Lotus 7 Administrators Guide

Lotus® QuickPlace

Administrator’s Guide

Version 7.0

for Windows, AIX, Solaris, and i5/OS

G210-1999-00

��

Lotus® QuickPlace

Administrator’s Guide

Version 7.0

for Windows, AIX, Solaris, and i5/OS

G210-1999-00

��

Note

Before using this information and the product it supports, read the information in “Notices” on page 149.

First Edition (August 2005)

This edition applies to version 7.0 of IBM Lotus QuickPlace (product number L-GHUS-5Z7NQE) and to all

subsequent releases and modifications until otherwise indicated in new editions.

© Copyright International Business Machines Corporation 2005. All rights reserved.

US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract

with IBM Corp.

Contents

Chapter 1 Lotus QuickPlace

Administration Overview . . . . . . . 1

Administration overview . . . . . . . . . . 1

What’s new in Lotus QuickPlace 7.0 . . . . . . 1

New for administrators . . . . . . . . . . 1

New for users . . . . . . . . . . . . . 3

New for developers . . . . . . . . . . . 5

Tools for administering Lotus QuickPlace . . . . . 5

QPTool commands . . . . . . . . . . . 5

qpconfig.xml file . . . . . . . . . . . . 5

Server Settings in the administration place . . . 5

NOTES.INI file settings . . . . . . . . . . 6

Creating and using the qpconfig.xml file . . . . 6

Starting Lotus QuickPlace . . . . . . . . . . 6

To start Domino and Lotus QuickPlace (Windows) 7

To start Domino and Lotus QuickPlace (AIX and

Solaris) . . . . . . . . . . . . . . . 7

To start Domino and Lotus QuickPlace (i5/OS) . . 7

Stopping Lotus QuickPlace . . . . . . . . . 8

To stop Domino and Lotus QuickPlace (Windows,

AIX, Solaris) . . . . . . . . . . . . . 8

To stop Domino and Lotus QuickPlace (i5/OS) . . 8

Signing in as a Lotus QuickPlace administrator . . . 9

Backing up Lotus QuickPlace . . . . . . . . . 9

Lotus QuickPlace for i5/OS and Backup,

Recovery, and Media Services for iSeries . . . . 9

Administration tasks specific to i5/OS . . . . . . 9

Determining Lotus QuickPlace server status on

i5/OS . . . . . . . . . . . . . . . 10

Changing Lotus QuickPlace server properties on

i5/OS . . . . . . . . . . . . . . . 10

Changing Lotus QuickPlace language dictionaries

on i5/OS . . . . . . . . . . . . . . 10

Additional documentation . . . . . . . . . 11

Additional resources for i5/OS . . . . . . . . 12

Chapter 2 Connecting to a User

Directory . . . . . . . . . . . . . . 13

User directories . . . . . . . . . . . . . 13

User directory configurations . . . . . . . . 13

Domino management of user directory lookups 13

Lotus QuickPlace management of user directory

lookups . . . . . . . . . . . . . . . 14

LDAP configuration options . . . . . . . . . 14

Preparing to connect to an LDAP directory . . . . 16

Accessing LDAP directory servers from behind a

firewall on i5/OS . . . . . . . . . . . . 16

Setting up Domino to manage user directory

lookups . . . . . . . . . . . . . . . . 16

Switching to managing user directory lookups

through Domino . . . . . . . . . . . . . 17

Setting up Lotus QuickPlace to manage user

directory lookups . . . . . . . . . . . . 18

Customizing Lotus QuickPlace management of user

directory lookups . . . . . . . . . . . . 19

Customizing the attributes displayed for users

and groups . . . . . . . . . . . . . 19

Customizing search filters . . . . . . . . 20

Customizing the directory lookup interface . . . 23

Configuring non-standard distinguished names 24

Specifying a search base for group searches . . . 26

Using nested groups . . . . . . . . . . 27

Customizing SSL connections . . . . . . . 27

Sample user directory settings for Sun Java

System Directory Server and IBM Directory

Server . . . . . . . . . . . . . . . 28

Switching to a different directory . . . . . . 28

Supporting accented characters in user names (AIX

and Solaris) . . . . . . . . . . . . . . 29

Testing access to the LDAP directory server . . . 29

Access to the Domino Directory through LDAP 29

Disconnecting from a user directory . . . . . . 30

External group membership . . . . . . . . . 30

Group membership: security features . . . . . 30

Group membership: place membership . . . . 31

Group membership: notifications . . . . . . 33

Group membership: LDAP directory . . . . . 33

Group membership: Sametime and offline use . . 34

Group membership: miscellaneous features . . . 34

Special characters supported for user and group

names . . . . . . . . . . . . . . . . 35

Chapter 3 Setting Up the Place Catalog 37

The Place Catalog . . . . . . . . . . . . 37

Setting up the Place Catalog . . . . . . . . . 37

To set up a remote Place Catalog server shared

by more than one server . . . . . . . . . 37

To configure Place Catalog qpconfig.xml settings 38

To register existing places and servers with the

Place Catalog . . . . . . . . . . . . . 38

Place Catalog XML . . . . . . . . . . . . 39

How the Place Catalog works . . . . . . . . 41

How entries are updated . . . . . . . . . 41

Synchronizing Place Catalog data in a cluster . . 43

Enabling DBCS members to use My Places . . . . 44

Recovering if the Place Catalog server goes down 44

Chapter 4 Managing PlaceTypes . . . . 47

PlaceTypes . . . . . . . . . . . . . . . 47

Creating a PlaceType . . . . . . . . . . . 47

To give users information about the PlaceType . 47

Editing the server’s PlaceType list . . . . . . . 48

To hide or display PlaceType names in the list . . 48

Refreshing PlaceTypes and places . . . . . . . 49

Place membership . . . . . . . . . . . 49

Levels of refresh . . . . . . . . . . . . 50

How basic refresh affects the elements in places 50

How replace affects the elements in places . . . 51

Controlling whether the QPTool refresh

command refreshes a place . . . . . . . . 53

© Copyright IBM Corp. 2005 iii

Refreshing a PlaceType from the PlaceTypes view

in the administration place . . . . . . . . 53

Signing a newly inherited scheduled PlaceBot in a

place . . . . . . . . . . . . . . . . 54

Copying a PlaceType . . . . . . . . . . . 54

To add copied PlaceTypes to the PlaceType list 55

Deleting a PlaceType . . . . . . . . . . . 55

Chapter 5 Administering Lotus

QuickPlace Servers in a Cluster . . . . 57

Lotus QuickPlace servers in a cluster . . . . . . 57

Planning capacity . . . . . . . . . . . 58

Types of clustering solutions . . . . . . . . 58

Creating a cluster . . . . . . . . . . . . 59

Adding a Lotus QuickPlace server to a cluster . . . 59

Adding a Lotus QuickPlace server after a long

down time . . . . . . . . . . . . . . 60

Configuring clustered servers for the Place Catalog 61

Place Catalog entries and clusters . . . . . . 62

Removing a Lotus QuickPlace server from a cluster 63

Chapter 6 Setting Up Security . . . . . 65

Lotus QuickPlace authentication . . . . . . . 65

Single sign-on authentication . . . . . . . . 65

Creating or editing a Web SSO Configuration

document . . . . . . . . . . . . . . 66

Completing single sign-on setup . . . . . . 67

Modifying user cache settings . . . . . . . . 68

Specifying the number of user entries allowed in

the cache . . . . . . . . . . . . . . 69

Specifying the length of time user entries remain

in the cache . . . . . . . . . . . . . 69

Controlling access to the server . . . . . . . . 69

Specifying administrators of a Lotus QuickPlace

server . . . . . . . . . . . . . . . 69

Changing a local administrator password . . . 71

Specifying who can create places on a server . . 71

Specifying super user access to a Lotus

QuickPlace server . . . . . . . . . . . 73

Expanded membership . . . . . . . . . . 74

Expanded membership groups . . . . . . . 74

Examples of expanded membership groups . . . 75

Access control in places that use expanded

membership . . . . . . . . . . . . . 76

User interface differences in places that use

expanded membership . . . . . . . . . 76

Important points about expanded membership 76

Setting up expanded membership . . . . . . 77

Enabling expanded membership on the server . . 77

Configuring the name and password to use for

connecting to the LDAP server that stores the

expanded membership groups . . . . . . . 78

Enabling expanded membership in places . . . 79

Changing the directory server or base

distinguished name used for the expanded

membership groups . . . . . . . . . . 79

Using expanded membership logging . . . . 80

Blocking specific protocols referenced in link URLs 80

Blocking HTML attachments that contain cross-site

scripts . . . . . . . . . . . . . . . . 81

Configuring browser caching for tighter security . . 81

Clearing Lotus QuickPlace files from the Internet

Explorer cache . . . . . . . . . . . . 81

Preventing caching of Lotus QuickPlace pages on

browsers . . . . . . . . . . . . . . 81

Chapter 7 Completing Additional

Server Configuration Tasks . . . . . . 83

Using the Server Settings - Other Options room in

the administration place . . . . . . . . . . 83

ActiveX controls . . . . . . . . . . . . 84

Setting up the Search Places feature . . . . . . 85

Configuring Search Places settings . . . . . . 87

Customizing the My Places feature . . . . . . 88

Opening places in a new browser window . . . 88

Using a custom application for My Places . . . 88

Adding parameters to the My Places URL . . . 88

Customizing Web page caching . . . . . . . . 90

Web page cache settings . . . . . . . . . 90

To enable the cache . . . . . . . . . . . 90

To set the cache directory . . . . . . . . . 91

To set the cache size limit . . . . . . . . . 91

To set the time interval for cache cleaning . . . 91

To set the cache for anonymous users only . . . 91

To enable logging for the server cache . . . . 91

Hiding the Sign In and Sign Out links . . . . . 91

Enabling image caching in environments that don’t

use single sign-on . . . . . . . . . . . . 92

Disabling page compression . . . . . . . . . 92

Displaying CGI variables in Lotus QuickPlace

HTML source pages . . . . . . . . . . . 92

Customizing user notifications settings . . . . . 92

Using qpconfig.xml settings to configure

notifications . . . . . . . . . . . . . 93

Configuring where Lotus QuickPlace routes

replies to e-mail from places . . . . . . . . 94

Specifying a footer that appears on all pages . . . 94

Enabling and disabling the UTF-8 Domino server

setting . . . . . . . . . . . . . . . . 95

Tracking the number of active Lotus QuickPlace

users . . . . . . . . . . . . . . . . 95

To set up logging of user access . . . . . . 95

To extract the names of Lotus QuickPlace users

from log files on AIX and Solaris . . . . . . 96

Example of extracting names from one log file . . 96

Example of extracting names from multiple log

files . . . . . . . . . . . . . . . . 96

Example of extracting names from log files on

multiple servers . . . . . . . . . . . . 96

To extract the names of Lotus QuickPlace users

from log files on Windows . . . . . . . . 97

Example of extracting names from multiple log

files on Windows . . . . . . . . . . . 98

Example of extracting names from log files on

multiple servers on Windows . . . . . . . 98

Chapter 8 Using QPTool Commands . . 99

QPTool . . . . . . . . . . . . . . . . 99

Running QPTool . . . . . . . . . . . . 99

Using the -i argument with QPTool commands 100

iv QuickPlace Administrator’s Guide

Using QPTool commands in a cluster . . . . 100

Adding external members to places . . . . . . 100

Changing user and group names in places . . . 102

Changing the name hierarchy of names in places 104

Updating external member information in places 105

Managing expanded membership . . . . . . 107

Resetting local user passwords . . . . . . . 108

Removing members from places . . . . . . . 109

Sending newsletters to subscribers . . . . . . 110

Sending mail to managers and members of places 111

Sample template file . . . . . . . . . . 112

Registering and unregistering places and servers

on the server . . . . . . . . . . . . . 112

Automating replica stub creation . . . . . . . 114

Examples of using the replicamaker command 115

To run replicamaker in verbose mode . . . . 116

To ensure that new places and PlaceTypes are

replicated quickly . . . . . . . . . . . 116

Refreshing places and PlaceTypes . . . . . . . 116

Locking and unlocking places on the server . . . 118

Archiving places . . . . . . . . . . . . 119

Restoring an archived place to an active server 119

Renaming places . . . . . . . . . . . . 120

Moving places to another server . . . . . . . 120

Moving a place from one Lotus QuickPlace 7.0

server to another . . . . . . . . . . . 120

Moving a place from a Lotus QuickPlace 6.5.1

server to a Lotus QuickPlace 7.0 server . . . . 121

Removing places and PlaceTypes from the server 122

Reactivating a place mistakenly removed using

QPTool remove . . . . . . . . . . . . 123

Completing the deletion of a place mistakenly

deleted through the file system . . . . . . 124

Updating statistics in the Place Catalog . . . . . 124

Updating PlaceLastModified and PlaceSize

statistics . . . . . . . . . . . . . . 124

Synchronizing Place document statistics in a

cluster . . . . . . . . . . . . . . . 124

Syntax for the placecatalog command . . . . 124

Generating reports about places and servers . . . 125

Before using the report command . . . . . 126

To use the report command . . . . . . . 126

Examples of using the report command . . . 126

Repairing places on the server . . . . . . . . 127

Error: Entry not found in index or document

has been deleted . . . . . . . . . . . 127

Deleting one of multiple images causes image

corruption . . . . . . . . . . . . . 128

To use the repair command . . . . . . . . 128

Cleaning up dead mail . . . . . . . . . . 128

Adding and removing graphic text fonts . . . . 128

Executing an XML API file . . . . . . . . . 129

Chapter 9 Troubleshooting . . . . . 131

Troubleshooting user directory problems . . . . 131

Can’t add a name from the user directory . . . 131

Names of external users and groups are missing

or displayed as distinguished names . . . . 131

Mapping dn to display_name causes problems 131

Using the type-in method to add users from an

external directory does not always work . . . 131

You cannot add new users with automatic

lookup if more than one match is found . . . 132

Cannot add two users with the same

distinguished name as members . . . . . . 132

Cannot create a place that has the same name as

a user in the user directory . . . . . . . . 132

Places do not show changes to user information

made in user directory . . . . . . . . . 132

″OK with Anonymous access″ shows rather

than ″OK with credentials″ when saving user

directory settings . . . . . . . . . . . 132

User directory set to localhost or 127.0.0.1

causes server crash . . . . . . . . . . 133

What’s New notification doesn’t work for users

who access rooms through group membership . 133

Troubleshooting security problems . . . . . . 133

A second cn component in name is preventing

user authentication . . . . . . . . . . 133

A user can’t sign into a place after a

distinguished name change . . . . . . . . 133

User can’t sign in after name change in Domino

Directory . . . . . . . . . . . . . . 134

In a third-party authentication environment,

users with non-standard names are unable to

authenticate . . . . . . . . . . . . . 134

In a third-party authentication environment,

users with multi-character delimiters in their

names are unable to authenticate . . . . . . 134

Users are rechallenged for credentials when

publishing and lose their edits . . . . . . . 134

If place member and super user have same

name, the super user gets member access . . . 134

A user who is a member of a group is not

getting the expected access . . . . . . . . 134

Troubleshooting QPTool problems . . . . . . 135

Changehierarchy command adds entries to the

Place Catalog in situations when it shouldn’t . . 135

Addmember command fails when you

mistakenly use the -g argument to add an

individual user . . . . . . . . . . . . 135

Must unlock archived place before moving it

back and registering . . . . . . . . . . 135

QPTool changemember appears to change a

user to a group . . . . . . . . . . . . 135

QPTool report returns the error ″Database is not

full-text indexed″ . . . . . . . . . . . 135

Uppercase place names specified in XML input

are converted to lowercase . . . . . . . . 136

QPTool does not archive a place that already

exists in the specified archive directory . . . . 136

Can’t use QPTool commands on a place whose

name begins with a hyphen . . . . . . . 136

QPTool changemember does not change the

name in existing page banners . . . . . . 136

QPTool remove -cleanup after QPTool remove

-p placename not working . . . . . . . . 137

Problem using nqptool commands on

server/program command line . . . . . . 137

Troubleshooting offline problems . . . . . . . 137

New rooms not installing to offline place during

synchronization . . . . . . . . . . . 137

Contents v

Users are unable to sign in offline . . . . . 137

User installing offline using Sun ONE Portal

Server is prompted to reauthenticate . . . . 138

Users can’t install places offline in a Netegrity

SiteMinder environment . . . . . . . . . 138

Users see ERROR 500 message when installing

offline . . . . . . . . . . . . . . . 138

A PlaceBot does not run offline . . . . . . 139

Offline users can’t edit their member profiles

when Sametime is enabled and the place name

begins with ″QuickPlace″ . . . . . . . . 139

Users with flat names can’t take places offline 139

Users who install offline to Windows 2000 client

are prompted for Web Application password . . 139

Offline not working for external users after

changemember or changehierarchy commands

used . . . . . . . . . . . . . . . 139

Offline is not working for a super user . . . . 139

Offline users can’t use places and rooms

accessed through group membership . . . . 139

Offline authors or readers see synchronization

errors . . . . . . . . . . . . . . . 139

Problem installing places offline on Windows 140

Cannot install places with the same name from

two different servers . . . . . . . . . . 140

Users who do not fill in offline passwords

cannot install places offline . . . . . . . . 140

Offline users can’t send e-mail from a place . . 140

Database authorization failures occur during

Domain Catalog indexing when server is set up

for Search Places and offline use . . . . . . 140

Troubleshooting Sametime problems . . . . . . 140

Users can’t schedule meetings from a place . . 141

Sametime is not working for local users . . . 141

Online awareness not working for users whose

names contain accented characters . . . . . 141

External users with flat names cannot join

online meetings that they publish . . . . . 141

Appendix A Lotus QuickPlace

notes.ini Settings . . . . . . . . . . 143

Web page cache settings . . . . . . . . . . 143

Offline settings . . . . . . . . . . . . . 143

Server logging settings . . . . . . . . . . 143

Client logging settings . . . . . . . . . . 145

Attachment and file import logging . . . . . 146

Other settings . . . . . . . . . . . . . 146

Notices . . . . . . . . . . . . . . 149

Trademarks . . . . . . . . . . . . . . 150

Index . . . . . . . . . . . . . . . 151

vi QuickPlace Administrator’s Guide

Chapter 1 Lotus QuickPlace Administration Overview

This chapter describes the new features in IBM® Lotus® QuickPlace® 7.0, the tools

you use to administer Lotus QuickPlace, how to stop and start Lotus QuickPlace,

and where to find additional Lotus QuickPlace documentation.

Administration overview

Lotus QuickPlace is a self-service Web tool for team collaboration that you can use

to publish, share, and track all information relevant to a project. Teams can use

Lotus QuickPlace to store resources (such as files, discussions, and schedules)

related to a project in a common place where everyone can access the latest

information.

This guide is intended for Lotus QuickPlace administrators. It describes the

following Lotus QuickPlace administration tasks:

v Connecting to a user directory to simplify the registration and management of

members in places

v Setting up a Place Catalog, a central database that collects information about

places and Lotus QuickPlace servers

v Creating and managing PlaceTypes, places that are used as models for new

places

v Setting up security on the server

v Administering Lotus QuickPlace servers in a cluster

v Configuring a variety of server-wide settings using the administration

(quickplace) place or settings in a qpconfig.xml file

v Completing a variety of tasks using QPTool commands

Note: The e-mail notification features of Lotus QuickPlace rely on the mail routing

configuration of the local IBM® Lotus® Domino® server. For information on

configuring mail routing with Domino, see Domino Administrator Help. For

additional information on customizing Lotus QuickPlace e-mail notifications,

see the chapter ″Completing Additional Server Configuration Tasks.″

What’s new in Lotus QuickPlace 7.0

In Lotus QuickPlace 7.0 the product name reverts to Lotus QuickPlace from Lotus

Team Workplace, the name used in version 6.5.1. This guide uses the name Lotus

QuickPlace when referring to all versions, including version 6.5.1. See the

following topics for descriptions of new features for administrators, users, and

developers in Lotus QuickPlace 7.0.

New for administrators

The following features are new for administrators.

Domino management of user directory lookups

You can optionally set up the Domino server on which Lotus QuickPlace runs to

manage the lookups to a user directory. Using this optional user directory

configuration, you can take advantage of Domino user authentication and directory

© Copyright IBM Corp. 2005 1

features within Lotus QuickPlace, for example, X.509 certificate authentication,

multiple directories accessed through Domino directory assistance, and Internet

Site documents.

If you upgrade from an earlier version of Lotus QuickPlace, the upgrade process

preserves the existing external LDAP directory connection managed by Lotus

QuickPlace. If you want to switch to Domino management of user directory

lookups, you can make this change at any time.

CAUTION:

Once you have switched to Domino management of user directory lookups,

reverting back to the Lotus QuickPlace management of LDAP directory lookups

is not supported.

For more information on this new supported configuration, see the chapter

″Connecting to a User Directory.″

Improved error logging and debugging

Lotus QuickPlace 7.0 provides the following error logging and debugging

enhancements.

v The new server notes.ini file setting $h_Debug=1 enables the browser to display

detailed messages about JavaScript™ errors that occur on the client, rather than

the general Lotus QuickPlace message, ″Unable to process your request at this

time.″

v The new server notes.ini file setting $h_ClientDebugConsole=<level> displays a

console log on all clients that access the server. Use this setting on a temporary

basis to help IBM Support troubleshoot a client-side problem.

v The new server notes.ini file setting QuickPlaceHTTPInterfaceLogging=<level>

logs the interaction between Lotus QuickPlace and the Domino HTTP server

during the processing of a URL. This setting is useful primarily as a first step

toward isolating user authentication problems or problems related to the

interaction between Lotus QuickPlace and Domino.

v The new server notes.ini file setting h_ExceptionDetail=1 adds the source code

name and line number from which errors and warnings are generated to the

error and warning messages that the server sends to the browser. Use this

setting on a temporary basis to help IBM Support troubleshoot a problem.

v Additional messages have been added for a number of existing logging settings.

v Additional logging settings have been documented.

For more information, see the appendix ″Lotus QuickPlace notes.ini Settings.″

Encryption of offline databases

You can use the new encryption setting in the offline section of the qpconfig.xml

file to encrypt all places that are taken offline. Offline place encryption is similar to

IBM® Lotus® Notes® database encryption. If you do not use this setting to enable

encryption of all offline places, managers of places can enable encryption for

specific places.

For more information, see the Lotus QuickPlace Installation and Upgrade Guide.

Use of sign in passwords for offline databases

You can use the new use_login_passwords setting in the offline section of the

qpconfig.xml file to enable offline users to sign into offline places using the same

password they use to sign in to Lotus QuickPlace. If administrators do not enable

this setting, managers of places can enable the feature for specific places.

2 QuickPlace Administrator’s Guide

For more information, see the Lotus QuickPlace Installation and Upgrade Guide.

Improved My Places performance

The performance of the My Places feature has significantly improved. The My

Places filtering settings in the qpconfig.xml file introduced in version 3.0.1 to

improve performance are no longer needed and used in Lotus QuickPlace 7.0.

There is new column sorting capability in the My Places user interface that can

serve as a substitute for some of the filtering settings previously configured

through the qpconfig.xml file. The only My Places settings in the qpconfig.xml file

that remain are place_links, used to open places in a new browser window, and

place_ui, used to use a custom portal application for My Places. Some of the My

Places URL parameters continue to be supported.

For more information on configuring My Places, see the chapter ″Completing

additional server configuration tasks.″

Ability to define additional fonts for graphic text

You can use the new QPTool command addgraphicfont to make additional fonts

available for use in graphic text in pages, logos, and sidebar items. The command

can make any font that is already installed in the server’s operating system fonts

directory available for use in graphic text. You can make a font unavailable by

using the removegraphicfont command.

For more information, see the chapter ″Using QPTool Commands.″

Domino time zone support

Lotus QuickPlace 7.0 uses the underlying time zone configuration of the Domino

server on which it runs.

i5/OS documentation

The Lotus QuickPlace Administrator’s Guide, the Lotus QuickPlace Installation and

Upgrade Guide, the Lotus QuickPlace Developer’s Guide, and the Lotus QuickPlace

Release Notes now incorporate information for IBM® iSeries™ (i5/OS™). The

installing and managing guide and the Readme files specifically for iSeries no

longer exist for Lotus QuickPlace 7.0.

New product ID for i5/OS

The product ID on i5/OS for Lotus QuickPlace 7.0 is 5724J24. For version 6.5.1 it

was 5733LQP.

New for users

The following features are new for users. For more information on these features,

see the Help.

Domino time zone support

Users can set time zone preferences for places on a server using the same cookie

that Domino uses. Earlier versions of Lotus QuickPlace used a different cookie for

storing time zone information.

Access control changes

Earlier versions of Lotus QuickPlace supported manager, author, and reader access.

Lotus QuickPlace 7.0 supports, in addition, editor access. Like an author, an editor

can create, edit, and delete documents. Unlike an author, an editor can also edit

and delete documents created by others, unless the document author has restricted

Chapter 1 Lotus QuickPlace Administration Overview 3

access. Task pages are an exception; an editor may not edit a Task page unless the

editor is specifically granted access by the creator of the page when the page is

published.

Access control in Lotus QuickPlace has been changed in the following ways to be

more like Domino access control:

v Managers can edit and delete all documents in a place, even if access has been

restricted by the document author.

v Default and Anonymous users are now assigned distinct levels of access to a

place. Anonymous users -- users who are not members of a place through

individual or group membership and who access places without authenticating

-- are assigned the Anonymous level of access, instead of the Default level.

Authenticated non-members are assigned the Default access level. You specify

these two access levels by adding Anonymous and Default as place members.

Anonymous can have only reader access, whereas Default can have reader,

author or editor access.

Nested folders

In previous versions of Lotus QuickPlace, folders could contain only documents.

Now folders can contain other folders (subfolders). If you the new themes, you can

access these subfolders through the table of contents. If you use any of the themes

previously available in Lotus QuickPlace, you can access these subfolders through

the folder list.

New themes with expandable table of contents

Lotus QuickPlace includes new themes named ″Organized″ and ″Modern Plus″

that enable users to expand and collapse folders and subfolders in the Lotus

QuickPlace table of contents. These features help you to navigate the hierarchical

structure of folders and documents, as well as view a room’s organization.

Document types in folders

Each document listed in a folder displays an icon in the type column that

represents the document type.

Offline passwords

Users can now use their Lotus QuickPlace sign in passwords for offline places.

Users are no longer required to set or remember a password for each offline place

to which they belong.

Offline encryption

Offline Lotus QuickPlaces can be encrypted whenever an offline place is created or

synchronized. An administrator can set the encryption server-wide, while a place

manager can set the encryption for a specific place.

Improved My Places

In earlier versions of Lotus QuickPlace, when a user displayed the places of which

he or she was a member, the performance was poor if a user belonged to a large

number of places. In Lotus QuickPlace 7.0, the performance has improved. In

addition, a Last Update column has been added, and the places may be sorted by

any of the columns (size, title, last updated date, last modified date, name, or title).

Support for Safari on Mac OS-X

Lotus QuickPlace 7.0 now supports the Safari browser on Mac OS-X.

Support for Mozilla Firefox

Lotus QuickPlace now supports the Mozilla Firefox browser.


New for developers

The following features are new for developers:

v Additional customizable components are available for use in theme layouts.

v The HTML and JavaScript that the server provides to the browser is no longer

encoded, so it is more readable by Lotus QuickPlace developers.

Tools for administering Lotus QuickPlace

You use the following tools to configure and administer a Lotus QuickPlace server:

v QPTool commands

v qpconfig.xml file

v Server Settings in the administration place

v NOTES.INI file settings

In addition to these tools, you can use tools available in Domino, for example,

settings in the Domino Directory or directory assistance database.

QPTool commands

QPTool is a server task that you run with arguments to complete adminstration

tasks. You use QPTool commands to complete many administrative tasks, for

example, locking and unlocking places, changing user names, and registering

places.


qpconfig.xml file

You can specify many Lotus QuickPlace configuration settings by creating a file

called qpconfig.xml and using XML to specify the desired settings in the file. Lotus

QuickPlace comes with a sample template file called qpconfig_sample.xml, which

is installed in the server data directory. The file includes all of the settings you can

specify in the qpconfig.xml file, descriptions of the settings, the default values, and

sample values.

To customize a setting described in qpconfig_sample.xml, create a file called

qpconfig.xml. If you do not create a qpconfig.xml file, Lotus QuickPlace uses all

the default settings indicated in the file. For more information, see the topic

″Creating and using the qpconfig.xml file.″

Server Settings in the administration place

You specify some server settings in the Server Settings room in the administration

place. You use the Server Settings room to specify some server security settings, to

set up the server to connect to a user directory, and to specify other settings. To

use the Server Settings room:

1. Open a browser and enter the server’s host name appended by /QuickPlace.

For example:

http://servername.enterprise.com/QuickPlace

2. Click Sign In.

3. Enter a Lotus QuickPlace server administrator user name and password.

4. Click Server Settings in the table of contents.


NOTES.INI file settings

You use the notes.ini file on the server for some Lotus QuickPlace configuration

tasks. For example, you specify page cache settings and logging settings in the

notes.ini file. For descriptions of each notes.ini setting used by Lotus QuickPlace,

see the appendix ″Lotus QuickPlace notes.ini Settings.″

Creating and using the qpconfig.xml file

To create and use the qpconfig.xml file, perform the following steps:

Note: All Lotus QuickPlace servers in a cluster should use the same qpconfig.xml

settings.

