IBM Connections 5.5install These were the steps I followed to install IBM Connections 5.0. Everything was installed on a single server. IBM Connections 5.5install ............................................................................................................ 1 1. Software .................................................................................................................................. 2 1.1. Post Install Fixes .............................................................................................................. 3 2. Install WebSphere 8.5.5.6 ....................................................................................................... 7 2.1. Install IBM Install Manager ............................................................................................. 7 2.2. Install WAS Cell ............................................................................................................ 10 2.3. Create the WebSphere Application Server cell .............................................................. 17 3. Enable security with LDAP .................................................................................................. 23 3.1. Start the DMGR and nodeagent ..................................................................................... 23 3.2. Enable security with an LDAP Directory ...................................................................... 23 4. Install DB2 10.5 fixpack 6 .................................................................................................... 37 4.1. Install DB2 10.1 Enterprise Server ................................................................................ 37 4.2. Install DB2 10.5 fp6 ....................................................................................................... 45 5. Create the Connections Databases ........................................................................................ 49 5.1. Create a dedicated db2 user for IBM Connections ........................................................ 49 5.2. Create Connections databases with wizard .................................................................... 54 6. Install and configure Tivoli Directory Integrator 7.1.1 fp3 .................................................. 58 6.1. Install Tivoli Directory Integrator 7.1.1 ......................................................................... 58 6.2. Install TDI 10.1.1 fixpack 3 ........................................................................................... 66 6.3. Configure TDI ................................................................................................................ 67 7. Populate the profiles database using wizard ......................................................................... 68 7.1. Copy tdisol directory to keep profiles and LDAP in sync ............................................. 74 7.2. Update profiles_tdi.properties ........................................................................................ 74 8. Install and Configure IBM HTTP Server 8.5.5.7.................................................................. 75 8.1. Install IBM HTTP Server 8.5.5.7 ................................................................................... 76 8.2. Configure Plug-In with WebSphere Customization toolbox ......................................... 82 9. Configure SSL on IBM HTTP Server .................................................................................. 91 9.1. Create the SSL key file for IHS ..................................................................................... 91 9.2. Configure httpd.conf to listen over ssl ........................................................................... 94 9.3. Add the HTTP Server certificate to WebSphere trust store ........................................... 95 10. Install IBM Connections 5.5 .............................................................................................. 99 10.1. Set the JVM heap size .............................................................................................. 114 10.2. Configure HTTP Server plugin with Connections ................................................... 116 10.3. Start IBM Connections ............................................................................................. 118 11. Configure additional IBM HTTP Server settings ............................................................ 118 11.1. Configure HTTP Server to compress some files ...................................................... 119 11.2. Configure Connections to use IHS to download files .............................................. 120 11.3. Conifgure Connections to use IHS to upload files ................................................... 120 12. Configure IBM Connections Content Manager Libraries ............................................... 120 12.1. Create Filenet Global Configuration Domain (GCD) .............................................. 120 12.2. Create FileNet ObjectStore ....................................................................................... 122 13. Apply Connections 5.5 Recommended updates .............................................................. 123 13.1. Install the Day1 ifixes ............................................................................................... 