Category Archives: IBM Connections

Regexp error during Connections install

This week I installed IBM Connections 5.5CR1 on a Windows Server. I used WebSphere Application Server 8.5.5.9 and everything ran pretty smooth, but the Connections install itself ended in an error after all applications were successfully installed.

The popup showed a regexp error and a long string. The installer ran through the night, so I couldn’t remember this string and started the install again. The Same message box appears after everything was successfully installed (checked through ISC, after the error everything was uninstalled by the Installation Manager) and even the install.log showed nothing special.

This time, I remembered the string, it was the password of my WebSphere Administration user! The password looked like this:

960n4gv343te6f(

After removing the bracket and replaced it with another special character everything was installed without error. So be careful with special characters and IBM Installations.

I never had an issue with special characters, but I know that the Sametime documentation mentions that space, @ and ! can be a problem.

IBM Connections 5.5 install Ephox Editors

Several people told me that installing the Editors is not described very well in the IBM Connections documentation. So i decided to write down the steps I used to deploy the editors. Hope it helps.

Check Installation on ephox: http://docs.ephox.com/display/EphoxForIBMConnections/Installing+Textbox.io+Services

  • Extract EPHOX_EDITORS3.0.1_CONN5.5.zip
    • edit config/config.js

      • editor: 'textbox.io | EditLive | CKEditor | role-based'
        This sets the default editor. When you use role-based you can enable textbox.io and EditLive for different user groups.
        Be aware that editlive needs a Java plugin which is mostly deactivated or outdated in actual browsers.
      • Enable Spelling-Servie URL (you need to deploy tbioServices_c5.ear):
        spellingServiceUrl: "https://connections-host/ephox-spelling"
        You have to set to https, that spell-checking works with http and https access to Connections.
        If you have selected role-based, you must deploy the EphoxEditorsForConnections.ear
      • When you want to use the builtin spellchecking, you need to install services/tbioServices_c5.ear
    • Start ./install.sh or install.exe

      • ./install.sh root@webspherehost <customization-dir> <webressources-dir>
        You need to type the root password 3 times, because installation uses seperate ssh calls for the installation
  • Create /opt/ephox/application.conf (WINDOWS: WAS_INSTALLATION_DRIVE:\opt\ephox\application.conf)
        
ephox {
     allowed-origins {
       origins = [
          "https://connections-55.panastoeps.local",
          "http://connections-55.panastoeps.local"
       ],
       url = "https://connections-55.panastoeps.local/ephox-allowed-origins/cors"
     }
}
  • Map Applications to your webserver, update the Connections versionstamp and restart Common and Ephox Applications
  • Verify: http://<your server and port>/connections/resources/web/ephox.editors.connections/verify.html

Missing images in Wikis after migration to IBM Connections 5.5

Wikis in IBM Connections 5.5 have a little bug, because the link (/library instead of /wikis/form/api/library) for images are wrong and so they are not displayed.

There is a technote, which should solve this issue, but the used way with ProxyPass is not what i want to use. When you use ProxyPass and ProxyPassReverse you should add a ProxyRequest off to be more secure. ProxyPass to localhost can be a problem too, i would suggest to change localhost to the Connections IHS Hostname.

Why do I use a different approach?

Most of my deployments already use a RewriteRule to redirect the hostname to there Connections Homepage, so i don’t need an additional module (which needs ressources and can have security considerations), when i can solve the image issue through mod_rewrite.

RewriteRule "^/library/(.*)" "/wikis/form/api/library/$1" [R,L]

If you haven’t set <forceConfidentialCommunications enabled="true"/> in LotusConnections-config.xml you need to set the RewriteRule and the ProxyPass config within your http and your https configuration parts!

Example httpd.conf:

... 
# HTTP configuration
<VirtualHost *:80>
    ServerName connections.example.com

    RewriteEngine On

     # Redirect hostname to Homepage
    RewriteRule ^\/$ https://connections.example.com/homepage [noescape,L,R]

    # Fix wrong wiki image URL
    RewriteRule "^/library/(.*)" "/wikis/form/api/library/$1" [R,L]
</VirtualHost>
# HTTPS configuration
<VirtualHost *:443>
    ServerName connections.example.com

    RewriteEngine On

    # Redirect hostname to Homepage
    RewriteRule ^\/$ https://connections.example.com/homepage [noescape,L,R]

    # Fix wrong wiki image URL
    RewriteRule "^/library/(.*)" "/wikis/form/api/library/$1" [R,L]

    SSLEnable
    SSLProtocolDisable SSLv2 SSLv3
</VirtualHost>
...

Adding EMPLOYEE_EXTENDED to all users

Today i read a question in the IBM Connections Forum about setting the EMPLOYEE_EXTENDED role to all users in a Connections deployment. It would be easy to set it directly in the database, but that’s not supported by IBM.

I wrote a little script some weeks ago, because i had the same request, but never published it. The good thing here it only uses supported commands.

So i use this question to add it as a new script to my GitHub Repository.

Here you see the source, it is simple a join of the tables emp_role_map and employee:

connect to peopledb;
EXPORT TO mail.txt OF DEL MODIFIED by NOCHARDEL
select e.PROF_MAIL FROM EMPINST.EMPLOYEE e
    inner join EMPINST.EMP_ROLE_MAP r
    on r.PROF_KEY=e.PROF_KEY
    where r.ROLE_ID!='employee.extended';
connect reset;

Just call it with db2 -tvf scriptname.sql.

The script exports a list of mail addresses of users without the specified role. This can then be used with the wsadmin command ProfilesService.setBatchRole(EMPLOYEE_EXTENDED, "mail.txt").

wsadmin.bat -lang jython -c 'ProfilesService.setBatchRole(EMPLOYEE_EXTENDED, "mail.txt")' as a oneliner will update the roles.

Scheduling the two commands with Windows Scheduler or cron is enough to update all users to the specified role.

Documentation is provided in the script head.