1. Create a file called qpconfig.xml and save it as a text file in the data directory.

2. Open the qpconfig.xml file using a text file editor.

3. Open the qpconfig_sample.xml and copy the following lines to the

qpconfig.xml file.

<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>



<server_settings>

</server_settings>

4. Between the two server_settings statements, copy the sample section from the

qpconfig_sample.xml file that contains the settings you want to modify and

paste the section into the qpconfig.xml file. For example, to modify super_user

settings, copy the text noted in bold below from qpconfig_sample.xml to

qpconfig.xml:

<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>



<server_settings>

<super_user enabled="true">

<dn>cn=QuickPlace Admin,o=ibm</dn>

</super_user>

</server_settings>

Note: To change a child setting under a parent setting, make sure to copy the

parent setting, too.

5. Modify the values for copied settings as desired, for example, the distinguished

name of a super user, and then save the qpconfig.xml file.

6. Type the following command to restart the HTTP task so that Lotus QuickPlace

recognizes the changes:

restart task http

Starting Lotus QuickPlace

You start and stop Lotus QuickPlace by starting and stopping the Domino server

on which it is installed. To start Lotus QuickPlace, follow the procedure

appropriate for your operating system.


To start Domino and Lotus QuickPlace (Windows)

If Lotus QuickPlace runs on Microsoft® Windows®, start Domino and Lotus

QuickPlace as follows:

1. Choose Start - Programs - Lotus Applications - Lotus Domino Server.

To start Domino and Lotus QuickPlace (AIX and Solaris)

If Lotus QuickPlace runs on IBM® AIX® or Solaris, start Domino and Lotus

QuickPlace as follows:

1. Log in as the user specified during the Lotus QuickPlace installation.

2. Navigate to the Domino data directory.

3. Enter one of the following commands to start Domino and Lotus QuickPlace:

v To run the Domino server console in the background enter:

<Domino program directory>/bin/server &

v To run the Domino server console in the foreground enter:

<Domino program directory>/bin/server

For example, if you used the default Domino program directory and want to

run the server console in the background, enter:

/opt/ibm/lotus/bin/server &

To start Domino and Lotus QuickPlace (i5/OS)

If Lotus QuickPlace runs on IBM i5/OS, start Domino and Lotus QuickPlace as

follows. You must have *JOBCTL special authority to perform this task.

Tip: You can also perform this task using iSeries Navigator. For more information,

see Installing and Managing Domino 7 for i5/OS.

1. On any i5/OS command line, type the following command and press Enter:

wrkdomsvr

2. On the Work with Domino Servers display, type a 1 in the Opt column next to

the Lotus QuickPlace server you wish to start and press Enter.

3. If the server is password protected, type 8 next to the Lotus QuickPlace server

to work with the console, and press Enter.

4. Enter the password at the appropriate prompt.

5. Press F3 to exit the console.

Tip: You can also start a Lotus QuickPlace server by entering the following

command:

STRDOMSVR SERVER(servername)

where servername is the name of the Lotus QuickPlace server.

6. Periodically press F5 to refresh your screen and wait for the server status to be

*STARTED.

Note: Starting the Lotus QuickPlace server may take a few minutes. You can

verify that the HTTP task and the Lotus QuickPlace task have started by

displaying the console, which is option 5 from the Work with Domino

Servers display.

7. You can verify that the Lotus QuickPlace server has started by using a Web

browser to access the Lotus QuickPlace home page at the following URL:

http://DominoServerName:port/QuickPlace


where DominoServerName is the fully qualified host name of the Domino server

and port is the TCP/IP port number.

Note: Specifying a port number is only required if the port defined for Lotus

QuickPlace is not the default port 80.

Stopping Lotus QuickPlace

To stop Lotus QuickPlace, follow the appropriate procedure for your operating

system.

To stop Domino and Lotus QuickPlace (Windows, AIX, Solaris)

If Lotus QuickPlace runs on Windows, AIX, or Solaris, stop Lotus QuickPlace as

follows:

1. Enter either of the following commands at the Domino server console:

exit

or

quit

To stop Domino and Lotus QuickPlace (i5/OS)

If Lotus QuickPlace runs on i5/OS, stop Domino and Lotus QuickPlace as follows.

You must have *JOBCTL special authority to perform this task.




WRKDOMSVR


the Lotus QuickPlace server and press Enter.

Note: This will stop the server in a controlled state.

3. Press Enter to confirm your server selection.

Tip: You can also stop a Lotus QuickPlace server by entering the following

command:

ENDDOMSVR SERVER(servername)

where servername is the name of the Lotus QuickPlace server.

4. Periodically press F5 to refresh your screen and wait for the server status to be

*ENDED.

Note: Stopping the Lotus QuickPlace server may take a few minutes. You can

verify that all server jobs have ended by viewing the Work with Active

Jobs display, which is option 9 from the Work with Domino Servers

display.

5. From the Work with Domino Servers display, record the subsystem that is used

by the Lotus QuickPlace server.

6. On the command line, type the following command and press Enter:

WRKSBS

7. In the Opt column next to the subsystem you recorded in step 5, type a 4 and

press Enter to end the subsystem.

8. Press Enter to confirm your subsystem selection.


9. Press Enter again to return to the Work with Domino Servers display.

Signing in as a Lotus QuickPlace administrator

You must sign in as a Lotus QuickPlace administrator to change Server Settings in

the administration place (the quickplace place) on the server.

To sign in as an administrator:


For example:


2. Click Sign In.

3. Enter a Lotus QuickPlace administrator user name and password.

4. Click Server Settings.

For information on assigning administrators to a Lotus QuickPlace server, see the

chapter ″Setting Up Security.″

Backing up Lotus QuickPlace

You should regularly back up your Lotus QuickPlace data to prevent permanent

loss. In particular, back up the Lotus QuickPlace data directory, which contains

user data.

Use the backup and recovery commands and procedures for a Domino server to

back up your Lotus QuickPlace data. For more information, see Domino

Administrator Help.

Lotus QuickPlace also provides an archiving facility to make copies of places

elsewhere in the file system. For more information on the QPTool archive

capability, see the chapter ″Using QPTool Commands.″

Lotus QuickPlace for i5/OS and Backup, Recovery, and Media

Services for iSeries

Lotus QuickPlace for i5/OS supports the online backup capability provided with

Backup, Recovery, and Media Services for iSeries. Online backup means that Lotus

QuickPlace databases on your system can be saved while they are in use. This

support works with a tape device, an automated tape library device, save files, and

an ADSM server. Detailed procedures for Domino and Lotus QuickPlace are

available at http://www.ibm.com/eserver/iseries/service/brms/domino.htm.

Administration tasks specific to i5/OS

Lotus QuickPlace for i5/OS provides additional functions to help you administer

your Lotus QuickPlace environment. Using i5/OS commands, you can:

v Determine Lotus QuickPlace server status

v Change Lotus QuickPlace server properties

v Change Lotus QuickPlace language dictionaries

Note: You can also remove Lotus QuickPlace from a Domino server on i5/OS

using commands. For more information, see the Lotus QuickPlace Installation

and Upgrade Guide.


Determining Lotus QuickPlace server status on i5/OS

To determine the status of a QuickPlace server, follow these steps. You must have

*JOBCTL special authority to perform this task.




wrkdomsvr

2. The Work with Domino Servers display lists all the Domino servers configured

on your system. The Domino Status column indicates the status of the Lotus

QuickPlace server:

Status Meaning

*ENDED All server tasks have ended. The server is not active.

*ENDING The primary server tasks are ending.

*STARTED The server is running.

*STARTING The primary server tasks are starting.

*UNKNOWN The system cannot determine the status of the server.

Note: To confirm that all components have started, type a 5 in the Opt column to

display the Domino console. On the Display Domino Console display, look

for the message, ″QuickPlace Server started″ which indicates that all Lotus

QuickPlace components have started. You may need to press F5 periodically

to refresh the screen.

Changing Lotus QuickPlace server properties on i5/OS

After you create a Lotus QuickPlace server, you can change many of the properties

that you originally specified. To change the properties of a Lotus QuickPlace

server, follow these steps. You must have *JOBCTL special authority to perform

this task.

1. Stop the server that you want to modify.


wrkdomsvr


the server name and press Enter.

4. On the Change Domino Server display, make any necessary changes to the

values and press Enter.

5. Restart the Lotus QuickPlace server to make the changes take effect.

Changing Lotus QuickPlace language dictionaries on i5/OS

Lotus QuickPlace for i5/OS includes several language dictionaries that the spelling

checker can use. The language dictionary is contained in the file wpdic.dic. By

default, the wpdic.dic file contains the US/English dictionary, us.dic. You can

change the language dictionary that the spelling checker uses by making a backup

copy of the existing wpdic.dic file, for example wpdic.bak, and then renaming the

language dictionary file that you want to use to wpdic.dic. For example, after you

create a backup copy of wpdic.dic, rename German.dic to wpdic.dic.

To change the dictionary that the spelling checker program uses, follow these

steps. You must have *JOBCTL special authority to perform this task.


1. From an i5/OS command line, type the following command and press Enter:

wrklnk ’/qibm/proddata/lotus/QuickPlace/shared/*.dic’

2. Press Page Down until you see the object link called wpdic.dic is displayed.

3. Enter option 7 next to the wpdic.dic object link to rename the object.

4. In the New Object field, change the name of the object link to the following

and press Enter:

wpdic.bak

5. Select the language file that you want to use and enter option 7 to rename the

file.

6. In the New Object field change the name of the object link to the following and

press Enter:

wpdic.dic

Additional documentation

Refer to the following documentation in addition to this guide. This

documentation is available on the Web at http://www.lotus.com/ldd/doc. Under

″Documentation Links,″ click ″by product,″ and then click the appropriate product.

IBM Lotus QuickPlace Installation and Upgrade Guide -- Describes how to install

Lotus QuickPlace, how to set up a server so that users can take places offline using

Domino Off-Line Services, how to set up Lotus QuickPlace to work with IBM®

Lotus® Sametime®, and how to upgrade your existing servers.

IBM Lotus QuickPlace Developer’s Guide -- Describes the Lotus QuickPlace design

architecture, and describes how to create and customize place objects, how to

access the Java™ API using XML, how to automate tasks with PlaceBots, and how

to customize the look and layout of a place.

IBM Lotus QuickPlace Release Notes -- Describes system requirements, support for

backward compatibility with earlier versions, new features, workarounds for

known problems, and documentation updates for Lotus QuickPlace.

IBM Lotus Domino Administrator Help -- Describes how to install, configure, and

administer Lotus Domino.

IBM Lotus Notes, Domino, and Domino Designer Release Notes -- Describes software

requirements, new features and enhancements, troubleshooting tips, and

documentation updates for Lotus Notes, Domino Designer®, and Lotus Domino.

IBM Lotus Sametime Installation Guide -- Describes how to install Lotus Sametime on

each supported platform. You must install Lotus Sametime if you want to integrate

Lotus Sametime features with Lotus QuickPlace. For information on integration

Lotus Sametime with Lotus QuickPlace see the Lotus QuickPlace Installation and

Upgrade Guide.

In addition to the documentation listed above, the Help that comes with Lotus

QuickPlace describes end-user features. To access the Help, from any place, click

the Help button.


Additional resources for i5/OS

In addition to the resources listed in the topic ″Additional documentation,″ i5/OS

users may find the following helpful:

v The Lotus QuickPlace for i5/OS Web site at

http://www.ibm.com/eserver/iseries/quickplace

v The Lotus QuickPlace Web site at

http://www.lotus.com/products/qplace.nsf

v The IBM eServer iSeries Information Center has details about installing, setting

up, and using TCP/IP. It also includes an overview of Client Access Express and

iSeries Navigator. The IBM eServer iSeries Information Center is available on the

Web at

http://publib.boulder.ibm.com/pubs/html/as400/infocenter.html

v The Lotus book Installing and Managing Domino for i5/OS has details on setting

up and managing Domino servers. It includes instructions on how to verify that

TCP/IP is set up and running on your server. It also has a basic introduction to

i5/OS for new users. You can view or download this book and the latest release

notes from the Lotus developerWorks Documentation Library at

http://www.ibm.com/lotus/ldd/doc

You can find other Domino for i5/OS information on the IBM Domino for i5/OS

Web site at

http://www.ibm.com/eserver/iseries/domino

v If you plan to also use Lotus Sametime, review the Lotus Sametime for i5/OS

Web site at

http://www.ibm.com/eserver/iseries/sametime


Chapter 2 Connecting to a User Directory

This chapter describes how to connect Lotus QuickPlace to a user directory.

User directories

There are two types of place members: local members and external members. Local

members are registered in the membership database (Contacts1.nsf) of each place

of which they are a member. External members are registered in a user directory

on a server.

There are several advantages to using external members that are registered in a

user directory:

v Authentication information is managed in a central directory rather than in each

place.

v Place managers add members to places by selecting users and groups from the

directory, rather than typing information for each member.

v A user can be a member of many places and use the same user name and

password to access any of the places. Local members of many places might have

different user names and passwords in each place.

v Users can use single sign-on authentication to sign in to one place, and then

access other places they are members of without re-entering their user names

and passwords.

v If a member’s name or other information such as e-mail address changes in the

directory, you can use QPTool commands to automatically update places to

reflect the change. For example, if John Smith’s e-mail address changes in a user

directory, you can use the QPTool updatemember command to update his e-mail

address in all places.

v Lotus Sametime integration features are supported for external members only.

User directory configurations

Lotus QuickPlace provides two user directory options: Lotus QuickPlace

management of user directory lookups or Domino management of user directory

lookups. Both of these options allow the use of local place members in addition to

external place members.

Domino management of user directory lookups

If you set up Domino to manage user directory lookups:

v Lotus QuickPlace users can be authenticated by any authentication method that

is configured on the Domino server, for example X.509 certificate authentication.

v Lotus QuickPlace users can be located in the Domino server’s primary Domino

Directory (names.nsf). Or they can be located in in any secondary directory --

either a Domino Directory or a Lightweight Directory Access Protocol (LDAP)

directory -- to which the Domino server connects using directory assistance.

Lotus QuickPlace users do not have to be located in a single user directory.

v If users are located in a secondary directory that is an LDAP directory,

configuration of the lookups is done through directory assistance. Directory

assistance supports the use of LDAP referrals on the LDAP directory server.

v Domino Internet Site documents configured on the Domino server are used.


v The Lotus QuickPlace expanded membership feature is not supported.

v Integration of Lotus Sametime features with Lotus QuickPlace is not supported.

CAUTION:

Once you set up Domino management of user directory lookups, switching to

Lotus QuickPlace management of user directory lookups is not supported.

Lotus QuickPlace management of user directory lookups

If you set up Lotus QuickPlace to manage the user directory lookups:

v The user directory must be a Lightweight Directory Access Protocol (LDAP)

directory. To configure how Lotus QuickPlace performs the LDAP directory

lookups, you use the Server Settings - User Directory room in the administration

place and the user_directory portion of the qpconfig.xml file on the Lotus

QuickPlace server.

v User authentication methods are limited to Domino basic name-and-password

authentication, or multi-server session-based (single sign-on) authentication.

Other authentication methods used by Domino, for example X.509 certificate

authentication, are not supported.

v Lotus QuickPlace ignores Domino Internet Site Documents configured on the

Domino server.

v Lotus QuickPlace users and groups must be located in a single LDAP directory,

with the exception that the virtual groups used for the expanded membership

feature can be stored in a separate LDAP directory.

v Referrals to another LDAP directory are not supported.

v Lotus QuickPlace expanded membership feature is supported.

v Integration of Lotus Sametime features with Lotus QuickPlace is supported.

LDAP configuration options

LDAP is a protocol that provides a standard way to access and manage directory

information. A set of rules, known as a schema, defines how information is stored

in an LDAP directory. If Lotus QuickPlace manages user directory lookups, the

user directory must be an LDAP directory. If Domino manages user directory

lookups, the use of an LDAP directory is optional. The following table compares

the available LDAP directory configuration options for the two supported user

directory configurations.

LDAP configuration

option

Available when Lotus

QuickPlace manages lookups

Available when Domino manages

lookups

LDAP directory

server port

Yes (Server Settings - User

Directory room)

Yes (Domino Directory and

Directory Assistance document)

Secure Sockets Layer

(SSL) connections


Directory room)

Yes (Domino Directory and

Directory Assistance document)

SSL protocol to use Yes (in qpconfig.xml) Yes (Directory Assistance

document)

Whether expired SSL

certificates accepted

Yes (in qpconfig.xml) Yes (Directory Assistance

document)

Whether server

certificate must

include host name


document)


LDAP configuration

option




lookups

Different search

bases for groups and

users

Yes (in qpconfig.xml) Yes (Naming rules in Directory

Assistance document)

Control of attributes

that display in Lotus

QuickPlace interface

Yes (in qpconfig.xml) No

Control of attributes

that display in Lotus

QuickPlace directory

lookup interface


Seaches narrowed to

names that are part

of place name


Directory room)

No

Distinguished names

that do not conform

to the Domino

naming convention

Yes (in qpconfig.xml) Yes (requires all-asterisk naming

rule in Directory Assistance

document)

A notes.ini setting may be required

to convert distinguished names

between LDAP and Notes. For

more information, see the version 7

Lotus Notes, Domino, and Domino

Designer Release Notes on the Web

at http://www.lotus.com/ldd/doc.

Custom search filter

for user

authentication


document)


for group

authorization


document)


for adding group

members to places



for adding user

members to places


Control whether

nested groups are

searched

Yes (in notes.ini) Yes (Directory Assistance

document)

Control levels of

nested group

searches

Yes (in notes.ini) No

Search timeout Yes (Server Settings - User

Directory)

Yes (Directory Assistance

document)

Maximum entries

returned

No Yes (Directory Assistance

document)

Attribute to be used

as name in SSO

token


document)

Control over alias

dereferencing


document)

Chapter 2 Connecting to a User Directory 15

LDAP configuration

option




lookups

Support of directory

change detection


document along with configuration

setting on LDAP directory server)

Preparing to connect to an LDAP directory

If you connect to an LDAP directory, you must provide the following information,

regardless of whether Lotus QuickPlace or Domino manages the user directory

lookups. If you are not sure which options are appropriate, consult the LDAP

directory server administrator. This list is not a comprehensive list of configuration

options.

v Port number. Most LDAP directory servers connect over port 389 for

non-encrypted connections or port 636 for Secure Sockets Layer (SSL) encrypted

connections.

v Search base. LDAP user directories can be divided into different sections as part

of a tree-like hierarchy. The search base determines where in the hierarchy

searches begin. You can specify separate search bases for users and groups.

v SSL connections. If SSL is configured on the Domino server and the LDAP

server, determine whether to initiate all requests to the LDAP directory server as

SSL encrypted requests and to use an X.509 certificate to verify the remote LDAP

directory server’s identity.

v User name and password. LDAP directory servers are often configured to

require a user name and password for connections. In this case, you specify a

name and password of an account in the directory to use.

Accessing LDAP directory servers from behind a firewall on i5/OS

If a Lotus QuickPlace server that runs on i5/OS is behind a firewall and you plan

to do user lookups in an LDAP directory that is outside the firewall, your system

administrator must configure Client Socks support using iSeries Navigator. For

details, see one of the following:

v OS/400 Sockets Programming, SC41-5422-03 or later, which is available from the

iSeries Online Library through the following Web site:

http://www.ibm.com/eserver/iseries/infocenter

v AS/400 Internet Security: IBM Firewall for AS/400, SG24-2162, which is available

from the IBM Redbooks Web site:

http://www.ibm.com/redbooks

Setting up Domino to manage user directory lookups

Perform the following steps to set up Domino to manage user directory lookups.

For additional information on switching from managing lookups through Lotus

QuickPlace to managing lookups through Domino, see the topic ″Switching to

managing user directory lookups through Domino.″

Note: When Domino manages user directory lookups, Lotus QuickPlace expanded

membership is not supported and Lotus Sametime integration with Lotus

QuickPlace is not supported.


CAUTION:

Place members added when Domino manages directory lookups are not

recognized if you switch to managing user directory lookups through Lotus

QuickPlace. Switching from managing lookups through Domino to managing

lookups through Lotus QuickPlace is not supported.

1. If Lotus QuickPlace users are located in a secondary directory rather than the

Domino server’s primary Domino Directory, set up directory assistance for the

directory. For instructions, see the section Directory Services - Directory

Assistance in the Contents view of Domino Administrator Help. Keep the

following points in mind:

v Create a Directory Assistance document for each directory that contains

Lotus QuickPlace users.

v To use groups from a directory as place members, specify ″Group

Authorization″ in the Directory Assistance document. Locate all such groups

in one directory because you can enable this option for one directory only.

v If the secondary directory is an LDAP directory and there are distinguished

names in the directory that don’t conform to the Domino naming convention,

use an all-asterisk naming rule in the Directory Assistance document. You

may also need to enable a notes.ini setting on the Domino server to convert

distinguished names between LDAP and Notes. For more information, see

the version 7 Lotus Notes, Domino, and Domino Designer Release Notes on the

Web at http://www.lotus.com/ldd/doc.2. Set up client authentication on the Domino server, either certificate

authentication or name-and-password authentication. For information on

setting up multi-server session-based authentication (single sign-on), which is a

type of name-and-password authentication, see the chapter ″Setting up

Security.″ For information on setting up X.509 certificate authentication, see the

Security section in the Contents view of Domino Administrator Help.

3. Set up management of directory lookups through Domino:

a. Sign in to the Lotus QuickPlace server as a Lotus QuickPlace administrator.

b. Click Server Settings - User Directory.

c. Click Change Directory.

d. In the Type field click Domino Server.

e. Click one of the following options

To allow place managers to create local members, click ″Allow managers to

create new users in each place.″

To prevent place managers from creating local members and require them to

select members from a user directory, click ″Disallow new users.″4. Click Next. Make sure to click Next, or your settings will not take effect.

Switching to managing user directory lookups through Domino

If you manage user directory lookups through Lotus QuickPlace, and you want to

manage lookups through Domino instead, perform the following steps:

CAUTION:

After you make this change, reverting to managing lookups through Lotus

QuickPlace is not supported.

1. Perform all of the steps described in the topic ″Setting up Domino to manage

user directory lookups.″ To use the same LDAP directory, set up directory

assistance for the LDAP directory.


2. Use the qptool changehierarchy command to change the format of external

users’ distinguished names in existing places to use the forward slash (/)

delimiter.

For example, to change the names of users and groups within the hierarchy

ou=boston,o=acme to the Domino counterpart hierarchy, ou=boston/o=acme in

place P1, use the following command:

load qptool changehierarchy -sourceh ou=boston,o=acme -targeth ou=boston/o=acme -p P1

Or to make the same change in all places, use the following command:

load qptool changehierarchy -sourceh ou=boston,o=acme -targeth ou=boston/o=acme -a

3. Restart the server by entering the following command at the server console:

restart server

Setting up Lotus QuickPlace to manage user directory lookups

Perform the steps below to set up Lotus QuickPlace to manage user directory

lookups:

Note: The distinguished names of users and groups should be unique. If there are

two identical distinguished names in the directory, only one of the names

can be added to a place as a member. If two distinguished names are

identical, add a middle initial or other distinguishing character to one of the

names to make each name unique.

1. Make sure the LDAP directory server is running.


For example:


3. Click Sign In.



6. Click User Directory.

7. Click Change Directory.

8. In the Type field, select ″LDAP Server.″

9. In the Name field, type the host name of the directory server. For example,

elvis.acme.com.

10. In the Port number field, type the port number that the LDAP server uses to

communicate with other servers. The default is 389.

11. (Optional) Check ″Check for SSL connection with LDAP user directory.″ If you

select this option and SSL is configured correctly on the Lotus QuickPlace

server and the LDAP server, the Lotus QuickPlace server will initiate all

requests to the LDAP user directory as SSL encrypted requests.

12. (Optional) In the Search base field type a distinguished name that represents

the location at which to begin searches, for example, o=acme,

ou=sales,o=acme, or dc=acme,dc=com.

By default the Search base you specify applies to both user and group

searches. However, you can use the qpconfig.xml file to specify a different

search base for group searches.

For more information, see the topic ″Specifying a search base for group

searches.″

13. (Optional) Click ″Narrow searches to the place name″ to confine searches

launched from a place to user directory names that include the name of that

place.


For example, with this option checked, if a user does a directory search from a

place called ″Sales Support,″ the search looks only for users who have ″Sales

Support″ in their user names.

14. (Optional) If a user name and password are required to access directory

information on the LDAP server, do the following:

a. Click ″Check to use credentials specified below when searching the

directory.″

b. Enter the user name, an LDAP distinguished name, for example

cn=admin,o=acme.

c. Enter the password.15. (Optional) In the Authentication Timeout and Search Timeout fields, change

the maximum amount of time, in seconds, the Lotus QuickPlace server can

take to authenticate a user from the user directory or to perform a search. The

default value for both time-out settings is 120 seconds and is adequate in most

environments. If connections to the LDAP server are very slow, consider

increasing the time-out values. If connections are very fast, consider reducing

the values. If you leave the fields blank, the default settings are used.

Specifying 0, which allows the Lotus QuickPlace server to take an unlimited

amount of time for user authentication and searches, is not recommended.

Note: The LDAP server might also have time-out limits configured. In this

case, the effective time-out limits are whichever are lowest between the

Lotus QuickPlace server and the LDAP server.

16. Specify whether to allow place managers to add local members:

v To allow managers to register local members who are not listed in the user

directory, click ″Allow managers to create new users in each place.″

v To limit the members of places on the server to users who are listed in the

user directory, click ″Disallow new users.″17. Click Next. Make sure to click Next, or your settings will not take effect.

Customizing Lotus QuickPlace management of user directory lookups

If Lotus QuickPlace manages the lookups to an LDAP directory, you may need to

perform the following steps to customize the lookups to accommodate your

particular LDAP directory configuration:

v Customize the attributes displayed for users and groups

v Customize search filters

v Customize the directory lookup interface

v Configure non-standard distinguished names

v Specify a search base for group searches

v Configure use of nested groups

v Customize SSL connections

v Switch to a different directory

Customizing the attributes displayed for users and groups

Users, groups, and all other objects in an LDAP directory are described by a

variety of attributes. For example, the value for a user’s first name is often stored

as the givenname attribute and the last name as the sn (surname) attribute. Not all

LDAP directories define attributes for users and groups in the same way. To

display accurate information in the Lotus QuickPlace user interface about users

and groups, such as names, phone numbers, and e-mail addresses when Lotus


QuickPlace manages lookups to the LDAP directory, you might need to change

some of the default attributes that Lotus QuickPlace assumes. For example, by

default the Lotus QuickPlace server assumes an LDAP server uses the sn attribute

to define a user’s last name. However, if the LDAP server uses the lastname

attribute instead, you must change the qpconfig.xml file so Lotus QuickPlace

knows the correct attribute to display for the last name.

To configure which attributes the Lotus QuickPlace server retrieves from the LDAP

directory to display information about users and groups, use the following

qpconfig.xml settings. When you are done making changes to the qpconfig.xml file,

save the file and then restart the HTTP task. The values in bold are ones that you

customize. The LDAP directory server must give the Lotus QuickPlace server

access to the attributes you specify. For information on testing access to attributes,

see the topic ″Access to the LDAP directory server″ later in this chapter.

For information on creating and specifying settings in the qpconfig.xml file, see the

chapter ″Lotus QuickPlace Administration Overview.″

<server_settings>

<user_directory>

<ldap>

<schema>

<object_class>objectClass</object_class>

<user>

<object_class_value>person</object_class_value>

<common_name>cn</common_name>

<display_name>cn</display_name>

<first_name>givenname</first_name>

<last_name>sn</last_name>

<email>mail</email>

<phone>telephone</phone>

</user>

<group>

<object_class_value>groupOfNames</object_class_value>

<common_name>cn</common_name>

<display_name>cn</display_name>

<member>member</member>

</group>

</schema>

</ldap>

</user_directory>

</server_settings>

Note: Information about a member of a place added before a change in the

schema mapping reflects the old mapping. To update the member

information to reflect the new mapping, use the QPTool updatemember

command, or edit the member’s Member Profile in the place.

Note: Mapping dn to the display name is not supported.

Customizing search filters

If Lotus QuickPlace manages lookups to the LDAP directory, you can use the

qpconfig.xml file to customize the LDAP search filters that Lotus QuickPlace uses

to:

v Search for external user names when authenticating users

v Search for external user names to include in places

v Search for external groups to include in places

v Search for the external groups of which an authenticated external user is a

member


To configure search filters, add the following section from the qpconfig_sample.xml

file to the qpconfig.xml file and then customize the settings. You must create

qpconfig.xml, if you haven’t already done so. When you are done editing the file,

save it and then restart the HTTP task.

For more information on creating and using the qpconfig.xml file, see the chapter

″Lotus QuickPlace Administration Overview.″

<server_settings>

<user_directory>

<ldap>

<search_filters>

<authentication>

<![CDATA[(I(cn={0})(uid={0})(shortname={0}))]]>

</authentication>

<user_lookup>

<![CDATA[(&(objectclass=person)(sn={0})(givenname={1}))]]>

</user_lookup>

<group_lookup>

<![CDATA [(&(objectclass=groupOfNames)(cn={0}))]]>

</group_lookup>

<group_membership>

<![CDATA [(&(objectclass=groupOfNames)(member={0}))]]>

</group_membership>

</search_filters>

</ldap>

</user_directory>

</server_settings>

For more information about LDAP search filters, see Domino Administrator Help.

