐂰 Team Space
Chapter 3. Features and functionality
49
򐂰 Membership (Members, Participants, Community)
The just listed portlets all require the Workplace Services Express application
infrastructure services to function and, therefore, generate an error when
deployed to a normal page within Workplace Services Express. The Workplace
Services Express application infrastructure includes the components for
membership. To deploy these portlets, you must create an application template
within Workplace Services Express. When you create a template, you must use
one of the existing templates as a starting point. If none of the existing templates
fits your application requirements, create one using the “Blank Template.”
You can show or hide the palette by clicking the slider, as shown in Figure 3-4.
See Figure 3-5 on page 51 for an example palette flyout page.
Slider
Figure 3-4 Palette slider
50
IBM Workplace Services Express
Categories
Portlets
Figure 3-5 IBM Workplace Services Express palette flyout page
On the palette, there are two default categories: Portlets and Lists, as shown in
Figure 3-5. In each of these categories, there are a number of prepopulated
portlets ready for user deployment. To add one of the portlets to your page, drag
it from the palette and drop it in the area where you want it to be located. When
dragging a portlet onto a page, you will be able to see when you are over a valid
location to deploy the portlet by the appearance of an orange horizontal bar. See
Figure 3-6 on page 52 for an example of this action.
Chapter 3. Features and functionality
51
Figure 3-6 Deploying the Agenda list portlet to a page
The palette will obey page security and locks, so in the event of a user trying to
deploy a portlet to a locked page, for example, they will not be presented with an
orange horizontal bar.
Customizing the palette
The palette can be customized by adding additional categories or additional
portlets. When a user makes changes to the palette, the changes are saved for
the next use by that user. To add a new category to the palette, complete the
following steps:
1. Start Workplace Services Express:
a. Open a command prompt session.
b. Navigate to the install root of Workplace Services Express for your
installed platform, as in the following examples:
C:\IBM\WorkplaceServicesExpress
Or:
/opt/IBM/WorkplaceServicesExpress
52
IBM Workplace Services Express
c. Issue the following command, waiting for it to complete:
startWorkplaceServices.bat
Or:
./startWorkplaceServices.sh
2. Log in to Workplace Services Express:
a. Open a browser session and go to:
http://yourhostname.yourco.com:9081/lwp/workplace
b. Click Log in at the top-right area of the browser.
c. Enter the user wpsadmin and the password.
3. Edit the palette, add a new category, and add the Domino Application portlet
to the new category:
a. Click Edit to add a new category, as shown in Figure 3-7.
Edit button
Figure 3-7 Palette Edit button
b. Click New, as shown in Figure 3-8 on page 54.
Chapter 3. Features and functionality
53
New button
Figure 3-8 Create a new category
c. Enter a new Category Name, such as My Portlets, and click Add, as
shown in Figure 3-9.
Category name
Figure 3-9 New Category Name: My Portlets
d. We want to add the Domino Application portlet to our newly created
category. To find this portlet, type Domino in the Title contains field and
then click Search, as shown in Figure 3-10 on page 55.
54
IBM Workplace Services Express
search string
Search
button
Figure 3-10 Searching for portlets with Domino in the title
e. Select the Domino Application Portlet and click OK to add it to the
desired category, as shown in Figure 3-11.
Figure 3-11 Select the Domino Application Portlet and click OK
f. Click OK to exit the edit mode. You should now see your category listed in
the portlet palette.
Chapter 3. Features and functionality
55
g. Expand the new category to see the new portlet you have added, as
shown in Figure 3-12.
Figure 3-12 New category and Domino Application Portlet
4. You now can drag and drop this portlet on to the page and configure for use.
The previous steps enable you to add any of the supplied portlets to the palette
and use this method to deploy them to a page in Workplace Services Express.
Note: Remember that a number of portlets cannot be deployed by this
method. They have to be deployed using a template. See 3.6, “Applications
and templates” on page 73 for more details. Where possible, as a best
practice, use templates for deploying these portlets (that is, add them to a
template through the Template Builder).
When a user or administrator adds a new category or portlet to the palette, those
changes are only available for that user. Therefore, in the previous examples,
where we added a new category, My Portlets, the category will only be available
to that user.
3.3 Team spaces
When people are working together on something, we want to enable them to
create their own “Web site,” which is really just an area of Workplace Services
Express where they can share information and do their work. We call this work
56
IBM Workplace Services Express
area a team space. A team space is a collection of pages and portlets that are
prewired to handle a certain type of work or business process. So, for example,
your team space might include a chat room or shared calendar or discussion
library. You can do other things such as taking a survey or tracking a task list. You
can integrate other existing portlets; it is not limited to things that have a
collaboration purpose.
The team itself can decide what the pages and portlets are included, and the
team can manage its own membership list to decide who can do what inside the
team space. You do not need any IT assistance to set up a team space. Team
space highlights include:
򐂰 Membership: Enables the moderator of a team space or Web conference to
define and control member access and participation.
򐂰 Instant messaging and presence awareness: Know instantly whether a
person is available to collaborate, share information, or take action.
򐂰 Project task management: Create, edit, and track tasks and assign them to
team members.
򐂰 Team calendar: Create and view group calendar entries (including Web
conference invitations) for the team.
򐂰 Discussion forums: Create Web-based discussion forums, or a forum within a
forum, and allow members to engage in threaded discussions.
򐂰 Document Manager: Create and import documents into folders and manage
them with built-in methods for tracking changes and comments made by team
members.
򐂰 Chat room: Engage team members in an instant message facility that can be
searched and archived.
򐂰 Search: Search for text strings across the entire team space.
Team spaces are strictly dependent on the templates you use to build them. If
you want to set up a different team space, first create a different template and
then build the team space on this new template. To create a new team space,
click New on the Team Space portlet in the Team Spaces → Team Spaces
menu, as shown in Figure 3-13 on page 58.
Chapter 3. Features and functionality
57
Figure 3-13 Create a new Team Space
To open it, just click the title link, as shown in Figure 3-14.
Figure 3-14 Templates for Team Spaces
In the left column in Figure 3-15 on page 59, you see the components that
belong to the team space just created using the Customer Support Team
template: Customer Support Team Home, Schedule, Documents, Discussion,
Chat Room, and Search.
58
IBM Workplace Services Express
Figure 3-15 Team Space details
First, you should extend the members access list, deciding who can access the
team space and if this user a moderator or a contributor. To do this, use the
Members portlet on the upper-right corner of the Team Space home page, as
shown in Figure 3-16 on page 60.
Chapter 3. Features and functionality
59
Figure 3-16 Members portlet
If you want to make this team space public, click Actions → Give all Workplace
users access as: Contributors, as shown in Figure 3-17. In addition, you can
authorize the user or groups, or both, to be Contributors or Moderators.
Figure 3-17 Make the Team Space public
Because the Schedule tab contains only a couple of portlets (Calendar and
Vacation Scheduling), we now move to the Discussion tab (if you want
information about the Documents tab, refer to Chapter 4, “Document
management” on page 139).
60
IBM Workplace Services Express
Using the Discussion Forums portlet available by accessing the Discussion tab,
you can create one or more new forums. See Figure 3-18.
Team members can create discussion forums on any subject. Within each forum,
team members create new topics, reply to existing topics, and reply to replies,
resulting in discussion threads. Topics and replies in a thread are called posts.
Administrators use policies to control who can create and use discussion forums.
Using the membership component, team space moderators determine what level
of access members have.
Members who have moderator access can create, edit, lock, unlock, and delete
forums; create, edit, and delete topics; create and delete replies; and lock,
unlock, and delete threads. Members who have contributor access can create
topics and replies, and edit and delete their own topics and replies.
The forum has no moderator (in a forum meaning), so a post is immediately
available.
Figure 3-18 Discussion Forums
Inside the forum, a simple search engine is available, so you can search posts
based on their title or content.
One more component that has been included with this team space is the chat
room: It provides a place for team space members to have real-time discussions
Chapter 3. Features and functionality
61
or chats. Unlike instant messaging, the chat room is always open and ready for
any team space member to join and add messages. Members can add
messages, leave the chat room or team space, and then return and add more
messages.
When a chat transcript is archived, it is saved for future reference. You can look
up archived transcripts. To archive a chat transcript, click the Archive now
button, as shown in Figure 3-19.
Figure 3-19 Archive a chat
You can also decide to schedule archives. Click the Schedule archives button to
access to the panel shown in Figure 3-20 on page 63.
62
IBM Workplace Services Express
Figure 3-20 Scheduling archives
If you are a moderator in the team space, you are also a moderator of the chat
room. Moderators can participate in chats, archive chats, and manage the
archives. If you are a contributor in the team space, you can participate in chats
and look up archived transcripts.
The Current participants list is sorted alphabetically. A hand, or “typing,” icon is
displayed next to a participant when a participant types a message. The Past
contributors list is also sorted alphabetically.
Search is the last component of this team space. This is a simple search with
some limitations, as listed in the following Restriction box.
Chapter 3. Features and functionality
63
Restrictions:
򐂰 Search is not case-sensitive.
For example, if you search for content about the country China, the result
set might include other documents associated with china (of the pottery
kind) unless you include or exclude certain words using symbolic
operators, for example:
china -pottery +asia
򐂰 Search ignores punctuation, such as periods or commas, unless they are
enclosed in a quoted phrase.
򐂰 Search ignores the logical operators OR and NOT, but converts AND to the
plus sign (+).
Search converts an AND between terms to a plus sign (+) that will appear
in front of both terms. An AND at the end of a search string converts to + in
front of the preceding term.
In a Search query, an AND between two quoted phrases converts to a +
before each term or quoted phrase. However, if you put an AND between
more than two terms or phrases, search strips out the AND but does not
convert it. For example:
– dog AND cat becomes +dog +cat
– dog cat AND rat mouse becomes dog cat rat mouse
OR is implied when you type more than one word. If you use OR without
enclosing it within quotation marks, the OR is removed from the query.
If you use NOT without enclosing it within quotation marks, it is treated as
another search term. Use the minus sign (-) to exclude documents that
contain a certain term from the results.
򐂰 If you use parentheses or wildcards without enclosing them within
quotation marks, they are removed from the query string. These operators
are not supported.
3.4 Community and collaboration
IBM Workplace Services Express provides portlets that facilitate team
collaboration, such as mail, calendar, and address book features. You must have
a back-end server, such as a supported version of Exchange or Domino, in order
to configure mail and other collaborative portlets. Refer to the Chapter 6,
“Advanced configuration topics” on page 215 for example screen captures and
detailed information about configuring the mail and calendar portlets.
64
IBM Workplace Services Express
Presence awareness and instant messaging are included and usable throughout
Workplace Services Express. Presence is a visual indicator of a person’s online
status: available, away, unavailable, or offline, as shown in Figure 3-21 and
Figure 3-22. You can use the presence indicators to decide whether to contact
someone through instant messaging or perhaps to e-mail them instead. Invoking
an instant messaging session, or chat, is an easy option if a person is available.
To help you find other Workplace Services Express users, we provide the People
Finder portlet, which can search your personal address book or the corporate
LDAP directory. Anywhere that you see a person’s name, the person’s name is
“live,” so you can get a business card for that person, which lets you see their
contact information and take actions, such as sending e-mail or using instant
messages to chat with them.
Workplace Services Express includes an instant messaging server, which is
installed and configured when you install the software. This means that you can
chat with any other users who are registered in Workplace Services Express.
Workplace Services Express uses a native Session Initiation Protocol (SIP)
infrastructure to provide instant messaging capabilities. It uses browser-based
instant messaging with presence management, and people links for presence
awareness in applications. There is a contact list management portlet called
Instant Contacts for users to store their contacts.
Figure 3-21 People awareness
Figure 3-22 Customize online status
First, let us examine presence in Workplace Services Express. When you log in
to Workplace Services Express, your online status is registered with the server,
and a presence indicator or icon appears next to your name in the Team Space
Members portlet. The names of other Workplace Services Express users, along
Chapter 3. Features and functionality
65
with their respective presence states, are also displayed in this list. In the team
space shown in Figure 3-23, the Members portlet is on the right. There we see
that Evans is away, Katinka is busy, and Gianluigi is available. Also notice that the
team members are organized into groups, Contributors and Moderators; we
explain more about this in 3.3, “Team spaces” on page 56.
Figure 3-23 Different online status
Note: Workplace Services Express will automatically change your status from
available to away after a short period of inactivity.
3.4.1 Instant Contacts
The Instant Contacts portlet provides you with a place to store your buddies for
instant messaging within Workplace Services Express. Figure 3-24 shows an
example of a populated list.
Figure 3-24 Instant Contacts portlet
66
IBM Workplace Services Express
The portlet enables you add and remove users or groups from the list. In
Figure 3-25, you can see the available actions for the Instant Contacts portlet.
Figure 3-25 Actions available for the Instant Contacts portlet
The actions available in the Instant Contacts portlet are:
򐂰 New contact: The option enables you to add users from your user registry or
LDAP directory if Workplace Services Express is enabled to use LDAP, as
shown in Figure 3-26.
Figure 3-26 Add a new user
򐂰 New group: This options enables you to add new groups to the contacts list.
򐂰 Start chat: You can use this option to start a chat with a user. When you select
this option, the Directory search page opens, defaulting to the My Instant
Contacts list. You can select a user from the list and start a chat or invite
several users to participate in a multiway chat.
Chapter 3. Features and functionality
67
򐂰 Organize list: This enables you to organize your contacts and groups, as
shown in Figure 3-27.
Figure 3-27 Organize list
򐂰 Show online contacts only: This enables you to toggle the view to show only
online users. If this is selected, the Actions menu will change the option to
Show all contacts.
򐂰 Expand all groups: This enables you expand all the groups within your list.
򐂰 Collapse all groups: This enables you collapse all expanded groups in your
list.
The list uses live names to allow you to see the user status, start chats, look up
details, and remove users from the list. See Figure 3-28 on page 69 and
Figure 3-29 on page 69 for the options available for active and inactive users.
68
IBM Workplace Services Express
Figure 3-28 Live name menu in Instant Contacts for active person
Figure 3-29 Live name menu in Instant Contacts for inactive person
Note: The position of the Instant Contacts portlet is different in Version 2.5 of
Workplace Services Express. Refer to “Flyout page for People Finder and
Instant Contacts” on page 483.
Chapter 3. Features and functionality
69
3.4.2 People Finder
Figure 3-30 shows a close-up view of the People Finder portlet, which integrates
with your company LDAP directory.
Figure 3-30 People Finder
70
IBM Workplace Services Express
The quick search lets you search by name, phone number, department, e-mail
address, or job title. The advanced search lets you search by any attributes in the
user’s profile record, as shown in Figure 3-31.
Figure 3-31 Advanced People Finder search page
Figure 3-32 on page 72 shows a close-up view of the live name menu, where you
can see a person’s business card information, start a chat, send an e-mail
message, and so forth.
Chapter 3. Features and functionality
71
Figure 3-32 Search results and online center menu
Note: The position of the People Finder portlet is different in Version 2.5 of
Workplace Services Express. Refer to “Flyout page for People Finder and
Instant Contacts” on page 483.
3.5 Search
Workplace Services Express includes search capabilities that enable users to
search for content within the applications, team spaces, and document libraries.
The search engine regularly indexes the data stored with Workplace Services
Express.
The Search dialog box is available with the team spaces: Applications page and
the document library, as well as on the Search page. To be able to search, the
administrator has to ensure that you have the selected Allow Team Spaces and
Allow Workplace Builder in User Policies assigned. You can add search data
sources, such as internal or external Web sites, as needed. In addition, you can
set how many results search returns.
You can enhance your users' search capabilities in the following ways:
򐂰 Adding data sources to search
򐂰 Specifying the number of results returned per page
򐂰 Specifying the maximum number of results per query
72
IBM Workplace Services Express
򐂰 Changing the order of search source tabs
The sources that can be added for a search are Web sites or search results
provided by IBM Lotus Extended Search.
The configurable search parameters for Workplace Services Express are located
in two properties files:
򐂰 lwpsearch.properties
򐂰 wcm.properties
The lwpsearch.properties file contains the search-related default values. Open
the lwpsearch.properties file located in the <wse_root>\AppServer\properties
folder. You can set the following parameters:
򐂰 usp.cache.resultcount=100: Specifies the default value for the maximum
number of results returned per query.
򐂰 federate.query.timeout=180 (seconds): Controls how long search attempts to
find matches to the search query across multiple data sources before
stopping the search and returning partial results.
The wcm.properties file contains the index-related default values. Open the
wcm.properties file located in the
<wse_root>\AppServer\wpcp\config\<node_name>\server_name\author folder.
You can set the following parameters:
򐂰 wcm.maxDocIndexCount: Specifies the document count, the maximum
number of documents to be added/edited before a project is indexed.
򐂰 wcm.maxIndexTime: Specifies the time stamp, the maximum time a project
with documents has to wait before being indexed.
򐂰 wcm.maxExpireIndexTime: Specifies the index expiration time, the maximum
time that an index can be running for a particular project.
3.6 Applications and templates
This section describes the powerful features of Templates, the editing and
customization tool that comes with IBM Workplace Services Express. We first
give an overview, discuss some terminology, and then follow with a detailed
example of using the templates to customize an application.
3.6.1 Overview
Templates is an application assembly tool for business analysts, application
managers, and designers. It is intended for the business user that understands
Chapter 3. Features and functionality
73
the business model and business processes. Templates are designed to help the
business user rapidly assemble components into applications that revolve around
a business process.
The user who creates an application becomes the default moderator and can
specify additional moderators.
The application moderator performs most of the administration tasks. The
moderator specifies whether an application is open to all authenticated users or
to application members only. In addition to specifying membership in the
application, moderators edit the names and descriptions of applications and the
layout of pages within applications.
Application moderators can create applications from templates, as well as save
new applications as templates for reuse by other users to add value to Workplace
Services Express.
3.6.2 Applications and templates
A Workplace Services Express application is a collection of pages and portlets
that address a business need for a particular group of users, as shown in
Figure 3-33. Examples of applications include:
򐂰 Team spaces
򐂰 Document library
򐂰 Chat room
򐂰 Discussion
򐂰 Team project
Figure 3-33 A Workplace Services Express application page
74
IBM Workplace Services Express
Workplace Services Express applications are created from templates. These
Workplace Services Express applications can be distributed and managed by
business users and administrators to provide targeted functionality to specific
groups of users.
Templates
A Workplace Services Express application is made up of business components. A
business component is an encapsulation of a business concept or process. A
Workplace Services Express application includes many business components,
such as Discussion, Team Calendar, Team Task List, Document Library, Search,
and People Finder. We can also add our own business components to an
application, which can even include a portlet that accesses a Lotus Domino
database.
Workplace Services Express provides a number of predefined templates:
򐂰 Blank Template
򐂰 Chat Room
򐂰 Customer Support Team
򐂰 Discussion
򐂰 Document Library
򐂰 Employee HR Site
򐂰 Event Planning
򐂰 Human Resources Team
򐂰 Marketing Team
򐂰 Meeting Materials
򐂰 Sales Team
򐂰 Team Project
We could just deploy portlets to a page and have a Workplace Services Express
application. However, with Workplace Services Express, we now have the ability
to make our applications into templates. A template defines the Workplace
Services Express application, its pages, and the application components
deployed on each page, as shown in Figure 3-34 on page 76. In this way, we can
provide a preconfigured set of portlets and pages targeted to a specific business
task. These applications have the distinct advantage of being able to be modified
by an end user. In addition, administrators are able to control the deployment
using user roles and other administrative features.
Chapter 3. Features and functionality
75
Figure 3-34 Workplace Services Express template construction
Important: To work with a template, you must have access to Templates, the
application for viewing and editing templates. To see the Templates link, you
must be granted the user policy “Allow users to create and edit Workplace
templates” in the administrative console, as discussed in 2.3.1, “Administrative
console” on page 30 and 2.3.2, “Removing the Templates link” on page 32.
The default policy is that all users are enabled to create and edit templates.
Applications
All Workplace Services Express applications are based on a template. When
customizing an application, you can choose to either modify the existing
application or choose to modify the template on which that application is based.
An example of modifying an existing application is adding your own component
to an existing team space. However, if you wanted to have that modification
appear for all future team spaces, you would modify the template and add your
component to the template. It is also possible to save an existing application as a
template.
Roles
Each application has members, individuals, and groups that are assigned roles
that determine their access to the application. The names of members appear in
the Members portlet that is displayed in every application. Generally, application
managers appear as Moderators and application users are Contributors, or any
other defined role.
Application access is determined first by the roles defined in the template, and
then by the level of access that each role permits for Workplace objects. The
Workplace objects include the template or application, its pages, and the
application components deployed on each page.
76
IBM Workplace Services Express
Permission to work with Workplace Services Express templates and applications
is determined by user policies, assigned template roles, and Workplace Services
Express membership roles:
򐂰 User policies: Provide permission at the most fundamental level for users to
work with templates and applications. Workplace Services Express
administrators set user policies.
򐂰 Template roles: Provide permission to edit or use templates. Template roles
are assigned to users by template owners.
򐂰 Membership roles: Provide permission to work with a Workplace Services
Express application. Application owners assign member roles in a Workplace
Services Express application.
Required components for templates and applications
As mentioned previously, Workplace Services Express information and
membership are essential components of every Workplace Services Express
application. These components are displayed in the Information portlet and the
Members portlet. Because these portlets must be available in every template or
application, they should not be deleted. The Information portlet is used to
describe what the application is and also acts as a home portlet for the
application. It also contains a Rename button so that a user with the correct
privileges can change the name of the application. The Membership portlet is
used to store specific access rights to this application. The size limit of a
Workplace Services Express application is set by the application policy in the
administrative console for the Workplace Services Express server. By default,
the size is set at 60 MB; there is also a setting within the policy to allow a warning
message to be displayed if the size of the application approaches that limit.
3.6.3 Accessing templates
If you have access rights to Templates, you will be able to see a link for it at the
top-right section of the page next to the My Workplace and Administration links,
as shown in Figure 3-35 on page 78.
Chapter 3. Features and functionality
77
Figure 3-35 Accessing Templates
When you click the Templates link, you enter the Workplace Template Library.
From the library, you can modify and customize an existing Workplace Services
Express application template or create a new template, which, in turn, can be
used to create and deploy customized Workplace Services Express applications.
After you design a template, you set template access so that teams within your
organization can create team-specific applications based on your template
design. Figure 3-36 on page 79 shows a list of applications and their owners
(with live name status), along with their category and date last saved.
78
IBM Workplace Services Express
Figure 3-36 Template Library
3.6.4 Using the templates
We now describe how to use templates to create a new Workplace Services
Express application for managers to collaborate online about sales for the
(fictitious) ITSO Widget Corp. To do this, we base the application on the Team
Project template, but add our own application components using some Domino
data.
From the Template Library shown in Figure 3-36, we create a new template by
clicking the New button. The window shown in Figure 3-37 on page 80 opens. It
includes the following fields that must be completed:
򐂰 Template name: The name that will represent the application; we entered
Widget Sales.
򐂰 Category: The area within Workplace Services Express that the application
will be available from, in this case, Workplace Application.
򐂰 Description: An optional description of the application.
򐂰 Starting point: The most powerful parameter on this page. It enables you to
base an application on a previous template. In this example, we used the
Team Project template. This not only saves a lot of work, because we do not
have to start from the very beginning, but also allows applications to be built
on each other to create new applications.
Chapter 3. Features and functionality
79
Figure 3-37 A New Workplace Template
The new Widget Sales template is then created and opened, and the window
shown in Figure 3-38 opens. Down the left side are four Template tabs, which
enable you to configure the template.
Template tabs
We now describe the four main Template tabs in detail.
Properties
The first tab is Properties. This is the information that was entered when the
template was created. In this case, there is nothing to change.
Figure 3-38 Template properties
80
IBM Workplace Services Express
Pages and Layouts
The next tab is Pages and Layouts, which has an interface you might be familiar
with from the Administration area of WebSphere Portal and Lotus Workplace
2.0.1. Here, we can add new pages, change the order of pages, and set the
security of pages, as well as other features, as shown in Figure 3-39.
Figure 3-39 Template Pages and Layouts
We can also examine each page and place the portlets or components we want
on those pages. In this case, we create a new page with the supplied Domino
Application portlet.
To do this, we click the New page button to get the window shown in Figure 3-40.
Figure 3-40 Adding a new page
Chapter 3. Features and functionality
81
We fill in the title as Sales, select the This page can be added to a user’s My
Favorites list option to include the My favorites designation, and choose a page
layout with two side-by-side portlets. Click OK to save the new page to the
template. When this completes, you will be notified by a status message on the
window. Click OK to proceed.
Now, we need to add some portlets to the Sales page we just created. Click the
Edit page icon to the right of the Sales page, as shown in Figure 3-41.
Edit icon
Figure 3-41 Editing the Sales page
This opens the Page Content window, as shown in Figure 3-42.
Figure 3-42 Page Content window
Now, we need to add the new portlets. Click the Add portlets button on the left to
open a list of portlets to which we have access. In this case, the list is long, so we
do a search for the Domino Application portlet. We decide to add this portlet on
the left. Figure 3-43 on page 83 and Figure 3-44 on page 84 show these steps.
82
IBM Workplace Services Express
Figure 3-43 Locating the portlets to add to our page
Note: Many portlets are not appropriate for addition to templates, such as
portlets used in Portal Administration UI.
Chapter 3. Features and functionality
83
Figure 3-44 Completed search for portlets with Domino in the title
After clicking OK, we repeat the process to find and add the Instant Contacts
portlet on the right. Then, our new portal page is arranged, as shown in
Figure 3-45 on page 85.
84
IBM Workplace Services Express
Figure 3-45 The portlets are added
Click Done to return to the Pages and Layout window, where we can do some
final layout work. Notice that all the components we would get as part of the
Team Project template are visible. The ITSO Widget Corp. business function
does not require the Schedule or the Chat Room pages, so we remove them by
clicking the Trashcan icon next to those pages. In addition, the business wants
the new Sales page to be the second one in the application, so we click the up
arrow icon next to it until it is in the desired position. Figure 3-46 on page 86
shows the end result.
Chapter 3. Features and functionality
85
Figure 3-46 The new page layout
There are two additional subtabs in addition to Content for Pages and Layout:
Page Appearance and Page Locks. In the Appearance tab, we can change the
page appearance for particular portlets by modifying their skins, as shown in
Figure 3-47. In this example, we do not change the theme. Refer to 5.1, “Themes
and skins overview” on page 188 for more information.
Figure 3-47 Pages and Layout: Page Appearance
86
IBM Workplace Services Express
In the Locks tab, we can lock or unlock content in particular portlets, as shown in
Figure 3-48. Note that using locks will restrict the areas where the dragging and
dropping of portlets will be enabled.
Figure 3-48 Pages and Layout: Page Locks
Chapter 3. Features and functionality
87
Parameters
After setting up the template pages with the required components and layout, we
select the Parameters tab, as shown in Figure 3-49.
Figure 3-49 The Parameters tab
Each component of a Workplace Services Express application can expose
parameters. This enables a business user to customize or further refine the
application to suit a particular business need. It is up to component developers to
decide which application components are allowed to be changed by exposing
them.
Notice in Figure 3-49 that the only configurable parameters for our Widget
application happen to be in the Workplace Services Express application and the
Domino Application portlet. We would like to allow modification of the Description
field. To do so, we simply click the Description link and make the appropriate
changes. In this case, we select the Allow property to be edited option, as
shown in Figure 3-50 on page 89.
88
IBM Workplace Services Express
Figure 3-50 Customizing a parameter
After clicking OK, we see that the parameters have been changed, as shown in
Figure 3-51.
Figure 3-51 The new parameter values
With this method, the business user has the ability to customize an application to
suit different needs without the need to change any underlying code. When
developing components intended to be used with templates, this should always
Chapter 3. Features and functionality
89
be a consideration. In addition to the description parameters, you should set the
Domino Application portlet parameters for the Domino server host and Domino
Database path, as shown in the Figure 3-52.
Figure 3-52 Domino Portlet parameters
If you want to restrict the number of parameters displayed to the user at
application creation time, clear the Allow property to be edited option, as
shown in Figure 3-50 on page 89.
Roles
Click the Roles tab. Figure 3-53 shows the initial window.
Figure 3-53 The Roles tab
Roles enable an application designer to add specific access levels to an
application. In our Widget Corp. example, we want to add a role called Task
Manager. Persons assigned to that role will be able to manage all tasks within
90
IBM Workplace Services Express
this application. We click the New button to create the new Task Manager role, as
shown in Figure 3-54.
Figure 3-54 Creating a new role
We click the drop-down list next to FAQs and change the access from Reader to
Manager. This way, we give members of this role manager or administration
access over all FAQs so that they can be created, edited, or deleted as
appropriate. Click OK to see that our new role has been added to the list.
Note that in Workplace Services Express Version 2.5 or later, you can also show
and hide individual pages per role.
Chapter 3. Features and functionality
91
Figure 3-55 Displaying the new role
3.6.5 Deploying the template
Now that we have finished with the Template tabs, we need to deploy the
template.
Preview
At this point, it is advisable to preview the template. At the top of the page, click
the Preview button to see what the application will look like when it is completed.
Figure 3-56 on page 93 shows a preview of our new Widget Sales template.
Tip: If you set up a portlet’s edit parameters during the preview mode, these
will be saved with the template. So, for example, you could include a Web
Page portlet pointing to your company home page inside a template.
92
IBM Workplace Services Express
Figure 3-56 A preview of the Widget Sales template
Notice the differences from the original Team Space Project template. Our
customizations for removing Schedule and Chat Room pages, and adding the
Sales page, have taken effect. Figure 3-57 on page 94 shows the new Sales
page we created, complete with the Domino Application and Contacts portlets.
You will be prompted to provide the credentials for the Domino server before the
database is opened, and you will need to allow the applets to be downloaded to
the browser.
Chapter 3. Features and functionality
93
Figure 3-57 Preview of the new Sales page
After previewing the template, click the Done Previewing button in the
upper-right area of the page, followed by the Save and Close button. This
returns us to the list of templates, which now includes our new template.
94
IBM Workplace Services Express
Figure 3-58 The Template Library with our new template added
Note: For setting template access, see 3.6.6, “Editing an existing template” on
page 101.
Deploying the template as an application
Now that our template has been defined, it can be deployed as a real application.
Return to My Workplace, and then to the Team Spaces → Applications page.
Remember that we set the template category to Application; this causes it to be
listed as a new application here. Click the New button to display the Application
page, where we see that Widget Sales is displayed as one of the templates.
Chapter 3. Features and functionality
95
Figure 3-59 Creating an application from our template
In this example, we create an application for the North region, fill in the fields
appropriately, and click OK.
After clicking OK here, our application is complete for the Northeast sales region.
We would go through a similar process to create applications for additional
regions, and the resulting Applications page might look similar to that in
Figure 3-60 on page 97. To use an application, we simply click its name.
96
IBM Workplace Services Express
Figure 3-60 Our completed Sales Territory applications
Editing the application
When using their new applications, the ITSO Widget Corp. users might decide
that they want certain application components changed. For example, in the
North region, the Sales Manager thinks it might be more useful not to have the
Instant Contacts portlet on the Sales page so that the Sales information can use
that part of the page to display information related to sales. To achieve this, we
click the Actions link and then the Edit button at the top of the page, as shown in
Figure 3-61, which launches the Templates application into edit mode for the
current application.
Figure 3-61 Actions: Edit link
Chapter 3. Features and functionality
97
When the application is in edit mode, the tab layout should be familiar, because it
is very similar to that used for creating a new template, as shown in Figure 3-62
on page 98.
Figure 3-62 The application editor
Now, we want to make the change: remove the Instant Contact portlet. To do this,
we go to the Pages and Layouts tab and then click the Pencil icon next to the
Sales page to remove the portlet from the page. Click Done and then click Done
in the editor to return to the Sales page of the Widget Sales Northeast
application, where the change is immediately available to application users, as
shown in Figure 3-63 on page 99.
98
IBM Workplace Services Express
Figure 3-63 Our edited application with the Instant Contacts portlet removed
Reusing an application to create new applications
Suppose that the Widget Corp. North application is so popular with users that
management wants to standardize it. Similar to using a template, it is possible to
use applications as the basis for creating new applications.
To do this, edit the existing application and export it as a new template. For
example, in Figure 3-64 on page 100, we see the result of clicking the Edit button
on the Widget Sales North application, which opens the Properties tab of
Templates.
Chapter 3. Features and functionality
99
Figure 3-64 Creating a new template from an application
Click the Export as a New Template button opens the Export page, as shown in
Figure 3-65, which prompts for name, category, description, and theme (you can
also assign ownership of the new template to someone else). After you click OK,
the new template is created and will appear in the Template Library list.
Figure 3-65 Filling out the new template properties
100
IBM Workplace Services Express
3.6.6 Editing an existing template
From the Workplace Services Express Template Library, we can also modify an
existing template. To do this, click one or more of the icons to the right of a
particular template in the list. By default, the supplied templates with Workplace
Services Express are locked by the administration account. This lock can be
overridden by the administrator (or template owner) by clicking the Unlock icon
on the right side of the template name. Now that the template is unlocked, you
can modify the page layout of the template.
Viewing and editing a template
To customize a template or view details about it, click the template name. This
launches the Template Editor, which provides tools for you to customize a
template.
Setting template roles
As you customize a template, you need to decide who can create applications
based on this template and who can modify all or parts of the template. Template
roles refine the access granted through the Workplace user policy. Click the Key
icon to set the template roles, as shown in Figure 3-66.
Figure 3-66 Template Roles page
Change Owner
Click the Change Owner button to open a Directory Search window that enables
you to choose a name from the directory to become the new template owner.
Chapter 3. Features and functionality
101
Template roles
Click either the Template Editors link or the Template Users link to open a list
of names assigned to each. In Figure 3-67, we clicked Template Users to see the
list of names authorized to create new applications from this template.
Figure 3-67 Template Users
Click the Add button to open the Directory Search window. We can then search
for additional users in the directory and add them. Click OK in the Directory
window and Done in the Template Users page to add a user to the list of
template users.
102
IBM Workplace Services Express
Figure 3-68 Searching for and adding users
Close Template Roles
Click the Close Template Roles button to return to the Template Library.
Exporting a template
After you customize a template, you can export it as an XML file. Click the Export
icon to the right of the template listing to open a File Download window, where
you can pick a file name and path to save the file to a local disk. After a template
is saved as an XML file, it will be available for use by others (that is, for importing
into another Workplace Services Express or Workplace Collaboration Services
server).
Deleting a template
Deleting a template permanently removes it from the template list. You must be
the template owner or a Workplace Services Express administrator to delete a
template. Click the Delete icon to the right of the template listing to delete and
confirm this action.
Tip: For more information about building components for IBM Workplace, see
Building a Component for IBM Workplace, REDP-3952, available at:
http://www.redbooks.ibm.com/abstracts/redp3952.html
Chapter 3. Features and functionality
103
3.7 Lists
This section describes the lists that are provided with IBM Workplace Services
Express and how you can customize them and create new ones. Lists are
prebuilt mini-applications that provide forms for data entry and views for providing
a list of the data entered. The lists are important to Workplace Services Express
because they enable users to customize them without any programming
knowledge. Workplace Services Express provides, out-of-the-box, 17 predefined
lists and a skeleton list, which is the starting point for creating and customizing
new ones. The 18 lists available are:
򐂰 Agenda
򐂰 Announcements
򐂰 Attendance
򐂰 Contacts
򐂰 Custom
򐂰 Directions
򐂰 Employee Directory
򐂰 FAQs
򐂰 Invitations and RSVPs
򐂰 Issues
򐂰 Links
򐂰 Milestones
򐂰 Minutes
򐂰 Prospects
򐂰 Sales Tracking
򐂰 Sign Up Sheet
򐂰 Survey
򐂰 Vacations
The guidelines for list applications are to be used for lists of data up to a
maximum of 100 entries. Lists can be deployed by two methods within Workplace
Services Express, either through the palette or through an application template.
If you deploy a list from the palette, you need to edit the configuration properties
to active the deployed portlet. When a list is added to a template and a new
application is created from the template, the list does not require any additional
configuration. The deployed application would provide access through the
membership component and not through the access component of each list.
104
IBM Workplace Services Express
Lists have the following customization components when deployed to a page
within Workplace Services Express:
򐂰 Properties: On this tab, you can change the title, description, and the icon
associated with the list.
򐂰 Fields: This is where all the fields defined for the list form have been defined.
You can add and delete fields or change the layout by moving the fields
around using the move buttons or through drag and drop. You can assign the
field to be listed as the subject field when a search returns the values.
򐂰 Views: This lists all the defined views that have been created in the list
application. There are options to create and delete views, plus setting the
default view for the users. This tab shows which views are private and the
view type.
򐂰 Access: This lists the access roles available within the list and enables you to
add users to the defined roles.
The actions that a user can and cannot perform depend on that user’s access
level. A user has one of the following access levels defined with the list:
򐂰 Reader
򐂰 Author
򐂰 Editor
򐂰 Manager
These access levels enable the users to do the actions shown in Table 3-1.
Table 3-1 Actions available for each of the access levels in lists
Actions
Reader
Author
Editor
View any list
X
X
X
Show/hide
search
X
X
X
Show/hide
filters
X
X
X
Create new list
X
X
Edit own list
X
X
Edit any list
Delete own list
Delete any list
Manager
X
X
X
X
Chapter 3. Features and functionality
105
Actions
Reader
Author
Editor
Manager
Customize
properties
Customize
fields
X
Customize
shared views
X
Customize
private views
X
X
X
In the following section, we go through the process of customizing a number of
lists and also create a new list based on the custom list provided.
Tip: For additional information about lists, see “Introduction and guide to Lists
portlets in IBM Workplace Services Express 2.0,” available at:
http://www.ibm.com/developerworks/lotus/library/wse-lists/
3.7.1 Customizing a list
List applications are fully customizable by the user when they are deployed to a
Workplace Services Express page. You can do the following general
customizations with lists:
򐂰 Add and delete views
򐂰 Add, delete, and reorganize fields on the form
򐂰 Implementing sorting/filtering
򐂰 Create a list from scratch using the custom list
Table 3-2 lists the available fields to add to a list application form.
Table 3-2 Fields available to add to a list application form
Field
Description
Example of use
Plain-text, single-line
Single line of plain text
Project name
Plain-text, multiple-line
Multiple lines of plain text
Project description
Rich-text, multiple-line
Multiple lines of rich text
Table of information
Input Fields
106
IBM Workplace Services Express
Field
Description
Example of use
On-and-off control
Enables use of on/off
control
Active or inactive project
Single-item selection
Enables the creation of a
list of items where a single
value can be selected
Project phases
Multiple-item selection
Enables the creation of a
list of items where multiple
values can be selected
Project teams
Date
Enables the user to enter a
date, or select from a
pop-up calendar
Project start date
Time
Enables the user to enter a
time or select from a time
selector pop-up window
Meeting start time
URL
Adds a URL to a document
Company home page
Name
Displays an input field and
a pop-up name selector,
from which a name can be
selected
Project Manager
Field attachment
Displays an area for
uploading a file attachment
Project plan
Item author
Displays the name of the
person creating the items
Entry author
Creation date
Displays the date that the
item was created
Creation date
Modification date
Displays the date that the
item was last modified
Modification date
Rich text
Displays rich text and
graphics
Add company logo
Section header
Displays a section header,
with or without a section
name
Add category name
Computed Fields
Design Fields
Chapter 3. Features and functionality
107
The filtering function within lists enables you to define criteria to display the
relevant information contained within your list. This feature enables you to pick a
field from the current view and select a value from a drop-down list. For example,
you could select the field Project with a value of ACME to display the data that
has the value of ACME in the Project field. To show the filters for a list, click
Actions → Show Filters, as shown in Figure 3-69.
Figure 3-69 Selecting the Show Filters action
When you select Show Filters, the options appear at the top of the view to
enable you to select the filter options, as shown in Figure 3-70 on page 109.
108
IBM Workplace Services Express
Figure 3-70 Filter options for a customized list
If you select the Project field value to be ACME, it will refresh the view and
display only the entries with ACME as the project, as shown in Figure 3-71.
Figure 3-71 Example of using a filter
In the following steps, we walk through the customization of Minutes,
Announcements, and Survey lists. With these three examples, you can see the
features of list customizations.
Deploying the Lists portlet
To deploy the Lists portlet, complete the following steps:
1. Ensure that Workplace Services Express is started.
2. Open a browser and log in to Workplace Services Express.
Chapter 3. Features and functionality
109
3. In these examples, we add the lists to a new page called Lists that will be
created at the top level of the navigation. To create a new page, complete the
following steps:
a. Go to Workplace Administration by clicking the Administration link on the
top right of the explorer page.
b. From the navigator on the left, click Portal User Interface, and then
Manage Pages.
c. Click My Portal page. This creates your new page under the main portal.
d. Create the new page under the My Portal by selecting New Page, as
shown in Figure 3-72.
Figure 3-72 Create a new page
e. Enter Lists in the Title field, as shown in Figure 3-73 on page 111.
110
IBM Workplace Services Express
Figure 3-73 New page: Title
f. Click OK twice.
4. Navigate to the newly created page and add some lists by clicking the My
Workplace link and then Lists, as shown in Figure 3-74.
Figure 3-74 Lists tab on My Workplace
5. Open the Portlet palette by clicking the palette slider on the far right.
6. Locate the Minutes portlet in the Lists categories, as shown in Figure 3-75 on
page 112.
Chapter 3. Features and functionality
111
Figure 3-75 Portlet palette
7. Drag the portlet on to the page. See Figure 3-76.
Figure 3-76 Minutes portlet on page ready for configuration
Tip: Look for the orange bar to appear so that you in a valid location to
deploy the Lists portlet.
8. Repeat steps 5 on page 111 to 7, this time with the Announcements portlet.
9. Repeat steps 5 on page 111 to 7, this time with the Survey portlet.
10.Repeat steps 5 on page 111 to 7, this time with the Custom portlet.
112
IBM Workplace Services Express
Customizing the Minutes list portlet
To customize the Minutes list portlet, complete the following steps:
1. Click the Edit portlet icon in the Minutes list portlet, as shown in Figure 3-77.
Edit button
Figure 3-77 Portlet buttons
2. Go to the Fields tab.
3. Click New Field, as shown in Figure 3-78.
Figure 3-78 Fields tab for the Minutes portlet
4. For the Input Fields type, select Plain-text, single-line, as shown in
Figure 3-79 on page 114. Click Next.
Chapter 3. Features and functionality
113
Figure 3-79 Field type selection window
5. Change the following values, as shown in Figure 3-80 on page 115:
– Field name: Project.
– Label: Project.
– Default value: General.
– Size: 60.
– Select the This field is required to have a value option.
Click Finish.
114
IBM Workplace Services Express
Figure 3-80 Field values for Project
6. Add a second field to the Minutes portlet:
a. From the Fields tab, click New Field.
b. Select File attachment as the Input Fields type, as shown in Figure 3-81.
Click Next.
Figure 3-81 File attachment option
7. Enter the following properties for the File attachment, also shown in
Figure 3-82 on page 116:
a. Field name: file
b. Label: Attachment
Click Finish.
Chapter 3. Features and functionality
115
Figure 3-82 Attachment field values
8. Add a new view to the Minutes portlet:
a. Go to the Views tab. (Notice that the default view is named All items, as
shown in Figure 3-83.)
b. Click New.
Figure 3-83 Views tab and the New button highlighted
c. Enter Projects for the View name, and accept all other defaults, as shown
in Figure 3-84 on page 117.
d. Click Next.
116
IBM Workplace Services Express
Figure 3-84 View configuration
e. On the View Definition window, use the arrows to reorder the columns so
that the Project field you created earlier is the first one to appear in this
view, as shown in Figure 3-85.
Figure 3-85 View Definition
Chapter 3. Features and functionality
117
Tip: You can also use the drag-and-drop action to move the fields
around in the View Definition. Remember that you must see an orange
horizontal bar before releasing the field.
f. Click Finish.
9. Make the Project view the default view for the Minutes portlet:
a. Use the arrows under the Order column to move the Project view ahead of
the All Items view so that it matches the order shown in Figure 3-86.
Figure 3-86 Project view is now the default view
b. Click Done.
10.Add some minutes to the Lists portlet to view the results of your changes:
a. From the Minutes list portlet, click New.
b. Fill in some details. Figure 3-87 on page 119 shows a sample. You can
select any file on your system as an attachment. Click OK when you are
done. You can repeat this step to add more minutes if wanted.
118
IBM Workplace Services Express
Figure 3-87 Example Minutes item
c. You will see the results in the Project view you previously created, as
shown in Figure 3-88. Notice that Project is in the first column, as you
specified when you created the view.
Figure 3-88 Project view showing the Minutes created
Customizing the Announcements list portlet
In this section, we describe how to customize the Announcements portlet.
Complete the following steps:
1. Click the Edit portlet icon in the Announcements list portlet.
2. Because we will not make any changes to the default settings of the
Announcements portlet, we click Done to finish the configuration, as shown in
Figure 3-89 on page 120.
Chapter 3. Features and functionality
119
Figure 3-89 Configuring the Announcements portlet
3. Add a new announcement:
a. Click New.
b. Add an announcement and enter some data, as shown in Figure 3-90 on
page 121.
120
IBM Workplace Services Express
Figure 3-90 Example form for Announcements portlet
c. Click OK when you are done.
Your announcement will now appear in the list.
