1. No category

Lotus Connections 3

IBM Connections 5.0 install on
Linux Red Hat version 6.6
IBM Connections 5.0 install on Linux RedHat version 6.6 ................................................ 1
1. Software Needed ......................................................................................................... 2
2. Prepare Linux for Connections Install ........................................................................ 4
2.1. Install Linux Libraries .......................................................................................... 4
2.2. Install Korn shell for CCM install ........................................................................ 7
2.3. Configure the Linux system ................................................................................. 7
2.4. Extract Install files on the system ...................................................................... 10
3. Install WebSphere 8.5.5.2 +ifixes ............................................................................. 12
3.1. Install IBM Install Manager ............................................................................... 12
3.2. Install WebSphere 8.0.0.6 and ifixes.................................................................. 14
3.3. Create the WebSphere Application Server cell .................................................. 26
4. Enable security with LDAP ...................................................................................... 35
4.1. Start the DMGR and nodeagent ......................................................................... 35
4.2. Enable security with an LDAP Directory .......................................................... 35
5. Install DB2 10.1 ........................................................................................................ 45
5.1. Install DB2 10.1 Enterprise Server .................................................................... 45
5.2. Start DB2 ............................................................................................................ 59
5.3. Install DB2 10.1 fp4 ........................................................................................... 59
6. Create the Connections Databases ............................................................................ 61
6.1. Create the dedicated db2 user............................................................................. 61
6.2. Configure unicode for db2 ................................................................................. 61
6.3. Create Connections databases with wizard ........................................................ 62
7. Install and Tivoli Directory Integrator 7.1.1 fp3....................................................... 69
7.1. Install Tivoli Directory Integrator 7.1.1 ............................................................. 69
7.2. Install fixpack 3 .................................................................................................. 82
7.3. Configure TDI .................................................................................................... 83
8. Populate the profiles database using wizard ............................................................. 84
8.1. Copy tdisol directory to keep profiles and ldap in sync ..................................... 93
9. Install IBM Connections 5.0 ..................................................................................... 94
9.1. Set the JVM heap size ...................................................................................... 112
9.2. Start IBM Connections ..................................................................................... 114
10. Install and Configure IBM HTTP Server and Plugin 8.5.5.2 .............................. 116
10.1.
Install IBM HTTP Server 8.5.5.2 ................................................................. 116
10.2.
Register IHS with the Plug-in ....................................................................... 127
10.3.
Configure WebSphere to use IBM HTTP Server ......................................... 128
10.4.
Configure SSL on IHS .................................................................................. 133
10.4.1.
Create the SSL key file for IHS ............................................................ 134
10.4.2.
Configure httpd.conf to listen over ssl .................................................. 137
10.4.3.
Add the plug-in key file certificate to the HTTP server key file........... 138
10.4.4.
Add the WAS Web Container certificate to the plug-in key file .......... 144
10.4.5.
Add the HTTP Server certificate to WebSphere trust store .................. 150
10.5.
Configure Connections to work with HTTP Server ..................................... 155
10.6.
Configure HTTP Server to compress some files .......................................... 157
10.7.
Configure Files and Wikis to download files ............................................... 158
11. Configure an administrator user for homepage ................................................... 158
12. Configure IBM Connections Content Manager Libraries ................................... 158
12.1.
Create Filenet Global Configuration Domain (GCD) .................................. 159
12.2.
Create FileNet ObjectStore ........................................................................... 160
12.3.
Allow Anonymous access to CCM .............................................................. 161
12.3.1.
Create Anonymous user account ........................................................... 162
12.3.2.
Configure Anonymous user in FNCS roles........................................... 162
12.3.3.
Generate SID for anonymous user ........................................................ 168
12.3.4.
Update FileNet with anonymous user SID ............................................ 170
Appendix - helpful linux stuff......................................................................................... 176
13. Redirecting Display from unix to local windows machine .................................. 176
14. Disable password settings on the OS ................................................................... 178
15. Configure DB2 to start automatically after system restart................................... 178
16. Configure IBM HTTP Server to start automatically............................................ 180
1.
Software Needed
I downloaded the following files prior to installing:
IBM Connections V5.0 Multiplatform Multilingual eAssembly (CRS4IML)
 IBM Connections V5.0 for Linux Multilingual (CIYQ7ML )
 IBM Connections V5.0 Wizard for Linux, AIX Multilingual (CN1F6ML )
 IBM Connections V5.0 Cognos Wizard for Linux Multilingual (CIYR6ML )
IBM DB2 and Tivoli for Connections 5.0 for Multiplatforms Multilingual eAssembly
(CRS4LML)
 IBM DB2 Enterprise Server Edition V10.1 for Linux on AMD64 and Intel®
EM64T systems (x64) Multilingual (CI6W6ML )
 IBM Tivoli Directory Integrator Identity Edition V7.1.1 for Linux - x86-64,
Multilingual (CZUF3ML )
IBM WAS V8.5.5 for Connections 5.0 for Multiplatforms Multilingual eAssembly
(CRS4MML)
 IBM WebSphere Application Server Network Deployment V8.5.5 (1 of 3) for
Multiplatform Multilingual (CIK2HML )
 IBM WebSphere Application Server Network Deployment V8.5.5 (2 of 3) for
Multiplatform Multilingual (CIK2IML )
 IBM WebSphere Application Server Network Deployment V8.5.5 (3 of 3) for
Multiplatform Multilingual (CIK2JML )


IBM WebSphere Application Server V8.5.5 Supplements (1 of 3) for
Multiplatform Multilingual (CIK1VML )
IBM WebSphere Application Server V8.5.5 Supplements (2 of 3) for
Multiplatform Multilingual (CIK1WML )

IBM WebSphere Application Server V8.5.5 Supplements (3 of 3) for
Multiplatform Multilingual (CIK1XML )
IBM Connections Content Manager 5.0 AIX, Windows, Linux Multilingual eAssembly
(CRS4PML)
 IBM FileNet Content Engine V5.2 Linux Multilingual (CIUS2ML )
 IBM FileNet Content Engine Client V5.2 Linux English (CIV1HEN )
 IBM FileNet Collaboration Services 2.0.0.1 Fix pack 1 interim fix 1
Multiplatform Multilingual (CIZ7SML )


IBM FileNet Content Platform Engine 5.2 fix pack 3 (Server & Client code)
Linux Platform Multilingual (CIZ7TML )
IBM Content Navigator V2.0.3 Linux Multilingual (CN0PTML )
Post Install Fixes
NOTE: These are what I downloaded on 17 November 2014. Check the following
location for the latest supported releases:
http://www-01.ibm.com/support/docview.wss?uid=swg27012786
WebSphere Application Server, IBM HTTP Server and plug-ins 8.0 fixpack 6
http://www-01.ibm.com/support/docview.wss?uid=swg24037250
Required ifixes –
PI15998 http://www933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7E
WebSphere&product=ibm/WebSphere/WebSphere+Application+S
erver&release=All&platform=All&function=aparId&apars=PI159
98
TDI 7.1.1 - fixpack 3
TDI 7.1.1 fp3 - http://www01.ibm.com/support/docview.wss?uid=swg24035743
http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Security%
2BSystems&product=ibm/Tivoli/Tivoli+Directory+Integrator&release=Al
l&platform=All&function=fixId&fixids=7.1.1-TIV-TDIFP0003&includeSupersedes=0&source=fc
DB2 10.1 - fixpack 4
DB2 10.1 fp4 - http://www01.ibm.com/support/docview.wss?uid=swg24037466
I downloaded the Universal Fix Pack
These were the steps I followed to install IBM Connections 5.0. Everything was installed
on a single server. The server is Red Hat Enterprise Linux 6.6
2.