Customizing the search filter to use for authentication

When Lotus QuickPlace cannot find the user name entered at login in the

Contacts1.nsf database, it searches the LDAP user directory to get a distinguished

name for login. Lotus QuickPlace issues the authentication filter shown in bold,

which returns all matches for cn=username, uid=username and

shortname=username.

<authentication><![CDATA[(I(cn={0})(uid={0})(shortname={0}))]]></authentication>

For the matches that result from the search, each distinguished name and

password is passed to the user directory for verification. The first successful

verification sets the current user to that distinguished name.

Edit this line to customize the search filter used for authentication. For example, to

look for the name specified by the user first as a cn attribute value or a mail

attribute value, change the line as follows:

<authentication><![CDATA[(| (cn={0})(mail={0}))] ]></authentication>

Note that the zero (0) indicates that Lotus QuickPlace accepts only one name as

input for authentication. You cannot specify a different value to accept more than

one name for input.

Customizing the search filter used to find users to add to places

The following information in bold shows the default search filter Lotus QuickPlace

uses when place managers search for external user names to add to places:

<user_lookup><![CDATA[(&(objectclass=person)(sn={0})(givenname={1}))]]></user_lookup>

This filter indicates that when a user searches for the name of an external user,

Lotus QuickPlace searches for the objectclass attribute value, person. It also

indicates that it accepts two, comma-separated values from a user who is searching


the directory for an external user. It searches for the first value specified as the

value for the sn attribute, and the second value specified as the value for the

givenname attribute. Edit this line to customize this search filter. For example, to

search for the second specified name as a value for the mail attribute rather than

the givename attribute, change the line as follows:

<![CDATA[(&(objectclass=person)(sn={0})(mail={1}))]]>

If you customize the user search filter, you should also customize the hint the

interface provides for searching and possibly other directory lookup user interface

settings.

For more information, see the topic ″Customizing the directory lookup user

interface″ later in this chapter.

Note that zero (0) and one (1) indicate the first and second, comma-separated input

values, respectively. Lotus QuickPlace does not accept more than two input values

from a user when searching for names to add to places.

Note: When a user adds an external user name to a place, the user can type the

name in the text area directly without clicking the Directory button and

searching for the name. To find the specified name in this case, the user

must specify a unique name in the directory. This unique name can be the

distinguished name or another form of the name, for example, Smith or

Smith, J. If the distinguished name is not specified, then the user lookup

search filter described above is used to search for the name.

Customizing the search filter used to find group names to add to

places

The following information in bold shows the default search filter a Lotus

QuickPlace server uses when users search for external group names to add to

places:

<group_lookup><![CDATA [(&(objectclass=groupOfNames)(cn={0}))]]></group_lookup>

This filter indicates that when a user searches for an external group, the Lotus

QuickPlace server searches for the objectclass attribute value groupOfNames. It also

indicates that the Lotus QuickPlace server accepts one name as input from a user

and that it searches for the group name as the cn attribute value. Edit this line to

customize the search filter. For example, to search for the objectclass value

groupOfUniqueNames and search for the grouptitle attribute, change the line as

follows:

<group_lookup><![CDATA [(&(objectclass=groupOfUniqueNames)(grouptitle={0}))]]></group_lookup>

The zero (0) indicates that Lotus QuickPlace accepts only one name as input for a

group name. You cannot specify another value and accept more than one group

name for input.

Customizing the search filter used to search for members of

groups

After a Lotus QuickPlace server authenticates an external user, the Lotus

QuickPlace server searches for all the external groups of which the user is a

member. Then the Lotus QuickPlace server can determine the access the user has

to places through group membership. The following information in bold shows the

default search filter a Lotus QuickPlace server uses to search for the external

groups of which an authenticated user is a member:

<group_membership><![CDATA[(&(objectclass=groupOfNames)(member={0}))]]></group_membership>


This filter indicates that the Lotus QuickPlace server searches the user directory for

the objectclass attribute value groupofNames and the member attribute value. Edit

this line to customize the search filter. For example, to search for the objectclass

attribute value groupOfUniqueNames and the uniquemember attribute value, change

the line as follows:

<group_membership><![CDATA[(&(objectclass=groupOfUniqueNames)(uniquemember={0}))]]></group_members

The zero (0) indicates that Lotus QuickPlace accepts only one name as input for

the group members. You cannot configure Lotus QuickPlace to accept more than

one.

How the Exact Match search option affects search filters

When a user searches for an external user or group to add to a place, whether or

not the user selects the Exact Match search option has an effect on the search filters

that the Lotus QuickPlace server uses. For example, assume the Lotus QuickPlace

server is configured to use the following search filter when users search for

external users:

<user_lookup><![CDATA[(&(objectclass=person)(sn={0})(mail={1}))]]></user_lookup>

The following table describes the search filter that Lotus QuickPlace uses when a

user searches for one value and for two comma-separated values, depending on

the Exact Match setting.

Exact Match

setting

Search filter used when users searches for:

smi

Search filter used when

user searches for:

smi, @acme

Selected sn=smi

mail=*

sn=smi

mail=@acme

Not selected sn=smi*

mail=*

sn=smi*

mail=@acme*

Customizing the directory lookup interface

If Lotus QuickPlace manages lookups to the LDAP directory, use the qpconfig.xml

file to customize the user interface that users see when looking up users in the

directory to add as place members. You can customize the search hint and also

customize how the user interface displays the results of user searches. Add the

following section from the qpconfig_sample.xml file to the qpconfig.xml file and

then customize the values in bold. When you are done editing the file, save it and

then restart the HTTP task.

These settings apply only when you connect to an LDAP directory through Lotus

QuickPlace.

<server_settings>

<user_directory>

<ldap>

<member_lookup_ui>

<column_name>

<person>sn, givenname</person>

</column_name>

<column_disambiguate>

<person>dn</person>

</column_disambiguate>

</member_lookup_ui>

<search_ui_hint>


<![CDATA[( enter <B>last name, first name</B>)]]> </search_ui_hint>

<search_ui_index>sn</search_ui_index>

</ldap>

</user_directory>

</server_settings>

Note: These customizations apply only to user lookups and not to group lookups.

Customizing the hint provided for user searches

To help users search for users in the directory, the search interface provides a hint

indicating how to do the search. By default the hint is ″enter last name, first

name.″ If you have customized the search filter Lotus QuickPlace uses when users

search for external user names to add to a place, customize the search hint too, so

users can search successfully.

For example, if you specify the following in the <search filters> section of

qpconfig.xml:

<user_lookup><![CDATA[(&(objectclass=person)(sn={0})(mail={1}))]]></user_lookup>

you might then specify the following for in the <search_ui_hint> section:

<![CDATA[( enter <B>last name, email</B>)]]>

Note: You can specify a maximum of 250 characters.

Customizing what the user interface shows as the result of user

searches

By default, when a user searches a directory for external users, for the results

Lotus QuickPlace displays values for the sn and givename attributes in the first

column, and the distinguished names in the second column. To display different

attribute values, change the member_lookup_ui section in qpconfig.xml. To change

the attributes in the first column, modify the column_name section. To change the

attributes in the second column, modify the column_disambiguate section.

For example, to display the sn and mail attribute values in the first column, specify:

<person>sn, mail</person>

Any attributes you specify should be valid ones defined in the schema map.

For more information, see the topic ″Mapping to the Lotus QuickPlace schema″

earlier in this chapter.

You can also use the <search_ui_index> section to customize the attribute value

that shows in the range field in the results box. By default the value for the sn

attribute shows in the range.

Configuring non-standard distinguished names

The dn_delimiter, dn_incoming_is_native, and secondary_cn_component settings,

which you specify in the user_directory - ldap - schema section of the qpconfig.xml

file, are useful for resolving user authentication problems that specific

distinguished name formats can cause. These settings apply only when Lotus

QuickPlace manages the LDAP directory lookups. For information on creating and

specifying settings in the qpconfig.xml file, see the chapter ″Lotus QuickPlace

Administration Overview.″


dn_delimiter setting

By default, when Lotus QuickPlace adds an external user name as a member of a

place, if the name contains a multi-character delimiter that includes a comma or

semicolon, it replaces the comma or semicolon with a forward slash (/) and retains

the additional delimiter character(s) in the name. The forward slash is used for

compatibility with Domino name syntax. When some third-party authentication

applications, such as Netegrity SiteMinder, pass these names to Lotus QuickPlace,

they replace the entire multi-character delimiter with a forward slash (/). This

naming inconsistency between the two applications causes authentication failures.

For example, if the name in a user directory is cn=john doe, ou=sales, o=acme

(comma space delimiter), the name becomes cn=john doe/ ou=sales/ o=acme in a

place (slash space delimiter), but Netegrity SiteMinder passes the name cn=john

doe/ou=sales/o=acme to Lotus QuickPlace (slash delimiter).

If you use a third-party authentication application and experience authentication

failures due to this inconsistency in the handling of multi-character delimiters

containing commas or semicolons, use the dn_delimiter setting in qpconfig.xml to

specify that Lotus QuickPlace replace the entire multi-character delimiter with a

forward slash, to be consistent with the authentication application. If the names of

all the users in the directory use the same multi-character delimiter, specify that

delimiter, terminated by the @ symbol. For example, if all names in the user

directory contain the delimiter , (comma space) specify the following:

<server_settings>

<user_directory>

<ldap>

<schema>

<dn_delimiter>, @</dn_delimiter>

</schema>

</ldap>

</user_directory>

</server_settings>

If names in the directory do not use the same delimiter, use the following

dn_delimiter setting instead to enable Lotus QuickPlace to replace any single- or

multi-delimiter character with a forward slash, if the delimiter conforms to LDAP

RFC 3377.

<server_settings>

<user_directory>

<ldap>

<schema>

<dn_delimiter robust_compare="true"/>

</schema>

</ldap>

</user_directory>

</server_settings>

robust_compare and the My Places feature

When a user accesses My Places from a server’s main place

(http://servername/QuickPlace/quickplace), Lotus QuickPlace has access to only

the user’s Domino-formatted name that the authentication application passes to it.

However My Places requires the LDAP version of a user’s name to use the Place

Catalog to build a list of the user’s places.

In an environment with multi-character delimiters, Lotus QuickPlace uses the

dn_delimiter setting to convert the Domino formatted name it receives from the

authentication application to the LDAP formatted name used in the Place Catalog.

If robust_compare is used with the dn_delimiter setting, Lotus QuickPlace


generates LDAP-formatted names that use single-comma (,) delimiters, regardless

of the actual delimiter used in the names in the directory. Adding a new user as

member of a place after you enable the robust_compare setting automatically

creates the user’s LDAP name in the Place Catalog with the single-comma

delimiter. However, if the Place Catalog contains names of members created prior

to use of robust_compare that do not use single-comma delimiters, you must

change these delimiters to the single-comma delimiter. This is a one-time only

change, which you can do using a Lotus Notes® agent.

dn_incoming_is_native setting

When a third-party authentication application such as Netegrity SiteMinder finds a

distinguished name that contains components other than the cn, ou, and o

components familiar to Domino, it sends the name to Lotus QuickPlace without

adding the Domino-style forward slash delimiters. For example, if Netegrity

SiteMinder finds the name uid=sblake,o=acme in the directory, it passes that name

to Lotus QuickPlace rather than uid=sblake/o=acme. Because Lotus QuickPlace

uses the forward slash delimiters in the names in places, the naming inconsistency

causes authentication failures. This problem is indicated if there are authentication

failures and the Netegrity (or other application ) log shows that the names pulled

from the directory are in the same format as the ones sent to Lotus QuickPlace.

To correct the problem, use the following setting to indicate that Lotus QuickPlace

should convert ″native″ names to the Domino format:

<server_settings>

<user_directory>

<ldap>

<schema>

<dn_incoming_is_native enabled="true"/>

</schema>

</ldap>

</user_directory>

</server_settings>

secondary_cn_component setting

When the second component of a distinguished user name in a user directory is

cn, Lotus QuickPlace converts the component to ou by default. For example, if the

distinguished name of a user in an external directory is

uid=abrown,cn=users,dc=acme,dc=com, Lotus QuickPlace uses this name instead:

uid=abrown,ou=users,dc=acme,dc=com (and the Domino-formatted version,

uid=abrown/ou=users/dc=acme/dc=com). If you experience authentication

failures because of this behavior, correct the problem by specifying the following

setting to retain second cn components found in names:

<server_settings>

<user_directory>

<ldap>

<schema>

<secondary_cn_component enabled="true"/>

</schema>

</ldap>

</user_directory>

</server_settings>

Note: The secondary_cn_component setting is useful regardless if you use a

third-party authentication application.

Specifying a search base for group searches

If Lotus QuickPlace manages lookups to the LDAP directory, by default, the search

base you specify when you connect to an LDAP directory server is used for both


user and group searches. You can use the qpconfig.xml file to specify a search base

specifically for group searches. For example, if the names of the groups you want

to search are under ou=groups,o=acme in the directory name hierarchy, you could

specify ou=groups,o=acme as the search base for groups. Then, the search base

specified when you set up the connection to the user directory applies only to

searches of users.

To specify a search base for group searches, use the following setting in

qpconfig.xml, substituting the search base value in bold for the search base

desired. Restart the HTTP task when you are done making changes.

<server_settings>

<user_directory>

<ldap>

<base_dn>

<group>ou=groups,o=acme</group>

</base_dn>

</ldap>

</user_directory>

</server_settings>



Using nested groups

If Lotus QuickPlace manages lookups to the LDAP directory and the directory has

nested groups -- groups within groups -- that contain Lotus QuickPlace users, use

the following NOTES.INI setting on the Lotus QuickPlace server to allow searches

of the nested groups:

1. QuickPlaceNestedGroupLimit=value

where value represents the number of levels of groups the server can search. By

default the level is 1, meaning that the server doesn’t search nested groups.

2. Enter the following command at the server console to restart the server so the

change takes effect:

restart server

Customizing SSL connections

If Lotus QuickPlace manages lookups to the LDAP directory and you selected the

option ″Check for SSL connection with LDAP user directory,″ optionally use the

following settings in the user directory section of the qpconfig.xml file to

customize the Secure Sockets Layer (SSL) connection. The values in bold are

sample values that you can customize to suit your needs, as described in the

following table. Restart the HTTP task after making changes to the qpconfig.xml

file.

<server_settings>

<user_directory>

<ldap>

<ssl protocol="3" accept_expired_certs="true" verify_servername="true"/>

</ldap>

</user_directory>

</server_settings>


Attribute Description

protocol=″number″ Type one of the following numbers to specify the

SSL protocol used for the connection to the LDAP

server:

0 - Negotiated (default)

1- LDAP V2.0 only

2 - LDAP V3.0 handshake

3 - LDAP V3.0 only

4 - LDAP V3.0 with V2.0 handshake

accept_expired_certs=″value″ Type ″false″ to prevent Lotus QuickPlace from

accepting a certificate from the LDAP server if the

certificate has expired. Type ″true″ (the default) to

accept a certificate that has expired.

verify_servername=″value″ Type ″false″ to prevent Lotus QuickPlace from

verifying whether the LDAP server host name

matches the host name in the SSL certificate. Type

″true″ (the default) to require that the host name

matches the host name in the certificate.

Sample user directory settings for Sun Java System Directory

Server and IBM Directory Server

The following qpconfig.xml customizations are examples of ones to use if you use

Sun Java System Directory Server or IBM Directory Server and Lotus QuickPlace

manages lookups to the LDAP directory. However, because each directory can have

a custom configuration, it is important to verify these with the LDAP directory

administrator. The default values are assumed for omitted settings.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<server_settings>

<user_directory>

<ldap>

<schema>

<group>

<object_class_value>groupOfUniqueNames</object_class_value>

<member>uniquemember</member>

</group>

</schema>

<search_filters>

<group_lookup><![CDATA[(&(objectclass=groupOfUniqueNames)(cn={0}))]]>

</group_lookup>

<group_membership>

<![CDATA[(&(objectclass=groupOfUniqueNames)(uniquemember={0}))]]>

</group_membership>

</search_filters>

</ldap>

</user_directory>

</server_settings>

Switching to a different directory

If Lotus QuickPlace manages lookups to the LDAP directory, perform the following

steps if you want to change the LDAP directory that Lotus QuickPlace uses.

Note: To change to managing directory lookups through Domino, instead see the

topic ″Switching to managing user directory lookups through Domino.″


1. Perform the steps in the topic ″Setting up Lotus QuickPlace to manage user

directory lookups″ earlier in the chapter.

2. If there are distinguished names in the new directory that are different from the

names in the original directory, use the QPTool changehierarchy or

changemember command to update the names in places. For more information

on these commands, see the chapter ″Using QPTool Commands.″

Supporting accented characters in user names (AIX and Solaris)

By default user names containing accented characters in an LDAP directory are not

supported on AIX or Solaris. To support names with accented characters on AIX or

Solaris, follow these steps:

1. Add the following setting to the server notes.ini file:

PLATFORM_CSID=20

2. Enter the following command at the server console:

restart server

Testing access to the LDAP directory server

If Lotus QuickPlace manages user directory lookups, the Lotus QuickPlace server

must have access to an LDAP attribute in order to use it. If the connection is done

to the LDAP directory anonymously (that is, without supplying credentials), the

LDAP directory server must allow anonymous access to the attributes used by

Lotus QuickPlace. To test that attributes are accessible to the Lotus QuickPlace

server, use the ldapsearch tool provided with Domino. From the program directory

on the Lotus QuickPlace server, enter a command such as the following one:

ldapsearch -h ldap.acme.com cn=arch*

In this example, ldap.acme.com is the LDAP directory server. The command

returns the list of accessible users with common names that begin with the string

″arch″. If your LDAP directory server is configured to allow access only with

specific credentials, you can use the same search, supplying the credentials on the

command line:

ldapsearch -h ldap.acme.com -D [username] -w [password] cn=arch*

In this case, the Lotus QuickPlace server also must be configured to use these

credentials for LDAP searches in the Server Settings - User Directory room of the

administration place.

Access to the Domino Directory through LDAP

If you use the Domino Directory as your LDAP directory, fields in the Domino

Directory are mapped to LDAP attributes. To view the mapping, open the Domino

LDAP Schema database (schema.nsF) on the server. Lotus QuickPlace and

ldapsearch use the attribute names. For example, the field OfficePhoneNumber in

the Domino Person document is mapped to the LDAP schema attribute

telephonenumber. Telephonenumber is the name used in ldapsearch and in Lotus

QuickPlace.

If Domino is your LDAP directory and Lotus QuickPlace connects to it

anonymously, you can edit the Domain Configuration Settings document in the


Domino Directory to update the list of attributes allowed for anonymous access.

For more information on setting access to a Domino LDAP directory, see Domino

Administrator Help.

Disconnecting from a user directory

If you disconnect from a user directory, place managers can specify only local

members. Any existing external place members no longer have access to the places.

To disconnect from a user directory:


For example:


2. Click Sign In.



5. Click User Directory.


7. Select No Directory.

8. Click Next.

External group membership

The following tables describes the extent to which various Lotus QuickPlace

features support external group membership. The tables are organized by these

feature categories: security, place membership, notifications, LDAP directory (when

Lotus QuickPlace manages lookups), Sametime and Offline use, and miscellaneous.

Note: This information does not apply to groups used for the expanded

membership feature.

Group membership: security features

The following table describes the extent to which security features support external

group membership.

Feature Description of feature

Membership through external

group

Who can create

places on the server

Specify which users or groups

can create places on the server.

Only explicit members or

members of group listed see

the ″Create a Place″ link.

Yes

Who can administer

the server

Specify which users or groups

can administer the server. Only

explicit members or members

of group listed see ″Server

Settings″ and ″PlaceTypes″

links when accessing the server.

Yes

Super User Can designate a user or group

from the directory as super

user of all places on the server.

This user is a manager of all

places and can see all restricted

pages.

Yes




group

Sign Out and Sign In Sign out of a place or sign into

a place as the same or another

user. Sign Out also deletes all

temporary files on the hard

drive from the upload control.

Yes

Basic authentication For places without Anonymous

access for readers or authors,

all users must sign in with

name and password.

Yes

Multi-server session

authentication

For places without Anonymous

access for readers or authors,

all users must sign in with

name and password on custom

login form found in

domcfg.nsf. After they sign in,

members can access other

places and Domino servers for

which they have access without

re-entering their credentials.

Yes

Netegrity SiteMinder Lotus QuickPlace can be

configured to use Netegrity

SiteMinder as the

authentication scheme.

Yes

Current user link Link to currently authenticated

user in upper left.

Yes. See actual member, not group

name. Link takes you to message

saying no profile available.

Group membership: place membership

The following table describes the extent to which place membership features

support external group membership.



group

Page: restrict readers Restrict readers of a published

page.

Yes, group is available as reader,

member of group can then read.

Page: add editors Add editors to a published

page.

Yes, group is available as editor,

member of group can then edit,

but other group members won’t

see checked out status.

Members view List of all members of a place. Yes. Members folder shows group

name.

Member profile Page showing member

information and preferences for

members and groups.

Yes. Contains common name for

the group. There are no member

profiles for members of the group

unless they are also added

explicitly to the place.

Local place groups Aggregate existing members

and groups in the place for use

in room security.

Yes. Can add external groups to

local place group. Individual

members of the group are not

available unless they have also

been added explicitly to the place.




group

Calendar page

authors

Calendar page authors show on

page and in Calendar view.

Yes. Display_name as set in

qpconfig.xml or common name as

default.

Author column in

folder

Folder displays author names

for all pages.

Shows individual member’s names,

not group name. Display_name as

set in qpconfig.xml or common

name as default.

Username in page

banner

Page displays author name. Shows individual member’s names,

not group name. Display_name as

set in qpconfig.xml or common

name as default.

Forms: name pop-up Field on a form to show

members in place.

Yes. Display_name as set in

qpconfig.xml or common name as

default.

Form: page author Page authors show on page

and in folder views.

Shows individual member’s names,

not group name.

QPTool

changemember

Can change a member in a

place 1) from a local user to a

user from the directory, 2) from

one external directory user to

another (name change), 3) from

one external directory group to

another.

Yes

QPTool

changehierarchy

Can change external users and

groups to a different hierarchy.

For example, if your

organization changes from

ou=sales,o=org to

ou=salesandmarketing,o=org,

you can change the

distinguished names for all

members in a place.

Yes

QPTool

removemember

Remove a member or a group

from a place.

Yes

PlaceType

membership

When a place is created from a

PlaceType, you can populate

the new place with the

membership from the

PlaceType. Membership is

never refreshed after the place

is created.

Yes

Search by author Search for all pages authored

by a member.

No. Can search by individual

author name, not by group name

because the individual author

name and not the group name is

saved with the pages.

My Places A list of all places on the server

for which you are a member.

Clicking the place name takes

you to the place.

Yes


Group membership: notifications

The following table describes the extent to which notification features support

external group membership.



group

Place invitations Send e-mail as new members

with e-mail are added to the

place.

Yes. Explodes the group and sends

invitations to the members of the

group telling them group has been

added, sign in with username.

Notify: From field The ″From″ field when

notifying members of a page or

view in a place.

Shows individual member’s email

address, not email address of

group.

Notify: To, CC, BCC

lists

When addressing a notification,

you can use lists of all

members in place to fill in To,

CC and BCC fields.

Yes. Can choose group if has a

valid email address or group can

be exploded to choose individual

members.

QPTool sendmail Administrator of server can

send mail to members of

place(s)

Yes. Groups are exploded into mail

for individual members of the

group.

What’s new email Summary e-mail about what

has changed in the place.

Individual preference for

receiving what’s new e-mail set

on member profile. Default is

to receive. Manager of place

sets daily or weekly. QPtool

newsletter command by

administrator of server or

server program document

triggers the newsletter.

No. Members of a group do not

have a member profile to set the

preference.

Calendar

subscriptions

Receive notification of new

calendar events. Individual

preference for receiving

notification of calendar events

set on member profile. Default

is not to receive.



preference.

Form: notification

indicator

Notify members when a page

is published with the form.

Yes. Groups are exploded into mail

for individual members of the

group.

Form workflow:

editor-in-chief,

approval cycle

Can send published page to an

approver before making

available to all members.

No. Groups not available as

approver for workflow. Also not

possible if member of a group is

the originator of the workflow

since there is no member profile

and associated information (email).

Group membership: LDAP directory

The following table describes the extent to which LDAP directory features used

when Lotus QuickPlace manages directory lookups support external group

membership.




group

Schema mapping:

display_name

By default, the display name

used is cn. You can map this to

another LDAP attribute in

qpconfig.xml.

Yes

Schema mapping:

common_name

By default, the common name

used is cn. You can map this to

another LDAP attribute (such

as UID, for example) in

qpconfig.xml.

Yes

DBCS usernames Users and groups in an

external directory can have

names that use a double byte

character set.

Yes

Customizing

member lookup user

interface

When searching for members

from a directory to add to a

place, you can customize the

attributes shown in the results

pages, the search index, and

the search hint.

No. Once you select the Group

radio button in the member lookup

dialog, the customizations do not

apply.

Search base for

directory members

and groups

Designate a point in the LDAP

directory structure under which

all users and groups are found.

Yes. Can use search base field on

Server Settings, User Directory

page or base_dn tag in

qpconfig.xml if the search base for

groups is different than search base

for users.

Group membership: Sametime and offline use

The following table describes the extent to which Sametime and offline use

features support external group membership.



group

Sametime awareness Online awareness state icon

and associated menu for the

current user, author online

awareness state.

Yes, for members of the group.

Sametime chat

(members online)

People Online window and

chat functionality.

Yes, for chat. Groups or members

of groups do not show up in the

People Online window.

Sametime meetings Ability to create and attend

online meetings.

Yes

Work offline Install and use place(s) offline.

Take room(s) offline.

No. Members of a group cannot

install places offline or take rooms

offline.

Group membership: miscellaneous features

The following table describes the extent to which various miscellaneous features

support external group membership.




group

Place creation Create a place with specified

creator (initial manager)

No. Must use explicit member as

creator.

Accessibility mode Displays high-contrast theme

and enhances keyboard and

screen reader accessibility.

Individual preference for

accessibility mode set in

member profile. Default is

standard experience (no

accessibility features).



preference.

Tasks: Assignments Assign tasks to members of the

place.

Yes.

Place catalog Collects information about all

places in the service. A

document is created in the

place catalog when a place is

created. Members are added to

readers, authors, and managers

fields. Membership operations

(promote, demote, add, delete,

name change) in the place are

reflected in the place catalog

document.

Yes

Special characters supported for user and group names

The following table summarizes the Lotus QuickPlace support for special

characters in user and group names.

Special character

Allowed for local

users?

Allowed for local

groups?

Allowed for external

users and groups?

@ Yes No No

< No No No

> No No No

& No No No

: No No No

; No No No

^ No No Yes

, (comma) No No Yes

= No No Yes

( No No Yes

) No No Yes

# No No Yes

\ No No Yes

/ No No Yes

| No No No

* No No No


Special character

Allowed for local

users?

Allowed for local

groups?

Allowed for external

users and groups?

+ No No Yes

″ No No No

’ (apostrophe) Yes Yes Yes


Chapter 3 Setting Up the Place Catalog

This chapter describes the Place Catalog and how to set it up.

The Place Catalog

The Place Catalog is a centralized database in which you collect information about

all your places and Lotus QuickPlace servers.

The Place Catalog has two audiences: administrators and users. Administrators can

use the QPTool report command or an XML interface to the Lotus QuickPlace Java

XML API to access the Place Catalog to query information. Users access the Place

Catalog indirectly, through features such as My Places, which allows them to see

the places they belong to, and Search Places, which allows them to search in places

across the enterprise.

For information on how to access the Place Catalog with the Lotus QuickPlace Java

XML API, see the Lotus QuickPlace Developer’s Guide. For more information on the

QPTool report command, see the chapter ″Using QPTool Commands.″

Setting up the Place Catalog

The Place Catalog feature is automatically enabled on all Lotus QuickPlace server

installations. When you install a Lotus QuickPlace server, a local Place Catalog

database (PlaceCatalog.nsf) is created. If you want to change Place Catalog settings

or disable the Place Catalog, create a file called qpconfig.xml and copy into it the

Place Catalog section from the file qpconfig_sample.xml. Then change settings. For

more information on creating a qpconfig.xml file, see the chapter ″Lotus

QuickPlace Administration Overview.″

For example, if your enterprise has several Lotus QuickPlace servers and you want

more than one to share a Place Catalog on a remote server, each Lotus QuickPlace

server must have its own qpconfig.xml which specifies the server and file name of

the Place Catalog. After you have set qpconfig.xml to point to the correct Place

Catalog server, you can delete the local Place Catalog database on the Lotus

QuickPlace server.

After you set up Place Catalog you must register any previously existing places.

You can set up one Place Catalog to service your enterprise, or set up several Place

Catalogs to service different areas of your enterprise. It is recommended that an

enterprise have a designated Place Catalog server (or servers) whose only purpose

is to contain the Place Catalog. Each Place Catalog server should be part of a

cluster with at least one failover server.