Customizing the Survey list portlet
In this section, we describe what you can achieve using the bar and chart views
of a Lists portlet and how to use the Survey portlet. Complete the following steps:
1. Configure the Question field in the Survey portlet:
a. Click the Edit portlet icon in the Survey portlet.
b. Go to the Fields tab.
c. Click Question to modify this field, as shown in Figure 3-91 on page 122.
Chapter 3. Features and functionality
121
Figure 3-91 Configuring the Survey list
d. Change the fields to the following values, as shown in Figure 3-92 on
page 123:
122
•
Label: How often should we hold department meetings?
•
Choices: Weekly, Bi-Monthly, Monthly, Quarterly, Never. (Make
sure that these are entered one per line.)
•
Default choice: Weekly.
•
User interface: Display choices as radio buttons.
IBM Workplace Services Express
Figure 3-92 Example Question configuration in the Survey portlet
e. Click Finish.
2. Configure the view:
a. Go to the View tab.
b. The default view is a Pie Chart. This is satisfactory for our purposes, so we
click Done to conclude the configuration of the Survey portlet.
Chapter 3. Features and functionality
123
Figure 3-93 Views in the Survey portlet
3. Create some survey responses using the following steps:
a. In the Survey portlet, click New.
b. Vote for an option. Figure 3-94 shows as example.
c. Click OK.
Figure 3-94 Example survey form
d. Repeat steps 3a-c so that the pie chart is populated with some interesting
data.
Notice that you can hover over the chart to obtain detailed information.
124
IBM Workplace Services Express
Figure 3-95 Example Pie Chart
e. You can also change the view to Bar Chart with the pull-down menu on
the upper right. Figure 3-96 shows a bar chart.
Figure 3-96 Example Bar Chart showing the hover over text
Creating a list from the Custom list portlet
In this section, we create a custom list from the beginning that will be used to list
projects and related information. The custom list was deployed in step 10 on
page 112 ready to be configured. Complete the following steps:
1. Click the Edit portlet icon in the Minutes list portlet, as shown in Figure 3-97.
Edit button
Figure 3-97 Portlet buttons
Chapter 3. Features and functionality
125
2. On the Properties tab, enter the following information, as shown in
Figure 3-98:
– Title: Projects
– Description: Projects List
Figure 3-98 Properties tab of the Custom portlet
3. Click the Fields tab.
4. Click New Field, as shown in Figure 3-99 on page 127.
126
IBM Workplace Services Express
Figure 3-99 Fields tab of the Projects list
5. For the Input Fields type, select Plain-text, single-line, as shown in
Figure 3-100 on page 128. Click Next.
Chapter 3. Features and functionality
127
Figure 3-100 Field type selection window
6. Change the following values, as shown in Figure 3-101 on page 129:
– Field name: Project.
– Label: Project.
– Default value: General.
– Size: 60.
– Select the This field is required to have a value option.
Click Finish.
128
IBM Workplace Services Express
Figure 3-101 The new Project
7. Using the following steps, add these additional fields: Project Manager, Start
Date, End Date, Project Description, and Project Plan:
a. Click New Field.
b. For the Input Fields type, select Name, as shown in Figure 3-102. Click
Next.
Figure 3-102 Input Fields type Name
c. Change the following values, as shown in Figure 3-103 on page 130:
•
Field name: projectmanager
•
Label: Project Manager
Click Finish.
Chapter 3. Features and functionality
129
Figure 3-103 Project Manager field
d. Click New Field.
e. For the Input Fields type, select Date, as shown in Figure 3-104. Click
Next.
Figure 3-104 Input type Date
f. Change the following values, as shown in Figure 3-105 on page 131:
•
Field name: startdate.
•
Label: Project Start Date.
•
Default value: Leave field blank.
•
Select the This field is required to have a value option.
Click Finish.
130
IBM Workplace Services Express
Figure 3-105 Input values for Start Date
g. Click New Field.
h. For Input Fields type, select Date. Click Next.
i. Change the following value:
•
Field name: enddate.
•
Label: Project End Date.
•
Default value: Leave field blank.
•
Select the This field is required to have a value option.
Click Finish.
j. Click New Field.
k. For the Input Fields type, select Plain-text, multiple-line, as shown in
Figure 3-106. Click Next.
Figure 3-106 Plain-text, multiple-line option
l. Change the following values, as shown in Figure 3-107 on page 132:
•
Field name: projectdesc.
•
Label: Project Description.
•
Default value: Leave blank.
•
Select the This field is required to have a value option.
Chapter 3. Features and functionality
131
Click Finish.
Figure 3-107 Input values for Project Description field
m. Click New Field.
n. For the Input Fields type, select File attachment. Click Next.
o. Change the following values, as shown in Figure 3-107:
•
Field name: projectplan
•
Label: Project Plan
Click Finish.
Figure 3-108 Input values for the Project Plan field
132
IBM Workplace Services Express
8. Now, delete the Name field from the form by clicking the Delete icon, as
shown in Figure 3-109.
Name
Delete
icon
Figure 3-109 Form fields for the Project list, deleting the Name field
9. Go to the Views tab.
10.Click the All Items view to edit it.
11.Add columns for the Project, Project Manager, Project Start Date, Project End
Date, and Project Description fields, by clicking the Add Column button, as
shown in Figure 3-110.
Figure 3-110 Add Column to a view
12.On completion, your View Definition will look similar to the one shown in
Figure 3-111 on page 134. Click Finish.
Chapter 3. Features and functionality
133
Figure 3-111 View Definition
13.Create some project entries using the following steps:
a. In the Projects portlet, click New.
b. Enter a Project Name.
c. Click the Search icon on the Project Manager field, as shown in
Figure 3-112.
Search
Figure 3-112 Project Manager Search icon
d. In the Directory Search window, enter the first character of the project
manager’s name and click the Search button, as shown in Figure 3-113.
Figure 3-113 Search Directory window
134
IBM Workplace Services Express
e. Select the user, click Add, and then click OK.
f. Select the Start Date and End Date for the project.
g. Enter a Project Description.
h. Attach a Project Plan if there is one available.
See Figure 3-114 for example.
i. Click OK.
Figure 3-114 Completed Project Description form
Note: A full editor for creating new Lists portlets (that is, form portlets) is
available Workplace Services Express Version 2.5 and later as part of the
Template Builder feature.
3.7.2 Communicating with Click-to-Action
Some Workplace Services Express portlets take advantage of the WebSphere
Portal communication feature called Click-to-Action. When two Workplace
Services Express portlets with complimentary Click-to-Action capabilities appear
together on a portal page, the Click-to-Action mechanisms will automatically add
an icon plus a pop-up menu to permit the user to initiate an action. In addition,
third-party portlets can be adapted to participate in Click-to-Action and
communicate with those Workplace Services Express portlets.
Chapter 3. Features and functionality
135
Click-to-Action is a framework that facilitates the exchange of compatible data
between portlets. A portlet that sends data to others is a source, and the portlet
developer identifies the candidate data by using special tags in the portlet JSP™
pages where the data gets displayed. A portlet that receives data is a consumer.
The portlet developer uses a Web Services Description Language (WSDL) file to
declare the actions which are available to be invoked, plus a special
Click-to-Action wrapper portlet that makes the actions visible to the
Click-to-Action machinery. A given portlet can be both a producer for some kinds
of data and a consumer of others; furthermore, consumers can specify output
parameters for their actions that automatically trigger any compatible actions,
permitting chaining of actions.
Tip: Full documentation of Click-to-Action and adapting portlets for its use is
available in the WebSphere Portal Information Center:
http://publib.boulder.ibm.com/pvc/wp/500/ent/en/InfoCenter/index.html
In Workplace Services Express, Lists portlets can be sources of Click-to-Action
data. Third-party portlets that are adapted as consumers of the same type will be
able to accept data through Click-to-Action when co-located on a page with these
Workplace Services Express sources. The Lists portlets include the option to
configure the Click-to-Action namespace and type within the field definitions. The
procedures for adapting a portlet to be a Click-to-Action consumer are more
involved than making a portal a source. Providing the full details is outside the
scope of this document, but, in brief, the process includes:
1. Exposing one or more public methods that each take a single parameter of
one of the target types output by Workplace, such as String
2. Packaging a WSDL file with the portlet deployment that describes each
method and its bindings
3. Modifying Web.xml and portlet.xml to nest the original portlet inside a
Click-to-Action wrapper portlet and to expose each method to the
Click-to-Action broker mechanisms
3.7.3 Cooperative portlets
Cooperative portlets subscribe to a model for declaring, publishing, and sharing
information with each other using the WebSphere Portal property broker. Portlets
subscribe to the broker by publishing typed data items, or properties, that they
can share, either as a provider or as a recipient. Through the property broker,
portlets can exchange information, or properties, with each other. Such portlets
are called cooperative portlets. Cooperative portlets can react to changes to
other cooperative portlets on the page, resulting in a simultaneous update to
multiple portlets with minimal user intervention.
136
IBM Workplace Services Express
Tip: For a complete description of cooperative portlets, refer to:
򐂰 IBM WebSphere Portal Information Center, available at:
http://publib.boulder.ibm.com/pvc/wp/500/ent/en/InfoCenter/index.html
򐂰 IBM WebSphere Portal V5: A Guide for Portlet Application Development,
SG24-6076, available at:
http://www.redbooks.ibm.com/abstracts/sg246076.html
At runtime, the property broker matches the data type of output properties from a
source portlet with the data type of input properties from one or more target
portlets. If a match is determined, the portlets are capable of sharing the
property. The actual transfer of the property can be initiated by one of the
following methods:
򐂰 A user launches a Click-to-Action event from an icon on the source portlet.
The icon presents a pop-up menu containing the list of targets for the action.
After the user selects a specific target, the property broker delivers the data to
the target in the form of the corresponding portlet action. Using the
Click-to-Action delivery method, users can transfer data with a simple click
from a source portlet to one or more target portlets, causing the target to react
to the action and display a new view with the results.
򐂰 The user can also broadcast the property to all portlets on the page that have
declared an action associated with a matching input property.
Chapter 3. Features and functionality
137
138
IBM Workplace Services Express
4
Chapter 4.
Document management
Document management is often confused with document publishing. Document
management is used to administer documents and share them between people,
while document publishing is used to publish information (specifically on the
Web). Workplace Services Express includes a document management
functionality and not document publishing.
This chapter describes the document management functionality the Redbook
team found “out of the box” in IBM Workplace Services Express. We looked
deeply into all main document tasks, such as security, locking, editing, viewing,
and versioning.
IBM Workplace Services Express document management includes Microsoft
Office suite integration and Microsoft Windows desktop integration. However,
remember that it is up to you to choose between Office applications or the built-in
productivity tools (also referred to as internal editors) that Workplace Services
Express provides.
Note: At the time this chapter was written, Workplace Services Express
Version 2.0 was shipping and used by us to create this content. If you are
working with Version 2.5, be sure to check the Workplace Services Express
Library for the most up-to-date information:
http://www.lotus.com/products/product5.nsf/wdocs/workplaceservicesexpress
library
© Copyright IBM Corp. 2005. All rights reserved.
139
4.1 Document libraries
Document libraries are the collection containers for your documents and allow
you to organize your content with folders and customized views.
Document libraries are enabled with convenient features for managing
documents in a team environment. You can create document libraries that are
complete and ready to use immediately after installing Workplace Services
Express.
Depending on your access rights, you can create, read, edit, or delete
documents, as well as create, edit, and delete folders. If versioning is active, you
can save your document under a unique version number, which provides a linear
history of your document's changes. Document libraries also provide a locking
feature, which locks a document while it is being modified to avoid edit conflicts.
Setting up documents management
There are three different places where you can manage your document library,
depending on which features you want to use: the Document Library portlet, the
Document Manager portlet, or the Content Administration portlet.
The first place is the Document Library portlet, as shown in Figure 4-1. Using it,
you can:
򐂰 Create a new library
򐂰 Add a library to your favorites
򐂰 Search the whole library set
To create a new library, click New and insert library the title and comments.
Figure 4-1 Document Library list
140
IBM Workplace Services Express
If you click the library name, you will access the Document Manager portlet, the
second place where you can manage document libraries. The Document
Management portlet is just a library interface; you can have multiple Document
Management portlets pointing to different document libraries.
To configure it, click the Wrench icon and you will access the configuration
parameters shown in Table 4-1.
Table 4-1 Document Library parameters
Field
Meaning
Document Library
This is the document library name this portlet will
access. Here, you can select which document
library will be shown through the Document
Manager portlet.
Indicator for new documents
Turning it on, documents and folders that have
changed within the selected number of days are
followed by the word New. The new document
indicator feature is turned off by default.
򐂰 On: Select this option to turn on the new
document indicator.
򐂰 Off: Select this option to turn off the new
document indicator.
The number of days can be modified by accessing
the edit option in the Document Manager portlet.
Conversions
Conversions are enabled by default.
򐂰 Enable document conversions: Select this
option to allow document conversions.
򐂰 Disable document conversions: select this
option to disable document conversions.
For more information about conversions, refer to
4.6, “Document conversion” on page 184.
Editors
Editors are enabled by default. If you disable
editors, they will not be available in this Document
Manager portlet. If you want to turn off a particular
productivity editor, go to the edit mode option.
Chapter 4. Document management
141
142
Field
Meaning
Plugin
Plugin is enabled by default. By disabling the
browser plug-in, users will be able to work in
Document Manager, but they will only be able to
create and edit documents using the Portal editors.
Users will still be able to import other document
types with the browser plug-in disabled.
Disabling the plug-in also limits the options for
users who want to install Document Manager
Desktop Components. That is, users will only see
the Download option on the installation page, and
the Install now option will not be available. The
Download option requires users to manually install
and configure Desktop Components.
Folder Tree
Folder Tree is enabled by default. You can
configure whether users will have the option to
change the way folders are displayed. With the
folder tree enabled, users will have the option to
display the document library folder hierarchy
vertically, starting at the document library root
folder. With the folder tree disabled, users will only
be able to display the table view, which lists the
contents of the current document library without
the tree hierarchy view.
Active Content Filtering
Active Content Filtering is intended to remove
potentially harmful active content (such as
JavaScript™, Java, and ActiveX®) from HTML
prior to displaying it in a browser. Users see the
following message when content is filtered:
“Document has been modified for viewing in PDM.
Any potentially harmful content has been
removed.” Active Content Filtering is disabled by
default.
Tools Button
The Tools button provides users the ability to install
Document Manager Desktop Components on their
computer. By hiding the Tools button, users will not
see the Tools button on the Document Manager
main page. If you hide the Tools button, users will
not have the ability to install Desktop Components.
The Tools button is enabled by default.
Default Folder
This is the default folder that will be selected every
time you access the Document Manager portlet.
IBM Workplace Services Express
The third place to manage document libraries is the Manage Document Libraries
portlet in Administration → Portal Content → Manage Document Libraries,
as shown in Figure 4-2.
Figure 4-2 Manage Document Libraries portlet used to manage portlet library properties
Using this portlet, you can:
򐂰 Do a mass import (files, folders, or both)
򐂰 Copy a document library
򐂰 Delete a document library
򐂰 Edit a document library
򐂰 Set library access control
See Figure 4-3 on page 144.
Tip: As you can see in Figure 4-2 on page 143, the library name is complex
and unreadable. This can be modified using the Manage Document Libraries
portlet. Click the Pencil icon and change the library name. This issue is
targeted to be addressed in the next release.
Chapter 4. Document management
143
Mass
Import
Copy
Document
Library
Edit Document
Library
Figure 4-3 Zoom in on document library portlet icons
To import files or folders, click the Import icon, as shown in Figure 4-3. You have
three different choices:
򐂰 Import files located on the server machine
򐂰 Import files located on the client machine
򐂰 Import files through HTTP
144
IBM Workplace Services Express
Important: On Linux, a Java applet is used to communicate with the client file
system. This applet gives you the ability to edit files using your native editors
and also to import multiple files and directories from the client file system. In
order to run the applet, you need to have a supported Java Runtime
Environment (JRE) installed on your browser. For installation instructions on
Mozilla, visit the Mozilla Plugin Support on Linux (x86) Web site and follow the
instructions to install the Java Runtime Environment:
http://plugindoc.mozdev.org/linux.html
After the Java Runtime Environment is recognized in the browser, you should
be prompted to accept an IBM certificate when you first visit the edit document
page in Portal Document Manager portlet or administrative import pages. You
should choose to always accept this certificate for the applet to be able to read
and copy files from your local machine. After you accept the certificate, you
might need to refresh the page. The plug-in attempts to read and write the files
you are editing to the temporary directory defined in the java.io.tmpdir system
property. Users need to have authority to create directories and files in that
path (usually /tmp). Lastly, the plug-in requires that KDE be installed and that
the kfmclient be in the path. The kfmclient exec command is used to open
files with the editors registered in KDE.
If you import files through HTTP or import files located on the server machine
you can decide to run import tasks in background mode.
Note: After you click OK to start importing files, you cannot stop the process.
To access document library options, click the Pencil icon, as shown in Figure 4-3
on page 144. The window shown in Figure 4-4 on page 146 opens.
Chapter 4. Document management
145
Figure 4-4 Configure document library
Here, you can decide to enable or disable document versioning, document
workflow and document locking.
4.2 Desktop integration
Desktop integration provides you with an easy way to manage your documents
using familiar applications and view your document library resources directly
connected to your desktop operating system. You can use Microsoft Windows
Explorer to view document libraries, work with documents and folders, and
contribute content to the site.
The Desktop Components are embedded in Microsoft Word, Microsoft
PowerPoint®, and Microsoft Excel®, and can also be used with other familiar
desktop applications. You can view, add, and edit documents directly in the
application, and when you save your changes to a specified folder, the
documents will be automatically uploaded to the site.
Installing the Desktop Components creates a view in Windows Explorer that
enables you to see and work with Document Manager content from your
146
IBM Workplace Services Express
computer. A view of Document Manager, the document libraries that you add,
and all the contained documents and folders will appear under My Computer in
Windows Explorer.
4.2.1 Desktop Components installation
To install the Desktop Components, complete the following steps:
1. Access your library clicking the corresponding link, as shown in Figure 4-5.
Figure 4-5 Document Libraries
Note: You might receive a Security Warning for IBM PDM. If you do, click
Yes to trust the content.
2. Click Tools → Install Desktop Components, as shown in Figure 4-6 on
page 148.
Chapter 4. Document management
147
Figure 4-6 Install Desktop Components
3. Select Install Now if you want to install it immediately, as shown in
Figure 4-7. You can also download the plug-in and install it later.
Figure 4-7 Install now or later
4. Click OK in Document Manager for the temporary download location.
5. Follow the instructions of the InstallShield Wizard to install the component.
Click Next at the Welcome window, as shown in Figure 4-8 on page 149, and
then accept the license agreement, as shown in Figure 4-9 on page 149.
148
IBM Workplace Services Express
Figure 4-8 Desktop Components installation
Figure 4-9 Desktop Components installation: License agreement
6. Choose the installation folder, as shown in Figure 4-10 on page 150.
Chapter 4. Document management
149
Figure 4-10 Desktop Components installation: Installation directory
7. Click Install on the Ready to Install window, as shown in Figure 4-11.
Figure 4-11 Desktop Components installation: Ready to Install
8. When the installation finishes, click Finish, and an additional InstallShield
opens to complete the installation.
9. Enter the password for the specified user ID and click Next, as shown in
Figure 4-12 on page 151. If you want, you can save the password and change
the name that Windows Explorer will display for this resource.
150
IBM Workplace Services Express
Figure 4-12 Desktop Components installation: Components setup
10.In the window shown in Figure 4-13 on page 152, you can change the local
directory path, where documents will be temporarily stored on your computer
for the selected library. If you select the Save documents to server as
private drafts option, you will be able to keep private drafts of the documents
before publishing them.
Important: The Document Manager Upload Monitor detects your changes
in this folder, and all documents modified in this folder will be automatically
uploaded to the Document Manager server. In order for your document to
be uploaded to the server, you will need to save your documents to this
folder when you use desktop applications other than Microsoft Word,
Microsoft Excel, and Microsoft PowerPoint.
Chapter 4. Document management
151
Figure 4-13 Desktop Components installation: Local directory
11.If the local directory does not exist on your system, you will be prompted with
a message asking to create it, as shown in Figure 4-14. Click Yes.
Figure 4-14 Desktop Components installation: Create local directory
You have successfully completed the Desktop Components installation.
4.2.2 Using the Desktop Components
After installation, open Windows Explorer and you will notice a new entry under
My Computer labeled Document Manager, as shown in Figure 4-15 on page 153.
152
IBM Workplace Services Express
Figure 4-15 Microsoft WIndows Explorer
Use this icon to access your documents directly through Windows Explorer, as
shown in Figure 4-15. The same icon appears in your Windows task bar. This is
the Document Manager Upload Monitor, which runs in the background every time
your start your computer. When you upload new or edited documents into
Document Manager using the Desktop Components, this monitor notifies you of
a successful document upload or any errors in the upload process.
To upload a file using the Desktop Components, simply do the following tasks:
1. Select the file you want to upload.
2. Drag or copy the document to the Document Manager.
Libraries can be seen and accessed from the Explorer interface but they can be
created only from the Web interface.
To create a new library, refer to “Setting up documents management” on
page 140.
Chapter 4. Document management
153
To add it to your Document Manager Desktop Component, complete the
following steps:
1. Open Windows Explorer.
2. Select the Document Manager node.
3. Right-click it and select Add Library.
Figure 4-16 Add a library using Windows Explorer
Tip: Alternatively, you can select File → Add Library from the Document
Manager window.
4. When prompted for the directory creation, click Yes.
4.2.3 Working with Microsoft Office applications
Workplace Services Express includes extensions for Microsoft Office Word,
Excel and PowerPoint.
154
IBM Workplace Services Express
These extensions supplement the Microsoft Office toolbars and menus you work
with every day, making it easy to edit, view, and save the documents you create
with Microsoft Office and store them in a Workplace Services Express secure,
shared repository. This means that you can use these familiar tools to view and
edit documents in the document libraries and automatically save changes back
to the server.
Workplace Services Express also has built-in editors for rich text, spreadsheet,
and presentation files, in case you do not have editing applications already
installed.
If you use a Linux system for your desktop, Workplace Services Express also
provides built-in editors for that environment. Workplace Services Express gives
you the flexibility to choose.
The following steps show how a Microsoft Word file can be created and uploaded
to Document Manager using the Desktop Components integration instead of a
browser and the portal:
1. Open Microsoft Word and create a Word file (.doc).
2. In Word, click File → Document Manager → Add to Library, as shown in
Figure 4-17.
Figure 4-17 Save in a document library using Microsoft Office
Chapter 4. Document management
155
3. In the Add to Library window, as shown in Figure 4-18, you can specify the
following settings:
– Click the document library and location where you want to save your
document.
– Enter the File name, Title, Description, and Language.
Figure 4-18 Add Document To Library
4. Click Add to add the document to the specified library, or click Cancel to stop
the action without adding the document.
As soon as you click Add, the document is uploaded to the Document Manager
server. An “Upload successful” message is shown near the Document Manager
Upload Monitor icon in the Windows task bar. To review the status of the current
upload and other recent uploads, double-click the Monitor icon in the taskbar to
open the Document Manager Upload Monitor window.
In the same way, you can load files from your library directly into your Microsoft
Office application using File → Document Manager → Open from Library, as
shown in Figure 4-19 on page 157.
156
IBM Workplace Services Express
Figure 4-19 Load a document from a library
4.3 Document Manager tasks
Document Manager is the interface that is provided after a document library is
created. Users can perform a broad range of document management tasks with
Document Manager.
4.3.1 Documents editing
Three productivity tools or editors are provisioned with Workplace Services
Express: the word processor, spreadsheet, and presentation editors. These
editors are derived from OpenOffice group (http://www.openoffice.org) efforts
with a number of enhancements and customizations. File compatibility in general
is good.
To access the editors, click the New button from the Document Manager portlet
and select which type of document you want to create, as shown in Figure 4-20
on page 158.
Chapter 4. Document management
157
Figure 4-20 Create a document using internal editors
This opens a page where you can fill in the document Title, File name, a
Description, and the Language, as shown in Figure 4-21 on page 159. When you
click Open File, a pop-up window opens with the editor you requested.
If you want, you can disable the internal editors (refer to Table 4-1 on page 141
for more information).
158
IBM Workplace Services Express
Figure 4-21 Document properties
Are editors a replacement for traditional office suites? Well, productivity tools are
not designed to match a stand-alone office suite such as Microsoft Office on a
feature-by-feature basis. Instead, the productivity tools are meant to be an
alternative for users who perform relatively basic document viewing and editing
tasks. In general, the productivity tools implement the 80-20 rule (Pareto’s
Principle: 20% of the features are vital to 80% of the user base, while the
remaining 80% of features are only exploited by the 20% who are considered
advanced users) when it comes to including features in the product. Certain sets
of users do not require a full office suite such as Microsoft Office. Their work
might require them to view, and in some cases create or edit, basic Microsoft
Office documents.
A test conducted by eWeek in April 2004 concluded that the majority of users
would have no trouble transitioning to OpenOffice from their current Office suite.
The only exception would be advanced users, particularly those who used the
Excel spreadsheet (“Office 2003 vs. OpenOffice.org” by Jason Brooks in eWeek,
April 26, 2004, http://www.eweek.com/article2/0,1759,1571626,00.asp).
The word processor, a mainstay of the information worker, is used to capture,
codify, and communicate textual information both internally and to external
parties. A trend that has emerged recently is the increasing use of the e-mail
client, instead of a word processing application, to compose short notes and
memos. Today’s e-mail clients possess sophisticated rich-text editing
environments, and users often opt to input the text directly into the message
Chapter 4. Document management
159
body instead of attaching a word processing document. The recent spate of virus
infections through infected document attachments might have exacerbated this
trend. On the other end of the scale, very large, complex documents are usually
laid out using specialized desktop publishing tools, such as Quark XPress or
Adobe FrameMaker. This leaves the word processing application the task of
handling the middle ground: medium-sized, multipage documents, such as
reports that require advanced formatting, graphics support, and special
elements, such as table of contents. Figure 4-22 shows the word processor
editor.
Figure 4-22 Word processor editor
Depending on your job role then, the spreadsheet might be the application in
which you spend most of your day. In addition to its obvious utility to workers who
work with numbers, such as accountants and financial analysts, spreadsheets
are often used as flat file database managers, also known as list managers.
Spreadsheets lend themselves to efficiently manipulating large quantities of both
textual and numeric data. The formulas allow for easy manipulation to facilitate
analysis. In addition, spreadsheets often contain powerful data analysis and
visualization tools. Figure 4-23 on page 161 shows the spreadsheet editor.
160
IBM Workplace Services Express
Figure 4-23 Spreadsheet editor
Of the three editors, the presentation editor is probably the least used in terms of
audience size and frequency of use. Slide decks are typically used to convey a
message such as reporting corporate performance; selling an idea, product, or
service; or delivering facts through instructional materials. Presentations to
external audiences might require additional sizzle, but most presentations to
internal audiences are plain, bulleted, text lists. Whether this is a good thing is
outside the scope of this book, but it simply highlights the fact that providing the
latest multimedia features in the presentation editor is often a wasted effort. In
fact, as we go through the list of features provided by the presentation editor, you
will realize that you probably do not use even half of its capabilities. Figure 4-24
on page 162 shows the presentation editor.
Chapter 4. Document management
161
Figure 4-24 Presentation editor
If you need a guide about how to use these tools, refer to the Help Center
provided with them. To access it, go to Help → Help Center in the spreadsheet
and presentation editors or click the ? in the word processor editor. Figure 4-25
on page 163 shows the Presentation Help Center.
162
IBM Workplace Services Express
Figure 4-25 Productivity editors HelpCenter
4.3.2 Document versioning
With the versioning feature turned on for the working document library, users can
create new versions of documents and view and retrieve documents by version.
When versioning is enabled, each version of the document is automatically
numbered, so you can retrieve old versions if needed.
Important: Versioning has to be enabled at the document library level. Refer
to “Setting up documents management” on page 140 for more information.
To create a new version of a document, open the document inside Document
Manager and select Versions, as shown in Figure 4-26 on page 164.
Chapter 4. Document management
163
Figure 4-26 Access to versions
Then create a new version. You can also add comments, as shown in
Figure 4-27.
Figure 4-27 Create New Version
Now, you can modify your document using the internal or external editors. The
original version will not be modified, and a copy of it will be automatically created.
If you want to revert to the previous version of your document:
1. Click the document name.
2. Click Versions.
3. Select the version in which you are interested.
4. Click Promote to current version. A pop-up window opens, as shown in
Figure 4-28 on page 165.
164
IBM Workplace Services Express
Figure 4-28 Warning about version control
5. Click OK and the archived version will be promoted to the current version.
Important: If you want to keep all versions of the document, be sure to include
the active document in the version control before clicking the Promote button.
If not, every change included in the active document will be lost.
The complete version history and the document status is available by clicking the
Versions link.
Figure 4-29 Version status
You can download a previous version of a document to your system. You might
use this feature to keep an extra copy of a document version outside of the
document library.
To download a document version, complete the following steps:
1. Click the document name.
2. Click Versions.
3. Click the linked version number of the document you want to download.
4. Click Download.
5. Navigate to the local directory where you want to save the document version.
6. Click Save, as shown in Figure 4-30 on page 166.
Chapter 4. Document management
165
Figure 4-30 Download a version
4.3.3 Workflow
Workplace Services Express provides many choices of how you can manage
your documents. For example, if the draft approval process is enabled, when you
save a document, it is automatically saved as a new draft, and that draft is
submitted for approval. You can see the new draft in your Pending Drafts folder.
If the draft approval process is turned off when you save a document, the draft
state is skipped, and the document is saved into Document Manager and is
immediately visible to other users. The approval process can involve multiple
reviewers.
The approval process has to be enabled at the library level; see “Setting up
documents management” on page 140 for more information.
In Workplace Services Express, the workflow process is a one-step approval
process. There are authors and reviewers. To be a reviewer, you must be
member of the wpsDocReviewer group.
If workflow is enabled, when you write or import a document, it will only be
available to you and potential reviewers in the Pending Drafts folder until it is
approved. Then, it will be publicly viewable from the folder in which it was
created.
When workflow is enabled, you will see the Submit for Approval button in your
user interface instead of the Save button, as shown in Figure 4-31 on page 167.
166
IBM Workplace Services Express
Figure 4-31 Create a document with workflow enabled
After you submit your document, the approver has to approve or reject it. The
approver sees your document in the Pending Drafts folder, as shown in
Figure 4-32 on page 168.
Chapter 4. Document management
167
Figure 4-32 Pending Drafts folder
By clicking the document link, the approver then can check the document and
decide to approve or reject it. Approving it makes the document immediately
available.If the document is not completely approvable, the reviewer can:
򐂰 Make changes to the document and click Submit for Approval. Because this
user is the reviewer, this makes the document immediately available to all
users.
򐂰 Make changes to the document, click Save as private Draft, and then click
Reject to send it back to the author for revisions.
Restriction: There can be multiple potential reviewers; however, only one of
this reviewers can approve or reject a document. There is no process for
assigning which reviewer gets approval authority. The first reviewer to approve
or reject the document makes the decision for all the reviewers.
Note: There is only one document reviewer group. You cannot add more
document reviewer groups in Workplace Services Express; you can add other
groups to this default document reviewer group instead.
168
IBM Workplace Services Express
4.3.4 Documents locking
When several people need to work on a document, there is always the chance
that the changes might conflict. Locking documents ensures that two people do
not edit the same document at the same time. You can choose which libraries
have locking capability enabled at the time you create the library (refer to “Setting
up documents management” on page 140), or an administrator can also change
this setting by editing the library properties after creation.
With locking enabled, a document is locked upon navigation to the edit panel.
Users with appropriate permission can apply or remove a lock as needed. A
document is automatically unlocked when it is approved. When locking is
enabled and workflow is disabled, the locked document will be automatically
unlocked when it is saved (not as draft).
To lock a document, click the document name then the Lock button, as shown in
Figure 4-33.
Figure 4-33 Lock a document
In the user interface, you will notice a different document icon, as shown in
Figure 4-34 on page 170.
Chapter 4. Document management
169
Figure 4-34 Document locking icon
If another person accesses the same document, that person will notice a warning
stating that the document is locked and cannot be modified or edited, as shown
in Figure 4-35.
Figure 4-35 Document locked
170
IBM Workplace Services Express
4.3.5 Folders and views
You can create folders and views inside your document library. Both will be
displayed in the tree hierarchy of the Document Manager portlet with different
icons.
Folders can be structured exactly as your Windows system folders, and their
content can also be accessed using the search engine.
To create a folder, click New → Folder from the Document Manager portlet
interface.
Figure 4-36 Create a new folder
Views are document selections based on a user query. Users can specify the
following query criteria for a view:
򐂰 File name
򐂰 Title
򐂰 Description
򐂰 Author
򐂰 Language
򐂰 Modifier
Chapter 4. Document management
171
򐂰 Creation date
򐂰 Last modified
Important: View names cannot contain the following characters: asterisks (*),
question marks (?), less than and greater than signs (< >), percent signs (%),
apostrophes (’), quotation marks (“”), backward and forward slashes (\ /),
ampersands (&), at symbols (@), pipes (|), pluses (+), and pounds (#).
Duplicate view names are not allowed in the same library.
To create a view, click New → View, as shown in Figure 4-37.
Figure 4-37 Create a new view
A view configuration form opens. In the following example, we create a view that
selects every document whose title contains the word “Full” and whose author is
wpsadmin, as shown in Figure 4-38 on page 173. You can merge different
selection types to obtain the query you need.
172
IBM Workplace Services Express
Figure 4-38 View parameters
At the end of this process, your view will be shown on the tree hierarchy of your
Document Manager interface, listed under the root of your document library, as
shown in Figure 4-39.
Figure 4-39 View results
Chapter 4. Document management
173
4.3.6 Document search
You can search Document Manager for certain documents based on the
document content, author, or other document attributes. You can perform a basic
search that searches for documents only in the contents of the current folder
(default search scope). If you want to narrow your search, you can perform an
advanced search that enables you to specify more search options.
The simple search field is available in the Document Manager portlet on the
upper-right corner. It enables you to search inside the current document folder.
If you want to perform an advanced search, click Advanced Search to access a
new search form where you will have several options, as shown in Figure 4-40.
Figure 4-40 Advanced search
Type your keywords in the Search for field and select the appropriate parameters.
Then, click the Search button.
Important: Search is case sensitive.
Restriction: Users can only search for documents that are contained in the
document library in which they are working.
You can search in the Document Manager portlet as on the Internet. That is, you
can use:
򐂰 Free text (users enter text or a phrase without any modifiers).
򐂰 Internet-style plus (+) and minus (-) symbols (+World +Wide +Web -spider
searches only “World Wide Web” and not “spider web”).
򐂰 Internet-style double quotation marks (“”) for phrases (“World Wide Web”)
򐂰 Trailing wild cards (Adam* brings search results of Adam, Adams, Adamson,
and so on).
174
IBM Workplace Services Express
Tip: To ensure that your Document Manager search continues to work
correctly, consider performing the following steps as part of your database
back up and recovery procedures.
Each time that you back up your database or databases, you should also back
up the Juru search indexes that have been built and coincide with the current
state of your databases. These indexes are maintained under
install_root\AppServer\wpcp\config\WebSphere_Portal\author in the Indexes
directory. You should use a collection tool that will recursively collect the
contents within a directory to back up these indexes. For example, on a
Windows 2000 Server, you might use:
cd install_root\AppServer\wpcp\config\WebSphere_Portal\author
zip -o -r <backupDir>\juruIndexes.zip Indexes
If you have to restore your databases, you should restore the indexes that you
backed up along with your databases.
Restriction: Presently, you cannot change the index update timing from the
Web interface, but you can do it using the utility we provide as an additional
Redbook material. For details, refer to Appendix C, “Additional material” on
page 503.
4.4 Document security
If you work with Document Manager, you have a role assigned to you. This role
enables you to perform certain tasks. You might be able to edit folders and files,
or you might have read-only access.You might also have the highest level of
control in Document Manager, an administrative role that gives you permission to
determine who has access to certain documents and folders.
If you have administrative control, you can set access control for an individual file,
or you can set access control for a folder. If you set access control for a folder, all
of the folder’s contents have the same access settings.
To allow or restrict access to documents and folders, complete the following
steps:
򐂰 For folders:
a. Navigate to the folder for which you want to set the access.
b. Click Folder Actions → Set Access to This Folder, as shown in
Figure 4-41 on page 176.
Chapter 4. Document management
175
Figure 4-41 Set folder access control
A browser window opens and displays a resource permissions grid. The
following roles have certain permissions for working in Document Manager:
– User: Read-only access to Document Manager resources. Users can see
the resource, but cannot modify or contribute content of their own.
– Editor: The ability to view and add new folders or documents to the current
resource. Editors can also modify the properties and content of existing
documents and files. Editors cannot move files unless they are
authors/creators of the item being deleted.
– Manager: All the privileges of Editors plus the ability to modify the
properties and content of all documents, delete folders and documents
underneath the current resource, override document locks, and move files.
– Administrator: The Administrator can perform any of the previous
operations, and also assign access to files and folders.
Note: The Privileged User, Delegator, or Security Administrator roles do
not apply to Document Manager resources. You can disregard these
options.
򐂰 For documents:
a. Click the document name.
b. Click More Actions → Set Access, as shown in Figure 4-42 on page 177.
176
IBM Workplace Services Express
Figure 4-42 Set document access
A window opens showing you the different security roles, as shown in
Figure 4-43.
c. Click the Pencil icon to edit the role and to change it.
Figure 4-43 Work with document security
Chapter 4. Document management
177
Tip: Document security is based on WebSphere Portal security. For more
information, refer to WebSphere Portal Collaboration Security Handbook,
SG24-6438, available at:
http://www.redbooks.ibm.com/abstracts/sg246438.html
Tip: When you search for people, select the givenName option then insert
one or more letters of the name you are searching. Do not use wildcards.
Document membership
To access document membership, click the Members link on the left side of the
Document Manager portlet.
Figure 4-44 Document Members access
The set of people who are allowed to use the document library are called the
members. You can assign each user (or group of users) to a role. The document
library has two roles, called moderators and contributors.
Basically, moderators have more power and contributors have less power. For
example, moderators can edit document library properties and control
membership. Contributors can only contribute to the document library.
Figure 4-45 on page 179 shows the Members portlet.
As the owner of the document library, you get to decide who goes into what role.
This role assignment determines who can do what. Membership structure is
defined at Document Library template level.
178
IBM Workplace Services Express
Figure 4-45 Members portlet
Note: The number following the role, as in Figure 4-45 on page 179, shows
how many people belonging to that role are online.
If you are the moderator, clicking the Actions button shows you three actions you
can do:
򐂰 Manage members: To manage the document library membership. Clicking
this link opens the window, as shown in Figure 4-46 on page 180, where you
can choose to add or remove persons, groups, or both.
򐂰 Cancel membership: To remove your membership from that library. If you
cancel your membership to a document library whose access policy restricts
access to members only, you can no longer access the document library. If
you cancel your membership to a document library whose access policy gives
access to all users, you can continue to access the document library, but it
only displays in the catalog if you click Show → All Document Libraries. You
cannot cancel your membership to a document library if you are its owner or
the only moderator.
򐂰 Give all Workplace users access as contributors. Document library
moderators can make the document library public, meaning that all users
have access. In a public document library, users who are not listed members,
or members of a listed group, have contributor access and cannot be given
moderator access. Only listed members and members of listed groups can
see the document library when they click Show → My Document Libraries.
If notification is enabled, only listed members and members of listed groups
receive e-mail notification when they have been added to the document
library.
Chapter 4. Document management
179
Figure 4-46 Member management
Important: Reviewers are not controlled from membership. If you belong the
wpsDocReviewer group, you are a reviewer even if you are just a contributor.
4.5 Collaboration and notification
As you can see in Figure 4-47, messaging and awareness is part of the
Document Manager portlet, so you can easily contact someone whose document
is in the library you are accessing with no need to do any additional configuration.
Figure 4-47 Real-time collaboration
180
IBM Workplace Services Express
Having rapid answers to your questions and doubts regarding a document can
dramatically improve your productivity.
If you want to enable the “Send Link” action for documents or the “Send a Link to
This Folder” action, complete the following steps:
1. Stop the Workplace Services Express server using the command line:
stopWorkplaceServices.bat
For Linux:
stopWorkplaceServices.sh
Remember to include the -username and -password options if you have
enabled security.
2. Edit the file WCM.properties located in the
<wse_root>\AppServer\wpcp\config\WebSphere_Portal\author\ directory and
change the values to the values in your environment, as shown in
Example 4-1.
Example 4-1 Properties to modify
wcm.mail.smtp.host=your_smtp_server
wcm.mail.return.address=the_sender_address
Important: In the WCM.properties file, the values to modify are reported
twice: first at the beginning of the file, and then at the end of the file. Be
sure to modify the second one.
3. Start Workplace Services Express.
To send a link to a folder, select it and click Folder Actions → Send a Link to
This Folder, as shown in Figure 4-48 on page 182.
Chapter 4. Document management
181
Figure 4-48 Sending a folder link
If you want to send a link to a document, click the document name, and then click
More Actions → Send Link, as shown in Figure 4-49.
Figure 4-49 Sending a document link
Then choose the people or groups to which to send the link, as shown in
Figure 4-50 on page 183.
182
IBM Workplace Services Express
Figure 4-50 Add people and comments to send link
The addressee receives a mail containing a clickable link to the document or
folder, as shown in Figure 4-51.
Figure 4-51 Link to a document
Chapter 4. Document management
183
Note: We suggest that you open the link in a new window.
4.6 Document conversion
Documents produced by many standard applications (such as word processors
or spreadsheets) can be viewed as HTML pages using the Document
Conversion Services.
Document Conversion Services is integrated with Document Manager and the
Consolidated Mail portlet. Documents received as attachments to e-mail can be
viewed in the browser even if the application that created the document is not
installed. Document Conversion Services also allows documents to be searched
by content.
Important: If you use Linux, be sure to install the package LessTif 0.93 or
Motif 2.0, X11R6.
Document Conversion Services (DCS) need a temporary directory to run. By
default, this directory is C:\temp in Windows and /temp in Linux. If you want to
change it, edit the converters.xml file in the shared/app directory. Add the
property "tempDir" to the <global> tag:
<global>
<property name="tempDir" value="<yourtempdirectory>"/>
</global>
Before you begin, perform the following configuration step to ensure that
document conversions will work for Microsoft Office and Lotus SmartSuite file
types, as shown in the following examples
Update the content-types.properties file under install_root\AppServer\java\jre\lib
with the content shown in Example 4-2 for Microsoft Office.
Example 4-2 Microsoft Office settings
application/msword: \
description=Microsoft Word;\
file_extensions=.doc
application/vnd.ms-excel: \
description=Microsoft Excel;\
file_extensions=.xls
application/vnd.ms-powerpoint: \
description=Microsoft PowerPoint;\
file_extensions=.ppt
184
IBM Workplace Services Express
Update the content-types.properties file under install_root\AppServer\java\jre\lib
with the content shown in Example 4-3 for Lotus SmartSuite.
Example 4-3 Lotus SmartSuite settings
application/vnd.lotus-freelance: \
description=Lotus Freelance;\
file_extensions=.prz
application/vnd.lotus-1-2-3: \
description=Lotus 1-2-3;\
file_extensions=.123
application/vnd.lotus-wordpro: \
description=Lotus Word Pro;\
file_extensions=.lwp
Then, restart the Workplace Services Express server.
To manually convert a document, open the document and then click More
Actions → Convert, as shown in Figure 4-52. A page opens where you must
select the type of the document you want to convert.
A new converted version of the document will be created.
Figure 4-52 Convert a document
Important: It is possible to convert documents from Office standards to the
productivity editor internal type but not vice versa.
Chapter 4. Document management
185
186
IBM Workplace Services Express
5
Chapter 5.
Themes and skins
This chapter describes the features and functionality of IBM Workplace Services
Express. We provide an in-depth look at themes and skins.
We discuss the following topics in this chapter:
򐂰 Themes
򐂰 Skins
򐂰 Customizing themes:
– Creating the base theme
– Figure 5.4.2 on page 204
– Adding a logo
– Replacing the default Workplace Services Express graphic
– Removing the Sign up link
– Changing the I forgot my password link text
– Removing the Edit my profile link
– Customizing the Login page
– Other customizations
© Copyright IBM Corp. 2005. All rights reserved.
187
5.1 Themes and skins overview
This section introduces the themes and skins available within Workplace
Services Express and covers customization of themes to allow you to provide
your own look and feel. Themes and skins are composed of a set of J2EE
elements such as JavaServer™ Pages™ (JSPs), cascading style sheets (CSS),
images, and HTML. Workplace Services Express themes and skins extend the
WebSphere Portal themes and skins implementation with the following additions:
򐂰 Use of multiple skins on a single page
򐂰 Additional JSPs:
– For drag and drop
– Slide-out palette
Flyout.jsp: Used to set up iframe for showing the portlets for the
drag-and-drop action. Uses flyout.js to do sliding window effect.
– ActionUrlInclude.jsp: Used to calculate the URLs for the Actions menu
– Template Builder layout
BuilderLinkVariables.jsp: Sets the flags for state of page to be used to
decide what can be displayed.
Important: You cannot deploy themes and skins from an IBM WebSphere
Portal implementation into IBM Workplace Services Express due to the
structure and additional features.