123 1. Software I downloaded the following files prior to installing: The following document has more details: http://www01.ibm.com/support/docview.wss?uid=swg24041291 IBM Connections V5.5 for IBM Connections Suite V5.5 Multiplatform Multilingual eAssembly (CRY8MML) IBM Connections V5.5 for Windows Multilingual (CN808ML ) IBM Connections V5.5 Wizard for Windows Multilingual (CN80DML ) NOTE: DO NOT download the wizard directory from the eAssembly, use the one from the day 1 fixes instead http://www933.ibm.com/support/fixcentral/swg/selectFixes?parent=Collaboration%2BSolutions &product=ibm/Lotus/Lotus+Connections&release=5.5.0.0&platform=All&function= all IBM DB2 Server V10.5 for Windows on AMD64 and Intel EM64T systems (x64) Multilingual (CIW3YML ) IBM Tivoli Directory Integrator Identity Edition V7.1.1 for Windows - x86-64, Multilingual (CZUF7ML ) NOTE: wrong one showing in eAssembly IBM WebSphere Application Server Network Deployment V8.5.5 (1 of 3) for Multiplatform Multilingual (CIK2HML ) IBM WebSphere Application Server Network Deployment V8.5.5 (2 of 3) for Multiplatform Multilingual (CIK2IML ) IBM WebSphere Application Server Network Deployment V8.5.5 (3 of 3) for Multiplatform Multilingual (CIK2JML ) IBM WebSphere Application Server V8.5.5 Supplements (1 of 3) for Multiplatform Multilingual (CIK1VML ) IBM WebSphere Application Server V8.5.5 Supplements (2 of 3) for Multiplatform Multilingual (CIK1WML ) IBM WebSphere Application Server V8.5.5 Supplements (3 of 3) for Multiplatform Multilingual (CIK1XML ) IBM Connections Content Manager V5.5 for IBM Connections Suite V5.5 Multiplatform Multilingual eAssembly (CRY8NML) IBM FileNet Content Engine V5.2.1 Windows Multilingual (CN216ML ) IBM FileNet Content Engine Client V5.2.1 Windows English (CN225EN ) IBM Content Navigator V2.0.3 for IBM Connections Enterprise Content Edition (CECE) V5.2 Multiplatform Multilingual eAssembly (CRVX7ML) IBM Content Navigator V2.0.3 Windows Multilingual (CN0PVML ) Additional optional components that are not used during this install IBM Connections V5.5 for IBM Connections Suite V5.5 Multiplatform Multilingual eAssembly (CRY8MML) IBM Connections V5.5 Cognos Wizard for Windows Multilingual (CN80GML ) IBM Cognos Business Intelligence Server 64-bit 10.2.2 Microsoft Windows Multilingual (CN1YPML ) IBM Cognos Business Intelligence Transformer 10.2.2 Microsoft Windows Multilingual (CN1Z0ML ) Ephox Editors V3.0.1 for IBM Connections V5.5 Multiplatform Multilingual (CN80QML ) IBM Connections Community Surveys V5.5 Windows Multilingual (CN80KML ) 1.1. Post Install Fixes NOTE: These are what I downloaded on 23 December 2015. Check the following location for the latest supported releases: http://www-01.ibm.com/support/docview.wss?uid=swg27047297 IBM Connections Day 1 fixes: http://www933.ibm.com/support/fixcentral/swg/selectFixes?parent=Collaboration%2BSolutions&pr oduct=ibm/Lotus/Lotus+Connections&release=5.5.0.0&platform=All&function=all interim fix: 5.5.0.0-IC-Multi-IFLO87330 interim fix: 5.5.0.0-IC-Common-IFLO87469 interim fix: 5.5.0.0-IC-D1-DBWizard-LO87408-Windows refresh pack: 5.5.0.0-IC-Multi-UPDI-20151218 Optional components in Day 1 fixes not used in this part of the install interim fix: 5.5.0.0-IC-D1-CognosWizard-LO87407-Windows refresh pack: 5.5.0.0-IC-D1-MigTool 5.5.0.0-TypeAhead-20151218 NOTE: This requires being installed on a Linux machine, so is not done in this environment. WebSphere Application Server, IBM HTTP Server and plug-ins 8.5.5 fixpack 7 http://www-01.ibm.com/support/docview.wss?uid=swg24040533 TDI 7.1.1 - fixpack 3: http://www-01.ibm.com/support/docview.wss?uid=swg27010509 NOTE: The fix central link on this page did not work for me, so I used http://www.ibm.com/support/fixcentral/swg/quickorder?product=ibm/Tivoli/Tivo li+Directory+Integrator&release=7.1.1&platform=Windows&function=fixId&fixi ds=7.1.1-TIV-TDIFP0003&includeRequisites=1&includeSupersedes=0&downloadMethod=ddp&so urce=fc DB2 10.6 - Fixpack 6: http://www-01.ibm.com/support/docview.wss?uid=swg27007053 DB2 Universal Fix pack and DB2 Data Server Client FileNet Components FileNet Content Engine 5.2.1 FP2 and Content Engine Client 5.2.1 FP2 http://www.ibm.com/support/fixcentral/swg/quickorder?parent=FileNet%2BProd uct%2BFamily&product=ibm/Information+Management/FileNet+Content+Engin e&release=5.2.1.2&platform=All&function=all&useReleaseAsTarget=true&sour ce=fc fix pack: 5.2.1.2-P8CPE-WIN-FP002 fix pack: 5.2.1.2-P8CPE-CLIENT-WIN-FP002 IBM Content Navigator 2.0.3 FP5 http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Enterprise%2BC ontent%2BManagement&product=ibm/Other+software/Content+Navigator&relea se=2.0.3&platform=All&function=all&source=fc Make sure to get the 2.0.3-ICN fixpack for your OS: fix pack: 2.0.3-ICN-FP005-WIN 2. Install WebSphere 8.5.5.6 This step involves setting up a DMGR server, 1 managed node (in this case I installed everything on 1 system, so I installed a cell). Software Needed for this step: IBM Connections V5.5 for IBM Connections Suite V5.5 Multiplatform Multilingual eAssembly (CRY8MML) IBM Connections V5.5 for Windows Multilingual (CN808ML ) extracted to C:\Downloads\ic55\IBM_Connections_Install IBM WebSphere Application Server Network Deployment V8.5.5 (1 of 3) for Multiplatform Multilingual (CIK2HML ) IBM WebSphere Application Server Network Deployment V8.5.5 (2 of 3) for Multiplatform Multilingual (CIK2IML ) IBM WebSphere Application Server Network Deployment V8.5.5 (3 of 3) for Multiplatform Multilingual (CIK2JML ) each extracted into the same directory C:\Downloads\ic55\WAS855 WebSphere Application Server fixpack 7 - http://www01.ibm.com/support/docview.wss?uid=swg24040533 both parts extracted into the same directory C:\Downloads\ic55\WAS855fp7 2.1. Install IBM Install Manager Extract the IBM Connections V5.5 for Windows Multilingual (CN808ML ) download and run C:\Downloads\ic55\IBM_Connections_Install\IM\windows\install.exe 1. 2. 3. 4. 5. 2.2. Install WAS Cell First, make sure you have extracted the following downloads: IBM Connections V5.5 for IBM Connections Suite V5.5 Multiplatform Multilingual eAssembly (CRY8MML) IBM WebSphere Application Server Network Deployment V8.5.5 (1 of 3) for Multiplatform Multilingual (CIK2HML ) IBM WebSphere Application Server Network Deployment V8.5.5 (2 of 3) for Multiplatform Multilingual (CIK2IML ) IBM WebSphere Application Server Network Deployment V8.5.5 (3 of 3) for Multiplatform Multilingual (CIK2JML ) each extracted into the same directory C:\Downloads\ic55\WAS855 WebSphere Application Server fixpack 7 - http://www01.ibm.com/support/docview.wss?uid=swg24040533 both parts extracted into the same directory C:\Downloads\ic55\WAS855fp7 To install we will use the Install Manager we just installed. If it's not running, go to Start - Apps - IBM Installation Manager - IBM Installation Manager 1. Go to File Preferences .... to add the WebSphere repository to IBM Install Manager 2. 