To set up a remote Place Catalog server shared by more than

one server

1. Install Lotus QuickPlace.

2. Make sure the server is accessible to other Lotus QuickPlace servers over Lotus

Notes RPC (TCP/IP port 1352) and the HTTP protocols. This is set up by

default.


3. In the ACL of the Place Catalog database, give access to Lotus QuickPlace

servers and system administrators only. By default, the database has the

following listed as Managers in the ACL: Lotus QuickPlace server, the system

administrator, LocalDomainServers, and QuickPlaceAdministratorsSUGroup.

4. Open the Place Catalog database from the Domino Administrator client and

create a full-text index. The Place Catalog database must be full-text indexed

for the QPTool report command and the My Places feature to work. For more

information on creating and updating full-text indexes, see Domino

Administrator Help.

To configure Place Catalog qpconfig.xml settings

1. On each Lotus QuickPlace server that will communicate with the Place Catalog

server, create a file called qpconfig.xml and save it as a text file.

2. Copy the following content to qpconfig.xml from qpconfig_sample.xml,

replacing sample values with your own values.

For descriptions of each XML tag, see the next topic ″Place Catalog XML.″ For

more information on copying from the sample file, see the chapter ″Lotus


<?xml version="1.0" standalone="yes"?>

<server_settings>

<place_catalog enabled="true" log_level="0">

<connection_pool size="8" />

<place_catalog_servers>

<server>

<domino_server_name>name</domino_server_name>

<nsf_filename>PlaceCatalog.nsf</nsf_filename>

</server>

</place_catalog_servers>

</place_catalog>

</server_settings>

3. If the Lotus QuickPlace server is part of a cluster, set the appropriate values

within the <cluster> node.

For more information on configuring a clustered Lotus QuickPlace server to

work with the Place Catalog, see the chapter ″Administering Lotus QuickPlace

Servers in a Cluster.″

4. Type the following command to restart the HTTP task so that Lotus QuickPlace

recognizes the changes:

restart task http

To register existing places and servers with the Place Catalog

A Lotus QuickPlace server may already contain places that were created prior to

configuring the Place Catalog, or that were added from a different server. In this

case, the Place Catalog must be told of the existence of these places. This is done

by using the QPTool register command.

Note: Because the Place Catalog must uniquely identify a place by its name, two

different places cannot have the same name. When upgrading an existing

QuickPlace installation where two different places might have the same

name on two different servers, the administrator must first resolve the

conflict by unregistering one of the places, renaming its directory, and then

registering the place with the new name. For more information on the

QPTool register command, see the chapter ″Using QPTool Commands.″ For

more information on upgrading to a Lotus QuickPlace 7 enterprise, see the

Lotus QuickPlace Installation and Upgrade Guide.


Lotus QuickPlace servers also must be registered with the Place Catalog. You can

do register servers either by creating a place on the server, which automatically

creates a server entry in the Place Catalog, or by using the QPTool command

″qptool register -server.″

Note: If a server is registered in the Place Catalog and you change the port,

protocol settings, or a URL prefix for the server, use ″qptool unregister

-server″ to unregister the server, then use ″qptool register -server″ to register

the server with the Place Catalog again so that place URLs are constructed

correctly. Or update the appropriate fields in the server’s PlaceServer

document manually in the Place Catalog.

To populate the Catalog with entries for servers, and for places that existed before

the Catalog was enabled, enter the following in the Domino server console:

Server console command Description

load qptool register -server Registers the server with the Place Catalog.

load qptool register -placecatalog -a Registers existing places with the Place

Catalog.

For more information on registering places and servers with QPTool commands,

see the chapter ″Using QPTool commands.″

Place Catalog XML

The following table describes each Place Catalog XML setting in the qpconfig.xml

file.

Element or attribute Description

place_catalog

enabled

The place_catalog section contains settings to

enable the server to use a Place Catalog. Set

the ″enabled″ attribute to ″true″ to tell the

server to search for an existing Place

Catalog.

The default setting is enabled=″true.″ To

prevent the server from looking for a Place

Catalog, change the enabled attribute to

enabled=″false″ or remove the entire

<place_catalog> section.


Element or attribute Description

log_level You can log operations related to the Place

Catalog in the Domino server console as

follows:

Level 1 - Logs all Catalog database open and

close operations

Level 2 - Logs all server registration

operations

Level 3 - Logs all place registration

operations

Level 4 - Logs all member registration

operations

Each level also includes the information in

the levels below it.

connection_pool size For efficiency, the Lotus QuickPlace server

creates a pool of connections to the Place

Catalog that can be shared by the different

requests on that Lotus QuickPlace server.

This number should reflect the number of

simultaneous requests that could result in a

query or update to the Place Catalog. These

types of requests include creation of places,

the addition of or changes to place

membership, and administration requests

made by QPTool.

You may want to start with a number

representing a third of the maximum HTTP

threads. For example, if the server uses 90

threads, then set this value to 30.

place_catalog_servers This section lists all Place Catalog servers

the local Lotus QuickPlace server will

communicate with. Lotus QuickPlace

supports only one Place Catalog server.

server This section specifies settings for a particular

Place Catalog server.

domino_server_name Specify in Domino format the name of the

server hosting the Place Catalog, for

example, server/organization.

nsf_filename Specify the name of the Place Catalog

database, for example, PlaceCatalog.nsf.

For information on configuring the Place Catalog to work in a clustered server

environment, see the chapter ″Administering Lotus QuickPlace Servers in a

Cluster.″


How the Place Catalog works

The Place Catalog contains data on the Lotus QuickPlace servers in your service,

the places that live on those servers, and the members of those places. Each server

and each place in your service has a separate entry in the Catalog. A Catalog entry

is implemented as a Lotus Notes® document.

The following figure shows an example of a Catalog entry for a place titled ″Place

One.″

The following figure shows a Catalog entry for a Lotus QuickPlace server called

″server1.acme.com.″

How entries are updated

Some entries are created or updated in the Place Catalog in real time -- the

moment an event happens. Other entries are created or updated manually by a

server task, or on a scheduled basis.

It is essential that certain data be sent in real time to avoid conflicts. For example,

in a Lotus QuickPlace service there cannot be two places with the same name. The

creation of a new place is an event that creates a new Catalog entry in real time.


When a user creates a new place, Lotus QuickPlace first checks the Catalog for that

name before creating a new entry. If it finds an existing place with that name, the

user is prompted to choose a different name. If the creation of a place did not

immediately create an entry, it would be possible for two users to create two places

with the same name, which would cause a conflict when Lotus QuickPlace

attempted to create entries for both in the Catalog. For this reason, a Place Catalog

server that a Lotus QuickPlace server is configured to use must always be

available. To increase availability of the Place Catalog, the Domino clustering

feature can be used to make several Place Catalog servers available.

The following events create or update Place Catalog entries in real time:

Event Description

A Lotus QuickPlace server is registered in,

or unregistered from, the Lotus QuickPlace

service.

A server becomes part of the service when

qptool register -server command is issued, or

when a place is created on the server. When

a place is created, an entry for the server is

immediately created in the Catalog if one

does not already exist. Similarly, when qptool

unregister -server is issued, the entry for the

server is immediately removed from the

Catalog.

Removal of a place from the service by

qptool unregister.

The server’s place entry is removed. If the

place is part of a Lotus QuickPlace server

cluster with a virtual server, the virtual

server place entry is also removed.

For more information on virtual servers in a

cluster, see the chapter ″Administering Lotus

QuickPlace Servers in a Cluster.″

Creation of a place from a browser or

registration of a place by qptool register.

A new entry is created. The Place Catalog

server must be running for users to create

new places in the service.

If the place is created on one server in a

cluster, an entry for the virtual server is also

created.

Creation of a place on a cluster server node

by qptool replicamaker.

A place entry for that server cluster node is

created.

Deletion of a place from a browser or by

qptool remove.

The place’s entry is deleted. Its name cannot

be used for a new place until the QPTool

remove -- cleanup command has run, either

automatically overnight, or manually by the

administrator. In a cluster environment, this

would have to be done on all cluster nodes.

Deletion of a place in a cluster server node

by qptool remove -cleanup.

The place’s entry for that server node is

deleted from the catalog.

Creation of a member. The new member is added to the place entry

with the proper access level.

Deletion of a member. The member is removed from the place

entry.

A change in member access. The member moves to the field appropriate

to their new access level.

A place is accessed. The PlaceLastAccessed field is updated,

which can take up to a minute.


Event Description

Locking a place by qptool lock. The PlaceIsLocked field of the Place Catalog

entry is set to 1. If the place is in a cluster

with a virtual server, the PlaceIsLocked field

in the virtual server entry is also set to 1.

Unlocking a place by qptool unlock. The PlaceIsLocked field of the Place Catalog

entry is set to 0. If the place is in a cluster

with a virtual server, the PlaceIsLocked field

in the virtual server entry is also set to 0.

The following data can be updated using the QPTool placecatalog -push command

or on a schedule on the Lotus QuickPlace server.

Event Description

Place size. The PlaceSize field is updated.

Dates and times the place was last modified. The PlaceLastModified field is updated.

To update the PlaceSize and PlaceLastModified data on a particular place, enter the

following commands from the server console:

Server console command Description

load qptool placecatalog -p placename(s) -push Updates size and last modified data for the

place you specify. To specify more than one

place, separate the placenames with spaces.

load qptool placecatalog -a -push Updates size and last modified data for all

places on the server.

load qptool placecatalog -? Ouputs quick help on the syntax of all the

placecatalog arguments.

load qptool placecatalog -i inputfilename -push Takes an XML file specifying the places to

update.

For more information on updating the Place

Catalog with an XML input file, see the

Lotus QuickPlace Developer’s Guide.

load qptool placecatalog -p placename(s) -o

outputfilename -push

Outputs the places that have been updated

to a non-default output file. (The default file

is qptool.placecatalog.xml in the server’s

program directory.)

Or to update the the PlaceSize and PlaceLastModified fields at 2 AM, add the

appropriate command line entry from the preceding table to the ServerTasksAt2=

line in the server’s NOTES.INI file. Or, if you want multiple servers in the Lotus

QuickPlace/Domino domain to share the schedule, create a server program

document in the Domino Directory of the Lotus QuickPlace domain. For more

information on creating a server program document, see Domino Administrator

Help. For more information on QPTool commands, see the chapter ″Using QPTool

Commands.″

Synchronizing Place Catalog data in a cluster

In an enterprise with a Lotus QuickPlace server cluster, the QPTool placecatalog

-update command can be run on the Place Catalog server to synchronize data

between a place’s entries on each physical server, and the place’s virtual entry. For


example, before QPTool placecatalog -update is run, the place’s virtual entry

contains the membership information, but the place’s physical server entries do

not. After QPTool placecatalog -update, both entries contain the same field values.

For more information on clusters, see the chapter ″Administering Lotus QuickPlace

Servers in a Cluster.″

Enabling DBCS members to use My Places

For double-byte character set (DBCS) users to use My Places:

v The users must be from an external user directory.

For more information on external user directories, see the chapter ″Connecting to

a User Directory.″

v The server must be configured for session-based (single sign-on) authentication.

You configure session-based authentication through Domino.

For more information, see the chapter ″Setting Up Security.″

v You must open the NOTES.INI file on the Place Catalog server and add the

following variable:

Country_Language=xx[-xx]

Use one of the following codes for xx[-xx]:

CollationName Code

Japanese ja

Korean ko

Simplified Chinese zh-cn

Traditional Chinese zh-tw

You must restart the server. Then open the Place Catalog database in Notes and

press CTRL+SHIFT+F9 to re-index the views.

Recovering if the Place Catalog server goes down

If Lotus QuickPlace servers use a remote Place Catalog server and the Place

Catalog server stops, users cannot create new places, but they can continue to

work with existing places. While the users work with these existing places, the

following fields in the Place Catalog change automatically because of the user

activity:

v PlaceSize

v PlaceLastAccessed

v PlaceLastModified

v PlaceReaders

v Place Authors

v PlaceManagers

When the Place Catalog server starts again, use the QPTool placecatalog -push -p

command on the Lotus QuickPlace server to update these fields:

v PlaceSize

v PlaceLastAccessed

v PlaceLastModified


If any place membership changes are made while the Place Catalog server is

stopped, you must use the QPTool unregister -placecatalog and register

-placecatalog commands to unregister and then re-register the place.


Note: It’s important to keep Place Catalog servers highly available. For

information on creating a cluster of Place Catalog servers, see the chapter

″Administering Lotus QuickPlace Servers in a Cluster.″ No places should be

included in a cluster of Place Catalog servers.



Chapter 4 Managing PlaceTypes

This chapter describes how to create PlaceTypes to use as blueprints for creating

places, order PlaceTypes in the list of PlaceTypes, refresh PlaceTypes, and copy and

delete PlaceTypes.

PlaceTypes

As you set up a place to meet the needs of your team or organization, you may

want to preserve your customizations for use in other places. For example, if a

manager has created a theme that gives a particular place the look and feel of your

corporate Web site, you may want to make that design available for the creation of

other places in your organization.

You can preserve the design and content of a place by creating a PlaceType. A

PlaceType is a blueprint from which users can create places. You can take a

snapshot of a place and make it a PlaceType. Also, you can control the design and

content of a child place by refreshing it with updates from the PlaceType.

Creating a PlaceType and making it available to users is a two-step process. First, a

user with Manager access to a place customizes a place, allows it to be a

PlaceType, and specifies which design elements will be preserved in the PlaceType.

For information on completing these steps, see the Help. Second, a server

administrator creates the PlaceType on the server so it is available to users, as

described in this chapter.

Creating a PlaceType

To create a PlaceType:

1. Sign in to the Lotus QuickPlace home page as an administrator.

2. Click PlaceTypes in the table of contents.

3. Click Create PlaceType.

4. Type a name for the PlaceType. The name you type appears in the list of

PlaceTypes a users see when they create places.

5. Select the name of the place you want to use as a PlaceType.

The manager of the place must have allowed the place to be a PlaceType and

specified the design elements that are preserved in the PlaceType. For more

information, see the Help.

6. Click Next.

Note: Users cannot create a PlaceType from a place that uses expanded

membership.

To give users information about the PlaceType

When users create a place, they see a list of the available PlaceTypes on which they

can base their new place. To help them understand the choices, you can include a

short description of the PlaceType, a thumbnail sketch of the PlaceType, and a link

to a Web page with a more detailed description of the PlaceType.

To give users information about a PlaceType:




3. Click the name of the PlaceType.

4. Click Edit.

5. Do one of the following:

v To add the description and other information shown and also to refresh the

PlaceType, click ″Yes (default), copy changes and update the information

below.″

v To update the description and other information shown but not refresh the

PlaceType, click No.For more information, see the topic ″Refreshing a PlaceType from the

PlaceTypes view in the administration place″ later in this chapter.

6. Do one or all of the following:

v Type a short description for the PlaceType. The description appears next to

the PlaceType in the list.

v Choose an image file that contains a ″thumbnail sketch″ of a page in the

PlaceType. The image file must be a GIF or JPG file, and the image itself

should be no larger than 100 pixels by 80 pixels. The thumbnail sketch

appears next to the PlaceType name in the list.

v Specify the address of a Web page under ″Optionally, you can provide a URL

for users to visit for more information.″ When you specify the address of a

Web page, Lotus QuickPlace displays the link text ″More info″ below the

description of the PlaceType in the list.7. Click Next.

Note: You cannot edit the description of the default PlaceType.

Editing the server’s PlaceType list

You can change the order of the PlaceType names in the list of PlaceTypes that

users see when they create a place. For example, if your list contains 150

PlaceTypes, but ″MeetingRoom PlaceType″ is the most popular, you can move

″MeetingRoom PlaceType″ to the top of the list. To reorder the PlaceType list:



3. Click Reorder.

4. Click the PlaceType name you want to move.

5. Click the up or down arrow to move the PlaceType.

6. Click Next.

To hide or display PlaceType names in the list

You can hide the name of a PlaceType in the list of PlaceTypes that users see when

they click ″Create a Place.″ For example, if you are experimenting with the

contents of the PlaceType, you can hide the PlaceType while it is in progress. The

word ″hidden″ appears next to the name of the PlaceType in the list of PlaceTypes

you see as the Lotus QuickPlace server administrator.



3. Click Show/Hide.


4. To hide the name of a PlaceType in the list, remove the check mark next to the

name of that PlaceType. To display the name of a PlaceType in the list, check

the box next to the name of that PlaceType.

5. Click Next.

Refreshing PlaceTypes and places

You can create a PlaceType from a place and a place from a PlaceType. When one

is created from the other, the server maintains a ″parent-child″ relationship

between the two. You can refresh a child place or child PlaceType so the child

inherits new and modified elements from its parent.

For example, a Lotus QuickPlace developer creates a new place called ″Sales″ and

gives it the look and feel you want to appear in places created by the Sales team.

The developer allows it to be a PlaceType, and you create a PlaceType from it

called ″Sales PlaceType.″ To test it, you create a place called ″Sales Test″ from

″Sales PlaceType.″ If you want to change some design elements, you can ask the

developer to change the elements in ″Sales,″ then refresh ″Sales PlaceType,″ then

refresh ″Sales Test.″ ″Sales PlaceType″ inherits from ″Sales,″ and ″Sales Test″

inherits from ″Sales PlaceType.″

The QPTool refresh command refreshes places and PlaceTypes. By default, QPTool

refresh runs daily at 4 AM to refresh all child places (not including PlaceTypes) on

the server. The place manager can control whether QPTool refreshes a place. To

refresh a PlaceType, administrators can initiate the refresh command from the

administration PlaceTypes room or use the traditional method for running QPTool

commands.

Note: When you refresh a place or PlaceType in a cluster, do the refresh on one

server only and then let the changes replicate to the other servers.

For more information on the QPTool refresh command, see the chapter ″Using

QPTool Commands.″

Place membership

If the place manager allows it, membership of a place can be passed to a PlaceType

when the PlaceType is created. That membership is then passed to new places

created from the PlaceType. For example, if Annie was a member of ″Sales″ with

Author access, she became an Author in ″Sales PlaceType″ and ″Sales Test″ when

they were created.

However, changes to members and membership are not inherited when you

refresh. For example, if the manager of ″Sales″ changes Annie’s access to Reader in

″Sales,″ when you refresh ″Sales PlaceType″ and ″Sales Test,″ Annie still has Author

access in ″Sales PlaceType″ and ″Sales Test.″

CAUTION:

When a new room is inherited, membership to the room is not inherited, but

instead is determined by the room’s parent room in the place. For example, to

continue the preceding example, assume that the manager of ″Sales″ adds a new

room called ″Finances″ and gives only herself access to read sensitive

information in it. When ″Sales PlaceType″ and then ″Sales Test″ are refreshed,

″Sales Test″ inherits the room ″Finances″ but all ″Sales Test″ members with

Reader access or above can read ″Finances″ unless the ″Sales Test″ manager

changes access.

Chapter 4 Managing PlaceTypes 49

Levels of refresh

There are two levels of refresh available for a place: basic refresh (the default level)

or replace. With basic refresh, elements originating from a PlaceType but modified

directly in a place are not affected by the refresh. For example, basic refresh does

not affect changes a place manager makes to the Welcome page.

A replace occurs only when you use QPTool refresh command with the -r

argument. Use replace with extreme caution because it causes all elements in a

place that originated from a PlaceType to be updated, even elements modified

directly in the place.

Neither basic refresh nor replace modifies elements that were created directly in a

place rather than originating from a PlaceType.

Because changes to a PlaceType are never made directly in a PlaceType but instead

can occur only through a refresh, it makes no difference which level of refresh you

use to refresh PlaceTypes.

How basic refresh affects the elements in places

If you do a basic refresh of a child place with its PlaceType, and there are no

changes in the PlaceType, the refresh causes no change in the child place. If there

are changes in the PlaceType, the child place does not inherit an element change or

deletion from the PlaceType if the element was also changed or deleted directly in

the child place. The following tables describe this behavior in detail.

Elements modified in the PlaceType

The following table describes what happens as the result of a basic refresh of a

place when elements have changed in its PlaceType.

Element

modified in

PlaceType

Refresh effect

on element in

place if element

not changed in

place

Refresh effect on

element in place if

element changed in

place

Refresh effect on element

in place if element

deleted in place

Page Updated No change No change

Folder Updated No change No change

Room Updated No change No change

Form Updated No change No change

Field Updated No change No change

Theme Updated No change No change

PlaceBot Updated No change No change

Room Setting Updated No change No change

Aesthetic Settings Updated No change No change

Member No change No change No change

Local group No change No change No change

Elements deleted in the PlaceType

The following table describes what happens as the result of a basic refresh of a

place when elements have been deleted in its PlaceType.


Element deleted

in PlaceType

Refresh effect

on element in

place if element

not changed in

place

Refresh effect on

element in place if

element changed in

place

Refresh effect on element

in place if element

deleted in place

Page Deleted No change No change

Folder Deleted* No change No change

Room Deleted** No change No change

Form Deleted No change No change

Field Deleted No change No change

Theme Deleted No change No change

PlaceBot Deleted No change No change

Room Setting N/A N/A N/A

Aesthetic Settings N/A N/A N/A



**Rooms that contain elements originating from a PlaceType but modified directly

in the place, or that contain elements created in the place rather than originating

from a PlaceType, are not deleted.

A task page in a place derived from a PlaceType lists [h_Managers] as editor

Note: In a place that is derived from a PlaceType, all task pages display

[h_Managers] in ″Who can edit this task″. Since membership is not

refreshed, members removed from the place will not be added back during

refresh. The [h_Managers] entry ensures that managers of the place can edit

the page if all other editors are removed from the place.

How replace affects the elements in places

If you replace a place with its PlaceType -- using qptool refresh -r -- changes made

to elements directly in the place that originated in the PlaceType are lost. For this

reason you should use replace with extreme caution. The following tables describe

the behavior of a replace in detail.

Elements not changed in the PlaceType

The following table describes what happens as the result of a replace of a place

when elements have not changed in its PlaceType.

Element not

changed in

PlaceType

Replace effect

on element in

place if element

not changed in

place

Replace effect on

element in place if

element changed in

place

Replace effect on element

in place if element

deleted in place

Page No change Replaced Copied back

Folder No change Replaced Copied back

Room No change Replaced Copied back

Form No change Replaced Copied back

Field No change Replaced Copied back


Element not

changed in

PlaceType

Replace effect

on element in

place if element

not changed in

place

Replace effect on

element in place if

element changed in

place


in place if element

deleted in place

Theme No change Replaced Copied back

PlaceBot No change Replaced Copied back

Room Setting No change Replaced Copied back

Aesthetic Settings No change Replaced Copied back



Elements modified in the PlaceType


when elements have been modified in its PlaceType.

Element

modified in

PlaceType

Replace effect

on element in

place if element

not changed in

place

Replace effect on

element in place if

element changed in

place


in place if element

deleted in place

Page Updated Replaced Copied back

Folder Updated Replaced Copied back

Room Updated Replaced Copied back

Form Updated Replaced Copied back

Field Updated Replaced Copied back

Theme Updated Replaced Copied back

PlaceBot Updated Replaced Copied back

Room Setting Updated Replaced Copied back

Aesthetic Settings Updated Replaced Copied back



Elements deleted in the PlaceType


when elements have been deleted in its PlaceType.

Element deleted

in PlaceType

Replace effect

on element in

place if element

not changed in

place

Replace effect on

element in place if

element changed in

place


in place if element

deleted in place

Page Deleted Deleted No change

Folder Deleted* Deleted* No change

Room Deleted** Deleted** No change

Form Deleted Deleted No change

Field Deleted Deleted No change


Element deleted

in PlaceType

Replace effect

on element in

place if element

not changed in

place

Replace effect on

element in place if

element changed in

place


in place if element

deleted in place

Theme Deleted Deleted No change

PlaceBot Deleted Deleted No change

Room Setting N/A N/A N/A

Aesthetic Settings N/A N/A N/A



*Folders that contain pages created directly in the place rather than originating

from the PlaceType are not deleted.

**Rooms that contain any element created directly in the place rather than

originating in the PlaceType are not deleted.

Controlling whether the QPTool refresh command refreshes a

place

Place managers control whether the QPTool refresh command refreshes places

created from a PlaceType. By default, the QPTool refresh command refreshes

places. The QPTool refresh command runs on all places created from PlaceTypes

daily at 4 AM, but administrators can also run it on specific places.

To specify whether the QPTool refresh command refreshes a place:

1. Open the place.

2. Click Customize in the table of contents.

3. Click Basic.

4. Click ″Change Basics.″

5. In the Updates section, check ″Receive updates″ (default) to allow QPTool

refresh to refresh the place. Remove the check mark to prevent QPTool refresh

from running on this place.

Refreshing a PlaceType from the PlaceTypes view in the

administration place

If a place used to create a PlaceType is modified, you can use the PlaceTypes room

in the administration place to initiate the QPTool refresh command to do a basic

refresh of the child PlaceType. If you use this method, at the same time you refresh

you can modify the description that users see, the image, and the URL provided to

users for more information.



3. Click the name of the PlaceType you want to refresh.

4. Click Edit.

5. Do one of the following:

v To update the description and other information shown and also to refresh

the PlaceType, click ″Yes (default), copy changes and update the information

below.″


v To update the description and other information shown but not refresh the

PlaceType, click ″No, simply update the information below.″6. (Optional) Change the description for the PlaceType.

7. (Optional) Change the image selection for the PlaceType.

8. (Optional) Change the URL information shown.

9. Click Next.

Choosing to refresh the PlaceType in Step 5 starts QPTool refresh in the

background. If QPTool refresh is already running when you click Next, the

PlaceType is not refreshed since only one instance of QPTool refresh can run at a

time. Check the server console to determine whether a PlaceType has been

refreshed.

You can also refresh a PlaceType by running the QPTool refresh command from the

server console or command line. For more information, see the chapter ″Using

QPTool Commands.″

Signing a newly inherited scheduled PlaceBot in a place

When a place first inherits a new scheduled PlaceBot (agent), the place manager

must sign the PlaceBot before it runs. This step is necessary only for a newly

inherited scheduled PlaceBot:

1. Open the place.

2. Click Customize in the table of contents.

3. Click PlaceBots.

4. Select the PlaceBot and click Sign PlaceBot.

Copying a PlaceType

You can use operating system commands to copy a PlaceType from one Lotus

QuickPlace server to another.

A PlaceType consists of a set of Notes database files (NSF files) in the AreaTypes

subdirectory on the Lotus QuickPlace server. For example, if you create a

PlaceType called Rapid Response, and your Domino and Lotus QuickPlace servers

are installed in the c://lotus/domino directory, the NSF files for Rapid Response

would be stored in the following location:

c:\Lotus\Domino\data\QuickPlace\AreaTypes\Rapid Response\

To copy a PlaceType from one Lotus QuickPlace server (server A) to another Lotus

QuickPlace server (server B):

1. On server B, create a subdirectory for the PlaceType in

x:\Lotus\Domino\data\QuickPlace\AreaTypes, where x is the drive on which

Domino and Lotus QuickPlace are installed.

2. Copy the PlaceType files from server A to the subdirectory you created on

server B.

3. If the PlaceType has PlaceBots, you must sign the agents in the database using

the server ID of the current server, that is, server B. For more information on

signing a database, see Domino Designer Help.

4. Use the following procedure to add the copied PlaceType to the list of

PlaceTypes on server B.


To add copied PlaceTypes to the PlaceType list

If you copied PlaceType files to the Lotus QuickPlace server, you can add that new

PlaceType to the list of PlaceTypes on the current server. You see the list of

PlaceTypes when you sign in to the current server as the server administrator and

click PlaceTypes in the table of contents. The new PlaceType is also available to

Lotus QuickPlace creators until or unless you hide the name of the PlaceType.

To add a PlaceType copied from another server to the list of PlaceTypes on the

current server, do the following:



3. Click Refresh List.

Deleting a PlaceType

When you follow the steps below or when you use the QPTool remove command

without the -now argument, to mark a PlaceType for deletion on the current server,

it is no longer available to users. However, the file and directory are not actually

deleted until the QPTool remove -cleanup command runs on the server at 2 AM.

You can remove the PlaceType immediately by running the QPTool remove -now

command.

For more information on the remove command, see the chapter ″Using QPTool

Commands.″

Note: You cannot delete the default PlaceType.



3. In the list of PlaceType names on the screen, click the name of the PlaceType

you want to delete.

4. Click Delete.

5. In Lotus QuickPlace server cluster, do the following on each additional server

in the cluster to remove the PlaceType from the PlaceTypes view of the

administration place. This step is necessary because the administration place

does not replicate in a cluster.

a. Sign in to the Lotus QuickPlace home page as an administrator.

b. Click PlaceTypes in the table of contents.

c. Click Refresh List.



Chapter 5 Administering Lotus QuickPlace Servers in a

Cluster

This chapter describes how to set up Lotus QuickPlace servers in a clustered server

environment.

Lotus QuickPlace servers in a cluster

A Domino cluster is a group of two to six servers that provides users with constant

access to data, balances the workload between servers, improves server

performance, and maintains performance when the size of your enterprise

increases. The servers in a cluster contain replicas of databases that you want to be

readily available to users at all times. If a user tries to access a database on a

cluster server that is unavailable, Domino opens a replica of that database on a

different cluster server, if a replica is available. Domino continuously synchronizes

databases so that whichever replica a user opens, the information is always

identical.

