Scroll up for Table of Contents
Supported platforms and servers
Supported Operating Systems: almost same as 8.5.1 post eGA, no major new OS,
- Win XP / Vista, Windows 7 (32 / 64 bit)
- RHEL5, SLED10, SLED 11, RHEL 5.4
- MAC 10.6
Supported Connections server:
- LC 2.0.x
- LC 2.5.0.x
- LC 3.0
Back to top
Functionality
Functional overview
Support for LotusLive
- Automatic configuration from LotusLive Domino server of SAML SSO accounts.
- Recognition of LotusLive configuration, providing secondary service availability along with on-premise deployment.
- Implicit multi-service support.
Support for configuration via Domino Policy
- Connections configuration can be included in Desktop Policy
- Domino Policy will push accounts to client and be recognized by sidebar
UI changes
Business card enhancements
SPNEGO support in Notes 8.53, not 8.52.
Functional changes in this release - Configuration via Domino Policy
Overview
Establishing Connections Accounts via Domino Policy requires three steps:
- Define the Account(s)
- Define the Desktop Setting(s)
- Create the Policy
Policy is checked when the Notes client first accesses the user's mail server, and is applied if it has
not yet been applied to the client, or if the Policy has changed since the last time it was applied to the client.
The following must be done on the server Name & Address Book using an administrator ID.
Define an Account
1. Open the view Configuration->Policies-> Accounts and create a new Account document via Add Account
2. Fill in the Basics tab
3. Some fields may not appear until the Account is saved and re-opened for editing.
4. Checking Is primary Account will mean this Account will be renamed to Connections on the client.
5. The Edit list. button allows for more properties to be specified in the Account.
6. Fill in the Advanced tab.
Only necessary if non-default authentication type or URL is required.
7. Save & Close.
Define a Desktop Setting
1. Open the view Configuration->Policies->Settings and create a new setting via Add Setting->Desktop.
2. On the Basics tab, provide a name and description.
- 3. On the Accounts tab, hit the Update Links button, then choose Selected supported. Then select the Account(s) to be
- included in the Settings.
Checking the Overwrite pre-existing account. box will force this Policy to overwrite any existing account.
4. Save & Close.
Create the Policy
1. Open the view Configuration->Policies and create a new Policy document via Add Policy.
2. On the Basics tab, specify a name and description. Use the use Policy type Explicit.
3. Add one or more Desktop Settings to the Policy via the settings picker.
4. Open the Policy Assignment tab and associate users (or groups) to the Policy via the people picker.
5. Save & Close.
Back to top
UI Changes
Panel
Preferences
Back to top
Important fixes
8.5.2 has several connectivity related fixes which were done on both ends: XPD and Connections.
Several of these fixes also went into Notes 8.5.1 FP1.
The overall account handling and cookie management was tuned on the XPD.
End fixes related to session timeout handling bring up a login dialog when the password expired (this did not happen previously),
Previously, users did not get clear feedback if the password expired.
Limit the number of login dialogs coming up when authentication fails for the bizcard and the Activities sidebar.
Better support for TAM and Siteminder.
When publishing files or email with attachments to Activities:
Check the list of unsupported file types and max file size before uploading the file / email.
There is a new server side API (since 2.5.0.2) which allows to get these details.
Several Business Card related improvements.
Back to top
Configuration
This section is about using the plugin_customization.ini to configure the Connections plugin.
Configure Connections server settings
This feature was introduced in Notes 8.5.1 and is still the same in 8.5.2.
The following entries need to be added for this purpose:
com.ibm.lconn.client.base/server=http\://<hostname>/<servicename>
com.ibm.lconn.client.base/authtype=J2EE-FORM
com.ibm.lconn.client.base/authserver=https\://<hostname>\:443/activities/j_security_check
optional:
com.ibm.lconn.client.base/policy-mode=OVERWRITE
Comments
Note: all colons need to be escaped like this '\:'
The server url needs to point to a Connections service, such as Activities and Profiles.
This is because the url will be used to retrieve the service document, which is only available at the service level.
Note: when entering this url from the Connections preferences, the service can be omitted if Activities is available
(we will default to Activities).
Note: the url should point to Activities if the Activities sidebar is installed.
Otherwise it can point to any other service (this mainly applies to 8.5.1 clients).
The following 3 auth types are supported: regular forms auth, Siteminder form and TAM form,
--> authtype = J2EE-FORM, SM-FORM, TAM-FORM
a new auth type OS-CRED will be supported in Notes 8.5.3 which covers SPNEGO
(several flavors including TAM-SPNEGO)
The auth url should typically be empty for Siteminder and TAM auth types.