A WebSphere Portal page is composed of a number of components, as shown in
Figure 5-1 on page 189:
򐂰 Toolbar
򐂰 Place bar
򐂰 Navigation tree
򐂰 Portlets
򐂰 Skin
188
IBM Workplace Services Express
Place Bar
Navigation Tree
Toolbar
Portlet
Skin
Figure 5-1 Anatomy of a WebSphere Portal page
The layout of the page is controlled by the Default.jsp file and its associated
JSPs, including:
򐂰 TagLibInclude.jsp
򐂰 Head.jsp
򐂰 PageBeginInclude.jsp
򐂰 ToolBarInclude.jsp
򐂰 PlaceBarInclude.jsp
򐂰 PageEndInclude.jsp
򐂰 ActionMenuInclude.jsp
Chapter 5. Themes and skins
189
The TagLibInclude.jsp, PageBeginInclude.jsp, and PageEndInclude.jsp files are
part of every theme, including both Workplace Services Express and WebSphere
Portal versions. These files are located in the themes\html\extensions directory.
These files do not control layout for the pages.
With Workplace Services Express, the page layout is different and the pages are
composed of the following items:
򐂰 Toolbar
򐂰 Place bar
򐂰 Navigation tree
򐂰 Portlets
򐂰 Skin
򐂰 Flyout
From the list, you see that the major difference is the inclusion of the flyout on the
page. Figure 5-2 on page 191 illustrates the page layout with the exception of the
flyout page, which is shown in Figure 5-3 on page 192.
190
IBM Workplace Services Express
Toolbar
Skin
Place Bar
Portlet
Flyout
Navigation Tree
Figure 5-2 Anatomy of a Workplace Services Express page
Chapter 5. Themes and skins
191
Figure 5-3 Flyout page for IBM Workplace Services Express
The order of search for theme and skins in Workplace Services Express is:
򐂰 /markup
򐂰 /theme_name
򐂰 /client
򐂰 /locale
򐂰 /locale_region
If a user accesses the environment using Microsoft Internet Explorer and has a
language locale of English, Workplace Services Express will use the cascading
style sheets in the following directory:
<wse_root>\AppServer\installedApps\<node>\wps.ear\wps.war\themes\html\
<theme_name>\ie\en\
Any modifications you make to your themes and skins must be made to the
language files of all those languages you want to support in your environment.
These changes are also dependant on the client accessing the environment. As
with the previous example, we use Internet Explorer for our client.
192
IBM Workplace Services Express
5.2 Themes
Workplace Services Express has 20 user themes provided with the installation
that enable you to customize the look and feel of the product. In addition to the
user themes, there are two system themes provided in the selection list within the
themes and skins.
The supplied user themes supplied:
򐂰 Alloy
򐂰 Bubbles
򐂰 Crimson
򐂰 Digital
򐂰 Dusk
򐂰 Forest
򐂰 Galaxy
򐂰 Graphite
򐂰 Heatwave
򐂰 IBM Workplace Services Express
򐂰 Lava
򐂰 Lime
򐂰 Olive
򐂰 Red Wave
򐂰 Rust
򐂰 Sky
򐂰 Slate
򐂰 Steel
򐂰 Sunrise
򐂰 Sunset
The IBM Workplace Services Express theme is the default theme that provides
the out-of-the-box look and feel for the product. This theme contains text and
graphics that reference IBM. The product provides an unbranded version of this
theme named alloy.
Chapter 5. Themes and skins
193
Note: Do not use the following system themes for your Workplace Services
Express environment because they will disable the Administration link:
򐂰 Lotus Workplace Builder theme
򐂰 Dynamic person tag theme
If you do use one of these themes in error, you can use the tool documented in
8.10, “Themes” on page 458 to revert back to the default theme or a theme of
your choice.
The Lotus Workplace Builder theme is a separate theme within Workplace
Services Express, and as mentioned previously, it should not be used as the
default theme. The builder theme controls the layout of the Templates tool within
Workplace Services Express and provides the structure of the tool and provides
a different layout when a user is editing a template, as shown in Figure 5-4.
Figure 5-4 Lotus Workplace Builder theme in IBM Workplace Services Express
The themes are broken down into three navigation models to provide you with
the flexibility to design the overall user experience in terms of navigation. Each
style provides the navigation in six colors.
The navigation models are:
򐂰 Single level of horizontal navigation with a vertical tree navigation structure,
as shown in Figure 5-5 on page 195.
194
IBM Workplace Services Express
Figure 5-5 Galaxy them
򐂰 Two levels of horizontal navigation with a vertical tree navigation structure, as
shown in Figure 5-6.
Figure 5-6 Slate theme
򐂰 A vertical tree navigation only structure, as shown in Figure 5-7.
Figure 5-7 Bubbles theme
These themes are categorized in the three navigation styles as listed in Table 5-1
on page 196.
Chapter 5. Themes and skins
195
Table 5-1 Themes categorized by structure
Navigation structure
Theme name
Single level of horizontal navigation, plus
vertical tree navigation structure
Digital, Galaxy, Heatwave, Lava, Lime,
Rust
Two levels horizontal navigation, plus
vertical tree navigation structure
Dusk, Graphite, Olive, Red Wave, Slate,
Sunrise
Vertical tree navigation only structure
Bubbles, Crimson, Forest, Sky, Steel,
Sunset
Table 5-2 shows the theme locations under the
\AppServer\installedApps\<node>\wps.ear\wps.war\themes\html directory.
Table 5-2 Theme locations
196
Theme name
Location
Alloy
alloy
Bubbles
structure_3_bubbles
Crimson
structure_3_crimson
Digital
structure_1_digital
Dusk
structure_2_dusk
Forest
structure_3_forest
Galaxy
structure_1_galaxy
Graphite
structure_2_graphite
Heatwave
structure_1_heatwave
IBM Workplace Services Express
IBM
Lava
structure_1_lava
Lime
structure_1_lime
Olive
structure_2_olive
Red Wave
structure_2_redwave
Rust
structure_1_rust
Sky
structure_3_sky
Slate
structure_2_slate
Steel
structure_3_steel
IBM Workplace Services Express
Theme name
Location
Sunrise
structure_2_sunrise
Sunset
structure_3_sunset
5.3 Skins
Skins provide the border rendering and additional navigation for the components
on the pages for portlets, row containers, and column containers. In short, the
skin controls the rendering of all the page content. Within a WebSphere Portal
environment, the navigation tree is generated by the LayeredContainer.jsp file
located in the default skin directory skins\html. If this file is not overwritten in a
custom version of the skin, the Workplace Services Express environment will use
the default version and therefore generate a second navigation tree within the
page layout.
Workplace Services Express includes the following skins associated with the
themes listed on page 193:
򐂰 Clear
򐂰 Dynamic Person Tag
򐂰 iFrame
򐂰 Mist
򐂰 MistWithBorders
򐂰 NoBorder
򐂰 NoSkin
򐂰 NoTitle
򐂰 PortletPalette
򐂰 WorkplaceBuilderSkin
The skin Mist is the default for all supplied themes, and MistWithBorders is the
standard used for the Instants Contacts and People Finder portlets on the
Workplace Services Express pages. Figure 5-8 on page 198 and Figure 5-9 on
page 198 show examples of these two skins.
Chapter 5. Themes and skins
197
Figure 5-8 Team Spaces Catalog portlet using the Mist skin
Figure 5-9 People Finder portlet using the MistWithBorders skin
If you use one of the other supplied skins with Workplace Services Express
instead of Mist and MistWithBorders, you will experience the issue of a second
navigation tree within the user interface that was indicated earlier. Figure 5-10 on
page 199 shows an example of this issue where the default skin was changed to
NoSkin in the theme.
198
IBM Workplace Services Express
Second Navigation
Tree on page
Figure 5-10 Example of a second navigation tree on Workplace Services Express page
5.4 Customizing themes
This section describes the steps to perform a simple customization of one of the
supplied themes for Workplace Services Express. We use a fictitious company
called DD Supplies as part of the customization. The chosen theme to illustrate
this customization is Workplace Services Express. The first step is to identify
what DD Supplies requirements are. For this scenario, we use the following
requirements:
򐂰 Adding a DD Supplies logo
򐂰 Changing the browser title text
For the second phase of customization, we customize the theme in more detail:
򐂰 Changing the Workplace logo
򐂰 Removing the Sign up link
Chapter 5. Themes and skins
199
򐂰 Removing the Edit my profile link
򐂰 Changing the text for the I forgot my password link
5.4.1 Creating the base theme
To create the base theme, complete the following steps:
1. Ensure that Workplace Services Express is not active:
a. Navigate to the subdirectory where you installed Workplace Services
Express, for example, C:\Program Files\IBM\WorkplaceServicesExpress
or \opt\ibm\WorkplaceServicesExpress.
b. Use the stopworkplaceservices.bat or ./stopworkplaceservices.sh
script to stop Workplace Services Express, depending on which platform
you have installed the product.
2. Start Windows Explorer or Linux File Manager.
3. Navigate to the following directory:
<wse_root>\AppServer\InstalledApps\<nodename>\wps.ear\wps.war\themes
\html\
On Windows, the default for <wse_root> is C:\Program
Files\IBM\WorkplaceServicesExpress.
On Linux, the default for <wse_root> is \opt\ibm\WorkplaceServicesExpress.
4. Locate the subdirectory that contains the theme on which you want to base
your modifications. For this example, we use the theme Workplace Services
Express. This is located in the subdirectory IBM; refer to Table 5-2 on
page 196 for details about theme locations.
5. Copy this directory and paste it as a new directory under the html
subdirectory. Name the directory to match the theme name you want to use,
for example, DDSupplies.
6. Edit the XML Metadata Interchange (XMI) file, ibm-web-ext.xmi, with a
suitable editor, such as WordPad (Windows) or Kate (Linux). Updating this file
enables the editor to see their edits made to a theme when they refresh the
browser as long as the default.jsp has been updated. This removes the need
to restart the servers after every change.
Tip: Some changes made might not be refreshed on a browser refresh.
Therefore, you might need to clear the browser cache. In Internet Explorer
and Mozilla, press Ctrl+F5 to override the cache.
200
IBM Workplace Services Express
a. The file is located in the following subdirectory:
<wse_root>\AppServer\Config\cells\<node>\application\wps.ear\deploym
ents\wps\wps.war\WEB-INF\
b. Search for reloadingEnabled and change the setting to have a value of
“true”.
Important: This setting should only be used when testing and
configuring your new theme. It will cause an impact on performance and
must be set back to false when you complete the configuration of your
new theme.
7. Ensure that Workplace Services Express has started:
a. Navigate to the subdirectory where you installed Workplace Services
Express, for example, C:\Program Files\IBM\WorkplaceServicesExpress
or \opt\ibm\WorkplaceServicesExpress.
b. Use the startworkplaceservices.bat or ./startworkplaceservices.sh
script to stop Workplace Services Express, depending on which platform
you have installed the product.
8. Connect to Workplace Services Express using a browser, as in the following
example URL:
http://wse1.cam.itso.ibm.com:9081/lwp/workplace
9. Click the Log in link and log in to Workplace Services Express as wpsadmin.
10.Click the Administration link on the top-right area of the window.
11.Click the left navigator link for Themes and Skins, as shown in Figure 5-11
on page 202.
Chapter 5. Themes and skins
201
Figure 5-11 Theme and Skins window
12.Click the Add new theme button and enter the name of the theme and the
directory where the theme is located, ensuring that the directory name uses
the same case as the actual directory. In the Skins area, select the following
skins to be included in the theme, ensuring that the skin Mist is set as the
default skin (see Figure 5-12 on page 203):
– NoSkin
– WorkplaceBuilderSkin
– PortletPalette
– Mist
– MistWithBorders
Click OK to complete the addition of the new theme.
202
IBM Workplace Services Express
Figure 5-12 Add new theme window
13.Select your new theme in the themes list and click Set as default portal
theme, as shown in Figure 5-13. This ensures that you are seeing the
changes you make to your theme.
Figure 5-13 Setting the new theme to be the default theme
Chapter 5. Themes and skins
203
Tip: When customizing a theme, you might encounter errors in your
changes. If at any time the changes you make cause Workplace Services
Express to generate an error that does not allow you to access the
Administration option to revert to a supplied theme, you can use the tool
described in 8.10, “Themes” on page 458.
14.Now that the new theme has been created and installed, we can start to
update it.
5.4.2 Changing the text
To update the text contained within the title bar of the browser, complete the
following steps:
1. Locate the file ibmtheme.properties corresponding to the language of your
environment. In addition, if you are using the multiple languages, locate all the
supported language versions of the file. The different language versions of
the file are named in the format ibmtheme_XX.properties, where the XX
corresponds to the language, for example, “it” for Italian. The default file is
located in the <wse_root>\PortalServer\shared\app\nls directory.
2. Edit the file with a suitable editor, such as WordPad, and replace the value for
the string title, which by default is set to Workplace Services Express. This
updates the title displayed in the browser, as shown in Figure 5-14.
Title
Environment Name
Figure 5-14 Example of text changes for DD Supplies
3. Stop Workplace Services Express:
a. Navigate to the subdirectory where you installed Workplace Services
Express, for example, C:\Program Files\IBM\WorkplaceServicesExpress
or \opt\ibm\WorkplaceServicesExpress.
204
IBM Workplace Services Express
b. Use the stopworkplaceservices.bat or ./stopworkplaceservices.sh
script to stop Workplace Services Express, depending on which platform
you have installed the product.
4. Restart Workplace Services Express:
a. Navigate to the subdirectory where you installed Workplace Services
Express, for example, C:\Program Files\IBM\WorkplaceServicesExpress
or \opt\ibm\WorkplaceServicesExpress.
b. Use the startworkplaceservices.bat or ./startworkplaceservices.sh
script to stop Workplace Services Express, depending on which platform
you have installed the product.
5. Log in to Workplace Services Express with the administrator account and
check that the changes in Figure 5-14 on page 204 are correct.
5.4.3 Adding a logo
In this section, we describe the steps required to add a new logo to Workplace
Services Express for your company. We use our company DD Supplies to
illustrate the steps required to achieve this modification. The default log we are
going to replace is ibmWordMark.jpg. Complete the following steps:
1. Create a new JPEG graphic for your logo that is 22 pixels high and 200 pixels
wide. These dimensions match the size of the logo we are intending to
replace.
2. Navigate to the following directory:
<wse_root>\AppServer\InstalledApps\<nodename>\wps.ear\wps.war\themes
\html\DD Supplies
3. Rename the JPEG ibmWordmark.jpg to ibmWordmarkold.jpg.
4. Copy you new graphic in the directory named ibmWordmark.jpg.
5. Edit the Default.jsp file with a suitable editor and make a change by adding
and then removing a space. Save the changes. This ensures that the theme
files are reloaded.
6. Log in to Workplace Services Express.
You will now see the changes, as shown in our example in Figure 5-15 on
page 206.
Chapter 5. Themes and skins
205
Figure 5-15 New logo graphic
5.4.4 Replacing the default Workplace Services Express graphic
An alternative method to customize the theme with a logo is to replace the default
logo within the theme. This replaces the logo shown in Figure 5-16.
Figure 5-16 Default bannerGraphicTop.jpg
The dimensions of the supplied logo bannerGrpahicTop.jpg are 79x61 pixels, and
if you want to replace this image, we recommend that you provide an image of
these dimensions. Below the bannerGraphicTop.jpg is a reflection graphic named
bannerGraphicBottom.jpg. Figure 5-17 shows the default with the dimensions of
79x11 pixels.
Figure 5-17 Default bannerGraphicBottom.jpg
The following steps should be used to change the bannerGraphicTop.jpg and
bannerGraphicBottom.jpg:
1. Create two new JPEG graphics for your logo: 61 pixels high and 79 pixels
wide to replace the bannerGraphicTop.jpg and 11 pixels high and 79 pixels to
replace the bannerGraphicBottom.jpg. These dimensions match the size of
the graphics we intend to replace.
2. Navigate to the following directory:
<wse_root>\AppServer\InstalledApps\<nodename>\wps.ear\wps.war\themes
\html\DD Supplies
3. Rename the JPEG bannerGraphicTop.jpg to bannerGraphicTopold.jpg and
bannerGraphicBottom.jpg to bannerGraphicbottomold.jpg.
4. Copy the new graphics, bannerGraphicTop.jpg and bannerGraphicBottom.jpg,
into the directory.
206
IBM Workplace Services Express
5. Edit the Default.jsp file with a suitable editor and make a change by adding
and then removing a space. Save the changes. This ensures that the theme
files are reloaded.
6. Start a browser and connect to Workplace Services Express. Check that your
changes have been applied and that they meet your requirements.
Figure 5-18 shows our example changes for DD Supplies.
Figure 5-18 Example showing new logos
5.4.5 Removing the Sign up link
The default page for Workplace Services Express includes a button for
self-registration labelled Sign up.
Sign up link
Figure 5-19 Sign up link
This link enables users to self-register in the user registry or LDAP directory if
write access is allowed. Some customers might want to remove this facility so
that users do not try and register multiple times, or when the customers want to
use a read-only LDAP service. The Sign up link can be removed using the
following steps. In this example, we once again use the DD Supplies theme
created in the earlier steps. Complete the following steps:
1. Locate the toolbarinlcude.jsp file in the following directory:
<wse_root>\AppServer\installedApps\<node>\wps.ear\wps.war\themes\html\
DDSupplies
2. Make a backup copy of the JSP and edit the original with WordPad.
3. Remove the lines shown in Example 5-1 on page 208 to disable the link.
Chapter 5. Themes and skins
207
Example 5-1 Code to be removed from toolbarinclude.jsp to disable Sign up link
<%-- enroll button --%>
<wps:if loggedIn="no">
<%
String dt =
com.ibm.wps.puma.UserManager.instance().getDirectoryType();
if (dt==null)
{
dt = "";
}
if (!dt.equals("SSPM"))
{
%>
<td align="center" nowrap>
<a class="wpsToolBarLink" href='<wps:url
command="PrepareEnrollment" home="public" reqid="no"/>'><wps:text
key="link.enrollment" bundle="nls.engine"/></a>
</td>
<%
}
%>
</wps:if>
4. Save the changed file.
5. Locate the default.jsp file in the following directory:
<wse_root>\AppServer\installedApps\<node>\wps.ear\wps.war\themes\html\
DDSupplies
6. Edit the original with WordPad and add a space and then remove the space.
7. Save the updated file.
8. Connect to your Workplace Services Express environment and check that the
Sign up link has been removed, as shown in Figure 5-20.
Figure 5-20 Menu with no Sign up link
5.4.6 Changing the I forgot my password link text
The default page for Workplace Services Express includes a link for “I forgot my
password.” This link displays a page with some generic text about how to get
assistance. You can change the text to inform users who to contact in the event of
208
IBM Workplace Services Express
an issue with their password. To change the text of the message displayed to the
end user when the link is clicked, complete the following steps:
1. Locate all the engine*.properties files in the subdirectories under
<wse_root>\PortalServer\shared\app\nls.
Note: The asterisk (*) is a wildcard for the different language versions, for
example, engine_es.properties for Spanish. Also note that there will be a
top-level version of the properties file engine.properties that should be
edited as well with your changes.
2. Make a backup copy of each of the files and edit the originals with WordPad.
Remember that each language version requires the text to be translated into
the correct language.
3. In the file, locate the following entries and change them as shown in
Example 5-2.
Example 5-2 Example I forgot my password text change
forgot.sample =
forgot.support = For help with your password, please contact the Support team
on ext 12345 or
forgot.help = contact via email [email protected]
4. Save the changes.
5. Stop Workplace Services Express.
6. Restart Workplace Services Express.
7. Enter the following URL in your browser to test that the server is running:
http://wse1.cam.itso.ibm.com:9081/lwp/workplace
8. Click the I forgot my password link and check that the page displays the new
contact information, as shown in Figure 5-21.
Figure 5-21 Example of I forgot my password text
Chapter 5. Themes and skins
209
5.4.7 Removing the Edit my profile link
The default page for Workplace Services Express includes a link for editing the
user profile labelled Edit my profile, as shown in Figure 5-22.
Edit my profile
Figure 5-22 Edit my profile link
This link enables users to change options, including passwords. However, some
customer implementations might use a read-only LDAP directory. Therefore, this
feature would not function correctly and generate an error for the end user. If you
want to remove this functionality, complete the following steps to disable to
feature:
1. Locate the toolbarinlcude.jsp file in the following directory:
<wse_root>\AppServer\installedApps\<node>\wps.ear\wps.war\themes\html\
DDSupplies
2. Make a backup copy and edit the original with WordPad.
3. Remove the lines shown in Example 5-3 to disable the link.
Example 5-3 Script to remove from toolbarinclude.jsp to disable Edit my profile link
<%-- selfcare button --%>
<wps:if loggedIn="yes" notScreen="SelfcareUserForm,SelfcareUserConf"
portletSolo="no">
<td align="center" nowrap>
<a class="wpsToolBarLink" href='<wps:url
command="PrepareSelfcare" reqid="no"/>'><wps:text key="link.selfcare"
bundle="nls.engine"/></a>
</td>
</wps:if>
4. Save the changed file.
5. Locate the default.jsp file in the following directory:
<wse_root>\AppServer\installedApps\<node>\wps.ear\wps.war\themes\html\
DDSupplies
6. Edit the original with WordPad and add a space and then remove the space.
210
IBM Workplace Services Express
7. Save the updated file.
5.4.8 Customizing the Login page
To customize the Login page, you can modify the Login.jsp file on your
Workplace Services Express server in the
<wse_root>\WebSphere\AppServer\installedApps\servername
\wps.ear\wps.war\screens\html directory.
Note that there are several instances of Login.jsp on the server, but this is the
only one you need to change to modify the initial Login page for Workplace
Services Express.
After you locate and open the file, you can use basic HTML to modify the
Welcome page. In the example, as shown in Figure 5-23, we changed the
graphic for the Login page by replacing the file loginimage.gif in the themes html
directory.
Figure 5-23 Updated graphic on the Login page for Workplace Services Express
Changing the Login graphic requires a server restart to take effect.
5.4.9 Other customizations
The customizations described in the previous sections only cover minor changes
to the look and feel of the Workplace Services Express environment. You can
customize the Workplace Services Express environment to use corporate colors
and changes to the navigation to better suit your business requirements. In this
section, we briefly describe each of the additional components for customization,
but do not include specific examples.
Chapter 5. Themes and skins
211
To modify the site further, you can use different size graphics for the
ibmWordmark.jpg and amend the dimensions supplied in the toolBarInclude.jsp
for the theme. This is the default version supplied, and you can see highlighted
the width and height dimensions for the JPEG in Example 5-4.
Example 5-4 The toolbarinclude.jsp script showing ibmWordmark.jpg graphic dimensions
<%-- IBM Wordmark --%>
<td align="<%=bidiAlignLeft%>" nowrap><img src="<wps:urlFindInTheme file='<%=
"ibmWordmark" + bidiImageRTL + ".jpg" %>'/>" width="201" height="22" border="0"
align="absmiddle"><a href="#wpsMainContent"><img width="1" height="22"
border="0" src='<%= wpsBaseURL %>/images/dot.gif' alt='<wps:text
key="link.skiptocontent" bundle="nls.engine"/>' title='<wps:text
key="link.skiptocontent" bundle="nls.engine"/>'></a></td>
<td colspan="2" width="100%"
align="<%=bidiAlignRight%>">
To change the site further, you can edit the supplied cascading style sheets
(CSS) to change colors. The three main style sheets are:
򐂰 Styles.css
This CSS controls the portal-specific styles for your Workplace Services
Express site.
򐂰 LWP_Styles.css
This CSS controls the Workplace Services Express-specific styles for the site.
򐂰 HelpStyles.css
This CSS controls the help styles, but is not used to control Page Help styles.
Within each theme, there are many versions of the style sheets provided,
because they are required to cover the different versions of supported browsers
and languages and all the possible combinations. For example, the English
versions of the style sheets for the default theme are located in the following
directories:
򐂰 Mozilla:
<wse_root>\AppServer\installedApps\<node>\wps.ear\wps.war\themes\html\I
BM\en
򐂰 Internet Explorer:
<wse_root>\AppServer\installedApps\<node>\wps.ear\wps.war\themes\html\I
BM\ie\en
Note that there are versions of these three main style sheets located in the root
directory for the theme. To illustrate some changes to the theme using a style
sheet, we provide some ideas about what can be changed to manipulate the
colors of the Workplace Services Express page.
212
IBM Workplace Services Express
The section of the Styles.css style sheet shown in Example 5-5 provides
background colors around the toolbar graphics. In the listed section, the
background color is set to #3B3B3B. Changing these background colors could be
the first starting point to your color customizations. If you changed the
background colors to a lighter grey, for example, #919191, this would make the
current graphics stand out, because they would have a darker background. As an
example, Figure 5-24 on page 214 shows the original background color and
Figure 5-25 on page 214 shows the new color #919191. Therefore, to further
enhance the look of your new theme, you would want to create updated graphics
to match the color scheme selected.
Example 5-5 Toolbar script section of Styles.css
/* TOOL BAR */
/* Bar under border containing the page group dropdown and login, etc.
buttons */
.wpsToolBar {
background-color: #3B3B3B;
color: #FFFFFF;
padding: 0px 6px;
margin: 0px;
}
/* Background for the banner. Note that the background color is hidden
from
legacy browsers for consistency, not because it can't handle the
attribute.
New in v5 */
.wpsToolBarBackground {
background-color: #3B3B3B;
}
/* Bar under border containing the page group dropdown and login, etc.
buttons */
.wpsToolBarIcon {
background-color: #3B3B3B;
color: #FFFFFF;
padding: 0px 0px;
margin: 0px;
}
/* Bar under border containing the page group dropdown and login, etc.
buttons */
.wpsToolBarIconOn {
background-color: #3B3B3B;
color: #FFFFFF;
padding: 0px 0px;
margin: 0px;
}
Chapter 5. Themes and skins
213
Figure 5-24 Banner background using the default color #3B3B3B
Figure 5-25 Banner background using the color #91919
Example 5-6 shows another section of the Styles.css style sheet that controls the
tab navigator (place bar) text colors. The navigator is composed of graphics and
text controlled in the style sheet. In the following examples, we changed the text
colors from white (#FFFFFF) to dark blue when selected. In the second part of
the style sheet, we changed the unselected text color from white (#FFFFFF) to
pale, weak cyan (#CCFFFF). You can see the changes in the Workplace
Services Express interface in Figure 5-26.
Example 5-6 An extract of place bar section of Style.css
/* Link in Selected tab on Place bar */
.wpsSelectedPlaceLink, .wpsSelectedPlaceLink:visited,
.wpsSelectedPlaceLink:hover, .wpsSelectedPlaceLink:active {
font-size: x-small;
color: #003366;
text-decoration: none;
}
/* Link in Unselected tabs on Place bar */
.wpsUnSelectedPlaceLink, .wpsUnSelectedPlaceLink:visited,
.wpsUnSelectedPlaceLink:hover, .wpsUnSelectedPlaceLink:active {
font-size: x-small;
color: #CCFFFF;
text-decoration: none;
}
Figure 5-26 Place bar navigator showing new selected and unselected text colors
214
IBM Workplace Services Express
6
Chapter 6.
Advanced configuration
topics
In this chapter, we discuss different products and features that can be integrated
into the base IBM Workplace Services Express installation.
We walk you through the installation and configuration of IBM HTTP Server and
the configuration of Microsoft Internet Information Services (IIS) server for use as
external Web servers in accessing IBM Workplace Services Express.
We also discuss how to configure single sign-on (SSO) between Domino and
Workplace Services Express and how to configure Secure Sockets Layer (SSL)
on IBM HTTP Server to allow for secure communication between the Web server
and Workplace Services Express.
Finally, we discuss how to configure some of the portlets that are bundled with
Workplace Services Express, including mail and calendar portlets.
As mentioned, we discuss the following topics:
򐂰 External HTTP
򐂰 Single sign-on
򐂰 SSL
򐂰 Mail and calendar
© Copyright IBM Corp. 2005. All rights reserved.
215
򐂰 Workplace Services Express portlets
Note: At the time this chapter was written, Workplace Services Express
Version 2.0 was shipping and used by our team to create this content. If you
are working with Version 2.5, be sure to check the Workplace Services
Express Library for the most up-to-date information:
http://www.lotus.com/products/product5.nsf/wdocs/workplaceservicesexpress
library
216
IBM Workplace Services Express
6.1 External HTTP server
Workplace Services Express installs with a default HTTP transport configured to
run on port 9081. However, use of an external HTTP server (or Web server) to
access Workplace Services Express is supported. The HTTP server can either
reside on the same machine as Workplace Services Express or remotely on a
separate machine.
Refer to 2.1, “Requirements” on page 18 for the supported HTTP servers.
In this section, we discuss the configuration of two supported HTTP servers on a
Windows platform:
򐂰 IBM HTTP Server
IBM HTTP Server Version 2.0.42.2 ships with IBM Workplace Services
Express (on CD 1-3).
򐂰 Microsoft Internet Information Services (IIS) server
If you want to use a different HTTP server, consult the product's documentation
about how to install and configure it.
6.1.1 IBM HTTP Server configuration
A Web server is the foundation of any e-business application. IBM HTTP Server,
powered by Apache, is a Web server based on the Apache Web server
developed by the Apache Group (http://www.apache.org). IBM HTTP Server
includes several functions not available in the Apache Web server.
Installation instructions
To install IBM HTTP Server, complete the following steps:
1. Insert CD1-3, and navigate to the <cd_root>\ihs directory.
2. Double-click the setup.jar file to launch the installer.
Tip: If unable to launch the installer by clicking the setup.jar file, type the
following command at the command line:
<java_dir>\java -jar <cd_root>\ihs\setup.jar
Where <java_dir> represents the directory where the java.exe file is
located.
For example:
D:\WorkplaceServicesExpress\AppServer\java\bin\java -jar E:\ihs\setup.jar
Chapter 6. Advanced configuration topics
217
3. Select the installation language and click OK, as shown in Figure 6-1.
Figure 6-1 Choose language
4. Accept the terms of the license agreement after you have read it, and click
Next, as shown in Figure 6-2.
Figure 6-2 License agreement
5. Specify the Directory Name where you would like to install IBM HTTP Server
and click Next, as shown in Figure 6-3 on page 219. The default directory is
C:\Program Files\IBM HTTP Server 2.0.
218
IBM Workplace Services Express
Figure 6-3 Installation Directory
6. Select the installation option based on your environment and click Next, as
shown in Figure 6-4.
The default is Typical, which is fine for most installations.
Figure 6-4 Installation type
Chapter 6. Advanced configuration topics
219
7. Enter the name and password of a user who has local rights to run as a
service on the server and click Next, as shown in Figure 6-5.
This is generally the Windows Administrator account and password.
Figure 6-5 User ID
8. Review your installation selections and click Next start the installation, as
shown in Figure 6-6 on page 221.
220
IBM Workplace Services Express
Figure 6-6 Installation summary
9. Click Finish to complete the installation, as shown in Figure 6-7.
Figure 6-7 Installation complete
10.Start IBM HTTP Server either using the Windows menu by selecting Start →
Programs → IBM HTTP Server → Start HTTP Server, or using the
Windows Services panel, as shown in Figure 6-8 on page 222.
Chapter 6. Advanced configuration topics
221
Figure 6-8 Start IBM HTTP Server
11.Confirm that IBM HTTP Server is running.
After you have started the HTTP server, launch an Internet browser and type
the URL address of the server (for example, http://wse2.cam.itso.ibm.com)
to confirm that it is running. If successful, you should see the IBM HTTP
Server Welcome window, as shown in Figure 6-9.
Figure 6-9 IBM HTTP Server Welcome window
222
IBM Workplace Services Express
Configuring Workplace Services Express to use IBM HTTP
Server
If IBM HTTP Server has been successfully installed and configured, you can then
configure Workplace Services Express to use it. This entails customizing the
httpd.conf file with plug-in information and varies depending on whether you are
using a local or remote IBM HTTP Server. A local IBM HTTP Server runs on the
same machine as Workplace Services Express, while a remote IBM HTTP
Server runs on a separate machine from Workplace Services Express.
Using a local IBM HTTP Server
If using a local IBM HTTP Server, complete the following steps:
1. Using Windows Explorer, navigate to the <ihs_root>\conf directory to edit the
httpd.conf file, for example, D:\IBMHttpServer\conf\httpd.conf.
2. Open the file using a text editor and add the following two commands:
LoadModule was_ap20_module "<wse_root>\AppServer\bin\mod_was_ap20_http.dll"
WebSpherePluginConfig "<wse_root>\AppServer\config\cells\plugin-cfg.xml"
Important: Each command should be typed on single line, substituting
<wse_root> with the correct information pertaining to your environment.
We recommend that these two lines be added below the following line, as
shown in Example 6-1:
#LoadModule vhost_alias_module modules/mod_vhost_alias.so
Example 6-1 Adding Workplace Services Express plug-ins
#LoadModule usertrack_module modules/mod_usertrack.so
#LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule was_ap20_module
"D:\WorkPlaceServicesExpress\AppServer\bin\mod_was_ap20_http.dll"
WebSpherePluginConfig
"D:\WorkPlaceServicesExpress\AppServer\config\cells\plugin-cfg.xml"
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, in addition to the default. See also the <VirtualHost>
3. Using a browser, open the administrative console on Workplace Services
Express server by accessing the following URL:
http://<wse_server>:9091/admin
Where <wse_server> is the host name of the Workplace Services Express
server.
4. Log in using the WebSphere Application Server administrator user
credentials.
Chapter 6. Advanced configuration topics
223
5. Click Environment → Virtual Hosts, and then click default_host from the
list of virtual hosts.
6. Click Host Aliases from the list of additional properties.
7. On the Host Aliases page, click New.
8. Enter the host name and port number of HTTP (that is, the Workplace
Services Express server's host name, for example, wse2.cam.itso.ibm.com,
because the HTTP server is on the same machine), and click OK.
9. Click Save.
10.Regenerate the Web server plug-in settings:
a. In the administrative console, click Environment → Update Web Server
Plugin.
b. Click OK.
11.Modify the wpconfig.properties file:
a. Locate the <wse_root>/PortalServer/config/wpconfig.properties file and
create a backup copy before changing any values.
b. Open the wpconfig.properties file with a text editor and modify the
following two properties based on your environment:
•
WpsHostName: Fully qualified host name of your HTTP server, for
example, wse2.cam.itso.ibm.com
•
WpsHostPort: Port number being used by the Web server to listen to
HTTP traffic, for example, 80
c. Save the file.
12.Open a command prompt and change the directory to
<wse_root>/PortalServer/config.
13.Enter the following command to configure Workplace Services Express to use
the HTTP server:
WPSconfig.bat httpserver-config
14.Restart the HTTP server.
15.Restart the Workplace Services Express server.
16.Using a browser, go to the Workplace Services Express URL without
specifying the port number 9081, for example:
http://wse2.cam.itso.ibm.com/lwp/workplace
17.If Workplace Services Express launches successfully, this means that you are
now using the external HTTP server instead of the internal HTTP stack that
installs with Workplace Services Express by default.
224
IBM Workplace Services Express
Using a remote IBM HTTP Server
Two separate configurations will be required in order to use a remote HTTP
server with Workplace Services Express.
You must first configure the HTTP server (referred to hereafter as server A), and
then configure Workplace Services Express (referred to hereafter as server B).
Note: These instructions assume that IBM HTTP Server and Workplace
Services Express have both been configured and are up and running.
To configure the remote IBM HTTP Server (server A), complete the following
steps:
1. Stop IBM HTTP Server either using the Windows menu by selecting Start →
Programs → IBM HTTP Server → Stop HTTP Server, or using the Windows
Services panel.
2. Create the following directories, mirroring the directories on server B:
– <wse_root>\AppServer\bin
For example, D:\WorkplaceServicesExpress\AppServer\bin
– <wse_root>\AppServer\etc
For example, D:\WorkplaceServicesExpress\ AppServer\etc
– <wse_root>\AppServer\config\cells
For example, D:\WorkplaceServicesExpress\ AppServer\config\cells
– <wse_root>\AppServer\logs
For example, D:\WorkplaceServicesExpress\ AppServer\logs
3. Download the cumulative fix from the following URL:
http://www.ibm.com/support/docview.wss?uid=swg24007265
4. Unzip the ZIP file and copy the contents to the <wse_root>\AppServer\bin
directory.
5. Duplicate the steps outlined in “Using a local IBM HTTP Server” on page 223.
6. Create a file named http_plugin.log in the <wse_root>\AppServer\logs
directory that was created in step 2.
To configure Workplace Services Express (server B), complete the following
steps:
1. Using a browser, open the administrative console on server B by accessing
the following URL, where <ServerB.ibm.com> is the host name of the
Workplace Services Express server:
http://<ServerB.ibm.com>:9091/admin
2. Log in using the WebSphere Application Server administrator user
credentials.
Chapter 6. Advanced configuration topics
225
3. Click Environment → Virtual Hosts, and then click default_host from the
list of virtual hosts.
4. Click Host Aliases from the list of additional properties.
5. On the Host Aliases page, click New.
6. Enter the host name and port number of server A (that is, the HTTP server’s
host name, for example, ServerA.ibm.com) and click OK.
7. Click Save.
8. Regenerate the Web server plug-in settings:
a. In the administrative console, click Environment → Update Web Server
Plugin.
b. Click OK.
9. Copy the file
C:\WorkplaceServicesExpress\AppServer\config\cells\plugin-cfg.xml to the
C:\WorkplaceServicesExpress\AppServer\config\cells directory on server A.
10.Copy the following files to the <wse_root>\AppServer\etc\ directory on
server A:
–
–
–
–
<wse_root>\AppServer\etc\plugin-key.kdb
<wse_root>\AppServer\etc\plugin-key.sth
<wse_root>\AppServer\etc\plugin-key.crl
<wse_root>\AppServer\etc\plugin-key.rdb
Tip: If Workplace Services Express is running on Linux, make sure that the
files are transferred in binary mode.
11.Modify the wpconfig.properties file:
a. Locate the WSE_root/PortalServer/config/wpconfig.properties file and
create a backup copy before changing any values.
b. Open the wpconfig.properties file with a text editor and modify the
following two properties based on your environment.
•
WpsHostName: Fully qualified host name of HTTP server, for example,
ServerA.ibm.com
•
WpsHostPort: Port number being used by the Web server to listen to
HTTP traffic, for example, 80
c. Save the file.
12.Open a command prompt and change the directory to
<wse_root>/PortalServer/config.
226
IBM Workplace Services Express
13.Enter the following command to configure Workplace Services Express to use
the HTTP server:
WPSconfig.bat httpserver-config
14.Restart the HTTP server on server A.
15.Restart the Workplace Services Express server on server B.
16.Verify that Workplace Services Express can be accessed using the remote
HTTP server:
a. Open an Internet browser.
b. Enter the following URL, where <ServerA.ibm.com> and <80> represent the
HTTP server name and HTTP port defined in step 11 on page 226:
http://<ServerA.ibm.com>:<80>/lwp/workplace
6.1.2 Microsoft IIS configuration
IIS stands for Microsoft Internet Information Services server. In this section, we
discuss how to configure IIS to be used as the external Web server for accessing
Workplace Services Express by installing the WebSphere Application Server
plug-in for IIS.
These instructions assume that IIS has been configured and is up and running in
your environment.
Configuring Workplace Services Express to use IIS
IIS configuration varies depending on whether you are using a local or remote
IIS. A local IIS runs on the same machine as Workplace Services Express, while
a remote IIS runs on a separate machine from Workplace Services Express.
Using a local IIS server
If using a local ISS server, complete the following steps:
1. Start the Internet Services Manager using the Windows Start button by
selecting Start → Settings → Control Panel.
2. Click Administrative Tools.
3. Click Internet Services Manager to open the IIS Manager.
Chapter 6. Advanced configuration topics
227
4. Expand the host name and create a new virtual directory by right-clicking
Default Web Site and selecting New → Virtual Directory, as shown in
Figure 6-10.
Figure 6-10 IIS Manager
5. Click Next at the Virtual Directory Creation Wizard window to continue, as
shown in Figure 6-11.
Figure 6-11 Virtual Directory Creation Wizard
228
IBM Workplace Services Express
6. Enter sePlugins in the Alias field and click Next, as shown in Figure 6-12.
Figure 6-12 Virtual Alias name
7. Enter the <wse_root>\AppServer\bin directory and click Next, as shown in
Figure 6-13.
Figure 6-13 Alias Directory
Chapter 6. Advanced configuration topics
229
8. Select Run Scripts and Execute access permissions and click Next, as
shown in Figure 6-14.
Figure 6-14 Access Permissions
9. Click Finish to create the new virtual directory, as shown in Figure 6-15.
Figure 6-15 sePlugins virtual directory
230
IBM Workplace Services Express
10.Next, add the Internet Services Application Programming Interface (ISAPI)
filter by right-clicking the server name and selecting Properties, as shown in
Figure 6-16.
Figure 6-16 IIS main menu
11.At the Internet Information Services tab, select WWW Service for Master
Properties and click Edit, as shown in Figure 6-17.
Figure 6-17 IIS Properties
Chapter 6. Advanced configuration topics
231
12.On the WWW Service Master Properties window, go to the ISAPI Filters tab
and click Add, as shown in Figure 6-18.
Figure 6-18 WWW Service Master Properties
13.Type iisWASPlugin as the Filter Name, and
<wse_root>\AppServer\bin\iisWASPlugin_http.dll as the Executable file,
as shown in Figure 6-19. Click OK.
Figure 6-19 Filter Properties
232
IBM Workplace Services Express
The new iisWASPlugin ISAPI filter should be displayed with a green arrow, as
shown in Figure 6-20.
Figure 6-20 WWW Service Master Properties
14.Click OK until all open windows close.
15.Open the Windows Registry by typing regedt32 at the Start → Run window.
16.Navigate to HKEY_LOCAL_MACHINE → Software → IBM → WebSphere
Application Server → 5.x.0.0 (x designates the version) and create a new
string Plugin Config with a value of
<wse_root>\AppServer\config\cells\plugin-cfg.xml, as shown in
Figure 6-21 on page 234.
Chapter 6. Advanced configuration topics
233
Figure 6-21 Windows Registry Plugin Config variable
17.Stop and restart the IIS and Workplace Services Express servers.
18.Using a browser, go to the Workplace Services Express URL without
specifying the port number 908, for example:
http://wse2.cam.itso.ibm.com/lwp/workplace
19.If Workplace Services Express launches successfully, this means that you are
now using the external IIS server instead of the internal HTTP stack that
installs with Workplace Services Express by default.
Using a remote IIS server
Two separate configurations will be required in order to use a remote HTTP
server with Workplace Services Express.
You will be required to first configure the HTTP Server (referred to hereafter as
server A), and then configure Workplace Services Express (referred to hereafter
as server B).
Note: These instructions assume that IIS and Workplace Services Express
have both been configured and are up and running.
To configure a remote HTTP server (server A), complete the following steps:
1. Stop IIS using the Windows Services panel.
234
IBM Workplace Services Express
2. Create the following directories, mirroring the directories on server B:
– <wse_root>\AppServer\bin
For example, D:\WorkplaceServicesExpress\AppServer\bin
– <wse_root>\AppServer\etc
For example, D:\WorkplaceServicesExpress\ AppServer\etc
– <wse_root>\AppServer\config\cells
For example, D:\WorkplaceServicesExpress\ AppServer\config\cells
– <wse_root>\AppServer\logs
For example, D:\WorkplaceServicesExpress\ AppServer\logs
– <wse_root>\AppServer\web
For example, D:\WorkplaceServicesExpress\ AppServer\web
– <wse_root>\AppServer\WSSamples\theme
For example, D:\WorkplaceServicesExpress\
AppServer\WSSamples\theme
3. Download the cumulative fix from the following URL:
http://www.ibm.com/support/docview.wss?uid=swg24007265
4. Unzip the ZIP file and copy the contents to the <wse_root>\AppServer\bin
directory.
5. Duplicate the steps outlined in “Using a local IIS server” on page 227 and
create a new virtual directory and ISAPI filter and update the registry entries.
To configure Workplace Services Express (server B), complete the following
steps:
1. Using a browser, open the administrative console on server B by accessing
the following URL:
http://<ServerB.ibm.com>:9091/admin
Where <ServerB.ibm.com> is the host name of the Workplace Services
Express server.
2. Log in using the WebSphere Application Server administrator user
credentials.
3. Click Environment → Virtual Hosts, and then click default_host from the
list of virtual hosts.
4. Click Host Aliases from the list of additional properties.
5. On the Host Aliases page, click New.
6. Enter the host name and port number of server A (that is, the HTTP server’s
host name, for example, ServerA.ibm.com) and click OK.
7. Click Save.
Chapter 6. Advanced configuration topics
235
8. Regenerate the Web server plug-in settings:
a. In the administrative console, click Environment → Update Web Server
Plugin.
b. Click OK.
9. Copy the file <wse_root>\AppServer\config\cells\plugin-cfg.xml to the
<wse_root>\AppServer\config\cells directory on server A.
10.Copy the following files to the <wse_root>\AppServer\etc directory on
server A:
–
–
–
–
<wse_root>\AppServer\etc\plugin-key.kdb
<wse_root>\AppServer\etc\plugin-key.sth
<wse_root>\AppServer\etc\plugin-key.crl
<wse_root>\AppServer\etc\plugin-key.rdb
11.Copy the following files to the <wse_root>\AppServer\bin directory on
server A:
– <wse_root>\AppServer\bin\configureIIS.exe
– <wse_root>\AppServer\bin\iisWASPlugin_http.dll
– <wse_root>\AppServer\bin\iis40lib.dll
Tip: If Workplace Services Express is running on Linux, make sure that the
files are transferred in binary mode.