Clusters provide high availability of important databases, and clustered servers can

redirect database open requests to other servers in the clusters, allowing users

uninterrupted access to their databases. You can use clustering to provide high

availability of a Lotus QuickPlace service, or group of servers. You can administer

servers in a cluster by adding, removing, or upgrading them.

Using clustering to provide high availability of the Lotus QuickPlace service

consists of setting up:

v Two or more servers to replicate the data.

v A solution to distribute HTTP requests to one or more of the servers in the

cluster.

Domino Enterprise Server software is used to set up and manage the cluster. The

servers in the cluster are sometimes referred to as cluster nodes. Lotus QuickPlace

is installed on each of these nodes.

There are several solutions available for distributing HTTP traffic among a number

of servers. The Lotus QuickPlace application requires that HTTP requests sent to

one node are continuously sent to that node for a predetermined amount of time.

This time period is sometimes known as ″sticky time.″

Upgrading an existing Lotus QuickPlace server to provide high availability

involves:

v Setting up a separate cluster of servers.

v Using QPTool commands to move the places to the newly set up cluster.

For more information on moving places, see the chapter ″Using QPTool

Commands.″

Administering and managing a Lotus QuickPlace server that is in a cluster is the

same as administering and managing a server that is not clustered. With the

exception of adjustments to the load balancing hardware and software, you make


changes individually to each server by addressing the server directly by its

hostname or Domino name when you use any of the following methods or tools:

v Using the browser to sign in to the server and visiting the Server Settings page,

also known as the Lotus QuickPlace Administration Room.

v Using the Domino Administration Client to make changes, usually to the

Domino Name and Address Book.

v Making changes using the file system such as modifying the NOTES.INI file or

inspecting HTTP logs.

For information on upgrading a Lotus QuickPlace server in a cluster, see the book

Lotus QuickPlace Installation and Upgrade Guide.

Planning capacity

Before you set up a Lotus QuickPlace cluster, you must first decide:

v How many concurrent users need to be supported.

v The type of clustering solution to be implemented.

These decisions determine how many servers of a given specification are required

to support the user population for a given rate of Lotus QuickPlace usage.

Types of clustering solutions

The total number of servers required depends on the type of clustering solution.

The simplest clustering solution is failover to a ″hot spare,″ in which a primary

server and a secondary server are clustered. The primary server handles user

requests, and the secondary server is held in reserve in case the primary server

fails or requires a scheduled stoppage. When the primary server is taken offline,

user requests fail over to the hot spare until the primary server comes back online.

In this type of cluster, the resources of the hot spare are not utilized while the

primary server is active: the capacity of the cluster is the capacity of the primary

server. Therefore, if a given server specification supports 1,000 concurrent users,

two such servers are required to support 1,000 users. If the hot spare is identical to

the primary server, the capacity remains the same after the primary server fails

over.

To make full use of all available servers, a load-balancing solution can be

implemented. With load balancing, servers share the user load, and the maximum

capacity of the cluster is approximately the sum of the capacities of the servers in

the cluster. For example, a cluster of three servers that each support 1,000 users has

approximately a maximum capacity of 3,000 concurrent users. However, if one

server goes offline, the capacity of the cluster is reduced correspondingly (to 2,000

users in the example). Therefore, the average capacity of a load-balanced cluster is

less than the maximum possible, and allowance should be made for server

downtime so that response times do not significantly decrease when a single server

becomes unavailable. Having more than two servers in a cluster provides greater

flexibility and reliability because when a server is taken offline for scheduled

maintenance, failover can still occur among the remaining available servers.


Creating a cluster

To create a cluster, you must have at least Author access, Delete Documents rights,

and the ServerModifier and ServerCreator roles in the Domino Directory, and at

least Author access in the Administration Requests database. If possible, use the

administration server when creating a cluster. The administration server does not

have to be part of the cluster.

Note: If a server belongs to a different cluster, you do not have to remove the

server from that cluster before you add it to the new cluster. The Cluster

Administration Process removes the server from the original cluster and

then adds it to the new cluster.

1. From the Domino Administrator, make sure the administration server or

another server is current.

2. Click the Configuration tab.

3. Expand Server, and click All Server Documents.

4. In the Results pane, select the servers that you want to add to the cluster.

5. Click Add to Cluster.

6. When asked to choose the cluster you want to add the servers to, choose

Create New Cluster, and then click OK.

7. Type the name of the new cluster, and click OK.

8. Choose Yes to add the servers to the cluster immediately, or choose No to

submit a request to the administration process to add the servers to the

cluster.

9. (Optional) If you chose No in Step 8 and you did not add the servers on the

administration server, force replication between this server you used and the

administration server so that the administration server receives the requested

changes sooner.

10. (Optional) If you chose No in Step 8, force replication between the

administration server and the cluster servers so the cluster servers receive all

the changes sooner.

11. (Optional) If you chose Yes in Step 8, the cluster information is added

immediately to the Domino Directory of the server you used to create the

cluster. If this server is not part of the new cluster, replicate the changes to one

of the servers you added to the cluster.

Note: For information on managing replication in clusters, refer to the Domino

Administrator Help.

Adding a Lotus QuickPlace server to a cluster

If you want to add a new Lotus QuickPlace server to a cluster, all of the existing

Lotus QuickPlace data first must be copied and replicated to the new server before

it can be available for use. To add a new Lotus QuickPlace server to a cluster:

1. Install the new Lotus QuickPlace server using the installation instructions.

2. Using the browser, sign in to the Lotus QuickPlace server as an administrator

and edit the Server Settings appropriate for this server.

3. Start the server.

4. Shut down the HTTP task by typing the following at the server console:

tell http quit

Chapter 5 Administering Lotus QuickPlace Servers in a Cluster 59

5. To create replica stubs on the new server for all existing places in the cluster,

run the replicamaker command on the new server, using one of the other

servers in the cluster as the source for the place databases. Type the following

at the server console:

load qptool replicamaker -s <remote server name> -a

where <remote server name> is the domino server name.

For more information on the replicamaker command, including running the

command in verbose mode, see the chapter ″Using QPTool Commands.″

6. Wait for the replicamaker command to finish running successfully. This step

may take several minutes.

7. Use the Domino Replicator to replicate all the data and initialize all replica

subs on the local and remote systems. Type the following at the server

console:

replicate <remote server name>, where <remote server name> is the domino

server name, for example, qp1/Company.

8. Wait for the Domino Replicator to finish. This step may take several hours.

9. Start the HTTP task. Type the following in the server console:

load http

10. (Optional) Create all search indexes for all newly replicated places. This task

can take several hours and can be done while the server is running. It is

optional because it runs automatically at 2 AM. Type the following at the

server console:

load updall

Adding a Lotus QuickPlace server after a long down time

If a Lotus QuickPlace server has been removed from a cluster for a period of time,

you can add it to the cluster again. To add a Lotus QuickPlace server after a long

down time:


2. Shut down the HTTP task. Type the following at the server console:

tell http quit

3. To create replica stubs for any new places or rooms that were created in the

cluster since the server was taken out of service, run replicamaker on the

server, using one of the other servers in the cluster as the source for the place

databases. Type the following at the server console:

load qptool replicamaker -a -s <remote server name>

where <remote server name> is the domino server name, for example,

qp1/Acme.

4. Wait for the replicamaker command to finish running successfully.

5. Replicate all the data and initialize all replica subs on the local and remote

systems using the Domino Replicator. Type the following in the server console:

replicate <remote server name>

where <remote server name> is the domino server name, for example qp1/Acme.

6. Wait for the Domino Replicator to finish. This step may take several hours.

7. Start the HTTP task. Type the following at the server console:

load http

Note: Because each server in the cluster has independent server settings, you

must update the settings (for example, User Directory) in the Lotus

QuickPlace Administration room.


8. (Optional) Create all search indexes for all newly replicated places. This task

can take several hours and can be done while the server is running. It is

optional because it runs automatically at 2 AM. Type the following at the server

console:

load updall

Configuring clustered servers for the Place Catalog

Do not replicate the Place Catalog across Lotus QuickPlace servers in a cluster. The

recommended Place Catalog configuration is a dedicated Place Catalog server that

is outside the Lotus QuickPlace cluster. To provide Place Catalog failover, create a

separate cluster of Place Catalogs using the ″hot spare″ clustering solution that

uses a primary server and a secondary server for failover. Load balancing is not

supported for Place Catalogs in a cluster. For instructions on setting up the Place

Catalog, see the chapter ″Setting Up the Place Catalog.″

To ensure that the Place Catalog works properly for Lotus QuickPlace servers in a

cluster, you must configure the Lotus QuickPlace server’s qpconfig.xml file with

details of the cluster environment. All Lotus QuickPlace servers in a cluster should

use the same qpconfig.xml settings.

If the Lotus QuickPlace server is part of a cluster, copy the following XML content

from qpconfig_sample.xml to your qpconfig.xml file. Replace the sample values in

bold with your own values.

<?xml version="1.0" standalone="yes"?>

<server_settings>

<cluster>

<master virtual="true" ssl="false">

<port>80</port>

<hostname>servername.enterprise.com</hostname>

<path_prefix><path_prefix />

</master>

</cluster>

</server_settings>

The following table describes the values you specify for the cluster setting.


virtual=″value″ The master server in a cluster acts as a user’s

entry point to places on other servers in the

cluster.

If you use the failover to a ″hot-spare″

clustering solution in which the master server

is a physical Lotus QuickPlace server, specify

virtual=″false.″

If you use the load balancing clustering

solution, in which the master server is an IP

sprayer such as IBM Network Dispatcher that

acts as a ″virtual″ server, specify

virtual=″true.″

ssl=″value″ If SSL is enabled on the master server, specify

ssl=″true,″ otherwise specify ssl=″false.″



<port>number</port> Specify the TCP port used to access Lotus

QuickPlace requests by browsers, depending

on whether SSL is enabled on the master

server. The default port is 80 for non-SSL

connections and 443 for SSL connections.

<hostname>name</hostname> Specify the DNS hostname of the master

server (for example, tw.acme.com).

<path_prefix>″ prefix″</path_prefix> If the Place Catalog (PlaceCatalog.nsf) is

located in a subdirectory of the Domino data

directory, type the subdirectory as the

path_prefix. This information is used to

create URLs to the master server. For

example, on Windows, if you put the Place

Catalog in the directory

C:\domino\data\catalog, type ″catalog″ as

the path_prefix value. Or if you put the Place

Catalog in the directory

C:\domino\data\other\catalog, type

″other\catalog″.

Place Catalog entries and clusters

There are two Lotus QuickPlace server cluster environment alternatives for storing

Lotus QuickPlace server cluster data in the Place Catalog.

v If the Lotus QuickPlace cluster does not have a virtual server, data is maintained

in separate entries in the Place Catalog for each physical server, and for each

place on a physical server.

v If the Lotus QuickPlace cluster has a virtual server, each physical server and

place has an entry. But there is also an entry for the virtual server that represents

the combination of all physical servers. And there is an entry for each place in

the cluster that represents all the replicas of the place in the cluster.

When the cluster has a virtual server, real-time updates to the Place Catalog (such

as place creation, locking of a place, and place membership changes) are made in

the place entries corresponding to the virtual server. The non-real time updates

(such as place size, time last accessed, and time last modified) are made to the

place entries corresponding to the physical servers in the cluster. This information

allows the administrator to know the differences in access and size for the places

in each of the physical servers in the cluster.

The QPTool placecatalog command with the -update flag synchronizes the place

entries that correspond to the physical servers, and the place entries that

correspond to the virtual server.

For more information on the placecatalog command, see the chapter ″Using

QPTool Commands.″

To set up a virtual server for a Lotus QuickPlace cluster, you must configure a

network dispatcher, such as IBM Network Dispatcher. Then you must configure

the proper settings in the qpconfig.xml file on each server in the cluster. For

information on setting up a network dispatcher, see your server documentation.


Removing a Lotus QuickPlace server from a cluster

When you remove a Lotus QuickPlace server from a cluster, some places and

rooms created and deleted on the server to be removed may not have propagated

around the cluster. You must ensure that all the changes are propagated correctly

before you stop the server; otherwise data may be lost.

To remove a Lotus QuickPlace server from a cluster:

1. Shut down the HTTP task. Type the following in the server console:

tell http quit

2. Run the replicamaker command with one of the other servers in the cluster.

Type the following at the server console:

load qptool replicamaker -a -s <remote server name>

where <remote server name> is the Domino server name, for example,

qp1/Acme.

For more information on the replicamaker command, see the chapter ″Using

QPTool Commands.″

3. Wait for replicamaker to finish running successfully.

4. Replicate all the data and initialize all replica subs on the local and remote

systems using the Domino Replicator. Type the following in the server console:

replicate <remote server name>, where <remote server name> is the domino server

name, for example, qp1/Company.

5. Wait for the Domino Replicator to finish.

6. Run qptool remove -cleanup to remove any places that have been marked for

deletion.

Note: Run the Domino command dbcache flush at the server console before

running the remove command to remove from the database cache any

databases that are marked for deletion.

For more information on the remove command, see the chapter ″Using QPTool

Commands.″

7. Shut down the server.



Chapter 6 Setting Up Security

This chapter describes the following topics related to Lotus QuickPlace security:

v Lotus QuickPlace authentication

v Setting up single sign-on authentication

v Modifying user cache settings

v Controlling access to the server

v Using expanded membership

v Blocking specific protocols referenced in link URLs

v Blocking HTML attachments that contain cross-site scripts

v Configure browser caching for tighter security

Lotus QuickPlace authentication

If Lotus Quickplace manages lookups to the user directory, Lotus QuickPlace

supports only the following types of authentication for Web browsers connecting to

a Lotus QuickPlace server:

v Basic name-and-password authentication

v Multi-server session-based name-and-password authentication (single sign-on)

Basic authentication is implemented by default. You can enable single sign-on

authentication, so that Web users can sign in to a server once and then

automatically access any other server in the DNS domain enabled for single

sign-on.

If Domino manages lookups to the user directory, you can authenticate Lotus

QuickPlace users using any type of client authentication that is set up on the

Domino server, for example, X.509 certificate authentication. For more information,

see the Security section of Domino Administrator Help.

Note: To use SSL to encrypt the data transferred between Web browsers and a

Lotus QuickPlace server, enable SSL on the Domino Web server. For more

information, see Domino Administrator Help.

Lotus QuickPlace supports custom authentication applications through the Domino

Server API (DSAPI). This interface allows some third-party vendors to design a

DLL to support authentication for access to Lotus QuickPlace databases.

Single sign-on authentication

Enable multi-server session-based authentication (single sign-on) so that Web users

can sign in once to a Lotus QuickPlace server and automatically access any other

Lotus QuickPlace servers in the DNS domain that are enabled for single sign-on.

Keep the following points in mind about single sign-on authentication:

v Lotus QuickPlace does not support single-server session-based authentication,

but setting up single sign-on authentication on a single server achieves a similar

result.

v URLs issued to servers configured for single sign-on must specify the full DNS

server name, not the host name or IP address. For browsers to be able to send


cookies to a group of servers, the DNS domain must be included in the cookie,

and the DNS domain in the cookie must match the server URL. This is why

cookies cannot be used across TCP/IP domains.

v Clustered servers must have the full DNS server name in the host name field of

the Web Site or Server document so that the Internet Cluster Manager (ICM) can

redirect to cluster members using SSO. If the DNS server hostname is not there,

ICM redirects URLs to clustered Web servers with only the TCP/IP host name,

by default, and cannot send the cookie because the DNS domain is not included

in the URL.

To set up single sign-on authentication:

1. Create or edit a Web SSO Configuration document for the domain.

2. Complete single sign-on setup by modifying the notes.ini file, enabling

multi-server session authentication, and adding a mapping form to the Domino

Web Server Configuration database.

Follow these steps regardless of whether Lotus QuickPlace or Domino manages

user directory lookups.

Creating or editing a Web SSO Configuration document

The Web SSO configuration document is a domain-wide configuration document

stored in the Domino Directory. This document, which should be replicated to all

servers participating in the single sign-on domain, is encrypted for participating

servers and administrators, and contains a shared secret key used by servers for

authenticating user credentials.

To set up multi-server single sign-on for a Lotus QuickPlace server, first create a

Web SSO Configuration document, if there isn’t one already. If there is already a

Web SSO Configuration document, add the Domino server names of the Lotus

QuickPlace servers to the document.

To create a Web SSO configuration document

1. Open the Domino Directory (names.nsf) of a Lotus QuickPlace server in the

domain.

2. Select the Configuration - Servers - All Server Documents view.

3. Click Web and then select Create Web SSO Configuration.

4. Click Keys at the top of the Web SSO Configuration document.

5. To Initialize the Web SSO Configuration with a Domino shared secret key, select

″Create Domino SSO Key.″ Or, to import an IBM WebSphere® LTPA key, do the

following steps:

a. Select ″Import WebSphere LTPA Keys.″

b. Enter the path to the WebSphere LTPA export file (see WebSphere

documentation for details about generating ltpatoken keys).

c. Enter the password (specified when generating the keys in WebSphere). The

document is updated to reflect the information in the export file.6. Complete the rest of the document as follows:

Field Action

Configuration Name Accept the default entry, LtpaToken.

Organization Leave this field blank so the document appears in the Web

Configurations view.


Field Action

DNS Domain (Required) Enter the DNS domain (for example, acme.com) for

which the tokens will be generated. The servers enabled for

single sign-on must all belong to the same DNS domain.

Domino Server Names Enter the names of the Domino servers to participate in single

sign-on; for example, server1/acme, server2/acme. This

document is encrypted so that only you, the members of the

Owners and Administrators fields, and the servers specified

have access to it.

Note: Enter only Domino server names in this field; group

names, wild cards, and WebSphere server names are not

allowed.

Expiration (minutes) Specify the time period, in minutes, after which the token will

expire. The default is 30 minutes.

Idle Session Timeout Select Enabled and enter a Minimum Timeout value, in

minutes, to indicate the number of minutes of inactivity after

which the token will expire.

7. Click Save & Close to save the Web SSO Configuration document in the Web -

Web Configurations view. A message on the status bar indicates the number of

servers or people for whom the document is encrypted.

If you receive messages on the client indicating that a particular key was not

found for encrypting the document, you might have to change your client’s

location document to point to a different mail or directory server that has all

the public keys included in Server and Person documents.

8. Follow the steps in the topic, ″Completing single sign-on setup.″

To add names of Lotus QuickPlace servers to an existing Web

SSO Configuration document

A Web SSO Configuration document may already exist for the domain. This might

be the case, for example, if a Sametime server is also installed in the domain. In

this case, follow these steps to add the Domino names of the Lotus QuickPlace

servers to the existing Web SSO Configuration document.

1. Open the Domino Directory (names.nsf) of a Lotus QuickPlace server in the

domain.

2. Select the Web - Web Configurations view.

3. Open the Web SSO Configuration document in edit mode.

4. In the ″Domino Server Names″ field, add the Domino server name of each

Lotus QuickPlace server in the domain that will participate in single sign-on;

for example, server1/acme, server2/acme.

5. Close and save the document.

6. Follow the steps in the next topic, ″Completing single sign-on setup.″

Completing single sign-on setup

After you have created the Web SSO Configuration document for the domain,

follow these steps to complete single sign-on setup for Lotus QuickPlace servers.

1. Add the following setting to the notes.ini file of each Lotus QuickPlace server

that you will enable for single sign-on to prevent anonymous access to files in

the html directory:

NoWebFileSystemACLs=1

2. Enable multi-server session-based authentication in the Server document for

each Lotus QuickPlace server that you want to enable for single-sign on:

Chapter 6 Setting Up Security 67

a. Open the Domino Directory (names.nsf) on the server.

b. Select the view Configuration - Servers - All Server Documents.

c. Select the Server document for the server and click Edit Server.

d. Click Ports - Internet Ports - Web, and enable Name-and-password

authentication for the Web (HTTP or HTTPS) port.

e. Click the Internet Protocols - Domino Web Engine tab.

f. Next to Session authentication, select Multiple Servers (SSO).

g. Next to Web SSO Configuration, select LtpaToken.

h. Click Save & Close.3. Create the Domino Web Server Configuration database (domcfg.nsf) if it does

not exist:

a. From a Notes client, choose File - Database - New.

b. Next to Server at the top of the dialog box, select the server that runs Lotus

QuickPlace.

c. Next to Title, type a descriptive title, for example, Web Server

Configuration.

d. Next to File name, type domcfg.nsf. You must use this file name.

e. Next to Server in the middle of the dialog box, select any server.

f. Click ″Show advanced templates.″

g. Next to Template, select ″Domino Web Server Configuration (6)″

(domcfg5.ntf).

h. Click OK.4. Create a mapping form in the Domino Web Server Configuration database to

enable single-sign on to work with Lotus QuickPlace:

a. Open the Web Server Configuration database (domcfg.nsf).

b. Click Add Mapping.

c. Next to Applies To, select ″All Web Sites/Entire Server″ (default) or

″Specific Web Site/Virtual Server. If you select ″Specific Web Site/Virtual

Server,″ a new field displays in which you specify the IP addresses of the

Web Site documents or Virtual Servers.

d. Next to ″Target Database,″ type quickplace/resources.nsf, replacing the

default entry.

e. Next to ″Target Form,″ type QuickPlaceLoginForm.

f. Click Save & Close.

g. Replicate the database to all the Lotus QuickPlace servers that will use

single sign-on.5. After the Domino Web Server Configuration database has replicated, at the

server console of each server, enter the following command to stop and restart

the server:

restart server

The message ″QuickPlace: Successfully loaded Web SSO Configuration″

confirms single sign-on setup.

Modifying user cache settings

After a Lotus QuickPlace server successfully authenticates a user, it adds the user’s

name, password, and the groups of which the user is a member to its user cache.

The next time the user attempts to authenticate, the server can quickly access the

information in the cache to speed up authentication.


Specifying the number of user entries allowed in the cache

To specify the maximum number of user entries allowed in the cache, use the

following NOTES.INI setting:

QuickPlaceMaxCachedUsers=number

where number is a number of user entries.

When the cache reaches the specified number, older entries are removed to make

room for new ones that are needed. By default, 64 user entries are allowed in the

cache.

Specifying the length of time user entries remain in the cache

To specify the length of time user entries remain in the cache before the server

removes them, use the following notes.ini setting:

QuickPlaceExpireCachedUsers=interval

where interval is the length of time in seconds. By default, the interval is 120

seconds.

Controlling access to the server

As an administrator of a Lotus QuickPlace server, you can do these access control

tasks:

v Specify other users as administrators of the Lotus QuickPlace server.

v Change the password you use when you sign in as a local administrator of the

Lotus QuickPlace server.

v Specify who can create places on a Lotus QuickPlace server.

v Give an external user or group super user access to the Lotus QuickPlace server.

Specifying administrators of a Lotus QuickPlace server

You specify an administrator for a Lotus QuickPlace server when you set up the

server. You can specify additional local users, external users, or external groups as

administrators of a Lotus QuickPlace server. An administrator can do the following

tasks:

v Configure Security settings in the Server Settings room to control who can

administer the server and who can create places.

v Configure User Directory settings in the Server Settings room to set up server

connections to a user directory.

v Configure Other Options in the Server Settings room to configure a variety of

other server options.

v Create and delete places and PlaceTypes on the server.

Specifying local users as administrators

To specify a local user as an administrator:



3. Click Security in the table of contents.

4. If the Lotus QuickPlace server is not connected to a user directory, do the

following:


a. Under ″Who can administer this server,″ click Add.

b. Specify the user name, password, and e-mail address for the administrator.

c. Click Next.5. If the Lotus QuickPlace server is connected to a user directory, do the

following:

a. Under ″Who can administer this server,″ click Add.

b. Click ″Create new users specially for access to this QuickPlace server.″

c. Type the user name.

d. Click Next.

e. Specify the password and e-mail address.

f. Click Next.

Modifying a local administrator’s information: To modify a local administrator’s

information:




4. Under ″Who can administer this server?″ select the user to modify.

5. Click Modify.

6. Specify a different user name, password, and/or e-mail address.

7. Click Next.

Removing a local administrator from the list of administrators: To remove a

local administrator from the list of administrators, do the following:




4. Under ″Who can administer this server?″ click Remove.

5. Select the name to remove.

6. Click Next.

Specifying external users and groups as administrators

If the Lotus QuickPlace server is connected to a user directory, do the following to

specify an external user or group as an administrator:




4. In the ″Who can administer this server?″ section, click Add.

5. Select ″Add existing network users from the directory.″

6. Type the name of the external user or group. Or do the following to search the

directory for the name:

a. Click Directory.

b. Search for the name.

c. If the results of the search span multiple pages, use the arrow boxes above

the name list to view the next or previous page of results.

d. Check the box next to the name you want to add.

e. Click Add.

f. Click Close.


7. Click Next to add the name to the list of users who can administer the server.

Removing an external user or group from the list of administrators: To remove

an external user or group from the list of administrators:




4. Under ″Who can administer this server?″ click Remove.


6. Click Next to remove the name.

Changing a local administrator password

To change your password if you are an administrator registered in a user directory,

change the password in the a user directory. If you are a local administrator,

perform the following steps to change your password:

1. In the Address or Location box in your browser, enter the address of the Lotus

QuickPlace server.

2. Click SignIn in the left corner of the screen.

3. Enter your local administrator user name and password.

4. Click Change Password.

5. Enter your current password.

6. Enter your new password, and then re-enter it.

7. Click Next.

8. Sign in again and enter the new password.

Specifying who can create places on a server

As administrator, you can decide who can create places on the Lotus QuickPlace

server. You can grant this access to specific local users and to specific external

users and groups. Or you can allow all users who have access to the server to

create places on it. A super user can always create places.

Specifying local users who can create places

To give a local user the access to create places on a Lotus QuickPlace server:




4. Under ″Who can create new places on this server?″ select ″Only specific users

(or groups) who provide a name and password.″

5. If the Lotus QuickPlace server is not connected to a user directory, do the

following:

a. Click Add.

b. Specify the user’s name, password, and (optionally) e-mail address.

c. Click Next to add the local user name to the list of users that can create

places.6. If the Lotus QuickPlace server is connected to a user directory, do the

following:

a. Click Add.

b. Click ″Create new users specially for access to this QuickPlace server.″

c. Type the user name.


d. Click Next.

e. Specify the password and (optionally) e-mail address.

f. Click Next.

Modifying the information of a local user who can create places: To modify

information for a local user who can create places, do the following:




4. Under ″Who can create new places on this server?″ select ″Only specific users

(or groups) who provide a name and password.″

5. Select the local user whose information you want to modify.

6. Click Modify.

7. Change the user’s name, password, and (optionally) e-mail address as desired.

8. Click Next.

Removing a local user from the list of users who can create places: To remove a

local user from the list of users who can create places, do the following:




4. Under ″Who can create new places on this server?″ click Remove.

5. Select the local user name to remove.

6. Click Next.

Specifying external users who can create places

If the Lotus QuickPlace server is connected to a user directory, do the following to

specify which external users and groups from the directory can create places on

the Lotus QuickPlace server:




4. In the ″Who can create new places on this server?″ section, click Add.

5. Select ″Add existing network users from the directory.″

6. Type the name of the user or group from the directory. Or do the following to

search for the name in the directory:

a. Click Directory.

b. Search for the name.

c. If the results of the search span multiple pages, use the arrow boxes above

the name list to view the next or previous page of results.

d. Check the box next to the name you want to add.

e. Click Add. The name appears in the name list on the ″Server Security: Add

Access″ page.

f. Click Close.7. Click Next to add the name to the list of users who can create places.

Removing the name of an external user from the list of users who can create

places: To remove the name of an external user or group from the list of users

who can create places:





4. Below ″Who can create new places on this server?″ click Remove.


6. Click Next to remove the user from the list.

Allowing all users who have access to the server to create

places

To allow any user who can access a Lotus QuickPlace server to create places on it:




4. Under ″Who can create new places on this server?,″ select ″Anyone who can

connect to the server.″

Specifying super user access to a Lotus QuickPlace server

Users granted super user access can create places and can enter every place and

every room as managers. Members of places are unaware of super users. A user

with super user access can also use the Server Settings room in the administration

place to administer the server.

By default no super user is defined. You can give super user access to a user or

group in a user directory but not to a local user or group.

Note: Offline functionality is not supported for a super user.

Specifying who has super user access from a browser

To specify who has super user access when accessing the server from a browser,

use the super_user section of the qpconfig.xml file. You can specify only one name

as a super user, either a user name or a group name.

For information on creating and using the qpconfig.xml file, see the chapter ″Lotus


To configure a super user, specify the super_user setting as follows:

<server_settings>

<super_user enabled="true">

<dn>name</dn>

</super_user>

</server_settings>

where name is the distinguished name of a user or group in the external user

directory. The distinguished name must appear exactly as it does in the external

directory. For example, if there are spaces after the component delimiters, there

must be spaces in the super user entry as well.

To disable super user access from a browser, remove or comment out the

super_user setting in qpconfig.xml.

Specifying who has super user access from a Notes client

To specify who has super user access when accessing the server from a Notes

client, do the following:


1. Create a group called QuickPlaceAdministratorsSUGroup in the Domino

Directory used by the Notes client.

2. Add as members the names to which you want to grant super user access.

You can specify two different names for super user access, one name for access

from the browser set in qpconfig.xml, and another name for access from a Notes

user specified using the QuickPlaceAdministratorsSUGroup.

