Friday, February 27, 2009

How To Change The Login ID For Lotus Connections

View Comments

Yesterday, I worked with a client to configure Lotus Connections to use a different ID for authentication. By default, Lotus Connections authenticates with either the user's email address or the user id.

Typically this involves a two step process:

  1. Configure WebSphere to use a different LDAP attribute for authentication
  2. Re-populate the Lotus Connections Profiles database to put in a new value for PROF_UID

We didn't want to do this because we wanted to minimize impact to the existing environment. Additionally, we had the challenge that the attribute that the customer wanted to use for authentication was a non-standard attribute (something called aintsouserid). Therefore, I suggested we use a new feature in Lotus Connections v2. In v2, the developers were kind of enough to add an extra column to the Profiles table: PROF_LOGIN. Whatever you put in there, can be used by Lotus Connections for authentication.

So here's what we did to configure Lotus Connections to authenticate using a new value without doing too much work:

  1. Followed the details on specifying a custom LDAP ID for Lotus Connections in the Lotus Connections InfoCenter. (we only followed steps 1-4). We followed these steps so WebSphere could recognize what aintsouserid was.
  2. Modified the WebSphere configuration to use aintsouserid as the attribute for login. (basically, step 9 from this article).
  3. Modified the TDI configuration (map_dbrepos_from_source.properties) to map PROF_LOGIN to aintsouserid
  4. Re-ran TDI to populate the PROF_LOGIN data for all users

And voilá. Hope this helps!

Tuesday, February 24, 2009

My First Experience with Lotus Foundations

View Comments

Lotus Foundations was announced last year at Lotusphere 2008. At the time, I didn't pay too much attention to it because, honestly, I didn't understand it. At this year's Lotusphere, I had the chance to attend a session and also meet one of the biggest evangelizers for it: Bilal Jaffery.

The Lotus Foundations promise ? Get up and running with a server that has a web server, FTP, email, firewall, anti-spam, anti-virus, scheduled backups, automated maintenance, and (optionally) Domino in less than 30 minutes! Well, it took me a bit more than 30 minutes, but the blame is on me for not reading the instructions!

You see, if you don't get the appliance, you get a CD that you put into your server. I had a spare computer in my house, so decided to burn the 100MB CD (that's pretty small for everything it can do!!) and put it into this old Windows XP box. After 2-3 minutes, the computer started and showed a couple of red boxes with some instructions (these are the ones that I didn't read!!). I closed those boxes and then was sent to a status console. I couldn't do much. I thought..."where's that nice, easy to use graphical user interface I saw at Lotusphere?"

Since I couldn't figure it out, I restarted the box and then chose 'Diagnostics' from the start up menu. I ran through all the diagnostics and everything was fine. The last 'test' was a "Burn-In Test". I'm not really sure what it is, but it was a BIG mistake to select it. After 24 hours, it was still running! I was definitely missing something, so I canceled that test and decided to reboot.

This time, I chose Lotus Foundations and read the instructions! The instructions in the red box told me to open a browser to http://<ip address>:8043 where <ip address> was the IP listed right there in front of me. I opened a browser from my Mac in the network and lo and behold, I got to the Foundations setup screen.

I added one user for myself under 'User Setup', configured the web server, the email server, and set the DNS server to dynamic (since I have a dynamic IP). This must've taken probably about 10 minutes!

Next, I configured my Mail application in the Mac to send / receive emails. I could receive but I could not send. Then, the final step was to open my home router to forward all requests to ports 25 (smtp), 80 (web) and 110 (pop) to my new Lotus Foundations server. Oh, and I had to change the nameservers for my domain to point over to dyndns1.ivivanet.com (this server will automatically update my domain's IP when my IP is changed by my cable modem provider).

When I first sent a test email to my Gmail account, the email bounced because I didn't have a static IP address (see above) and Gmail rejects those types of emails to reduce spam. I did a search over the Lotus Foundations documentation and found the solution to the problem. After implementing the qmail approach (don't ask me what qmail is), I was able to send emails to Gmail!