12.Modify the wpconfig.properties file:
a. Locate the WSE_root/PortalServer/config/wpconfig.properties file and
create a backup copy before changing any values.
b. Open the wpconfig.properties file with a text editor and modify the
following two properties based on your environment:
•
WpsHostName: Fully qualified host name of HTTP server, for example,
ServerA.ibm.com
•
WpsHostPort: Port number being used by Web server to listen to HTTP
traffic, for example, 80
c. Save the file.
13.Open a command prompt and change the directory to
<wse_root>/PortalServer/config.
14.Enter the following command to configure Workplace Services Express to use
the HTTP server:
WPSconfig.bat httpserver-config
15.Restart the HTTP server on server A.
236
IBM Workplace Services Express
16.Restart the Workplace Services Express server on server B.
17.Verify that Workplace Services Express can be accessed using the remote
HTTP server:
a. Open an Internet browser.
b. Enter the following URL, where <ServerA.ibm.com> and <80> represent the
HTTP server name and HTTP port defined in step 12 on page 236:
http://<ServerA.ibm.com>:<80>/lwp/workplace
6.2 Single sign-on
With single sign-on (SSO), users are able to access their Domino applications
from within Workplace Services Express without being prompted to log in again.
To configure SSO between Workplace Services Express and Domino, changes
need to be made to the WebSphere Application Server and Domino server.
6.2.1 Configuring SSO on Workplace Services Express
To configure SSO on Workplace Services Express, perform the following steps:
1. Open an Internet browser and go to the following WebSphere Application
Server administrative console URL, where <wse_host> is the Workplace
Services Express host name:
http://<wse_host>:9091/admin
For example:
http://wse2.cam.itso.com:9091/admin
Chapter 6. Advanced configuration topics
237
2. Click Yes to continue when prompted with the Security Alert, as shown in
Figure 6-22.
Figure 6-22 Security Alert
3. Enter the Workplace Services Express administrator User ID and Password
and click OK, as shown in Figure 6-23.
Figure 6-23 Administrator Login
238
IBM Workplace Services Express
4. At the WebSphere Application Server administrative console, click
Security → Authentication Mechanisms → LTPA, as shown in Figure 6-24.
Figure 6-24 WebSphere Application Server menu
5. Export the LTPA keys.
Note: The LTPA password was generated during the Domino LDAP
configuration.
If you have forgotten the password, create a new password and then click
Generate Keys before you proceed.
6. On the LTPA window, enter the location and file name of the LTPA key (for
example, D:\temp\domwas.key) that will be used to configure SSO on Domino
and click Export Keys, as shown in Figure 6-25 on page 240.
Chapter 6. Advanced configuration topics
239
Figure 6-25 LTPA key
7. Click the Save link to make changes to the local configuration, as shown in
Figure 6-26.
Figure 6-26 Save local configuration
8.
Click the Save button to make changes to the Master Configuration, as
shown in Figure 6-27.
Figure 6-27 Save Master Configuration
240
IBM Workplace Services Express
6.2.2 Configuring SSO on Domino
These instructions assume that Domino has been configured and is up and
running, and are based on a Domino V6.53 installation. Consult your Domino
Administrators Guide if using a different version. Complete the following steps:
1. Launch the Domino Administrator client and enter your Domino Administrator
user ID and password.
2. Click File → Open Server and select the Domino server on which you want
to configure the SSO document.
3. Go to the Configuration tab.
4. Click the Web → Web Server Configurations view on the left side, as shown
in Figure 6-28.
Figure 6-28 Domino menu
5. In the Web Configuration view, expand *-Web SSO Configurations-, select
Web SSO Configuration for LtpaToken document, as shown in Figure 6-29.
Click the Edit Document button.
Figure 6-29 Web configuration view
Note: This assumes that an SSO document already exists. If not, navigate
to the Internet Sites view, and click the Create Web SSO Configuration
button to create a new SSO document.
Chapter 6. Advanced configuration topics
241
6. Click Keys → Import WebSphere LTPA Keys, as shown in Figure 6-30.
Figure 6-30 Import key
7. You will get a warning that the SSO configuration has already been initialized,
as shown in Figure 6-31. Click OK to continue.
Figure 6-31 SSO key warning
8. Enter the directory and name of the LTPA file you saved during the SSO
configuration on Workplace Services Express (for example,
D:\temp\domwas.key), as shown in Figure 6-32.
Figure 6-32 SSO Key Directory
9. Enter the LTPA password, as shown in Figure 6-33.
Figure 6-33 SSO password
10. Click OK to acknowledge the successful import of the WebSphere
Application Server key, as shown in Figure 6-34 on page 243.
242
IBM Workplace Services Express
Figure 6-34 Key import success
11. Insert \ into the realm created (for example, wse2.cam.itso.ibm.com\:389),
as shown in Figure 6-35.
Figure 6-35 Web SSO Configuration
12. Click Save & Close, as shown in Figure 6-36.
Figure 6-36 Save SSO document
13. Restart Domino’s HTTP task by typing tell http restart at the Domino
server console.
14. Verify that SSO works:
a. Using an Internet browser, access Workplace Services Express at the
following URL and log in:
http://<wse-hostname>/lwp/workplace
b. Using the same browser session, access Domino using the following URL:
<domino_hostname>/names.nsf
Chapter 6. Advanced configuration topics
243
c. If SSO is configured correctly, the Domino Directory should open without
the user being challenged for login credentials.
Tip: You might have to reboot the Workplace Services Express and Domino
servers if the SSO configuration did not work.
6.3 Using SSL with Workplace Services Express
Secure Socket Layers (SSL) is an encryption mechanism used on servers to
ensure that information transmitted between, for example, a Web client and a
Web server remains private. SSL-enabled servers encrypt sensitive data before
sending it to client machines, thus preventing third parties from reading the data.
When the client receives the data, the client needs to decrypt it before reading it.
The following section walks you through the process of enabling SSL between
IBM HTTP Server V2.0.42.2 and Workplace Services Express using the IBM Key
Management Utility (IKeyMan) tool that is installed with IBM HTTP Server. We
discuss the process of key database creation and the use of self-signed
certificates. In a production environment, you need certificate authority
(CA)-issued certificates
6.3.1 Creating a key database
We discuss two scenarios in this section: an environment without SSL and one
with an existing SSL.
Environment without SSL
In an environment without SSL, create a key database and the associated files
using the following steps:
1. Using Windows Explorer, navigate to the <ihs_root> directory and create an
ssl directory, for example, D:\IBMHttpServer\ssl.
2. Using Windows Explorer, navigate to the <ihs_root>\ssl directory and create a
keys directory, for example, D:\IBMHttpServer\ssl\keys.
3. Launch the IKeyMan utility.
From the Windows Start menu, select Programs → IBM HTTP Server →
Start Key Management Utility.
244
IBM Workplace Services Express
Figure 6-37 IKeyMan main window
4. Create a new key database file by selecting Key Database File → New.
5. Enter the following information and click OK, as shown in Figure 6-38:
– Key database type: CMS key database file
– File Name: key.kdb (default name)
– Location: <ihs_root>\ssl\keys
Figure 6-38 New database file
6. Create a password, as shown in Figure 6-39 on page 246.
Chapter 6. Advanced configuration topics
245
7. In addition to assigning a keyring password, enter the following values and
then click OK:
a. Select the Stash the password to a file option.
b. (Optional) select the Set expiration time option and enter the interval (in
days) after which a new password must be selected for the keyring. The
default is 60 days.
Figure 6-39 Keyring password
An information dialog box indicating that the password has been encrypted
and saved in the file key.sth opens, as shown in Figure 6-40. Click OK.
Figure 6-40 Password confirmation
8. Using Windows Explorer, navigate to the <ihs_root>/ssl/keys directory and
verify that the following files have been created:
–
–
–
–
246
key.kdb
key.rdb
key.sth
key.crl
IBM Workplace Services Express
9. Create a self-signed digital certificate:
a. At the Key Management menu, click Signer Certificates, and select
Personal Certificates.
b. Click the New Self-Signed button, as shown in Figure 6-41.
Figure 6-41 Personal Certificates
10.Enter the following new key information, as shown in Figure 6-42 on
page 248:
– Key Label: This can be any name you choose.
– Version: Select X509 V3 (default).
– Key Size: Select 1024 (default).
– Common Name: Enter the host name of your Web server, for example,
wse2.cam.itso.ibm.com.
– Organization: Enter your organization's name, for example, IBM.
– Country: Enter your country.
– Validity Period: The period of time for which the certificate will be valid.
The default is 365 days.
Chapter 6. Advanced configuration topics
247
The remaining fields of this dialog box are optional. However, we recommend
that you complete as many of these as you can.
Click OK.
Figure 6-42 Create New Self-Signed Certificate
A newly created digital certificate will be displayed in the list, as shown in
Figure 6-43 on page 249.
248
IBM Workplace Services Express
Figure 6-43 Newly created Personal Certificate
11.Close the Key Management Utility.
Environment with an existing SSL
In this instance, we discuss incorporating Workplace Services Express into an
existing SSL environment where a key database has already been created.
Complete the following steps:
1. Using Windows Explorer, navigate to the <ihs_root>\ssl directory and create a
keys directory, for example, D:\IBMHttpServer\ssl\keys.
2. Obtain the following files from your current SSL key database administrator
(this assumes that IKeyMan was used to create the key and database):
–
–
–
–
Key.sth: Stash file
Key.kdb: Key database
Key.rdb: Request database file
Key.crl: Certificate revocation list file
Chapter 6. Advanced configuration topics
249
6.3.2 Enabling SSL on an HTTP server
After the key database and files have been created, you need to update the
HTTP server configuration file by adding a virtual host name and port number
that will be used for SSL. Complete the following steps:
1. Using Windows Explorer, navigate to the <ihs_root>\conf directory and make
a backup copy of the configuration file httpd.conf.
2. Edit the httpd.conf file using a text editor and perform the following steps:
a. Uncomment the Listen 80 line that is below the Listen 12.34.56.78:80
line, as shown in Example 6-2. This allows the HTTP server to be
accessed on port 80.
Example 6-2 httpd.conf file
#Listen 12.34.56.78:80
Listen 80
b. Configure the HTTP server to use port 443. Append the following lines in
Example 6-3 to the end of the configuration file.
Example 6-3 Append to end of httpd.conf
LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
<IfModule mod_ibm_ssl.c
Listen 443
FileETag none
Keyfile "<ihs_root>/ssl/keys/key.kdb"
SSLStashfile "<ihs_root>/ssl/keys/key.sth"
SSLDisable
SSLV2Timeout 100
SSLV3Timeout 1000
<VirtualHost host_machine:443>
ServerName host_machine
Keyfile "<ihs_root>/ssl/keys/key.kdb"
SSLStashfile "<ihs_root>/ssl/keys/key.sth”
SSLEnable
SSLClientAuth none
SSLV2Timeout 100
SSLV3Timeout 1000
</VirtualHost>
</IfModule>
Note the following:
•
250
host_machine: The fully qualified DNS name of the HTTP server, for
example, wse2.cam.itso.ibm.com
IBM Workplace Services Express
•
<ihs_root>: The install directory of the HTTP server, for example,
D:\IBMHTTPServer
c. Comment out any entries that start with Afpa using pound sign (#), as
shown in Example 6-4.
Example 6-4 Comment out Afpa entries
<IfModule mod_afpa_cache.c>
# AfpaEnable
# AfpaCache on
# AfpaPort 80
# AfpaLogFile "<ihs_root>/logs/afpalog" V-ECLF
</IfModule>
The Afpa files are used to control the Fast Response Cache Accelerator.
Refer to the HTTP documentation to learn more about these files.
3. Save and close the httpd.conf file.
4. Restart the HTTP server for these changes to take effect. To do this under
Windows, open the Services panel and restart the IBM HTTP Server service.
5. Verify that the HTTP server is working. Using an Internet browser, enter the
following URL, where <wse2.cam.itso.ibm.com> represents the host name of
your HTTP server:
http://<wse2.cam.itso.ibm.com>
If successful, the IBM HTTP Server Welcome window will open, as shown in
Figure 6-44 on page 252.
Chapter 6. Advanced configuration topics
251
Figure 6-44 IBM HTTP Server Welcome window
6. Verify that the HTTP server can be accessed on the SSL defined port by
using the following URL:
https:<host_name>:<ssl_port_number>
For example, https://wse2.cam.itso.ibm.com.
If successful, you will prompted with a Security Alert dialog box, as shown in
Figure 6-45 on page 253.
252
IBM Workplace Services Express
Figure 6-45 Security Alert
7. Click Yes, and the HTTP Server Welcome window opens.
6.3.3 Enabling SSL on Workplace Services Express
Enabling SSL on Workplace Services Express entails configuring the
WebSphere Application Server plug-in for the HTTP server to forward Workplace
Services Express traffic that is received over SSL to WebSphere Application
Server. To enable SSL on Workplace Services Express, perform the following
tasks:
1. Open an Internet browser and go to the following WebSphere Application
Server administrative console URL:
http://<wse_host>:9091/admin
Where <wse_host> is the Workplace Services Express host name, for
example, http://wse2.cam.itso.com:9091/admin.
2. Click Yes to continue when prompted with the Security Alert, as shown in
Figure 6-46 on page 254.
Chapter 6. Advanced configuration topics
253
Figure 6-46 Security Alert
3. Enter the Workplace Services Express administrator User ID and password
and click OK, as shown in Figure 6-47.
Figure 6-47 Administrator Login
254
IBM Workplace Services Express
4. At the WebSphere Application Server administrative console, click
Environment → Virtual Hosts, as shown in Figure 6-48.
Figure 6-48 WebSphere Application Server menu
5. On the Virtual Hosts window, click default_host, as shown in Figure 6-49.
Figure 6-49 Virtual Hosts window
Chapter 6. Advanced configuration topics
255
6. On the default_host window, click Host Aliases, as shown in Figure 6-50.
Figure 6-50 Default_host window
7. On the Host Aliases window, click New, as shown in Figure 6-51.
Figure 6-51 Host Aliases window
256
IBM Workplace Services Express
8. Add a host alias for the host server name and SSL port that were added to the
Web server configuration file in 6.3.2, “Enabling SSL on an HTTP server” on
page 250, as shown in Figure 6-52.
Figure 6-52 Create new host alias
Click OK to create the new host alias.
Note: The host name can be as simple as “*”, or might be a fully qualified
host name. Usually, this would be the host name of the Web server.
9. Click the Save link to make changes to the local configuration, as shown in
Figure 6-53.
Figure 6-53 Save local configuration
10.Click the Save button to make changes to the master configuration, as shown
in Figure 6-54 on page 258.
Chapter 6. Advanced configuration topics
257
Figure 6-54 Save Master Configuration
11.At the WebSphere Application Server administrative console, click
Environment → Update Web Server Plugin, as shown in Figure 6-55.
Figure 6-55 WebSphere Application Server menu
12.Click OK to update Web server plug-in, as shown in Figure 6-56.
Figure 6-56 Update web server plugin
258
IBM Workplace Services Express
Tip: If the Web server is remote, copy the plugin-cfg.xml file to the remote
Web server.
Note: For a full description of the virtual hosts function of WebSphere
Application Server, see the WebSphere Application Server Information
Center.
13.Edit the ConfigService.properties file in the
<wse_root>/PortalServer/shared/app/config/services directory and make
changes to the following parameters, as shown in Example 6-5:
redirect.login.ssl
host.port.https
Example 6-5 ConfigServices.properties file
redirect.login.ssl = true
host.port.https = 443
14.Edit the web.xml file in the
<wse_root>/AppServer/installedApps/hostname/wps.ear/wps.war/WEB-INF
directory and make changes to the <security-constraint> tag of the
protected portal URL to use HTTPS by replacing the NONE value with a
CONFIDENTIAL value, as shown in Example 6-6.
Important: Replace all instances of NONE with CONFIDENTIAL in the web.xml
file.
Example 6-6 Web.xml file
<security-constraint id="SecurityConstraint_1">
<web-resource-collection id="WebResourceCollection_1">
<web-resource-name></web-resource-name>
<url-pattern>/myworkplacel/*</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint id="AuthConstraint_1">
<description></description>
<role-name>All Role</role-name>
</auth-constraint>
<user-data-constraint id="UserDataConstraint_4">
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
Chapter 6. Advanced configuration topics
259
</user-data-constraint>
</security-constraint>
15.Edit the JSPs files that provide the login link and change the ssl=false
attribute to ssl=true, as shown in Example 6-7.
These files are located in the
<wse_root>/AppServer/installedApps/hostname/wps.ear/wps.war/themes/ht
ml directory.
Tip: Using Windows Explorer, you can navigate to this directory and
search on all files containing the ssl= string.
Example 6-7 ToolBarInclude.jsp file
<%-- login button --%>
<wps:if loggedIn="no" notScreen="Login">
<td valign="top" valign="center"> nowrap
<a class="wpsToolBarLink" href='<wps:url home="public" screen="Login"
ssl="true"/>'><wps:text key="link.login" bundle="nls.engine"/></a>
</td>
</wps:if>
<%-- logout button --%>
<wps:if loggedIn="yes">
<td valign="top" align="center" nowrap>
<a class="wpsToolBarLink" href='<wps:url
command="LogoutUser"/>'><wps:text key="link.logout"
bundle="nls.engine"/></a>
</td>
</wps:if>
16.Navigate to the
<wse_root>\AppServer/temp/hostname/WebSphere_Portal/wps/wps.war
directory and delete all its contents.
17.Restart the HTTP server and the Workplace Services Express server.
18.Launch Workplace Services Express using an Internet browser using the
following URL:
http://<hostname>/lwp/workplace
Where <hostname> is the HTTP server name, for example,
http://wse2.cam.itso.ibm.com/lwp/workplace.
19.Click the Login link.
If your configuration is successful, a browser Security Alert prompt will open.
When you click Yes, you will be directed to a secure connection.
260
IBM Workplace Services Express
6.4 Mail and calendar
IBM Workplace Services Express provides portlets that facilitate team
collaboration, such as mail, calendar, and address book features. You must have
a back-end server, such as a supported version of Microsoft Exchange Server or
Domino, in order to configure mail and other collaborative portlets.
Workplace Services Express ships with several mail portlets. At the time of
writing, Workplace Services Express does not, however, ship with the Common
Mail portlet commonly available with WebSphere Portal V5.1. It is useful to note
that any portlet that will run on WebSphere Portal V5.0.2.2 can also be deployed
on Workplace Services Express V2.x, because Workplace Services Express is
based on the Portal V5.0.2.2 code stream. At the time of this writing, there are no
licensing restrictions that prevent using Workplace Services Express in this
manner.
Workplace Services Express ships with the Consolidated Mail portlet. Unlike, the
Common Mail portlet, which enables you to configure one portlet for a variety of
mail servers, the Consolidated Mail portlet can only be configured for access to
Microsoft Exchange, IMAP, and a POP3 mail account. Hooking into a Domino
mail infrastructure requires a separate portlet.The Domino Web Access portlet
will connect you to your Domino server.
The following sections cover the configuration of the Consolidated Mail portlet for
connecting to Microsoft Exchange 2000, the Microsoft Exchange 5.5 Mail portlet,
and the Domino Web Access portlet. Refer to 6.5, “Supplied portlets” on
page 275 for additional information about some of the other portlets that will also
enable you to connect to Domino and Exchange mail servers.
6.4.1 Configuring the Domino Web Access portlet
In this section, we describe how to configure the Domino Web Access portlet.
Domino and IBM Workplace Services Express configuration
To configure Lotus Collaborative Components, complete the following steps:
1. Open the wpconfig.properties file, at
<wse_root>\PortalServer\config\wpconfig.properties, on the Workplace
Services Express server.
Chapter 6. Advanced configuration topics
261
2. Search for LCC.Domino and set the following values for your environment see
Example 6-8):
LCC.DominoDirectory.Enabled=true
LCC.DominoDirectory.Server=yourserver.company.com
LCC.DominoDirectory.Port=389
LCC.DominoDirectory.SSL=false
Example 6-8 wpconfig.properties file
##################################################################
# Lotus Domino Directory Properties - BEGIN
##################################################################
# Description: Lotus Collaborative Components required properties
#
to enable Lotus Domino Directory
# LCC.DominoDirectory.Enabled: Is Lotus Domino Directory enabled in the
environment?
# { true | false }
LCC.DominoDirectory.Enabled=true
# LCC.DominoDirectory.Server: The Lotus Domino Directory server name.
# { hostname | ip address }
LCC.DominoDirectory.Server=wse4.cam.itso.ibm.com
# LCC.DominoDirectory.Port: The port number for the Lotus Domino Directory
server.
# { port number }
LCC.DominoDirectory.Port=389
# LCC.DominoDirectory.SSL: Is SSL used to connect to the Lotus Domino Directory
Server?
# { true | false }
LCC.DominoDirectory.SSL=false
##################################################################
# Lotus Domino Directory Properties - END
##################################################################
3. Close and save the file. From a command prompt on the Workplace Services
Express server, stop the Portal server:
<wse_root>\PortalServer\bin\stopServer5.bat PortalServer -user wpsadmin
-password -wpsadmin
4. From a command prompt on the Workplace Services Express server, run the
following command:
<wse_root>\PortalServer\config\WPSconfig.bat lcc-configure-dominodirectory
262
IBM Workplace Services Express
After the task completes, you should see the message Lotus Collaborative
Services property file updates completed for Lotus Domino Directory.
5. Start the Portal server:
<wse_root>\PortalServer\bin\startServer5.bat PortalServer
6. Enable single sign-on between Workplace Services Express and Domino.
Refer to 6.2, “Single sign-on” on page 237 for further instructions.
Note: Single sign-on is required for the Domino Web Access portlet to
automatically detect a user’s mail file. If the user’s mail file is manually
specified, SSO is not required.
Portlet configuration
For the portlet configuration, complete the following steps:
1. Start a browser and connect to Workplace Services Express, as in the
following example URL:
http://wse2.cam.itso.ibm.com:9081/lwp/workplace
2. Log in to Workplace Services Express using the administrator ID, such as
wpsadmin.
3. Click Mail in the main toolbar menu.
Figure 6-57 Click Mail in the main toolbar menu
4. Click the palette slide-out page.
5. Click the Portlet category.
6. Click the Add link.
7. In the Search dialog box, enter Domino.
8. Select the Domino Web Access portlet and add it to the palette.
9. Now, right-click the Domino Web Access portlet icon, and while holding it,
drag the portlet onto the page where you want to deploy the portlet.
Chapter 6. Advanced configuration topics
263
Tip: When dragging a portlet onto a page or from a different location on a
page, remember that an orange bar will be displayed when you are over a
valid location to drop the portlet.
10.Select the Edit portlet properties icon in the upper-right corner of the portlet.
11.From the Functional Area drop-down list, select Mail.
12.Give the application a title, such as Domino Web Access.
13.The next step requests that you either manually specify where the user’s mail
file can be located or have Workplace Services Express automatically find it.
If you select to automatically detect the user’s mail file, simply continue to
specify your specific environment or leave the remaining options as default
and click Save. You should now see your user’s mail file displayed.
If you elect to manually specify the mail file, specify the server and database
name in the following format, as shown in Figure 6-58:
– Server: yourserver.company.com
– Database filename: mail\username.nsf
Figure 6-58 Manually specifying a user’s mail file
264
IBM Workplace Services Express
Important: If you attempt to verify the server and database file name by
clicking the gray check box, you will receive an error message. Refer to the
error message shown in Figure 6-59 on page 265. Note that this does not
mean you have failed to connect to the user’s mail file. Ensure that your
entries are still present and click Save. Barring other issues, your portlet
will successfully display the mail file, despite the error.
Figure 6-59 Clicking gray check box will generate an error: Ignore error
14.After you click Save, you should see the mail file, as shown in Figure 6-60.
Figure 6-60 The Domino Web Access portlet
Chapter 6. Advanced configuration topics
265
Repeat the portlet configuration steps for the calendar and address book. After
dragging the Domino Web Access portlet to the appropriate area and selecting
the Edit portlet icon, simply select the appropriate function from the Functional
Area drop-down list. For example, to configure the Calendar, select Calendar in
the drop-down list instead of Mail.
Figure 6-61 Configuring Domino Web Access portlet for Calendar
6.4.2 Configuring the Credential Vault for Microsoft Exchange 2000
and Exchange 5.5
To configure the Credential Vault for Microsoft Exchange 2000 and Exchange
5.5, complete the following steps:
1. Before configuring either the Consolidated Mail portlet or the Microsoft
Exchange 5.5 Mail portlet start a browser and connect to Workplace Services
Express as in the following example URL:
http://wse2.cam.itso.ibm.com:9081/lwp/workplace
2. Log in to Workplace Services Express using the administrator ID, such as
wpsadmin.
3. Click Administration → Access → Credential Vault, as shown in
Figure 6-62 on page 267.
266
IBM Workplace Services Express
Figure 6-62 Add a credential vault
4. Select Add a vault slot and configure a Credential Vault:
a. Enter a name for the slot, a new resource name, and choose a vault
segment. Do not select the “Vault slot is shared” option and do not supply
a user name and password. Optionally, you can add a description.
b. Click OK to create the slot. Note that, assuming users will be using the
same credentials in each portlet, you will be able to use the same slot in
each portlet. If users will need to use different credentials in each portlet, a
different slot will be needed for each portlet.
5. After creating the slot, place the desired Exchange portlet or portlets on a
page.
6. For each Exchange portlet, enter the portlet’s configure mode, choose the slot
that was created for that portlet, and then click OK to save the selection. For
further instructions, see the specific portlet configurations in the following
sections.
When finished, select Manage system vault slots, which opens the window
shown in Figure 6-63 on page 268.
Chapter 6. Advanced configuration topics
267
Figure 6-63 Select Manage system vault slots to check Credential Vault presence
6.4.3 Configuring the Consolidated Mail portlet for Microsoft
Exchange
To configure the Consolidated Mail portlet for Exchange, complete the following
steps:
1. Start a browser and connect to Workplace Services Express, as in the
following example URL:
http://wse2.cam.itso.ibm.com:9081/lwp/workplace
2. Log in to Workplace Services Express using the administrator ID, such as
wpsadmin.
3. Click Mail in the main toolbar menu, as shown in Figure 6-64 on page 269.
268
IBM Workplace Services Express
Figure 6-64 Click Mail in the main toolbar menu
4. Click the palette slide-out page.
5. Click the Portlet category.
6. Click the Add link.
7. In the Search dialog box, enter Mail.
8. Select the Consolidated Mail portlet and add it to the palette.
9. Now, right-click the Consolidated Mail portlet icon, and while holding it, drag
the portlet onto the page where you want to deploy the portlet.
Tip: When dragging a portlet onto a page or from a different location on a
page, remember that an orange bar will be displayed when you are over a
valid location to drop the portlet.
10.Select the Configure portlet properties icon in the upper-right corner of the
portlet.
11.Fill in your Exchange Server details (see Figure 6-65 on page 270):
– Protocol: Exchange 2000.
– Server name: Enter the distinguished name of the Exchange 2000 Server.
Optionally, add a colon followed by the port number for the Exchange 2000
virtual directory. This is necessary if the Exchange 2000 virtual directory is
not available on the default port (80 for HTTP and 43 for HTTPS).
Chapter 6. Advanced configuration topics
269
Figure 6-65 Configuring the Consolidated Mail portlet for Exchange
12.Click the portlet Edit icon.
13.Fill in your server’s details, as shown in Figure 6-66 on page 271:
– Server name: Enter the distinguished name of the Exchange 2000 Server.
Optionally, add a colon followed by the port number for the Exchange 2000
virtual directory. This is necessary if the Exchange 2000 virtual directory is
not available on the default port (80 for HTTP and 43 for HTTPS).
– Current username: Enter the user name of the person using this portlet.
– Password: Enter the password for this user.
– Mailbox Alias: Enter the mailbox alias for this user.
– Domain: Enter the Windows domain of this user.
Important: Domain refers to your Windows domain and not the
Exchange domain. This value can be found on the domain controller of
the Exchange Server. Find it by right-clicking My Computer and
selecting the Network Identification tab.
– Always use this reply to address: Enter the e-mail address of this user.
270
IBM Workplace Services Express
– Check if this is a secure server: Select this option if you must use a secure
connection (HTTPS) to access the Exchange 2000.
– Fill in the other fields with user preferences.
Figure 6-66 Edit Consolidated Mail portlet
14.Finish editing the portlet, as shown in Figure 6-67, and click Save.
Figure 6-67 Continue editing Consolidated Mail portlet
After you click Save, the window shown in Figure 6-68 on page 272 opens.
Chapter 6. Advanced configuration topics
271
Figure 6-68 Consolidated Mail portlet configured for Exchange
6.4.4 Configuring the Microsoft Exchange 5.5 Mail portlet
To configure the Microsoft Exchange 5.5 Mail portlet, complete the following
steps:
1. Start a browser and connect to Workplace Services Express, as in the
following example URL:
http://wse2.cam.itso.ibm.com:9081/lwp/workplace
2. Log in to Workplace Services Express using the administrator ID, such as
wpsadmin.
3. Click Mail in the main toolbar menu, as shown in Figure 6-69.
Figure 6-69 Click Mail in the main toolbar menu
4. Click the palette slide-out page.
5. Click the Portlet category.
6. Click the Add link.
7. In the Search dialog box, enter Mail.
8. Select the Consolidated Mail portlet and add it to the palette.
272
IBM Workplace Services Express
9. Now, right-click the Consolidated Mail portlet icon, and while holding it, drag
the portlet onto the page where you want to deploy the portlet.
Tip: When dragging a portlet onto a page or from a different location on a
page, remember that an orange bar will be displayed when you are over a
valid location to drop the portlet.
10.Select the Configure portlet properties icon in the upper-right corner of the
portlet.
11.Fill in your Exchange Server details:
– Version: exch55
Figure 6-70 Choose version
12.Click the portlet Edit icon.
13.Fill in your server’s details (see Figure 6-71 on page 274 and Figure 6-72 on
page 275):
– Server: Enter the distinguished name of the Exchange 5.5 Server.
– Use a secure connection: Select this option if you must use a secure
connection (HTTPS) to access the ASPs installed on the IIS machine.
– User name: Enter the user name of the person using this portlet.
– Password: Enter the password for this user.
Chapter 6. Advanced configuration topics
273
– ASP Base URL: Enter the URL to the ASPs that were previously installed
on the IIS server. Do not prepend the protocol (http:// or https://) to this
URL.
– Mailbox alias: Enter the mailbox alias for this user.
Figure 6-71 Fill in server details
– Domain: Enter the Windows domain of this user.
Important: Domain refers to your Windows domain and not the
Exchange domain. This value can be found on the domain controller of
the Exchange Server. Find it by right-clicking My Computer and
selecting the Network Identification tab.
– Exchange Email address: Enter the e-mail address of this user.
– Fill in other fields with user preferences.
274
IBM Workplace Services Express
Figure 6-72 Server details continued
14.Click Save.
6.5 Supplied portlets
Workplace Services Express provides portlets ready to deploy to the pages
within the product. These portlets have a number of restrictions of how they can
be deployed to pages. A common mistake that occurs with Workplace Services
Express users is that they try to deploy a portlet to a normal Workplace Services
Express page from the palette, for example, but the deployment fails. The most
common reason for the failure is that some of the portlets supplied with
Workplace Services Express can only be deployed to an application page or
within a template that is used to create an application.
This section of covers the deployment options for some of the common portlets
provided with Workplace Services Express.
Tip: For the most up-to-date information about portlets, including the latest
portlets available for download, visit the WebSphere Portal Catalog at:
http://catalog.lotus.com/wps/portal/portal
Chapter 6. Advanced configuration topics
275
The portlets included and available to deploy with Workplace Services
Express are:
򐂰 About IBM Workplace Services Express: This portlet provides information
about the installed product and by default is only enabled for users with
administrative access.
򐂰 Bookmarks: The IBM Bookmarks portlet displays bookmarks defined by the
user in a browser. The user can add, delete, and edit bookmarks.
򐂰 Frequent Users: This portlet shows you how many users have been active in
the last 90 days.
򐂰 Reminder: The Reminder portlet enables users to save and display short text
messages on their page.
򐂰 World Clock: The World Clock portlet enables users to view current local
times around the world.
򐂰 My News: This portlet provides top headlines from a wide array of general,
business, and industry news categories.
򐂰 My Weather: My Weather portlet displays weather-related data and forecasts
for user-selected cities.
򐂰 My Vertical News: This portlet provides top headlines from a wide array of
general, business, and industry news categories.
򐂰 My Stock: My Stock portlet displays financial performance and fundamental
investment data for selected companies, investments, symbols, and indices.
򐂰 Banner Ad: The Banner Ad portlet enables users to insert an image, which
displays in the view mode. A link can also be added to the image.
򐂰 QuickLinks: QuickLinks portlet displays links defined by the user in a browser.
The user can add, delete, and edit links.
򐂰 Document Search: This portlet is installed but not placed on a page. It
provides users access to the Portal Search Engine. Before Document Search
can perform searches, the administrator must build the search index using
Manage Search Index in Portal administration.
򐂰 Document Viewer: The Document Viewer portlet consists of several portlets
that enable users to browse Microsoft Word, Excel, and PowerPoint, Adobe
PDF, or rich text files.
򐂰 Internet Mail Box: This portlet enables users to connect to an IMAP or POP3
Internet-based mail server to receive, compose, and send Internet e-mail.
276
IBM Workplace Services Express
򐂰 Microsoft Exchange 2000 Portlet Application: This portlet application provides
connectivity to Microsoft Exchange Server and consists of the following
portlets:
– MS Exchange Mail portlet
– MS Exchange Calendar portlet
– MS Exchange Tasks portlet
– MS Exchange Contacts portlet
– MS Exchange Notes portlet
򐂰 My Query Reports (SQL): This portlet is used by SQL users to conveniently
run SQL queries and includes a list of bookmarks for saved queries.
򐂰 Retirement Planner: The Retirement Planner is a goal-based tool that
estimates your desired retirement income and estate and evaluates the
savings plan required to fund that need.
򐂰 Company Tracker Chart: This portlet provides stock charts and analytics for
tracking and analyzing the performance for a single investment at a time.
򐂰 Company Tracker Master: This portlet can be used to select and manage a
list of companies and track their performance.
򐂰 Company Tracker News: The Company Tracker News portlet provides general
and business news focused on a single stock or investment at a time.
򐂰 Company Tracker Profile: The Company Tracker Profile portlet provides a
general company overview, descriptions, performance, and competition data
for a single investment at a time.
򐂰 Company Tracker Stock: The Company Tracker Stock portlet provides stock
quote details, performance, and fundamental data for a single investment at a
time.
򐂰 Currency Calculator: This portlet provides international market data
concerning world currencies with a handy conversion calculator.
򐂰 MS NetMeeting®: MS NetMeeting portlet enables the user to easily integrate
Microsoft NetMeeting.
򐂰 My Lists: My Lists portlet enables users to view and organize tasks into a
manageable list.
򐂰 Newsgroup: The IBM Newsgroup portlet enables users to browse, post, and
reply to messages on a newsgroup server.
򐂰 Application Portlet Builder: The Application Portlet Builder portlet enables
users to create portlets that can access and manipulate data in an enterprise
application, without requiring programming knowledge of the system.
Chapter 6. Advanced configuration topics
277
6.5.1 Configuring the Domino Application portlet
The Domino Application portlet enables you to integrate any Web-enabled
Domino application into WebSphere Portal. This portlet is significant in that it
enables you to render your Domino Web-enabled application within the context of
WebSphere Portal. More importantly, it has been designed so that navigation
within the Domino Web-enabled application will remain within the WebSphere
Portal context (that is, it will not open new browser windows outside of the Portal
environment).
The Domino Application portlet acts like a tunnel, channelling all requests from
the browser through WebSphere Portal and on to the Domino HTTP server at the
back end. It manages cookies, caching, user authentication, and framing.
Note: This section provides basic details about how to configure this portlet.
Note that the following IBM Redbook and Redpaper provide greater details
about configuring this portlet:
򐂰 Portalizing Domino Applications: Integration with Portal 5.02 and Lotus
Workplace 2.0.1, SG24-6466, available at
http://www.redbooks.ibm.com/abstracts/sg246466.html
򐂰 IBM Lotus Domino Application Portlet: Configuration and Tips,
REDP-3917, available at:
http://www.redbooks.ibm.com/abstracts/redp3917.html
To configure the Domino Application portlet, complete the following steps:
1. Start a browser and connect to Workplace Services Express, as in the
following example URL:
http://wse1.cam.itso.ibm.com:9081/lwp/workplace
2. Log in to Workplace Services Express using the administrator ID, such as
wpsadmin.
3. Identify the page on which you want to deploy the Domino Application portlet;
otherwise, create a new page with Workplace Services Express.
4. Click the palette slide-out page.
5. Click the Portlet category.
6. Click the Add link.
7. In the Search dialog box, enter Domino.
8. Select the Domino Application Portlet and add it to the palette.
9. Now, right-click the Domino Application Portlet icon, and while holding it,
drag the portlet onto the page where you want to deploy the portlet.
278
IBM Workplace Services Express
Tip: When dragging a portlet onto a page or from a different location on a
page, remember that an orange bar will be displayed when you are over a
valid location to drop the portlet.
10.Click the Configure portlet properties icon in the top-right area of the
Domino Application portlet window. This icon looks like a wrench.
11.Specify the host name of the Domino Web server, the database path, and
port to use (the default port is 80), as shown in Figure 6-73.
Figure 6-73 Configuring the Domino Application portlet
12.On the Authentication tab, select Single Sign-On (SSO), as shown in
Figure 6-74.
Figure 6-74 Configuring authentication in the Domino Application portlet
13.Click Save and then click Close to save your changes and exit.
14.If SSO has been configured correctly, and you have the necessary access
rights to the Domino application, you should see something similar to the
window shown in Figure 6-75 on page 280, which shows our sample Sales
Tracking Customer database.
Chapter 6. Advanced configuration topics
279
Figure 6-75 A sample Customer database in the Domino Application portlet
6.5.2 Configuring the Domino Databases (Notes View) portlet
The Domino Databases portlet enables you to work with the documents from any
view of any Domino database.
To configure the Domino Databases (Notes View) portlet, complete the following
steps:
1. Start a browser and connect to Workplace Services Express, as in the
following example URL:
http://wse1.cam.itso.ibm.com:9081/lwp/workplace
2. Log in to Workplace Services Express using the administrator ID, such as
wpsadmin.
3. Identify the page on which you want to deploy the Notes View portlet;
otherwise, create a new page with Workplace Services Express.
4. Click the palette slide-out page.
280
IBM Workplace Services Express
5. Click the Portlet category.
6. Click the Add link.
7. In the Search dialog box, enter Notes.
8. Select the Lotus Notes View portlet and add to the palette.
9. Now, right-click the Lotus Notes View Portlet icon, and while holding it, drag
the portlet onto the page where you want to deploy the portlet.
Tip: When dragging a portlet onto a page or from a different location on a
page, remember that an orange bar will be displayed when you are over a
valid location to drop the portlet.
In our test environment, we used the “People” view of the Domino Directory. To
configure the Domino Databases portlet, complete the following steps:
1. Select the Edit portlet properties icon in the upper-right corner of the portlet.
2. In the Available Views section, click Add.
3. Enter the following values (see Figure 6-76 on page 282):
– For the View Title field, enter the name of the view you want to access. In
our case, this is $People.
– For the Server field, specify the server name where the database is
located. Select the check box next to the Server section.
– For the Database filename field, select the file path and database name. In
our case, this is names.nsf.
– For the View field, select a name of the view that corresponds to the View
Title entered earlier.
Chapter 6. Advanced configuration topics
281
Figure 6-76 Configuring the Notes View in the Domino Databases portlet
4. Add more views to the portlet (repeating steps 2 on page 281-3 on page 281)
if wanted. See Figure 6-77.
Figure 6-77 Adding additional views to the Domino Databases portlet
282
IBM Workplace Services Express
5. Click Save. You should then see the view or views you specified in the portlet
window. For example, Figure 6-78 shows the Customer view of customer
database (customer.nsf) that we specified in our test environment.
Figure 6-78 The customer view of customer.nsf in the Domino Databases portlet
Chapter 6. Advanced configuration topics
283
284
IBM Workplace Services Express
7
Chapter 7.
Configuring IBM Workplace
Services Express for
external LDAP directories
This chapter walks you through the configuration of IBM Workplace Services
Express with several flavors of LDAP. We also describe some LDAP basics and
steps for preparing an LDAP server for Workplace Services Express
connections.
Important: If you plan to use an existing LDAP user registry, you must perform
the appropriate configuration steps immediately after installation, and before
you start Workplace Services Express for the first time. Note that it is possible
to enable LDAP at a later point; however, users stored in the default user
profile repository cannot be transferred.
In this chapter, we discuss the following topics:
򐂰 Introduction
򐂰 LDAP basics: How to read an existing schema
򐂰 Workplace Services Express default configuration
򐂰 Configuring Workplace Services Express for Domino
© Copyright IBM Corp. 2005. All rights reserved.
285
򐂰 Configuring Workplace Services Express for IBM Tivoli® Directory Server
򐂰 Configuring Workplace Services Express for Microsoft Active Directory
Note: At the time this chapter was written, Workplace Services Express
Version 2.0 was shipping and used by our team to create this content. If you
are working with Version 2.5, be sure to check the Workplace Services
Express Library for the most up-to-date information:
http://www.lotus.com/products/product5.nsf/wdocs/workplaceservicesexpress
library
286
IBM Workplace Services Express
7.1 Introduction
The Lightweight Directory Access Protocol (LDAP) is an open industry standard
that has evolved to meet the need to access a central collection of information
describing the various users, applications, files, printers and other resources
available from a network. This collection of information is referred to as a
directory. LDAP defines a standard method for accessing and updating
information in this special database. LDAP has gained wide acceptance as the
directory access method of the Internet and is therefore also strategic within
corporate intranets. The following sections provide a detailed walk through of
how to configure Workplace Services Express for LDAP.
7.2 LDAP basics
This section covers some of the basic LDAP concepts and how to best prepare
for a connection to an existing LDAP directory. The individual sections about the
various flavors of LDAP cover the modifications that need to be made to the
LDAP directories. The following information describes basic information and
assumes that the LDAP directory has already been set up for Workplace
Services Express connections.
Note: For complete details about LDAP, refer to the IBM Redbook
Understanding LDAP: Design and Implementation, SG24-4986, available at:
http://www.redbooks.ibm.com/abstracts/sg244986.html
7.2.1 Connection information
To connect to an LDAP directory, you must have some basic information.
򐂰 The fully qualified DNS name of the LDAP server. For example:
yourLDAPservername.company.com
򐂰 The port to which you will be connecting. For example, most LDAP servers
listen for connections on port 389.
򐂰 The base DN or search base. In simple terms, this means the starting point
where you want a search for a user or group in an LDAP directory to begin. A
company with a large and complicated schema might have many branches.
Instead of having your query for a particular user waste time looking in
branches that do not have users, you can tell your server to look in just the
users’ branch of the directory. For example:
ou=users,ou=cam,ou=itso,o=ibm,dc=com
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
287
򐂰 The bind name. Most LDAP directories will not serve up results unless the
server or application making the query presents a user ID and password that
tell the LDAP directory that they have permission to query the directory and
receive results. If the LDAP directory is set up to do anonymous binds, this
information is not required. An example of a user ID used for binding to a
directory is:
cn=bind,ou=users,ou=cam,ou=itso,o=ibm,dc=com
Note: Later in the chapter when this configuration setting is needed, note
that the LDAP administrator account must also be able to bind to your
LDAP directory. Test both the administrator ID and the bind ID.
򐂰 The bind name password. For example:
passw0rd
7.2.2 Testing your LDAP directory connection
When connecting to an existing LDAP directory, some simple connection tests
will help eliminate network or connection problems not related to your Workplace
Services Express server. Consider the following connection tests:
򐂰 Ping the LDAP server from the machine on which you plan to install
Workplace Services Express. The most necessary and simple test is to
ensure that you can resolve the fully qualified DNS server name of the LDAP
server. Open a command prompt window and enter the following command
using your LDAP server’s DNS name, as shown in Figure 7-1 on page 289:
ping <yourLDAPservername.company.com>
288
IBM Workplace Services Express
Figure 7-1 Pinging the LDAP server
򐂰 Telnet to the port to which you are connecting, as shown in Figure 7-2. Open
up a command prompt window and enter:
Telnet <yourLDAPservername.company.com> <port>
Figure 7-2 Telnet to the LDAP server
If the Telnet command is successful, the command prompt window will clear
and there will just be a blinking cursor. This means your LDAP server is
listening for connections on the port you specified. The Telnet test becomes
most useful if you are unable to connect. In this case, an error message will
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
289
alert you to the connection failure, and you have a more specific point at
which to begin your troubleshooting.
򐂰 Finally, one of the most useful tools to have is an LDAP browser. There are
several free LDAP browser products that will allow you to enter your
connection information. You can then connect to your LDAP server and view
your LDAP user records and other objects. This an important step in verifying
that your connection information is valid and that your LDAP server is set up
correctly.