If you want to give the same user or users super user access through the browser

and Notes, and the Notes client Domino Directory is also the Lotus QuickPlace

user directory, you can use the QuickPlaceAdministratorsSUGroup to manage both

types of super user access. Create the QuickPlaceAdministratorsSUGroup as

described above, and also specify cn=QuickPlaceAdministratorsSUGroup as the

distinguished name for the super_user setting.

Super user access combined with explicit membership

If a user is a super user as well as an explicit member of a place, the access level

the user has to the place depends on whether the place uses standard membership

or expanded membership. If the place uses standard membership, the user gets the

access assigned through the explicit membership. If the place uses expanded

membership, the user gets super user access to the place.

For example, if a user with super user access is also a member of a place with

Reader access and the place uses standard membership, the user has Reader access

to the place. However, if the place uses expanded membership, the user has super

user access to the place.

Expanded membership

Lotus QuickPlace by default lists the names of place members in the database

access control lists (ACLs) of the rooms in a place. The combined names in an ACL

cannot exceed 32K in size, which limits a place to approximately 300 to 900

members, depending on the length of the members’ distinguished names.

Expanded membership removes this limitation by generating groups in an LDAP

directory to store the names of individual members, and then uses these groups,

rather than the individual user names, in room ACLs. Currently expanded

membership is certified for a maximum of 4000 external user members in a place.

Expanded membership pertains to individual external user place members and not

to local or to external group place members.

Expanded membership groups

When a place uses expanded membership, Lotus QuickPlace creates room-specific

access control groups in an LDAP directory. The LDAP directory can be one that

Lotus QuickPlace uses generally, or a different directory. Expanded membership

requires configuration of an LDAP directory through Lotus QuickPlace rather than

through Domino.

Lotus QuickPlace creates the following groups in this LDAP directory for the main

room (Main.nsf) of a place and adds them to the main room database ACL:

cn=h_Managers,ou=placename,base_dn

cn=h_Editors,ou=placename,base_dn


cn=h_Authors,ou=placename,base_dn

cn=h_Readers,ou=placename,base_dn

where

placename is the name of the place.

base_dn is a base distinguished name for the expanded membership groups that is

configured through the qpconfig.xml file.

When an external user member is added to the place, Lotus QuickPlace adds the

user’s name to one of these groups, according to the access assigned to the user.

For example, Lotus QuickPlace adds an external user member with Reader access

to the place’s ″cn=h_Readers....″ group.

If someone creates a subroom, Lotus QuickPlace creates the following groups in

the directory, and adds the groups to the subroom ACL:

cn=h_Managers,ou=uniquenumber,ou=placename,base_dn

cn=h_Editors,ou=uniquenumber,ou=placename,base_dn

cn=h_Authors,ou=uniquenumber,ou=placename,base_dn

cn=h_Readers,ou=uniquenumber,ou=placename,base_dn

where

uniquenumber is the unique number XXXXXXXX in the room name

″PageLibraryXXXXXXXX.nsf″ that identifies the room.

placename is the name of the place that contains the room.

base_dn is the base distinguished name configured for the expanded membership

groups.

Removing an external user member from a place removes the user’s name from the

expanded membership groups associated with the place. Removing an external

user member from a subroom, removes the user’s name from the appropriate

Lotus QuickPlace group associated with the subroom. Removing a place or a

subroom removes the expanded membership groups associated with the place or

subroom.

Examples of expanded membership groups

Suppose a place named salestrends uses expanded membership and the base

distinguished name specified in the qpconfig.xml file for the expanded

membership groups is ou=groups,o=teamworkplace. If someone adds an external

user member to salestrends with Author access, Lotus QuickPlace adds the user’s

name to a group created in the LDAP directory called

cn=h_Authors,ou=salestrends,ou=groups,o=teamworkplace. The group is included

in salestrends’ Main.nsf room ACL.

Suppose someone creates a subroom named PageLibrary85256CD200797D7B.nsf

within salestrends and adds an external user member to the subroom with Reader


access. Then Lotus QuickPlace adds the user’s name to a group generated in the

LDAP directory called

cn=h_Readers,ou=85256CD200797D7B,ou=salestrends,ou=groups,o=teamworkplace.

The group is included in the subroom ACL.

Access control in places that use expanded membership

Expanded membership uses group names in room ACLs rather than individual

user names to control the access of individual external user members. As a result,

the access given to an individual external user member no longer takes precedence

over the access assigned to groups the user belongs to, or over super user access.

The access control behavior for expanded membership differs from standard

membership in the following ways:

v With expanded membership, an external user who is an explicit member of a

place and who is also a super user has super user access to the place. With

standard membership, the external user has the access the place assigns the user,

not the super user access.

v With expanded membership, if an external user is an explicit member of a place

(through a Lotus QuickPlace group) and also belongs to another group that is a

member of the place, the user’s access is the higher access of the two groups.

With standard membership, the user has the access assigned to the individual

user member.

User interface differences in places that use expanded

membership

If you enable expanded membership for a place, users see the following changes:

v Adding Members. When users add members, they are no longer presented with

a list of members with check boxes next to the member names. Instead, they

click a Members button to display a Select Members dialog box from which they

can search for the members to add.

v Creating PlaceBots. To create PlaceBots in a place, users must add a local user

as a manager by selecting ″Create new users specially for this place″ in the Add

Managers scene and then sign in as that manager.

v Publishing Pages. When users publish pages, the ″Notify all members″ option is

not available.

v Creating PlaceTypes. Users cannot create a PlaceType from a place that uses

expanded membership.

Important points about expanded membership

Keep these points in mind when using expanded membership:

v After you have set up places to use expanded membership, you cannot revert

the places to standard membership.

v Expanded membership is supported only when Lotus QuickPlace manages

lookups to the LDAP directory, and not when Domino manages lookups.

v You can use expanded membership only if the server is configured to connect to

an LDAP directory through Lotus QuickPlace rather than through Domino.

v Do not disable expanded membership on the server if there are places that use

it.

v If the directory server used for the expanded membership groups is also the

Lotus QuickPlace user directory, specify a base distinguished name for the

expanded membership groups that is outside the scope of the base distinguished

name that Lotus QuickPlace uses for group lookups generally.


v Administrators should not modify the expanded membership groups.

v The LDAP directory that stores the expanded membership groups must allow

write access.

v The user name and password that Lotus QuickPlace uses to manage the

expanded membership groups (configured through Server Settings - User

Directory) must have write access to the base distinguished name configured for

the groups.

v Expanded membership is certified for 4000 external user members in a place.

v LDAP directory servers can limit the number of members allowed in groups.

v Places that use expanded membership cannot be used to create PlaceTypes.

Setting up expanded membership

Complete these steps to set up expanded membership:

1. Enable expanded membership on the server.

2. Configure the user name and password to use for connecting to the LDAP

server that will store the expanded membership groups.

3. Enable places to use expanded membership.

Enabling expanded membership on the server

To enable expanded membership, use the expanded_membership_model settings in

qpconfig.xml. The following sample setting values in bold are ones that you

should customize to suit your needs.

<server_settings>

<expanded_membership_model enabled="true">

<ldap_server ssl="false">

<port>389</port>

<hostname>twgroups.acme.com</hostname>

<base_dn>ou=teamworkplace,o=twgroups</base_dn>

</ldap_server>

</expanded_membership_model>

</server settings>

After you have modified and save the qpconfig.xml file, restart the HTTP task on

the server.



expanded_membership_model setting

To enable expanded membership, specify enabled= ″true.″ Note that after places

are set up to use expanded membership you cannot revert them to the standard

membership model.

To disable expanded membership specify ″false,″ or remove the

expanded_membership_model section from the qpconfig.xml file. However, don’t

disable expanded membership if there are any places that use it.

ldap_server - ssl setting

Specify ″true″ to use SSL encryption when connecting to an LDAP directory server

that will store the expanded membership groups. Otherwise, specify ″false.″


ldap_server - port setting

Specify the port number used by the LDAP directory server that will store the

expanded membership groups. Typically an LDAP server uses port 389 for

unencrypted connections and port 636 for SSL connections.

ldap_server - hostname setting

Specify the host name of the LDAP directory server that will store the expanded

membership groups. The host name can be an LDAP server that Lotus QuickPlace

already uses, or a different one. You must specify a host name, regardless. The

directory must allow write access.

ldap_server - base_dn setting

Specify the base distinguished name (directory node) under which Lotus

QuickPlace will create the groups. The base distinguished name must already exist

in the directory -- Lotus QuickPlace cannot create it. The components of the base

distinguished name do not have to be o and ou.

Note: Do not use ″ou=qp″ as part of the base distinguished name because qp is a

reserved organizational unit in Lotus QuickPlace.

If the directory server that stores the expanded membership groups is the same

one that Lotus QuickPlace uses for other purposes, specify a base distinguished

name for the expanded membership groups that is outside the base specified on

the server for group lookups generally. For example, if the base distinguished

names specified for group lookups generally is ou=groups,o=acme, use a different

base for the expanded membership groups, for example

ou=teamworkplace,o=twgroups or ou=twgroups,o=acme. Using separate base

distinguished names for the two types of groups optimizes performance by

preventing unnecessary searches of all the expanded membership groups during

the process of user authentication.

Configuring the name and password to use for connecting to

the LDAP server that stores the expanded membership groups

If the directory allows anonymous write access to the base distinguished name (not

a typical configuration), this step is unnecessary.

After you’ve enabled expanded membership through the qpconfig.xml file,

configure a user name and password for the Lotus QuickPlace server to provide

when connecting to the directory server that stores the expanded membership

groups. The name and password must correspond to a valid user record in the

directory, and the name must have write access to the base distinguished name in

the directory used for the expanded membership groups.

Perform the following steps to configure the name and password when you

connect to a user directory through Lotus QuickPlace. If you connect to a user

directory through Domino, configure the name and password in a Directory

Assistance document for the LDAP directory instead.

1. Sign in to the Quickplace/quickplace on the server as an administrator.


3. Click User Directory in the table of contents.


5. Under Expanded Membership Model:

v Enter the user name in distinguished name format (for example,

cn=qpadmin,o=acme)


v Enter the password for the name.6. Click Next.

Note: You see the Expanded Membership Model option only if you’ve enabled

expanded membership on the server through the qpconfig.xml file, and if

you’ve selected LDAP for the Lotus QuickPlace user directory in the Lotus

QuickPlace Server Settings room.

Enabling expanded membership in places

You must enable expanded membership explicitly in the places that you want to

use it. To enable expanded membership in a place or places, use the QPTool

membershipmodel command. To enable expanded membership in one, two, or a

few places, use the following command:

load qptool membershipmodel -toexpanded -p place(s)

where place(s) is the name of a place or places to convert. Separate places with a

space.

To enable expanded membership in all places on a server, use the following

command:

load qptool membershipmodel -toexpanded -a

If there are replicas of a place, run the command on one replica only.

For more information on the QPTool membershipmodel command, see the chapter

″Using QPTool Commands.″

Note: After you’ve set up places to use expanded membership, you cannot revert

them to standard membership.

Changing the directory server or base distinguished name

used for the expanded membership groups

After setting up expanded membership, follow these steps if you want to change

the directory server or the base distinguished name used for the expanded

membership groups.

You must follow these steps in the exact order given.

1. Use the following QPTool command to remove all of the existing expanded

membership groups from the directory server that currently stores them:

load qptool membershipmodel -rmgroups -a

2. Change the host name or base distinguished name specified in the expanded

membership model section of the qpconfig.xml file. You can change one or both

settings.

v To change the directory server in which to store the expanded membership

groups, change the hostname setting, and optionally the ssl and port setting.

v To change the base distinguished name under which to store the expanded

membership groups, change the base _dn setting. Make sure the new

base_dn value exists on the directory server.3. Quit and then reload the HTTP task on the server.

4. If the user name and password the Lotus QuickPlace server will use to manage

the groups at the new LDAP directory location are not the ones currently

configured, configure the correct user name and password.


For instructions, see the topic ″Configuring the name and password to use for

connecting to the LDAP server that stores the expanded membership groups″

earlier in chapter.

Make sure the name you specify has write access to the base distinguished

name used for the expanded membership groups.

5. If you changed the base_dn setting, use the following QPTool command to

update the names of the groups in the place ACLs of all the places that use

expanded membership:

load qptool membershipmodel -basedn -a

Skip this step if you changed only the directory server and not the base

distinguished name.

6. Use the following QPTool command to generate the groups at the new

directory location for each place that uses expanded membership:

load qptool membershipmodel -addgroups -a

Using expanded membership logging

By default, Lotus QuickPlace logs errors related to the use of expanded

membership to the server console and Notes log. To help troubleshoot a problem

related to expanded membership, use the notes.ini setting

QuickPlaceMembershipModelLogging to increase the level of logging. Specify

QuickPlaceMembershipModelLogging=1 to log slightly more detail than the

default logging level, or specify QuickPlaceMembershipModelLogging=2 to do

verbose logging. Because higher logging levels adversely affect server performance,

specify QuickPlaceMembershipModelLogging=0 or remove the setting to revert to

the default logging level when you are finished using these higher levels.

Blocking specific protocols referenced in link URLs

By default, Lotus QuickPlace publishes pages with links without considering the

protocols specified in the link URLs. For tighter security, use the setting

URLfield_protocol_filter in the <security> section of the qpconfig.xml file to

prevent Lotus QuickPlace from publishing pages with URL links that reference

specific protocols. The following table describes the attributes you can set.


enabled When set to ″true,″ prevents Lotus QuickPlace from publishing

pages with link URLs that reference protocols designated as

blocked.

allowed When enabled is set to ″true,″ specifies the protocols in URL

links to allow.

blocked When enabled is set to ″true,″ specifies the protocols in URL

links to block.

For example:

<server_settings>

<security>

<URLfield_protocol_filter enabled="true">

<allowed>"http:","https:"</allowed>

<blocked>"javascript:","View-source:",

"about:","file:","ftp:","news:",

"mailto:"</blocked>

</URLfield_protocol_filter>

</security>

</server_settings>


Blocking HTML attachments that contain cross-site scripts

By default, Lotus QuickPlace users can import into pages HTML files that contain

cross-site scripts. Cross-site scripts can run on other users’ browsers. For tighter

security, use the following setting in the qpconfig.xml file to prevent users from

attaching HTML files that contain cross-site scripts:

<server_settings>

<security>

<XSS_ImportHTML enabled="false"/>

</security>

</server_settings>

Configuring browser caching for tighter security

To control Lotus QuickPlace caching on browsers, complete either of the following

tasks:

v For additional security, configure the server to clear the Lotus QuickPlace files

from the browser cache on sign-out (Internet Explorer only)

v For additional security, configure the server to prevent caching of Lotus

QuickPlace pages on browsers

Clearing Lotus QuickPlace files from the Internet Explorer

cache

As a security measure, configure the server to clear the Lotus QuickPlace files (files

from any URL that contains ″/quickplace/″) from the browser cache when users

click the Sign Out link from a place. This feature is supported for Internet Explorer

only.

To clear the browser cache when a user signs out, add the following setting to the

qpconfig.xml file, and then restart the HTTP task.

<server settings>

<authentication>

<sign_out enabled="true"/>

<clear_browser_cache enabled="true"/>

</sign_out>

</authentication>

</server settings>

The browser cache is cleared only if the Sign Out link is enabled, ActiveX controls

are enabled in Lotus QuickPlace, and ActiveX is enabled on the browser. Internet

Explorer enables ActiveX by default.

The Sign Out link is never available to anonymous users, and to users who access

places in accessibility mode on a server that is not enabled for single sign-on. The

Sign Out link is unavailable to all users if you configure the server to hide the Sign

Out link as described previously. If the Sign Out link is unavailable for any of

these reasons, you can configure the server to prevent caching of Lotus QuickPlace

pages on browsers.

Preventing caching of Lotus QuickPlace pages on browsers

Lotus QuickPlace caches pages on the browser by default. As a security measure,

add the following setting to the qpconfig.xml file to prevent Lotus QuickPlace from

caching pages that contain data. Restart the HTTP task when you are done making

the changes.


<server settings>

<browser_caches_place_content enabled="false">

</browser_caches_place_content>

</server settings>

Any Lotus QuickPlace pages containing data that users access after you have

added this setting are not cached. Pages that do not contain user data continue to

be cached for better performance. This feature is available for all supported

browsers.


Chapter 7 Completing Additional Server Configuration Tasks

This chapter describes the following Lotus QuickPlace server configuration tasks

not covered in other chapters:

v Using the Server Settings - Other Options room in the administration place

v Setting up the Search Places feature

v Customizing the My Places feature

v Customizing Web page caching

v Hiding the Sign In and Sign Out links

v Enabling image caching in environments that don’t use single sign-on

v Disabling page compression

v Displaying CGI variables in Lotus QuickPlace HTML source pages

v Customizing user notifications settings

v Specifying a footer that appears on all pages

v Enabling and disabling the UTF-8 Domino server setting

v Tracking the number of active Lotus QuickPlace users

Using the Server Settings - Other Options room in the administration

place

Use the Server Settings - Other Options room in the administration place on a

Lotus QuickPlace server to:

v Control whether members can use ActiveX controls and Java applets

v Control whether managers of places on a server can run agents (PlaceBots)

within the places they manage

v Restrict the size of file attachments members can add to pages

v Enable or disable Sametime services

v Enable or disable a Domino Offline Passthru Server

v Enable or disable an Alternate Offline Download URL

v Specify an e-mail URL prefix if users access the Lotus QuickPlace server through

a gateway server

v Control whether members can subscribe to receive e-mails integrated with their

calendars

To use the Server Settings - Other Options to configure the options described

above:


For example:


2. Click Sign In.

3. Enter a Lotus QuickPlace server administrator user name and password.


5. Click Other Options in the table of contents.

6. Click Edit Options.

7. Do any of the following:


v To enable ActiveX controls on the server, select Enable ActiveX. For more

information, see the next topic, ″ActiveX controls.″

v To enable Java applets on the server, select Enable Java Applets. When Java

applets are enabled, users who don’t use Internet Explorer can use rich text

controls (bold, italic, and so forth) when editing. Internet Explorer users do

not require this setting because Internet Explorer has embedded rich text

controls.

v To enable managers of places to use Domino agents -- known as PlaceBots in

Lotus QuickPlace -- in the places they manage, select Enable Form PlaceBots.

Managers can use PlaceBots to execute a Domino or Lotus QuickPlace task

automatically according to a schedule or trigger. For example, a manager

could use a scheduled PlaceBot to copy pages to a folder every morning.

Scheduled PlaceBots run under the Domino server’s ID, and PlaceBots on

forms that are triggered by page creation run under the Notes ID of the user

who created the form. For more information on PlaceBots see the Help. For

more information on agents, see Domino Designer Help.

v To restrict the size of the files members of places can attach to pages, under

Maximum Attachment Size, type the maximum size in K (Kilobtyes). To

allow attachment size to be restricted only by system limitations, for

example, Domino attachment size limits or available disk space, leave the

field blank. Attachment size restrictions don’t apply to attachments added to

a place installed offline.

v To enable Sametime services on a Lotus QuickPlace server, type the name of

the Sametime Community server and the Sametime Meeting server in the

boxes provided. To disable Sametime services, leave the boxes blank.For complete information on setting up Sametime services on a Lotus

QuickPlace server, see the Lotus QuickPlace Installation and Upgrade Guide.

v To enable a passthru server that can be used when accessing Lotus

QuickPlace offline, type the canonical name of the server and the hostname

of the server in the boxes provided. To disable this feature, leave the boxes

blank.

v To specify a URL from an alternate source to download the Offline installer,

type the offline download URL in the box provided. To disable this feature,

leave the box blank.For more information on setting up offline use, see the Lotus QuickPlace

Installation and Upgrade Guide.

v To specify an alternate e-mail URL prefix if the Lotus QuickPlace server is

accessed using a gateway server, type the URL prefix in the box provided.

v To enable members of places to subscribe to receive e-mails that are

integrated with their personal calendars, select Enable calendar subscriptions.8. Click Next.

ActiveX controls

When you enable ActiveX controls in the Server Settings - Other Options room of

the administration place, users with ActiveX-enabled browsers have additional file

attachment and import features available to them. Internet Explorer is the browser

that typically is ActiveX-enabled. When ActiveX controls are disabled through the

Server Settings - Other Options room or are unsupported by browsers, users have

a more limited set of features available to them.

The following table describes the features available when ActiveX is enabled

compared to when it is disabled.


Feature ActiveX enabled ActiveX disabled

Drag-and-drop file import/export operations Yes No

File import operations done through file

attachment dialog box

Yes Yes but limited to

one file per

publishing cycle

Rendering of imported Microsoft Office files

(Word, Excel, PowerPoint)

Yes No

Rendering of imported HTML, JPEG, and GIF

files

Yes Yes

Drag-and-drop file attachment operations Yes No

File attachment operations done through the

attachment dialog box

Yes Yes but limited to

one attachment per

publishing cycle

Remove attachments from a page Yes Yes

Save attachments to the client file system Yes Yes

When opening attachments, load the

attachments within their applications

Yes Yes

Do round-trip edits of imported files Yes No

For information on how to enable ActiveX controls, see the previous topic, ″Using

the Server Settings - Other Options room in the administration place.″

Setting up the Search Places feature

A manager of a place enables or disables advanced search within a place. Lotus

QuickPlace has two types of advanced search features: classic search and Search

Places. Classic search is based on Domino search site and allows users to search for

information within specific rooms or folders in a place or to search an entire place.

The Search Places feature is based on Domino Domain Search and allows users to

search all places they are a member of. Unlike classic search, Search Places requires

a Domain Catalog server (a server that has a Domain Catalog and that builds a

domain index), and all search requests are handled by a Lotus QuickPlace server

running on the Domain Catalog server.

For information on enabling advanced search for a place, see the Help.

Before you set up the Search Places feature, note the following points:

v The Search Places feature respects all access permissions on content, and so

users must retain a single identity to be able to search across places. To search

across places, authenticated users must be registered in a user directory. Local

users can search only within a place.

v If room access is controlled by a local group, even if the user has access through

the local group, Search Places won’t be able to find the document from the

room. Restrict room access using groups from an external user directory.

v If the Lotus QuickPlace service consists of more than two Lotus QuickPlace

servers, including the Domain Catalog server, to use the Search Places feature

you must configure multi-server session-based authentication (single sign-on).

For more information, see the chapter ″Setting Up Security.″

v To remove places when the Search Places feature is used, use the QPTool remove

command with the -cleanup argument rather than with the -now argument. The

Chapter 7 Completing Additional Server Configuration Tasks 85

QPTool remove command with -cleanup argument runs nightly and removes

places when place information in the search index is cleared.

For more information, see the chapter ″Using QP Tool Commands.″

v If you use Search Places, using only Lotus QuickPlace servers in a domain is the

recommended configuration. However if a domain does include Domino servers

that do not run Lotus QuickPlace along with Lotus QuickPlace servers, set up

one Domain Catalog server for the Lotus QuickPlace servers and one Domain

Catalog server for the Domino servers that do not run Lotus QuickPlace. Use

this configuration to keep the domain index for Lotus QuickPlace searches

separate from the one used for Notes searches of the domain.

v If you use Search Places on a server that is set up for Domino Off-Line Services,

and the server’s LDAP directory is not a Domino directory or is a Domino

directory in a different domain from the Domain Catalog server, use the notes.ini

setting QuickPlaceExtensionManagerAllowServers=1 on the offline server. This

setting gives the Domain Catalog server access to the Lotus QuickPlace server’s

databases. If you don’t use this setting, database authorization failures occur

during Domain Catalog indexing.

To set up the Search Places feature, complete these steps:

1. Install a Domino server on each computer that will be a Lotus QuickPlace

server.

For information, see Domino Administrator Help.

2. Configure Domain Search by doing the following steps:

a. In the Server document of the server that will index the Domain Catalog,

click the Server Tasks - Domain Catalog tab, and select Enabled in the

Domain Catalog field. This step starts the Catalog task and creates the

Domain Catalog. You run the Catalog task to keep the Database Catalog up

to date. You might do this on a schedule, for example, by including the task

in the notes.ini setting, ServerTasksAt1.

b. Optionally, for better performance, repeat Step 2a on any other Domino

servers in the domain so that each server creates and manages its portion of

the Domain Catalog. If you repeat Step 2a on each server, the Catalog task

on the Domain Catalog server can copy the Catalog entries from each server

into its Domain Catalog database. If you do not repeat Step 2a on each

server, the Domain Catalog server must create or update the entries for the

other servers itself by searching the databases on each server and building

the entries over the network.

c. After the Catalog task stops on the Domain Catalog server, in the Server

document of the Domain Catalog server, click Server Tasks - Domain

Indexer and click Enabled in the Schedule field to enable the Domain

Indexer task. Specify a schedule for running the Domain Indexer.For more information on setting up Domino Domain Search, see the following

topics in Domino Administrator Help: ″Enabling Domain Search,″ ″The

Database Catalog,″ and ″The Domain Search Index.″

3. Install Lotus QuickPlace:

a. Install Lotus QuickPlace on any Domino server installed in Step 1 that is

not the Domain Catalog server.

b. Install Lotus QuickPlace on the Domino server that is the Domain Catalog

server.For more information, see the Lotus QuickPlace Installation and Upgrade Guide.

4. Configure Search Places settings in the qpconfig.xml file.

For more information, see the next topic.


Configuring Search Places settings

Use the following settings in the qpconfig.xml file to configure Search Places

settings on each Lotus QuickPlace server. Values in bold are sample values that

you customize. After you configure settings, restart the HTTP task so that Lotus

QuickPlace recognizes the change.

<server_settings>

<search_places enabled="true" anonymous="true">

<domain_catalog_server ssl="false">

<port>80</port>

<domino_server_name>qpdcs/Haiku</domino_server_name>

<path_prefix></path_prefix>

<hostname>qpdcs.ibm.com</hostname>

</domain_catalog_server>

</search_places>

</server_settings>



The following table describes the search_places settings.

Setting Description

enabled When set to true (default):

v Enables users to see and use the All Places advanced search

option on the server.

v Allows users to use Search Places on the Domain Catalog

server.

When set to false:

v Hides the All Places advanced search option on the server.

v Returns an error when Search Places requests are made to the

Domain Catalog server.

anonymous When set to true allows anonymous users to search across

places.

When set to false (default) returns an error when anonymous

users issue Search Places requests to the Domain Catalog server.

If you allow anonymous users to search across places, and the

manager of a particular place does not want to expose the

contents of the place to anonymous users through the Search

Places feature, the manager should make sure that anonymous

access to the place is disabled, and limit the place membership

to specified users and groups in the directory.

If you allow anonymous access, make sure that anonymous

users have the same access as the -Default- access in the ACL

for CATALOG.NSF on the Domain Catalog server.

SSL* When set to true defines that SSL generates the URL for the

domain catalog server (HTTPS). When set to false (default)

defines that HTTP generates the URL.

port* Defines the port used in the URL for the Domain Catalog server.

path_prefix* Defines a path prefix for the URL for the Domain Catalog

server.

hostname* Specifies the hostname of the Domain Catalog server.


Setting Description

domino_server_name* Specifies the Domino server name of the Domain Catalog server

for example, ServerCatalog/Acme. Before removing places from

this server, the server does a lookup to the Domain Catalog

server to verify if the search index is cleared.

*Use these settings on any Lotus QuickPlace server that is not the Domain Catalog

server. Do not use them on the Domain Catalog server.

Customizing the My Places feature

External users use the My Places feature to see a list of links to all the places of

which they are members. When a user signs into a place, the current page displays

the My Places list. You can customize the My Places feature in the following ways:

v Open places in a new browser window

v Use a custom application for My Places

v Add parameters to the My Places URL

Opening places in a new browser window

When a user clicks a place link in the My Places list, by default Lotus QuickPlace

opens the place in the current browser window. Use the following setting in the

qpconfig.xml file to open a place accessed through My Places in a new browser

window instead:

<server_settings>

<my_places>

<place_links open_new_window="true"/>

</my_places>

</server_settings>

Using a custom application for My Places

Use the place_ui setting in the qpconfig.xml file to specify a URL to call a custom

portal application for displaying My Places. For example, specify the following in

the qpconfig.xml file:

<server_settings>

<my_places>

<place_ui enabled="true">

<url>https://portal.abc.com/myplaces</url>

</place_ui>

</my_places>

</server_settings>

Adding parameters to the My Places URL

You can specify settings for a one-time use of My Places by appending one or

more parameters to the Lotus QuickPlace server’s My Places URL. The My Places

URL for a Lotus QuickPlace server is

http://servername/QuickPlace/quickplace/Main.nsf/h_Toc/22049553D70E00EF85256BB60054A7CB

To create and use a modified My Places URL:

1. Click My Places and append one or more of the following case-sensitive

parameters to the My Places URL. Precede each parameter with an ampersand

(&).


URL Parameter Description

Start=place number Specifies the place number in the place index at

which My Places begins displaying places. The

number of the first place in the index is 0. For

example, if you specify 10, the first place listed

in My Places is the 11th place down in the

place index. My Places applies any sort and

exclusion settings before applying the Start

parameter.

Count=number of places Specifies the maximum number of places to

display per page.

Note: To display a list of all places which you

can then, for example, print out, specify a

number of places that you know exceeds the

total number.

StartAtLastPage Displays the last page of My Places.

StartKey=first characters of sort key Displays places beginning with the first place

whose currently-selected sort key starts with

the specified character or characters.

