<< May 2010 | Home | July 2010 >>

Websphere Application Server Security - make sure file based auth continues if federated repository is unavailable

While looking for another tidbit of information on Google I found this very interesting setting in a WAS FAQ (Q & A: Frequently asked questions about WebSphere Application Server security). That fact that access to the Integrated Solutions Console (ISC) would stop if a LDAP directory was unavailable even though the ISC admin account was local has been bothering me for a while. It was nice to see that this fact which has been irritating me for a while (when it isn't set) is solvable.

7. When using a federated repository, is there a way to ensure that my file-based registry will continue to function when a LDAP server is down?

Yes, there is a configuration option that enables the authentication to continue if one or more other registries are down, as long as the ID is found in one of the registries that are still up and functional. The federated repository configuration command to permit this is:
$AdminTask createIdMgrRealm 
     -name ibmRealm -allowOperationIfReposDown true

More information can be found in the Information Center article: IdMgrRealmConfig command group for the AdminTask object.

How Eclipse improvements are important to Lotus Notes 8

Eclipse 3.6 (also called Helios) was just released the other day and with a new release of Eclipse comes a new release of SWT (the underlying widget framework). Among the many release notes you'll find "Eclipse 3.6 SWT News and Noteworthy" outlining core SWT improvements.

Especially one of the improvements was of interest as I see how it could be used to improve Lotus Notes, the interaction with the OS and in turn the usability of the client. The feature is about the program representation in the program list normally shown in the bottom of the screen. Below are some samples. I could see this used to give feedback about unread e-mails, pending IM's, progress of overall replication etc. Interesting stuff (see "TaskItem overlay image / text / menu / process" in the release notes).

How the new iPhone OS may expand the use of Lotus Traveler

For all us iPhone affectionados today was a day of joy as iOS4 arrived in iTunes. There are numerous nice features in iOS4 but the most important from a Lotus perspective is the fact that iOS4 allows multiple ActiveSync accounts (or as the iPhone calls it: "Exchange accounts"). This means that you may use you iPhone with multiple mail systems whether that be multiple Lotus Traveler systems or Lotus Traveler and another mail system such as Google mail or Exchange. Very nice.

I just tried it out with the demo Lotus Traveler from Greenhouse at traveler.lotus.com and it works like a charm.

MyWidgets just got better - Option to specify a custom widget icon for sidebar

Please note: The following is from the release notes of Notes 8.5.2 so I don't take credit for writing this. Lotus Notes 8.5.2 is in beta and there are no guarantees that the features described here will be in the final product that IBM ships.

Power users and administrators can add a new viewImageUrl attribute to the palleteItem element in a widget's extension.xml definition to specify a custom icon to use in the sidebar view/title bar for that widget. The viewImageURL attribute value must be a URL to the desired image, for example:

viewImageUrl="http://my.server.com/myImage.ico"
Example widget XML syntax is shown below:
<?xml version="1.0" encoding="UTF-8"?>
<webcontextConfiguration version="1.1">
<palleteItem allowMutlipleSidebars="true" 
    contributeToSideshelfOnStartup="false" 
    id="1140471160" viewImageUrl="http://my.server.com/myImage.ico" 
    imageUrl="http://www.google.com/favicon.ico" 
    providerId="com.ibm.rcp.toolbox.web.provider.WebServicesPalleteProvider" 
    title="Google Search" url="http://www.google.com/" >

MyWidgets just got better - Option to set default widget double-click action

Please note: The following is from the release notes of Notes 8.5.2 so I don't take credit for writing this. Lotus Notes 8.5.2 is in beta and there are no guarantees that the features described here will be in the final product that IBM ships.

You can now set a default double-click action to open widgets in the sidebar, a new window, a float window, or a tab. The default does not impact widgets that have a pre-defined double-click action defined in their XML. The supplied default is newWindow.

Note: See Tech Note 1399534 "Adding a widget custom double-click action" for information about customizing an individual widget's double-click action. (Red: I was unable to find this technote - maybe it hasn't been published yet).

This change enables the control of what action is taken when you double click on a widget in the My Widgets sidebar panel. The default will act on all widgets that do not already have a pre-defined double click action. The new plugin_customization.ini file preference is

com.ibm.rcp.toolbox/doubleClickAction=<option>
where valid values for <option> are:
  • sideBar
  • newWindow
  • float
  • tab
For example, to set the default double-click action to open the widget action in the sidebar, add the following statement to the user's local plugin_customization.ini file:
com.ibm.rcp.toolbox/doubleClickAction=sideBar 

On TwitNotes, Twitter and the transition to OAuth

Thanks for all the e-mail and all the IM's reminding me that Twitter would retire the use of basic authentication (username/password) in client applications on 30 June 2010. After that announcement it was postponed to 16 August 2010 so there's still time... That's how I read the frontpage of the Twitter API wiki as of today anyway.

Nathan was the first to poke me and remind of it and ever since the reminders have been tickling in. Happy to see that so many are using TwitNotes and is using it enough to actually be bothered by it not working. I'm in the process of testing an OAuth approach using Scribe and hopefully the solution will be ready soon and in good time before the deprecation... :-)

MyWidgets just got better - Option to reuse a single sidebar panel for a particular widget's action

Please note: The following is from the release notes of Notes 8.5.2 so I don't take credit for writing this. Lotus Notes 8.5.2 is in beta and there are no guarantees that the features described here will be in the final product that IBM ships.

You can now specify if a widget uses only one sidebar panel or if multiple sidebar panels are allowed. You can set a preference in the widget XML to define whether a new Sidebar panel is opened for each widget action or whether the same Sidebar panel is reopened and overwritten for each action initiated by that widget. There are three types of actions that add a widget to the client sidebar panel.

  • The widget property "Contribute to Sidebar on startup." When enabling this option, a sidebar panel is opened in the sidebar for the widget.
  • Right click on a widget in the My Widgets sidebar panel and choose Open in -> Sidebar. Every time this action is executed, a new sidebar panel is opened.
  • Create a Live Text action that puts the action results into the sidebar. Every time this action is executed, a new sidebar panel is opened.
If a user needs to look up multiple pieces of data using a particular widget, there would be a new sidebar panel opened for each lookup. Administrators and power uses can add a new "singletonSidebar" attribute to the palleteItem element in the widget's XML definition after creating and exporting the widget. Valid values are "true" and "false" and sample syntax, where it would appear in the widget's XML file, is as follows:
<webcontextConfiguration version="1.1">
<palleteItem singletonSidebar="false"
OR
<webcontextConfiguration version="1.1">
<palleteItem singletonSidebar="true"
When set to "true" the three actions described will share the same widget sidebar view. When set to "false" the three actions above will open in new sidebar views. Note: The default value is "false" so as not to affect Notes 8.5.1 and prior behavior.

Note: If there were multiple sidebars opened for a widget prior to applying this feature improvement and then you upgrade to a release with this feature improvement (and implement it), the previous sidebars will not be reused and will remain open until the user manually closes them.

MyWidgets just got better - Option to hide and unhide display of widget thumbnail

Disclaimer: The following is from the release notes of Notes 8.5.2 so I don't take credit for writing this. Lotus Notes 8.5.2 is in beta and there are no guarantees that the features described here will be in the final product that IBM ships.

You can now control whether a widget's thumbnail is visible in the My Widgets sidebar panel. As an administrator or power user you can add a hideThumbnail=true or hideThumbnail=false parameter to the palleteItem element in the widget's XML. Users can hide any visible widget thumbnail using a new "Hide" user interface option. Users can un-hide all hidden widget thumbnails using a new "Show All" user interface option.

To prevent users from displaying a hidden widget thumbnail, add the following statement to the user's plugin_customization.ini file:

com.ibm.rcp.toolbox/allowUserShowHideWidgets=false
An administrator or power user can create a widget, export it, and manually add a flag that controls whether the widget is hidden on the My Widgets sidebar panel. If you install a widget that has been modified in this way, the widget will not be visible on the My Widgets sidebar panel. A "Show All" option becomes enabled. The attribute that controls this feature is hideThumbnail and is set in the widget's .XML.
  • hideThumbnail=true -- Hides the widget thumbnail in the My Widgets sidebar panel
  • hideThumbnail=false -- (default) Displays the widget thumbnail in the My Widgets sidebar panel
Example:
<?xml version="1.0" encoding="UTF-8"?>	   
<webcontextConfiguration version="1.1">	   
<palleteItem hideThumbnail="true" id="Test1" 
    providerId="com.ibm.rcp.toolbox.prov.provider.ToolboxProvisioning" 
    title="Test1" url="file:///c:/provUpdateSite2/site.xml">
    <data>	   
You can disable display of the client's "Hide" and "Show All" options by adding the com.ibm.rcp.toolbox/allowUserShowHideWidgets preference to the user's plugin_customization.ini file.
  • com.ibm.rcp.toolbox/allowUserShowHideWidgets=false -- Prevents display of Hide" and "Show All" options
  • com.ibm.rcp.toolbox/allowUserShowHideWidgets=true -- (default) Allows display of Hide" and "Show All" options

Policy control over business card retrieval settings and retrieval order

Disclaimer: The following is from the release notes of Notes 8.5.2 so I don't take credit for writing this. Lotus Notes 8.5.2 is in beta and there are no guarantees that the features described here will be in the final product that IBM ships.

You can access a person's business card to find out more about the person and retrieve their contact information. The following products can potentially provide the data that is displayed in the business card:

  • Lotus Connections
  • Lotus Notes
  • Lotus Sametime
If you have more than two of these products installed and enabled, you might want to specify which product should serve as the primary source of the business card data or you might want to prevent one of the products from contributing to the business card altogether. This is not a required task.

To prioritize the source of the business card data, complete the following steps:

  1. Find the plugin_customization.ini file in the following directory: <Notes>/framework/rcp
  2. Open the plugin_customization.ini file in a text editor
  3. Do one of the following:
    • To prevent one of the products from being the source of the business card data, add the following property to the file: com.ibm.rcp.bizcard/disable.content.for.<provider_name>=true where <provider_name> is one of the following values:
      • Lotus Connections: profiles
      • Lotus Notes: NotesContacts
      • Lotus Sametime: com.ibm.lconn.client.bizcard.livename
    • To change the order of products from which to retrieve the business card data, add a com.ibm.rcp.bizcard/change.priority.for.<provider_name>=<priority> property for each of the supported products where is one of the following values:
      • Lotus Connections: profiles
      • Lotus Notes: NotesContacts
      • Lotus Sametime: com.ibm.lconn.client.bizcard.livename and <priority> is a relevant alphabetic character. Use letters that come later in the alphabet to specify higher priority products and letters that come earlier in the alphabet to specify products with a lower priority. For example, a priority of A is lower than a priority of B.
      By default, the business card is populated with data from the products in the following order:
      • Lotus Connections
      • Lotus Sametime
      • Lotus Notes
      You can change the order and have the business card retrieve data from Notes first, then Lotus Connections, then Sametime, for example:
      com.ibm.rcp.bizcard/change.priority.for.NotesContacts=G
      com.ibm.rcp.bizcard/change.priority.for.profiles=E
      com.ibm.rcp.bizcard/change.priority.for.com.ibm
           .lconn.client.bizcard.livename=C
      
  4. Save the changes to the file.
  5. Restart Notes.

Option to install a widget from a .zip file, file structure, and focus on provisioning

Disclaimer: The following is from the release notes of Notes 8.5.2 so I don't take credit for writing this. Lotus Notes 8.5.2 is in beta and there are no guarantees that the features described here will be in the final product that IBM ships.

Notes users can now install a widget that is supplied to them as a .zip file. Users can either drag and drop the .zip file into their My Widgets sidebar panel or use the Import menu option from the My Widgets sidebar panel.

This option is available for all supported widget types and enables the user to install a widget while working online or offline. The widget definition xml-file must be at the root of the zip file and the widget definition file name must be extension.xml. To make provisioning widgets self-contained in the .zip file, the updateSite URL in the widget definition must be set to jar:${zip.root}!/ and the updateSite itself must also reside in the .zip file.

The structure of the .zip file must be as follows:

features (DIR)
plugins (DIR)
extension.xml
site.xml
When a provisioning widget's .xml definition is processed, the updateSite URL is replaced with a URL to the embedded updateSite in the .zip file. Automatic update is not supported.

Alistair Rennie blogging on the Lotus Knows Blog

The core Lotus team is now blogging on the official Lotus Knows Blog with Alistair Rennie leading the charge in the first post. I welcome the blog and hope that Alistair will be blogging more frequently than those who went before him (see my "Bob Picciano - please don't blog like Mike Rhodin!" post).

I don't see it yet on PlanetLotus but that's probably just a matter of time.

Nice Notes 8.5.2 feature - policy control for access settings for Lotus Connections

Disclaimer: The following is from the release notes of Notes 8.5.2 so I don't take credit for writing this. Lotus Notes 8.5.2 is in beta and there are no guarantees that the features described here will be in the final product that IBM ships.

From Notes 8.5.2 administrators can now define the Lotus Connections server to which the sidebar should connect by adding the following properties to the plugin_customization.ini file located in the <Notes>/framework/rcp directory. Modify this file within the installation package prior to distributing it to end users. If you are installing this code drop for the server as well, use the new policies to manage the accounts instead.

com.ibm.lconn.client.base/server=<server_URL>
com.ibm.lconn.client.base/authtype=<authentication_method>
com.ibm.lconn.client.base/authserver=
     <server_URL>\:443/activities/j_security_check
where
  • <server_URL> is the full Web address of the Activities feature on the Lotus Connections server including the protocol. Add a backslash before each colon. For example: http\://enterprise.example.com/activities
  • <authentication_method> is one of the following values:
    • J2EE-FORM: Form based authentication, default
    • TAM-FORM: Tivoli Access Manager Form authentication
    • SM-FORM: Siteminder Form authentication
    The port number might need to be changed from the default of 443 depending on your deployment.
To tell the Notes client where to read the server information from, add the following property to the plugin_customization.ini file:
com.ibm.lconn.client.base/policy-mode=<mode>
where <<mode> is one of the following values:
  • DEFAULT: Allows users to modify the server URL. This is how the client behaves by default.
  • FORCED: Prevents users from being able to edit the Server URL field in the Activities preferences page.
  • OVERWRITE: Overwrites the server URL that was specified in the preferences page with the one specified in the com.ibm.lconn.client.base/server property. Use this setting if you change deployments and want to force users to switch from accessing one server to accessing another.
If you choose to specify the server using the plugin_customization.ini file, keep these things in mind:
  • When you define the Lotus Connections server to connect to using the plugin_customization.ini file, be sure to specify the full URL of the Activities feature.
  • Tell users to access the Activities sidebar before opening the Connections preferences page when starting the Notes client for the first time. Accessing the sidebar is what triggers Notes to pull the server information from the plugin_customization.ini file.
  • If the server information displayed in the server URL field of the Connections properties page is not the information specified in the plugin_customization.ini file, click Restore Defaults, provide your log in credentials, and then click OK.

Nice Notes 8.5.2 feature - upgrading multiple local databases to a new ODS

Please note: The following is from the release notes of Notes 8.5.2 so I don't take credit for writing this. Lotus Notes 8.5.2 is in beta and there are no guarantees that the features described here will be in the final product that IBM ships.

In the latest code drop of Notes 8.5.2, using either the Notes Client, Domino Administrator Client, or Domino Designer Client, a customer can force the client to perform ODS upgrades of all local databases. For most non-essential databases, the ODS upgrade will take place in a background process and while a database is upgraded, the end user will not be able to use the database. For essential databases that are in use at the point that an upgrade is attempted, the ODS upgrade will be done at the next first time open which will typically occur at client restart.

Configuration Options - Required

The following new NOTES.INI setting performs the upgrade:

NSF_UpdateODS=1
With this set, the client will do a one time pass to upgrade local databases using the compact task.

Configuration Options - Optional

In addition, the specific ODS level that is desired should be set (if none set, ODS51 will be forced):

To create ODS 51 databases:
Create_R85_Databases=1

To create ODS 48 databases:
Create_R8_Databases=1

User Feedback

For databases compacted in the background, there will not be any user visible indication that the database compacts are in progress. If a user attempts to use a database while the compact is in progress, they will see the error:

"Database is being Compacted; Compact must finish before use"
For databases that are in use at the time the compact is attempted (names.nsf, cache.ndk, log.nsf, and possibly user mail files), the compact will occur at the next client restart. When the database is compacted at restart, progress will be shown in the splash screen or in the status bar, depending on when the database is opened.

For each database that is compacted, a "Compacting..." and "Compacted...." will appear in the log.

11/12/2009 03:01:49 PM  Compacting dummy.nsf (dummy),  -r -C
11/12/2009 03:01:52 PM  Compacted  dummy.nsf, 0K bytes recovered (0%)
For each database that is at the desired ODS (or later), only "Compacting..." will appear in the log
11/12/2009 03:01:49 PM  Compacting dummy.nsf (dummy),  -r -C
At the end of the upgrade, the following will appear in the log:
10 databases had an older NSF ODS version. 8 of 
those databases were successfully upgraded to a 
later NSF ODS.

Book keeping Options

NSF_UpdatedToODS=#
After the upgrade is attempted for all local databases, this will be set to the ODS level that was requested. Deleting this setting will cause the code to attempt to perform upgrades. If upgrades are not necessary, the database will be skipped. If the client is shut down before all databases are completed and processed, then this is not set, and the next retry will attempt compacts on databases that are not at the desired ODS.

Clarifications/Not in scope
If there is an error during the compact, the database ODS will not be changed. There will not be any retry logic. If there is not enough space, which can be one of the errors, then the database ODS will not be changed. If a database takes a while to compact then the user does not have access to that Db during the compact. For always in use databases, their compact will be done on the next client restart, and will block user usage.

Limitations
Only Windows and Linux are supported. Macintosh support will be available in a later code drop.

Configure Eclipse 3.5 for Notes 8.5.2

As for previous versions I maintain a document outlining how to configure a vanilla Eclipse install to work with Lotus Notes for Java extension development (with install_id and rcp.base). I have made the first version for Notes 8.5.2 as of code drop 5 so please see Configure Eclipse 3.5 for Notes 8.5.2 if this is of use to you.

Please Lotus that Notes 8.5.2 is in beta and there are no guarantees that the features described here will be in the final product that IBM ships.

Notes 8.5.2 - preload on startup

Disclaimer: Lotus Notes 8.5.2 is in beta and there are no guarantees that the features described here will be in the final product that IBM ships.

Being part of the design partner program for Lotus Notes 8.5.2 I just received code drop 5 i.e. the latest beta of Lotus Notes 8.5.2. Part of this release you are asked a new question while installing which is whether you want to enable preloading Lotus Notes when starting Windows (don't know if this goes for other platforms).

Now I'm on a SSD drive so my experience may be different from others on a "normal" spinning drive but it will be interesting to see how it performs and if it makes a noticeable difference.