Prepare Linux for Connections Install
There are a number of libraries and OS settings that need to be in place for the
Connections install. This topic walks you thru those details
2.1. Install Linux Libraries
The following libraries must be installed if you want to use gui mode of the installers. I
did this step on my system:
compat-libstdc++-33.x86_64
libcanberra-gtk2.i686
PackageKit-gtk-module
gtk2.i686
compat-libstdc++-33.i686
compat-libstdc++-296
compat-libstdc++
libXtst.i686
libpam.so.0
1. Run the following command to determine what of the libraries are already installed:
rpm -q --queryformat='%{N}-%{V}-%{R}.%{arch}\n' compat-libstdc++-33.x86_64
libcanberra-gtk2.i686 PackageKit-gtk-module gtk2.i686 compat-libstdc++-33.i686
compat-libstdc++-296 compat-libstdc++ libXtst.i686 libpam.so.0
On my server I got the following results
[root@cpdocs ~]# rpm -q --queryformat='%{N}-%{V}-%{R}.%{arch}\n' compatlibstdc++-33.x86_64 libcanberra-gtk2.i686 PackageKit-gtk-module gtk2.i686
compat-libstdc++-33.i686 compat-libstdc++-296 compat-libstdc++ libXtst.i686
libpam.so.0
package compat-libstdc++-33.x86_64 is not installed
package libcanberra-gtk2.i686 is not installed
PackageKit-gtk-module-0.5.8-23.el6.x86_64
package gtk2.i686 is not installed
package compat-libstdc++-33.i686 is not installed
package compat-libstdc++-296 is not installed
package compat-libstdc++ is not installed
package libXtst.i686 is not installed
package libpam.so.0 is not installed
So I will need to install the 32-bit drivers for
PackageKit-gtk-module
libXtst
and both the 64 and 32-bit driver for
libcanberra-gtk2
gtk2
compat-libstdc++-33
compat-libstdc++-296
compat-libstdc++
libXtst
libpam.so.0
2. First I needed to configure yum for a repository, so I did the following:
a. vi /etc/yum.repos.d/rhel-source.repo
b. add the following to the file
[server]
name=Server
baseurl=http://mirror.centos.org/centos/6/os/x86_64
enabled=1
gpgcheck=0
c. Save and close the file
3. The different libraries are on the Red Hat 6.4 install CD, and I have copied install
DVD over to /opt/rhdvd, then mounted the drive by running
mkdir /mnt/iso
mount -t iso9660 -o loop /opt/rhdvd/RHEL-6.6-20140926.0-Server-x86_64-dvd1.iso
/mnt/iso/
4. From the /mnt/iso/Packages directory I ran the following commands to install each
library
a. yum install libXtst
b. yum install gtk2
c. yum install compat-libstdc++-33
d. yum install compat-libstdc++-296
The rest would generate an error when I attempted to install them, so I ran the
following command:
e. yum distro-sync
Then I ran the rest
f. yum install PackageKit-gtk-module
g. yum install libcanberra-gtk2
h. yum install pam-1.1.1-20.el6.i686.rpm
NOTE: When I attempted to run the commands back to back I would at times get the
following error:
Another app is currently holding the yum lock; waiting for it to exit...
The other application is: PackageKit
Memory : 116 M RSS (426 MB VSZ)
Started: Thu Jan 9 10:58:39 2014 - 03:40 ago
State : Sleeping, pid: 29216
I just had to wait for it to complete, I ran
ps -elf|grep 29216
to watch for it to complete
5. The compat-libstdc++ library was not found by me. I'm not sure why it's listed, but I
was not able to install just compat-libstdc++
6. rpm -q --queryformat='%{N}-%{V}-%{R}.%{arch}\n' compat-libstdc++-33.x86_64
libcanberra-gtk2.i686 PackageKit-gtk-module gtk2.i686 compat-libstdc++-33.i686
compat-libstdc++-296 compat-libstdc++ libXtst.i686 libpam.so.0
compat-libstdc++-33-3.2.3-69.el6.x86_64
libcanberra-gtk2-0.22-1.el6.centos.i686
PackageKit-gtk-module-0.5.8-23.el6.x86_64
PackageKit-gtk-module-0.5.8-23.el6.i686
gtk2-2.24.23-6.el6.i686
compat-libstdc++-33-3.2.3-69.el6.i686
compat-libstdc++-296-2.96-144.el6.i686
package compat-libstdc++ is not installed
libXtst-1.2.2-2.1.el6.i686
package libpam.so.0 is not installed
2.2. Install Korn shell for CCM install
The install scripts for CCM require the Korn shell. If you miss this step the install will
fail with error: CLFRP0038E IBM Connections Content Manager failed to be configured
on WebSphere Application Server. Error Step Step "action-config-fncs-ccm"
In the
/opt/IBM/WebSphere/AppServer/profiles/Dmgr01/ConfigEngine/log/ConfigTrace.log
you will see:
/opt/IBM/Connections/ccm/ccm/ccm/config/includes/ccm_cust_cfg.xml:817: Execute
failed: java.io.IOException: Cannot run program "./configwizard.sh" (in directory
"/opt/IBM/Connections/addons/ccm/FNCS/configmanager"): java.io.IOException:
error=2, No such file or directory
If this happens, uninstall CCM using Install Manager, install the Korn shell from these
steps, and install CCM again with Install Manager.
1. From the redhat install packages dir and run
yum install ksh
2.3. Configure the Linux system
1. As the root user, run the following command to create a symbolic link (this is needed
for the IBM HTTP Server)
ln -s /bin/ksh /usr/bin/ksh
2. Disable SELinux by setting SELINUX=disabled in /etc/selinux/config
3. Add multilib_policy=all to /etc/yum.conf
4. Configure the ulimit to 65536 (we could use 8192 if this was only Connections, but
DB2 needs 65536):
cd ~
umask 022
vi .bashrc
add ulimit -n 8192 and save and close the file
5. Update the current working session as well, by running:
ulimit -n 65536
Then run ulimit -a to confirm the task worked
Also, ensure data and file size are unlimited
2.4. Extract Install files on the system
I ran the following commands to uncompress all files into a install dir
WebSphere and fixes
1. unzip WASND_v8.5.5_1of3.zip -d was
2. unzip WASND_v8.5.5_2of3.zip -d was
3. unzip WASND_v8.5.5_3of3.zip -d was
4. unzip WAS_V8.5.5_SUPPL_1_OF_3.zip -d wassupp
5. unzip WAS_V8.5.5_SUPPL_2_OF_3.zip -d wassupp
6. unzip WAS_V8.5.5_SUPPL_3_OF_3.zip -d wassupp
7. unzip 8.5.5.2-ws-wasprod-ifpi15998.zip -d was/pi15998
8. unzip 8.5.5-WS-WAS-FP0000002-part1.zip -d was/fp2
9. unzip 8.5.5-WS-WAS-FP0000002-part2.zip -d was/fp2
10. unzip 8.5.5-WS-WASSupplements-FP0000002-part1.zip -d wassupp/fp2
11. unzip 8.5.5-WS-WASSupplements-FP0000002-part2.zip -d wassupp/fp2
Connections and Cognos wizard
12. tar -C ic5 cogwizard -xvf Connections_5.0_Cog_Wiz_LNX.tar
13. tar -C ic5 -xvf Connections_5.0_Wizards_lin_aix.tar
14. tar -C ic5 -xvf IBM_Connections_5.0_Lin.tar
DB2 and fixes
15. tar -C db2 -zxvf DB2_ESE_10_Linux_x86-64.tar.gz
16. tar -C db2/fp4 -zxvf v10.1fp4_linuxx64_universal_fixpack.tar.gz
TDI and fixes
17. tar -C tdi -xvf TDI_IDENTITY_E_V7.1.1_LIN-X86-64.tar
18. unzip 7.1.1-TIV-TDI-FP0003.zip -d tdi/fp3
FileNet / CCM - These all need to be extracted to the same directory
19. unzip FN_CPE_5.2_FP3Svr_Clt_Cde_Linux.zip .