ResortAscending=column number Sorts My Places in ascending order by the

values in the specified column number, starting

at 0 (zero), which is the ″Name″ column.

ResortDescending=column number Sorts My Places in descending order by the

values in the specified column number, starting

at 0 (zero), which is the ″Name″ column.

2. Press Enter to apply the parameters to the My Places list.

3. (Optional) Bookmark the URL.

Example of adding parameters to the My Places URL

The following example displays eight places, starting at the eleventh place (the

first place is numbered ″0″).

http://serverName/QuickPlace/quickplace/Main.nsf/h_Toc/

22049553D70E00EF85256BB60054A7CB/?OpenDocument&Start=10&Count=8

The following example displays the last page of My Places:


22049553D70E00EF85256BB60054A7CB/?OpenDocument&StartAtLastPage

The following example displays the places whose name starts with ″xyz″ when My

Places is sorted by the default sort key, place name:


22049553D70E00EF85256BB60054A7CB/?OpenDocument&StartKey=xyz

The following example sorts My Places in ascending order by title:


22049553D70E00EF85256BB60054A7CB/?OpenDocument&ResortAscending=1

The following example displays the places whose titles start with ″Acme″ when

My Places is sorted by title:


22049553D70E00EF85256BB60054A7CB/?OpenDocument&StartKey=Acme


Customizing Web page caching

Web page caching greatly improves the response time of the Lotus QuickPlace

server. Without a cached copy of a Web page, the HTTP server must access the

database upon every HTTP request, which results in a slower response time for the

Lotus QuickPlace server. If a Web page is cached on the Lotus QuickPlace server,

the server only has to pick up the page from the database one time, and then

create a user-specific, cached copy of the page at that time. Upon subsequent

requests for the page, the server retrieves and provides the cached copy, as long as

it is still valid. If the server is brought down, the existing cache is maintained after

the server is brought back up.

Certain actions cause the cache for a page to become invalid. Once a cached paged

is invalid, the next time the page is accessed it is re-cached. Following are some

examples of how the entire cache or specific pages within the cache can become

invalid:

v A change to the Lotus QuickPlace Server Settings, for example a change to the

default maximum attachment size allowed, invalidates all places on the server

(the entire cache).

v If the Place Catalog is enabled, a change in the Place Catalog database

invalidates the entire cache.

v A change in qpconfig.xml invalidates the entire cache.

v A change to place membership -- a member is added, modified, or deleted --

invalidates the cache for all databases associated with that place -- main.nsf and

all the inner rooms. A change to inner room membership invalidates the cache

for that particular room and its child rooms.

v A change in rooms -- a room is created or deleted -- invalidates the cache for all

databases associated with that place.

v A page published in the Main room (main.nsf) invalidates the cache for all

databases associated with that place.

v A page published in a parent room invalidates the cache for the parent room

and the child rooms below it.

v A page published in a child room invalidates the cache for the child room and

for any rooms below it. The cache for the parent room pages remain valid.

v A customization to a parent room, for example a theme change or a custom

form, invalidates the cache for the parent room and the child rooms below it.

Web page cache settings

Lotus QuickPlace administrators can use notes.ini settings to change the following

preferences for the server cache:

v Enable or disable caching

v Set the cache directory

v Set the cache size limit

v Set the time interval for cache cleaning

v Set the cache for anonymous users only

v Enable or disable logging

To enable the cache

Set ″QuickPlaceWebCacheEnabled=1″ in the notes.ini file.

To disable server caching, set ″QuickPlaceWebCacheEnabled=0″


The server cache is enabled by default.

To set the cache directory

Set ″QuickPlaceWebCacheDir= <full path>″ in the notes.ini file.

If this variable is not set in the notes.ini file, then it is automatically set to the

default directory: (<NOTESPROGRAM>\data\domino\quickplace\cache).

If a specified directory path is invalid, the server cache is disabled.

To set the cache size limit

Set ″QuickPlaceWebCacheLimitInMB = <size in MB>″ in the notes.ini file.

If this variable is not set in the notes.ini file or if the size given is not a positive

number, then the variable is automatically set to the default size of 50MB.

To set the time interval for cache cleaning

Add ″QuickPlaceWebCacheGCIntervalInMIN= <time interval in minutes>″ to the

notes.ini file.

If this variable is not set in the notes.ini file, or if the value given is not a positive

number, then it is automatically set to the default value of 60 minutes.

To set the cache for anonymous users only

Add ″QuickPlaceWebCacheUsers= Anonymous″ to the notes.ini file.

The default value for this setting allows server caching for all users when the

cache is enabled. Changing this setting disables caching for all other users.

To enable logging for the server cache

Set QuickPlaceWebCacheLogging = < log level> in the notes.ini file.

The logging setting has three levels: 1, 2, or 3, where 1 is the least detailed and 3 is

the most detailed. Logging is written to log.nsf.

Hiding the Sign In and Sign Out links

After a user signs in to a place, Lotus QuickPlace displays the Sign In and Sign

Out links in the Lotus QuickPlace user interface by default. You can configure

Lotus QuickPlace to hide the Sign In and Sign Out links after a user signs in. You

might want to hide the links if single sign-on is enabled on the server, or if Lotus

QuickPlace is running on a public pedestal, for example, at a trade show. To hide

the Sign In and Sign Out links, specify the following settings in the qpconfig.xml

file, and then restart the HTTP task.

<server settings>

<authentication>

<sign_out enabled="false"/>

<sign_in enabled="false"/>

</authentication>

</server settings>


Enabling image caching in environments that don’t use single sign-on

A Lotus QuickPlace server stores images from places in the resources.nsf database

and in the Lotus QuickPlace file system. You can set up a server to cache the

images in resources.nsf on the browser when users first access a place. Then when

users access additional places, the cached images are used, which load more

quickly than images loaded from the server. Image caching is supported only in

Lotus QuickPlace environments that do not use single sign-on authentication.

To enable image caching:

1. Add the following notes.ini setting to the Lotus QuickPlace server:

h_ScopeURLinQP=0

2. Enter the following command at the server console:

restart server

Disabling page compression

Lotus QuickPlace compresses the content in HTML pages it transmits to clients if

the browser supports compression. The compression reduces the size of HTML

transmissions to 30% or less of the uncompressed size, with the result that users

can open large pages more quickly. Only HTML and text is compressed, not

images or attachments.

Page compression is enabled by default. If page compression is not supported in

your environment, use the following qpconfig.xml setting to disable page

compression, and then restart the HTTP task:

<server_settings>

<page_compression enabled="false">

</page_compression>

</server_settings>

Displaying CGI variables in Lotus QuickPlace HTML source pages

By default, Lotus QuickPlace HTML source pages viewed through a browser do

not display Common Gateway Interface (CGI) variables. These variables are not

displayed because they contain potentially sensitive information, for example

information about the remote host and its users. However, you can enable the

display of CGI variables, for example if you want to copy the variables from the

source pages for use in custom applications.

To enable the display of CGI variables, use the following setting in the

qpconfig.xml file on the server, and then restart the HTTP task:

<server_settings>

<cgi_variables enabled="true"/>

</server_settings>

For more information on creating and specifying settings in the qpconfig.xml file,

see the chapter ″Lotus QuickPlace Administration Overview.″

Customizing user notifications settings

Use qpconfig.xml settings to configure a variety of settings related to Lotus

QuickPlace user notifications. For example use qpconfig.xml settings to specify the

text displayed in the password prompt of place invitations or to specify whether

notifications sent to groups show the members of the groups.


Use notes.ini settings to configure where Lotus QuickPlace sends replies to e-mail

sent from places.

Note: You configure the underlying Lotus QuickPlace mail routing through

Domino. For more information, see Domino Administrator Help.

Using qpconfig.xml settings to configure notifications

Use the following section in qpconfig.xml file to specify a variety of settings for

user notifications. Copy the following from qpconfig_sample.xml to qpconfig.xml,

and customize the settings to suit your needs. After you have customized settings,

restart the HTTP task so that Lotus QuickPlace recognizes the changes.

For information on creating the qpconfig.xml, see the chapter ″Lotus QuickPlace

Administration Overview.″

<server_settings>

<notifications>

<place_invitation>

<password_message>Your intranet password.</password_message>

</place_invitation>

<calendar>

<client_types>

<notes5 enabled="true"/>

<msoutlook enabled="true"/>

</client_types>

</calendar>

<recipient_rules>

<expand_external_groups enabled="true"/>

<allow_ambiguous_sendto enabled="false"/>

</recipient_rules>

</notifications>

</server_settings>

The following table describes these settings.

Setting Description

password_message Specifies the password prompt that appears in

external users’ invitations to visit places

notes5 enabled When set to true (default), enables Lotus Notes 5

support for calendar notifications. When set to false,

disables this support.

msoutlook enabled When set to true (default), enables Microsoft

Outlook support for calendar notifications using

icalendar standards specified in RFC 2445. When

set to false, disables this support.

expand_external_groups enabled When set to true (default), when mail is addressed

to an external group, the place expands the group

and lists each member’s e-mail address in the

notification.

When set to false, the notifications do not expand

the group members. Instead the mail router is given

the group names to resolve.

allow_ambiguous_sendto enabled When set to true, allows users to send notifications

to ambiguous names from an external directory and

have the mail router resolve the names.

When set to false (default), users can send

notifications only to valid e-mail addresses.


Configuring where Lotus QuickPlace routes replies to e-mail

from places

By default if a user replies to one of the following types of e-mail notifications,

Lotus QuickPlace routes the reply to a database called DeadMailQP.nsf on the

Lotus QuickPlace server:

v Notification sent by a place automatically, such as a ″What’s New″ notification.

v Notification sent from a place by a user who has no specified e-mail address.

By default Lotus QuickPlace also routes all delivery failure notifications to

DeadMailQP.nsf.

To instead route these types of replies as well as delivery failure notifications to the

default mail location of the places from which the e-mails come, delete the

following setting from the notes.ini file on the server:

h_UndelivMail

Or, to send these types of replies as well as delivery failure notifications to the

default mail location of one specified place, modify these notes.ini settings:

h_UndelivMail=placename

$h_MailDomain=domainname

where placename is the name of the place to route the mail, and domainname is the

fully qualified domain name of the server that hosts the place.

For example, specify:

[email protected]

Specifying a footer that appears on all pages

You can specify an HTML footer of up to 255 characters in the server_messages

section of qpconfig.xml to display HTML on the bottom of all pages on the Lotus

QuickPlace server. For example you might specify a corporate logo, administrative

message, or corporate disclaimer.

For more information on creating and specifying settings in the qpconfig.xml file,

see the chapter ″Lotus QuickPlace Administration Overview.″

For example, to display Acme Corporation in bold text in page footers, specify the

following, and then restart the HTTP task:

<server_settings>

<server_messages>

<footer>

<![CDATA[<b>Acme Corporation</b>]]>

</footer>

</server_messages>

</server_settings>

To insert an image in the footer, put the image file in the data\domino\html

directory and reference it in the footer setting as <img src=″/[filename].gif″>. Or

put the image file in the data\domino\icons directory and reference it as <img

src=″/icons/[filename].gif″>.


For example, put the image file logo.gif in the data\domino\html directory and

specify the following in qpconfig.xml:

<server_settings>

<server_messages>

<footer>

<![CDATA[<img src="/[logo].gif">]]>

</footer>

</server_messages>

</server_settings>

Enabling and disabling the UTF-8 Domino server setting

UTF-8 is an encoding format for Unicode. The Domino server document has a

setting, ″Use UTF-8 for Output,″ which changes the default character encoding of

the Domino HTTP server to UTF-8. If the Lotus QuickPlace server is running with

the GB-18030 code page, then this server setting must be set to Yes.

If the UTF-8 setting is not configured appropriately, your Domino server

administrator must change the setting in Domino. For more information on

changing the UTF-8 setting in Domino, see Domino Administrator Help.

Tracking the number of active Lotus QuickPlace users

To track the number of active users of a Lotus QuickPlace server, you use standard

Domino Web server logging to log user access information to text files. Then you

can use available tools to extract the names of each unique user. To retrieve the

total number of active users in the Lotus QuickPlace service, you must set up each

Lotus QuickPlace server in the service to generate log files.

When you set up the HTTP task to log user access information to text files, the

HTTP task creates one log file a day that contains information about each user

session with the Lotus QuickPlace server. The default name format for the log files

is access<date>.log, where <date> is the date the log file is created in the format

MMDDYYYY.

To set up logging of user access

To set up the HTTP task on a Lotus QuickPlace server to log user access

information to text files, do the following:

1. Open the Server document for the Lotus QuickPlace server in the Domino

Directory in edit mode.

2. Click the Internet Protocols - HTTP tab.

3. In the Log files field, selected Enabled.

4. In the ″Directory for log files″ field, specify an existing directory path for the

log files. The HTTP task creates log files only if the specified directory path

exists.

5. In the Access log field, specify the prefix for the log files. The default prefix is:

access.

6. Click Save and Close.

For more information on Web server logging and other log settings in the Server

document, see Domino Administrator Help.


To extract the names of Lotus QuickPlace users from log files

on AIX and Solaris

There are many tools available to extract the names of users from the log files and

to exclude irrelevant information. One of the simpler methods available is using

native operating system commands. Following are some examples of using the tr,

grep, and sort commands on a UNIX system to extract user names from log files.

Example of extracting names from one log file

The following commands translate the contents of the file, access03252002.log, to

uppercase letters, extract only the lines that contain the character string ″ CN=″,

eliminate any duplicate names, and write the resulting list to the file,

uniquename.log.

tr ″[:lower:]″ ″[:upper:]″ < access03252002.log | grep ″ CN=″ | sort -u -k 3,3 >

uniquename.log

Example of extracting names from multiple log files

The following commands process two log files, access03252002.log and

access03262002.log, to produce the unique user list.

tr ″[:lower:]″ ″[:upper:]″ < access03252002.log | grep ″ CN=″ | sort -u -k 3,3 >>

tempname.log

tr ″[:lower:]″ ″[:upper:]″ < access03262002.log | grep ″ CN=″ | sort -u -k 3,3 >>

tempname.log

sort -u -k 3,3 < tempname.log > uniquename.log

The following Korn shell commands process all the log files generated by one

server in the month of May to produce the unique user list.

for %f in (access05*.log) do tr ″[:lower:]″ ″[:upper:]″ < %f | grep ″ CN=″ | sort -u

-k 3,3 >> tempname.log

for f in `ls -1 access05*log`

do

tr ″[:lower:]″ ″[:upper:]″ < %f | grep ″ CN=″ | sort -u -k 3,3 >> tempname.log

done

sort -u -k 3,3 tempname.log > uniquename.log

Example of extracting names from log files on multiple

servers

To extract a list of active user names of a Lotus QuickPlace service that consists of

multiple servers, you run the commands described in the examples above on each

server, putting the output into a single network file that all servers can access. You

then use that network file to generate the final output.


For example, if the Lotus QuickPlace service consists of two Lotus QuickPlace

servers, X and Y, and the network file is n:\log\tempname.log, run Korn shell

commands such as the following ones on each server:

On server X run:

for %f in (access*.log) do tr ″[:lower:]″ ″[:upper:]″ < %f | grep ″ CN=″ | sort -u -k

3,3 >> X_tempname.log

for f in `ls -1 access*.log`

do

tr ″[:lower:]″ ″[:upper:]″ < %f | grep ″ CN=″ | sort -u -k 3,3 >> X_tempname.log

done

sort -u -k 3,3 X_tempname.log > n:log\tempname.log

On server Y run:


3,3 >> Y_tempname.log

for f in `access*.log`

do

tr ″[:lower:]″ ″[:upper:]″ < %f | grep ″ CN=″ | sort -u -k 3,3 >> Y_tempname.log

done

sort -u -k 3,3 Y_tempname.log > n:log\tempname.log

Then use the following command to sort and generate the final list of names:

sort -u -k 3,3 < n:\log\tempname.log > uniquename.log

If there are many servers and log files to process, you can automate the steps by

programming them in a cmd file (Windows) or a script file (UNIX).

To extract the names of Lotus QuickPlace users from log files

on Windows

The tr, grep, and sort commands mentioned in the preceding topic are not

available natively on the Windows operating system. However, you can obtain

software that makes the UNIX functionality available on Windows through the

following sources:

v MKS Toolkits, a commercial software package. For information, see:

http://www.mkssoftware.com/products/.

v The GNU Project, sponsored by the Free Software Foundation. GNU provides

the source form of the commands for Windows. The binary form of the

commands can be obtained from the Internet, one example being

http://gnuwin32.sourceforge.net/. Obtain textutils, grep, and their supporting

libraries, libintl.dll in gettext package libiconv.dll in libiconv package, and

pcre.dll in pcre package. For more information, see http://www.gnu.org/.


If you use either of these packages, the commands to use on Windows then are

ones described below.

Note: Windows has a sort command stored in the \WINNT\System32 directory,

but the command does not work for the purpose described here. Make sure

to use the sort command provided with the software you obtained, rather

than the one provided with Windows.

Example of extracting names from multiple log files on

Windows

The following commands process all the log files generated by one server in the

month of May to produce the unique user list.

for %f in (access05*.log) do tr ″[:lower:]″ ″[:upper:]″ < %f | grep ″ CN=″ | sort -u

-k 3,3 >> tempname.log

tr ″[:lower:]″ ″[:upper:]″ < %f | grep ″ CN=″ | sort -u -k 3,3 >> tempname.log

sort -u -k 3,3 tempname.log > uniquename.log

Example of extracting names from log files on multiple

servers on Windows

For example, if the Lotus QuickPlace service consists of two Lotus QuickPlace

servers, X, and Y, and the network file is n:\log\tempname.log, run commands

such as the following ones on each server:

On server X run:


3,3 >> X_tempname.log

tr ″[:lower:]″ ″[:upper:]″ < %f | grep ″ CN=″ | sort -u -k 3,3 >> X_tempname.log

sort -u -k 3,3 X_tempname.log > n:log\tempname.log

On server Y run:


3,3 >> Y_tempname.log

tr ″[:lower:]″ ″[:upper:]″ < %f | grep ″ CN=″ | sort -u -k 3,3 >> Y_tempname.log

sort -u -k 3,3 Y_tempname.log > n:log\tempname.log

Then use the following command to sort and generate the final list of names:

sort -u -k 3,3 n:\log\tempname.log > uniquename.log


Chapter 8 Using QPTool Commands

This chapter describes how to complete various Lotus QuickPlace administration

tasks using QPTool commands.

QPTool

QPTool is a server task that you run with arguments to do administrative tasks.

You can use the QPTool command to complete the following tasks:

v Add external members to places

v Change user and group names in places

v Change the hierarchy of names in places

v Update external member information in places

v Manage expanded membership

v Reset local user passwords

v Remove members from places

v Send newsletters to subscribers

v Send mail to managers and members of places

v Register and unregister places and servers

v Automate replica stub creation

v Upgrade places and PlaceTypes

For information on upgrading places and PlaceTypes, see the Lotus QuickPlace

Installation and Upgrade Guide.

v Refresh places and PlaceTypes

v Lock and unlock places

v Archive places

v Remove places or PlaceTypes

v Update statistics in the Place Catalog

v Generate reports about places and servers

v Repair places

v Clean up dead mail

v Add and remove graphic text fonts

v Execute an XML API file

Running QPTool

QPTool commands are designed to be used while the Lotus QuickPlace server is

running.

To run QPTool from the Domino server console, enter:

load qptool [command] [arguments]

where [command] is a QPTool command and [arguments] are one or more

supported arguments for the command.

For example, to lock a place called place1 from the Domino server console, enter

the following command:


load qptool lock -p place1

To run QPTool from the command prompt:

1. Navigate to the Domino program directory.

2. Enter one of the following commands:

v On Windows:

nqptool [command] [argument]

v On AIX or Solaris:

qptool [command] [argument]

v On i5/OS:

qptool server [servername][command] [arguments]

where [servername] is the name of the Lotus QuickPlace server.

You can also run QPTool from a batch file or other program.

The Place Catalog reflects changes that result from QPTool commands.

For more information on the Place Catalog, see the chapter ″Setting Up the Place

Catalog.″

Using the -i argument with QPTool commands

Most QPTool commands support the use of the -i argument. The -i argument

enables you to use an XML input file located in the server program directory to

indicate on which place or places a QPTool command runs. Except for QPTool

execute, which is used by programmers to execute XML code, a QPTool command

reads only the list of places(s) in the XML input file.

Typically you specify an XML input file that a previous QPTool command

generated as output. For example, suppose you use the QPTool report command to

report on all places last accessed before a specified date. You could then use the

XML output file generated by the report command as input to a QPTool sendmail

command that notifies place managers of these inactive places.

Using QPTool commands in a cluster

When you run a QPTool command on a server in a cluster, Lotus QuickPlace

applies the command only to the server on which you run it. The results of the

command then replicate to the other servers in the cluster. For example, if you lock

a place on one server in a cluster, the place is locked immediately only on that

server. The place is locked on the other servers after replication replicates the lock

property on the place’s databases to the other servers.

The QPTool report command can gather information from all servers in a cluster.

However, if the results of the report command are supplied as input to another

qptool command, the other qptool command only acts immediately on the places

on the server from which you issue the command.

Adding external members to places

You can use the QPTool addmember command to add a name from a user

directory as a member of a place or places. When you use the addmember

command rather than the Lotus QuickPlace user interface, you can add a member

to multiple places at once. When you use the addmember command, you must use

the -reader, -author, -editor, or -manager argument to specify the access the


member has to the place’s main room. Optionally, you can use the -allrooms

argument to apply the member’s main room access to all subrooms.

If you use the Lotus QuickPlace user interface to change an existing external

member’s access to the main room in a place, subrooms do not inherit the access

change. To change an existing member’s access to all rooms in a place, you can use

the QPTool removemember command to delete the member from the place, and

then use QPTool addmember with the -allrooms argument to add the member

again with the new access.

Note: You can’t use the addmember command to add local members. You can’t

use addmember to add external members to the QuickPlace/quickplace.

The syntax for the addmember command is:

load qptool addmember arguments

The following table describes the supported arguments.

Argument Description

-? Prints help on the command.

-dn name Specifies the name of an external user or group to

add as a member. If the name contains at least one

space, include quotation marks (″ ″) around it.

Specify the name exactly as it is defined in the

directory (including spaces), for example:

″cn=Connor Jones,ou=Sales,o=Acme″

Note: Lotus QuickPlace does not look up the name

in the user directory to verify the name you specify.

Be sure the name you specify is valid.

-g Indicates that a name specified for the -dn

argument is the name of a group.

You must use this argument to add an external

group. If you use qptool addmember without the -g

argument to add an external group as a member of

a place, users who are members of the group can’t

access the place through the group membership,

and the group may not show up in the user

interface in some places.

-reader Adds the specified name as a Reader of a place.

-author Adds the specified name as an Author of a place.

-editor Adds the specified name as an Editor of a place.

-manager Adds the specified name as a Manager of a place.

-allrooms Applies the place access specified for the name to

all rooms in a place. If you omit this argument, the

name’s specified access applies only to a place’s

main room.

-a Adds the specified name as a member of all places

on the server.

-p place(s) Adds the specified name as a member of a specific

place or space-separated list of places.

Chapter 8 Using QPTool Commands 101


-i inputfilename XML input file located in the server program

directory that specifies the places in which to add

an external member.

-o outputfilename XML output file that logs the results of the

command. By default the command logs results to

qptool.addmember.xml in the server program

directory.

The following table provides examples of the qptool addmember command.

Task Command

Add the user cn=Connor

Jones,ou=Sales,o=Acme as an author

of all rooms in Place1

load qptool addmember -dn ″cn=Connor

Jones,ou=Sales,o=Acme″ -author -allrooms -p Place1

Add the group

cn=Salesgroup,o=Acme as a reader of

the main room in all places

load qptool addmember -dn cn=Salesgroup,o=Acme

-g -reader -a

Changing user and group names in places

Use the QPTool changemember command to change the name of a local user,

external user, or external group in specified places. The original name is known as

the source name and the name you change to is known as the target name.

Using changemember, you can do the following tasks:

v Change a user or group name to a new name -- for example, change the name of

a user who recently married so the user can continue to access a place using the

new name. In this case, the target name is a new name.

v Change the name of a user or group to the name of another existing user or

group -- for example, change the name of a user who leaves the company to the

name of a remaining user who assumes the original user’s responsibilities. The

access the target name has to places is the higher level of access between the

source and target names. For example, if the source name is a manager of a

place and the target name is a reader of the place, the target name becomes a

manager of the place and has access to all pages previously accessible to the

source and target names. The same access control principle applies to room

access.

v Change the name of a local user to the name of an external user in a user

directory -- for example, to move from a pilot deployment that uses local users

to a production deployment that uses a corporate directory.

You can make these combinations of name changes:

v Local user name to local user name

v Local user name to external user name

v External user name to external user name

v External group name to external group name

Note: If an external user is not listed explicitly as a member of a place, but instead

accesses the place through membership in an external group, the user’s

name is not listed as a member in the place’s Contacts1.nsf database, but is

included in security fields within the place. For example, if the user creates


a page, the user’s name is listed in the page’s h_Authors field. If you use the

changemember command to change the user’s name in a place, the name is

changed in these security fields and the user’s access to the place continues.

You cannot make these combinations of name changes:

v External user name to local user name

v External group name to local user name

v External group name to external user name

v Local user name to external group name

v External user name to external group name

The syntax for the changemember command is:

load qptool changemember arguments

The following table describes the arguments. When a name specified as an

argument contains spaces, include quotation marks (″) around the name.



-sourcedn name Specifies the original distinguished name of an

external user or external group exactly as the name

is defined in the external directory, for example,

″cn=Connor Jones, ou=Sales,o=Acme.″

Include any spaces in the name. Specify the letter

case (uppercase or lowercase) correctly.

-sourceu name Specifies the original name of a local user, for

example, ″Joe Smith.″

-sourceg Indicates that the specified source name is that of an

external group.

-targetdn name Specifies the new distinguished name of an external

user or external group. Specify the name exactly as it

is defined in the external directory, for example:

″cn=Representatives,ou=Sales,o=Acme″



Note: Lotus QuickPlace does not look up the target

name in the user directory to verify the name you

specify. Be sure the name you specify is valid.

-targetu name Specifies the new name of a local user, for example,

″Joe Smith.″

-targetg Indicates that the specified target name is that of an

external group.

-p place(s) Specifies a place or a space-separated list of places in

which to rename the user or group.


directory that specifies the places in which to

rename the user or group.



qptool.changemember.xml in the server program

directory.


The following table provides examples of using the qptool changemember

command.

Task Command

Change the name of local user name

to an external user name.

>load qptool changemember -p PlaceName -sourceu

localuser -targetdn

″CN=ExternalUser,O=[Organization]″

Change an external user name to an

external user name.

>load qptool changemember -p PlaceName

-sourcedn ″CN=External User,O=[Organization]″

-targetdn ″CN=New External

User,O=[Organization]″

Change an external group name in

multiple places.

>load qptool changemember -p PlaceName1

PlaceName2 -sourceg -sourcedn ″CN=External

Group,O=[Organization]″ -targetg -targetdn

″CN=New External Group,O=[Organization]″

Changing the name hierarchy of names in places

You can use the QPTool changehierarchy command to change the hierarchy in the

names of external users and groups in places. For example, if your company name

changes and you change the names of users and groups in a user directory to

reflect the change, you can then use the changehierarchy command to change the

names in places. Or if you create a new group with a new hierarchy in your

external directory to encompass what was previously two groups, you can change

the names of the original groups in places to the name of the new group.

The changehierarchy command does not operate on local users.

The syntax for the changehierarchy command is:

load qptool changehierarchy arguments

The following table describes the arguments you can use with the command.



-sourceh hierarchy Specifies the original name hierarchy to change, for

example, ou=people,o=group. If the hierarchy

includes spaces, place quotation marks around it.

-targeth hierarchy Specifies the new name hierarchy, for example,

ou=people2,o=group. The name hierarchy you

specify should correspond to a valid name

hierarchy in the external directory. If the hierarchy

includes spaces, place quotation marks around it.

-a Changes the names of external users and groups

that use the original name hierarchy to the new

name hierarchy in all places.

-p place(s) Changes the names of external users and groups


name hierarchy in a place or a space-separated list

of places.



-i inputfilename Changes the names of external users and groups


name hierarchy in places specified in an XML input

file located in the server program directory.



qptool.changehierarchy.xml in the server program

directory.

The following table provides examples of using the changehierarchy command.

Note: If an external user is not listed explicitly as a member of a place, but instead

accesses the place through membership in an external group, the user’s

name is not listed as a member in the place’s Contacts1.nsf database, but is

included in security fields within the place. For example, if the user creates

a page, the user’s name is listed in the page’s h_Authors field. If you use the

changehierarchy command and the name hierarchy you are changing

applies to the user’s name in a place, the user’s name is changed in these

security fields and the user’s access to the place continues.

Task Command

Change the names of users and

groups within the hierarchy

ou=boston,o=acme to the hierarchy

ou=detroit,o=acme in the place P1

>load qptool changehierarchy -sourceh

ou=boston,o=acme -targeth ou=detroit,o=acme -p

P1

Changes the names of users and

groups with the hierarchy

ou=boston,o=acme to the hierarchy

ou=detroit,o=acme in all places

>load qptool changehierarchy -sourceh

ou=boston,o=acme -targeth ou=detroit,o=acme -a

Updating external member information in places

When information about an external member changes in the user directory, use the

QPTool updatemember command to update the information in places. The

updatemember command updates the following information:

v E-mail address (external users)

v First name (external users)

v Last name (external users)

v Phone number (external users)

v Display name (external users)

v Display name (external groups)

QPTool updatemember does not operate on local members.