Overall, it's definitely very easy to set up. If I would've read the instructions, I would've been done in less than 15 minutes. Therefore, I wish the initial instructions were a bit more clearer (for people like me who don't read instructions :) ). Also, the setup instructions on the web site are ok (like everything else). I think they need to be a little bit more detailed though. I definitely recommend Lotus Foundations for small and medium businesses, and even for those of you who want to run your own domain from your home.

Monday, February 23, 2009

IBM Makes Money Off My Blog

View Comments

You may remember how a month ago, I blogged about When I Use Twitter, IBM Wins. That blog was based on my own perspective and my own theories as to how I thought IBM was benefitting from my use of social tools. I had no real data, however, to back that up.

Recently, I received a very exciting note from Randy Frink communicating that we had won a big opportunity at a customer site. I thought that was great, but I asked him "what's that got to do with me?" He said that they were able to close the sale thanks to my blog. I was ecstatic! I asked him to tell me more.

Later that night, he sent me a presentation (see below) with the story line describing how my blog helped close the sale. Here's what he said happened:

  1. Searched Lotus Connections for support of SPNEGO and Connections
  2. My blog entry on the subject was in the top 10 results
  3. Followed my blog to the step-by-step directions in the InfoCenter
  4. Randy did NOT contact me, went directly to an ISSL expert and Development (i.e. I was NOT the bottleneck!!)
  5. Connected the customer to the right expert to close the sale!

So there you have it! Thanks to a blog entry I wrote more than a year ago, IBM was able to make a very significant sale. I think we can even calculate the ROI on this:

Costs:

  • Time to write blog entry: 15 minutes
  • Cost per hour (assumption): $50
  • # of blog entries last year: 200
  • Total Cost: $2,500

Revenue:

  • Not sure how much the sale was, but let's assume $250k

ROI:

  • 100 times the cost!!!!

Enjoy!


Thursday, February 19, 2009

Atlas for the Mac Is Here

View Comments

Who says blogging is a waste of time ? What a great example right here. You may remember that on Monday I blogged about my first Lotus Notes 8.5 application for the Mac. Now, I originally started this project last summer! That's right over 6 months ago. When I hit the roadblock that I documented on Monday, I quickly started to search the web. Nothing turned up an answer. Since Notes 8.5 was still in beta at that time, I decided to abandon the effort.

When Notes 8.5 shipped earlier in the year, I thought it would be a good idea to pick up the project again. I knew that if I hit a roadblock, I could get official support. Well, as I said earlier this week, I was stuck because I couldn't call the Notes API from my SWT Java program. At that point, I blogged about my status, and quickly summarized what I had done up until that point. I also noted that I had opened an IBM Support ticket and was waiting for assistance.

200902192136.jpgAnd then magic happened! 1 hour and 22 minutes after I posted the blog, the answer came to me!!! Karsten Lehmann, one of the developers for MindPlan, kindly posted a comment detailing that he had gone through the same issue. He suggested a couple of things, I responded back and voilá!

Here's how I configured Eclipse to run my SWT Java application for Notes in my Mac OSX Leopard:

  • Under Arguments, added the following VM Argument: -Djava.library.path=/Applications/Notes.app/Contents/MacOS
  • Under JRE I selected Java 1.5.0 (for some reason it wouldn't work with Java 1.6)
  • Under Environment I added 3 environment variables:
    • PATH -> /Applications/Notes.app/Contents/MacOS
    • LD_LIBRARY_PATH -> /Applications/Notes.app/Contents/MacOS
    • DYLD_LIBRARY_PATH -> /Applications/Notes.app/Contents/MacOS

At this point I could get my application running beautifully under Eclipse, but I couldn't run it as a stand-alone application. Time to do some more searching!! After a couple of days, I finally figured it out. First, Eclipse includes a really cool feature that lets you export your Java applications as Mac Bundles.

