|Latest 7 Posts
| Domino 10 – to be continued!|
Mon, Nov 6th 2017 5
| IBM Connections 6 – Following and Followers blank|
Wed, Oct 25th 2017 5
| Exchange integration into WebSphere Portal (SSO – Kerberos)|
Tue, Sep 26th 2017 6
| User provisioning for IBM Connections Cloud – You have the choice|
Mon, Aug 28th 2017 4
| SAML & IBM Connections 5.5 – not a dream team|
Fri, Aug 18th 2017 7
| IBM Docs – Migration from DB2 –> ORACLE|
Fri, Jul 7th 2017 2
| IBM Connections – trouble adding additional nodes|
Wed, May 31st 2017 4
| DB2 Instance autostart does not work on SLES 12 / RHEL 7|
Tue, Jul 12th 2016 17
| Configuration of secret key storage in WebSphere Application Server|
Thu, Mar 12th 2015 15
| SAML – Enterprise SSO in the WebSphere world|
Mon, Jul 20th 2015 15
| Security Bulletin: HTTP Response Splitting in WebSphere Application Server (CVE-2016-0359)|
Tue, Sep 13th 2016 10
| IBM Connections: Create external Users / Community using rest API|
Wed, Mar 25th 2015 9
| HTTP Outbound authentication via SAML|
Tue, Oct 6th 2015 9
| WebSphere custom TAI – Doing SSO the right way|
Tue, Sep 6th 2016 9
| IBM Connections Docs – file preview not possible for some CCM pdf files|
Thu, Nov 17th 2016 9
| Security Bulletin: Vulnerabilities in Apache Struts affects IBM WebSphere Application Server (CVE-2016-1181 and CVE-2016-1182) (2016.06.28)|
Tue, Sep 13th 2016 8
| IBM Connections vulnerability – fixes for CVE-2014-3004 / CSVV in detail|
Tue, Mar 3rd 2015 7
||CCM – Problems accessing libraries using Domino LDAP
CCM – Problems accessing libraries using Domino LDAP
There is a known issue with CCM and explicitly added “dominoUNIDs” in environments, where domino is used as LDAP backend ( http://www-01.ibm.com/support/docview.wss?uid=swg21664341 ).
A customer reported a problem with some users that do not have access to libraries within communities just after they have been created. We first thought of this “dominoUNID” problem. But our analysis showed that this seems to be another problem:
- Identify the ID of the “problematic” community ( copied from URL ), for ex.: 8266f2b1-a4d8-44d0-9a7d-3faed3b36698
- Enabling Waltz & Sonata Trace on the fileNet Server –> http://www-10.lotus.com/ldd/lcwiki.nsf/xpDocViewer.xsp?lookupName=IBM+Connections+4.5+Documentation#action=openDocument&res_title=Enabling_Waltz_and_Sonata_traces_ic45&content=pdcontent
- Accessing the Community with the “problemematic” user
- Search for the community-ID in the waltz.sonata.trace.log
Some lines below when we hit the community search we saw some queries against DSX memberservice. At the first glance, there were no obvious problems with the query, but when we compared the exported LDIF with that query we noticed that the e-mail address that was used by filenet to identify the user was not correct.
So the quesion was, where does this invalid eMail address come from? When looking into the Domino directory we understood, that the customer placed an eMail address beside their “normal” UID username into the Shortname field. So far so good – well not so good for Filenet.
CCM interprets this value as the eMail address, which is not the case. To be honest I do not understand why the customer did not set the eMail addresses to the same value in both fields (UID / internet eMail address)… but these are the mysteria of directories
2014-11-12 13:52:39,304 [WebContainer : 0] DEBUG com.ibm.connections.directory.services.engine.DSXSearchEngine – WALTZ: DSX URL= https://some.connections.url/profiles/dsx/instance.do?email=shortcut%40connections.url
Double-check this with the DSX URLs and/or the right values: ( for example I use: ShortName: email@example.com, e-mail: firstname.lastname@example.org )
- https://email@example.com –> no result
- https://firstname.lastname@example.org –> display user information
- https://email@example.com –> display user information
The problem in more details
Many Lotus Notes customers have additional e-mail addresses in their person document, placed in the shortName field. So each row/entry is a UID value in LDAP. In this scenario the problem was the following:
The additional e-mail address was placed on the top of the ShortName field. This value ( e-mail address ) was synched to PEOPLDB via TDI as PROF_UID and it seems to be interpreted as e-mail address, although it is a UID…
The solution was very simple… Do not place additional e-mail addresses on the top of this field in the domino directory/person document. If this has been done, you just have move these entries top down and run “sync_all_dns” in TDI, to push the change to PEOPLEDB.
Nov 17, 2014
| Recent Blog Posts
Domino 10 – to be continued!|
Mon, Nov 6th 2017 8:48a GIS Techblog
Welcome to the first post about IBM Domino on our GIS AG Techblog!
