192 Lotus blogs updated hourly. Who will post next? Home | Blogs | Search | About 
 
Latest 7 Posts
Wikis content not accessible…
Thu, Jan 26th 2017 8
Automatic WebSphere plugin modification II – PowerShell for Windows
Thu, Dec 1st 2016 4
IBM Connections Docs – file preview not possible for some CCM pdf files
Thu, Nov 17th 2016 9
IBM Connections 5.5 CR2 released
Thu, Nov 10th 2016 6
IBM Connections – How to switch to a custom global unique ID for users
Mon, Nov 7th 2016 4
IBM Connections – add additional login attribute
Wed, Oct 12th 2016 13
IBM Connections – Set read-only access to CCM libraries
Thu, Oct 6th 2016 4
Top 10
DB2 Instance autostart does not work on SLES 12 / RHEL 7
Tue, Jul 12th 2016 14
IBM Connections – add additional login attribute
Wed, Oct 12th 2016 13
SAML – Enterprise SSO in the WebSphere world
Mon, Jul 20th 2015 9
Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect WebSphere Application Server April 2016 CPU (CVE-2016-3426, CVE-2016-3427)
Tue, Sep 13th 2016 9
IBM Connections Docs – file preview not possible for some CCM pdf files
Thu, Nov 17th 2016 9
Configuration of secret key storage in WebSphere Application Server
Thu, Mar 12th 2015 8
WebSphere Portal DDC – “List of pending network invitations” not working
Mon, Nov 30th 2015 8
Using TDI to inactivate orphaned users after X-days
Tue, Feb 9th 2016 8
Wikis content not accessible…
Thu, Jan 26th 2017 8
IBM Connections 5 CR3 released
Tue, Jul 21st 2015 7


IBM Connections – How to switch to a custom global unique ID for users
Twitter Google+ Facebook LinkedIn Addthis Email Gmail Flipboard Reddit Tumblr WhatsApp StumbleUpon Yammer Evernote Delicious
Julius Schwarzweller    

IBM Connections – How to switch to a custom global unique ID for users

Hi,

many of our todays support cases is related to non-working profiles in IBM Connections.

If users change their name, switch from one to another location or simply get a new account their profile in IBM Connections might get inactivated because the hash key between LDAP and database has changed.

There are three possible hash keys:

  • UID: Often a bad choice, as this might change
  • eMail: Also a bad choice
  • GUID: Unique ID – a good choise

So GUID is the attribute you should go for if you have non-unique eMail or UID values in LDAP.

GUID is a canonical String that is generated from:

  • AD: objectGUID / objectSID
  • Domino: dominoUNID

But in daily use the GUID value is not really as shiny as it seems… Due to the fact that many Domino administrators copy documents (STRG-C + STRG-V) duplicate dominoUNIDs can occur – which might kill an IBM Connections profile. I heard from customers with Active Directories who delete an AD account and recreate it if a person changes names… The IBM Connections profile gets inactivated.

But some customers implemented another unique key (such as employee number) into their LDAP in order to avoid such problems. The question comes up, how do I need to configure IBM Connections to make use of this new unique ID?

Everything is documented in detail and works very well (Please note that you should be very careful using this approach if you have CCM libraries in use – this change might break the access rights for all users!!!):

1. Depending on what attribute shall be used you need to first define a wim extension:

1.1 Attributes that are not part of PersonAccount schema – go to ../DMGR/config/cells/CELLNAME/wim/model and create a file “wimxmlextension.xml”

<?xml version="1.0" encoding="UTF-8"?>
<sdo:datagraph xmlns:sdo="commonj.sdo" 
xmlns:wim="http://www.example.com/websphere/wim">
<wim:schema>
<wim:propertySchema 
nsURI="http://www.example.com/websphere/wim" 
dataType="STRING" multiValued="false" 
propertyName="customerUserID">
<wim:applicableEntityTypeNames>PersonAccount
</wim:applicableEntityTypeNames>
</wim:propertySchema>