NOTE: This will create 2 files
5.2.0.3-P8CPE-CLIENT-LINUX-FP003a.tar.gz
5.2.0.3-P8CPE-LINUX-FP003a.tar.gz
20. tar -C filenet/install -zxvf FN_CE_5.2_LINUX_ML.tar.gz
21. tar -C filenet/install -zxvf FN_CEC_5.2_LINUX_EN.tar.gz
22. unzip FN_Coll_Svc_2.0.0.1_FP1_IF1_MP_ML.zip -d filenet/install
23. tar -C filenet/install -zxvf 5.2.0.3-P8CPE-LINUX-FP003a.tar.gz
24. tar -C filenet/install -zxvf 5.2.0.3-P8CPE-CLIENT-LINUX-FP003a.tar.gz
25. tar -C filenet/ctnnav -xvf IBM_CTNT_NAVI_2.0.3_LNX_ML.tar
3.
Install WebSphere 8.5.5.2 +ifixes
This step involves setting up a DMGR server, 1 managed node (in this case I installed
everything on 1 system, so I installed a cell).
3.1. Install IBM Install Manager
Follow appendix A to export the display to your workstation
1. run ./install.sh from the /opt/install/ic5/IBM_Connections_Install_Linux/IM/linux
directory
2. Uncheck IBM Connections
Here I got an error
3. So I ended up running the install in console mode:
./installc -acceptLicense
4. I ran into the same error when attempting to use IBM Install Manager as well, to
resolve this, I opened /opt/IBM/InstallManager/eclipse/IBMIM.ini and added the
following 2 lines to the end of the file:
-Dorg.eclipse.swt.internal.gtk.useCairo=false
-Dorg.eclipse.swt.internal.gtk.cairoGraphics=false
3.2. Install WebSphere 8.0.0.6 and ifixes
First, make sure you have extracted WebSphere 8.5.5, 8.5.5 fp2 and the ifixes into a
directory, I used /opt/install/was; /opt/install/was/fp2 and /opt/install/was/pi15998
respectively
NOTE: for detailed steps on exporting the display to your laptop see Appendix A
1. Start Install Manager by running ./IBMIM from
/opt/IBM/InstallationManager/eclipse/
2. File Preferences .... to add the WebSphere repository to IBM Install Manager
3. Select Add Repository
4. Browse to the location of where you extracted WebSphere and select the
repository.config (/opt/install/was/repository.config) and click OK
5. Continue that process for fp2 and the ifix
/opt/install/was/fp2/repository.config
/opt/install/was/pi15998/repository.config
And uncheck the Search service repositories during installation and updates box, then
click Apply and OK
6.
7.
8.
9.
10.
11.
12.
13.
14.
3.3. Create the WebSphere Application Server cell
Now that the install is complete we will create a cell because all services are installed on
a single machine.
15. Start the Profile Management Tool
16.
17. Because everything is being installed on a single machine, I will chose Cell,
otherwise I would install WebSphere on 2 machine, choosing Management on 1 and
Application server on the other.
18.
19. The user you select here will be created in the local file repository in WebSphere.
This user should NOT be in your LDAP directory. I like to use localadmin to remind
myself and everything that this user is in the local repository, typically people use
wasadmin, but sometimes they have a wasadmin in their ldap directory and that will
cause problems.
20.
21.
22.
23.
WebSphere Application Server is now installed on the machine
4.
Enable security with LDAP
In this process we will start WAS and enable security
4.1. Start the DMGR and nodeagent
1. Start the DMGR by running:
/opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin/startManager.sh
2. Start the nodeagent by running
/opt/IBM/WebSphere/AppServer/profiles/AppSrv01/bin/startNode.sh
4.2. Enable security with an LDAP Directory
1. Open a browser to the DMGR Integrated Solutions Console
(http://cpdocs.swg.usma.ibm.com:9060/ibm/console) Because security is enabled,
you will be redirected to the ssl port to login - if necessary accept the certificate and
login with the user created during the WebSphere Application Server install
2. Open Security – Global Security
3. Select Federated Repositories from the Available realm definitions field, and then
click Configure.
4. Click Add Base entry to Realm
5. and then, on the Repository reference page, click Add Repository - LDAP repository
6. On the New page, type a repository identifier, such as myFavoriteRepository (I used
icldap AD into the Repository identifier field.
7. Specify the LDAP directory that you are using in the Directory type field.
8. Type the host name of the primary LDAP directory server in the Primary host name
field. The host name is either an IP address or a domain name service (DNS) name.
9. If your directory does not allow LDAP attributes to be searched anonymously,
provide values for the Bind distinguished name and Bind password fields.
10. Specify the login attribute or attributes that you want to use for authentication in the
Login properties field. Separate multiple attributes with a semicolon. For example:
uid;mail.
11. Click Apply
12. and then Save
13. Set the base entry fields, and click OK
NOTE: If this was Domino LDAP, set the first entry to root, and leave the second
blank. 'root' is a special setting for WebSphere that tells it not to use a base. This will
allow domino customer to find the user in the primary directory and all secondary
directories, as well as all flat groups.
All other ldap directories, the entries to the base of your directory. My ldap directory
is Active Directory, so I set the base to dc=icad,dc=com
14. and then Save
15. In the Repository Identifier column, click the link for the repository or repositories
that you just added.
16. In the Additional Properties area, Select Group Federated repositories entity types to
LDAP object classes mapping.
17. Make sure Group and Person Account are set to group and user.
If this was Domino, they would be set to dominoGroup or dominoPerson
IBM Directory server is typically groupOfUniqueNames and inetOrgPerson
18. Back in the repositories page, select Group attribute definition
19. And then click the Member attributes link.
20. If you are using AD, member with object class group is fine.
If you are using Domino, member with object class dominoGroup or groupOfNames
is fine
If you are using IDS, make sure to include uniquemember with object class
groupOfUniqueNames
I am using AD, so I have
21. Back on the Group attribute definition page, Enter group membership values in the
Name of member attribute and Object class fields. Click Ok
For IBM Directory Server this would be ibm-allgroups with scope of Nested
For Domino this would be dominoAccessGroups with scope of Nested
For AD this would be memberof with scope of Direct
22. And then click Save to save this setting.
23. Enable Application security:
a. Click Global Security in the navigation links at the top of the page.
b. Select the Administrative Security and Application Security check boxes. Make
sure the Java 2 security check box is unchecked
c. Click Apply
d. And then click Save to save this configuration.