7.3 Workplace Services Express default configuration
Workplace Services Express makes use of WebSphere Member Manager.
WebSphere Member Manager is the component of WebSphere Portal that
manages Workplace Services Express user and group attributes or user and
group information, such as names, e-mail addresses, and telephone numbers.
Member Manager collects attributes associated with each user and group in
profiles. All Workplace Services Express components share profiles so that
users can log in once to use any Workplace Services Express component.
When Workplace Services Express is installed, it will use Member Manager as
the user registry unless you transfer security to a LDAP server. When used with
LDAP, the Member Manager user directory configuration supported by
Workplace Services Express is a lookaside database used along with an LDAP
directory. The LDAP directory stores attributes that are defined in the LDAP
directory schema, for example, first names, last names, and e-mail addresses.
The lookaside database stores attributes that are particular to Lotus Workplace
products. Member Manager manages the lookups to the LDAP directory and to
the lookaside database.
7.4 Configuring Workplace Services Express to work
with Domino LDAP
In the following sections, we discuss configuring Workplace Services Express to
use Domino as an external LDAP server.
7.4.1 Preparing Domino for Workplace Services Express
There are several entries required in the Domino Directory that will be used to
authenticate against, as shown in Table 7-1 on page 291.
290
IBM Workplace Services Express
Table 7-1 Required Domino users
Name
Type
wpsadmin
User
wpsbind
User
wpsadmins
User group
To prepare Domino for Workplace Services Express, complete the following
steps:
1. From your Domino Administration Client, open your Domino Directory and
navigate to the People & Groups tab. Select People in the left column. Then,
click Register, as shown in Figure 7-3.
Figure 7-3 People view
2. You will then be prompted to choose the certifier to use, as shown in
Figure 7-4 on page 292. Navigate to the cert.id file in your Domino data
directory.
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
291
Figure 7-4 Choose a Certifier
3. When prompted for recovery information, decide if you need it or not: In a
production environment, we recommend that you set up recovery information;
however, it is not typically required in a proof-of-concept deployment.
Enter the user details to register your users, as shown in Figure 7-5.
Figure 7-5 Register a user
292
IBM Workplace Services Express
4. Click Password Options and select Set internet password, as shown in
Figure 7-6. If you want, you can synchronize it with the Notes ID password by
selecting the Synch internet password with Notes ID password option.
Figure 7-6 Set Internet password
5. Change the Mail system from Lotus Notes to Domino Web Access, but
reject the request to set other options to reflect this change. Click the green
arrow to add the user to the Registration Queue and continue to add the
wpsbind account. You can add a few test users (along with their first names at
this point). When ready, click Register All to create the user accounts, as
shown in Figure 7-7.
Figure 7-7 Register all people
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
293
6. Return to the People & Groups tab and select Groups in the left column. Click
Add Group in the main window.
7. Fill in the following values, as shown in Figure 7-8:
– Set the Group name to wpsadmins.
– Set the Group type to Multi-purpose.
– Add wpsadmin and wpsbind as Members.
Figure 7-8 Create wpsadmins group
As part of the Workplace Services Express LDAP integration, we typically want
to allow Workplace Services Express to update the Domino Directory with
changes. One example is when the user changes their password. To enable this
to occur, we need to add the wpsadmins group to the Domino Directory’s access
control list (ACL). Complete the following steps:
1. Open the Domino Administrator Client and enter your password when
prompted. Open the menu options for File → Database → Access Control.
2. Click the Add button, and the Add User dialog box opens. Click the Blue
Person button, as shown in Figure 7-9 on page 295.
294
IBM Workplace Services Express
Figure 7-9 Add wpsadmins group to the Domino Directory ACL
3. In the Select names dialog box, choose the wpsadmins group on the left side
window and click Add. The wpsadmins groups should now be in the right side
window. Click OK.
4. Click the wpsadmins group in the Access Control List dialog box. Use the
following values, as shown in Figure 7-10 on page 296:
– For the User type, select Person group.
– For Access, select Manager.
– For Roles, select GroupCreator, GroupModifier, UserCreator, and
UserModifier.
Click OK to apply these changes.
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
295
Figure 7-10 Security settings for wpsadmins group
7.4.2 Setting up Domino LDAP
Domino 6.x needs a little design alteration to the template for the Domino
Directory to enable it to be an LDAP host for Workplace Services Express.
The following instructions show how to create a new field in the Domino Directory
that contains a unique identifier for every user document, every group document,
and every server certifier document.
When Workplace Services Express is secured to the Domino LDAP directory, it
can then use the unique identifier to identify a single user as opposed to using
their common name. This is most obviously useful where a user’s name is not
unique or might change (that is, when someone gets married).
Add dominoUNID to the Domino Directory
Note: This section applies only to early Domino releases up to and including
6.5.3. If you are using Version 6.5.4 or later, you can skip this section.
296
IBM Workplace Services Express
The first stage is to add the dominoUNID field to several documents with the
Domino Directory. Complete the following steps:
1. Log in to Domino Designer® using the name and password of a server
administrator.
2. Open the pubnames.ntf template, as shown in Figure 7-11. This is the
template for the Domino Directory.
Figure 7-11 Open pubnames.ntf template
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
297
3. Add a field named dominoUNID to the Person, Group, and Server\Certifier
forms in the Domino Directory, as shown in Figure 7-12. Create it as a
Computed when composed field and specify the following formula for it (see
Figure 7-13 on page 299):
@If(dominoUNID != ""; dominoUNID; @Text(@DocumentUniqueID));
Figure 7-12 Add computed field dominoUNID
Note: The recommended method for customizing the Domino Directory is
making changes in a copy of the Domino Directory template and then
applying the changes to the Domino Directory database. See the Domino
Administrator Help for more information.
298
IBM Workplace Services Express
Figure 7-13 Insert SELECT formula
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
299
4. Now that changes to the Domino Directory template have been made, you
need to refresh the design of the Domino Directory. Open the Domino
Directory from a Lotus Notes Client with an administrator ID that has designer
or above access rights to the database. Select File → Database → Refresh
Design, as shown in Figure 7-14.
Note: All the reported forms are composed by computed subforms. We
recommend that you to place the new field in the form and not in the
subform.
Figure 7-14 Refresh template design
300
IBM Workplace Services Express
5. To add the field to the schema, enter the following command from the Domino
server console (see Figure 7-15):
tell ldap reloadschema
This will ensure that the LDAP schema includes the new field.
Important: The dominoUNID field must be present in the schema.nsf
database that is part of the domino LDAP task. After entering the
command in the Domino server console, you can check if the field has
been correctly added to the schema by searching inside this database.
Figure 7-15 Reload LDAP schema
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
301
6. Domino automatically populates the dominoUNID attribute in new Person,
Group, and Server\Certifier documents. To create a Domino agent that
populates the attribute in existing Person, Group, and Server\Certifier
documents, follow these steps:
a. Open the Domino Directory database (names.nsf).
b. Select Create → Design → Agent, as shown in Figure 7-16.
Figure 7-16 Create a new agent
302
IBM Workplace Services Express
c. Enter the following values (see Figure 7-17):
•
Enter a name for the agent.
•
In the Runtime box, select the following options: for Trigger, select On
event and Action menu selection, and for Target select All selected
documents.
Close the properties box.
Figure 7-17 Agent properties
d. In the Objects tab, click Action.
e. From the drop-down list, select Formula and enter the following formula,
as shown in Figure 7-18:
FIELD dominoUNID := @If(dominoUNID != ""; dominoUNID;
@Text(@DocumentUniqueID));
Figure 7-18 Agent formula
f. In the Objects pane, click Document Selection.
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
303
g. Click Add Condition. Select By form as the Condition, select the Group,
Person, and Server\Certifier forms, and click Add, as shown in
Figure 7-19.
Figure 7-19 Add document selection condition
h. Save the agent.
i. Right-click the agent in the Agent view, click Design Properties, select the
third tab, and select Prohibit design refresh or replace to modify, as
shown in Figure 7-20.
Figure 7-20 Prohibit template inheritance
j. To run the agent, select Actions from the Notes menu.
304
IBM Workplace Services Express
Figure 7-21 Agent run
Note: You must first select the document you want the agent run on
(that is, the documents created using the Person form, the Group form,
and the Server\Certifier form) before running the agent. Otherwise, it
will not run on all the documents. If you want to check the agent job,
look at the agent log or look at the document properties. To do this,
right-click the document and select Document properties → Fields.
The dominoUNID field must be present and must have a value, as
shown in Figure 7-22 on page 305.
Figure 7-22 Check if dominoUNID field has been inserted in the document
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
305
Important: For Domino 6.5.x only: If the Domino LDAP service
searches additional Domino Directories configured through directory
assistance, repeat steps 1 on page 297 through 6 on page 302 for each
additional directory.
k. Now open the Domino Administration Client and enter your password
when prompted. Go to the Configuration tab and select Server →
Configurations from the left column, as shown in Figure 7-23. If there is a
configuration document for all servers, open it; otherwise, if that document
does not exist, click Add Configuration.
Figure 7-23 Server configuration document
l. Click the Use these settings as the default settings for all servers
option, as shown in Figure 7-24 on page 307.
306
IBM Workplace Services Express
Figure 7-24 Apply settings for all servers option
m. Go to the LDAP tab. Click the Yes for the Allow LDAP users write access
option, as shown in Figure 7-25.
Figure 7-25 Allow LDAP users write access
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
307
n. On the LDAP tab, click the Select Attribute Types button at the top of the
form to open the Attribute types dialog box. Then, set the Object Classes
to * (asterisk) and click Display Attributes. In the Selectable Attribute
Types section, select dominoUNID (this is required for Workplace
Services Express and Domino LDAP integration), MailFile, MailServer,
HTTP_HostName, and NetAddresses.
Click OK when complete to add the selected fields. See Figure 7-26.
Figure 7-26 Attribute type selection
Restart the Domino LDAP task at the server console by entering:
tell ldap q
When it stops, enter:
load ldap
Alternatively, you could enter:
tell ldap reload schema
This completes the updates to the Domino Directory.
308
IBM Workplace Services Express
Updating the services file for Workplace Services Express
Note: Refer to Chapter 2, “Installation and administration” on page 17 for
instructions about installing Workplace Services Express. This ensures that
the various files you will be modifying in the following sections are present.
Take note to not start Workplace Services Express for the first time until you
have completed the following configuration.
You need to update the services file to ensure that Workplace Services Express
can write to the Domino Directory. Complete the following steps:
1. Open PumaService.properties file. You can find this file in the
wps_home/shared/app/config/services directory.
2. Add user.sync.remove.attributes=cn,CN,cN,Cn.
3. Save the file.
Note: If you do not perform these steps, Workplace Services Express will not
be able to create or update a user because of a misconfiguration.
The following operation maps the dominoUNID field to the extID value for
Member Manager.
Note: The following manual file configuration is not required for Workplace
Services Express V2.5, only for Workplace Services Express V2.0. However,
if you want to use Domino 5.x with Workplace Services Express V2.5, there is
one step required. Refer to the next Note box.
Complete the following steps:
1. Open the following file in a text editor:
wse_root\PortalServer\config\templates\wmm\wmm_LDAP.xml.DOMINO502.
3.wmm
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
309
Note: Workplace Services Express V2.0 uses the Domino 5.x adapter by
default. Workplace Services Express V2.5 uses the Domino 6.x adapter by
default. If you are using Workplace Services Express V2.0 and want to use
Domino 6.x instead, find the <ldapRepository> tag and change:
adapterClassName="com.ibm.ws.wmm.ldap.domino.DominoLdapAdapterImpl"
To:
adapterClassName="com.ibm.ws.wmm.ldap.domino.Domino6LdapAdapterImpl"
If you are using Workplace Services Express V2.5 and want to use Domino
5.x, find the <ldapRepository> tag and change:
adapterClassName="com.ibm.ws.wmm.ldap.domino.Domino6LdapAdapterImpl"
To:
adapterClassName="com.ibm.ws.wmm.ldap.domino.DominoLdapAdapterImpl"
2. In the <ldapRepository> tag, ensure that the wmmGenerateExtId attribute is
set to "false".
3. Find the <supportedLdapEntrytypes> tag and ensure that the values
"dominoOrganization" and "dominoOrganizationalUnit" are set to the same
values, as shown in Example 7-1.
Example 7-1 wmm_LDAP.xml.DOMINO502.3.wmm file
<supportedLdapEntryTypes>
<supportedLdapEntryType name="Person"
rdnAttrTypes="@[email protected]"
objectClassesForRead="@[email protected]"
objectClassesForWrite="@[email protected]"
searchBases="@[email protected]"/>
<supportedLdapEntryType name="Group"
rdnAttrTypes="@[email protected]"
objectClassesForRead="@[email protected]"
objectClassesForWrite="@[email protected]"
searchBases="@[email protected]"/>
<supportedLdapEntryType name="Organization"
rdnAttrTypes="o"
objectClassesForRead="dominoOrganization"
objectClassesForWrite="dominoOrganization"/>
<supportedLdapEntryType name="OrganizationalUnit"
rdnAttrTypes="ou"
objectClassesForRead="dominoOrganizationalUnit"
objectClassesForWrite="dominoOrganizationalUnit"/>
</supportedLdapEntryTypes>
310
IBM Workplace Services Express
4. Save and close the file.
Configure Member Manager to use dominoUNID:
1. Open the following file in a text editor:
wse_root\PortalServer\config\templates\wmm\wmmLDAPAttributes_DOMINO
502.xml.
2. Search for the <attributeMap> tag for the external identifier and change the
pluginAttributeName parameter to "dominoUNID", as shown in Example 7-2.
Example 7-2 Search for <attributeMap>
<attributeMap wmmAttributeName="extId"
applicableMemberTypes="Person;Group;Organization;OrganizationalUnit"
pluginAttributeName="dominoUNID"
dataType="String"
multiValued="false"
readOnly="true" />
3. Save and close the file.
Now, we change the security_disable.properties (helper file) to prepare the
environment for security disabling.
Note: This helper file is only needed to disable security. If you want, you can
launch the configuration wizard without changing this file; the values can be
modified at runtime.
Complete the following steps:
1. Open the following file in a text editor:
wse_root\PortalServer\config\helpers\security_disable.properties
2. Change the values for the properties shown in Table 7-2 on page 312. Use
the values in the table as a guide. Normally, you only need to update the
password if you used wpsadmin as the Portal administrator name.
Note: Table 7-2 lists the properties used in the disable security task. Note
that the fully qualified distinguished name is always required as the value
when configuring these settings.
3. Save and close the file.
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
311
Table 7-2 Properties used in disable security task
Property
Value
PortalAdminId
Enter the user ID that you entered during installation
and make sure that it is formatted appropriately, such
as:
uid=wpsadmin,o = default organization
PortalAdminIdShort
The short form of the user ID that you entered during
installation, such as:
wpsadmin
PortalAdminPwd
Enter the password that you entered during installation.
PortalAdminGroupId
Enter the name of the administrator group and make
sure that it is formatted appropriately, such as:
cn=wpsadmins,o= default organization
Use these steps to help pre-populate the helper file with your environment’s
values.
Note: The following steps are optional, because the bulk of these values can
be entered directly into the Configuration Wizard windows as part of the
Transfer security to LDAP option.
Complete the following steps:
1. Open the following file in a text editor:
wse_root\PortalServer\config\helpers\security_domino.properties
2. Change the values for the properties shown in Table 7-3. Use the values in
Table 7-3 as a guide for your LDAP environment.
Note: The fully qualified distinguished name is always required as the
value when configuring these settings.
Table 7-3 Properties for Domino LDAP security
312
Property
Value
WasUserid
Enter the user ID that you entered during installation
and make sure that it is formatted appropriately, such
as:
cn=wpsadmin,o=IBM
WasPassword
Enter the password that you entered during installation.
WpsHostName
Enter the host name for Workplace Services Express.
IBM Workplace Services Express
Property
Value
PortalAdminId
Enter the user ID that you entered during installation
and make sure that it is formatted appropriately, such
as:
cn=wpsadmin,o=IBM
PortalAdminIdShort
The short form of the user ID that you entered during
installation, such as:
wpsadmin
PortalAdminPwd
Enter the password that you entered during installation.
PortalAdminGroupId
Enter the name of the administrator group and make
sure that it is formatted appropriately, such as:
cn=wpsadmins
PortalAdminGroupIdShort
The short form of the administrator group ID, such as:
Wpsadmins
LTPAPassword
Enter the password that is appropriate for your
environment. This is the password that is used to
encrypt and decrypt the LTPA keys.
LTPATimeout
Enter a numeric value that specifies the time period in
minutes at which an LTPA token will expire.
SSODomainName
Enter your domain name, for example:
yourdomain.ibm.com
SSOEnabled
Enter true.
LookAside
Enter true. Important: This value must be set to true.
LDAPHostName
Enter the host information for your LDAP server, such
as:
yourldapservername.com
LDAPPort
Enter the port number for the LDAP server that
Workplace Services Express will use, for example:
389
LDAPAdminUId
Enter the LDAP administrator ID, for example:
cn=wpsbind,o=IBM
LDAPAdminPwd
Enter the LDAP administrator password.
LDAPServerType
Do not change; leave as DOMINO502.
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
313
Property
Value
LDAPBindID
Type the user ID for LDAP user authentication and make
sure that it is formatted appropriately, such as:
cn=wpsbind,o=IBM
Note: Specify a user account for searching the LDAP
directory.
LDAPBindPassword
Type the password.
LDAPSuffix
Leave blank.
LdapUserPrefix
Leave as cn, or change it to adapt for your environment.
LDAPUserSuffix
o=<your_organization>, for example, o=IBM
LdapGroupPrefix
Leave as cn, or change it to adapt for your environment.
LDAPGroupSuffix
Leave blank.
LDAPUserObjectClass
Enter as dominoPerson, or change it to adapt to your
environment.
LDAPGroupObjectClass
Enter as dominoGroup, or change it to adapt to your
environment.
LDAPGroupMember
Leave as member or change it to adapt to your
environment.
LDAPUserFilter
Type the key that is used to configure the user filter, such
as:
(&(|(cn=%v)(uid=%v))(objectclass=inetOrgPerson))
LDAPGroupFilter
Type the key that is used to configure the group filter,
such as:
(&(cn=%v)(|(objectclass=groupOfNames)(objectclas
s=groupOfUniqueNames)))
3. Save and close the file.
7.4.3 Testing Domino LDAP: ldapsearch
Those running IBM Lotus Domino already have ldapsearch installed. If you want,
you can use a different LDAP browser with a graphical interface, as in 7.2.2,
“Testing your LDAP directory connection” on page 288.
Simply launch a command prompt, change to the Notes program directory, and
use ldapsearch to try a quick test of your own. Otherwise, you can follow along
using the examples given here. See Example 7-3 on page 315.
314
IBM Workplace Services Express
Example 7-3 Using ldapsearch anonymously
C:\notes>ldapsearch -h 192.168.85.105 -b dc=ibm,dc=com cn=wpsadmin
uid=wpsadmin,cn=users,o=redbooks,DC=IBM,DC=COM
ibm-appuuid=96e7d880-f3f6-11d7-932c-83c83f7aa695
uid=wpsadmin
objectClass=organizationalPerson
objectClass=person
objectClass=top
objectClass=inetOrgPerson
objectClass=ibm-appuuidaux
sn=wpsadmin
cn=wpsadmin
[email protected]
displayname=WPS Admin
departmentnumber=101010
The command ldapsearch -h 192.168.85.105 -b dc=ibm,dc=com cn=wpsadmin
is a good review for understanding LDAP. The -h 192.168.85.105 specifies the
LDAP server. Here we used its IP address, but a host name would have worked
just as well. We also assumed that the server is listening on the default port of
389, which is the non-SSL port, instead of the SSL port of 636.
The second option, -b dc=ibm,dc=com, specifies the base DN. This often is your
company’s domain name. Without a base DN, LDAP servers usually return an
error message such as No Such Object, because you have not supplied enough
information for the search to know where to begin. Therefore, you have to supply
a base DN in addition to the filter. The exception to this rule is IBM Lotus Domino
LDAP, which has a null base DN and so does not require you to specify one.
The last element in our example is cn=wpsadmin, which is used to restrict the
number of entries that the search returns. The filter acts like text entered into a
typical Web search engine: The result will have more than one answer if multiple
entries match the filter you specify. In this case, only one LDAP entry matched
cn=wpsadmin. CN stands for Common Name and is a typical LDAP attribute, so it
is a good place to start when searching for entries.
Note: When you supply a password for LDAP authentication, be aware that it
could appear as a parameter in the logs of the LDAP server depending on the
amount of debug information being collected. Accordingly, it is best either to
use a read-only ID, or to change your password to a temporary password for
the duration of the testing.
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
315
Example 7-4 Using ldapsearch with credentials
C:\notes>ldapsearch -h 192.169.85.105 -p 636 -D cn=root -w xxx -b dc=ibm,dc=com
cn=wps*
uid=wpsadmin,cn=users,o=redbooks,DC=IBM,DC=COM
ibm-appuuid=96e7d880-f3f6-11d7-932c-83c83f7aa695
uid=wpsadmin
userpassword={SHA}M8TEBZVk7DWctbIiB/cv+hQ0nxs=
objectClass=organizationalPerson
objectClass=person
objectClass=top
objectClass=inetOrgPerson
objectClass=ibm-appuuidaux
sn=wpsadmin
cn=wpsadmin
[email protected]
displayname=WPS Admin
departmentnumber=101010
uid=wpsbind,cn=users,o=redbooks,DC=IBM,DC=COM
uid=wpsbind
userpassword={SHA}n8ydgW+6YMPXMXlQh6InXamYbYs=
objectClass=organizationalPerson
objectClass=person
objectClass=top
objectClass=inetOrgPerson
objectClass=ibm-appuuidaux
sn=wpsbind
cn=wpsbind
[email protected]
ibm-appuuid=2a6ab7c1-f4d4-11d7-ba58-83c83f7c1a53
displayname=WPS Bind
cn=wpsadmins,cn=groups,o=redbooks,DC=IBM,DC=COM
cn=wpsadmins
ibm-appuuid=7b364010-164f-11d8-baf2-825f3fb4446b
objectclass=groupOfUniqueNames
objectclass=top
objectclass=ibm-appuuidaux
uniquemember=uid=wpsadmin,cn=users,o=redbooks,dc=ibm,dc=com
uniquemember=uid=john,cn=users,o=redbooks,dc=ibm,dc=com
uniquemember=uid=bill,cn=users,o=redbooks,dc=ibm,dc=com
The filter in Example 7-4 is cn=wps*, where * is the conventional wildcard
character. It indicates that anything following wps should be considered a match.
As you can see, it returned all three entries important to WebSphere Application
316
IBM Workplace Services Express
Server, WebSphere Portal, and Workplace Services Express: the two user
accounts, wpsadmin and wpsbind, and the administrative group, wpsadmins.
Some other interesting things to note in Example 7-4 on page 316 are that the
LDAP server has at least two distinct divisions signified by cn=users and
cn=groups, and that both of these are gathered under o=redbooks. The account
wpsadmin has been included in the wpsadmins group, but wpsbind has not. Also,
John and Bill are both listed in wpsadmins, so they would naturally be the first
people to contact for help because they have apparently deployed Workplace
Services Express before.
7.4.4 Running the LDAP configuration wizard
Important: Before disabling security, change the soap.client.props file in
<wse_root>\AppServer\properties to:
com.ibm.SOAP.requestTimeout=6000
The LDAP configuration wizard is a GUI-driven wizard that can enable and
disable security for Workplace Services Express.
If you have not done so already, it is worth interrogating the Domino LDAP
directory with an LDAP browser before beginning (refer to 7.2.2, “Testing your
LDAP directory connection” on page 288).
It is essential that the Domino LDAP directory and user accounts are correctly
configured and operational; otherwise, the wizard will fail.
Complete the following steps:
1. Open a command prompt and navigate to <wse_root>/subtasks and launch
the command:
startNetworkServer.bat
For Linux:
startNetworkServer.sh
2. Now navigate to the directory <wse_root>/Appserver/bin and launch the
command:
startServer server1
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
317
3. Finally, navigate to <wse_root>PortalServer\config\wizard and start the
configuration wizard by running:
configwizard.bat
For Linux:
configwizard.sh
4. Select the language that the wizard will use and click OK, as shown in
Figure 7-27.
Figure 7-27 Launch the Configuration Wizard
318
IBM Workplace Services Express
5. When the wizard loads, click Next to continue, as shown in Figure 7-28.
Figure 7-28 Configuration Wizard Welcome window
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
319
6. Because security is enabled by default in Workplace Services Express, you
will first need to disable security. Select Disable security and click Next, as
shown in Figure 7-29.
Figure 7-29 Disable security
320
IBM Workplace Services Express
7. The wizard requests a User name and Password to continue. Enter the user
name and the password you set at installation time (in this example, wpsadmin
and wpsadmin) and click Next, as shown in Figure 7-30.
Figure 7-30 WebSphere Application Server User and Password
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
321
8. The wizard requests the properties file to use when disabling security. Accept
the default and click Next. Now, check the values in the security window, as
shown in Figure 7-31.
Figure 7-31 Portal security properties
322
IBM Workplace Services Express
9. If this is a clean install, the default values should be correct, click Next, as
shown in Figure 7-32.
Figure 7-32 Disable security
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
323
10.Now, click Next and wait until you receive the successful confirmation
message, as shown in Figure 7-33.
Note: The disable security task takes a while to complete. Do not stop it or
cancel the task while in progress.
11.Click Run Wizard Again.
Figure 7-33 Disable security task completed successfully
324
IBM Workplace Services Express
12.Select Enable LDAP security, as shown in Figure 7-34.
Figure 7-34 Enable LDAP security
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
325
13.Because we are using a Domino server, select Lotus Domino Enterprise
Server and click Next, as shown in Figure 7-35.
Figure 7-35 Choose Lotus Domino Enterprise Server
326
IBM Workplace Services Express
14.Accept the default properties file for security_domino.properties and click
Next, as shown in Figure 7-36.
Note: If you previously modified the security_domino.properties file, you
must confirm the values. Refer to Table 7-3 on page 312.
Figure 7-36 Default properties file for security_domino.properties
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
327
15.Set all the values for your environment, as shown in Figure 7-37. If you do not
need SSL, leave sslEnable as false. Leave the LDAPSuffix blank. Click Next.
Figure 7-37 Enable security: LDAP settings
328
IBM Workplace Services Express
16.Set the LdapUserSuffix as in your environment (in this example, o=ibm) and
click Next, as shown in Figure 7-38.
Figure 7-38 LDAP security settings
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
329
17.Confirm the settings and click Next, as shown in Figure 7-39.
Figure 7-39 LDAP security settings continued
330
IBM Workplace Services Express
18.Confirm the settings and click Next, as shown in Figure 7-40.
Figure 7-40 LDAP security settings continued
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
331
19.As shown in Figure 7-41, different administration IDs can be used for
administering the system and for LDAP access. Check your settings and click
Next.
Figure 7-41 LDAP security: Portal administrator IDs
332
IBM Workplace Services Express
20.Use the wpsbind ID and password for security as shown in Figure 7-42, and
confirm the Workplace Services Express server name. At a later point, it is
possible to enable single sign-on (SSO) for Web browsers between
Workplace Services Express and Domino; these details are used to enable
the Workplace Services Express side of the SSO solution. Choose an LTPA
password and keep it safe, because you will require it later when you export
the LTPA tokens from Workplace Services Express and import them to
Domino. Click Next.
Tip: For more information regarding SSO, refer to 6.2, “Single sign-on” on
page 237.
Figure 7-42 LDAP security: WasUserid
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
333
21.Confirm the settings and click Next, as shown in Figure 7-43.
Figure 7-43 Enabling LDAP: Advanced settings
334
IBM Workplace Services Express
22.Confirm the settings and click Next, as shown in Figure 7-44.
Figure 7-44 LDAP advanced settings continued
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
335
23.Confirm the settings and click Next, as shown in Figure 7-45.
Figure 7-45 LDAP advanced setting continued
24.Confirm the settings and click Next, as shown in Figure 7-46 on page 337.
This start the process. Wait until the process is completed (it takes a while).
When the wizard completes, click Finish.
336
IBM Workplace Services Express
Figure 7-46 LDAP security final window
7.4.5 Configuring Workplace Services Express: LDAP over SSL
You might want to configure WebSphere Application Server and Workplace
Services Express access to your LDAP user registry over SSL to ensure the
confidentiality of the data exchanged between WebSphere Application Server,
Workplace Services Express, and Domino Directory. For example, user
passwords are sent over the network between the LDAP user registry and
Workplace Services Express. This occurs to set the password if Workplace
Services Express user management tools are used to create users and change
passwords and also when WebSphere Application Server authenticates any user
name and password pair through an LDAP BIND operation. Configuring LDAP
over SSL can be important to protect sensitive data. Also, it might be required to
ensure that user attributes that are retrieved from the directory are not viewed by
someone watching packets on the network if the attributes of a user include
sensitive information or privacy is a concern.
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
337
In order to ensure that all this information remains private, you must configure
both WebSphere Application Server and Workplace Services Express to use
LDAP over SSL to the LDAP user registry. Configuring LDAP over SSL for
WebSphere Application Server and Workplace Services Express is a separate
operation from configuring the HTTP server to accept incoming browser requests
over HTTPS, or configuring HTTPS between the HTTP server and WebSphere
Application Server in a distributed setup.
A full primer about the configuration of all the LDAP user registries and
WebSphere Application Server is beyond the scope of this book. Consult the
documentation for your LDAP server to configure the directory for SSL traffic. For
WebSphere Application Server, the IBM Redbook IBM WebSphere V5.0
Security, SG24-6573, is available. You can also consult the WebSphere
Application Server product documentation.
Note: We recommend that you first get LDAP (non-SSL) working before
setting up LDAP over SSL. This enables you to verify that the directory is
responding to LDAP requests before setting it up for SSL.
Configuring LDAP over SSL from WebSphere Application Server and Workplace
Services Express to Domino as the LDAP user registry is almost the same as for
IBM Directory Server or any of the other LDAP user registry servers. Domino will
present a signed certificate as part of the LDAP-over-SSL handshake. The signer
certificates for this Domino Directory server certificate must be available to
WebSphere Application Server, WebSphere Portal, and Workplace Services
Express. If the Domino Directory server certificate is self-signed, that same
self-signed certificate must be imported as a signer certificate into the named
WebSphere Application Server Java Key Store (JKS) for WebSphere Application
Server LDAP over SSL and into the cacerts file for WebSphere Portal use.
If the Domino Directory server certificate is signed by a CA certificate chain, that
CA certificate chain must be imported as signer certificates into the named
WebSphere Application Server Java Key Store for WebSphere Application
Server LDAP over SSL and into the cacerts file for WebSphere Portal and
Workplace Services Express use.
However, there are some slight differences in the Domino key management
utilities; they generate key files that are compatible with the GSKIT key
management tool, provided with IBM HTTP Server, but not directly with the
WebSphere Application Server key management tool. So, if Domino key
management has been used to generate self-signed certificates, the GSKIT key
management tool must be used as an intermediate step to extract that certificate
in Base64-encoded ASCII format (the .arm file), which can then be imported to
WebSphere Application Server and the default Java Secure Socket Extension
338
IBM Workplace Services Express
(JSSE) key stores using the WebSphere Application Server key management
tool. To import the file, follow the procedures outlined here.
Configuring Domino to use SSL
To configure Domino for secure communication for LDAP, Domino requires a
keyring, .kyr file, and password stash, .sth file, on the server side. In order to
create the keyring, use the Domino built-in certificate authority (CA) application.
The CA application installs with Domino, you should be able to find it under the
directory domino\data\certsrv.nsf. Complete the following steps:
1. Open the database in Lotus Notes.
2. Select Create Key Ring with Self-Certified Certificate, as shown in
Figure 7-47.
Important: We are creating a self-certified certificate. You can use it for
testing purposes and demos, but we suggest that you use CA-verified
certificate in a production environment.
Figure 7-47 Domino Certificate Authority application
3. Fill out the certificate request, as shown in Figure 7-48 on page 340.
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
339
Important: Make sure that the keyfile and the certificate are saved under
the Domino data directory, for example: c:\lotus\domino\data.
Figure 7-48 Creating a self-signed certificate
4. Click Create Key Ring with Self-Certified Certificate, and Domino will
generate the keyring with the stash file and save it in the Domino data
directory.
5. Close the CA application in Lotus Notes.
6. Start the IKeyMan tool, which is able to read the .kyr files, that comes with
IBM HTTP Server. You can also find it as part of a WebSphere Portal
installation. Do not use now the IKeyMan available in the
<wse_root>\AppServer\bin directory, because it is not able to access.kyr files.
Open now the keyring file you have just created, LDAPSSLServer.kyr, as
shown in Figure 7-49 on page 341.
7. Export the KeyPair certificate under the LDAPSSLServer.arm to the Domino
data directory, \domino\data.
340
IBM Workplace Services Express
Figure 7-49 Extract Certificate from key
8. Close the IKeyMan application.
Now, set up the Domino server to use LDAP over SSL. Open the Server
document and go to Ports → Internet Ports → Directory. Fill in the value, as
shown in Figure 7-50 on page 342, according to the key file name you created
earlier. Restart the server after changing the values.
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
341
Figure 7-50 Domino LDAP SSL settings
Note: As final step, you can disable the LDAP non-SSL port or redirect it to the
SSL one.
Importing certificates to Workplace Services Express and
WebSphere Portal to enable SSL connection
Make the signing certificate from Domino Directory (either the CA certificate or
the self-signed certificate) available to the WebSphere Application Server and
WebSphere Portal machine. You can do this by moving the file through a network
transfer or removable media. Note that a CA certificate must be in
Base64-encoded ASCII data format as an .arm file in order to be imported by the
WebSphere Application Server key management utilities. The IBM HTTP Server
Key Management Utility (IKeyMan) can be used to format a CA certificate that is
not in the right format.
342
IBM Workplace Services Express
Importing certificates to a WebSphere Application Server
keystore
To make either the self-signed certificate or the CA certificate chain available to
WebSphere Application Server, WebSphere Portal, and Workplace Services
Express, you must use the key management tool supplied by WebSphere
Application Server to import the certificates into the necessary Java Key Store
(.jks) format key storage files. Note that the key management tool supplied by
WebSphere Application Server is IKeyMan. IKeyMan supports the Java Key
Store file formats necessary for WebSphere Application Server and WebSphere
Portal (it is in the <wse_root>\AppServer\bin directory).
Complete the following steps:
1. Activate the IKeyMan utility by issuing the ikeyman.exe or ikeyman.sh
command from the command line, depending on your operating system.
2. Open the Java Key Store file that will be used by WebSphere Application
Server for LDAP over SSL (the one you exported from the Domino key file we
called LDAPSSLServer.arm). The user can create new key files and define a
new SSL repertoire. WebSphere Application Server provides a default
repertoire called DefaultSSLSetting. Use the default repertoire that contains
the default WebSphere Application Server server trust file. Open
DummyServerTrustFile.jks located at was_root/etc directory. The password to
the dummy server trust file is WebAS.
3. Select Signer Certificates from the top drop-down menu, and then click Add,
as shown in Figure 7-51 on page 344.
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
343
Figure 7-51 Import the Domino certificate to a WebSphere Application Server keystore
4. Select Base64-encoded ASCII data as the data type, and browse to the
certificate file of that type that you exported from the Domino server.
5. You will be asked for a label for the new certificate. Enter the same value that
you specified for the label when you created the certificate (in this example,
LDAPSSLServer).
6. Repeat the previous steps to import the certificate in the
DummyClientTrustFile.jks, DummyClientKeyFile.jks, and
DummyServerTrustFile.jks files.
7. Import the same certificate into the
<wse_root>\AppServer\java\jre\lib\security\cacerts file. By default, the
password is “changeit”. Always enter the same label you gave in the previous
step. This procedure imports the key certificate into the WebSphere Portal
Server key database.
8. Close the key database and quit IKeyMan.
344
IBM Workplace Services Express
Configuring Workplace Services Express to access Domino
LDAP using SSL
To configure Workplace Services Express to access Domino LDAP using SSL,
complete the following steps:
1. Stop the Workplace Services Express servers, issuing the command:
<wse_root\>stopWorkplaceServices.bat
For Linux, use the following command:
<wse_root>/stopWorkplaceServices.sh
2. Start server1 and log in to the WebSphere Application Server administrative
console. Perform the following tasks (see Figure 7-52):
a. Navigate to Security → User Registries → LDAP.
b. Select the SSL Enabled option (set sslEnabled to true).
c. Set the LDAP Port to 636.
d. Save the changes.
Figure 7-52 LDAP SSL security settings in WebSphere
3. Stop and restart WebSphere Application Server (server1). Remember to use
the -user and -password parameters.
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
345
4. Open the file <wse_root>\PortalServer\shared\app\wmm\wmm.xml in a text
editor.
5. Find the ldapRepository name="wmmLDAP" tag, and perform the following
steps:
a. Verify that ldapPort="636".
b. Verify that wmmGenerateExtId="false".
c. Add java.naming.security.protocol="ssl".
6. Find the supportedLdapEntryTypes tag and delete all occurrences of
ibm-appUUIDAux from the objectClassForWrite attribute.
7. Save and close the file.
8. Restart the servers:
wse_root>\startWorkplaceServices.bat
For Linux, use the following command:
<wse_root>/startWorkplaceServices.sh
7.5 Configuring Workplace Services Express for Active
Directory
This section covers the configuration changes that need to be made to Microsoft
Active Directory. We then walk you through the configuration of Workplace
Services Express to work with Active Directory.
Important: Refer to Chapter 2, “Installation and administration” on page 17 for
instructions about installing Workplace Services Express. This will ensure that
the various files you will be modifying in the following sections are present.
Take note to not start Workplace Services Express for the first time until you
have completed the following configuration.
7.5.1 Creating the required administrative accounts
Before you can configure Workplace Services Express to work with the LDAP
server, the LDAP user registry must have the appropriate administrative users
and user group information added, as shown in Table 7-4 on page 347.
Note: Refer to the Microsoft online Active Directory Technical Library for
information about installing Active Directory and creating users and groups.
346
IBM Workplace Services Express
Table 7-4 Required administrative accounts
LDAP account
LDAP account name (as
they appear in the helper
files discussed later)
Name used to authenticate
the WebSphere
Application Server
administrator
WasUserid
Name used to authenticate
the Workplace Services
Express administrator
PortalAdminId
Notes
WasPassword
PortalAdminIdShort
PortalAdminPwd
Name of the Workplace
Services Express
administrator group
PortalAdminGroupId
Name that WebSphere
Member Manager uses to
access the LDAP directory
LDAPAdminUId
Name used to bind to the
LDAP directory in order to
authenticate the previous
names
LDAPBindID
PortalAdminGroupIdShort
LDAPAdminPwd
Group should include the
name of the Workplace
Services Express
administrator.
if this account has
read-only access,
Workplace Services
Express cannot make
changes to the directory,
and users cannot use
self-registration to the site
(Sign up) or modify
attributes in the directory.
LDAPBindPassword
7.5.2 Changing the Active Directory Schema
To modify an existing Active Directory server, you first need to enable schema
modifications. Complete the following steps:
1. Install the Microsoft Windows 2000 Support Tool. You can find this in the
SUPPORT/TOOLS directory on the Windows 2000 Server Setup CD.
2. Add and configure the Active Directory Schema snap-in:
a. Before you can use the snap-in, you must register the DLL file,
schmmgmt.dll. At a command prompt line, enter:
regsvr32 schmmgmt.dll
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
347
Note: RegSvr32 has been successfully registered when a
DllRegisterServer in schmmgmt.dll succeeded dialog box opens.
b. From the Windows Start menu, select Programs → Windows 2000
Support Tools → Security Administration Tools.
c. Select Console → Add/Remove Snap-in.
d. Click Add to open the Add Standalone Snap-in dialog box.
e. Click Active Directory Schema, and then click Add, as shown in
Figure 7-53.
f. Active Directory Schema appears in the Add/Remove Snap-in dialog box.
Click Close, and then click OK to return to the console.
Figure 7-53 Add Schema Snap-in
3. From the Security Administration Tools console, right-click Active Directory
Schema and choose Operations Master, as shown in Figure 7-54 on
page 349.
348
IBM Workplace Services Express
Figure 7-54 Choose Operations Master
4. Select the The Schema may be modified on this Domain Controller
option, as shown in Figure 7-55.
Figure 7-55 Select Schema may be modified option
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
349
5. Create the PreferredLanguage attribute:
a. From the Windows Start menu, select Programs → Windows 2000
Support Tools → Security Administration Tools.
b. Right-click Attributes and select Create Attribute, as shown in
Figure 7-56.
Figure 7-56 Create Attribute
6. Click Continue when the warning message appears, as shown in
Figure 7-57.
Figure 7-57 Warning message
350
IBM Workplace Services Express
7. Enter the following values in the Create New Attribute dialog box, as shown in
Figure 7-58:
– Common Name: preferredLanguage
– LDAP Display Name: preferredLanguage
– Unique X500 Object ID: 2.16.840.1.113730.3.1.39
– Syntax: Case Insensitive String
Figure 7-58 Create New Attribute fields
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
351
8. Go to the Attributes tab, click Add, and select preferredLanguage, as shown
in Figure 7-59. Click OK.
Figure 7-59 Add preferredLanguage attribute
9. Add the preferredLanguage attribute to the user object class.
In Security Administration Tools, select Active Directory Schema →
Classes, and double-click the user object class, as shown in Figure 7-60 on
page 353.
352
IBM Workplace Services Express
Figure 7-60 User object class
7.5.3 Configuring Workplace Services Express files
Workplace Services Express uses WebSphere Member Manager. In order for
WebSphere Member Manager to recognize the preferredLanguage attribute, you
need to add it to the Member Manager LDAP attributes XML file.
Note: The following manual file configuration is not required for Workplace
Services Express V2.5, only for Workplace Services Express V2.0.
Complete the following steps:
1. Using a text editor locate the file in the following directory:
wse_root\PortalServer\config\templates\wmm\wmmLDAPAttributes_ACTIVE_
DIRECTORY.xml
2. There are many attributeMap tags. Search for the one with wmmAttributeName
of preferredLanguage and ensure the settings in Example 7-5 on page 354
match. If the tag does not exist, you need to add it.
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
353
Example 7-5 wmmAttributeName tag
<attributeMap
wmmAttributeName="preferredLanguage"
pluginAttributeName="preferredLanguage"
applicableMemberTypes="Person"
dataType="String"
valueLength="128"
multiValued="false" />
3. To complete the task, the Member Manager ExtID must be mapped to a field
that can contain a string to uniquely identify an entry. For the Active Directory
server, you can map the objectGUID attribute to the external identifier.
objectGUID is a unique identifier that is automatically included by Active
Directory for each LDAP entry created, so there is no need to modify the
schema and add an additional one. If you need instructions about how to add
a unique identifier to Active Directory refer to 8.5.2, “Adding a unique ID to an
Active Directory Schema” on page 435. The following two files need to be
modified to complete the mapping:
– <wse_root>\PortalServer\config\templates\wmm\wmm_LDAP.xml.ACTIVE_
DIRECTORY.3.wmm
Search for the <ldapRepository> tag, and set the wmmGenerateExtId
attribute to false.
Example 7-6 <ldapRepository> tag
<ldapRepository name="wmmLDAP"
UUID="LDAP1"
adapterClassName="com.ibm.ws.wmm.ldap.activedir.ActiveDirectoryAdapterImpl"
supportDynamicAttributes="false"
configurationFile="wmm/xml/wmmLDAPAttributes_AD_LDAP.xml"
wmmGenerateExtId="false"
supportGetPersonByAccountName="true"
profileRepositoryForGroups="LDAP1"
supportTransactions="false"
354
IBM Workplace Services Express
– <wse_root>\PortalServer\config\templates\wmm\wmmLDAPAttributes_ACTI
VE_DIRECTORY.xml
Search for the <attributeMap> tag for the external identifier, and ensure
that the pluginAttributeName parameter is set to objectGUID.
Example 7-7 <attributeMap> tag
<attributeMap
wmmAttributeName="extId"
applicableMemberTypes="Person;Group;Organization;OrganizationalUnit"
pluginAttributeName="objectGUID"
dataType="String"
multiValued="false"
readOnly="true"/>
7.5.4 Configuring optional read-only access to Active Directory LDAP
If you configure read-only access to the LDAP directory, be sure that the account
name you use to populate the LDAPAdminUid field has no more than read
access to the directory. If you configure read-only access, you must add new site
users and manage user information through the mechanism provided by your
LDAP server. New users to the site will not be able to use the Sign up feature, nor
will they be able to manage their personal information through Edit my profile. If
you leave these features available on the site, an error message will be
generated if a user attempts to use them.