Next, because of the way Mac works, I had to set the DYLD_LIBRARY_PATH environment variable first, before running my application. Therefore, I had to create the file ~/.profile with the following line:

export DYLD_LIBRARY_PATH=/Applications/Notes.app/Contents/MacOS

And now, IBMers can use Atlas from their Mac computers!

Tuesday, February 17, 2009

My First Dojo Widget

View Comments

If you are following me on Twitter, you know that I've been doing some Dojo development lately. While there's definitely a learning curve for Dojo (like with anything else) I'm now starting to appreciate its simplicity and power. This Dojo development is part of an internal BizTech project, for which i can't share too many details now.

When I first started designing the UI, my plan was to use iWidgets. iWidgets are pretty cool and they can pretty much run anywhere. The trick is to add the Lotus Mashup framework to your page (via 1-2 lines of JavaScript) and then you can run iWidgets on your homepage. This process is documented in the Lotus Mashup Wiki, and it looks like it's even easier in v1.1. Since I only have v1.0 available to me, I researched in a lot of place but still couldn't find how to add iWidgets to my page. Therefore, I discarded that approach and I'm going with pure Dojo widgets.

The idea of the Dojo widget is to give it a URL to a JSON output and have the widget render is data. I'm documenting the process here, at a high level, so I can reference it as I go forward with this project. I also hope it serves as a reference for other Dojo newbies (the Dojo documentation is not that great and I've been referring a lot to DojoCampus.org).

  1. Download and install the Dojo framework
  2. Create a blank HTML page and in the <HEAD> section 200902141023.jpg
  3. After the above code, define which widgets and/or components you'll use200902141025.jpg
  4. After the code above, define the URL to the JSON output. Then tell Dojo to do the AJAX call for you. Dojo will ask you what function should be called after the asynchronous call to the JSON URL returns. Here's what I defined:200902141030.jpg
  5. In the code above, we tell Dojo to do a call to http://localhost/myapp/ServiceDispatcherServlet?... and tell it that once it receives the data to call loadCallback or if there was an error to call errorCallback. Finally, we close the HTML <HEAD> element. Still with me? Good! Now we define our main <BODY> code where the results will be shown:200902141129.jpg
  6. That's all you have to do in the HTML. Now you have to create the widget file (in this case myListWidget.js under the folder bizWidget)
  7. Just like Java, in the widget file, you define the 'class name' and the dependencies:200902141132.jpg
  8. Now notice that in step 4 there were 2 methods called: refresh() and setSearchResults(). Here's how they look:200902141133.jpg
  9. And here's how the helper method _searchResultToHtml looks like:200902141135.jpg
  10. And there you have it! The very final step is to create a servlet that returns a list of items in JSON format. To do this, I basically created a java.util.List and the list elements were simple Java beans. I then used flexJSON to convert the Java List into a JSON formatted List and voilá

Enjoy!


Monday, February 16, 2009

Developing Java Applications for Lotus Notes on the Mac

View Comments

This week I've been working on creating my first Java application for Lotus Notes v8.5 on the Mac. Now you may be asking how this can be my first Java application for Notes on the Mac since I already hacked Lotus Notes to include the Activities sidebar. While that is a Java application, it's not one that I created and second it's really an Eclipse plugin that runs inside of Notes. What I'm trying to do is create a Java application that runs outside of Notes, yet queries Notes for information.

So what am I doing? Well, as a side project, I decided to port the code for Atlas to the Mac. The Atlas client is just a Java SWT application, so how hard could it be?

Deploying SWT applications in the Mac

The first step was to figure out how to actually get an SWT application running on the Mac. The folks at Eclipse have already documented this process and it's pretty straightforward. The key is to put in the SWT libraries for the applicable platform. Therefore, I removed the swt.jar and related DLLs from the Java application and put in the Mac OS X SWT.jar and libraries.