Here at GIS AG, we have a dedicated IBM Domino team made up of certified specialists for everything from development, to administration, support and beyond. On this blog we will be sharing the latest news and technical information about IBM Domino.
If you have any questions or comments, please, feel free to write an Email to: firstname.lastname@example.org
Visit our About Us page!
Domino 10 – This year Notes and Domino 9.0
IBM Connections 6 – Following and Followers blank|
Wed, Oct 25th 2017 8:42a GIS Techblog
IBM Connections 6 – Following and Followers blank
during the last weeks we had to deal with a strange problem in an IBM Connections 6 environment.
The system was migrated from IC 5.5 to IC 6 and live for about 4 weeks when suddenly the following problem occurred:
Neither users that I follow nor followers were shown in the UI. Despite installing the latest Fixes no bigger changes have been performed on the system.
I was able to follow a user:
Then opening “Following
Exchange integration into WebSphere Portal (SSO – Kerberos)|
Tue, Sep 26th 2017 12:03p GIS Techblog
Exchange integration into WebSphere Portal (SSO – Kerberos)
During the last years working with Portal I had several challenges with WebSphere Portals HTTP Outbound Proxy (aka. Ajax Proxy) in terms of authenticating backend calls to various other systems.
What we`ve done so far in terms of SSO / backend authentication:
– Authenticating using LTPAToken
– Authenticating using SAML
– Authenticating using SPNEGO / Kerberos (this was a new one for me)
The challenge this time
User provisioning for IBM Connections Cloud – You have the choice|
Mon, Aug 28th 2017 1:42p GIS Techblog
User provisioning for IBM Connections Cloud – You have the choice
Customers who use IBM Cloud for Connections, Sametime or other applications face the problem to manage their cloud accounts. For some single users you can use the Web frontend to add or change user accounts or to assign subscriptions and licenses to users. But in real world scenarios it is not possible to manage thousands of users manually or to keep them synchronized with an on-prem user repository or LDAP.
This can be handled
SAML & IBM Connections 5.5 – not a dream team|
Fri, Aug 18th 2017 7:45a GIS Techblog
last week we had to fight with an activation of SAML on a IC 5.5 CR3 environment.
The setup was:
IBM Connections 5.5 CR3 as test instance
ADFS Server 3.0 (I know… it is only tested with ADFS 2.0 – but works with 3.0 too)
We followed the instructions from the IBM Connections Knowledge Center. Smooth setup everything standard procedure. When testing this setup, the redirect to the IdP was initiated. After logging into the IdP the browser was redirected to IBM Connections ACS
IBM Docs – Migration from DB2 –> ORACLE|
Fri, Jul 7th 2017 9:52a GIS Techblog
IBM Docs – Migration from DB2 –> ORACLE
within our last big project, we had the challenge to transfer the IBM Docs database from DB2 to ORACLE. Within this database comments and other document related data is stored.
Officially there is no script available to perform this move using DBT (remove constraints / transfer / reapply constraints). We looked into the database and figured out how to perform this task using DBT – so we are not dependent on any other products. We m
IBM Connections – trouble adding additional nodes|
Wed, May 31st 2017 2:52p GIS Techblog
IBM Connections – trouble adding additional nodes
we are currently involved in a project where we installed a 1 node IBM Connections 6 Cluster and later added a second node to the cell.
So far so good… Everything that needs to be done after adding the second node is described here … Everything? Yes, mainly… but not in the mandatory details as I think! Missing custom properties and other settings might result in non-functional nodes. Especially not setting httpSess
SNOUG 2017 Presentation – SikaConnect goes External|
Thu, Mar 23rd 2017 1:06p GIS Techblog
SNOUG 2017 Presentation – SikaConnect goes External
yesterday I was at SNouG in Zurich. I had a great time there – good speakers and a overall perfectly organized event (would we expect sth. else from Switzerland? )
Raymond Weber from SIKA Informationssysteme AG and I did a session about the SIKA Extranet Feature:
Whiteboard in IBM Sametime Meeting 9.0.1 removed|
Fri, Mar 17th 2017 10:43a GIS Techblog
Whiteboard in IBM Sametime Meeting 9.0.1 removed
IBM implemented in Sametime Meeting 9.0.1 a whiteboard function as technical preview. Ben described in his articel how to enable this feature:
With the current cumulative Fix 901-ST-General-FP-SMOL-AK4G43 for the Meeting Server IBM has removed this function.
The response on my PMR was:
“I can confirm The Meetings Whiteboard feature release is being put on hold indefinitely.
Wikis content not accessible…|
Thu, Jan 26th 2017 10:54a GIS Techblog
Wikis content not accessible…
it`s been quite a long time; many projects at the moment so that blogging needs to wait
Last week we had a very interesting problem at one customer’s environment. When accessing a Wiki, the page was displayed blank – no content was available. Browsing to older versions of this wikis worked.
The error in the log:
Parsing error… Wikis content (the body) gets store in the filesystem as xml files. If you access a Wiki there is a XML parser