Complete the following steps:
1. Open the following file in a text editor:
install_root\PortalServer\config\templates\wmm\wmm_LDAP.xml.ACTIVE_DI
RECTORY.3.wmm
Find the ldapRepository tag and add the following attribute, as shown in
Example 7-8:
ignoreReadOnlyUpdate="true"
Example 7-8 <ldapRepository> tag
<ldapRepository name="wmmLDAP"
UUID="LDAP1"
adapterClassName="com.ibm.ws.wmm.ldap.activedir.ActiveDirectoryAdapterImpl"
supportDynamicAttributes="false"
configurationFile="@[email protected]/wmm/wmmLDAPServerAttributes.xml"
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
355
wmmGenerateExtId="false"
supportGetPersonByAccountName="true"
profileRepositoryForGroups="LDAP1"
supportTransactions="false"
adminId="@[email protected]"
adminPassword="@[email protected]"
ldapHost="@[email protected]"
ldapPort="@[email protected]"
ldapTimeOut="6000"
ldapAuthentication="SIMPLE"
ldapType="0"
memberOfAttributeName="memberOf"
groupCacheRefreshInterval="-1"
ignoreReadOnlyUpdate="true">
2. Open the following file in a text editor:
<wse_root>\PortalServer\config\templates\wmm\wmmLDAPAttributes_ACTIV
E_DIRECTORY.xml
Set the readOnly attribute to true for every attributeMap tag. If it does not
exist, you need to add it. There are a large number attributeMap tags to be
altered. Example 7-9 shows a small subset of the tags that exist in that file.
You will, however, need to alter all of them.
Example 7-9 wmmLDAPAttributes_ACTIVE_DIRECTORY.xml file
<attributeMap wmmAttributeName="uid"
pluginAttributeName="samAccountName"
applicableMemberTypes="Person"
requiredMemberTypes="Person"
dataType="String"
valueLength="32"
multiValued="false"
readOnly="true"/>
<attributeMap wmmAttributeName="sn"
pluginAttributeName="sn"
applicableMemberTypes="Person"
requiredMemberTypes="Person"
dataType="String"
valueLength="128"
multiValued="true"
readOnly="true" />
356
IBM Workplace Services Express
7.5.5 Disabling Workplace Services Express security
Security must first be disabled and then re-enabled with the appropriate LDAP
information. The following file that is used to disable security can be left at its
default values. Workplace Services Express does not use these parameters at
this point. It simply disables security. However, instructions about modifying it are
listed for reference.
Important: Before running the Workplace Services Express LDAP
configuration wizard for disabling security, change the soap.client.props file in
<wse_root>\AppServer\properties\soap.client.props as follows:
com.ibm.SOAP.requestTimeout=6000
Complete the following steps:
1. Open the following file in a text editor:
<wse_root>\PortalServer\config\helpers\security_disable.properties
2. Change the values for the properties shown in Table 7-5.
Note: The fully qualified distinguished name is always required as the
value when configuring these settings.
Table 7-5 security_disable.properties file
Property
Value
PortalAdminId
Enter the user ID that you entered during installation
and make sure that it is formatted appropriately, such
as:
cn=PortalAdminId,cn=users,dc=yourco,dc=com
PortalAdminIdShort
The short form of the user ID that you entered during
installation, such as:
PortalAdminIdShort
PortalAdminPwd
Enter the password that you entered during the
installation.
PortalAdminGroupId
Enter the name of the administrator group and make
sure that it is formatted appropriately, such as:
cn=PortalAdminGroupId,cn=groups,dc=yourco,dc=com
3. Save and close the file.
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
357
7.5.6 Enabling Workplace Services Express security
These steps enable you to pre-populate the helper file with your environments
values.
Note: The following steps are optional, because the bulk of these values can
be entered directly into the configuration wizard windows as part of the
Transfer security to LDAP option.
It is worth interrogating the LDAP directory with an LDAP browser before starting.
This is an excellent way to verify the various strings and accounts you will be
entering in the following steps (refer to 7.2.2, “Testing your LDAP directory
connection” on page 288).
Complete the following steps:
1. Open the following file in a text editor:
wse_root\PortalServer\config\helpers\security_active_directory.properties
2. Change the values for the properties shown in Table 7-6. This table gives a
broad description of the various fields that you will encounter in the helper file
and also through the enable security install wizard windows. Map these
parameters to your specific environment using the values in the table as a
guide.
Note: The fully qualified distinguished name is always required as the
value when configuring these settings.
Table 7-6 Properties for LDAP security
358
Property
Value
WasUserid
Enter the user ID that you entered during installation
and make sure that it is formatted appropriately, such
as:
cn=wpsadmin,o=IBM
WasPassword
Enter the password that you entered during installation.
WpsHostName
Enter the host name for Workplace Services Express.
PortalAdminId
Enter the user ID that you entered during installation
and make sure that it is formatted appropriately, such
as:
cn=wpsadmin,o=IBM
IBM Workplace Services Express
Property
Value
PortalAdminIdShort
The short form of the user ID that you entered during
installation, such as:
wpsadmin
PortalAdminPwd
Enter the password that you entered during installation.
PortalAdminGroupId
Enter the name of the administrator group and make
sure that it is formatted appropriately, such as:
cn=wpsadmins
PortalAdminGroupIdShort
The short form of the administrator group ID, such as:
Wpsadmins
LTPAPassword
Enter the password that is appropriate for your
environment. This is the password that is used to
encrypt and decrypt the LTPA keys.
LTPATimeout
Enter a numeric value that specifies the time period in
minutes at which an LTPA token will expire.
SSODomainName
Enter your domain name, for example:
yourdomain.ibm.com
LookAside
Enter true. Important: This value must be set to true.
LDAPHostName
Enter the host information for your LDAP server, such
as:
yourldapservername.com
LDAPPort
Enter the port number for the LDAP server that
Workplace Services Express will use, for example: 389
LDAPAdminUId
Enter the LDAP administrator ID, for example:
cn=wpsadmin,o=IBM.
LDAPAdminPwd
Enter the LDAP administrator password.
LDAPServerType
Do not change; leave as DOMINO502.
LDAPBindID
Enter the user ID for LDAP user authentication and
make sure that it is formatted appropriately, such as:
cn=wpsbind,o=IBM
Note: Specify a user account for searching the LDAP
directory.
LDAPBindPassword
Enter the password.
LDAPSuffix
Leave blank.
LdapUserPrefix
Leave as cn, or change it to adapt for your environment.
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
359
Property
Value
LDAPUserSuffix
Leave blank.
LdapGroupPrefix
Leave as cn, or change it to adapt for your environment.
LDAPGroupSuffix
Leave blank.
LDAPUserObjectClass
Leave as inetOrgPerson, or change it to adapt to your
environment.
LDAPGroupObjectClass
Leave as groupOfNames, or change it to adapt to your
environment
LDAPGroupMember
Leave as uniqueMember, or change it to adapt to your
environment.
LDAPUserFilter
Enter the key that is used to configure the user filter,
such as:
(&(|(cn=%v)(uid=%v))(objectclass=inetOrgPerson))
LDAPGroupFilter
Enter the key that is used to configure the group filter,
such as:
(&(cn=%v)(|(objectclass=groupOfNames)(objectclas
s=groupOfUniqueNames)))
3. Save and close the file.
Running the LDAP configuration wizard
The LDAP configuration wizard is a GUI-driven wizard that can enable and
disable security for Workplace Services Express.
If you have not done so already, it is worth interrogating the LDAP directory with
an LDAP browser before starting (refer to 7.2.2, “Testing your LDAP directory
connection” on page 288).It is essential that the LDAP directory and user
accounts are correctly configured and operational; otherwise, the wizard will fail.
Ensure that you are logged in to the system with administrator privileges. Refer
to Chapter 2, “Installation and administration” on page 17 for more information
about required administrator privileges. Complete the following steps:
1. Open a command prompt and navigate to the directory <wse_root>/subtasks
and enter the following command:
startNetworkServer.bat
For Linux:
startNetworkServer.sh
360
IBM Workplace Services Express
2. Navigate to the directory <wse_root>/Appserver/bin and enter the following
command:
startServer server1
3. Finally, navigate to the directory <wse_root>PortalServer\config\wizard and
start the configuration wizard by running:
configwizard.bat
For Linux:
configwizard.sh
4. Select the language that the wizard will use and click OK. See Figure 7-61.
Figure 7-61 Start NetworkServer and server1 and launch LDAP configuration wizard
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
361
5. Select the Disable security option and click Next, as shown in Figure 7-62.
Figure 7-62 Disable security
362
IBM Workplace Services Express
6. The wizard requests a User name and Password to continue. Enter the user
name and the password that you set at installation time (in this example,
wpsadmin and wpsadmin) and click Next, as shown in Figure 7-63.
Figure 7-63 Enter User name and Password
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
363
7. The wizard requests the properties file to use when disabling security. Accept
the default and click Next, as shown in Figure 7-64.
Leave the security_disable.properties file entries as the default. As mentioned
earlier, Workplace Services Express does not actually use these parameters;
it simply disables security.
Figure 7-64 Keep the default file for disabling security
364
IBM Workplace Services Express
8. Click Next and wait until you receive the successful confirmation message, as
shown in Figure 7-66 on page 366.
Note: The disable security task can take a while to complete. Do not stop
or cancel the task while it is in progress.
Figure 7-65 Leave the default values
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
365
9. Click the Run Wizard Again button, as shown in Figure 7-66.
Figure 7-66 Disable security task completed successfully
366
IBM Workplace Services Express
10.Select the Enable LDAP security option, as shown in Figure 7-67. Click
Next.
Figure 7-67 Enable LDAP security
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
367
11.Select the Microsoft Active Directory options from the list of supported
LDAP servers and click Next, as shown in Figure 7-68.
Note: If you previously modified the security_active_directory.properties
file, you will just be verifying your previous entries.
Figure 7-68 Select Microsoft Active Directory
368
IBM Workplace Services Express
12.Accept the path to your security_active_directory.properties helper file, as
shown in Figure 7-69. Click Next.
Figure 7-69 Verify the path to your security_active_directory.properties file
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
369
13.Using your LDAP browser as a verification tool, fill in the LDAP information, as
shown in Figure 7-70. Leave sslEnable as false. If you intend to
communicate to your LDAP server through SSL, it will need to be configured
after the initial LDAP configuration. Note that the LDAPSuffix refers to your
base DN or search base. Click Next.
Figure 7-70 Enter your LDAP server information
370
IBM Workplace Services Express
14.Continue verifying or entering LDAP information after the previous input has
been validated, as shown in Figure 7-71.
Figure 7-71 Continue entering LDAP information
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
371
15.Confirm the settings and click Next, as shown in Figure 7-72.
Figure 7-72 Confirm the settings
372
IBM Workplace Services Express
16.Confirm the settings and click Next, as shown in Figure 7-73.
Figure 7-73 Confirm the settings
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
373
17.Confirm your settings, or enter more LDAP information, and click Next, as
shown in Figure 7-74.
Figure 7-74 Confirm the settings, or enter your LDAP information
374
IBM Workplace Services Express
18.Keep entering appropriate LDAP information. Set SSLEnabled to true. The
details listed in Figure 7-75 are used to configure the Workplace Services
Express side of the SSO solution. Note that it is also possible to enable Single
sign-on (SSO) at a later point.
Figure 7-75 Enter LDAP information and select an LTPA password
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
375
19.Confirm settings and click Next, as shown in Figure 7-76.
Figure 7-76 Confirm the settings
376
IBM Workplace Services Express
20.Continue to either confirm or enter your LDAP settings, as shown in
Figure 7-77. Click Next.
Figure 7-77 Continue confirming or entering LDAP settings
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
377
21.Confirm the LDAP filter settings, as shown in Figure 7-78. These fields refer
to the various attributes in your LDAP directory with which you can use to log
in. Click Next.
Figure 7-78 Confirm LDAP filters
378
IBM Workplace Services Express
22.Enable security will now be ready to run, as shown in Figure 7-79. Click Next.
Figure 7-79 Enable security is now ready to run
23.When the wizard completes, click Finish.
7.5.7 Configuring access to Active Directory over SSL
There are two prerequisites before you begin configuring access to Active
Directory over SSL:
򐂰 Microsoft Active Directory and Internet Information Services (IIS) should be
installed and configured before you install Workplace Services Express.
򐂰 You must have installed Certificate Services before configuring Active
Directory for SSL. Refer to “Installing Windows 2000 Active Directory” on the
Microsoft Web site for more information.
Export the root CA certificate:
1. Open a Web browser and connect to:
http://localhost/certsrv
2. Select Retrieve the CA certificate or certificate revocation list and click
Next.
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
379
3. Choose the certificate you created (Current) and the format (either DER
encoded or Base64 encoded). Then, click Download CA certificate.
4. Save this certificate in a file. For example, call the certificate certnew.cer.
5. Load mmc.exe and then the Certificate Authority snap-in. Find the root
certificate public key and save to file.
Importing certificates to a WebSphere Application Server
keystore
To make the CA certificate chain available to WebSphere Application Server,
WebSphere Portal, and Workplace Services Express, you must use the key
management tool supplied by WebSphere Application Server to import the
certificates into the necessary Java Key Store (.jks) format key storage files. Note
that the key management tool supplied by WebSphere Application Server is
IKeyMan. IKeyMan supports the Java Key Store file formats necessary for
WebSphere Application Server and WebSphere Portal (it is in the
<wse_root>\AppServer\bin directory)
Complete the following steps:
1. From a command prompt, navigate to <wse_root>/AppServer/bin and
activate the IKeyMan utility by issuing the ikeyman.exe or ikeyman.sh
command from the command line, depending on your operating system.
2. Open the Java Key Store file that will be used by WebSphere Application
Server for LDAP over SSL. WebSphere Application Server provides a default
repertoire called DefaultSSLSetting. Use the default repertoire that contains
the default WebSphere Application Server trust file. Open the
DummyServerTrustFile.jks file located in the <wse_root>/etc directory. The
password for the dummy server trust file is WebAS.
3. Select Signer Certificates from the top drop-down menu, and then click Add,
as shown in Figure 7-80 on page 381.
380
IBM Workplace Services Express
Figure 7-80 Import the certificate to a WebSphere Application Server keystore
4. According to the data type of the certificate you created in the previous step,
select the corresponding data type (either Binary DER data or
Base64-encoded ASCII data). Locate the certificate file (for example,
certnew.cer), and then click OK.
5. Enter a name for the certificate and click OK.
6. Save the updated DummyServertrustfile.jks file and exit the utility.
7. Repeat the previous steps and import the same certificate into the
<wse_root>\AppServer\java\jre\lib\security\cacerts file. By default, the
password is “changeit”. Enter the same label you gave in the previous step.
This procedure imports the key certificate into the WebSphere Portal Server
key database.
8. Close the key database and quit IKeyMan.
Update the LDAP SSL settings. Perform the steps in the following section.
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
381
Configuring Workplace Services Express to access LDAP
using SSL
To configure Workplace Services Express to access LDAP using SSL, complete
the following steps:
1. Stop the Workplace Services Express servers, issuing the command:
On Windows:
<wse_root>\stopWorkplaceServices.bat -user admin_ID -password
admin_password <wse_root>\startWorkplaceServices.bat
On Linux:
<wse_root>/stopWorkplaceServices.sh -user admin_ID -password admin_password
<wse_root>/startWorkplaceServices.sh
2. Start server1 and log in to the WebSphere Application Server administrative
console. Perform the following tasks (see Figure 7-81):
a. Navigate to Security → User Registries → LDAP.
b. Select the SSL Enabled option (set sslEnabled to true).
c. Set the LDAP Port to 636.
d. Save the changes.
Figure 7-81 LDAP SSL security settings in WebSphere
382
IBM Workplace Services Express
3. Stop and restart WebSphere Application Server (server1). Remember to use
the -user and -password parameters.
4. Open the file <wse_root>\PortalServer\shared\app\wmm\wmm.xml in a text
editor. Find the ldapRepository name="wmmLDAP" tag, verify that
ldapPort="636" and that wmmGenerateExtId="false", and add
java.naming.security.protocol="ssl", as shown in Example 7-10.
Find the supportedLdapEntryTypes tag and delete all occurrences of
ibm-appUUIDAux from the objectClassForWrite attribute.
Example 7-10 Verify settings in wmm.xml
ldapPort="636".
wmmGenerateExtId="false".
java.naming.security.protocol="ssl".
5. Save and close the file.
6. Stop and restart WebSphere Application Server (server1):
On Windows:
<wse_root>\stopWorkplaceServices.bat -user admin_ID -password
admin_password <wse_root>\startWorkplaceServices.bat
On Linux:
<wse_root>/stopWorkplaceServices.sh -user admin_ID -password admin_password
<wse_root>/startWorkplaceServices.sh
(Optional) Closing down the non-SSL port of the LDAP user registry
server
Closing the non-SSL port of the directory will ensure that traffic exchanged with
the directory by WebSphere Application Server and Workplace Services Express
is confidential. To close the non-SSL port of the LDAP user registry server,
complete the following steps:
1. In IKeyMan, click Open, leave the Key database type as JKS, and choose the
cacerts key store under the <was_root>/java/jre/lib/security directory. The
default password for the key store is changeit.
2. Select Signer Certificates and click Add.
3. According to the data type of the certificate you created in the previous step,
select the corresponding data type (either Binary DER data or
Base64-encoded ASCII data). Locate the certificate file (for example,
certnew.cer), and then click OK.
4. Enter a name for the certificate and click OK.
5. Save the updated cacerts file.
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
383
6. In IKeyMan, click Open, leave the Key database type as JKS, and choose the
<was_root>/etc/DummyServertrustfile.jks file. By default, the password for
this file is WebAS.
7. Choose Signer Certificates and click Add.
8. According to the data type of the certificate you created in the previous step,
select the corresponding data type (either Binary DER data or
Base64-encoded ASCII data). Locate the certificate file (for example,
certnew.cer), and then click OK.
9. Enter a name for the certificate and click OK.
10.Save the updated DummyServertrustfile.jks file and exit the utility.
7.6 Configuring Workplace Services Express for Tivoli
Directory Server
In this section, we walk you through the configuration of IBM Tivoli Directory
Server and IBM Workplace Services Express.
Important: Refer to Chapter 2, “Installation and administration” on page 17 for
instructions about installing Workplace Services Express. This will ensure that
the various files you will be modifying in the following sections are present.
Take note to not start Workplace Services Express for the first time until you
have completed the following configuration.
7.6.1 Creating the required administrative accounts
Before you can configure Workplace Services Express to work with the LDAP
server, the LDAP user registry must have the appropriate administrative users
and user group information added, as shown in Table 7-7 on page 385.
Note: Refer to the IBM Tivoli Directory Server documentation and Information
Center for information about creating users and groups, available at:
http://publib.boulder.ibm.com/tividd/td/IBMDirectoryServer5.2.html
384
IBM Workplace Services Express
Table 7-7 Required administrative accounts
LDAP account
LDAP account name (as
they appear in the helper
files discussed here)
Name used to authenticate
the WebSphere
Application Server
administrator
WasUserid
Name used to authenticate
the Workplace Services
Express administrator
PortalAdminId
Notes
WasPassword
PortalAdminIdShort
PortalAdminPwd
Name of the Workplace
Services Express
administrator group
PortalAdminGroupId
Name that WebSphere
Member Manager uses to
access the LDAP directory
LDAPAdminUId
Name used to bind to the
LDAP directory in order to
authenticate the previous
names
LDAPBindID
PortalAdminGroupIdShort
LDAPAdminPwd
Group should include the
name of the Workplace
Services Express
administrator.
If this account has
read-only access,
Workplace Services
Express cannot make
changes to the directory
and users cannot use
self-registration to the site
(Sign up) or modify
attributes in the directory.
LDAPBindPassword
7.6.2 Configuring Tivoli Directory Server
If you are not connecting to an existing Tivoli Directory Server, refer to
Understanding LDAP: Design and Implementation, SG24-4986, which provides a
comprehensive step-by-step guide for installing IBM Tivoli Directory Server V5.2.
After installing Tivoli Directory Server V5.2, reboot the system. The IBM Directory
Server Configuration Tool launches. Complete the following steps:
1. Select Administrator DN/password, enter cn=root for the admin ID, enter a
password, and then click OK.
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
385
Important: If you fail to click OK before selecting another area from the left
navigation frame, all of your changes for that area will be lost. Every time
you complete an area, you must click OK or Finish to save your changes.
2. Select Configure database from the left-side navigator, click Create a new
database, and click Next.
3. Enter the DB2® ID. This is the ID you entered during Tivoli Directory Server
installation (we use db2admin) and a password. You do not need to create this
ID in advance; the installation created it for you.
4. Enter a database name. This can be any value. We use ldapdb2.
5. Select Create a universal DB2 database to handle international characters.
6. Select the appropriate drive based on space and click Next.
7. Review the list, and then click Finish.
Next, set your base DN. The base DN, as described in the 7.2, “LDAP basics” on
page 287, is the start of your LDAP tree and is typically your company’s domain
name. Complete the following steps:
1. Select Manage suffixes from the left-side navigator.
2. Enter the Suffix (we use dc=ibm,dc=com), and then click Add, as shown in
Figure 7-82 on page 387.
386
IBM Workplace Services Express
Figure 7-82 Adding a base DN to your LDAP server
3. Click OK to save your change; otherwise, your addition will be discarded.
Now, you can close the IBM Directory Server Configuration Tool and start your
LDAP server. To start your Directory Server server, go to Services and select
IBM Directory Server V5.2. Right-click and select Start.
WebSphere Application Server - Express and Directory Server
Web Administration Tool
To use the IBM Directory Server Web Administration Tool, start WebSphere
Application Server - Express so that you can connect to it with a browser.
Tip: Both the startserver command and the IBM Directory Server URL are
case-sensitive.
1. Open a command prompt, and change to the WebSphere Application Server Express bin directory. Our bin directory is located at C:\IBM\LDAP\appsrv\bin.
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
387
2. Issue the command startserver server1 to launch WebSphere Application
Server - Express.
As the server starts, you should see output similar to Example 7-11.
Example 7-11 WebSphere Application Server - Express startup
C:\IBM\LDAP\appsrv\bin>startserver server1
ADMU0116I: Tool information is being logged in file
C:\IBM\LDAP\appsrv\logs\server1\startServer.log
ADMU3100I: Reading configuration for server: server1
ADMU3200I: Server launched. Waiting for initialization status.
ADMU3000I: Server server1 open for e-business; process id is 2240
Now that WebSphere Application Server - Express is running, you can connect to
the IBM Directory Server Web Administration Tool and set up your LDAP server:
1. Launch a browser on the LDAP system and connect to
http://localhost:9080/IDSWebApp/IDSjsp/Login.jsp, or if you are working
remotely, change localhost to the fully qualified DNS name for the LDAP
system. In our example, we use:
http://lwp-ldap.cam.itso.ibm.com:9080/IDSWebApp/IDSjsp/Login.jsp
2. Select Console Admin, enter superadmin for the user name, and secret for
the password. These are default values for IBM Directory Server Web
Administration Tool, but you can change them if desired and should do so if
this will be a production LDAP server.
3. From the navigation pane, select Console administration → Manage
console servers, as shown in Figure 7-83 on page 389.
388
IBM Workplace Services Express
Figure 7-83 IBM Directory Server Web Administration Tool: Managing console servers
4. Click Add and enter the fully qualified DNS name of the LDAP server. Click
OK. SSL is supported, but we opted for the default 389 for ease of use.
5. Click Log out, and then log back in using the address from step 1 on
page 388.
6. Select your LDAP server from the pull-down list on the Login page.
7. Enter cn=root for the user name and enter the password. Click Login.
8. Select Directory management → Add an entry. Select organization and
click Next, as shown in Figure 7-84 on page 390.
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
389
Figure 7-84 IBM Directory Server Web Administration Tool
9. Select dcObject as an auxiliary object class, click Add, and then click Next.
10.Enter an appropriate base DN for your LDAP server. We use dc=ibm,dc=com
for the relative DN, left the parent DN blank, and enter ibm in both the dc and
o fields. Click Finish to save your changes.
Now that you have a base DN for your tree, you can continue to add entries
through the IBM Directory Server Web Administration Tool. Complete the
following steps:
1. Click Manage entries.
2. Select your base DN from the list.
3. Click Add.
4. Select the appropriate object class, typically inetOrgPerson for a person or
groupOfUniqueNames for a group.
5. Enter the name of the new entry, such as uid=grc. Or, if you have an LDIF file
with entries, you can import it using the IBM Directory Server Configuration
Tool.
390
IBM Workplace Services Express
Important: Entries for the entire tree must already have been added to the
LDAP server or else must exist in the LDIF file, and you cannot have duplicate
entries. For example, to use the LDIF file from Example 7-12 on page 391, if
the base DN has already been added (steps 8 through 10 on page 390), the
first entry must be removed from the LDIF file because it specifies the base
DN.
After you have set up the LDAP server, you can export your configuration as an
LDIF file in order to review it. (Example 7-12 provides an example of an LDIF
file.)
Understanding the LDIF file
Figure 7-85 shows a hierarchical overview of the entries in an example LDAP
tree. The first entry in the LDIF file is the base DN (in this case, DC=IBM,DC=COM).
The next three are the countries we added (C=de, C=mx, C=us). The following nine
entries are the people, groups, and resources repeated for each of the three
countries, and the last eight entries are the person entries.
DC=
C=
OU=
groups
de
people
ibm,com
mx
resources
Carlos Luz
Tatjana Savov
groups
people
us
resources
Alberto Bravo
groups
people
resources
Gregory Chadbourne
Jeffrey Slone
John Bergland
Phil Monson
William Tworek
Figure 7-85 Example LDAP tree
Example 7-12 shows the entries from our LDAP server exported as an LDIF file.
Example 7-12 Sample LDIF file
version: 1
dn: dc=ibm,dc=com
dc: ibm
objectclass: organization
objectclass: top
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
391
objectclass: dcObject
o: ibm
IBM-ENTRYUUID: f3a0014e-a1eb-484d-abbb-94c93ebb2e23
dn: c=us,dc=ibm,dc=com
objectclass: country
objectclass: top
c: us
IBM-ENTRYUUID: 43869e3d-74cd-46e3-97c6-6b56936d5ac0
dn: c=de,dc=ibm,dc=com
objectclass: country
objectclass: top
c: de
IBM-ENTRYUUID: 8e371761-197b-4c39-b311-1c0d2933da43
dn: c=mx,dc=ibm,dc=com
objectclass: country
objectclass: top
c: mx
IBM-ENTRYUUID: 97137382-2c55-41e5-b450-0acf8a9eb9c3
dn: ou=people,c=us,dc=ibm,dc=com
ou: people
objectclass: organizationalUnit
objectclass: top
IBM-ENTRYUUID: 34a8bb84-3aa2-4898-8915-eb65c9ac4ec9
dn: ou=people,c=de,dc=ibm,dc=com
ou: people
objectclass: organizationalUnit
objectclass: top
IBM-ENTRYUUID: 1be47768-112a-45f9-955d-12d911bc3011
dn: ou=people,c=mx,dc=ibm,dc=com
ou: people
objectclass: organizationalUnit
objectclass: top
IBM-ENTRYUUID: 44e5e565-e2b4-4d4c-aa2f-1378165446bc
dn: ou=groups,c=us,dc=ibm,dc=com
ou: groups
objectclass: organizationalUnit
objectclass: top
IBM-ENTRYUUID: 7f63e24e-5f92-4ed4-ac1b-184df8ae0a70
dn: ou=groups,c=de,dc=ibm,dc=com
ou: groups
objectclass: organizationalUnit
392
IBM Workplace Services Express
objectclass: top
IBM-ENTRYUUID: 02e7d16f-9edd-413a-9891-04ced4e322a6
dn: ou=groups,c=mx,dc=ibm,dc=com
ou: groups
objectclass: organizationalUnit
objectclass: top
IBM-ENTRYUUID: a1859fe0-d5eb-4cbb-ba21-d4f28a21024f
dn: ou=resources,c=us,dc=ibm,dc=com
ou: resources
objectclass: organizationalUnit
objectclass: top
IBM-ENTRYUUID: 1a2347df-b966-43ef-a802-390aac48fe9f
dn: ou=resources,c=de,dc=ibm,dc=com
ou: resources
objectclass: organizationalUnit
objectclass: top
IBM-ENTRYUUID: 5192cd7f-0ae3-4eee-be3d-9558e8cb720a
dn: ou=resources,c=mx,dc=ibm,dc=com
ou: resources
objectclass: organizationalUnit
objectclass: top
IBM-ENTRYUUID: f7ef23fe-9594-4d06-b0ef-de08b5a58208
dn: uid=cluz,ou=people,c=de,dc=ibm,dc=com
objectclass: inetOrgPerson
objectclass: organizationalPerson
objectclass: person
objectclass: top
cn: Carlos Luz
sn: Luz
telephonenumber: 1-812-855-5923
mail: [email protected]
displayname: Carlos Luz
uid: cluz
IBM-ENTRYUUID: c18aecb5-d256-49a3-9a97-222faf75b95c
dn: uid=abravo,ou=people,c=mx,dc=ibm,dc=com
objectclass: inetOrgPerson
objectclass: organizationalPerson
objectclass: person
objectclass: top
cn: Alberto Bravo
sn: Bravo
telephonenumber: 1-812-855-7509
mail: [email protected]
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
393
displayname: Alberto Bravo
uid: abravo
IBM-ENTRYUUID: d8bbe20c-c48e-45fe-941e-0da2c1f8fb69
dn: uid=grc,ou=people,c=us,dc=ibm,dc=com
objectclass: inetOrgPerson
objectclass: organizationalPerson
objectclass: person
objectclass: top
cn: Greg Chadbourne
sn: Chadbourne
telephonenumber: 1-812-855-7453
mail: [email protected]
displayname: Greg Chadbourne
uid: grc
IBM-ENTRYUUID: 570adebd-ead1-4d98-8ea9-5701eaef58a0
dn: uid=tsavov,ou=people,c=de,dc=ibm,dc=com
objectclass: inetOrgPerson
objectclass: organizationalPerson
objectclass: person
objectclass: top
cn: Tatjana Savov
sn: Savov
telephonenumber: 1-812-855-5231
mail: [email protected]
displayname: Tatjana Savov
uid: tsavov
IBM-ENTRYUUID: 82740ad5-99d7-4abd-af55-1c4e25acdcc8
dn: uid=jslone,ou=people,c=us,dc=ibm,dc=com
objectclass: inetOrgPerson
objectclass: organizationalPerson
objectclass: person
objectclass: top
cn: Jeff Slone
sn: Slone
telephonenumber: 1-812-855-8609
mail: [email protected]
displayname: Jeff Slone
uid: jslone
IBM-ENTRYUUID: a7255e2b-ed57-4d02-b797-b2f1e9af53da
dn: uid=btworek,ou=people,c=us,dc=ibm,dc=com
objectclass: inetOrgPerson
objectclass: organizationalPerson
objectclass: person
objectclass: top
cn: Bill Tworek
394
IBM Workplace Services Express
sn: Tworek
telephonenumber: 1-812-855-7551
mail: [email protected]
displayname: Bill Tworek
uid: btworek
IBM-ENTRYUUID: b557561b-c963-4d12-82d7-3f1010528e85
dn: uid=jbergland,ou=people,c=us,dc=ibm,dc=com
objectclass: inetOrgPerson
objectclass: organizationalPerson
objectclass: person
objectclass: top
cn: John Bergland
sn: Bergland
telephonenumber: 1-812-855-7550
mail: [email protected]
displayname: John Bergland
uid: jbergland
IBM-ENTRYUUID: 5a355798-5948-4642-b30a-70db6d2c93b6
dn: uid=pmonson,ou=people,c=us,dc=ibm,dc=com
objectclass: inetOrgPerson
objectclass: organizationalPerson
objectclass: person
objectclass: top
cn: Phil Monson
sn: Monson
telephonenumber: 1-812-855-7533
mail: [email protected]
displayname: Phil Monson
uid: pmonson
IBM-ENTRYUUID: 852c3680-547e-4d4c-88a1-0d3ba6e9a398
7.6.3 Configuring Workplace Services Express files
Note: The following manual file configuration is not required for Workplace
Services Express V2.5, only for Workplace Services Express V2.0.
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
395
To configure Workplace Services Express files, complete the following steps:
1. The WebSphere Member Manager ExtID must be mapped to a field that can
contain a string to uniquely identify an entry. In Tivoli Directory Server, we use
the unique field IBM-ENTRYUUID. Complete the following tasks:
a. Open the following file in edit mode:
<wse_root>\PortalServer\config\templates\wmm\wmm_LDAP.xml.IBM_DI
RECTORY_SERVER.3.wmm
b. Search for the <ldapRepository> tag, and set the wmmGenerateExtId
attribute to false, as shown in Example 7-13.
Example 7-13 <ldapRepository> tag
<ldapRepository name="wmmLDAP"
UUID="LDAP1"
adapterClassName="com.ibm.ws.wmm.ldap.ibmdir.IBMDirectoryAdapterImpl"
supportDynamicAttributes="false"
configurationFile="@[email protected]/wmm/wmmLDAPServerAttributes.xml"
wmmGenerateExtId="false"
c. Now, search for the <supportedLdapEntryTypes> tag and delete all
occurrences of ibm-appUUIDAux and ibm-appUUID. For example, the
following tag:
objectClassesForWrite="@[email protected];ibm-appUUIDAux"
Would become:
objectClassesForWrite="@[email protected]"
d. Save and close the file.
2. Configure WebSphere Member Manager to use ibm-appUUID:
a. Open the following file in edit mode:
<wse_root>\PortalServer\config\templates\wmm\wmmLDAPAttributes_IB
M_DIRECTORY_SERVER.xml
b. Search for the <attributeMap> tag for the external identifier and change
the pluginAttributeName parameter to ibm-entryUUID, as shown in
Example 7-14.
Example 7-14 <attributeMap> tag
<attributeMap wmmAttributeName="extId"
applicableMemberTypes="Person;Group;Organization;OrganizationalUnit"
pluginAttributeName="ibm-entryUUID"
dataType="String"
multiValued="false"
readOnly="true" />
396
IBM Workplace Services Express
c. Save and close the file.
7.6.4 Configuring optional read-only access to the LDAP directory
If you configure read-only access to the LDAP directory, be sure that the account
name you use to populate the LDAPAdminUid field has no more than read
access to the directory. If you configure read-only access, you must add new site
users and manage user information through the mechanism provided by your
LDAP server. New users to the site will not be able to use the Sign up feature, nor
will they be able to manage their personal information through Edit my profile. If
you leave these features available on the site, an error message will be
generated if a user attempts to use them.
Complete the following steps:
1. Open the following file in a text editor:
install_root\PortalServer\config\templates\wmm\wmm_LDAP.xml.IBM_DIREC
TORY_SERVER.3.wmm
Find the <ldapRepository> tag and add the following attribute, as shown in
Example 7-15:
ignoreReadOnlyUpdate="true"
Example 7-15 <ldapRepository> tag
<ldapRepository name="wmmLDAP"
UUID="LDAP1"
adapterClassName="com.ibm.ws.wmm.ldap.ibmdir.IBMDirectoryAdapterImpl"
supportDynamicAttributes="false"
configurationFile="@[email protected]/wmm/wmmLDAPServerAttributes.xml"
wmmGenerateExtId="false"
supportGetPersonByAccountName="true"
profileRepositoryForGroups="LDAP1"
supportTransactions="false"
adminId="@[email protected]"
adminPassword="@[email protected]"
ldapHost="@[email protected]"
ldapPort="@[email protected]"
ldapTimeOut="6000"
ldapAuthentication="SIMPLE"
ldapType="0"
groupCacheRefreshInterval="-1"
ignoreReadOnlyUpdate="true">
2. Open the following file in a text editor:
<wse_root>\PortalServer\config\templates\wmm\wmmLDAPAttributes_IBM_
DIRECTORY_SERVER.xml
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
397
Set the readOnly attribute to true for every attributeMap tag. If it does not
exist, you need to add it. There are a large number attributeMap tags to be
altered. Example 7-16 shows a small subset of the tags that exist in that file.
You will, however, need to alter all of them.
Example 7-16 wmmLDAPAttributes_IBM_DIRECTORY_SERVER.xml file
<attributeMap wmmAttributeName="uid"
pluginAttributeName="samAccountName"
applicableMemberTypes="Person"
requiredMemberTypes="Person"
dataType="String"
valueLength="32"
multiValued="false"
readOnly="true"/>
<attributeMap wmmAttributeName="sn"
pluginAttributeName="sn"
applicableMemberTypes="Person"
requiredMemberTypes="Person"
dataType="String"
valueLength="128"
multiValued="true"
readOnly="true" />
7.6.5 Disabling Workplace Services Express security
Security must first be disabled and then re-enabled with the appropriate LDAP
information. The following file that is used to disable security can, in fact, be left
at its default values. Workplace Services Express does not use these parameters
at this point. It simply disables security. However, instructions for modifying it are
listed for reference.
Important: Before running the Workplace Services Express LDAP
configuration wizard for disabling security, change the soap.client.props file in
<wse_root>\AppServer\properties\soap.client.props as follows:
com.ibm.SOAP.requestTimeout=6000
Complete the following steps:
1. Open the following file in a text editor:
<wse_root>\PortalServer\config\helpers\security_disable.properties
2. Change the values for the properties shown in Table 7-8 on page 399.
398
IBM Workplace Services Express
Note: The fully qualified distinguished name is always required as the
value when configuring these settings.
Table 7-8 Security_Disable file properties
Property
Value
PortalAdminId
Enter the user ID that you entered during installation
and make sure that it is formatted appropriately, such
as:
cn=PortalAdminId,cn=users,dc=yourco,dc=com
PortalAdminIdShort
The short form of the user ID that you entered during
installation, such as:
PortalAdminIdShort
PortalAdminPwd
Enter the password that you entered during installation.
PortalAdminGroupId
Enter the name of the administrator group and make
sure that it is formatted appropriately, such as:
cn=PortalAdminGroupId,cn=groups,dc=yourco,dc=com
7.6.6 Enabling Workplace Services Express security
These steps enable you to pre-populate the helper file with your environments
values.
Note: The following steps are optional, because the bulk of these values can
be entered directly into the configuration wizard windows as part of the
Transfer security to LDAP option.
It is worth interrogating the LDAP directory with an LDAP browser before starting.
This is an excellent way to verify the various strings and accounts you will be
entering in the following steps (refer to 7.2.2, “Testing your LDAP directory
connection” on page 288).
Complete the following steps:
1. Open the following file in a text editor:
wse_root\PortalServer\config\helpers\security_ibm_dir_server.properties.
2. Change the values for the properties shown in Table 7-9 on page 400. This
table gives a broad description of the various fields you will encounter in the
helper file and also through the enable security install wizard windows. Map
these parameters to your specific environment using the values in the table as
a guide.
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
399
Note: The fully qualified distinguished name is always required as the
value when configuring these settings.
Table 7-9 Properties for Domino LDAP security
400
Property
Value
WasUserid
Enter the user ID that you entered during installation
and make sure that it is formatted appropriately, such
as:
cn=wpsadmin,o=IBM
WasPassword
Enter the password that you entered during installation.
WpsHostName
Enter the host name for Workplace Services Express.
PortalAdminId
Enter the user ID that you entered during installation
and make sure that it is formatted appropriately, such
as:
cn=wpsadmin,o=IBM
PortalAdminIdShort
The short form of the user ID that you entered during
installation, such as:
wpsadmin
PortalAdminPwd
Enter the password that you entered during installation.
PortalAdminGroupId
Enter the name of the administrator group and make
sure that it is formatted appropriately, such as:
cn=wpsadmins
PortalAdminGroupIdShort
The short form of the administrator group ID, such as:
Wpsadmins
LTPAPassword
Enter the password that is appropriate for your
environment. This is the password that is used to
encrypt and decrypt the LTPA keys.
LTPATimeout
Enter a numeric value that specifies the time period in
minutes at which an LTPA token will expire.
SSODomainName
Enter your domain name, for example:
yourdomain.ibm.com
LookAside
Enter true. Important: This value must be set to true.
LDAPHostName
Enter the host information for your LDAP server, such
as:
yourldapservername.com
IBM Workplace Services Express
Property
Value
LDAPPort
Enter the port number for the LDAP server that
Workplace Services Express will use, for example: 389
LDAPAdminUId
Enter the LDAP administrator ID, for example:
cn=wpsadmin,o=IBM.
LDAPAdminPwd
Enter the LDAP administrator password.
LDAPServerType
Do not change; leave as DOMINO502.
LDAPBindID
Enter the user ID for LDAP user authentication and
make sure that it is formatted appropriately, such as:
cn=wpsbind,o=IBM
Note: Specify a user account for searching the LDAP
directory.
LDAPBindPassword
Enter the password.
LDAPSuffix
Leave blank.
LdapUserPrefix
Leave as cn, or change it to adapt for your environment.
LDAPUserSuffix
Leave blank.
LdapGroupPrefix
Leave as cn, or change it to adapt for your environment.
LDAPGroupSuffix
Leave blank.
LDAPUserObjectClass
Leave as inetOrgPerson, or change it to adapt to your
environment.
LDAPGroupObjectClass
Leave as groupOfNames, or change it to adapt to your
environment.
LDAPGroupMember
Leave as uniqueMember, or change it to adapt to your
environment.
LDAPUserFilter
Enter the key that is used to configure the user filter,
such as:
(&(|(cn=%v)(uid=%v))(objectclass=inetOrgPerson))
LDAPGroupFilter
Enter the key that is used to configure the group filter,
such as:
(&(cn=%v)(|(objectclass=groupOfNames)(objectclas
s=groupOfUniqueNames)))
3. Save and close the file.
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
401
Running the LDAP configuration wizard
The LDAP configuration wizard is a GUI-driven wizard that can enable and
disable security for Workplace Services Express.
If you have not done so already, it is worth interrogating the LDAP directory with
an LDAP browser before starting (refer to 7.2.2, “Testing your LDAP directory
connection” on page 288).It is essential that the LDAP directory and user
accounts are correctly configured and operational; otherwise, the wizard will fail.
Complete the following steps:
1. Ensure that you are logged in to the system with administrator privileges
(refer to the Chapter 2, “Installation and administration” on page 17 for more
information about the required administrator privileges). Open a command
prompt and navigate to <wse_root>/subtasks and enter the following
command:
startNetworkServer.bat
For Linux:
startNetworkServer.sh
2. Navigate to the directory <wse_root>/Appserver/bin and enter the following
command:
startServer server1
3. Finally, navigate to the directory <wse_root>PortalServer\config\wizard and
start the configuration wizard by running:
configwizard.bat
For Linux:
configwizard.sh
402
IBM Workplace Services Express
4. Select the language that the wizard will use and click OK, as shown in
Figure 7-86.
Figure 7-86 Start NetworkServer and server1 and launch LDAP configuration wizard
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
403
5. Select the Disable security option and click Next, as shown in Figure 7-87.
Figure 7-87 Disable security
404
IBM Workplace Services Express
6. The wizard requests a User name and Password to continue. Enter the user
name and the password you set at installation time (in this example, wpsadmin
and wpsadmin) and click Next, as shown in Figure 7-88.
Figure 7-88 User name and Password
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
405
7. The wizard requests the properties file to use when disabling security, as
shown in Figure 7-89. Accept the default and click Next.
Figure 7-89 Keep the default file for disabling security
406
IBM Workplace Services Express
8. Leave the security_disable.properties file entries as default, as shown in
Figure 7-90. As mentioned earlier, Workplace Services Express does not
actually use these parameters; it simply disables security.
Figure 7-90 Leave the default values
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
407
9. Click Next and wait until you receive the successful confirmation message, as
shown in Figure 7-91.
Note: The disable security task can take a long time to complete. Do not
stop or cancel the task while it is in progress.
Figure 7-91 Disable security task completed successfully
10.Click the Run Wizard Again button.
408
IBM Workplace Services Express
11.Select the Enable LDAP security option, as shown in Figure 7-92. Click
Next.
Figure 7-92 Enable LDAP security
12.Select the IBM Directory Server option from the list of supported LDAP
servers and click Next.
Note: If you previously modified the security_ibm_dir_server.properties
file, you will just be verifying your previous entries.
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
409
13.Accept the path to your security_ibm_dir_server.properties helper file, as
shown in Figure 7-93. Click Next.
Figure 7-93 Verify the path to your security_ibm_dir_server.properties file
410
IBM Workplace Services Express
14.Using your LDAP browser as a verification tool, fill in the LDAP information, as
shown in Figure 7-94. Leave sslEnable as false if you are not using SSL. Note
that the LDAPSuffix refers to your base DN or search base. Click Next.
Figure 7-94 Enter your LDAP server information
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
411
15.Continue verifying or entering LDAP information after the previous input has
been validated, as shown in Figure 7-95.
Figure 7-95 Continue entering LDAP information
412
IBM Workplace Services Express
16.Confirm the settings and click Next, as shown in Figure 7-96.
Figure 7-96 Confirm the settings
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
413
17.Confirm the settings and click Next, as shown in Figure 7-97.
Figure 7-97 Confirm the settings
414
IBM Workplace Services Express
18.Confirm your settings, or enter more LDAP information, and click Next, as
shown in Figure 7-98.
Figure 7-98 Confirm the settings, or enter your LDAP information
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
415
19.Keep entering appropriate LDAP information. It is possible to enable single
sign-on (SSO) at a later point. The details listed in Figure 7-99 are used to
configure the Workplace Services Express side of the SSO solution. Choose
an LTPA password and keep it safe. It will be required later when you export
the LTPA token.
Figure 7-99 Enter LDAP information and select an LTPA password
416
IBM Workplace Services Express
20.Confirm the settings and click Next, as shown in Figure 7-100.
Figure 7-100 Confirm the settings
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
417
21.Continue to either confirm the setting, or enter your LDAP settings, as shown
in Figure 7-101. Click Next.
Figure 7-101 Continue confirming or entering LDAP settings
418
IBM Workplace Services Express
22.Confirm the LDAP filter settings, as shown in Figure 7-102. These fields refer
to the various attributes in your LDAP directory with which you can use to log
in. Click Next.