24. Log out of the WebSphere Application Server Integrated Solutions Console and
restart WebSphere Application Server
a. Run /opt/IBM/WebSphere/AppServer/profiles/AppSrv01/bin/stopManager.sh username localadmin -password password
b. Then /opt/IBM/WebSphere/AppServer/profiles/AppSrv01/bin/startManager.sh
25. Verify that users in the LDAP directory have been successfully added to the
repository:
a. From the WebSphere Application Server Integrated Solutions Console, select
Users and Groups > Manage Users.
b. In the Search by field, enter a user name that you know to be in the LDAP
directory and click Search. If the search succeeds the user exists in your ldap
directory.
c. Click on the user, then click the Groups tab, you should see a list of groups the
user belongs to
26. Once the DMGR is finding users correctly from LDAP, restart the nodeagent to pick
up the changes by running
a. /opt/IBM/WebSphere/AppServer/profiles/AppSrv01/bin /stopNode.sh -username
localadmin -password password
b. /opt/IBM/WebSphere/AppServer/profiles/AppSrv01/bin /startNode.sh
5.
Install DB2 10.1
In this step we will Install DB2.
Make sure you have extracted IBM DB2 Enterprise Server Edition V10.1 for Linux on
AMD64 and Intel® EM64T systems (x64) Multilingual (CI6W6ML ). I extracted it to
/opt/install/db2/ese
5.1. Install DB2 10.1 Enterprise Server
1. Follow Appendix A to export the display to your workstation
2. Run .db2setup from /opt/install/db2/ese/
3.
4.
5.
6.
7.
8.
NOTE: Here I got an error
so I ran a chmod on the IBM dir
chmod 777 IBM
Then clicked Next
9.
10.
11.
12.
13.
14.
15.
16.
17.
5.2. Start DB2
1. Access the system as db2inst1
2. run db2start
5.3. Install DB2 10.1 fp4
Make sure to extract DB2 10.1 fp4, I used /opt/install/db2/fp4
1. Sign into the system as the db2 admin (db2inst1) and run db2stop
2. Sign into the system as the DB2 Admin user (dasusr1) and run db2admin stop
3. As root Run ./installFixPack from /opt/install/db2/fp4/universal
4. Enter the path where DB2 is installed (/opt/IBM/db2/V10.1)
5.
6.
7. I got that minor error message and looked in the install log, but it showed everything
was successful:
So I moved ahead with the next steps.
8. Start DB2 by logging into the system as the db2 admin (db2inst1) and running
db2start
6.
Create the Connections Databases
6.1. Create the dedicated db2 user
1. as the root user enter the following commands
a. useradd -g db2iadm1 lcuser
b. echo "lcuser:password" | chpasswd
6.2. Configure unicode for db2
1. access the machine as the db2 instance owner (db2inst1)
2. Run the following commands:
a. db2set DB2CODEPAGE=1208
b. db2stop force
c. db2start
3. To verify the setting took, run db2set, DB2CODEPAGE should be equal 1208
6.3. Create Connections databases with wizard
Make sure to extract IBM Connections V5.0 Wizard for Linux, AIX Multilingual
(CN1F6ML ) to a location on the DB2 Server. I extracted to /opt/install/ic5/Wizards
1. log on to the server as root
2. Make sure all users can execute the dbWizard.sh file
a. change dir to /opt/install/ic5
b. run ownership of the entire Wizards directory to the db2 instance owner by
running
chown -R db2inst1 Wizards
3. Grant display to all users by entering the following command
xhost +
4. change to the db2 instance owner (db2inst1) by entering
5. run the following commands to export the display to your laptop (see appendix A for
more details)
a. export DISPLAY=9.75.245.208:0
b. xclock
the clock should appear on your desktop
6. Run ./dbWizard.sh from /opt/install/ic5/Wizards/
7.
8.
9.
10.
11.
12.
13. back in the ssh terminal, type exit to return to the root user
7.
Install and Tivoli Directory Integrator 7.1.1 fp3
In this step, we will install TDI 7.1.1 and apply fp3.
7.1. Install Tivoli Directory Integrator 7.1.1
Extract IBM Tivoli Directory Integrator Identity Edition V7.1.1 for Linux - x86-64,
Multilingual (CZUF3ML ) (I used /opt/install/tdi)
1. As root Run ./install_tdiv711_linux_x86_64.bin from /opt/install/tdi/linux_x86_64
NOTE: If you have not already configured the ssh system to send the display to your
laptop, use appendix A to do that.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13. Uncheck Start Configuration Editor
7.2. Install fixpack 3
Download and extract FP3 on the server. (I extracted to /opt/install/tdi/fp3)
1. The zip file you download extracts to a folder (7.1.1-TIV-TDI-FP0003) that contains
a zip file (TDI-7.1.1-FP0003.zip) and 3 other files. It's this TDI-7.1.1-FP0003.zip we
will point to in the next step.
2. Run ./applyUpdates.sh -update /opt/install/tdi/fp3/7.1.1-TIV-TDI-FP0003/TDI-7.1.1FP0003.zip from the from /opt/IBM/TDI/V7.1.1/bin/ directory
3. After the fix pack is installed, verify the Tivoli Directory Integrator fix pack version
installed on your system by running
/opt/IBM/TDI/V7.1.1/bin/applyUpdates.sh -queryreg
You should get the following results
Information from .registry file in: /opt/IBM/TDI/V7.1.1
Edition: Identity
Level: 7.1.1.3
License: None
Fixes Applied
=-=-=-=-=-=-=
TDI-7.1.1-FP0003(7.1.1.0)
Components Installed
=-=-=-=-=-=-=-=-=-=
BASE
SERVER
-TDI-7.1.1-FP0003
CE
-TDI-7.1.1-FP0003
JAVADOCS
-TDI-7.1.1-FP0003
EXAMPLES
EMBEDDED WEB PLATFORM
AMC
Deferred: false
7.3. Configure TDI
1. Copy the db2jcc.jar and db2jcc_license_cu.jar files from the java subdirectory of the
directory where you installed DB2 (/opt/IBM/db2/V10.1/java) to the jvm/jre/lib/ext
subdirectory of Tivoli Directory Integrator. (/opt/IBM/TDI/V7.1.1/jvm/jre/lib/ext)
2. Increase the runtime memory for TDI
a. Edit /opt/IBM/TDI/V7.1.1/ibmdisrv
b. At the bottom of the file look for
"$TDI_JAVA_PROGRAM" $TDI_MIXEDMODE_FLAG -cp
"$TDI_HOME_DIR/IDILoader.jar" "$LOG_4J"
com.ibm.di.loader.ServerLauncher "$@" &
change this to
"$TDI_JAVA_PROGRAM" -Xms256M -Xmx1024M
$TDI_MIXEDMODE_FLAG -cp "$TDI_HOME_DIR/IDILoader.jar"
"$LOG_4J" com.ibm.di.loader.ServerLauncher "$@" &
c. Save and close the file
8.
Populate the profiles database using wizard
NOTE: If you have not exported the display to run a gui on your local machine, use
appendix A to do that now.