1.2 If your customer uses a LDAP attribute that is already part of the PersonAccount schema you can directly go to 2)

2) Open the wimconfig.xml (here we add customerUserID as an supported attribute):

...
<config:attributeConfiguration>
	<config:attributes name="userPassword" propertyName="password"/>
	<config:attributes name="customUserID" propertyName="customUserID"/>
	<config:propertiesNotSupported name="homeAddress"/>
	<config:propertiesNotSupported name="businessAddress"/>
</config:attributeConfiguration> 

3) open and edit the LotusConnectionsconfig.xml file and add the following part:

<sloc:serviceReference profiles_directory_service_extension_enabled="true" serviceName="directory" custom_user_id_attribute="customUserID"/> 

4) Make a full resync of all nodes
5) TDI: edit the file “map_dbrepos_from_source.properties” and map the new customerUserId to GUID:

GUID=customerUserID

bildschirmfoto-2016-11-06-um-12-35-43
6) TDI: open the file “profiles_tdi.properties” and change the field “sync_updates_hash_field” from:

sync_updates_hash_field=guid

to

sync_updates_hash_field=uid (or mail)

bildschirmfoto-2016-11-06-um-12-35-15

7) start sync_all_dns.sh and check if the profiles have been correctly updated:

db2 “select PROF_GUID from EMPINST.EMPLOYEE” should show the new customerUserID`s

8) Revert back the change in profiles_tdi.properties so that the sync_updates_hash_field is set back to the guid value

sync_updates_hash_field=guid

 

That`s it.

A profile with the canonical String from a dominoUNID:

bildschirmfoto-2016-11-04-um-12-48-20

A profile with the customUserID as identifier:

bildschirmfoto-2016-11-04-um-12-50-42



---------------------
http://techblog.gis-ag.info/2016/11/07/ibm-connections-how-to-switch-to-a-custom-global-unique-id-for-users/
Nov 07, 2016
5 hits



Recent Blog Posts
8
Wikis content not accessible…
Thu, Jan 26th 2017 10:54a   GIS Techblog
Wikis content not accessible… Hi, it`s been quite a long time; many projects at the moment so that blogging needs to wait Last week we had a very interesting problem at one customer’s environment. When accessing a Wiki, the page was displayed blank – no content was available. Browsing to older versions of this wikis worked. The error in the log: Parsing error… Wikis content (the body) gets store in the filesystem as xml files. If you access a Wiki there is a XML parser
4
Automatic WebSphere plugin modification II – PowerShell for Windows
Thu, Dec 1st 2016 6:54p   GIS Techblog
Automatic WebSphere plugin modification II – PowerShell for Windows Hi, some months ago I published a shell script to automatically modify the Primary / BackupServer definition in a WebSphere plugin-cfg.xml file. As we have several Windows customers we decided to transfer this script to PowerShell so that it is also useable for a Windows Cluster installation. My colleague Jan Bruns did a great job implementing this script. It basically works the same way as the Linux script: modifywasplug
9
IBM Connections Docs – file preview not possible for some CCM pdf files
Thu, Nov 17th 2016 2:15p   GIS Techblog
IBM Connections Docs – file preview not possible for some CCM pdf files Hi all, last week we had trouble in a customer environment using the file preview functionality for some pdf files (only those that were uploaded using CCM). Instead of a preview the message was displayed: At the same time we saw the following warning in the log: The mime-type was set to “image/pcl” instead of “application/pdf”… this mime-type is not supported by IBM Docs File viewer. We had to dig deep into th
6
IBM Connections 5.5 CR2 released
Thu, Nov 10th 2016 8:13a   GIS Techblog
IBM Connections 5.5 CR2 released Hi all, IBM released CR2 for IBM Connections 5.5: The Fix list Download the CR Database updates are mandatory (Activities, Files, Homepage, Mobile, Wikis) Filenet updates are mandatory Updates for Community Surveys (Fixes the TLS 1.2 issues) A prerequisite for CR2 is at least WAS 8.5.5 FP9 (let`s see when FP10 will be officially supported) A general step-by-step guide installing CR2 is provided by IBM. A new CR2 version of the Cognos wizard can be downloaded (y
5
IBM Connections – How to switch to a custom global unique ID for users
Mon, Nov 7th 2016 8:59a   GIS Techblog
IBM Connections – How to switch to a custom global unique ID for users Hi, many of our todays support cases is related to non-working profiles in IBM Connections. If users change their name, switch from one to another location or simply get a new account their profile in IBM Connections might get inactivated because the hash key between LDAP and database has changed. There are three possible hash keys: UID: Often a bad choice, as this might change eMail: Also a bad choice GUID: Unique I
13
IBM Connections – add additional login attribute
Wed, Oct 12th 2016 4:17a   GIS Techblog
IBM Connections – add additional login attribute Hi, last week I got the question if it is possible to use another login attribute for IBM Connections than uid, cn or email. Yes, this is possible and can be done very easy. It just needs some small adjustments (I assume that you already extended your LDAP schema and that the custom attribute is available in LDAP!!): 1. Open a wsadmin session ./wsadmin -lang jacl 2. Make a custom login attribute from LDAP known to the PersonAccount entity:
4
IBM Connections – Set read-only access to CCM libraries
Thu, Oct 6th 2016 5:28a   GIS Techblog
IBM Connections – Set read-only access to CCM libraries Hi, we are in the middle of several migrations to IBM Connections 5.5 and most of our customers come up with the question: What do I need CCM for if I can use nested folders in Files now? Many customers decide to manually migration CCM libraries to Files… This time a customer asked us if it is possible to set access to libraries to read-only so that no new files or folders are added to CCM. This is possible using the following
7
Security Bulletin: HTTP Response Splitting in WebSphere Application Server (CVE-2016-0359)
Tue, Sep 13th 2016 4:30a   GIS Techblog
Classification Score of 6.1 is moderat! Affects IBM WebSphere Application Server (IBM Portal and Connections)! If you need assistance please contact us (support@gis-ag.com) for further procedure. Link to IBM site Content: Summary Vulnerability Details Affected Products and Versions Remediation/Fixes Summary There is a potential HTTP response splitting vulnerability in IBM WebSphere Application Server. Vulnerability Details CVEID: CVE-2016-0359 DESCRIPTION: IBM WebSphere Application
9
Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect WebSphere Application Server April 2016 CPU (CVE-2016-3426, CVE-2016-3427)
Tue, Sep 13th 2016 4:26a   GIS Techblog
Classification Score of 10 is urgent! Affects all IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server (indirectly all GIS Portal and Connection users are affected)! If you need assistance please contact us (support@gis-ag.com) for further procedure. Link to IBM site: http://www-01.ibm.com/support/docview.wss?uid=swg21982223 Content: Summary Vulnerability Details Affected Products and Versions Remediation/Fixes Summary There are multiple vulnerabi
5
Security Bulletin: Apache Commons FileUpload Vulnerability affects WebSphere Application Server (CVE-2016-3092)
Tue, Sep 13th 2016 4:22a   GIS Techblog
Classification Score of 5.3 is moderate. Affects WebSphere Application Server and WebSphere Application Server Hypervisor Edition! If you need assistance please contact us (support@gis-ag.com) for further procedure. Link to IBM site: http://www-01.ibm.com/support/docview.wss?uid=swg21987864&myns=swgws&mynp=OCSSCKBL&mynp=OCSSEQTP&mync=E&cm_sp=swgws-_-OCSSCKBL-OCSSEQTP-_-E Content: Summary Vulnerability Details Affected Products and Versions Remediation/Fixes Summary




Created and Maintained by Yancy Lent - About - Planet Lotus Blog - Advertising - Mobile Edition