Still include that line in the plugin_customization.ini, but without a url (see examples below),
In 8.5.1, we will still compute an auth url for TAM and Siteminder.
Make sure the port numbers are correct.
Note: if Connections is installed on top of Portal, the port numbers are different.
If there is NO Connections account in place (or one with an empty server url) we will create a
Connections account plus related child accounts when any Connections component is used for the first time.
For example, when opening the Activities sidebar or when invoking the Connections bizcard.
If a Connections account already exists, it will not be replaced by default.
You can go to the Connections preference page and clíck RESTORE DEFAULTS to recreate accounts
based on the plugin_custimozation.ini.
To overwrite the Connections settings, use the policy-mode OVERWRITE flag (supported since 8.5.1 FP3).
Note: Any changes that users make to the Connections server settings during a session will be overwritten
at Notes startup.
Examples
com.ibm.lconn.client.base/server=http\://w3.ibm.com/connections/activities
com.ibm.lconn.client.base/authtype=J2EE-FORM
com.ibm.lconn.client.base/authserver=https\://w3.ibm.com\:443/connections/activities/j_security_check
Portal based deployment
com.ibm.lconn.client.base/server=http\://test.server.com\:9080/activities
com.ibm.lconn.client.base/authtype=J2EE-FORM
com.ibm.lconn.client.base/authserver=https\://test.server.com\:9443/activities/j_security_check
com.ibm.lconn.client.base/policy-mode=OVERWRITE
com.ibm.lconn.client.base/server=http\://test537.server.com/activities
com.ibm.lconn.client.base/authtype=SM-FORM
com.ibm.lconn.client.base/authserver=
com.ibm.lconn.client.base/server=http\://test537.server.com/activities
com.ibm.lconn.client.base/authtype=TAM-FORM
com.ibm.lconn.client.base/authserver=
The following settings can be used to erase the server settings.
All child accounts will be deleted, a Connections account with this url will remain. The sidebar moves to no
service view and no login dialogues come up. This pattern was not intended to delete accounts, so this is
the closest we can get.
com.ibm.lconn.client.base/server=http\://
com.ibm.lconn.client.base/authtype=J2EE-FORM
com.ibm.lconn.client.base/authserver=
com.ibm.lconn.client.base/policy-mode=OVERWRITE
Alternate configuration via Connections preferences
Always use the Connections preferences page to define the Connections server settings (instead of Accounts preferences).
You can leave out the service part of the url like above if Activities is installed.
We will append /activities by default, if Activities is not available to point to any other service like Profiles.
When using regular forms auth, you do not need to change the advanced server settings.
This is a new dialog in 8.5.2. The old one did not include the auth url, so in case the auth url was non
default, it needed to be changed from the Account preferences. This can happen when using different port numbers.
New behavior: when switching to TAM or Siteminder form auth, the default auth url will be empty.
In 8.5.1, we have set the auth url to the same value as for regular forms auth.
In general, TAM and Siteminder should not require an auth url.
The default auth url for regular form auth will now cover Portal based installations.
If Connections is installed on top of Portal, instead of WAS, the ports are different.
Note: The following Customization points only apply to the Files plugin:
Customization Point Name: com.ibm.documents.connector.service/PAGE_SIZE
The page size of iterative paging when request feeds data, such as get document feed, share feed, etc.
Search public communities in LC 2.5 and find users are not controlled by this setting.
This customization point only affects performance. It doesn't affect functionality.
Default value: 300 - Value Constraint: [50, 300]
Customization Point Name: com.ibm.documents.connector.service/PAGE_INTERVAL
The paging interval (in milliseconds) when iteratively get paged data. Search public communities
in Lotus Connections 2.5 and find users are not controlled by this setting.This customization point only affects performance.
It does not affect functionality.
Default value: 500 (ms) - Value Constraint: [0, 30000]
Customization Point Name: com.ibm.documents.connector.ui/MY_COMMUNITY_CACHE_INTERVAL
The refreshing interval (in minutes) when caching for my communities. "Search My Community" function use this value
to trigger refreshing action.
Default value: 15 (minutes) - Value Constraint: [1, 60]
Customization Point Name: com.ibm.documents.connector.service/ENABLE_SSL
Make Files Connector to bind with "files" or "files_ssl" account.
true to use "files_ssl" account
false to use "files" account
Default value: false - Value Constraint: (true, false)
Configure the Connections Business Card
There is a separate session about the Business Card. So this section will only cover the important settings.