1. Copy the Wizards directory from the IBM Connections installation media (IBM
Connections V5.0 Wizard for Linux, AIX Multilingual (CN1F6ML )) to the system
where Tivoli Directory Integrator is installed. Everything is on the same machine for
my environment, so the Wizard directory is in /opt/install/ic5/Wizards/
2. Run ./populateWizard.sh from /opt/install/ic5/Wizards/
3.
4.
5.
6.
7.
8.
9.
10.
11.
8.1. Copy tdisol directory to keep profiles and ldap in sync
1. create a tdisol dir in /opt/IBM/TDI/V7.1.1/
mkdir /opt/IBM/TDI/V7.1.1/tdisol
2. Copy the TDI directory from /opt/install/ic5/Wizards/TDIPopulation/linux to
/opt/IBM/TDI/V7.1/tdisol/
cp -ar /opt/install/ic5/Wizards/TDIPopulation/linux/TDI/ /opt/IBM/TDI/V7.1.1/tdisol/
3. This directory has the settings from when you populated the profiles database.
Periodically as users are added, removed or updated in ldap you need to run
the ./sync_all_dns.sh from this directory to keep the profiles database and ldap
directory in sync
9.
Install IBM Connections 5.0
Extract the following downloads
 IBM Connections V5.0 for Linux Multilingual (CIYQ7ML ) I extracted to
/opt/install/ic5/IBM_Connections_Install_Linux
 IBM FileNet Collaboration Services 2.0.0.1 Fix pack 1 interim fix 1
Multiplatform Multilingual (CIZ7SML ) I extracted to /opt/install/filenet/fncs
 IBM Filenet Content Platform Engine 5.2 fix pack 3 (Server & Client code) Linux
Platform Multilingual (CIZ7TML ) I extracted to /opt/install/filenet/ce and
/opt/install/filenet/ceclient
Follow Appendix A to export the display to your desktop if you have not already done so.
1. Stop the nodeagent by running:
a. /opt/IBM/WebSphere/AppServer/profiles/AppSrv01/bin/stopNode.sh -username
localadmin -password password
2. Start the DMGR if not running
a. /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin/startManager.sh
3. There are a few ways to run the install. I did not want to worry about the exact
Firefox version to use the launchpad, so I started Install Manager manually by
running
./install.sh from -input response.xml from
/opt/install/ic5/IBM_Connections_Install_Linux/IM/linux
4.
5.
6.
7. Scroll down and selected IBM Connections Content Manager
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18. I will set up the Cognos piece later, so I select Do later here
19. I plan on configuring this system with IBM Docs, which will require additional
physical machines, so I will install the shared directory to an NSF share
(/nsf/IBM/Connections/data/shared)
20.
21.
22. I have a domino server in my environment listening on port 25 for SMTP traffic, so I
went ahead and configured notifications to that server.
23.
24.
25.
26. Restart DMGR by running:
a. /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin/stopManager.sh -username
localadmin -password password
b. /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin/startManager.sh
27. Start the node agent by running:
a. C:\IBM\WebSphere\AppServer\profiles\AppSrv01\bin>startNode.bat
28. At this point the DMGR begins syncing the applications down to the node. You should wait
for this process to complete. It may take 30 minutes to an hour. On my server it took 15
minutes. I typically watch the processes in windows task manager as I start the nodeagent.
You will see a java task use a lot of cpu, once it's drops to 0% cpu for a min or 2, it should be
done. Look in the nodeagent systemout.log log located at
C:\IBM\WebSphere\AppServer\profiles\AppSrv01\logs\nodeagent for the following line:
[4/3/13 19:44:48:011 EDT] 00000039 AppBinaryProc I ADMA7021I: Distribution of
application <connections_app> completed successfully.
You will see the following applications get synced:
ADMA7021I: Distribution of application WebSphereOauth20SP completed successfully.
ADMA7021I: Distribution of application Common completed successfully.
ADMA7021I: Distribution of application Mobile completed successfully.
ADMA7021I: Distribution of application Mobile Administration completed successfully.
ADMA7021I: Distribution of application WidgetContainer completed successfully.
ADMA7021I: Distribution of application Metrics completed successfully.
ADMA7021I: Distribution of application FileNetEngine completed successfully.
ADMA7021I: Distribution of application Search completed successfully.
ADMA7021I: Distribution of application Activities completed successfully.
ADMA7021I: Distribution of application Profiles completed successfully.
ADMA7021I: Distribution of application Moderation completed successfully.
ADMA7021I: Distribution of application Files completed successfully.
ADMA7021I: Distribution of application Communities completed successfully.
ADMA7021I: Distribution of application ibmasyncrsp completed successfully.
ADMA7021I: Distribution of application News completed successfully.
ADMA7021I: Distribution of application FNCS completed successfully.
ADMA7021I: Distribution of application Homepage completed successfully.
ADMA7021I: Distribution of application Forums completed successfully.
ADMA7021I: Distribution of application Wikis completed successfully.
ADMA7021I: Distribution of application Blogs completed successfully.
ADMA7021I: Distribution of application connectionsProxy completed successfully.
ADMA7021I: Distribution of application commsvc completed successfully.
ADMA7021I: Distribution of application Help completed successfully.
ADMA7021I: Distribution of application Dogear completed successfully.
9.1. Set the JVM heap size
1. Open the Integrated Solution Console and login
(http://cpdocs.swg.usma.ibm.com:9060/ibm/console )
2. Go to Servers > Server Types > WebSphere application servers and click on the
connections cluster server
3. on the right hand side, scroll down to Server Infrastructure, open Java and Process
Management and click on Process definition
4. Click on Java Virtual Machine
5. Make sure the install set
Initial heap size:
Maximum heap size: 2506
6. If you change these, click OK and Save
7. Synchronize the Nodes
a. Go to System administration > Nodes
b. Select the node, and click Full Resynchronize
9.2. Start IBM Connections
1. Start IBM Connections
a. Wait for the node to completely sync
b. In the Integrated Solution Console go to Servers > Server Types > WebSphere
application servers
c. Select the cluster, and click Start
d. Once you get the successfully started message, you are ready to test Connections:
10. Install and Configure IBM HTTP Server and Plugin
8.5.5.2
In this step we will Install IBM HTTP Server 8.5.2
Install the plugin for the HTTP Server
Apply fix pack IHS as well as the plugin
Configure IHS with the DMGR
Configure SSL on IHS
Configure Connections with IHS
10.1. Install IBM HTTP Server 8.5.5.2
Extract the IBM WebSphere Application Server V8.5.5 Supplements and Supplements
Fix Pack 2 downloads in to a directory. I extracted to /opt/install/wassupp and
/opt/install/wassupp/fp2
1. Start IBM Install Manager by running ./IBMIM from
/opt/IBM/InstallationManager/eclipse
NOTE: If you have not already exported the display, follow Appendix A to export
the display
2. Go to File Preferences
3. Select the Supplements and Fix Pack2 repository
4.
5.
6. Select IBM HTTP Server and Web Server Plug-ins
7.
8.
9.
10.
11.
12.
13.