3. 4. Now do the same for the 8.5.5 fix pack 7 5. Uncheck Search service repositories during installation and update and click Ok 6. Click Install 7. 8. 9. NOTE: It's best to provide a path without spaces, so I removed Program Files (86) 10. NOTE: Again, make sure to provide a path without spaces, I again removed Program Files (86) 11. 12. 13. 14. 2.3. Create the WebSphere Application Server cell Now that the install is complete we will create a cell because all services are installed on a single machine. NOTE: If you did not Start the Profile Management Tool in the last step, you can do that now by going to Start - Apps - IBM WebSphere - Profile Management Tool 15. 16. Again, I chose cell here because everything is installed on a single machine. A more likely scenario would be the DMGR and Connections Node(s) are on different machines. In which case you would install the DMGR first (choosing Management here) then install the primary node second (choosing Application server here) then federated the node with the DMGR using the addNode.bat command. 17. 18. People typically chose wasadmin here, I like to use localadmin to remind myself that this is a user created in the local WAS filestore. Either way is fine, just make sure this user does not exist in LDAP. 19. 20. 21. WebSphere Application Server is now installed on the machine 3. Enable security with LDAP In this process we will start WAS and enable security 3.1. Start the DMGR and nodeagent 1. Start the DMGR by running: C:\IBM\WebSphere\AppServer\profiles\Dmgr01\bin>startManager.bat 2. Start the nodeagent by running C:\IBM\WebSphere\AppServer\profiles\AppSrv01\bin>startNode.bat 3.2. Enable security with an LDAP Directory 1. Open a browser to the DMGR Integrated Solutions Console (http://cprice55.swg.usma.ibm.com:9060/ibm/console) Because security is enabled, you will be redirected to the ssl port to login - if necessary accept the certificate 2. Login with the user created during the WebSphere Application Server install 3. Open Security – Global Security 4. Select Federated Repositories from the Available realm definitions field, and then click Configure. 5. Click Add Repositories 6. and then, on the Repository reference page, click New Repository - LDAP repository 7. On the New page, type a repository identifier, such as myFavoriteRepository (I used icldap IDSinto the Repository identifier field. Specify the LDAP directory that you are using in the Directory type field. Type the host name of the primary LDAP directory server in the Primary host name field. The host name is either an IP address or a domain name service (DNS) name. Provide values for the Bind distinguished name and Bind password fields. Specify the login attribute or attributes that you want to use for authentication in the Login properties field. Separate multiple attributes with a semicolon. For example: uid;mail. NOTE: I would recommend having the first attribute uid, if you use something other than uid as the first attribute, there are a number of post install steps that will need to be completed, it's just easiest if you keep uid as the first attribute in the login settings. Click Apply 8. and then Save 9. Set the base entry fields, and click OK NOTE: If this was Domino LDAP, set the first entry to root, and leave the second blank. 'root' is a special setting for WebSphere that tells it not to use a base. This will allow domino customer to find the user in the primary directory and all secondary directories, as well as all flat groups. All other LDAP directories, set the entry to the base of your directory. My LDAP directory is IBM Directory Server, so I set the base to dc=ibm,dc=com 10. and then Save 11. In the Repository Identifier column, click the link for the repository or repositories that you just added. 12. In the Additional Properties area, click the Federated repositories entity types to LDAP object classes mapping link. 13. Click the Group entity type and modify the object classes mapping. 14. Set the objectClass to the group objectClass for you directory, and add the search base for groups, Click Apply, NOTE: For IDS this is typically groupOfUniqueNames, ActiveDirectory this is typically Group Domino this is typically dominoGroup 15. and then click Save to save this setting. 16. You can do the same for PersonAccount, in my LDAP, we use inetOrgPerson, so I did not change anything IDS it typically inetOrgPerson Active Directory is typically person Domino is typically dominoPerson 17. In the navigation links at the top of the page, click the name of the repository that you have just modified to return to the Repository page. 18. Complete the following steps for group membership a. Click the Group attribute definition link in the Additional Properties area, b. and then click the Member attributes link. c. Click New to create a group attribute definition. d. Enter group membership values in the Name of member attribute and Object class fields. Click Ok IDS typically would be uniquemember : groupOfUniqueNames Active Directory typically would be member : group Domino typically would be member : dominoGroup e. and then click Save to save this setting. 