The interval for updating the Business Card cache. This is basically the interval when a
network call is being made to look for updated data for all of the data providers (default is 24 hours):
NAB, Profiles, Sametime directory
com.ibm.rcp.bizcard/cache.expiry.time.hours=24
Note: it might makes sense to increase this value to avoid network traffic,
the old Sametime bizcard was refreshed once a week.
The interval for updating the status can be set via a plugin_customization.ini setting (default is 60 minutes)
com.ibm.lconn.client.bizcard/profile.status.update.interval.minutes=60
Max cache size by total number of entries configured as a plugin_customization.ini variable.
When the max size is reached then the old 1/4 entries of the cache will be removed to make room for new entries.
(500 is the default)
com.ibm.lconn.client.bizcard/number.of.status.cache.entries=500
Further settings for the Business Card (see Business Card session):
Change the priority of the data providers for the Business Card.
Disable a data provider.
Configuration of the ServiceMonitor.
Near future settings
The following settings are being evaluated for inclusion into a future fixpack:
Allow to remove all Connections accounts.
Setting to change and disable the auto-refresh rate of the Activities sidebar.
Currently, Activities refreshes every 5 minutes.
Disable the Profile status for the BusinessCard.
Back to top
Data Collection
Must gathers
Detailed problem description. If appropriate, include screenshots and steps to reproduce the issue.
Notes version including fixpack / hotfix level. Was it an upgrade. Was the Activities sidebar used in a previous version?
Connections server version. Was there a recent server upgrade?
Notes client logs (standard logs initially).
For connectivity related issues:
- Check accounts:
- Provide a screenshot of the Connections account config (File / Preferences / Accounts / Connections),
- and make sure child accounts (activities, activities_ssl) are in place.
- Fiddler traces for Connectivity issues.
- Is the plugin_customization.ini being used to push out server settings? If yes, include entries.
- In rare cases, include server logs.
In case of a hang or crash:
- javacore: required if the crash / hang is caused by java code (including Connections).
- Notes nsd: this is important if the crash is on the Notes core side.
Running trace
Fiddler
To troubleshoot connectivity related issues, network traces are very helpful.
Fiddler is a free tool that captures network traffic. Fiddler is available for Windows only.
You can get Fiddler from here: http://www.fiddlertool.com/Fiddler2/version.asp
It is best to start Fiddler before Notes.
Try to capture the traffic of the important pieces only, so that the traces do not have information not relevant to the issue.
To save the session:
Select Yes to save all entries:
Note: For Notes 8.5.1 and prior, you need to change the proxy settings of the current Location document
to this value:127.0.0.1:8888 (or create a new location).
Remember to remove the proxy settings when done.
Notes 8.5.2 does not require any proxy settings.
The best view in Fiddler is 'Inspectors', then 'Headers' for both request and response.
For a Fiddler output sample image, see the attachment section at the bottom of this article.
Enable finer tracing
In some cases it might be good to enable finer tracing, go to
...\\Data\workspace\.config\rcpinstall.properties
add these lines:
troubleshooting client issues + connectivity
com.ibm.openactivities.client.common.level=FINE
com.ibm.openactivities.client.common.service.level=FINE
com.ibm.lconn.client.service.level=FINE
troubleshooting connectivity
com.ibm.rcp.accounts.level=FINE
com.ibm.rcp.security.auth.level=FINE
troubleshooting bizcard
com.ibm.rcp.bizcard.level=FINE
com.ibm.lconn.client.bizcard.livenames.level=FINE
com.ibm.lconn.client.bizcard.level=FINE
As an alternative to using Fiddler to trace HTTP requests from the sidebar (especially for non Windows platforms),
they can all be logged using the standard logging mechanism.
For every successful HTTP request, the action, status code and URL accessed will be logged,
and for every failed HTTP request (status code 400 or above), the response message and body will also be returned.
Note: This feature is new in 8.5.2.
To enable this, add the following line:
com.ibm.openactivities.internal.service.client.level=FINE
The output of all finer tracing will also go to the standard Notes client tracelog (Help / Support / View Trace).
For an output sample image, see the attachment section at the bottom of this article.
Generating log files
The official way to collect logs is to use the IBM Support Assistant: Help / Support / Collect Support Data
Note: this collects a lot of info, mostly not required to troubleshoot Connections integration.
Client logs
Can be viewed here: Help / Support / View.