200902132207.jpg

Troubleshooting SWT applications in the Mac

Double-clicking the application, didn't do anything. Time to troubleshoot! I downloaded and installed Eclipse 3.4. Running the application from within the Eclipse environment shed some light on the problem: for some reason the Notes libraries could not be loaded by the Java Virtual Machine (JVM). I posted a question about my problem in the Lotus Notes 8.5 forum and hope someone can provide an answer. Additionally, I've opened a PMR to get official help from IBM.

How It Looks

To prove that it was just a Notes issue, I commented out all the code calling the Notes APIs. I recompiled, ran it and saw the following.


200902132221.jpg

So I'm almost there... as soon as I can figure out why I can't call the Notes APIs from my standalone Java application, I should be golden! Isn't Java great ?

Friday, February 13, 2009

I've Been Named One of BlueIQ Most Valuable Ambassadors!

View Comments

Woo Hoo!! Earlier this week I was notified that I was named one of BlueIQ's Most Valuable Ambassadors for Q4 2008. In case you don't know what BlueIQ is, it's the executive-sponsored program within IBM led by Gina Poole. The mission for the BlueIQ team is to show the business value of social tools both inside and outside of IBM and how these tools can help you be more productive. To achieve its mission, the BlueIQ team established the BlueIQ Ambassadors community where volunteers from all over the world, from different IBM divisions get together and further evangelize the value of social software. The community currently has over 400 members, and the core BlueIQ team is about 6-7 people.

Does that mean that there are only 400 social software ambassadors within IBM ? Nope! While the core team is about 7 people, and there are over 400 "official" social software ambassadors, there are many more. In fact, I didn't become an official ambassador (i.e. I hadn't clicked the button to Join the Community) until the 3rd quarter of 2008. And as you know, I've been evangelizing social software for much more longer than that.

Every quarter, the BlueIQ team names its most valuable ambassadors. In Q3, the winners were sent to Germany for the Web2.0 conference over there. Gina Poole, in fact, presented at that conference (see below). The winners for this quarter were going to be sent to the Enterprise 2.0 conference in Boston later this year. Unfortunately, due to the economy, that's not going to happen. Hopefully, I can find another way to get to the conference this year .

It's a honor to have been selected among so many great ambassadors within IBM!

Monday, February 9, 2009

Lesson Learned And Addendum to InfoCenter

View Comments

As I said on my previous post, Friday was a VERY long day. Early in the morning I was told that there was a CritSit at a customer. The situation had been escalated all the way up to Jeff Schick (VP of Social Software). Since it's never good to have a VP associate a CritSit to your name, I had to get this resolved (and quickly) to make sure the blame would not come my way .

And it starts...

The week before, I had upgraded this customer up to Lotus Connections v2.0.1. At first, the environment was working ok, but then on Wednesday they ran into some issues:

  • users couldn't log in
  • forums in private communities were not working
  • widgets in the profiles page weren't working properly

In summary, it was a mess!

Troubleshooting

The first step was to resolve the login issue. To do this, we enabled several traces (see below) in the WAS admin console to see what was going on with WALTZ (the component that fetches users for Lotus Connections). After carefully reviewing the trace log, we noticed that the mapping for GUID (the system's globally unique id) was being re-mapped from 'dominoUNID' to 'DistinguishedName'.

com.ibm.directory.profile.*=all:com.ibm.connections.directory.services.*=all:
com.ibm.websphere.wim.*=all:com.ibm.ws.wim.*=all

For some time we couldn't figure this out. By default, the default mapping for GUID (a.k.a ExtId) is dominoUNID when the LDAP server is Domino (which was the case for the customer). Then one of the developers on the call, spotted this warning in the internal Wiki:

200902081935.jpg Warning

If Domino R8 & beyond is in need and the binding credential, which is used in setting up LDAP repositories on WAS, do not have administrators' privilege to query for Domino LDAP schema, then this manual procedure is a MUST-HAVE to configure 'dominoUNID' as the VMM (external) ID!