19. Set the memberOf attribute to help with login performance a. Click on Group attribute definition to go back 1 level b. set the Name of group membership attribute to the attribute in the person record that contains the groups a user is a member of. IDS this is ibm-allgroups with scope of nested Active Directory this is memberOf with scope of direct Domino this is dominoAccessGroups with scope of nested For IDS and Domino set the scope to Nested, for AD use Direct, otherwise nested groups will not work correctly in AD Click OK c. Click Save 20. Enable Application security: a. Click Global Security in the navigation links at the top of the page. b. Select the Enable administrative security under Administrative Security and Enable application security under Application Security check boxes. Make sure the Java 2 security check box is unchecked and click Apply c. and then click Save to save this configuration. 21. Finally Enable Single Sign On settings. a. open Web and SIP security and select Single sign-on (SSO) b. Set the domain name to the hostname you use to access connections (.ibm.com), you can enable Interoperability mode if you want - if you do set LTPA V1 cookie name to LtpaToken (case is important) -- I did not enable this for my environment set LTPA V2 cookie name to LtpaToken2 (case is important) I recommend you uncheck Web inbound security attribute propagation and Set security cookies to HTTPOnly (this one must be unchecked if you want to enable Sametime awareness with an STProxy server) Click OK c. Save the configuration 22. Log out of the WebSphere Application Server Integrated Solutions Console and restart WebSphere Application Server a. Run C:\IBM\WebSphere\AppServer\profiles\Dmgr01\bin>stopManager.bat -username localadmin -password password b. Then C:\IBM\WebSphere\AppServer\profiles\Dmgr01\bin>startManager.bat 23. Verify that users in the LDAP directory have been successfully added to the repository: a. From the WebSphere Application Server Integrated Solutions Console, select Users and Groups > Manage Users. b. In the Search by field, enter a user name that you know to be in the LDAP directory and click Search. If the search succeeds the user exists in your LDAP directory. c. Click on the user, then click the Groups tab, you should see a list of groups the user belongs to 24. Once the DMGR is finding users correctly from LDAP, restart the nodeagent to pick up the changes by running a. C:\IBM\WebSphere\AppServer\profiles\AppSrv01\bin>stopNode.bat -username localadmin -password password b. C:\IBM\WebSphere\AppServer\profiles\AppSrv01\bin>startNode.bat 4. Install DB2 10.5 fixpack 6 In this step we will Install DB2. Software needed for this step: IBM Connections V5.5 for IBM Connections Suite V5.5 Multiplatform Multilingual eAssembly (CRY8MML) IBM DB2 Server V10.5 for Windows on AMD64 and Intel EM64T systems (x64) Multilingual (CIW3YML ) I extracted this to C:\Downloads\ic55\DB2105 DB2 10.6 - Fixpack 6: http://www-01.ibm.com/support/docview.wss?uid=swg27007053 DB2 Universal Fix pack 6 I extracted this to C:\Downloads\ic55\DB2105fp6 4.1. Install DB2 10.1 Enterprise Server 1. Run C C:\Downloads\ic55\DB2105\SERVER\image\setup.exe 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 4.2. Install DB2 10.5 fp6 In this step we will apply the DB2 10.5 fixpack 6. 1. Run C:\Downloads\ic55\DB2105fp6\UNIVERSAL\setup.exe Scroll down and click Work with Existing under DB2 Version 10.5 Fix Pack 6 Workgroup, Enterprise and Advanced Editions 2. 3. 4. 5. 6. 7. 5. Create the Connections Databases 5.1. Create a dedicated db2 user for IBM Connections 1. Click Start >Administrative Tools 2. Double click on Computer Management. 3. From the Computer Management console, select System Tools > Local Users and Groups. 4. Right-click Users and select New User. 5. Add a user named lcuser. Enter the required details, including the password. Clear the User must change password at next logon check box. Click Create. 6. Click Close. 7. Open the Users object, right-click lcuser, and select Properties from the context menu. 8. Click the Member Of tab and then click the Add button. 9. Type DB2USERS in the Enter the object names to select field, and click Check Names. 10. This should resolve to the local DB2USERS group, Click OK. 11. Click OK again to save your changes and Close the Computer Management console 5.2. Create Connections databases with wizard Software needed for this step: IBM Connections Day 1 fixes: http://www933.ibm.com/support/fixcentral/swg/selectFixes?parent=Collaboration%2BSolutions&product=i bm/Lotus/Lotus+Connections&release=5.5.0.0&platform=All&function=all interim fix: 5.5.0.0-IC-D1-DBWizard-LO87408-Windows Make sure to extract interim fix: 5.5.0.0-IC-D1-DBWizard-LO87408-Windows to a location on the DB2 Server. I extracted to C:\Downloads\ic55\Wizards NOTE: The download zip will extract an exe file (IBM_Connections_5.5_wizards_win.exe) then run the exe file which will extract the Wizard directory. 1. Log into the machine as the db2 administrator (db2admin) 2. Run C:\Downloads\ic55\Wizards\dbWizard.bat 3. 4. 5. 6. 7. 8. 9. 6. Install and configure Tivoli Directory Integrator 7.1.1 fp3 Software needed for this step: IBM Tivoli Directory Integrator Identity Edition V7.1.1 for Windows - x86-64, Multilingual (CZUF7ML ) TDI 7.1.1 - fixpack 3: http://www-01.ibm.com/support/docview.wss?uid=swg27010509 In this step, we will install TDI 7.1.1and apply fix pack 3. 