Figure 7-102 Confirm LDAP filters
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
419
23.Enable security will now be ready to run, as shown in Figure 7-103. Click
Next.
Figure 7-103 Enable security is now ready to run
24.When the wizard completes, click Finish.
7.6.7 Configuring access to Tivoli Directory Server over SSL
To configure access to IBM Tivoli Directory Server over SSL, generate or import
certificates as necessary and activate SSL on the directory. It is possible for IBM
Tivoli Directory Server to use either self-signed certificates or signing certificates
signed by a certificate authority (CA) to enable LDAP over SSL. IBM Directory
Server includes a security key management utility, such as gsk7ikm, which can
be used to generate a self-signed certificate or to import purchased certificates
into the IBM Directory Server keystore. We recommend consulting the IBM
Redbook Understanding LDAP: Design and Implementation, SG24-4986, for
complete details about how to import a CA certificate or create a self-signed
certificate in a key database file and extract that certificate so that it can be
moved to WebSphere Application Server and Workplace Services Express. The
following steps are an overview of the steps to create a self-signed certificate:
1. Activate the security key management utility, for example, gsk7ikm.
420
IBM Workplace Services Express
2. Open an existing Certificate Management System (CMS) key database file if
your directory server is already configured for SSL, or create a new CMS key
database file. If you open an existing file, you must provide the password for
that file. If you create a new file, you are asked to supply a password to secure
access to that file. You must remember that password.
3. Within that CMS key database file, create a new self-signed certificate, using
X.509 Version 3 format and 1024-bit key size. Give the certificate a label. You
must remember this label.
4. Extract the new self-signed certificate as a certificate file using
Base64-encoded ASCII data as the data type. This will save the certificate to
a file name of your choice with an extension of .arm.
5. If it is not already configured, set up IBM Directory Server for LDAP over SSL
using the CMS key database file containing the self-signed certificate. For
details about this step, consult the IBM Directory Server documentation.
6. Move the LDAP server certificates to WebSphere Application Server and
Workplace Services Express. Make the signing certificate from IBM Directory
Server (either the CA certificate or the self-signed certificate) available to the
WebSphere Application Server and Workplace Services Express machine.
This can be done by moving the file through a network transfer or removable
media. Note that a CA certificate must be in Base64-encoded ASCII data
format as an .arm file in order to be imported by the WebSphere Application
Server key management utilities.
Importing certificates to a WebSphere Application Server
keystore
To make either the self-signed certificate or the CA certificate chain available to
WebSphere Application Server, WebSphere Portal, and Workplace Services
Express, you must use the key management tool supplied by WebSphere
Application Server to import the certificates into the necessary Java Key Store
(.jks) format key storage files. Note that the key management tool supplied by
WebSphere Application Server is IKeyMan. IKeyMan supports the Java Key
Store file formats necessary for WebSphere Application Server and WebSphere
Portal (it is in the <wse_root>\AppServer\bin directory).
Note: IKeyMan is not the same as the IBM Directory Server key management
tool, even though the user interface is very similar. IKeyMan supports the Java
Key Store file formats necessary for WebSphere Application Server and
Workplace Services Express, while the IBM Directory Server key
management tool does not. Consult the WebSphere Application Server
documentation and Understanding LDAP: Design and Implementation,
SG24-4986, for details about how to use this tool.
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
421
Complete the following steps:
1. Activate the IKeyMan utility by issuing the ikeyman.exe or ikeyman.sh
command from the command line, depending on your operating system
(again, in the <wse_root>\AppServer\bin directory).
2. Open the Java Key Store file that will be used by WebSphere Application
Server for LDAP over SSL. The user can create new key files and define a
new SSL repertoire. WebSphere Application Server provides a default
repertoire called DefaultSSLSetting. Use the default repertoire that contains
the default WebSphere Application Server server trust file. Open
DummyServerTrustFile.jks located at was_root/etc directory. The password to
the dummy server trust file is WebAS.
3. Select Signer Certificates from the top drop-down menu, and then click Add,
as shown in Figure 7-104.
Figure 7-104 Import the certificate to a WebSphere Application Server keystore
4. Select Base64-encoded ASCII data as the data type, and browse to the
certificate file of that type that you exported.
422
IBM Workplace Services Express
5. You will be asked for a label for the new certificate. Enter the same value that
you specified for the label when you created the certificate.
6. Close the key database and quit IKeyMan.
Chapter 7. Configuring IBM Workplace Services Express for external LDAP directories
423
424
IBM Workplace Services Express
8
Chapter 8.
Troubleshooting, tips, and
techniques for IBM
Workplace Services Express
This chapter provides assistance with troubleshooting issues encountered with
IBM Workplace Services Express and tips and techniques for general use of
Workplace Services Express. We divide this chapter into the following sections:
򐂰
򐂰
򐂰
򐂰
򐂰
򐂰
򐂰
򐂰
򐂰
򐂰
򐂰
򐂰
򐂰
򐂰
Troubleshooting overview
Troubleshooting methodology (problem isolation)
Install and system logs
Runtime issues: Unable to install portlets
LDAP troubleshooting
Optimization
Instant messaging
Lists
Templates
Themes
Backup and recovery
Security: Session timeout
Documents
Updating Microsoft Exchange 5.5 portlets
© Copyright IBM Corp. 2005. All rights reserved.
425
8.1 Troubleshooting overview
The most common problems you will see after you overcome any potential
installation issues are Java exceptions or JavaScript errors in the different
portlets. In order to properly troubleshoot an issue with IBM Workplace Services
Express, you must know each component of the system so that you can classify
a problem and address it with the appropriate tool.
Previous chapters introduced you to the Workplace Services Express software
stack, which uses the standard IBM products WebSphere Application Server and
WebSphere Portal and offers the flexibility to choose a LDAP server from IBM
products such as Lotus Domino and IBM Tivoli Directory Server or other
industry-standard LDAP servers.
Your organization likely will need to troubleshoot some core skills:
򐂰 Operating system administration, including installing, managing, using file
systems, and maintaining users and groups. Remote system management
tool expertise is necessary as well.
򐂰 Windows administration, including Task Manager, Explorer, Control Panel,
Event Viewer, command prompt, and scheduler.
򐂰 Linux administration, including df, pstat, top, more, tail, grep, and login.
򐂰 Network administration, including ping, netstat, ipconfig, and Telnet.
򐂰 WebSphere Application Server and WebSphere Portal administration.
򐂰 LDAP administration.
You should follow this best practice whenever you encounter a problem: Exhaust
all troubleshooting steps before changing anything in your environment. The
problem could be made worse by taking drastic action such as changing files.
In the end, if you must change your configuration, modify files, or replace files,
make certain to keep a copy of any files that you changed or replaced, and make
sure you have a current backup of your environment.
8.2 Troubleshooting methodology (problem isolation)
The best methodology to follow when trying to isolate and solve an issue with
Workplace Services Express is to always start with the simple things first.
Common sense dictates that many problems are the most basic, such as a
server running out of disk space. Consider the following possibilities:
򐂰 Are there any network problems in your environment?
426
IBM Workplace Services Express
򐂰 Is your LDAP server available?
򐂰 Can you reproduce the reported issue?
򐂰 Is the issue intermittent or consistent?
򐂰 Is the problem a total system failure or an issue with one of the functional
areas such as team spaces?
򐂰 Was anything recently changed in your Workplace Services Express
environment? Have you checked with your administrators?
򐂰 Do you have the exact syntax of any error messages?
8.3 Install and system logs
These sections describe the logs that are available in your Workplace
environment. A general best practice is to examine the logs in conjunction with
each other and remember that an issue that does not appear in one log just
might appear in others. You will understand this logic after reading this chapter.
8.3.1 Install logs
When Workplace Services Express is installed on a server, it creates a number
of logs as part of the extraction and installation process. The install log files for
Workplace Services Express are located in the following directories:
򐂰 During the installation, the log will be created in %TEMP% (Microsoft
Windows) or /tmp (Linux). Typically on a Windows server™, this will be in
C:\Documents and Settings\Administrator\Local Settings\Temp, where C is
the primary disk drive in the server.
򐂰 The logs created in the directory just listed are also copied to the
<wse>\PortalServer\log directory.
During the installation of Workplace Services Express, the following logs are
created:
򐂰 wpinstalllog.txt: This is the main log for the Install Shield Multi Platform (ISMP)
installer for Workplace Services Express.
򐂰 LocalizeTrace.archiven.log, where n is 1-6
– Logs 1-5 are for the archive extraction of the product.
– Log 6 is the fix-up step, same as /tmp/LocalizeTrace.log.
򐂰 LocalizeErr.archiven.log, where n is 1-6
– Logs 1-5 are for the archive extraction of the product.
Chapter 8. Troubleshooting, tips, and techniques for IBM Workplace Services Express
427
– Log 6 is the fix-up step, same as /tmp/LocalizeTrace.log.
When you are trying to identify issues with Workplace Services Express during
the installation if there is an error during the extract or localization, the details will
be written to the LocalizeErr.archiven.log. Any failures that occur during the fix-up
process of the installation will be recorded in either the LocalizeTrace.log or
LocalizeTrace.archive6.log.
8.3.2 WebSphere and Workplace Services Express system logs
By default, WebSphere Application Server, WebSphere Portal, and Workplace
Services Express create SystemOut.log and SystemErr.log files in the following
locations:
򐂰 <wse_root>\AppServer\logs\LotusWorkplace_Server
򐂰 <wse_root>\PortalServer\log
The SystemOut file contains any normal messages sent from the WebSphere
Portal and Workplace applications or from WebSphere Application Server itself.
Starting, stopping, and initializing Web applications can be seen here. Also, if
there is an exception in a Web application, you might find it here.
The SystemErr file writes any exceptions that the WebSphere Portal, Workplace
Services Express, or even WebSphere Application Server might have thrown.
Examine it closely for a concurrent date and time stamp and then an error or
exception itself.
The key thing to search for in the logs is the nine-character statement in
approximately the middle of each line in this format:
SRVE0180I
The last letter in the statement indicates whether this is an error, warning, or
informational message:
Informational
Error
Warning
Ends in I
Ends in E
Ends in W
The default for logs is one active and one historical log, which WebSphere
automatically rolls over as they reach their 1 MB size limit. To capture important
information for troubleshooting intermittent or verbose issues, we recommend
increasing the default log size to 10 MB using the WebSphere Application Server
administrative console.
428
IBM Workplace Services Express
8.3.3 WebSphere Portal log
The SystemOut.log file for WebSphere Portal is in the
<wse_root>\WebSphere\PortalServer\log hierarchy. It will be useful in your
troubleshooting efforts primarily in two scenarios (see Example 8-1):
򐂰 Examine it in conjunction with the WebSphere Application Server SystemOut
log, because all portlets write their exceptions here.
򐂰 If you are troubleshooting a Team Collaboration issue and enable tracing, the
output will appear here because team spaces, applications, chats and
document libraries all use the WebSphere Portal Content Publishing
components.
Example 8-1 Information messages from the PortalServer\log\SystemOut.log
[30/03/05 09:08:03:033 EST] caecef3 WebContainer
Module: Portal Form Library.
[30/03/05 09:08:03:053 EST] caecef3 WebGroup
Library] [/lwp/formsLibraryPortlet] [Servlet.LOG]:
[30/03/05 09:08:03:273 EST] caecef3 WebGroup
Library] [/lwp/formsLibraryPortlet] [Servlet.LOG]:
[30/03/05 09:08:03:273 EST] caecef3 WebGroup
Library] [/lwp/formsLibraryPortlet] [Servlet.LOG]:
[30/03/05 09:08:03:283 EST] caecef3 WebGroup
Library] [/lwp/formsLibraryPortlet] [Servlet.LOG]:
[30/03/05 09:08:03:283 EST] caecef3 WebGroup
Library] [/lwp/formsLibraryPortlet] [Servlet.LOG]:
A SRVE0169I: Loading Web
I SRVE0180I: [Portal Form
JSP 1.2 Processor: init
I SRVE0180I: [Portal Form
FormLoginServlet: init
I SRVE0180I: [Portal Form
FormLogoutServlet: init
I SRVE0180I: [Portal Form
SimpleFileServlet: init
I SRVE0180I: [Portal Form
InvokerServlet: init
8.3.4 Trace settings
Message logging and diagnostic trace, although similar in concept, have a key
difference: A log message entry is intended to be viewed and (we hope) clearly
understood by end users, systems administrators, and support personnel, while
a trace entry is intended for service engineers or developers. Trace records can
be more complex, verbose, and detailed than log messages. Trace entries can
be fairly inscrutable, understandable only by the appropriate developer or service
personnel. As a result, enabling tracing for Workplace Services Express should
be done at the direction of IBM Technical Support to diagnose a specific issue.
Important: Enabling Workplace Services Express tracing is resource
intensive. Your server will perform slower and disk space will be used at
approximately 100 MB per hour if enabled for all Workplace Services Express
components.
Chapter 8. Troubleshooting, tips, and techniques for IBM Workplace Services Express
429
8.3.5 Installation issues
This section describes some potential issues that might occur during the
installation of Workplace Services Express:
򐂰 The installation fails with an error related to extraction of the JAR or archive
files at any point during the process. This occurs when a file within the
installation media is corrupt. This issue has been experienced with faulty CDs
that contain the software and on a faulty CD drive.
򐂰 When running the fix-up component of the installation on Linux, the process
might fail when updating text in files that might no longer be present. This
might be due to multiple processors, or files being deleted by another
process, such as two install processes running at the same time or an
incomplete installation. Ensure that all other applications are such closed
during the installation. If the installation failed, ensure that you have removed
all the files and folders related to the failed installation.
򐂰 On a Windows 2003 Server with Terminal Services installed, even if it is not
being used, the installation can encounter problems. There are two modes,
the Execute and Install modes. You need to be in Install mode to install
Workplace Services Express. The install.bat will force this automatically. Do
not start from the installer, because you will be in the wrong mode.
򐂰 The Linux: LD_ASSUME_KERNEL environment variable for Java needs a
value. You need one value for Red Hat 9+, another for SUSE 9.1+. These are
not officially supported, but a customer might insist on using this version for
example in a proof of concept. The install.sh script will try to determine the
correct value (if any) if not already set for certain releases. The
PortalArchiveInstaller will bootstrap values into scripts if a value is set, so for a
different Linux distribution/level, the following actions might solve this
problem:
– Update the install.sh script to set or clear LD_ASSUME_KERNEL as
needed.
Or:
– Set LD_ASSUME_KERNEL prior to invoking the install.sh script to install
Workplace Services Express.
Other common installation issues are:
򐂰 If you have errors during the execution of scripts, search the log file for
localhost to see whether you forgot to set the host name to the correct value.
򐂰 If a personal firewall is installed on the client machine, disable pop-up
blocking; otherwise, Workplace windows (such as for instant messaging)
cannot open.
430
IBM Workplace Services Express
򐂰 The installer does not start:
– If you copied the Workplace Services Express CD sets onto a local hard
drive, make sure that you did not rename the directories and that you kept
their relative structure.
– If you copied the Workplace Services Express directories into one
directory, make sure that the directory name does not contain a blank
followed by a slash, because the installer will not start then.
– If the installer still does not start, locate the temp directory for the user you
are logged on as and check for a directory named 1. If it does not exist,
create a new directory under temp and name it 1.
Important: Workplace Services Express does not support reverse proxies.
8.4 Runtime issues: Unable to install portlets
If you are unable to install portlets and you get an error, first look at the log files,
especially wps_dateandtime.log and the SystemOut.log in the
<wse_root>\PortalServer\log directory.
If you find an error of the type shown in Example 8-2, it can be caused by several
situations.
Example 8-2 Error example
com.ibm.websphere.management.exception.ConnectorException: ADMC0053E: Could not
create SOAP Connector to connect to host localhost at port 8881 with SOAP
Connector security enabled.
at
com.ibm.websphere.management.AdminClientFactory.createAdminClient(AdminClientFa
ctory.java:344)
at
com.ibm.wps.pe.mgr.appserveradmin.WAS5AdminServiceHelper.getAdminClient(WAS5Adm
inServiceHelper.java:315)
Check the following information:
򐂰 In the DeploymentService.properties file located in the
<wse_root>\PortalServer\shared\app\config\services directory, the
was.admin.host property must be set to the real host name and not to
localhost, as shown in Example 8-3 on page 432.
Chapter 8. Troubleshooting, tips, and techniques for IBM Workplace Services Express
431
Example 8-3 Real host name, not localhost
# WAS administrative host name
# This parameter will be used to adapt to the WAS administration bootstrap host
#name,
# if the default is not applicable
#
# Default: localhost
#
was.admin.host = wse2.cam.itso.ibm.com
򐂰 Deployment credentials: WebSphere Portal is not able to find the WebSphere
Application Server admin user that is set up in user.deployment.
Check the credential slot and verify that this is correct. Log in to WebSphere
Portal as administrator and go to Administration → Access →
Credential Vault, as shown in Figure 8-1. Look for the deployment.user.
There should also be deployment.truststore and deployment.keystore. The
deployment.user should have the admin ID in it with the password. As a
default, the deployment.keystore user ID is set to
/etc/DummyClientKeyFile.jks with the password WebAS, and
deployment.trustore is set to /etc/DummyClientTrustFile.jks with the password
WebAS.
Figure 8-1 Credential Vault Slots
To check the values, click Modify Shared Slot.
򐂰 If you have problems accessing or modifying the credentials, you can recreate
them by running the following tasks from the <wse_root>\PortalServer\config
directory:
wpsconfig action-remove-deployment-credentials
wpsconfig action-create-deployment-credentials
432
IBM Workplace Services Express
Important: If you want to run the task just shown, first check if the wpsadmin
password is available in the wpconfig.properties file; if not, add it.
8.5 LDAP troubleshooting
This section contains some brief information regarding LDAP troubleshooting.
For LDAP bind, be sure to read 7.2.1, “Connection information” on page 287 if
you have any issues binding to your directory.
8.5.1 Changing the LDAP server name or port after configuration
Use this procedure if you change the LDAP server name after configuring IBM
Workplace. This procedure assumes that the LDAP directory is identical to the
original except for the LDAP server name and port number.
1. Log in to the server as a user with administrative privileges.
2. Start the HTTP server, WebSphere Application Server, WebSphere Portal,
and the Lotus Workplace server.
3. In the administrative console (Figure 8-2), expand <your node> →
Security → User Registries → LDAP. Update the Host and Port values.
Figure 8-2 LDAP settings in the Administrative Console
4. Click OK and Save to save your changes.
Chapter 8. Troubleshooting, tips, and techniques for IBM Workplace Services Express
433
5. Open the wmm.xml file in the <wp_root>\shared\app\wmm directory, change
the values for ldapHost and ldapPort, and then save your changes. See
Example 8-4.
Example 8-4 wmm.xml
<ldapRepository name="wmmLDAP"
UUID="LDAP1"
adapterClassName="com.ibm.ws.wmm.ldap.ibmdir.IBMDirectoryAdapterImpl"
supportDynamicAttributes="false"
configurationFile="d:/IBM/WEBSPH~1/PORTAL~1/wmm/wmmLDAPServerAttributes.xml"
wmmGenerateExtId="false"
supportGetPersonByAccountName="true"
profileRepositoryForGroups="LDAP1"
supportTransactions="false"
adminId="cn=root"
adminPassword="f9vMGCVzFqP4gjPbp4LI7g=="
ldapHost="lwp-ldap.cam.itso.ibm.com"
ldapPort="389"
ldapTimeOut="6000"
ldapAuthentication="SIMPLE"
ldapType="0"
groupCacheRefreshInterval="-1">
6. Open the lwpprops.properties file in the <lwp_root>\config directory, change
the LDAP server and port values, and then save your changes. See
Example 8-5.
Example 8-5 lwpprops.properties
# LWMLDAPServer: LDAP server network address
LWMLDAPServer=
# LWMLDAPPortNumber: LDAP server port number
LWMLDAPPortNumber=389
# LWMLDAPUser: LDAP administrator user id
LWMLDAPUser=
# LWMLDAPPassword: LDAP administrator password
LWMLDAPPassword=
# LWMLDAPBaseName: Base Distinguished Name
LWMLDAPBaseName=
434
IBM Workplace Services Express
Note: You only have to modify the LDAP section in the lwpprops.properties
file if you decided not to use the WebSphere Application Server settings.
Determine it by the LWMUseWasSettings value in the lwpprops file:
# LWMUseWasSettings: Use the WebSphere authentication directory as the
# primary directory for work
# Enabled: true
# Not enabled: false
LWMUseWasSettings=true
If set to true, you do not have to modify the LDAP server in this file.
If you are using a secondary LDAP directory for messaging, you might have to
modify the messaging.xml file.
7. Open the messaging.xml file in the <was_root>\config\cells\node name
directory.
8. Change the values for name and port to reflect the correct values. Save your
changes.
9. If you installed Collaborative Learning components, you must perform these
additional steps:
a. Open a command prompt and navigate to the <lwp_root>\config directory.
Issue the following command:
LWPconfig update-settings >updatesettings.log
This script updates the Learning databases.
b. Check the log file to ensure that the command was successful.
10.Restart the application servers for the changes to take effect.
LDAP on Linux
For LDAP on Linux:
򐂰 During the installation of IBM Directory Server V5.x, a user ldap and group
ldap are created. The installation will fail if you already have a group defined
that is named ldap or ends with ldap. If possible, delete the existing group and
start the installation again. You cannot change the user and group name.
򐂰 The program directory is /usr/ldap and cannot be changed. If you do not want
to use this directory, try to use symbolic links.
8.5.2 Adding a unique ID to an Active Directory Schema
In this section, we discuss adding a unique ID to an Active Directory Schema.
Chapter 8. Troubleshooting, tips, and techniques for IBM Workplace Services Express
435
Note: For Active Directory Server, we advise that you map objectGUID to the
WebSphere Member Manager external identifier. objectGUID is a unique
identifier automatically populated in each LDAP entry created in Active
Directory. If you use objectGUID as the external identifier, you do not need to
perform the following steps.
Add ibm-appUUID schema
ibm-appUUID is a string to uniquely identify an entry. It is unique for all entries,
static, not reused. The format of this string can follow the string form for a
DCE-style UUID (for example, 1D919000-C758-1C34-92BD-001212121212).
ibm-appUUIDAux is an auxiliary class for holding ibm-appUUID.
The schema of ibm-appUUID and ibm-appUUIDAux is included in IBM Directory
Server V5.1. For other directory servers, you might need to manually create the
schema.
Create ibm-appUUID attribute
To create the attribute, complete the following steps:
1. From the Windows Start menu, select Programs → Windows 2000 Support
Tools → Security Administration Tools.
2. Right-click Attributes and select Create Attribute.
3. Enter the following values in the Create New Attribute dialog box, as shown in
Figure 8-3 on page 437:
–
–
–
–
436
Common Name: ibm-appUUID
LDAP Display Name: ibm-appUUID
Unique X500 Object ID: 1.3.18.0.2.4.2323
Syntax: Case Insensitive String
IBM Workplace Services Express
Figure 8-3 Create New Attribute
Create ibm-appUUIDAux object class
To create the attribute, complete the following steps:
1. From the Windows Start menu select Programs → Windows 2000 Support
Tools → Security Administration Tools.
2. Right-click Attributes and select Create Class.
3. Enter the following values in the Create New Schema Class dialog box, as
shown in Figure 8-4 on page 438:
–
–
–
–
Common Name: ibm-appUUID
LDAP Display Name: ibm-appUUID
Unique X500 Object ID: 1.3.18.0.2.6.475
Class Type: Auxiliary
Chapter 8. Troubleshooting, tips, and techniques for IBM Workplace Services Express
437
Figure 8-4 Create New Schema Class
4. Add ibm-appUUID as an Optional attribute and click Finish, as shown in
Figure 8-5.
Figure 8-5 Add ibm-appUUID as an Optional attribute
Configure WebSphere Member Manager to use ibm-appUUID
To configure WebSphere Member Manager, complete the following steps:
1. Map ExtID to ibm-appUUID in the XML file
wmmLDAPAttributes_ACTIVE_DIRECTORY.xml, as shown in Example 8-6.
438
IBM Workplace Services Express
The file is in the following directory:
wse_root\PortalServer\config\templates\wmm\wmmLDAPAttributes_ACTIVE_
DIRECTORY.xml
Example 8-6 wmmLDAPAttributes_ACTIVE_DIRECTORY.xml
<attributeMap
wmmAttributeName="extId"
applicableMemberTypes="Person;Group;Organization;OrganizationalUnit"
pluginAttributeName="ibm-appUUID"
dataType="String"
multiValued="false"
readOnly="true"/>
2. Search for the <ldapRepository> tag and set wmmGenerateExtid to true in the
XML file wmm_LDAP.xml.ACTIVE_DIRECTORY.3.wmm, as shown in
Example 8-7.
The file is in the following directory:
<wse_root>\PortalServer\config\templates\wmm\wmm_LDAP.xml.ACTIVE_DI
RECTORY.3.wmm
Note: There is a possibility that this setting will need to be modified in the
resource-pme.xml file instead.
Example 8-7 wmm_LDAP.xml.ACTIVE_DIRECTORY.3.wmm
<ldapRepository name="wmmLDAP"
UUID="LDAP1"
adapterClassName="com.ibm.ws.wmm.ldap.activedir.ActiveDirectoryAdapterImpl"
supportDynamicAttributes="false"
configurationFile="wmm/xml/wmmLDAPAttributes_AD_LDAP.xml"
wmmGenerateExtId="true"
supportGetPersonByAccountName="true"
profileRepositoryForGroups="LDAP1"
supportTransactions="false"
Chapter 8. Troubleshooting, tips, and techniques for IBM Workplace Services Express
439
Refer to 7.4.2, “Setting up Domino LDAP” on page 296 to continue with
Workplace Services Express configuration from this point.
8.6 Optimization
There are a number of optimization techniques in the Workplace Services
Express Information Center and in the Best Practices Guide:
򐂰 IBM Workplace Services Express 2.0 Information Center, available at:
http://publib.boulder.ibm.com/pvc/wse/200/smb/en/InfoCenter/index.html
򐂰 IBM Workplace Services Express 2.0 Best Practices Guide, available at:
ftp://ftp.lotus.com/pub/lotusweb/workplace/best_practices.pdf
To find out how Workplace Services Express is using resources on your server,
we recommend that you use the relevant operating system tools to monitor
memory, CPU, disk, I/O, and network utilization. These tools will indicate where
there might be resource constraints within your environment. If you locate a
resource constraint, you should confirm that your hardware configuration and
specifications match the recommended requirements for Workplace Services
Express in a production environment. In the real world, you might meet the
requirements for Workplace Services Express and, for example, find that you are
running low on memory. In this instance, you could try increasing the installed
memory if your hardware allows.
8.6.1 Heap size
The heap size for the Java virtual machines (JVMs) used by Workplace Services
Express can be increased to improve performance. Workplace Services Express
has three active JVMs in use, one for WebSphere_Portal,
LotusWorkplace_Server, and Cloudscape Network server. Each of these JVMs
will be preassigned a maximum heap size. On servers with more than 2 GB of
RAM, the heap size can be increased. Remember that the server operating
system will require memory, and therefore, you must not allocate all the physical
memory to these JVMs.
To check the heap size for the JVMs, perform the following steps:
1. Make sure that Workplace Services Express is running.
2. Open a supported Web browser.
3. Type the following Web address:
http://<hostname.yourco.com>:9091/admin
440
IBM Workplace Services Express
Where <hostname.yourco.com> is the fully qualified host name of the
machine.
4. Enter your administrator ID and password such as wpsadmin.
5. Click Servers in the navigation tree, as shown in Figure 8-6. Select
Application Server and then WebSphere_Portal.
Figure 8-6 Servers in the administrative console
6. Click Process Definition in the Additional Properties section of the
Configuration tab, as shown in Figure 8-7 on page 442.
Chapter 8. Troubleshooting, tips, and techniques for IBM Workplace Services Express
441
Figure 8-7 Process Definition
7. Click Java Virtual Machine.
8. View the value for the Maximum Heap Size, as shown in Figure 8-8 on
page 443. By default, it will be set to 512 MB. You can set this value
appropriately for the amount of physical memory your server has installed.
442
IBM Workplace Services Express
Figure 8-8 JVM settings
9. If you change the value, you must click Apply, and then OK to save the
changes. You also need to save the master configuration.
10.Check the heap size for the Lotus Workplace Server by clicking Servers →
Workplace Servers → LotusWorkplace_Servers, and then repeat from
step 6 on page 441.
11.Remember to click OK and Save after you make your changes.
12.Save your changes to the master configuration.
13.The heap size for the Cloudscape JVM is specified in the startNetworkServer
file (.bat or .sh) located in the <wse_root>/subtasks directory.
14.Edit the file with a suitable editor, such as Notepad on Windows or kate on
Linux.
15.Locate the line that begins START /MIN "Cloudscape". This contains two
arguments, -Xms512M and -Xmx1024M. These two arguments set the minimum
and maximum heap sizes, respectively, for the Cloudscape Network Server
JVM.
16.Stop and start all servers for the changes to take effect.
Chapter 8. Troubleshooting, tips, and techniques for IBM Workplace Services Express
443
8.6.2 Remove People Finder or Instant Contacts
If you do not use the People Finder or Instant Contacts portlets, you can remove
these from the pages in Workplace Services Express. These two portlets have to
be rendered on each page load and, therefore, impact performance if they are
not used.
A site administrator can remove these portlets through Manage Portlets. To
access Manage Portlets, click Administration → Portlets → Manage Portlets.
Note that you should not remove the Membership portlets, because they are
administrative portlets that help you manage the site.
Note: In Workplace Services Express V2.5, these portlets are contained in a
flyout page and, therefore, are not rendered when the page is accessed. They
will be rendered when the flyout page is opened. For more information, see
“Flyout page for People Finder and Instant Contacts” on page 483.
8.6.3 Team space templatable exception
Within Workplace Services Express, a templatable exception can occur on rare
occasions for a number of reasons. See Figure 8-9 on page 445 for an example
of this error. This exception occurs during the creation of a team space. The error
has been identified when certain locales and languages are used.
If you experience this error, you should contact IBM Support to report the issue,
referencing the SPR reference GPRN6AKPSL and fix identifier of LO07236. This
issue only affects Workplace Services Express V2.0 implementations.
Restriction: The fix LO07236 created in relation to SPR GPRN6AKPSL must
only be used on Workplace Services Express Version 2.0 and no other
version.
444
IBM Workplace Services Express
Figure 8-9 Team space templatable exception example
If you are supplied with the LO07236 fix for this issue, use the following steps to
implement the fix, but check against the supplied instructions in case anything
has been changed or updated:
1. Create a temporary directory on the Workplace Services Express server to
store the fix. Extract the fix to this new directory.
2. Download the latest Portal Update Installer for the WebSphere Portal platform
on which Workplace Services Express is installed, available at:
http://www.ibm.com/software/genservers/portal/support
Note: The Portal Update Installer is used to apply fixes to an IBM
WebSphere Portal environment. There are different versions of
WebSphere Portal available and in use in the market. Workplace Services
Express V2.0 is based on WebSphere Portal V5.0.2.2, and therefore, you
must use the version of the Updater for V5.0.x.
3. Extract the PortalUpdateInstaller.zip to the <wse_roor>\PortalServer\update
directory.
4. Locate the portal_update_installer.html file in the
<wse_root>\PortalServer\update\doc\en\ directory and confirm the required
steps as described in the following steps match those described in this
document.
5. Stop the Workplace Services Express server.
Chapter 8. Troubleshooting, tips, and techniques for IBM Workplace Services Express
445
6. Ensure that the WAS_HOME environmental variable is set, as shown in the
example here:
WAS_HOME=<wse_root>\AppServer\bin
7. Open a command window and navigate to the
<wse_root>\PortalServer\update directory.
8. Execute updatePortal.bat or updatePortal.sh, depending on your platform,
ensuring that you provide the following parameters, as shown in Example 8-8:
– -installDir
– -fixDir
– -fix
– -fixes
– -install
Example 8-8 Update command for fix ID LO07236
E:\IBM\WSE1\PortalServer\update>updateportal -installDir
"e:\IBM\WSE1\PortalServer" -fixDir "e:\fix" -fix -install -fixes LO07236
9. On a successful installation of the fix, restart the Workplace Services Express
and test that the fix has solved your issue.
8.6.4 Team calendar date error
When using the team calendar in a team space, certain time zones have
generated an error when trying to create a calendar entry. This issue relates to
the use of daylight time saving settings on the Workplace Services Express
server.
If you experience an error, as displayed in Figure 8-10 on page 447, contact IBM
Support to assist with the problem resolution, using the SPR reference of
JCOS6BDL3V.
446
IBM Workplace Services Express
Figure 8-10 Team Calendar date parsing error
8.7 Instant messaging
This section covers the instant messaging components of Workplace Services
Express.
8.7.1 Disconnected state
When you log in to Workplace Services Express for the first time, you might
experience an instant messaging status of Disconnected. There a number of
reasons why this status can occur:
򐂰 The JVM is missing. When using Microsoft Internet Explorer, especially the
latest versions, you might find that the browser does not have a JVM
associated to it or installed. You should check the Internet Explorer settings in
Tools → Internet Options → Advanced.
򐂰 The user account does not have an e-mail address assigned. In Workplace
Services Express, the instant messaging component requires each user to
have a valid e-mail address. This is for the supplied user registry or for the
LDAP server used for Workplace Services Express. Add the e-mail address to
the user entry that is experiencing this issue.
򐂰 An external HTTP server has been installed, but the correct configuration task
has not been run against Workplace Services Express. If you fail to run the
wpsconfig httpserver-config task, instant messaging will not work. See 6.1,
“External HTTP server” on page 217 for more information about configuring
for HTTP.
Chapter 8. Troubleshooting, tips, and techniques for IBM Workplace Services Express
447
8.7.2 Instant Contacts
The following information will help you assist with the Instant Contacts portlet
troubleshooting.
On rare occasions, the Instant Contacts portlet does not show any groups or
users. We found this is usually solved by one of two methods:
򐂰 In the People Finder, search for a valid user such as wpsadmin. This ensures
that the user registry is exercised, and this usually allows the instant
messaging component to find the user entry.
򐂰 Alternatively, go to the Team Spaces tab. This can also have the effect of
updating the user registry, so the Instant Contacts is then usable.
8.7.3 Instant messaging fix
When you have many people accessing Workplace Services Express and using
instant messaging, there is a condition where the CPU spikes to 100% and
awareness becomes “disconnected.” To fix this behavior, install the fix available
on the IBM Support and Downloads page:
http://www.ibm.com/support/docview.wss?uid=swg24009517
To install it, complete the following steps:
1. Download the Portal Fix Installer, available at:
http://www.ibm.com/software/genservers/portal/support
2. Create a temporary “fix” directory to store the JAR file that you have extracted
from the fix ZIP file.
3. Copy the JAR file to this directory.
4. Shut down Workplace Services Express issuing the following command:
stopWorkplaceServices. bat
For Linux:
stopWorkplaceServices.sh
5. Change directory to <wse_root>\AppServer\bin and launch the following
command to set up the environment variables:
setupCmdLine.bat
For Linux:
setupCmdLine.sh
448
IBM Workplace Services Express
6. Launch the following command to install the fix, as shown in Figure 8-11 on
page 449:
updateportal -installDir <wse_root>\PortalServer -fix -install -fixDir
<directory where you unpacked the fix> -fixJars <file.jar>
Figure 8-11 Install messaging fix
7. Restart Workplace Services Express issuing the following command:
startWorkplaceServices.bat
For Linux:
startWorkplaceServices.sh
8. The temporary directory can be removed.
8.8 Lists
There are a number of predefined list applications within Workplace Services
Express and these can be deployed within templates, team spaces, or on
standard Workplace Services Express pages. If a user deploys a list to a team
space or template, the Access control tab will not be displayed. This is due to
access being controlled at the root level within the team space or template.
Access is, therefore, defined by using the Membership portlet for the application
or team space.
Chapter 8. Troubleshooting, tips, and techniques for IBM Workplace Services Express
449
We do not recommend lists with more than 100 entries, because larger lists
generate excessive paging to locate data. The larger the list, the greater the
memory consumption will be in Workplace Services Express. Multiple lists on a
single page can impact the time that it takes to build and open the page. Design
page layouts with this in mind and use several pages to spread out your list
applications.
8.9 Templates
This section contains information related to templates for Workplace Services
Express. We describe how to deploy some of the portlets that require templates
and provide an example XML template file.
8.9.1 Deploying a team calendar
This section describes a method to deploy a team calendar within Workplace
Services Express. These steps can be used to deploy the other portlets (as listed
in 3.2, “Palette” on page 49) that require the Workplace Services Express
membership components.
To create a template for the team calendar, complete the following steps:
1. Ensure that Workplace Services Express is started.
2. Navigate to the template through the Templates link on the top-right of the
page.
3. Click the New button to create a new template and use the Blank Template
as a starting point. Select the category you want to assign to this template, for
example, Workplace Application, as shown in Figure 8-12.
450
IBM Workplace Services Express
Figure 8-12 Create new template
4. Click the Pages and Layout link.
5. Delete Page 2 by selecting the Delete icon next to Page 2.
6. Delete Search by selecting the Delete icon next to Search.
7. You will now be left with just a single page named Members. Click the Edit
Page icon next to Members.
See Figure 8-13.
Figure 8-13 Pages and Layout for template
8. Click the Add portlets button under the left frame of the page layout, as
shown in Figure 8-14.
Chapter 8. Troubleshooting, tips, and techniques for IBM Workplace Services Express
451
Figure 8-14 Edit Members page layout
9. In the Search dialog box, enter calendar and click Search.
10.Select the Team Calendar portlet and click OK to add it to the page, as
shown in Figure 8-15. Click Done to complete the page update.
Figure 8-15 Add Team Calendar portlet to page
11.Edit the Members page properties by clicking the Properties icon.
12.Change the page name from Members to Team Calendar, as shown in
Figure 8-16. Click OK twice.
452
IBM Workplace Services Express
Figure 8-16 Renaming page to Team Calendar
13.Save the changes by clicking Save and Close.
14.Navigate back to My Workplace. Click Team Space and go to the
Applications tab. Create a new application based on the template just
created.
Note: In the additional materials for this book, there is an XML template file for
a team calendar (see Appendix C, “Additional material” on page 503). This
can be imported into your Workplace Services Express implementation ready
to be used to create an application. See the following section for steps about
how to import the template.
Importing the supplied template
The Team Calendar template was created on a Workplace Services Express
V2.0 system and exported to an XML file TeamCalTemplate.xml. For details
about this supplied file, see “TeamCalTemplate.xml” on page 504. To import the
supplied Team Calendar template into Workplace Services Express, complete
the following steps:
1. Ensure that Workplace Services Express is started.
2. Start a browser and log on as an administrator for Workplace Services
Express.
3. Click the Templates link in the top-right area of the browser window.
4. On the Template Library page, click Import, as shown in Figure 8-17.
Chapter 8. Troubleshooting, tips, and techniques for IBM Workplace Services Express
453
Figure 8-17 Importing the template
5. Select the template XML file using the Browse button and then click OK, as
shown in Figure 8-18.
Figure 8-18 Select the template XML file
When the import completes you will see the new template TeamCalTemplate
in the Template Library, as shown in Figure 8-19.
454
IBM Workplace Services Express
Figure 8-19 TeamCalTemplate in Template Library
6. Now, create an application from the template. Click the My Workplace link.
Click Team Space and go to the Applications tab.
7. Click New in the Applications portlet, as shown in Figure 8-20.
Figure 8-20 Applications portlet
8. Enter a Name for your application, select the TeamCalTemplate template,
and enter a Description, as shown in Figure 8-21. Click OK.
Chapter 8. Troubleshooting, tips, and techniques for IBM Workplace Services Express
455
Figure 8-21 Create an application
9. After creating the application, click the application name to open it, as shown
in Figure 8-22.
Figure 8-22 New Team Calendar available in the Applications portlet
456
IBM Workplace Services Express
10.Figure 8-23 shows the new application with a team calendar. The template is
set to use the Workplace Services Express default theme, so if you have
changed themes, this will be reflected in the deployed application.
Figure 8-23 Team Calender
8.9.2 Template Builder
Due to differences in the installation steps for Linux and Microsoft Windows, the
Templates link available in the Workplace Services Express home page (see
Figure 8-24 on page 458) can be hidden. In this case, we highly suggest that you
uninstall and reinstall Workplace Services Express. Follow instructions in
Chapter 2, “Installation and administration” on page 17 and in the Workplace
Services Express Information Center.
Chapter 8. Troubleshooting, tips, and techniques for IBM Workplace Services Express
457
Figure 8-24 Templates link
If you receive a java Exception while working with the Template Builder, and you
are unable to access the Template Builder, restart the Workplace Services
Express server.
8.10 Themes
Themes normally do not cause any issues within Workplace Services Express,
but there are two issues encountered by customers. The first issue is the
selection of an incorrect theme. In 5.2, “Themes” on page 193, we explain that
there are two types of themes available within Workplace Services Express:
user-based and system-based themes. If a system-based theme is selected, the
user will remove the ability to use many of the action and link buttons provided.
This includes the Administration link, which will stop the administrator from
reversing the problem. Figure 8-25 shows an example page with the Workplace
Builder theme set. Notice that the Administration link is missing and that the
navigation structure is different.
Navigation structure different
from default IBM theme
Missing links including the
Administration link
Figure 8-25 IBM Workplace Services Express with the Workplace Builder theme as the default theme
The second issue encountered with themes and skins in Workplace Services
Express is when a customized theme is deployed and it creates an issue with the
functions of Workplace Services Express. This can occur if one of the style
sheets or JavaServer Pages is coded incorrectly or has been deleted.
458
IBM Workplace Services Express
To overcome these issues, you need to reset the default theme back to one of the
user versions or to one of your customized versions that is functioning correctly.
To revert back to a working theme for the environment using xmlaccess, complete
the following steps:
1. On the Workplace Services Express servers physical machine, ensure that
Workplace Services Express is started.
2. Create an XML file named updatetheme.xml based on the following code and
save it to the <wse>\PortalServer\bin directory or use the supplied version
documented in “Updatetheme.xml” on page 504:
<?xml version="1.0" encoding="UTF-8"?>
<request
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="PortalConfig_1.2.xsd"
type="update"
create-oids="false">
<portal action="locate">
<theme action="update" active="true" default="true"
uniquename="com.ibm.workplace.theme.IBM">
</theme>
</portal>
</request>
Note: This XML file will reset the default theme to the Workplace Services
Express theme. If you want to set the default theme to one of the other
themes supplied, update the XML theme action line to match one of the
ones supplied in Table 8-1 on page 459.
Table 8-1 Supplied themes with XML theme action update statements
Theme name
XML statement
Alloy
<theme action="update" active="true" default="true"
uniquename="com.ibm.workplace.theme.alloy’>
Bubbles
<theme action="update" active="true" default="true"
uniquename="com.ibm.workplace.theme.structure_3_bubbles">
Crimson
<theme action="update" active="true" default="true"
uniquename="com.ibm.workplace.theme.structure_3_crimson">
Digital
<theme action="update" active="true" default="true"
uniquename="com.ibm.workplace.theme.structure_1_digital">
Digital
<theme action="update" active="true" default="true"
uniquename="com.ibm.workplace.theme.structure_1_digital">
Chapter 8. Troubleshooting, tips, and techniques for IBM Workplace Services Express
459
Theme name
XML statement
Dusk
<theme action="update" active="true" default="true"
uniquename="com.ibm.workplace.theme.structure_2_dusk">
Forest
<theme action="update" active="true" default="true"
uniquename="com.ibm.workplace.theme.structure_3_forest">
Galaxy
<theme action="update" active="true" default="true"
uniquename="com.ibm.workplace.theme.structure_1_galaxy">
Graphite
<theme action="update" active="true" default="true"
uniquename="com.ibm.workplace.theme.structure_2_graphite">
Heatwave
<theme action="update" active="true" default="true"
uniquename="com.ibm.workplace.theme.structure_1_heatwave">
Lava
<theme action="update" active="true" default="true"
uniquename="com.ibm.workplace.theme.structure_1_lava">
Lime
<theme action="update" active="true" default="true"
uniquename="com.ibm.workplace.theme.structure_1_lime">
Olive
<theme action="update" active="true" default="true"
uniquename="com.ibm.workplace.theme.structure_2_olive">
Red Wave
<theme action="update" active="true" default="true"
uniquename="com.ibm.workplace.theme.structure_2_redwave">
Rust
<theme action="update" active="true" default="true"
uniquename="com.ibm.workplace.theme.structure_1_rust">
Sky
<theme action="update" active="true" default="true"
uniquename="com.ibm.workplace.theme.structure_3_sky">
Slate
<theme action="update" active="true" default="true"
uniquename="com.ibm.workplace.theme.structure_2_slate">
Steel
<theme action="update" active="true" default="true"
uniquename="com.ibm.workplace.theme.structure_3_steel">
Sunrise
<theme action="update" active="true" default="true"
uniquename="com.ibm.workplace.theme.structure_2_sunrise">
Sunset
<theme action="update" active="true" default="true"
uniquename="com.ibm.workplace.theme.structure_3_sunset">
3. Start a command prompt in Windows or a terminal window on Linux.
4. Navigate to the <wse>\PortalServer\bin directory.
460
IBM Workplace Services Express
5. Enter the following command:
xmlaccess -in updatetheme.xml -user <adminuser> -pwd <adminpwd> -url
<serverurl> -out <outfile>
Replace the <adminuser>, <adminpwd>, <serverurl>, and <outfile> values
with ones to match your environment, for example:
– <adminuser> = wpsadmin
– <adminpwd> = password
– <serverurl> = http://wse1.cam.itso.ibm.com:9081/lwp/config
Note that you must specify the port 9081 for standard installation, or 80 if
you have an external HTTP in use with Workplace Services Express. The
/lwp/config must be specified, because this is the URL for the servlet
engine.