The tracelogs can be found here: ...\\data\workspace\logs
In most cases, it is enough to zip up the logs folder.
javacore files
This should be faster than running the IBM Support Assistant to get javacore files:
1. Add -RPARAMS -console to the Notes shortcut before starting.
2. Then run "dump threads" from the osgi console that comes up when the hang occurs.
Back to top
Troubleshooting
Diagnostic process
What can lead to connectivity issues:
Misconfiguration on the client, bad or misconfigured accounts.
Misconfiguration on the server (Connections, LDAP ...).
Potential client upgrade issues related to accounts.
Customer interaction
Troubleshooting connectivity rated issues
Simple questions
Can you connect from web ui?
Can other people connect from the same plugin?
If yes, try to connect using other credentials on your machine and
your credentials on other machine.
Does login using the email address work?, but not the username?
What authentication type is being used?
Is the Connections server protected by TAM / Siteminder? Or other?
Try these:
Try http / https.
Delete all Activities accounts including child accounts, restart Notes and try to connect.
Fiddler trace would be useful to see the exact server response.
Potential server issues:
LDAP serve not configured properly. Server logs will need to analyzed.
TAM / Siteminder misconfiguration or more sophisticated authentication mechanism which will require customization.
Things that might help, but should not be required:
Append / remove /activities to the server url or use RESTORE DEFAULTS.
(especially when using the plugin_customization.ini) this will recreate accounts.
In case you have to manually delete accounts:
- accounts should be deleted from the Contacts (NAB) Advanced view for Accounts
- delete all Connections related accounts
- also clear the Trash of the NAB
- restart Notes: this is important since accounts are cached
Rare case: upgrade to a newer version of the NAB, replace design to at least Notes 8.0 (ODS 43).
Even though older versions should work, we have seen that an upgrade helped clean Notes.nsf.
Log interpretation
Within the tracelogs (Notes client logs), look for the following keywords to find Connections
specific exceptions: openactivities, bizcard, and lconn.
Within a javacore, look for 'current thread', and from that point on, for the keywords mentioned above.
Back to top
Known Issues
The following are still working as in earlier Notes versions
- Connections search within Notes still unchanged, still using 2.0 APIs.
- Therefore the results may differ from the web ui
- quickfind limitations for everything view etc, no type ahead for tags.
Limitations and known issues
- Switching Notes IDs is not supported.
- This caused issues with duplicate accounts and was completely removed in 8.5.2.
Connections preferences disabled issue when in offline mode.
Upgrade issues
Upgrading Notes from 8.02 with an existing Activities account to 8.5.1 until FP3 does not
properly migrate accounts.
Issue: When login dialog comes up, the credentials do not get saved back to the account.
Workaround: Go to the preferences and enter credentials.
Connectivity related issues are the most common issues.
Roadmap
Notes 8.5.1 FP5 just released which has important connectivity related fixes (very close to 8.5.2).
Notes 8.5.2 FP1 has some LotusLive related fixes.
Notes 8.5.3 around April 2011
- SPNEGO support
- Support for custom authentication (enhanced extensibility model).
- This allows ISSL to build an authentication module for customers who have a non supported auth type,
- such as ClearTrust or SAM (SunAccessManager).
StatusUpdates plugin for Notes.
Files Connector for Notes.
Back to top
Additional Resources
Websites and Forums
Connections catalog
https://greenhouse.lotus.com/catalog
Notes 8.5.2 Help - Lotus Connections
http://publib.boulder.ibm.com/infocenter/domhelp/v8r0/topic/com.ibm.openactivities85.client.doc/r_oa_c_welcome_to_lotus_connections.html
Lotus Connections WiKi
http://www-10.lotus.com/ldd/lcwiki.nsf
Notes + Domino Wiki
http://www-10.lotus.com/ldd/dominowiki.nsf
Lotus Connections Business Solutions Catalog
http://www.ibm.com/software/brandcatalog/portal/lotusconnections
Lotus Connections Info Center
http://publib.boulder.ibm.com/infocenter/ltscnnct/v2r0/index.jsp?topic=/com.ibm.connections.25.help/welcome.html
Developer Works
http://www.ibm.com/developerworks/lotus/products/connections/
Product documentation
http://www.ibm.com/developerworks/lotus/documentation/connections/
Latest product info, research, podcasts, and more
http://www.ibm.com/software/lotus/products/connections/
Back to top
About the author
Andy Myers is a Principal Software Engineer working with the IBM Connections linked value team.
He has worked extensively on messaging, security and social networking products for Lotus and.
Back to top
|
|