6.1. Install Tivoli Directory Integrator 7.1.1 Extract IBM Tivoli Directory Integrator Identity Edition V7.1.1 for Windows - x86-64, Multilingual (CZUF7ML ) (I used C:\DownloadDirector\ic5\TDI711\TDI711) Because I am using Windows 2012, I have to launch the install a bit differently, the following technote has details on the first steps I going through to run the install of TDI. If this was Windows 2008, I could simply use launchpad.exe http://www-01.ibm.com/support/docview.wss?uid=swg21634336 1. Go to C:\Downloads\ic55\TDI711\windows_x86_64, right click on install_tdiv711_win_x86_64.exe and chose properties 2. Under the Compatibility mode section, set the check box to true for "Run this program in compatibility mode for" Under the drop down select Windows 7 . Click on OK to apply the compatibility mode. 3. Run install_tdiv711_win_x86_64.exe 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. Uncheck Start Configuration Editor and click Done 6.2. Install TDI 10.1.1 fixpack 3 Download and extract FP3 on the server. (I extracted to C:\Downloads\ic55\TDI711\TDI711pf3) 1. Copy UpdateInstaller.jar from C:\Downloads\ic55\TDI711\TDI711pf3\7.1.1-TIV-TDIFP0003 to C:\IBM\TDI\V7.1.1\maintenance overwriting the existing file 2. Copy amc.jar from C:\DownloadDirector\ic5\TDI711\TDI711pf3\7.1.1-TIV-TDI-FP0003 to C:\IBM\TDI\V7.1.1\lwi\runtime\isc\eclipse\plugins\AMC_7.1.1.0\WEB-INF\lib overwriting the existing file 3. RunC:\IBM\TDI\V7.1.1\bin>applyUpdates.bat -update " C:\Downloads\ic55\TDI711fp3\7.1.1-TIV-TDI-FP0003\TDI-7.1.1-FP0003.zip" 4. After the fix pack is installed, verify the Tivoli Directory Integrator fix pack version installed on your system by running C:\IBM\TDI\V7.1.1\bin\applyUpdates.bat -queryreg Information from .registry file in: C:\IBM\TDI\V7.1.1 Edition: Identity Level: 7.1.1.3 License: None Fixes Applied =-=-=-=-=-=-= TDI-7.1.1-FP0003(7.1.1.0) Components Installed =-=-=-=-=-=-=-=-=-= BASE SERVER -TDI-7.1.1-FP0003 CE -TDI-7.1.1-FP0003 JAVADOCS -TDI-7.1.1-FP0003 EXAMPLES EMBEDDED WEB PLATFORM AMC Deferred: false 6.3. Configure TDI 1. Copy the db2jcc.jar and db2jcc_license_cu.jar files from the java subdirectory of the directory where you installed DB2 (C:\IBM\SQLLIB\java).Paste the files into the jvm/jre/lib/ext subdirectory of Tivoli Directory Integrator. (C:\IBM\TDI\V7.1.1\jvm\jre\lib\ext) 2. Increase the runtime memory for TDI and disable the JIT compiler a. Edit C:\IBM\TDI\V7.1.1\ ibmdisrv.bat b. At the bottom of the file look for "%TDI_JAVA_PROGRAM%" -classpath "%TDI_HOME_DIR%\IDILoader.jar" %ENV_VARIABLES% com.ibm.di.loader.ServerLauncher %* change this to "%TDI_JAVA_PROGRAM%" -Xms256M -Xmx1024M -Xnojit -classpath "%TDI_HOME_DIR%\IDILoader.jar" %ENV_VARIABLES% com.ibm.di.loader.ServerLauncher %* c. Save and Close the file 7. Populate the profiles database using wizard Software needed for this step: IBM Connections Day 1 fixes: http://www933.ibm.com/support/fixcentral/swg/selectFixes?parent=Collaboration%2BSolutions&product=i bm/Lotus/Lotus+Connections&release=5.5.0.0&platform=All&function=all • interim fix: 5.5.0.0-IC-D1-DBWizard-LO87408-Windows 1. Copy the Wizards directory from the IBM Connections day 1 fixes download (interim fix: 5.5.0.0-IC-D1-DBWizard-LO87408-Windows) to the system where Tivoli Directory Integrator is installed. 2. Run C:\Downloads\ic55\Wizards\populationWizard.bat 3. 4. 5. 6. 7. 8. Set the base to match the case in the LDAP directory. 9. Update the mapping of any attributes in LDAP you want to sync over to the profiles database. The most important one is guid. By default this maps to an attribute in LDAP that is controlled by the LDAP directory and will never change for a user. This attribute is used the internal ID of the user in Connections and should never change. the default guid is typically the best attribute to use, however if your organization has a policy where when a user is modified in LDAP you remove them from the directory and re-add them, then another attribute may be best for you. Ideally you want to have an attribute that will never change for a specific user. NOTE: If you change this from the default mapping additional changes will need to be made in Connections after the install. I will discuss those changes when appropriate. 10. 11. 12. 7.1. Copy tdisol directory to keep profiles and LDAP in sync 1. Go to C:\IBM\TDI\V7.1.1 and create a tdisol directory 2. Copy the TDI directory from C:\Downloads\ic55\IC_55\Wizards\TDIPopulation\win to C:\IBM\TDI\V7.1.1\tdisol 3. This directory has the settings from when you populated the profiles database. Periodically as users are added, removed or updated in LDAP you need to run the sync_all_dns.bat from this directory to keep the profiles database and LDAP directory in sync NOTE: You may want to go ahead and create a windows task run the “sync_all_dns.bat” command nightly to keep the LDAP directory in sync with profiles database. 7.2. Update profiles_tdi.properties When you run the sync_all_dns.bat TDI will get a list of all the users in LDAP and in the profiles database, then will compare the users to determine if a user in LDAP and profiles is the same user. By default we use the uid attribute for that comparison. This should be an attribute that will never change in LDAP or the profiles database. In many cases the uid attribute works well, but if in your organization, if a users name changes, their uid changes, this may not be the best choice for you. If you already updated the guid when populating the profiles database to an attribute that will never change, or if the default guid will never change I would recommend updating the hash key to guid for the sync command as well. 1. Open C:\IBM\TDI\V7.1.1\tdisol\TDI\profiles_tdi.properties 2. update sync_updates_hash_field and set it to guid sync_updates_hash_field=guid NOTE: You can set this setting to guid, uid or mail 8. Install and Configure IBM HTTP Server 8.5.5.7 Software needed for this step: IBM Connections V5.5 for IBM Connections Suite V5.5 Multiplatform Multilingual eAssembly (CRY8MML) IBM WebSphere Application Server V8.5.5 Supplements (1 of 3) for Multiplatform Multilingual (CIK1VML ) IBM WebSphere Application Server V8.5.5 Supplements (2 of 3) for Multiplatform Multilingual (CIK1WML ) IBM WebSphere Application Server V8.5.5 Supplements (3 of 3) for Multiplatform Multilingual (CIK1XML ) NOTE: Extract all files to the same directory. I used C:\Downloads\ic55\WASsupp855 WebSphere Application Server Supplements 8.5.5 fixpack 7 - http://www01.ibm.com/support/docview.wss?uid=swg24040533 NOTE: Extract both parts to the same directory. I used C:\Downloads\ic55\WASsupp855fp7 In this step we will Install IBM HTTP Server 8.5.5.6 Install the plugin for the HTTP Server Configure IHS with the DMGR Configure SSL on IHS Typically I do this step after the install of Connections, however in the 5.5 installer there is an option to map the HTTP Server with the Connections web modules, so I went ahead and installed the IBM HTTP Server here and configured SSL. Now the install of Connections will complete the integration of Connections and the IBM HTTP Server. 