10.2. Register IHS with the Plug-in
1. Create the create a runtime user for the admin server by running the following as root:
groupadd ihs
useradd -g ihs ihs
2. copy ConfigureIHSPlugin.sh from /opt/IBM/WebSphere/Plugins/bin/ to
/opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin/
cp /opt/IBM/WebSphere/Plugins/bin/ConfigureIHSPlugin.sh
/opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin/ConfigureIHSPlugin.sh
3. Change dir to /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin/
and run
./ConfigureIHSPlugin.sh -plugin.home /opt/IBM/WebSphere/Plugins plugin.config.xml /opt/IBM/WebSphere/Plugins/config/webserver1/plugin-cfg.xml ihs.conf.file /opt/IBM/HTTPServer/conf/httpd.conf -ihs.admin.usergroup ihs operating.system Linux -operating.system.arch 64 -WAS.webserver.name webserver1
-WAS.host.name cpdocs.swg.usma.ibm.com
10.3. Configure WebSphere to use IBM HTTP Server
1. Open a browser to the Integrated Solutions Console and login
(http://cpdocs.swg.usma.ibm.com:9060/ibm/console)
2. Click on Servers – Server Types – Web servers, click New
3. Enter a server name, I used webserver1
4.
5. Update the Web server install location and Plug-in install location to the directories
used during the install
6.
7.
8. Select the webserver and click Generate Plug-in
9. Select the webserver again and click Propagate Plug-in
10. Open /opt/IBM/HTTPServer/conf/httpd.conf in a text editor
11. at the bottom of the file find the following line:
LoadModule was_ap22_module
/opt/IBM/WebSphere/Plugins/bin/64bits/mod_was_ap22_http.so
WebSpherePluginConfig /opt/IBM/WebSphere/Plugins/config/webserver1/plugincfg.xml
Make sure the location of the plugin-cfg.xml matches where the plugin was
propagated to in the Integrated Solutions Console
12. Save and close httpd.conf
13. Start the IBM HTTP Server by running
/opt/IBM/HTTPServer/bin/
./apachectl start
14. At this point you should be able to open a browser to any component that does not
require authentication. Profiles for example,
http://cpdocs.swg.usma.ibm.com/profiles
If you attempted to login or navigate between the products you will be sent back to the
WAS appserver ports. To stay on the HTTP server complete the remaining steps below:
10.4. Configure SSL on IHS
Setting up SSL on the http server is a 5 step process.
Create the SSL key file for IHS
Configure httpd.conf to listen over ssl
Add the plug-in key file certificate to the HTTP server key file
Add the WAS Web Container certificate to the plug-in key file
Add the HTTP Server certificate to WebSphere trust store
10.4.1.
Create the SSL key file for IHS
1. If you have not exported the display to your local machine, follow the steps in
Appendix A to do that now.
2. Start IBM Key Management Utility by going to /opt/IBM/HTTPServer/bin and
running ./ikeyman
3. Click New
4. Set Key database type to CMS
select a filename and location
NOTE: make sure all folders in the path are already created. I had to create the ssl
folder under /opt/IBM/HTTPServer
5. Set password and Stash the password to a file
6. While in Personal Certificates, click New Self-Signed…
7. Set the Key Label and Common name to the hostname of the IHS Server, and set
validity period to the length of time you want this certificate to be valid
8. Close the Key Management utility
10.4.2.
Configure httpd.conf to listen over ssl
1. Open C:\IBM\HTTPServer\conf\httpd.conf
2. Add the following lines just above the was_ap22_module module
LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
<IfModule mod_ibm_ssl.c>
Listen 0.0.0.0:443
<VirtualHost *:443>
ServerName cpdocs.swg.usma.ibm.com
#DocumentRoot /opt/IBM/HTTPServer/htdocs
SSLEnable
</VirtualHost>
</IfModule>
SSLDisable
Keyfile "/opt/IBM/HTTPServer/ssl/ihskey.kdb"
SSLStashFile "/opt/IBM/HTTPServer/ssl/ihskey.sth"
LoadModule was_ap22_module
/opt/IBM/WebSphere/Plugins/bin/64bits/mod_was_ap22_http.so
WebSpherePluginConfig……
3. Save and Close httpd.conf
4. Restart the IBM HTTP Server service by going to /opt/IBM/HTTPServer/bin/ and
running
./apachectl stop
./apachectl start
5. At this point you will be able to access https://cpdocs.swg.usma.ibm.com, in earlier
versions of IHS, the Connections components would not work until we exchange the
certificates on my server that was not necessary. To check, open the browser to
https://cpdocs.swg.usma.ibm.com/profiles, if you see profiles everything is working,
otherwise you will need to follow the next steps. I'm leaving them here from a
previous install should you need them.
If profiles appeared, skip to step 10.4.5
10.4.3. Add the plug-in key file certificate to the HTTP server key
file
1. If you haven't exported the display to your local machine, follow Appendix A and do
that now.
2. Start IBM Key Management Utility by going /opt/IBM/HTTPServer/bin and running
./ikeyman
3. Click Open
4. Click Browse…
5. Browser to the plugin-key.kdb file (opt/IBM/WebSphere/Plugins/config/webserver1
in our example)
NOTE: If you are unsure of the file being used. Open the plugin-cfg.xml (you can
find this in the following line of /opt/IBM/HTTPServer/conf/httpd.conf
WebSpherePluginConfig
/opt/IBM/WebSphere/AppServer/profiles/Dmgr01/config/cells/cpricerh45Cell01/nod
es/cpricerh45Node01/servers/webserver1/plugin-cfg.xml
Open plugin-cfg.xml and look for the following line:
<Property Name="keyring"
Value="/opt/IBM/WebSphere/Plugins/config/webserver1/plugin-key.kdb"/>
Then open the plugin-key.kdb from that location
6. Enter the password, by default the plugin-key.kdb’s password is WebAS
NOTE: For some reason at this point I got an error about my password being expired, so
I clicked yes to change the password, and again set it to WebAS.
Then when the file opened in iKeyMan, I clicked on view/edit, and noticed the certificate
had expired
So I clicked on New Self-Signed... and created new certificate for the plugin, same as I
did with IBM HTTP Server earlier and set that as the default key in the database
7. Under Personal Certificates click Extract Certificate…
8. Set Data type to Base64-encoded ASCII data, give it a file name and location
Now we will open the HTTP Server key file and import this key file.
9. In IBM Key Management click Open
10. Set Key database type to CMS and click Browse…
11. Browse to the http server key file (/opt/IBM/HTTPServer/ssl/ihskey.kdb)
12. Click OK
13. Enter the password you used when you created this file
14. Under Key database content switch to Signer Certificates
15. Click Add…
16. Enter the file name and location of the plugin certificate we just exported.
17. Enter a Label, the name is not important, just something to help you remember it’s
the plugin used on this IHS Server
18. Close ikeyman
10.4.4. Add the WAS Web Container certificate to the plug-in key
file
Now we need to add the WebSphere Web Container certificate into the plug-in key file.
First we will get the Web Container certificate.
1. Open the WAS Admin console
(https://cpricerh45.swg.usma.ibm.com:9043/ibm/console/logon.jsp) and login
2. Open Security – SSL certificate and key management
Under Related Items, select Key stores and certificates
3. Click on CellDefaultKeyStore
4. Click on Personal certificates
5. Select the default keystore and click Extract…
6. Set a path and filename and set the Data type to Base64-encoded ASCII data
7. Close the Integrated Solutions Console
Now we will import this certificate into the plugin ssl key file
8. NOTE: If you have not exported your display to the local machine follow Appendix
A to complete that.
