As mentioned last week you really should consider learning more about Websphere Application Server if you’re into Lotus products. As part of this you might want to check out the Websphere Application Server animations. If requires that you register but there are some nice animations such as
- What is WebSphere Application Server
- Characteristics of WebSphere Application Server
- Business Value of WebSphere Application Server
Saw this link on Planetlotus.org and I think it’s well worth making sure that more Yellowheads know about it. It’s becoming clear that more and more Lotus products are being based on Websphere (which I understand and somewhat support!!) so getting to know Websphere is probably not the worst way to spend a weekend. This PDF from IBM (1 hour course to demystify Websphere Application Server for Lotus is now available) is a crash course introduction to Websphere Application Server, what it’s all about and what the terminology is. I highly recommend you take a peek.
This morning I configured single-sign-on (SSO) between Lotus Connections and Lotus Domino and was again surprised by how easy it is. The steps are simple:
- Open the WAS server administration interface and go to Security > Secure administration, applications, and infrastructure > Authentication mechanisms and expiration.
- Select “Authentication mechanisms and expiration” in the “Authentication” section on the right hand side.
- Now in the “Cross-cell single sign-on” section specify a set of passwords and export the keys to a file on the file system.
- Move the file to your local file system.
- Now follow the guidelines in the Domino Administrator help for importing the keys into Domino LTPA configuration.
Previously I installed Lotus Connections 2.0 fixpack 1 and it took me a while to figure out the syntax so I blogged it. Now I just installed a fix and that too took some figuring out so here is the syntax.
I had to install the LO32615 fix from IBM Lotus (issues with the work location fields) and the syntax is as follows:
- Follow the steps in the post I link to above but don’t invoke the updateLC.bat command
- Use this command: updateLC.bat -fix -install -installDir <Lotus Connections install dir> -fixDir <path to where the fix jar-file is stored on your system> -fixes <the name of the fix (here LO32615)> -wasUserId <WAS userid> -wasPassword <WAS password>
Last week I overcame two stumbling blocks on my way to getting Lotus Connections 2.0 Beta 1 (yeah I know there’s a beta 2) up and running. I’m blogging about it to help others that might experience the same problems.
The first problem was that I couldn’t log into the WAS admin. console after configuring the federated LDAP directory (I’m using Domino 7.0.2 LDAP). The exception I got in my SystemOut.log was the following (important part in bold):
“00000023 exception E com.ibm.ws.wim.adapter.ldap.LdapConnection search(String, String, Object, SearchControls) CWWIM4520E The ‘javax.naming.NoPermissionException: [LDAP: error code 50 – Insufficient Access Rights]; remaining name ‘/’; resolved object com.sun.jndi.ldap.LdapCtx@9e009e0′ naming exception occurred during processing.
[29/04/08 11:46:22:494 CEST] 00000023 exception E com.ibm.ws.wim.adapter.ldap.LdapConnection search(String, String, Object, SearchControls)
com.ibm.websphere.wim.exception.WIMSystemException: CWWIM4520E The ‘javax.naming.NoPermissionException: [LDAP: error code 50 – Insufficient Access Rights]; remaining name ‘/’; resolved object com.sun.jndi.ldap.LdapCtx@9e009e0′ naming exception occurred during processing.
After spending a lot of time trying to diagnose the issue and making sure I did it EXACTLY as prescribed by IBM I still couldn’t solve the issue. I had no problems logging into the LDAP directory which otherwise worked perfectly from other applications. Finally thanks to Robert Thatcher from IBM the problem was solved. It had nothing to do with wimconfig.xml as such or other WAS goodness – it was simply due to missing rights to the LDAP directory. I guess the exception says it too…
I simply didn’t think the user logging into the LDAP needed anything else than reader access in the ACL of Domino Directory. It turns out that Manager is more like it. Hmmm…. I haven’t turned the access level down yet so I don’t know if less will do it as well.
Also many, many thanks to Courious Mitch for helping me out with wimconfig.xml.
IHS node issue
Second issue was that I ended up with two nodes under my WAS profile when configuring the IHS WAS plugin. The actual issue that made me look there was that I was unable to manage SSL certificates for the IHS plugin.
The problem was that when creating the webserver1 in the WAS admin. console I didn’t specify the hostname that WAS was actually bound to. Instead I specified the DNS name I would like to contact WAS using which made WAS create two nodes. Using the fully qualified hostname of the WAS server solved this issue.