8.1. Install IBM HTTP Server 8.5.5.7 1. Run IBM Installation Manager by going to Start - All Apps - IBM Installation Manager IBM Installation Manager 2. Go to File --> Preferences 3. 4. Browse to the location of the WAS 8.5.5 Supplements files and supplements fp7 files Uncheck Search service repositories during installation and update and click Ok 5. 6. Select IBM HTTP Server v8.5.5.5, Plug-ins v8.5.5.5 and WebSphere Customization Toolbox click Next> 7. 8. Make sure to select IBM HTTP Server, Web Server Plug-ins for IBM WebSphere Application Server and WebSphere Customization Toolbox and change the Install path: 9. 10. 11. 12. 8.2. Configure Plug-In with WebSphere Customization toolbox 1. If the Web Server Plug-in Customization Toolbox is not running start it by going to Start -Apps - IBM WebSphere - Web Server Plug-in Configuration Toolbox 2. 3. 4. Set Name to Plugin Location, and browse to where you installed the plugin in the previous step 5. 6. 7. 8. Add anIHS administrator name. This user should NOT exist in LDAP 9. 10. 11. I am installing everything on the same machine, so I chose Local: 12. Make sure to select the Application Server profile, NOT the DMGR 13. 14. 15. 16. Copy configurewebserver1.bat from C:\IBM\WebSphere\Plugins\bin to C:\IBM\WebSphere\AppServer\bin 17. From a command prompt run C:\IBM\WebSphere\AppServer\bin>configurewebserver1.bat user localadmin -password password 18. At this point if you log into the IBM Integrated Solution Console, go to Servers - Server Types - Web Servers, you should see the webserver1 that was just created 9. Configure SSL on IBM HTTP Server When using connections, all communication between components occurs over SSL, also, when you click login, we send the user to an ssl address, so you must configure SSL on the IBM HTTP Server that will run in front of Connections. Setting up SSL on the http server is a 5 step process. Create the SSL key file for IHS Configure httpd.conf to listen over ssl 1. Add the HTTP Server certificate to WebSphere trust store 9.1. Create the SSL key file for IHS 1. Start - Apps - IBM HTTP Server V8.5 - Start Key Management Utility 2. Click Key Database File - New 3. Set Key database type to CMS select a filename and location NOTE: make sure all folders in the path are already created. I had to create the ssl folder under IBM\HTTPServer 4. Set password and Stash the password to a file 5. While in Personal Certificates, click New Self-Signed… 6. Set the Key Label and Common name to the hostname of the IHS Server, and set validity period to the length of time you want this certificate to be valid, I chose 10 years because it's just a test environment and I don't want to have to update it: NOTE: If you want to use a key size larger than 2048, you will need to update to the to the unrestricted policy files in WebSphere. The following technote has details: http://www01.ibm.com/support/docview.wss?uid=swg21663373 7. Close the Key Management utility 9.2. Configure httpd.conf to listen over ssl 2. Open C:\IBM\HTTPServer\conf\httpd.conf 3. Add the following lines just above the was_ap22_module module LoadModule ibm_ssl_module modules/mod_ibm_ssl.so <IfModule mod_ibm_ssl.c> Listen 0.0.0.0:443 <VirtualHost *:443> ServerName cprice55.swg.usma.ibm.com #DocumentRoot C:\IBM\HTTPServer\htdocs SSLEnable SSLProtocolDisable SSLv3 SSLv2 </VirtualHost> </IfModule> SSLDisable Keyfile "C:\IBM\HTTPServer\ssl\ihskey.kdb" SSLStashFile "C:\IBM\HTTPServer\ssl\ihskey.sth" LoadModule was_ap22_module "C:\IBM\WebSphere\Plugins\bin\32bits\mod_was_ap22_http.dll" WebSpherePluginConfig…… 4. Save and Close httpd.conf 5. Restart the IBM HTTP Server service 6. At this point you will be able to access https://cprice55.swg.usma.ibm.com 9.3. Add the HTTP Server certificate to WebSphere trust store 1. Open the WAS Admin console (https://cprice55.swg.usma.ibm.com:9043/ibm/console) and login 2. Open Security – SSL certificate and key management Under Related Items, select Key stores and certificates 3. Click on CellDefaultTrustStore 4. Click on Signer Certificates 5. Click on Retrieve from port 6. Enter a host, port and alias of the HTTP Server and click Retrieve signer information 7. Click OK 8. Click Save 9. Close the Integrated Solutions Console 10. Install IBM Connections 5.5 Software needed for this step: Extract the following downloads IBM Connections V5.5 for IBM Connections Suite V5.5 Multiplatform Multilingual eAssembly (CRY8MML) IBM Connections V5.5 for Windows Multilingual (CN808ML ) I extracted to C:\Downloads\ic55\IBM_Connections_Install\ As well as the FileNet download files: IBM Connections Content Manager V5.5 for IBM Connections Suite V5.5 Multiplatform Multilingual eAssembly (CRY8NML) IBM FileNet Content Engine V5.2.1 Windows Multilingual (CN216ML ) IBM FileNet Content Engine Client V5.2.1 Windows English (CN225EN ) IBM Content Navigator V2.0.3 for IBM Connections Enterprise Content Edition (CECE) V5.2 Multiplatform Multilingual eAssembly (CRVX7ML) IBM Content Navigator V2.0.3 Windows Multilingual (CN0PVML ) FileNet Components FileNet Content Engine 5.2.1 FP2 and Content Engine Client 5.2.1 FP2 http://www.ibm.com/support/fixcentral/swg/quickorder?parent=FileNet%2BProduct%2B Family&product=ibm/Information+Management/FileNet+Content+Engine&release=5.2. 