9. Start IBM Key Management Utility by going to /opt/IBM/HTTPServer/bin and
running
./ikeyman
10. Click Open
11. Click Browse…
12. Browser to the plugin-key.kdb file (/opt/IBM/WebSphere/Plugins/config/webserver1
in our example)
NOTE: If you are unsure of the file being used. Open the plugin-cfg.xml (you can
find this in the following line of /opt/IBM/HTTPServer/conf/httpd.conf
WebSpherePluginConfig
/opt/IBM/WebSphere/AppServer/profiles/Dmgr01/config/cells/cpricerh45Cell01/nod
es/cpricerh45Node01/servers/webserver1/plugin-cfg.xml
Open plugin-cfg.xml and look for the following line:
<Property Name="keyring"
Value="/opt/IBM/WebSphere/Plugins/config/webserver1/plugin-key.kdb"/>
Then open the plugin-key.kdb from that location
13. Enter the password, by default the plugin-key.kdb’s password is WebAS
14. Under Key database content Select Signer Certificates
15. Click Add..
16. Click Browse…
17. Browse to C:\IBM\HTTPServer\ssl\was.arm and click Open
18. Provide a label and click OK
If you get this error message
Then you didn't need to do this step either, either way, close iKeyMan and go to the next
steps:
19. Close iKeyMan
10.4.5.
Add the HTTP Server certificate to WebSphere trust store
1. Restart the IBM HTTP Server by going to /opt/IBM/HTTPServer/bin and running
./apachectl stop
./apachectl start
2. Open the WAS Admin console
(https://cpdocs.swg.usma.ibm.com:9043/ibm/console/logon.jsp) and login
3. Open Security – SSL certificate and key management
Under Related Items, select Key stores and certificates
4. Click on CellDefaultTrustStore
5. Click on Signer Certificates
6. Click on Retrieve from port
7. Enter a host, port and alias of the HTTP Server and click Retrieve signer information
8. Click OK
9. Click Save
10. Close the Integrated Solutions Console
10.5. Configure Connections to work with HTTP Server
We will use wsadmin to checkout LotusConnections-config.xml and configure the
Connections components to the HTTP Server instead of the WAS internal ports.
1. From /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin run
./wsadmin.sh -lang jython -user localadmin -password password -port 8879
The default value of the SOAP port is 8879. If you are using the default port value,
you do not need to specify this parameter. If you are not using the default and you do
not know the port number, you can look up its value in the WebSphere Application
Server Integrated Solution Console. To look up the SOAP port number, do one of the
following:
a. Open the WebSphere Application Server Integrated Solution Console for the
deployment manager, and then select System Administration -> Deployment
Manager.
b. In the Additional properties section expand Ports, and then look for the
SOAP_CONNECTOR_ADDRESS port entry to find the port number.
2. at the wsadmin> command line run
execfile("connectionsConfig.py")
3. Check out the LotusConnections-config.xml with the following command:
LCConfigService.checkOutConfig("/opt/ictemp/","cpdocsCell01")
Where cpdocsCell01is the cell for your environment. If you are unsure of your cell
name, use the following command in wsadmin> to get it
print AdminControl.getCell()
NOTE: /opt/ictemp/ is the directory the files will be checked out to, this can be any
directory that is already created.
4. In another ssh terminal, open C:\temp\LotusConnections-config.xml in a text editor
5. Each component has an entry similar to the following
<sloc:serviceReference acf_config_file="acf-config.xml"
bootstrapHost="cpdocs.swg.usma.ibm.com" bootstrapPort="2811"
clusterName="lccluster" enabled="true"
person_card_service_name_js_eval="generalrs.label_personcard_activitieslink"
person_card_service_url_pattern="/service/html/mainpage#dashboard%2Cmyactiviti
es%2Cuserid%3D{userid}%2Cname%3D{displayName}" serviceName="activities"
ssl_enabled="true">
<sloc:href>
<sloc:hrefPathPrefix>/activities</sloc:hrefPathPrefix>
<sloc:static href="http://cpdocs.swg.usma.ibm.com:9081"
ssl_href="https://cpdocs.swg.usma.ibm.com:9444"/>
<sloc:interService href="https://cpdocs.swg.usma.ibm.com:9444"/>
</sloc:href>
</sloc:serviceReference>
update the href, ssl_href and interService href to point to your http server and not the
WAS web container ports
<sloc:hrefPathPrefix>/activities</sloc:hrefPathPrefix>
<sloc:static href="http://cpdocs.swg.usma.ibm.com"
ssl_href="https://cpdocs.swg.usma.ibm.com"/>
<sloc:interService href="https://cpdocs.swg.usma.ibm.com"/>
</sloc:href>
</sloc:serviceReference>
NOTE: I used vi, and used the following command in vi to replace all entries at ones:
:%s/cpdocs.swg.usma.ibm.com:9081/cpdocs.swg.usma.ibm.com/g
:%s/cpdocs.swg.usma.ibm.com:9444/cpdocs.swg.usma.ibm.com/g
6. Save and close LotusConnections-config.xml (:wq! in vi)
7. Check in the LotusConnections-config.xml by running the following command from
the wsadmin> prompt
LCConfigService.checkInConfig("/opt/ictemp/","cpdocsCell01")
8. Run wsadmin>synchAllNodes() to push the updated LotusConnections-config.xml to
the node
9. exit wsadmin
10. restart the node by running
/opt/IBM/WebSphere/AppServer/profiles/AppSrv01/bin/
./stopServer.sh iccluster_server1 -username localadmin -password password
/opt/IBM/WebSphere/AppServer/profiles/AppSrv01/bin/
./startserver.sh iccluster_server1
11. Open a browser to http://cpricesm.swg.usma.ibm.com/homepage
12. Login and navigate through the components to ensure you remain on the http server.
10.6. Configure HTTP Server to compress some files
1. Open httpd.conf (c:\IBM\HTTPServer\conf)
2. Find the following entries in the configuration file:
LoadModule headers_module modules/mod_headers.so
LoadModule deflate_module modules/mod_deflate.so
and uncomment them
3. Add the following after all the LoadModule's
#Only the specified MIME types will be compressed.
AddOutputFilterByType DEFLATE application/atom+xml
AddOutputFilterByType DEFLATE application/atomcat+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/json
AddOutputFilterByType DEFLATE application/octet-stream
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/xsl
4. Add the following statement to specifically indicate that image files and binaries must
not be compressed to prevent web browser hangs:
# Ensures that images and executable binaries are not compressed
SetEnvIfNoCase Request_URI \\.(?:gif|jpe?g|png|exe)$ no-gzip dont-vary
5. Add the following statement to ensure that proxy servers do not modify the User
Agent header needed by the previous statements:
# Ensure that proxies do not deliver the wrong content
Header append Vary User-Agent env=!dont-vary
10.7. Configure Files and Wikis to download files
This is an optional step, but recommended in the infocenter. See the following section
for details. http://www10.lotus.com/ldd/lcwiki.nsf/xpDocViewer.xsp?lookupName=IBM+Connections+4.5+doc
umentation#action=openDocument&res_title=Configuring_file_downloads_through_the
_HTTP_Server_ic45&content=pdcontent
11. Configure an administrator user for homepage
http://www10.lotus.com/ldd/lcwiki.nsf/xpDocViewer.xsp?lookupName=IBM+Connections+4.5+doc
umentation#action=openDocument&res_title=Configuring_the_Home_page_administrat
or_ic45&content=pdcontent
12. Configure IBM Connections Content Manager Libraries
During the install of Connections Filenet was deployed on the system. Post install we
need to configure the FileNet global configuration domain and objectstore. There are 2
scripts we will use to automatically create these.