– <outfile> = themelog.xml
This outfile is not compulsory, but it will provide information about the
update and any error messages that are encountered. Ensure that the
name is unique in the directory <wse>\PortalServer\bin.
6. When this script completes, you should see output similar to the following
output in the command prompt/terminal window:
Licensed Materials - Property of IBM, 5724-E76, 5724-E77, (C) Copyright IBM
Corp. 2001, 2003 - All Rights reserved. US Government Users Restricted
Rights - Use, duplication or disclosure restricted by GSA ADP Schedule
Contract with IBM Corp.
XMLA0006I: Connecting to URL http://wse1.cam.itso.ibm.com:9081/lwp/config
XMLA0002I: Reading input file D:\IBM\WSE\PortalServer\bin\updatetheme.xml
XMLA0004I: Writing output file D:\IBM\WSE\PortalServer\bin\themelog.xml
XMLA0011I: Request was accepted.
<!-- IBM Workplace Services Express/5.0.2.2 build 042 exported on Tue Mar
22 18:58:01 EST 2005 from WSE1/192.168.48.21 -->
<!-- 1/1 [theme IBM] -->
7. Connect to Workplace Services Express using a browser and check that the
theme has updated correctly. You should now see a page similar to the one
shown in Figure 8-26.
Figure 8-26 Default theme with all the links available
Chapter 8. Troubleshooting, tips, and techniques for IBM Workplace Services Express
461
8.11 Backup and recovery
Workplace Services Express does not support backup tools that enable you to
restore individual documents within one of the applications, such as a team
space. The only methods currently available are to use backup tools that can
back up the entire installation of Workplace Services Express. This enables
complete snapshots of the system to be taken. In Workplace Services Express,
all the configuration information and data is stored in the directories and
subdirectories where Workplace Services Express was installed. For
completeness, you should back up all of those directories. The default installation
location is c:\Program Files\IBM\WorkplaceServices on Windows and
/opt/IBM/WorkplaceServices on Linux.
Note: If you want to restore the system to a new physical server, you must
ensure that the fully qualified host name and installation drive and path match
the original installation. If this is not the case, you will not be able to start and
use the restored version.
8.12 Security: Session timeout
In Workplace Services Express, the session timeout is set to expire after 30
minutes of inactivity. Some customers want to extend this timeout period so that
users are not prompted to log in after every 30 minute period of inactivity. You
can increase this timeout within the administration settings for Workplace
Services Express. We provide the following steps to assist you with changing
these values. Note that increasing this timeout will keep sessions active within
Workplace Services Express, thus using server resources maintaining these
sessions. In an environment with a heavy workload, you should be aware that
maintaining longer timeout values can have impact on the user experience in
terms of responsiveness of the service.
To update the LTPA token and session timeouts, complete the following steps:
1. Ensure that Workplace Services Express is started.
2. Open a browser session and connect to the server using the administrative
console URL as in the following example:
http://wse1.cam.itso.ibm.com:9091/admin
3. Log in to the administrator account.
4. On the left navigator, expand Security → Authentication Mechanisms →
LTPA, as shown in Figure 8-27 on page 463.
462
IBM Workplace Services Express
Figure 8-27 LTPA Token Timeout setting
5. In the Timeout setting increase the value from 120 to your desired value, for
example, 240. Click OK.
6. At the top of the page above the Configuration tab, click Save to save the
update, as shown in Figure 8-28.
Figure 8-28 Save the configuration change
Chapter 8. Troubleshooting, tips, and techniques for IBM Workplace Services Express
463
7. Click Save to save to the master configuration, as shown in Figure 8-29.
Figure 8-29 Save to Master Configuration
8. Now, we update the session timeout value. From the left navigator, click
Servers → Application Servers, as shown in Figure 8-30.
Figure 8-30 Application Servers
464
IBM Workplace Services Express
9. Click the WebSphere_Portal link in the Application Servers list, which takes
you to the Configuration settings, as shown in Figure 8-31.
Figure 8-31 WebSphere_Portal application server settings
10.Click the Web Container link in the Additional Properties section for
WebSphere_Portal.
11.In the Additional Properties section, click the Session Management link, as
shown in Figure 8-32.
Figure 8-32 Web Container properties
Chapter 8. Troubleshooting, tips, and techniques for IBM Workplace Services Express
465
12.For the Session timeout setting, increase the timeout from 30 to your desired
value, for example, 120, as shown in Figure 8-33.
Figure 8-33 Session Management settings
13.Click OK to commit the change, and then click the Save in the section above
the Configuration page to save the change.
14.Click Save to save to the master configuration settings.
15.Restart Workplace Services Express for the changes to take effect.
8.13 Documents
In this section, we describe some common issues when using IBM Workplace
Services Express Document Management.
466
IBM Workplace Services Express
8.13.1 Browser support and Java Runtime Environment check
Always refer to the official Workplace Services Express product documentation
page for updates about browser and Java Runtime Environment support,
available at:
http://www.lotus.com/products/product5.nsf/wdocs/3f8b159e4f1f7a6f85256f3c00
5af470
Although Firefox has become a wide-known product, it is not supported for
Workplace Services Express. Do not use it with this product. You can use Mozilla
or Netscape instead.
The productivity editors are applets, technically speaking, so they need a
supported Java Runtime Environment (JRE). If you are using Microsoft Internet
Explorer, you can check which JRE is in use through the Internet Explorer menu
by clicking Tools → Internet Options → Advanced. Look under Java or
Microsoft VM, as shown in Figure 8-34.
Figure 8-34 JRE used by Internet Explorer
Chapter 8. Troubleshooting, tips, and techniques for IBM Workplace Services Express
467
8.13.2 Copying documents in Windows Explorer
When you use the Windows Explorer interface to drag a document to a document
library, or you use copy and paste, you need to be aware of the information in the
following sections.
Document names
When copying documents with certain characters in the document file name, the
copy will fail to work. The process of copying the document will proceed as
expected but will only take a fraction of the time expected to copy the document.
When you check the library either through Windows Explorer or directly through
a browser in the document library, the document cannot be found. The following
characters generate this issue, so avoid using documents with these characters:
|@*?<>%'"\/
Document size
When trying to copy a document into a document library, you might experience
an error, as shown in Figure 8-35. This error typically occurs due to memory
constraints when copying a large document.
Figure 8-35 Document copying error 500 example
In the SystemOut log for the Workplace Services Express server in the
<wse_root>\PortalServer\logs directory, you will see a error, as shown in
Example 8-9.
Example 8-9 Error shown in SystemOut.log
[05/04/05 15:04:13:631 BST] 698bcc2 WebGroup
Error]-[]: java.lang.OutOfMemoryError
E SRVE0026E: [Servlet
To overcome this issue, you can increase the heap size in Workplace Services
Express using the instructions in 8.6.1, “Heap size” on page 440. As a guide for
servers with less than 2 GB of memory, we suggest that you only increase the
heap size for the WebSphere_Portal JVM to 768 MB.
468
IBM Workplace Services Express
8.14 Updating Microsoft Exchange 5.5 portlets
In the event that the Microsoft Exchange 5.5 portlets do not work, you might have
to download and apply the latest Microsoft Active Server Pages (ASP) files. To do
this, complete the following steps:
1. Download the latest Exchange 5.5 portlet from the WebSphere Portal and
IBM Workplace Collaboration Services Catalog, available at:
http://catalog.lotus.com/wps/portal/portal
2. Unzip the contents of the downloaded file to a temporary location, for
example, the C:\temp directory.
3. Copy the Exchange55.war file to the Workplace Services Express server’s
<wse_root>\PortalServer\installableApps directory and to a temporary
directory on the machine that you will use to administer Workplace Services
Express, for example, the C:\temp directory of your own desktop.
4. Copy the Exchange3ASP.zip file to the Exchange 5.5 server’s temporary
directory, for example, C:\temp.
5. Configure Internet Information Services (IIS) for the Exchange 5.5 portlet on
the Exchange server as follows:
a. Unzip the exchange3ASP.zip file into a new folder, for example,
C:\temp\exch.
b. Copy the exch folder into the default root folder of IIS (that is, the wwwroot
folder).
c. Using IIS Service Manager, select the Basic authentication option and
clear the Anonymous access option for each Web directory, as shown in
Figure 8-36 on page 470.
Chapter 8. Troubleshooting, tips, and techniques for IBM Workplace Services Express
469
Figure 8-36 Authentication Methods
d. Grant Write access to the temp folder located inside the exch Web
directory (see Figure 8-37 on page 471).
470
IBM Workplace Services Express
Figure 8-37 IIS Service Manager
e. Restart the IIS Web server.
6. Update the Exchange 5.5 portlets in Workplace Services Express:
a. Launch Workplace Services Express Administration using the URL:
http://<wse_hostname>:9081/lwp/workplace
b. Log in using Workplace Services Express Administrator credentials.
c. Click Administration on the top right of the main page and then the click
the Portlets → Manage Applications links.
d. Scroll down to Exchange55.war in the Web Modules section and click the
Update button, as shown in Figure 8-38 on page 472.
Chapter 8. Troubleshooting, tips, and techniques for IBM Workplace Services Express
471
Figure 8-38 Update application
e. Specify the directory where you copied the Exchange55.war file in step 3
on page 469 and click Next, as shown in Figure 8-39.
Figure 8-39 Portlet directory
f. Click Install on the update summary page, as shown in Figure 8-40.
Figure 8-40 Update summary page
g. The confirmation window shown in Figure 8-41 on page 473 opens if the
update is successful.
472
IBM Workplace Services Express
Figure 8-41 Successful update
Chapter 8. Troubleshooting, tips, and techniques for IBM Workplace Services Express
473
474
IBM Workplace Services Express
A
Appendix A.
IBM Workplace Services
Express Version 2.5
This appendix describes the changes that have been introduced in IBM
Workplace Services Express Version 2.5. We provide information about the
following topics:
򐂰 Architecture
򐂰 Installation
򐂰 External databases
򐂰 Installation
򐂰 Configuration wizard
򐂰 Upgrading from Workplace Services Express V2.0 to Workplace Services
Express V2.5
򐂰 Templates
򐂰 Flyout page for People Finder and Instant Contacts
© Copyright IBM Corp. 2005. All rights reserved.
475
Architecture
IBM Workplace Services Express V2.5 architecture uses the same components
as with Workplace Services Express V2.0. Figure A-1 shows an example
architecture for the product.
Figure A-1 Example IBM Workplace Services Express V2.5 architecture
With Workplace Services Express V2.5, you can use an external database.
Figure A-1 shows that the database can be located on the Workplace Services
Express server or on a remote DB server.
Workplace Services Express V2.5 includes support for the following operating
systems:
򐂰 Microsoft Windows 2000 Server SP4 and Advanced Server SP4
򐂰 Microsoft Windows 2003 Standard and Enterprise Edition
򐂰 SUSE LINUX Enterprise Server (SLES) for Intel 8 2.4 Kernel
476
IBM Workplace Services Express
򐂰 Red Hat Enterprise Linux AS for Intel (x86) 3.0 Update 4
򐂰 IBM Eserver i5/OS™ V5R3
The architecture components for Workplace Services Express V2.5 have been
redesigned to make better use of the server resources. There is no longer the
Workplace protocol server (LotusWorkplace_Server), because these
components and services have be designed to be served by the
WebSphere_Portal server.
Workplace Services Express V2.5 supports the following LDAP servers:
򐂰 IBM Tivoli Directory Server V5.2
򐂰 IBM Lotus Domino Enterprise Server 6.0.x or 6.5.x
򐂰 Microsoft Windows Active Directory 2000 or 2003
򐂰 Sun™ ONE™ Directory V5.2 FP3
򐂰 Novell eDirectory V8.7.3
Workplace Services Express V2.5 supports the following browsers:
򐂰 Microsoft Internet Explorer 6.0 SP1, JRE Sun 1.4.2 or Microsoft JVM 1.1
򐂰 Mozilla 1.4 on Linux, JRE Sun 1.4.2
򐂰 Mozilla 1.4 on Windows, JRE Sun 1.4.2
򐂰 Mozilla Firefox 1.0 on Windows, JRE Sun 1.4.2
򐂰 Mozilla Firefox 1.0 on Linux, JRE Sun 1.4.2
Workplace Services Express V2.5 supports the following HTTP servers:
򐂰 IBM HTTP Server V2.0.42.1 or 2.0.42.2
򐂰 IBM Eserver iSeries: IBM HTTP Server V2.0.49
򐂰 Microsoft IIS 5.0 or 6.0
򐂰 Apache Server 1.3.26 or 1.3.28
Important: Always check the product release notes for the most up-to-date
supported versions of operating systems, LDAP servers, browsers, and HTTP
servers.
External databases
IBM Workplace Services Express V2.5 supports a number of external databases
to facilitate the storage of data. The external databases are used to store
Appendix A. IBM Workplace Services Express Version 2.5
477
environment, configuration, system, and user data. You can use the following
external databases with Workplace Services Express V2.5:
򐂰 DB2 UDB Express V8.2
򐂰 DB2 UDB for iSeries V5R3
򐂰 Microsoft SQL Server Enterprise 2000 SP3 or SP3a
򐂰 IBM Cloudscape V5.1.60.18
The external databases can be located on the Workplace Services Express V2.5
server or on a remote database server.
Installation
The Workplace Services Express V2.5 installation is different from the V2.0
installation in the following ways:
򐂰 The installation detects the previous version of Workplace Services Express
and will provide steps to upgrade the existing implementation.
򐂰 When the product installation completes, a new service is created in the
Windows Services on the Microsoft Windows platform. This service is named
Workplace Services Express. By default, the service is set to start
automatically. When the service starts, it calls a script to start Workplace
Services Express, and therefore on completion of the service start,
Workplace Services Express will still be in the process of starting. You might
need to wait a short time before the system is accessible.
In addition to the service created, there is now a single menu option to start or
stop Workplace Services Express on the Windows platform, which uses the
services entry.
򐂰 The start and stop scripts are located in the
<wse_root>\PortalServer\rootscripts directory instead of the <wse_root>
directory.
Configuration wizard
This section describes the new functions and updates to the configuration wizard
in Version 2.5:
򐂰 Enable and disable security
򐂰 Transfer to LDAP
򐂰 Transfer to another database
478
IBM Workplace Services Express
New in IBM Workplace Services Express V2.5 is the ability to use external
databases, as referenced in “External databases” on page 477. In Figure A-2,
you can see the initial window for the updated configuration wizard for V2.5 with
the option to transfer to an external database.
Figure A-2 Configuration wizard options
Appendix A. IBM Workplace Services Express Version 2.5
479
The configuration wizard will guide you through the transfer from the standard
Cloudscape database environment to one of the supported databases.
Figure A-3 shows the options for data transfer, which include setting up the
Workplace Services Express database, transferring the Portal data, and
transferring the Workplace Services Express data.
Figure A-3 Options for data transfer
When you select step 1, you can then select the database relevant to your
environment, as shown in Figure A-4 on page 481.
480
IBM Workplace Services Express
Figure A-4 Database options
From this point, you need to provide information related to the database system
you will use for the wizard to create the Workplace Services Express databases.
The second step is to transfer the configuration information for the Workplace
Services Express Portal database into the external database environment. This
includes data related to the Portal and the Member Manager components. After
transferring the Portal data, the final stage is to transfer the Workplace data from
the system, which includes data from the team spaces, lists, document libraries,
and Workplace applications.
Upgrading from Workplace Services Express V2.0 to
Workplace Services Express V2.5
With Workplace Services Express V2.5, you can upgrade an existing Workplace
Services Express V2.0 server as part of the installation routine. The installer will
automatically detect if Workplace Services Express V2.0 is installed on the
server and will generate a number of prompts to guide you through the upgrade
process.
Appendix A. IBM Workplace Services Express Version 2.5
481
Important: Before undertaking an upgrade of a Workplace Services Express
V2.0 server, you must backup your environment with a suitable backup tool.
Templates
New with Version 2.5 is the inclusion of the forms within templates. This feature
enables you design forms for use within your applications. The forms available
will be familiar to you, because they are based on the list applications described
in 3.7, “Lists” on page 104. Figure A-5 shows the Form Template Library.
Figure A-5 Form Template Library
This template tool gives you direct access to the forms used in lists and enables
you to create new forms from existing versions. You create new forms by clicking
the New button and assigning the form a name and starting point, as shown in
Figure A-6 on page 483.
482
IBM Workplace Services Express
Figure A-6 Creating a New Form Template
After you create the initial template, you can then define the template properties,
the fields, and the views for the form, as shown in Figure A-7.
Figure A-7 Configuration of the New Form Template
Flyout page for People Finder and Instant Contacts
In Workplace Services Express V2.5, the People Finder and Instant Contacts
portlets have been moved from all the pages and relocated in a flyout page called
the People Palette. This change reduces the need to render the portlets on every
page when it is accessed.
Appendix A. IBM Workplace Services Express Version 2.5
483
To access the two portlets, click the People Palette icon, as shown in Figure A-8.
People Palette
Figure A-8 People Palette icon
The People Palette opens to the right side of the browser window, enabling you
to access the People Finder and Instant Contacts portlets, as shown in
Figure A-9.
Figure A-9 People Palette
484
IBM Workplace Services Express
B
Appendix B.
Installing Domino (optional)
IBM Workplace Services Express ships with its own user registry “out of the box.”
If you are in a small organization, you do not need to have an existing directory
nor do you need to install one. However, if you want to install Lotus Domino in
order to leverage its LDAP directory for use with Workplace Services Express,
this appendix provides the step-by-step instructions you need.
Important: This appendix is simply a quick reference for optionally installing
Domino. Refer to the product documentation available at the IBM Web site for
comprehensive instructions:
http://www.lotus.com/ldd/notesua.nsf/0b345eb9d127270b8525665d006bc355/831
3e8d10f025dee8525698100541f6d?OpenDocument
© Copyright IBM Corp. 2005. All rights reserved.
485
Installing Domino
Complete the following steps:
1. To install Domino Enterprise Server Version 6.x launch the setup file.
2. Click Next, as shown in Figure B-1.
Figure B-1 Domino Setup Welcome window
3. Click Yes to accept license terms, as shown in Figure B-2.
Figure B-2 License agreement
486
IBM Workplace Services Express
4. Fill in your Name and Company and then click Next, as shown in Figure B-3.
Figure B-3 Enter your name and company
5. Select the installation directory and click Next, as shown in Figure B-4.
Figure B-4 Installation folder
Appendix B. Installing Domino (optional)
487
6. Select Domino Enterprise Server, as shown in Figure B-5. If needed, you
can customize services by clicking the Customize button. Click Next.
Figure B-5 Server Setup window
7. The installation is complete, as shown in Figure B-6. Click Finish and then
start Domino server to begin the setup.
Figure B-6 Successful installation window
488
IBM Workplace Services Express
8. The window will change to show “Welcome to Domino Server Setup,” as
shown in Figure B-7. Click Next.
Figure B-7 Domino setup window
Appendix B. Installing Domino (optional)
489
9. In the First or additional server window, select Set up the first server or a
stand-alone server, as shown in Figure B-8. Click Next.
Figure B-8 Set up single server
490
IBM Workplace Services Express
10.In the Provide a server name and title window, enter your values (you can
leave the title blank because it is not a required field), as shown in Figure B-9.
Click Next.
Figure B-9 Domino Server name and title
Appendix B. Installing Domino (optional)
491
11.In the Choose your organization name window, enter your values (in this
example, ibm) and provide a suitable password for the Organization Certifier,
as shown in Figure B-10. Keep this password somewhere safe, because you
will need it later. Click Next.
Figure B-10 Organization and Certifier password
492
IBM Workplace Services Express
12.Enter the Domino domain name and click Next, as shown in Figure B-11.
Figure B-11 Enter the Domino domain name
Appendix B. Installing Domino (optional)
493
13.In the Specify an Administrator name and password window, enter the name
Domino Admin with a suitable password, as shown in Figure B-12. As before,
keep this password somewhere safe.
Figure B-12 Domino Administrator name and password
494
IBM Workplace Services Express
14.When choosing which Internet services Domino should run, select all three
options, as shown in Figure B-13, and click Next.
Figure B-13 Domino services setup
Appendix B. Installing Domino (optional)
495
15.The Domino network settings window shows that all available ports have
been enabled and that setup has determined what the fully qualified domain
name of the server should be, as shown in Figure B-14.
Figure B-14 Domino network setup
496
IBM Workplace Services Express
16.In the Secure your Domino Server window, select Prohibit Anonymous
access to all databases and templates and Add LocalDomainAdmins
group to all databases and templates, as shown in Figure B-15. Click Next.
Figure B-15 Domino Server security setup
Appendix B. Installing Domino (optional)
497
17.The final window asks you to review and confirm the setup options. Click
Setup.
Figure B-16 Domino final setup window
When setup finishes, start the Domino server. For Windows environments, we
recommend that you start the Domino server as a Windows service the first time
you are prompted.
Install Domino Administrator and Lotus Notes Client
The Notes Client is required to administer and configure the Domino server. In
this example, we install the Notes Client to the same machine as the Domino
server. When installed to separate directories, the client and server can coexist;
however, this is not advised in a production environment.
Complete the following steps:
1. From the Notes Client install CD, select Notes Administration client and run
setup.exe. Click Next in the Welcome window, as shown in Figure B-17 on
page 499.
498
IBM Workplace Services Express
Figure B-17 Client Configuration Welcome window
2. Accept the license agreement and click Next.
3. Select a directory and click Next, as shown in Figure B-18.
Figure B-18 Notes installation directory
Appendix B. Installing Domino (optional)
499
4. Now, select the client to install and click Next, as shown in Figure B-19.
Figure B-19 Select client type
5. When prompted for a user name, enter the name of the Domino Administrator
you created (in this example, Domino Admin) and the host name for the
Domino server, as shown in Figure B-20. Click Next.
Figure B-20 User Information window
500
IBM Workplace Services Express
6. Clear the Setup instant messaging option and click Next, as shown in
Figure B-21.
Figure B-21 Clear the Setup instant messaging option
7. On the Additional Services window, clear all options and click Finish, as
shown in Figure B-22.
Figure B-22 Notes Client setup final window
Appendix B. Installing Domino (optional)
501
8. The Notes Client will now connect to the server and perform some local setup
activities. Note that this will take a couple of minutes to complete before
displaying the window shown in Figure B-23.
Figure B-23 Directory Profile setup
9. Set the field values, as shown in Figure B-23, and click Save & Close.
Now that your Domino environment is set up, you can proceed to configure
Workplace Services Express to work with Domino LDAP as described in 7.4.1,
“Preparing Domino for Workplace Services Express” on page 290.
502
IBM Workplace Services Express
C
Appendix C.
Additional material
This IBM Redbook refers to additional material that can be downloaded from the
Internet as described here.
© Copyright IBM Corp. 2005. All rights reserved.
503
Locating the Web material
The Web material associated with this redbook is available in softcopy on the
Internet from the IBM Redbooks Web server. Point your Web browser to:
ftp://www.redbooks.ibm.com/redbooks/SG246758
Alternatively, you can go to the IBM Redbooks Web site at:
ibm.com/redbooks
Select Additional materials and open the directory that corresponds with the
redbook form number, SG24-6758.
Using the Web material
The additional Web material that accompanies this redbook includes the
following files:
File name
updatetheme.xml
TeamCalTemplate.xml
IndexUpdater.zip
Description
Contains a sample XML file to set the IBM
Workplace Services Express theme to be the
default.
Contains a sample XML file to create a team
calendar application.
Utility you can use to set the Search index update
time.
How to use the Web material
Create a subdirectory (folder) on your workstation, and unzip the contents of the
Web material ZIP file into this folder.
Updatetheme.xml
The updatetheme.xml file can be used to update the default theme for Workplace
Services Express to the IBM Workplace Services Express theme. See 8.10,
“Themes” on page 458 for details about how to use this XML file.
TeamCalTemplate.xml
The TeamCalTemplate.xml file is a prebuilt template that can be imported into
Workplace Services Express to provide a team calendar application. See
“Importing the supplied template” on page 453 for details about how to use this
XML file.
504
IBM Workplace Services Express
IndexUpdater.zip
Perform the following instructions to configure the Search index update utility:
1. Modify indexupdater.bat:
– Set WAS_HOME to the proper directory.
– Set WPS_HOME to the proper directory.
2. Modify testenv.properties:
– Set authoring.server to your Portal server (for example,
http://wse.ibm.com/lwp/wcp):
http://<your_server>/lwp/wcp
– Set setup.userId and setup.password to a valid login name and password
on the Portal server (wpsadmin, for example).
3. Run the indexupdater.bat file (make sure to execute under the WebSphere
JVM; it does not work with Sun JVM).
Important: The utility invokes the Java program. Before launching the
utility, be sure that the Java program is in your PATH environment and can
be accessed from the command line in your current directory.
Appendix C. Additional material
505
506
IBM Workplace Services Express
Related publications
The publications listed in this section are considered particularly suitable for a
more detailed discussion of the topics covered in this redbook.
IBM Redbooks
For information about ordering these publications, see “How to get IBM
Redbooks” on page 508. Note that some of the documents referenced here may
be available in softcopy only.
򐂰 IBM WebSphere Portal V5: A Guide for Portlet Application Development,
SG24-6076
򐂰 WebSphere Portal Collaboration Security Handbook, SG24-6438
򐂰 Portalizing Domino Applications: Integration with Portal 5.02 and Lotus
Workplace 2.0.1, SG24-6466
򐂰 IBM Lotus Domino Application Portlet: Configuration and Tips, REDP-3917
򐂰 Understanding LDAP: Design and Implementation, SG24-4986
򐂰 IBM WebSphere V5.0 Security, SG24-6573
򐂰 Building a Component for IBM Workplace, REDP-3952
Search the Lotus domain on the IBM Redbooks Web site for the latest Redbooks
and Redpapers about other Workplace topics:
http://publib-b.boulder.ibm.com/redbooks.nsf/portals/Lotus
Online resources
These Web sites and URLs are also relevant as further information sources:
򐂰 IBM developerWorks for IBM Workplace
http://www.ibm.com/developerworks/workplace/
򐂰 IBM Workplace Services Express product documentation
http://www.lotus.com/products/product5.nsf/wdocs/productdoc
򐂰 IBM WebSphere Portal Information Center
http://publib.boulder.ibm.com/pvc/wp/500/ent/en/InfoCenter/index.html
© Copyright IBM Corp. 2005. All rights reserved.
507
򐂰 WebSphere Portal and IBM Workplace Collaboration Services Catalog
http://catalog.lotus.com/wps/portal/portal
򐂰 Lotus Domino Documentation
http://www.lotus.com/ldd/notesua.nsf/0b345eb9d127270b8525665d006bc355/8313e
8d10f025dee8525698100541f6d?OpenDocument
򐂰 IBM Tivoli Directory Server information center
http://publib.boulder.ibm.com/tividd/td/IBMDirectoryServer5.2.html
򐂰 IBM Workplace Services Express 2.0 Best Practices Guide
ftp://ftp.lotus.com/pub/lotusweb/workplace/best_practices.pdf
򐂰 “Introduction and guide to Lists portlets in IBM Workplace Services Express
2.0”
http://www.ibm.com/developerworks/lotus/library/wse-lists/
򐂰 “Office 2003 vs. OpenOffice.org” by Jason Brooks in eWeek, April 26, 2004
http://www.eweek.com/article2/0,1759,1571626,00.asp
How to get IBM Redbooks
You can search for, view, or download Redbooks, Redpapers, Hints and Tips,
draft publications and Additional materials, as well as order hardcopy Redbooks
or CD-ROMs, at this Web site:
ibm.com/redbooks
Help from IBM
IBM Support and downloads
ibm.com/support
IBM Global Services
ibm.com/services
508
IBM Workplace Services Express
Index
A
Access Permissions 230
Access to versions 164
Actions - Edit link 97
Actions available for the Instant Contacts portlet. 67
Actions link 40–41
Active Directory 286, 435
Add a credential vault 267
Add a new user 67
Add document to library 156
Add new theme window 203
Adding a base DN to your LDAP server 387
Adding a Logo 205
Adding a new page 81
Adding additional views to the Domino Databases
portlet 282
Adding Columns to a view. 133
Administration 30
administrator ID 263, 300
Administrator Login 238
Administrator version of Actions link 42
Advanced People Finder search page 71
Alias Directory 229
application component 75
application programming interface (API) 9
Applications 76
Applications and templates 73
Archive a chat 62
Attachment field values 116
Attribute type selection 308
attributeMap tag 353
attributeMap wmmAttributeName 311
Authentication Methods 470
B
Backup and recovery 462
base DN 287
Basic policy settings 34
Bubbles theme 195
C
cacerts 338
© Copyright IBM Corp. 2005. All rights reserved.
cascading style sheets (CSS) 188
Change Owner 101
changing LDAP port after configuration 433
changing LDAP server name after configuration
433
chat room 57
Close Template Roles 103
CMS Key Database
file 421
Collaboration and notification 180
Common Name (CN) 315
Community and collaboration 64
Configuration Wizard 311
Configuration Wizard options 479
Configure document library 146
Configure WebSphere Member Manager to use
ibm-appUUID 438
Configure Workplace Services Express to access
Domino LDAP using SSL 345
Configure Workplace Services Express to access
LDAP using SSL 382
Configuring authentication in the Domino Application portlet 279
Configuring Domino Web Access portlet for calendar 266
Configuring the Announcement portlet 120
Configuring the Consolidated Mail portlet for Exchange 270
Configuring the Domino Application portlet 279
Configuring the Domino Databases (Notes View)
portlet 280
Configuring the Notes View in the Domino Databases portlet 282
Configuring the survey list 122
Configuring Workplace Services Express for Active
Directory 346
Configuring Workplace Services Express for Tivoli
Directory Server 384
Configuring Workplace Services Express to use IBM
HTTP Server 223
Configuring Workplace Services Express to use IIS
227
Configuring Workplace Services Express to work
with Domino LDAP 290
509
Confirm LDAP filters 378
Consolidated Mail portlet 184, 261
Consolidated Mail portlet configured for Exchange
272
Convert a document 185
core skills recommended for troubleshooting 426
Create a document using internal editors 158
Create a document with workflow enabled 167
Create a new agent 302
Create a new folder 171
Create a new Team Space 58
Create a new view 172
Create application window 456
Create attribute 350
Create ibm-appUUID attribute 436
Create ibm-appUUIDAux object class 437
Create New attribute 437
Create New Attribute fields 351
Create new category 54
Create New Host Alias 257
Create New page 110
Create New Schema Class 438
Create new template 451
Create new version 164
Create self-signed certificate 248
Create wpsadmins group 294
Creating a List from the Custom list portlet 125
Creating a new form template 483
Creating a new policy 34
Creating a new role 91
Creating a new Template from an Application 100
Creating a self-signed certificate 340
Creating the base theme 200
Credential Vault Slots 432
Cross-style cursor 47
Customize online status 65
Customizing a parameter 89
Customizing the Announcements list portlet 119
Customizing the Minutes list portlet 113
Customizing the Survey list portlet 121
D
Database and LDAP 14
Database options 481
DB2 logs/traces 430
Default bannerGraphicBottom.jpg for Workplace
Services Express 206
Default bannerGraphicTop.jpg for Workplace Ser-
510
IBM Workplace Services Express
vices Express 206
Default properties file for security_domino.properties 327
default theme 193, 457
Default.jsp 189
Default_host window 256
Deleting a template 103
Deploying the Agenda list portlet to a page 52
Deploying the List portlets 109
Deploying the template as an application 95
deployment.user 432
Desktop Component 142
Desktop Components installation 150
Desktop Components installation, choose local directory 152
Desktop Components installation, create local directory 152
Desktop Components installation, installation directory 150
Desktop Components installation, license agreement 149
Desktop Components installation, plug-in setup
151
Desktop integration 146
Disable security 320
task 408
Disabling security 323
Discussion forum 61
DNS name 23, 287
Document copying error 500 example 468
document indicator 141
document libraries 140
document library 4, 35, 72, 140, 429, 481
advanced management 40
level 163
list 140
portlet 140
template level 178
Document locked 170
Document locking icon 170
Document Manager 57, 140
content 146
Desktop Component 142
interface 173
main page 142
node 154
plug-in 148
portlet 141
portlet interface 171
resource 176
search 175
server 151
task 157
Upload Monitor 151
Upload Monitor icon 156
Upload Monitor window 156
window 154
Document Manager tasks 157
Document names 468
Document properties 159
Document security 177
Document size 468
Documents 466
Documents advanced search 174
Documents conversion 184
Documents Members access 178
Documents security 175
domain name (DN) 313
Domino
Certificate Authority 339
Domino and Workplace Services Express configuration 261
Domino Application
portlet 54, 278
Portlet icon 278
portlet window 279
Domino Application portlet 53
Domino Certificate Authority application 339
Domino Directory
ACL 295
database 302
server certificate 338
template 300
Domino LDAP SSL settings 342
Domino menu 241
Domino portlet parameters 90
Domino server 90, 237, 301, 486
Domino Web Access
portlet 261
portlet icon 263
Domino Web Access portlet 265
dominoUNID field 297
Drafts folder 168
drag and drop 46
E
Edit my profile link 210
Edit option 41
Enable LDAP security 325
enabling tracing 429
environment with an existing SSL 249
environment without SSL 244
error message 428
Example LDAP tree 391
Example survey form 124
Exchange 5.5
server 273
Exchange portlet 267
Exporting a template 103
External HTTP Server 217
F
Field type selection window 128
Field values for Project 115
File attachment field 115
Filter options for a customized list 109
Filter Properties 232
Flyout Page 49, 190, 444, 483
H
Host Aliases window 256
host name 18, 223, 312, 430
HTTP 14
HTTP port 227
HTTP Server
name 227
section 257
HTTP server 11, 215, 338, 433
DNS name 250
Enabling SSL 250
host name 226
HTTP traffic 224
httpd.conf file 223
I
IBM DB2 14
IBM Directory Server
Configuration Tool 390
documentation 421
key management tool 421
URL 387
Web Administration Tool 388
IBM Directory Server 5.1
Web Administration Tool 387
Index
511
IBM Directory Server V5.1 436
IBM Directory Server Web Administration Tool 387
managing console servers 389
IBM HTTP Server 217, 338
2.0.42.1 477
2.0.49 477
key management utility 342
service 251
IBM Lotus
Domino LDAP 315
IBM Tivoli Directory Server 420
5.2 385
documentation 384
IBM Workplace 1
application 9
family 3
product 2
Services Express 1
Services Express 2.0 Information Center 440
Services Express administrator 347
Services Express administrator group 347
Services Express product 15
Services Express theme 193
solution 2
strategy 1
IBM Workplace family of products 3
IBM Workplace Services Express terminology 9
IIS Manager 227–228
IIS Properties 231
IIS Service Manager 471
IKeyMan main window 245
IKeyMan utility 244, 343
IMAP e-mail 3
Import Key 242
Importing certificates to a WebSphere Application
Server keystore 343
informational messages 428
Input values for Project description field 132
Input values for Start Date 131
Input values for the Project plan field 132
Install and system logs 427
Install Directory 22
install logs 427
Install Type 219
Install Verification 25
Installation Summary 221
Instant Contact 48
available actions 67
Instant Contacts portlet 66
512
IBM Workplace Services Express
instant message 65
internal HTTP 224
J
J2EE application 10
Java Virtual Machine (JVM) 12
JavaScript errors 426
JRE used by Internet Explorer 467
JVM settings 443
K
key database 244, 344
Key Ring 246, 339
Key Ring Password 246
L
LDAP 314
Common Name (CN) 315
default port 389 315
SSL port 636 315
LDAP Account 347
LDAP Basic 285
LDAP Basics 287
LDAP browser 290
Domino LDAP directory 317
LDAP directory 358
LDAP directory 14, 34, 65, 207, 290, 485
connection 287
schema 14, 290
stores attribute 14, 290
LDAP directory schema 14
LDAP entry 315
Active Directory 354
LDAP filter 378
LDAP information 357
LDAP on Linux 435
LDAP option 312
LDAP Port 345
LDAP server 6, 34, 285, 427, 477
fully qualified DNS server name 288
LDAP settings in administrative console 433
LDAP SSL security settings in WebSphere 345
LDAP system 388
fully qualified DNS name 388
LDAP troubleshooting 433
ldapRepository name 346
ldapsearch 314
ldapsearch command 315
ldapsearch tool 314
LDIF file 390
first entry 391
Lightweight Directory Access Protocol (LDAP) 287
Link to a document 183
Linux 2, 17, 145, 200, 226
list portlet 6, 112, 118
Lists 104, 449
Lists tab on My Workplace 111
Live name menu in Instant Contacts for active person 69
Live name menu in Instant Contacts for inactive person 69
Load a document from library 157
Loading Workplace Services Express 27
Lock a document 169
Login page 211
lookaside database 14, 290
Lotus Domino
database 75
Directory 262
Directory Property 262
Directory server 262
Directory server name 262
Enterprise server 326
Lotus Domino Directory
Property 263
Lotus SmartSuite
file type 184
setting 185
Lotus Workplace
Builder theme 194
protocol server 12
service 13
Lotus Workplace protocol server 13
LTPA 239, 313, 462
LTPA key 239–240, 313
LTPA Token timeout setting 463
M
Mail and calendar 261
mail server 261
Manage user policy list 33
Manually specifying a users mail file 264
Member Manager 11, 290
extID value 309
Members management 180
Members portlet 59, 179
Menu options 41
Menu with no Sign up link 208
N
New Category and Domino Application portlet 56
New category name - My Portlets 54
New database file 245
New logo graphic 206
New page name window 111
nls.engine 208, 260
Notes installation directory 499
O
Optimization 440
Options for data transfer 480
Organization and certifier password 492
Organize list action 68
P
Page Content window 82
Pages and Layouts 81
Pages and Layouts - Appearance 86
Pages and Layouts - Locks 87
Pages and Layouts for template 451
Palette 49
Palette edit button 53
Palette slider. 50
Parameters 88
People awareness 65
People Finder 70
capability 4
portlet 65
People Finder portlet using the MistWithBorders
skin 198
People Palette 484
People Palette button 484
People view 291
Personal Certificates 247
populated list 66
Port 389 315
Port 636 315
Portal Document Manager (PDM) 13
Portal security properties 322
Portal settings 39
Portal User Interface 35
portlet 5, 36, 48, 136, 140, 261, 431
Index
513
Portlet buttons 113
portlet configuration 263
section 267
step 266
portlet container 10
Portlet Directory 472
Portlet Palette 112
PreferredLanguage attribute 350
Presentation Editor 162
Preview 92
Problem isolation for troubleshooting 426
Project Manager field 130
Project manager search icon 134
Properties tab of the Custom portlet 126
R
Read-only access 175, 347
Redbooks Web site 508
Contact us xiv
Register a user 292
Register all people 293
Reload LDAP schema 301
Remove Edit my profile link 210
Remove Sign up link 207
Replacing default Workplace Services Express
graphic 206
Required components for templates and applications 77
Requirements 18
Roles 76, 90
Run the LDAP configuration wizard 402
Runtime issues 431
S
Scheduling archives 63
Search 72
Search Directory window 134
Search results and online center menu 72
Searching for and adding users 103
Security settings for wpsadmins group 296
self-certified certificate
key ring 340
self-signed certificate 244, 338, 420
Sending a document link 182
Sending a folder link 182
Server configuration document 306
server1 12
Service Provider Interface (SPI) 9
514
IBM Workplace Services Express
Session Initiation Protocol (SIP) 65
Set document access 177
Set folder access control 176
Set Internet password 293
Setting template roles 101
Setting the new theme to be the default theme 203
Sign up link 207
single sign-on (SSO) 215
SMTP 13
SMTP configuration 17
SMTP configuration for iCalendar 42
SMTP Outbound/Local Delivery options panel 43
software development kit (SDK) 9
Spreadsheet editor 161
SQL query 277
SSL port 257, 315
SSO document 241
SSO Key Directory 242
SSO Key Warning 242
SSO Password 242
SSO solution 333
style sheets 212, 458
supplied portlets 275
SystemErr.log 428
SystemOut.log 428
T
Team Calendar 49, 446
application 504
component 43
new application 457
portlet 452
XML template file 453
Team Calendar date parsing error 447
Team Collaboration
Cell-Wide setting 32
Team Space 3, 35, 57, 427
member 61
moderator 61
new Team Space 57
root level 449
text strings 57
Team Space details 59
Team Space templatable exception example 445
Template Library 79, 453, 482
list 100
Template Pages and Layouts 81
Template properties 80
Template Roles 102
Template Roles page 101
Template Users 102
Templates 75, 450
Templates for Team Spaces 58
Templates link 458
Templates link in Workplace Services Express 32
test environment 34, 281
Theme Galaxy 195
Theme Slate 195
Themes 458
Themes and skins 188
Themes and Skins window 202
Tools button 142
Trace settings 429
troubleshooting
error, warning, and informational messages
428
install logs 427
LDAP on Linux 435
recommended core skills 426
Trace settings 429
WebSphere and Workplace System logs 428
Troubleshooting methodology (problem isolation)
426
Troubleshooting overview 426
U
Understanding the LDIF file 391
Update Web Server Plugin 258
Updating the services file for Workplace Services
Express 309
URL address 29
User ID 24, 220
user ID
short form 312
User information window 500
user registry 13, 67, 207, 285, 447
self register 207
user wpsadmin 53, 262
Using local IBM HTTP Server 223
Using local IIS Server 227
Using remote IBM HTTP Server 225
Using remote IIS Server 234
Using SSL with Workplace Services Express 244
V
Versions status 165
View configuration 117
View Definition 134
View parameters 173
View results 173
Viewing and editing a template 101
Views in the survey portlet 124
Virtual Alias Name 229
Virtual Directory Creation Wizard 228
Virtual Host 224
W
Warning message 350
warning messages 428
Warning on version control 165
WCM.properties 73, 181
Web archive 10, 36
Web browser 3, 19
Web Configuration View 241
Web content 15
Web page
portlet 92
Web server
configuration file 257
plug-in setting 224
Web SSO Configuration 243
WebSphere and Workplace System logs 428
WebSphere Application Server 10, 223, 337
admin 428
administration 17, 382
administrator 385
capability 12
documentation 259, 421
key management tool 338
key management utility 342, 421
LDAP 338
plug-in 227
WebSphere Application Server - Express 387
WebSphere Application Server - Express and Directory Server Web Administration Tool 387
WebSphere Application Server menu 239, 255,
258
WebSphere Application Server user name and
password 321
WebSphere Member Manager 14, 290
WebSphere Portal 13, 81, 275, 290
Administration area 81
component 15
Content Publisher 13
Index
515
environment 197
infrastructure 15
log 428
page 188
Portlet Catalog 8
property broker 136
server 12, 317, 426
Server key database 344
theme 188
Web-enabled Domino application 278
WebSphere Portal log 429
WebSphere_Portal application server settings 465
What is IBM Workplace Services Express? 3
What is IBM Workplace? 2
Word processor editor 160
Workplace administration navigator 33
Workplace application 9, 32
category 10
polices 32
property 10
Workplace component 9, 31
Workplace object 76
Workplace Services Express architecture 10
Workplace Services Express host name 23
Workplace Services Express installation 19
Workplace Services Express login 30
Workplace Services Express palette flyout page 51
Workplace Services Express template construction 76
Workplace Services Express V2.5 architecture 476
Workplace solution 8
wpconfig.properties 224, 433
wps
text key 208, 260
wpsadmins group 294
WSDL file 136
X
XML file 9, 103, 435, 504
XML Metadata Interchange (XMI) 200
516
IBM Workplace Services Express
IBM Workplace Services
Express
(1.0” spine)
0.875”<->1.498”
460 <-> 788 pages
Back cover
®
IBM Workplace Services
Express
A new team
collaboration
solution with an
integrated portal
Deployment and
configuration
Troubleshooting
hints and tips
IBM Workplace Services Express is software that makes it
easy for you, your colleagues, your teams, and your entire
organization to quickly collaborate and effectively work
together. Designed specifically for small and medium-sized
organizations with less than a thousand employees, or
departmental needs in larger organizations, Workplace
Services Express enables you to easily create, edit, and share
documents from your own customized Workplace
environment. This IBM Redbook will introduce you to
Workplace Services Express and its features and tell you how
to deploy and customize it.
INTERNATIONAL
TECHNICAL
SUPPORT
ORGANIZATION
Whether you are a line-of-business manager who wants to
understand the business value of Workplace Services
Express, an administrator who wants to install it, or an
application developer who wants to customize it, this
Redbook is for you.
IBM Redbooks are developed by
the IBM International Technical
Support Organization. Experts
from IBM, Customers and
Partners from around the world
create timely technical
information based on realistic
scenarios. Specific
recommendations are provided
to help you implement IT
solutions more effectively in
your environment.
BUILDING TECHNICAL
INFORMATION BASED ON
PRACTICAL EXPERIENCE
For more information:
ibm.com/redbooks
SG24-6758-00
ISBN 0738493546
Download