Success! The user that we are using to bind to the Domino LDAP is not an administrator and our Domino server is R8. This warning is not in the InfoCenter, so we never did this manual procedure. Now the question was: why did it work before and broke after the upgrade?

200902081653.jpgWell, turns out that apparently there are some broken iFixes. When I did the upgrade, I went ahead and installed all 32 of the available iFixes. I was questioned by one of the developers as to why I did this since iFixes should not be installed unless mandated by support. Turns out that I didn't know that and when I started looking at the iFix list chronologically, most of them said 'Mandatory' so I proceeded to install.

We were told by development to remove iFixes 36025 and 36482. I can't remember what those were for, but today I noticed that the iFix page has 26 fixes instead of 32. Therefore, I'm assuming some other iFixes were not working properly. Anywho, we uninstalled those two iFixes and users were able to log in again!

The final problem was fixing the forums in private communities. This was quite easy to find: the SSO domain for the LTPA token was misconfigured.

Lesson Learned

So, lesson learned:only install iFixes when mandated by support, unless they are clearly marked as 'Mandatory'. And if you are deploying Lotus Connections with a Domino R8+ LDAP and the bind user is not an administrator, you must manually map ExtId to dominoUNID.

How To Enable the Lotus Connections Person Card in Notes 8.5

View Comments

Friday, was a VERY long day. I'm going to quickly summarize what I've been up to and why I've been seemingly disconnected from Twitter. The good thing is that there are lessons learned that I would like to capture here for various reasons:

  1. So that I don't make the same mistake again
  2. So that others can benefit from my mistakes

Let's start with the fun stuff first. A customer wanted to know how to enable the Lotus Connections person card in Notes 8.5. Not sure why, but for some reason this capability is disabled out of the box. To enable, follow these steps:

  1. Go to C:\Notes\framework\shared\eclipse\plugins\com.ibm.openactivities.client.common.service_3.5.0.20081211-1925
  2. Make a backup of plugin.properties
  3. Open plugin.properties with your favorite text editor
  4. Scroll to the bottom of the file and find this line:

    bizcard.show=false
    

  5. Replace it with

    bizcard.show=true
    

  6. Save the file
  7. Close and restart Notes

Now when you are in the Activities sidebar and look for people, simply hover over them, right click and the person card will show up as shown below!


Mac users: If you are using my hack, this should have already been done for you.

Enjoy!

Wednesday, February 4, 2009

Batch Import Data Into Lotus Connections

View Comments

One request that I've heard a couple of times from customers is how to migrate content into Lotus Connections. My common answer is to use the included IBM Tivoli Directory Integrator (a.k.a. TDI) to migrate data into the Lotus Connections databases. While this approach works, it's probably not the best in a production environment. Why? Well, it's never good to circumvent the application and modify its database. Instead, it would be nice if we could use the Lotus Connections APIs to batch import data into the system.

Up until today, this was a bit difficult because TDI did not include an Atom connector and it just so happens that the Lotus Connections APIs are Atom-based. A connector is nothing more than a plug-in into TDI which simplifies data exchanges. In TDI, there's already an HTTP connector, but the Atom layer is missing and time consuming to code. Well, not anymore!

Today, a great article was published on developerWorks which explains how to use an AtomConnector to read and write data to Lotus Connections. And, it even includes an AtomConnector you can use in your own assembly lines. The article focuses on how to read and write data from the Lotus Connections Blogs component, but it can be extended to any of the other components.


For more information, you can find the article here: Integrating Tivoli Directory Integrator and Lotus Connections. Oh and if you are interested in learning more about TDI, check out my two quick demos on How To Load Users from a Spreadsheet and How To Load Photos from LDAP.