12.1. Create Filenet Global Configuration Domain (GCD)
1. If not running, start IBM Connections by running:
./startManager.sh from /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin
./startNode.sh from /opt/IBM/WebSphere/AppServer/profiles/AppSrv01/bin
./startServer.sh iccluster_server1 from
/opt/IBM/WebSphere/AppServer/profiles/AppSrv01/bin
2. Run ./createGCD.sh from /opt/IBM/Connections/addons/ccm/ccmDomainTool
3. First it will ask you for the DMGR admin ID (localadmin for my environment), then
the password
4. Enter Y to regenerate the dminfo.properties file
5. Next I added an administrator group from my ldap directory
6.
12.2. Create FileNet ObjectStore
7. Run ./ createObjectStore.sh from
/opt/IBM/Connections/addons/ccm/ccmDomainTool
8. First enter the WebSphere admin username and password
9. I chose Y to regenerate the dminfo.properties file
10. Same as I did with the GCD, I set the administrator group from my ldap directory
11. Next enter the url used to access Connections (https://cpdocs.swg.usma.ibm.com)
NOTE: It must be the SSL url
12.
12.3. Allow Anonymous access to CCM
This is an optional step if you allow anonymous access to communities, you will want to
do this, so users are able to view the library widget without having to login to
communities.
12.3.1.
Create Anonymous user account
IBM FileNet Collaboration Services implements anonymous access with a designated
user that is used only for this purpose. The user should be a system-type user that is not
used by a real person. The user ID does not need, and should not have, any particular
privileges in FileNet. This user's access control records will determine what level of
access is given to all anonymous users. Consequently, choose a functional ID that is
reserved for this purpose and that does not have special access.
The display name of the user used in this role might appear in some supplemental user
interfaces, so a user account or functional ID should be chosen with a suitable display
name matching the purpose of this account, for instance, Anonymous User. Do not
choose the administrative account ID.
The user I created for this purpose is anonymous user. This user must exist in the LDAP
repository and in the profiles DB.
12.3.2.
Configure Anonymous user in FNCS roles
1. In the Integrated Solutions Console
(http://cpdocs.swg.usma.ibm.com:9060/ibm/console) go to Security > Global
Security > Web and SIP security > General Settings .
2. Make sure Authenticate only when the URI is protected is selected and Use available
authentication data when an unprotected URI is accessed also is selected.
3. navigate to Applications > WebSphere Enterprise Applications > fncs (I did these
steps after installing CR1, so I went to navigator)
4. Click Security role to user/group mapping.
5. Make sure the Authenticated role is mapped Everyone.
6. Back in the fncs or navigator (5.0CR1) WebSphere enterprise applications select
User RunAs roles
7. Select the Anonymous role and enter the username and password of the LDAP user
designated for the anonymous access role.
8. Click OK to save.
9. Click Save.
10. Ensure the nodes are in sync by going to System Administration - Nodes
Do a Full Sync if needed
12.3.3.
Generate SID for anonymous user
1. Run ./generateSID.sh from /opt/IBM/Connections/addons/ccm/ccmDomainTool/
2. Enter your WebSphere username / password
3.
4. Enter the anonymous user id (fnanon)
5. Copy down the SID value returned for the next step:
SID: S-1-98-1633891126-1684366903-875979821-1630809394-1647142455758395489-1681220664-825385778-1717657913-67108864
12.3.4.
Update FileNet with anonymous user SID
1. Open the Administration Console for Content Platform Engine
(http://cpdocs.swg.usma.ibm.com/acce) and login
2. Expand the Object Stores side navigation tree and right-click ICObjectStore, and
click Open.
3. Select Search, click New Object Store Search,
4. Select Collaboration Configuration in the Class menu, and then click Run.
5. A single result object displays after clicking OK for any popup warnings.
6. Click the object
7. And then click Properties.
8. On the Properties tab, click the Property Value cell for Download Count Anonymous
User Ids, which displays a dropdown menu.
9. Select Edit list, add the SID of the anonymous user into the list,
10. Click OK.
11. Close the acce tool and restart Connections.
Appendix - helpful linux stuff
13. Redirecting Display from Unix to local windows machine
Redirecting Display\GUI from Unix to Windows:
I.
Install a Xwindows client on your local PC and start a Xsession
Cygwin and Xming are popular clients
II.
Telnet\SSH into Unix server and login as root
III.
Set the DISPLAY to your PC's IP and export the setting
DISPLAY=<your_PC_IP>:0 # DISPLAY=9.9.124.126:0
export DISPLAY
IV.
You may have to disable security using the following command
xhost +
V.
Run following command in the Unix telnet\ssh session should result in a clock
appearing on your local PC
xclock
NOTE: May have to run yum install xorg-x11-apps-7.6-6.el6.x86_64.rpm to install
xclock
Using Xming as your Xwindows client:
The "trick" with Xming is to FIRST start it via the XLaunch (icon or command), NOT
the Xming command/icon. That's because XLaunch allows you to check "No Access
Control" which tells Xming to allow other IP's in. Starting Xming with the Xming
command, causes the default "only allow in local host" mode. I was confused by this
and first started Xming via "Xming" and didn't understand the role of XLaunch.
1. If Xming is already running and on the task bar, click and "exist"
2. Start -> All Programs -> Xming -> XLaunch
3. Select display window option .. click Next
4. Select "Start no client" option.. click Next
5. Select "Clickboard" and "No Access Control" option.. click Next
** If "No Access Control" is not selected, the xsession connection will fail"
6. Click Finish
14. Disable password settings on the OS
http://www.cyberciti.biz/tips/setting-off-password-aging-expiration.html
15. Configure DB2 to start automatically after system restart
On UNIX operating systems, to configure an instance to auto-start after each system
restart, perform the following steps:
1. As root run the following command:
NOTE: dot space /home/db2inst1/sqllib/db2profile
. /home/db2inst1/sqllib/db2profile
2.
Verify that the instance's startAtBoot global registry field value is set to 1 by
checking the output of the following command:
db2greg -getinstrec instancename='<instance name>'
NOTE: If the startAtBoot global registry field value is not set to 1, set the value
to 1 by running the following command:
db2greg -updinstrec instancename='<instance name>'!startatboot=1
3. Enable the instance to auto-start after each system restart, by running the
following command:
db2iauto -on <instance name>
4. Run
db2set -all
Notice DB2AUTOSTART is set to YES
5. Change /opt/ibm/db2/V10.1/bin and run
./db2fm -i db2inst1 -U
./db2fm -i db2inst1 -u **This one gave an error for some reason??**
./db2fm -i db2inst1 -f on
6. Reboot
7. Sign in a db2inst1 and check the state
db2fm -s -S
Now when you restart the machine, DB2 should start automatically
To prevent an instance from auto-starting after each system restart, enter the following
command:
db2iauto -off <instance name>
16. Configure IBM HTTP Server to start automatically
http://www.ibm.com/developerworks/aix/tutorials/au-enterprisewebsvr/section5.html

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz