New cool reference story about IBM Connections and OnTime Group Calendar

Good news – yesterday night a new IBM reference story for one of our Danish customers went online. The reference is for Semler Group and talks about their adoption of Social Business using IBM Connections as a platform and how the social components from OnTime Group Calendar are central pieces in this strategy. The reference story is also available as a PDF.

Websphere Application Server WIM LDAP adapter log trace

When debugging LDAP login issues for Websphere Application Server (WAS) you’re actually debugging the WIM (Websphere Identity Manager) part of WAS. The actual login piece is part of the adapters (database, ldap, file) which is the repository specific piece that WIM delegate the actual authentication to. The best debug string to use is “*=finest” as it limits the debugging to the LDAP piece of WIM.

Setting up LDAP failover for Websphere Application Server

As you may know LDAP is crucial to Websphere Application Server (WAS) when using it for IBM Connections so it makes good sense to configure failover for LDAP. If the LDAP server becomes unavailable you can no longer log in (actually you can’t even log into ISC – see Websphere Application Server Security – make sure file based auth continues if federated repository is unavailable) and WAS can have a hard time reconnecting to the LDAP. Failover is set up using either the ISC Federated Security UI or by editing wimconfig.xml directly (or using wsadmin commands). Using wimconfig.xml have some advantages as you can set some additional parameters. The screenshot below shows a secondary LDAP server added to the ISC.

Editing wimconfig.xml (see the wim/config-subdirectory of the cell configuration directory e.g. c:wasprofilesdmgrconfigcellsLCCell01wimconfigwimconfig.xml) is easy as well. You simply add an additional LDAP server to the config:ldapServers tag as shown below. The parameters in bold can be used to make sure that WAS return to the primary LDAP server (first listed) and optionally what the poll time should be (in minutes).

<config:ldapServerConfiguration primaryServerQueryTimeInterval="15"
   <config:ldapServers authentication="simple" bindDN="cn=LDAP User,o=Example"
      bindPassword="{xor}removed :)" connectionPool="false" connectTimeout="0"
      derefAliases="always" referal="ignore" sslEnabled="false">
      <config:connections host="" port="389"/>
      <config:connections host="" port="389"/>

Full info in the info center under Primary and secondary LDAP server failover.

Looking up a datasource from an IBM Connections event handler

For a customer project I’m working on these days I’m writing an event handler for IBM Connections Profiles to integrate two profile systems in real-time using the IBM Connections 4.0 Event SPI. Pretty powerful stuff in case you’ve never looked into it.

In IBM Connections an event handler is basically just a Java bean which you register in events-config.xml to be called when certain events occur such as a profile being updated, the photo set, the photo removed etc. In this event handler I needed to contact the Profiles database which should be easy as it’s registered in JNDI in Websphere Application Server. I couldn’t however use the usual java:comp/env/jdbc/profiles resource reference as there’s no J2EE deployment description for the event handler and hence the naming context hasn’t been mapped for me.

But with Websphere Application Server being the all-purpose application server that it is, I was able to find a way to make it work anyway. It turns out that all resources are mapped into a JNDI namespace using their cell and cluster prefix as well (I was able to deduce it from the “Example: Looking up an EJB home or business interface with JNDI” page).

So to look up the jdbc/profiles data source from the Cluster1-cluster scope I simply use the following. Sweet.

try {
   InitialContext ctx = new InitialContext();
   DataSource ds = (DataSource)ctx.lookup("cell/clusters/Cluster1/jdbc/profiles");
} catch (NamingException e) {
   // unable to lookup data source

Using DiscoveryServlet for debugging Connections Mail

When you install Connections Mail having a way to diagnose how Connections sees a particular users mail setup can be very helpful e.g. which mail system, which hostname, mail file etc. Digging through the network traffic in a working Connections Mail install I discovered calls to “DiscoveryServlet” which is a utility that Connections Mail itself uses for that purpose. It’s so nice. When called it returns full info about the mail setup for the queried users (by email address). To call it you use the following URL:

http://<hostname>/connections/resources/discovery/DiscoveryServlet?email=<email address>

Use at your own risk and as Stephan would say – YMMV…

Missing passthru_nonProxyHosts for IBM Connections widget proxy

When writing widgets for IBM Connections (version 1, 2, 3 and 4) and you have an iWidget (judgement still out on the OpenSocial gadget support) that needs to talk to other network resources than the IBM Connections server you need to change the proxy-config.tpl to work around the same origin policy restrictions imposed on JavaScript running in a browser. The change is easy enough and well documented but what do you do if you need to use a HTTP proxy for requests leaving your network? Well you use the passthrough proxy setting for the proxy (see ) to make sure that traffic passes through your HTTP proxy. The problem however is if you need to use a HTTP proxy to access resources external to your network but not to access internal resources since the setting is global and applies to all rules. So be warned and plan your network accordingly.

For the record there is a setting in Mashup Center to work around this (passthru_nonProxyHosts) but that setting hasn’t been implemented for IBM Connections unfortunately.

Social Connections IV in Amsterdam

The agenda for the upcoming Social Connections IV event in Amsterdam is now public and I’m happy to say that it includes yours truly. I will do a 30 minute introduction to the joys of widget development for IBM Connections. I’m pretty sure that there are still slots available for the event so if you’re in Europe on 30 November and you’re working with IBM Connections you really should join us. Oh – and bring your customers…

LCUSER.DUAL is an undefined name doing IBM Connections 3.0.1 side-by-side migration

In the process of moving our internal IBM Connections 3.0.1 server to IBM Connections 4.0 we need to upgrade our DB2 to be 64 bit which is giving us some problems. After talking to IBM they convinced us to first do a side-by-side migration of our 3.0.1 DB2 databases to another 3.0.1 instance before upgrading the databases to 4.0. However in the process we discovered that the documentation for this process is inacurate so I wanted to post the solution here in case others needed it. Referring to the documentation (Migrating 3.0.1 data side-by-side) one of the steps is to record the sequence numbers for 4 DB2 sequences used for the draft tables. The progress of these sequences should be discoverable by using the following SQL but it fails.

(Profiles only.) Run the following commands to update the
database sequence for DB2 or Oracle target databases:

Run the following commands on the 3.0.1 source database:

"SQL0204N "LCUSER.DUAL" is an undefined name. SQLSTATE=42704".

The problem is that the documented SQL references a non-existing table called “DUAL” and some table columns which then doesn’t make any sense either. What you actually want to look at are the actual sequences (see “SELECT SEQNAME FROM SYSCAT.SEQUENCES”). Once you know that it’s pretty easy to get the starting values.

Please note that if you’ve never used the draft functionality and DSML to sync changes back to LDAP you can happily omit these steps altogether.