1.2&platform=All&function=all&useReleaseAsTarget=true&source=fc fix pack: 5.2.1.2-P8CPE-WIN-FP002 fix pack: 5.2.1.2-P8CPE-CLIENT-WIN-FP002 IBM Content Navigator 2.0.3 FP5 http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Enterprise%2BContent% 2BManagement&product=ibm/Other+software/Content+Navigator&release=2.0.3&platf orm=All&function=all&source=fc Make sure to get the 2.0.3-ICN fixpack for your OS: fix pack: 2.0.3-ICN-FP005-WIN The FileNet files are all extracted into their own directory I used C:\Downloads\ic55\FileNet I extracted the downloads in the following order, simply overwriting any existing files: FileNet Content Engine 5.2.1 - FN_CE_5.2.1_WINDOWS_ML.zip IBM Content Navigator 2.0.3 - IBM_CTNT_NAVI_2.0.3_WIN_ML.zip FileNet Content Engine 5.2.1 FP2 - 5.2.1.2-P8CPE-WIN-FP002.zip FileNet Content Engine Client 5.2.1 FP2 - 5.2.1.2-P8CPE-CLIENT-WIN-FP002.zip IBM Content Navigator 2.0.3 FP5 - 2.0.3-ICN-FP005-WIN.zip 1. Make sure to restart the DMGR and nodeagents just before starting the install. a. Stop nodeagent: C:\IBM\WebSphere\AppServer\profiles\AppSrv01\bin>stopNode.bat -username localadmin -password password b. Stop DMGR: C:\IBM\WebSphere\AppServer\profiles\Dmgr01\bin>stopManager.bat -username localadmin -password password c. Start DMGR: C:\IBM\WebSphere\AppServer\profiles\Dmgr01\bin>startManager.bat d. Start nodeagent: C:\IBM\WebSphere\AppServer\profiles\AppSrv01\bin>startNode.bat 2. Run C:\Downloads\ic55\IBM_Connections_Install\IM\install.bat, Click Install IBM Connections 5.0.0, and click Launch the IBM Connections 5.0 install wizard 3. 4. 5. Scroll down and selected IBM Connections Content Manager if you want 6. 7. 8. 9. The user fnanon is a system user in my LDAP directory that will only be used for anonymous access to FileNet 10. Scroll down to enter the location of the FileNet installs you downloaded and extracted before starting the install, and click Validate 11. 12. 13. 14. Enter the information, then scroll down and click Validate 15. 16. 17. 18. 19. 20. 21. 22. 23. 24. 25. NOTE: My install took about 2 hours to complete. Once the install finishes, look in the nodeagent systemout.log log located at C:\IBM\WebSphere\AppServer\profiles\AppSrv01\logs\nodeagent for the following line: ADMA7021I: Distribution of application <connections_app> completed successfully. You will see the following applications get synced: ADMA7021I: Distribution of application commsvc completed successfully. ADMA7021I: Distribution of application ibmasyncrsp completed successfully. ADMA7021I: Distribution of application Activities completed successfully. ADMA7021I: Distribution of application Mobile completed successfully. ADMA7021I: Distribution of application FileNetEngine completed successfully. ADMA7021I: Distribution of application navigator completed successfully. ADMA7021I: Distribution of application Files completed successfully. ADMA7021I: Distribution of application Forums completed successfully. ADMA7021I: Distribution of application News completed successfully. ADMA7021I: Distribution of application PushNotification completed successfully. ADMA7021I: Distribution of application RichTextEditors completed successfully. ADMA7021I: Distribution of application Search completed successfully. ADMA7021I: Distribution of application Profiles completed successfully. ADMA7021I: Distribution of application WidgetContainer completed successfully. ADMA7021I: Distribution of application Moderation completed successfully. ADMA7021I: Distribution of application Dogear completed successfully. ADMA7021I: Distribution of application Wikis completed successfully. ADMA7021I: Distribution of application Common completed successfully. ADMA7021I: Distribution of application WebSphereOauth20SP completed successfully. ADMA7021I: Distribution of application Blogs completed successfully. ADMA7021I: Distribution of application Metrics completed successfully. ADMA7021I: Distribution of application Homepage completed successfully. ADMA7021I: Distribution of application URLPreview completed successfully. ADMA7021I: Distribution of application Help completed successfully. ADMA7021I: Distribution of application ConnectionsProxy completed successfully. ADMA7021I: Distribution of application Mobile Administration completed successfully. ADMA7021I: Distribution of application Communities completed successfully. ADMA7021I: Distribution of application Extensions completed successfully. 10.1. Set the JVM heap size 1. Open the Integrated Solution Console and login a. Open a browser to http://cprice55.swg.usma.ibm.com:9060/ibm/console and login as localadmin : password 1. Go to Servers > Server Types > WebSphere application servers and click on the connections cluster server 2. on the right hand side, scroll down to Server Infrastructure, open Java and Process Management and click on Process definition 3. Click on Java Virtual Machine 4. Make sure the install set Initial heap size: 512 Maximum heap size: 2560 5. If you change these, click OK and Save 6. Synchronize the Nodes a. Go to System administration > Nodes b. If the nodes are out of sync, Select the Connections node, and click Full Resynchronize 10.2. Configure HTTP Server plugin with Connections Because I chose to configure the Web Server during the install, the settings and configuration for Connections will use the IBM HTTP Server url for communication. So before I start the server for the first time, I need to make sure the HTTP Server plugin is configured to access the different Connections components. 1. If it's not already open, open a browser to the Integrated Solutions Console and login (http://cprice55.swg.usma.ibm.com:9060/ibm/console) 2. Click on Servers – Server Types – Web servers 3. Select the webserver and click Generate Plug-in 4. Select the webserver and click Propagate Plug-in 5. Open C:\IBM\HTTPServer\conf\httpd.conf in notepad 6. at the bottom of the file find the following line: LoadModule was_ap22_module "C:\IBM\WebSphere\Plugins\bin\32bits\mod_was_ap22_http.dll" WebSpherePluginConfig "C:\IBM\WebSphere\Plugins\config\webserver1\plugin-cfg.xml" Make sure the value for WebSpherePluginConfig matches where the plugin-cfg.xml was propagated to 7. Close the httpd.conf 8. Restart the IBM HTTP Server 8.5 service 10.3. Start IBM Connections 1. Start IBM Connections, wait for the node to completely sync, then run the following commands to start the environment a. Stop the nodeagent: C:\IBM\WebSphere\AppServer\profiles\AppSrv01\bin>stopNode.bat -username localadmin -password password b. Stop the DMGR: C:\IBM\WebSphere\AppServer\profiles\Dmgr01\bin>stopManager.bat -username localadmin -password password c. Start the DMGR C:\IBM\WebSphere\AppServer\profiles\Dmgr01\bin>startManager.bat d. Start the nodeagent: C:\IBM\WebSphere\AppServer\profiles\AppSrv01\bin>startNode.bat e. Start the Connections node(s): C:\IBM\WebSphere\AppServer\profiles\AppSrv01\bin>startServer.bat iccluster_server1 Once you get the successfully started message, you are ready to access Connections over the http server address 11. Configure additional IBM HTTP Server settings Here are some post install steps to help with performance 11.1. Configure HTTP Server to compress some files 1. Open httpd.conf (c:\IBM\HTTPServer\conf) 2. Find the following entries in the configuration file: LoadModule headers_module modules/mod_headers.so LoadModule deflate_module modules/mod_deflate.so and uncomment them 3. Add the following after all the LoadModule's #Only the specified MIME types will be compressed. AddOutputFilterByType DEFLATE application/atom+xml AddOutputFilterByType DEFLATE application/atomcat+xml AddOutputFilterByType DEFLATE application/javascript AddOutputFilterByType DEFLATE application/json AddOutputFilterByType DEFLATE application/octet-stream AddOutputFilterByType DEFLATE application/x-javascript AddOutputFilterByType DEFLATE application/xhtml+xml AddOutputFilterByType DEFLATE application/xml AddOutputFilterByType DEFLATE text/css AddOutputFilterByType DEFLATE text/html AddOutputFilterByType DEFLATE text/javascript AddOutputFilterByType DEFLATE text/plain AddOutputFilterByType DEFLATE text/xml AddOutputFilterByType DEFLATE text/xsl 4. Add the following statement to specifically indicate that image files and binaries must not be compressed to prevent web browser hangs: # Ensures that images and executable binaries are not compressed SetEnvIfNoCaseRequest_URI \\.(?:gif|jpe?g|png|exe)$ no-gzip dont-vary 5. Add the following statement to ensure that proxy servers do not modify the User Agent header needed by the previous statements: # Ensure that proxies do not deliver the wrong content Header append Vary User-Agent env=!dont-vary 6. Add the following statement to ensure you can access the acce tool (admin client for FileNet) SetEnvIf Request_URI ^/acce(.*) no-gzip dont-vary 11.2. Configure Connections to use IHS to download files This is an optional step, but recommended in the infocenter. See the following section for details. http://www01.ibm.com/support/knowledgecenter/SSYGQH_5.5.0/admin/install/t_install_post_files_downlo ads.dita 11.3. Conifgure Connections to use IHS to upload files This is again an option step, but recommended in the infocenter. See the following section for details. http://www01.ibm.com/support/knowledgecenter/SSYGQH_5.5.0/admin/install/t_install_post_files_uploads .dita 12. Configure IBM Connections Content Manager Libraries During the install of Connections Filenet was deployed on the system. Post install we need to configure the FileNet global configuration domain and objectstore. There are 2 batch files we will use to automatically create these. 12.1. Create Filenet Global Configuration Domain (GCD) 1. If not running, start IBM Connections by running: C:\IBM\WebSphere\AppServer\profiles\Dmgr01\bin\startManager.bat C:\IBM\WebSphere\AppServer\profiles\AppSrv01\bin\startnode.bat C:\IBM\WebSphere\AppServer\profiles\AppSrv01\bin\startserver.bat iccluster_server1 2. Run C:\IBM\Connections\ccmDomainTool\createGCD.bat 3. First it will ask you for the DMGR admin ID (localadmin for my environment), then the password 4. Enter Y to regenerate the dminfo.properties file 5. Next I added an administrator group from my LDAP directory 6. 12.2. Create FileNet ObjectStore 7. Run C:\IBM\Connections\ccmDomainTool\createObjectStore.bat 8. First enter the WebSphere admin username and password 9. I chose Y to regenerate the dminfo.properties file 10. Same as I did with the GCD, I set the administrator group from my LDAP directory 11. Next enter the url used to access Connections (https://cprice55.swg.usma.ibm.com) NOTE: It must be the SSL url 12. 13. Restart Connections 13. Apply Connections 5.5 Recommended updates As of December 29, 2015 the recommended updates were the Day1 ifixes and Type-ahead search. See the following technote for latest recommended updates: http://www-01.ibm.com/support/docview.wss?uid=swg21972646 Software used in this step: IBM Connections Day 1 fixes: http://www933.ibm.com/support/fixcentral/swg/selectFixes?parent=Collaboration%2BSolutions&pr oduct=ibm/Lotus/Lotus+Connections&release=5.5.0.0&platform=All&function=all interim fix: 5.5.0.0-IC-Multi-IFLO87330 interim fix: 5.5.0.0-IC-Common-IFLO87469 refresh pack: 5.5.0.0-IC-Multi-UPDI-20151218 5.5.0.0-TypeAhead-20151218 13.1. Install the Day1 ifixes 1. Extract the refresh pack: 5.5.0.0-IC-Multi-UPDI-20151218, this will create an AIX-Linux and Windows directory. Under the Windows directory is UpdateInstaller.zip Extract UpdateInstaller to C:\IBM\Connections 2. Copy the following jar files to C:\IBM\Connections\updateinstaller\fixes interim fix: 5.5.0.0-IC-Multi-IFLO87330 (5.5.0.0-IC-Multi-IFLO87330.jar) interim fix: 5.5.0.0-IC-Common-IFLO87469 (5.5.0.0-IC-Common-IFLO87469.jar) 3. Open a command prompt and run C:\IBM\WebSphere\AppServer\profiles\Dmgr01\bin>setupCmdLine.bat 4. In the same command prompt, start the update installer by running C:\IBM\Connections\updateInstaller>updateWizard.bat 5. 6. 7. 8. 9. 10. 11. 12. 13. After the fix has been applied, shut Connectiosn down. Delete the contents of C:\IBM\WebSphere\AppServer\profiles\AppSrv01\temp - NOTE: If this step is missed when you access connections again, you will see the theme from Connectons 5.0 14. Restart Connections and it should be ready to use.