The syntax for the updatemember command is:

load qptool updatemember arguments

The following table describes the arguments.





-dn name Specifies the name of an external user or group

whose member information has changed in the user

directory. If the name contains at least one space,

include quotation marks (″ ″) around it, for

example:. ″cn=Connor Jones,ou=Sales,o=Acme″

Specify the name exactly as it is defined in the

external directory. Include any spaces in the name.

Specify the letter case (uppercase or lowercase)

correctly.

f you use this argument, do not use -allmembers.

-allmembers Updates all external member information in the

specified place(s). If you use this argument, do not

use -dn name.

-g Indicates that a name specified for the -dn

argument is the name of a group.

-a Updates external member information in all places

-p place(s) Updates external member information in a specific

place or space-separated list of places.


directory that specifies the places in which to

update external member information.



qptool.updatemember.xml in the server program

directory.

You can run qptool updatemember -allmembers -a on a scheduled basis. How

often you should run the command depends on how often the contents of your

user directory changes.

The following table provides examples of the qptool updatemember command.

Task Command

Update the member information for

the user cn=Connor

Jones,ou=Sales,o=Acme in all places

load qptool updatemember -dn ″cn=Connor

Jones,ou=Sales,o=Acme″ -a

Use the notes.ini file to update all

member information in all places

daily at 3 AM.

ServerTasksAt3=qptool updatemember -allmembers

-a

Update the member information for

the group cn=Adminstrators,o=Acme

in all places

load qptool updatemember -dn

cn=Administrators,o=Acme -g -a

Note: The updatemember command does not change an external member’s

distinguished name stored internally in places and used for access control. If

external members’ distinguished names change in the user directory, use the

QPTool changemember command or changehierarchy command to update

the distinguished names in places.


Managing expanded membership

Expanded membership is a feature that allows a place to have up to 4000

individual users as members. Expanded membership generates groups in an LDAP

directory to store the names of external user members, and then uses these groups,

rather than the individual user names, in room ACLs. Use the QPTool

membershipmodel command to do the following tasks related to use of the

expanded membership feature:

v Enable one or more places to use expanded membership.

v Delete and then recreate expanded membership groups, and update room ACLs

after specifying a new directory server or base distinguished name for the

expanded membership groups in the qpconfig.xml file. For complete

instructions, see the chapter ″Setting Up Security.″

v Delete and recreate expanded membership groups if they become corrupt or out

of synchronization with their places. The failure of My Places or cross-place

searches to work can be an indication of these problems.

CAUTION:

Do not use the membershipmodel command until you have read about

expanded membership and how to set it up. For information, see the chapter

″Setting Up Security.″

The syntax for the membershipmodel command is:

load qptool membershipmodel arguments

The following table describes the arguments for the command.



-toexpanded Converts places to expanded membership.

-rmgroups Removes existing expanded membership groups

from the directory server that currently stores them.

-basedn If you’ve changed the base distinguished name

configured in the expanded membership model

section of the qpconfig.xml file, use this command

to change the names of the groups in place ACLs to

reflect the change. For complete instructions, see the

chapter ″Setting Up Security.

-addgroups If you’ve used the -rmgroups argument, use this

argument to re-create the groups.

-a When used with the -toexpanded argument, runs

the command on all places that do not use


When used with the -rmgroups, -basedn, or

-addgroups arguments, runs the command on all

places that use expanded membership.

-p places Runs the command on a place or a space-separated

list of places.

-i inputfilename Runs on places specified in an XML input file.





qptool.membershipmodel.xml in the server program

directory.

The following table provides examples of using the membershipmodel command.

Task Command

Enable ″placeofmanymembers″ to use


>load qptool membershipmodel -toexpanded -p

placeofmanymembers

Enable all places that do not

currently use expanded membership

to use expanded membership.

>load qptool membershipmodel -toexpanded -a

The expanded membership groups

for ″placeofmanymembers″ are not

synchronized correctly with the

place. To correct the problem, remove

the groups for

″placeofmanymembers″ from the

directory, then re-create them.

>load qptool membershipmodel -rmgroups -p

placeofmanymembers

>load qptool membershipmodel -addgroups -p

placeofmanymembers

Change the directory server or base

distinguished name used for the

expanded membership groups.

For information, see the chapter ″Setting Up

Security.″

Resetting local user passwords

Use the QPTool password command to reset passwords for a local user.

Note: To change the password for an external user, change the entry for the user

in the external directory.

The syntax for the password command is:

load qptool password arguments




-u name Specifies of the name of the local user whose

password you are changing. If the name has spaces,

include quotations marks around the name, for

example:

″Joe Smith.″

-pw password Specifies the new password.

-p place (s) Specifies a place or a space-separated list of places

on which to change the user’s password.


directory that specifies places on which to change

the user’s password.





qptool.password.xml in the server program

directory.

Task Command

Change the password for a local user

whose name has no spaces

>load qptool password -p placename -u joeuser -pw

newpassword

Change the password for a local user

whose name includes spaces

>load qptool password -p placename -u ″joe user″

-pw newpassword

Removing members from places

Use the QPTool removemember command to remove members from a place.

The syntax for the removemember command is:

load qptool removemember arguments




-dn name Name of an external user or group to remove. If the

name contains a space, include quotation marks

around it. Specify the name exactly as it is defined

in the external directory, for example:

″cn=connor jones,ou=sales,o=acme″



-g Indicates that a specified distinguished name is that

of a group.

-u name Name of a local user to remove. If the name

contains a space, include quotation marks around it,

for example:

″Jonathan Carter″

-a Removes the specified name from all places.

-p place(s) Removes the specified name from a place or a

space-separated list of places.


directory that specifies the places from which to

remove the specified name.



qptool.removemember.xml in the server program

directory.


The following table provides examples of using the removemember command.

Task Command

Remove the external user cn=connor

jones,ou=sales,o=acme from the place

P1

>load qptool removemember -dn ″cn=connor

jones,ou=sales,o=acme″ -p P1

Remove the external group

cn=managers,ou=groups,o=acme

from the place P1

>load qptool removemember -g -dn

″cn=managers,ou=groups,o=acme″ -p P1

Remove the local user Jonathan

Carter from the places P1 and P2

>load qptool removemember -u ″Jonathan Carter″

-p P1 P2


jones,ou=sales,o=acme from all places


jones,ou=sales,o=acme″ -a

Remove the external group

cn=managers,ou=groups,o=acme

from places specified in the XML

input file qptool.myremmem.xml

>load qptool removemember -i

qptool.myremmem.xml -g -dn ″cn=managers,ou-groups,o-acme″


jones,ou=sales,o=acme from the place

P1 and log the command output to

the non-default XML output file

qptool.myoutfile.xml


jones,ou=sales,o=acme″ -p P1 -o

qptool.myoutfile.xml

Sending newsletters to subscribers

Use the QPTool newsletter command to send daily and weekly newsletters to

members of places. Members of a place can receive daily newsletters if daily

newsletters are enabled for the place in Customize, Basics, and can receive weekly

newsletters if weekly newsletters are enabled in Customize, Basics. To receive a

newsletter, a member must subscribe to newsletters in the member information

page and must have a valid e-mail address.

Note: Lotus QuickPlace cannot mail newsletters to groups. If you want to mail a

newsletter to a user who is a member of a group, add the user as a member

of the place.

The syntax for the newsletter command is:

load qptool newsletter arguments




-daily Sends newsletters in daily format. By default the

NOTES.INI file includes the setting

ServerTasksAt1=qptool newsletter -daily -a so that

daily newsletters are sent at 1 AM for all places.

You can change the time when daily newsletters are

sent by modifying the NOTES.INI file or scheduling

the command through a Program document.



-weekly Sends newsletters in weekly format. Using a

Program document to schedule the mailing of

weekly newsletters for all places is recommended.

Weekly newsletters typically take longer to process

then daily newsletters, especially if there are many

members and places. Server performance can slow

during processing. Therefore, schedule the

newsletter -weekly command to run during

non-business hours, for example Friday evenings or

Saturdays.

Note: Place members who sign up to receive

weekly newsletters only receive them if you create

a Program document in the Domino Directory with

qptool newsletter -weekly -a and set a time and day

for the server to collect and send weekly

newsletters.

-a Sends newsletters for all places.

-p place(s) Sends newsletters for a place or a space-separated

list of places.

-i inputfile Sends newsletters for places specified in an XML

input file located in the server program directory.

-o outputfile Logs results to a specified XML output file. By

default logs results to qptool.newsletter.xml in the

program directory.

Sending mail to managers and members of places

Use the QPTool sendmail command to broadcast an e-mail message to managers or

to all members of a place. If a group is a manager or a member of a place, the

sendmail command sends mail to each member of the group. The sendmail

command is useful for communicating administration issues to place managers.

For example, you could send a broadcast e-mail to the managers of places if the

places have exceeded a predetermined size limit and will be archived.

The syntax for the sendmail command is:

load qptool sendmail arguments

The following table describes the arguments available for the command.



-template template XSL template file that specifies the message.

-managers Sends mail to managers only. Without this

argument, sends mail to all members, including the

managers.



-i inputfile A required argument that specifies the places and

other data in an XML input file located in the

server program directory. If you are using tags for

title, size, last_accessed or last_modified, values for

those fields must exist in the input file. The qptool

sendmail command only looks to the input file for

its data; it does not query the places for the tag

values.


default logs results to qptool.sendmail.xml in the

program directory.

Sample template file

You can use the following sample template and then customize it for your needs.

<?xml version="1.0"?>

<xsl:stylesheet

xmlns:xsl="http://www.w3.org/1999/XSL/Transform"

version="1.0"

xmlns:lsxlt="http://xml.apache.org/xslt"

xmlns:java="http://xml.apache.org/xslt/java">

<xsl:template match="place">

<mail>

<from>E-mail address here</from>

<cc>List of e-mail addresses here</cc>

<bcc>List of e-mail addresses here</bcc>

<subject>Subject string here</subject>

<body>

This mail is sent to members of place ’<xsl:value-of select=″./name″/>’ by qptool

sendmail using xsl as a mail template. Some other fields you might want to use

are:

TITLE: ’<xsl:value-of select="./title"/>’,

SIZE: ’<xsl:value-of select="./size"/>’,

LAST_ACCESSED: ’<xsl:value-of select="./last_accessed"/>’,

LAST_MODIFIED: ’<xsl:value-of select="./last_modified"/>’

</body>

</mail>

</xsl:template>

</xsl:stylesheet>

Note: You can include information about each place in the e-mail to managers or

members of that place. The tags used in the template look like:

’<xsl:value-of select=″./fieldname″/>’

where fieldname is the name of a field in the input XML.

Registering and unregistering places and servers on the server

Use the QPTool register command to do the following:


v Add place documents in the Place Catalog for places created prior to enabling

the Place Catalog or for places added from another server. Places require place

documents for the Lotus QuickPlace service to be aware of them.

v Adjust server-specific information for a place that has been moved from another

server or renamed on the same server.

v Restore a place that was previously archived.

v Register a server in the Place Catalog.

Use the QPTool unregister command to remove a place’s document from the Place

Catalog. For example, if the Place Catalog is down for any period of time,

unregister all places and then use the register command to register the place again

so that the Place Catalog contains up-to-date place information. Note that when

you use the remove command to remove a place, you do not have to use the

unregister command because the remove command automatically removes the

place document.

For more information on the Place Catalog, see the chapter ″Setting Up the Place

Catalog.″

The syntax for the register/unregister command is:

load qptool register[unregister] arguments




-placecatalog Registers/unregisters specified place(s) or server in

the Place Catalog.

-server Registers/unregisters the server on which the

command is run in the Place Catalog. The first time

you create a place on a server, the server is

registered in the Place Catalog automatically if the

Place Catalog is set up.

-install Installs and resets server-specific information for

places that have been:

v Moved to this server from another server

v Renamed on this server

v Restored from archive .

-a Registers/unregisters all places.

-p place(s) Specifies a place or a space-separated list of places

to register/unregister.


directory that specifies the places to

register/unregister.



qptool.register.xml or qptool.unregister.xml in the

server program directory.

Note the following:


v If you change the port or protocol settings for your server, you must run ″qptool

unregister -server″ and then ″qptool register -server″ to reset the information in

the Place Catalog.

v Before you run qptool register -install -a, run qptool remove -cleanup to avoid

creating partial entries in the Place Catalog associated with places marked for

removal.

The following table provides examples of using the qptool register/unregister

command.

Task Command

Register a server with the Place

Catalog

>load qptool register -server

Unregister a server with the Place

Catalog

>load qptool unregister -server

Register a place that has been moved

from another server, renamed on the

current server, or restored from

archive

>load qptool register -p placename -install

Unregister a place >load qptool unregister -p placename

Register a place in the Place Catalog

only

>load qptool register -p placename -placecatalog

Register multiple places that have

been moved from another server

>load qptool register -p place1 place2 place3 -install

Unregister multiple places >load qptool unregister -p place1 place2 place3

Register all places on the server in

the Place Catalog after upgrading to

version 7.0 and enabling the Place

Catalog

>load qptool register -a -placecatalog

Unregister all places on the server

(that is, remove from place catalog)

>load qptool unregister -a

Register places specified in an input

file

>load qptool register -i qptool.myinput.xml

Unregister places specified in an

input file

>load qptool unregister -i qptool.myinput.xml

Register a place and log results in a

non-default output file

>load qptool register -p placename -o

qptool.myout.xml

Unregister a place and log results in

a non-default output file

>load qptool unregister -p placename -o

qptool.myout.xml

Automating replica stub creation

After the creation of new places, rooms, and PlaceTypes, use the QPTool

replicamaker command to create replica stubs for the new places, rooms, and

PlaceTypes on other servers in a cluster. Note that after creation of the replica

stubs, cluster replication or standard replication must then replicate the new places,

rooms, and PlaceTypes to populate them initially and then keep them

synchronized.

The replicamaker command does the following:

v Creates replica stubs for MAIN.NSF and CONTACTS1.NSF on the local server or

another server when a place or PlaceType is created.


v Makes a new copy of SEARCH.NSF on the local server or another server when a

place is created.

v Creates replica stubs on the local server or another server for any new rooms.

Note: PlaceTypes replicate and the replicamaker command creates replica stubs for

PlaceTypes the same way it creates replica stubs for places.

For more information on PlaceTypes, see the chapter ″Managing PlaceTypes.″

The syntax for the replicamaker command is:

load qptool replicamaker arguments




-s sourceserver The name of one server involved with the

replication. If not specified, default is the local

server. If you don’t use -s, you must use -t.

-t targetserver The name of another server involved with the

replication. If not specified, default is the local

server. If you don’t use -t, you must use -s.

-a Creates replica stubs for all new places, rooms, and

PlaceTypes.

-p place(s) Creates replica stubs for a specific new place or

stubs for a space-separated list of new places.

-pt placetype(s) Creates replica stubs for a specified PlaceType or

stubs for a space-separated list of PlaceTypes.

Note: You cannot use XML input and output files with this command.

Examples of using the replicamaker command

Task Command

Do either of the following:

v For the new place P1 on the local

server, create replica stubs on the

server Server2/Acme.

v For the new place P1 on

Server2/Acme, create replica stubs

on the local server.

Either of the following:

>load qptool replicamaker -p P1 -t Server2/Acme

>load qptool replicamaker -p P1 -s Server2/Acme

For all new places, rooms, and

PlaceTypes created on the local

server, create replica stubs on

Server2Acme. And for all new places,

rooms, and PlaceTypes on

Server2/Acme, create replicate stubs

on the local server.

Either of the following:

>load qptool replicamaker -t Server2/Acme -a

>load qptool replicamaker -s Server2/Acme -a


To run replicamaker in verbose mode

You can run the replicamaker command in verbose mode. Verbose mode logs all

activity and errors to the server console and helps identify any problems as they

arise.

To turn on verbose logging for replicamaker on a server:

1. Shut down the server.

2. Edit the notes.ini file in the program directory and add the following:

QuickPlaceStubMakerLogging=3


To ensure that new places and PlaceTypes are replicated

quickly

To ensure that replica stubs of new places, rooms and PlaceTypes are created

quickly and that replication then populates the places, rooms, and PlaceTypes

quickly, do the following:

v Create Program documents in the Domino Directory that runs the QPTool

replicamaker command with the -a argument between the servers in a cluster

every 10 minutes. If there are more than two servers in the cluster, you must use

more than one Program document to run the replicamaker command to ensure

that replica stubs are created on all servers in the cluster.

v Schedule non-cluster replication between all servers in the cluster to occur at

least every 20 minutes, to compensate for any lags in cluster replication.

For more information on Program documents and on scheduling replication, see

Domino Administrator Help.

Refreshing places and PlaceTypes

Use the QPTool refresh command to refresh places and PlaceTypes on the Lotus

QuickPlace server. The syntax for the refresh command is:

load qptool refresh arguments

You can also refresh PlaceTypes using the PlaceTypes view in the administration

place.

For more detailed information on PlaceTypes and refreshing with them, see the

chapter ″Managing PlaceTypes.″






-r Replaces the elements of a place with the elements

in its parent PlaceType. Use this argument with

caution because with the exception of elements

created in a place that do not originate from the

PlaceType, use of the argument removes all changes

to elements made directly in the place.

If you do not use this argument, the command

refreshes a place with elements from its parent

PlaceType, but retains changes to elements made in

the place.

-a Refreshes the elements of all places on the server

created from PlaceTypes with the parent

PlaceTypes.

-p place(s) Refreshes the elements of a specified place or

space-separated list of places with the elements of

its parent PlaceType(s).

-pt placetype(s) Refreshes the elements of a specified PlaceType or

space-separated list of PlaceTypes with design of

the parent PlaceType(s).

-d placetypes(s) Refreshes the elements of all places (not PlaceTypes)

created from the specified PlaceType or

space-separated list of PlaceTypes.

-i XML input file located in the server program

directory that specifies places and/or PlaceTypes to

be refreshed.

-o XML output file that logs the results of the


qptool.refresh.xml in the server program directory.

For information on the two levels of refresh, see the chapter ″Managing Place

Types.″

The following table provides examples of the refresh command.

Task Command

Refresh the elements of child

PlaceTypes PT1 and PT2 with the

design of their parent PlaceTypes

>load qptool refresh -pt PT1 PT2

Refresh the elements of child places

P1 and P2 with the design of their

parent PlaceTypes

>load qptool refresh -p P1 P2

Refresh the elements of all places on

the server created from PlaceTypes

>load qptool refresh -a

Replace the elements of child place

P1 with the design of its parent

PlaceType and delete any design

changes made directly to P1

>load qptool refresh -p P1 -r


Locking and unlocking places on the server

Use the QPTool lock/unlock command to take places in and out of service without

stopping the server. Use the lock command to put places temporarily out of service

during maintenance operations and then use the unlock command when the

maintenance operations are complete. When you have locked a place, an end user

trying to access that place receives a message that you specify, explaining that the

place is temporarily out of service.

Other QPTool commands lock places specified in the command automatically

before running and then unlock the places when the operations are complete.

However, you might want to lock a place before running multiple QPTool

commands to prevent users from accessing the place until you have finished

running the commands. For example, you might want to lock a place while using

the changemember command to change several member names within the place to

prevent members from accessing the place until all the name changes are complete.

When a place is locked, the only QPTool command you can run on it is unlock.

The syntax for the lock/unlock command is:

load qptool lock[unlock] arguments




-a Locks/unlocks all places.


to lock/unlock.

-message message Specifies a message to display to users who visit a

locked place. Use quotes if the message contains

spaces.

-i inputfile XML input file located in the server program

directory that specifies the places to lock/unlock.

-o outputfile XML output file that logs the results of the


qptool.lock.xml or qptool.unlock.xml in the server

program directory.

Note: To receive even more information during the

lock/unlock process, you can set

QuickPlaceLockLogging=1 in the NOTES.INI file.

The following table provides examples of using the QPTool lock/unlock command.

Task Command

Lock a place. > load qptool lock -p placename -message ″Place is

undergoing membership changes. Please try back

after 4 pm.″ (where placename is the name of the

place being locked).

Unlock a place. > load qptool unlock -p placename


Archiving places

Use the QPTool archive command to copy places to a specified directory. Use the

archive command when you want to:

v Back up active places by archiving them to a target directory without deleting

them from their Lotus QuickPlace server.

v Back up active places before moving them to another Lotus QuickPlace server.

v Back up inactive places before removing them from the Lotus QuickPlace server.

The syntax for the Archive command is:

load qptool archive arguments




-dir path directory Directory in which to archive places. If you specify

an archive directory without an explicit path, the

specified archive directory is put in the server data

directory. If the specified directory does not already

exist, it is created.

Note: The archive command does not archive a

place that already exists in the archive directory.

-a Archive all places.


to archive.


directory that specifies the places to archive.



qptool.archive.xml in the server program directory.

The following table provides examples of using the archive command.

Task Command

Back up all places on the server >load qptool archive -dir x:\qpbackup -a

Archive more than one place to a

target directory below c:\

>load qptool archive -dir c:\threeplaces -p placeone

placetwo placethree

Archive places specified in an XML

input file to a directory below c:\

>load qptool archive -i qptool.archive.xml -dir

c:\threeplaces

Archive a place to a directory below

c:\ and log output to a non-default

XML file location.

>load qptool archive -p placename -dir

c:\placenameback -o c:\qptool.archive.xml

Restoring an archived place to an active server

If you archive a place and delete it from the Lotus QuickPlace server, and then

later want to use the archived version of the place, use the QPTool unlock

command and then the QPTool register command to restore the place.

For example, suppose you use these QPTool commands to archive a place and then

remove it from the data directory:


1. >load qptool archive -p placename -dir d:\archivedir

2. >load qptool remove -p placename -now

To later restore the archived place so that users can access it again from a browser,

you would do the following:

1. Copy d:\archivedir\placename back to the program\data\QuickPlace directory.

2. Specify these QPTool commands:

>load qptool unlock -p placename

>load qptool register -p placename -install

Renaming places

To rename a place:

1. Run the following QPTool command:

load qptool unregister -p placename

Where placename is the current name of the place to be renamed.

2. Type the following command to shut down the Domino server:

exit

3. Through the file system, rename the place’s folder in the ...\Data\QuickPlace

directory.

4. Type the following command to restart the server:

restart server

5. Run the following QPTool command:

load qptool register -p placename -install

where placename is the new name of the place.

For more information on the QPTool register command, see the topic ″Registering

and unregistering places and servers on the server″ earlier in the chapter.

Moving places to another server

To move a place from one server to another server, you use a file system command

to copy the place to the other server. You also use QPTool commands -- for

example, you use the QPTool register command to adjust a place’s information in

the place and in the Place Catalog after you move it.

The following steps describe how to move one place, but you can also move

multiple places at the same time.

Moving a place from one Lotus QuickPlace 7.0 server to

another

Follow these steps to move a place from one Lotus QuickPlace 7 server to another

Lotus QuickPlace 7 server.

1. Enter the following command to make an archive copy of the place before you

move it:

load qptool archive -p placename -dir directory

For more information on this command, see the topic ″Archiving Places.″

2. Enter the following command to unregister the place from the Place Catalog:



3. Enter a file system command to copy the place’s folder and subfolders and

their contents from the ...Data\QuickPlace folder on the original server to the

same location on the target server.

4. Enter the following command to unlock the place on the target server:

load qptool unlock -p placename

For more information on this command, see the topic ″Locking and unlocking

places″ earlier in the chapter.

5. Enter the following command on the target server to update the place’s

information in the place and in the Place Catalog:


For more information on the qptool register command, see the topic

″Registering and unregistering places on the server″ earlier in the chapter.

6. Enter the following command to delete the place from the original server:

load qptool remove -p placename

For more information, see the topic ″Removing places and PlaceTypes from the

server″ later in this chapter.

7. If the original and target servers use different user directories, and the external

members of a place have different distinguished names in each directory, use

the QPTool changemember or changehierarchy command to change the names

in the place so these users can continue to access it.

For more information, see the topics ″Changing user and group names in

places″ and ″Changing the name hierarchy of names in places.″

Moving a place from a Lotus QuickPlace 6.5.1 server to a

Lotus QuickPlace 7.0 server

Follow these steps to move a place from a Lotus QuickPlace 6.5.1 server to a Lotus

QuickPlace 7.0 server.

1. Enter the following command to make an archive copy of the place before you

move it:

load qptool archive -p placename -dir directory

2. Enter a file system command to copy the place’s folder and subfolders and

their contents from the ...Data\QuickPlace folder on the 6.5.1 server to the same

location on the Lotus QuickPlace 7.0 server.

3. Enter the following command on the Lotus QuickPlace 7.0 server to upgrade

the place:

load qptool upgrade -p placename

For more information on this command, see the Lotus QuickPlace Installation and

Upgrade Guide.

4. Enter the following command on the Lotus QuickPlace 7.0 server to update the

place’s information in the place and in the Place Catalog:


For more information on this command, see the topic ″Registering and

unregistering places on the server″ earlier in the chapter.

5. Enter the following command to delete the place from the original server:

load qptool remove -p placename

For more information, see the topic ″Removing places and PlaceTypes from the

server″ later in this chapter.


6. Run the Domino server compact task on the place’s databases on the Lotus

QuickPlace 7.0 server. This step upgrades the database format and results in

improved performance. For more information on upgrading databases, see

Domino Administrator Help.

7. If the original and target servers use different user directories, and the external

members of a place have different distinguished names in each directory, use

the QPTool changemember or changehierarchy command to change the names

in the place so these users can continue to access it.

For more information, see the topics ″Changing user and group names in

places″ and ″Changing the name hierarchy of names in places.″

Removing places and PlaceTypes from the server

Use the QPTool remove command to remove places or PlaceTypes from the Lotus

QuickPlace server. You might want to remove a place or PlaceType that is no

longer used or that hasn’t been used for a long time.

For additional information on removing PlaceTypes, see the chapter ″Managing

PlaceTypes.″

The syntax for the remove command is:

load qptool remove arguments




-now Deletes places or PlaceTypes immediately. If you do

not use this argument, places or PlaceTypes are

only marked for removal. A place or PlaceType that

is marked for removal is inaccessible from a

browser but still exists in the file system.

-cleanup Deletes places or PlaceTypes that were previously

marked for removal through the remove command

or that were deleted through the Lotus QuickPlace

user interface. The ServerTasksAt2 NOTES.INI

setting includes qptool remove -cleanup, so that the

command runs by default at 2 AM.

Note that the -cleanup argument does not work on

places that are in the database cache. Since QPTool

-cleanup typically runs off-hours, places are not in

the database cache when the command is run. If

you run qptool remove -cleanup at other times, use

the dbcache flush command to flush databases from

the cache before using -cleanup. For more

information on the database cache, see Domino

Administrator Help.

-a Marks for removal or deletes all places on the

server. This argument does not run on PlaceTypes.


to mark for removal or to delete.

-pt PlaceTypes Specifies a PlaceType or a space-separated list of

PlaceTypes to mark for removal or to delete.




directory that specifies places or PlaceTypes to mark

for removal or to delete.



qptool.remove.xml in the server program directory.

Note: If you use Search Places on the server, do not use the -now argument to

remove places. Instead use the remove command without the -now

argument and mark the places for removal. After you mark the places for

removal, run the Catalog and Domidx tasks on the Domain Catalog server.

After the Domidx task has completed, use the remove command with the

-cleanup argument to remove the places. Follow this removal procedure to

ensure that information in documents from the deleted places is also

removed from the search index.

For more information on Search Places, see the chapter ″Completing Additional

Server Configuration Tasks.″

The following table provides examples of using the remove command.

Task Command

Mark the place P1 for removal >load qptool remove -p P1

Mark all places on the server for

removal

>load qptool remove -a

Mark PlaceType PT1 for removal >load qptool remove -pt PT1

Mark places P1, P2, and P3 for

removal

>load qptool remove -p P1 P2 P3

Mark places for removal that are

specified in the XML input file

qptool.removeinput.xml

>load qptool remove -i qptool.removeinput.xml

Mark the place P1 for removal and

log output to the non-default XML

file qptool.removeoutput.xml

>load qptool remove -p P1 -o

qptool.removeoutput.xml

Remove the place P1 immediately >load qptool remove -p P1 -now

Remove all PlaceTypes on the server

immediately. Note that you cannot

use the -a argument to remove all

PlaceTypes.

>load qptool remove -pt PT1 PT2 PT3 PT4 PT5

-now

Reactivating a place mistakenly removed using QPTool

remove

If you remove a place using QPTool remove by mistake, (without the -now

argument), you can reinstate the place. To do so, from Notes, edit the database

titles of Main.nsf, Contacts1.nsf, and any PageLibraryxxx.nsf files for the place and

change them from [delete pending] to the name of the place. You must also use

qptool register -p placename to re-create the place document in the Place Catalog.


Completing the deletion of a place mistakenly deleted through

the file system

If you mistakenly use a file system command to delete a place, rather than the

QPTool remove command or the Lotus QuickPlace user interface, the place still has

a Place document in the Place Catalog and is still listed in My Places, although

users can’t access the place. To remove these references to the place, from Notes,

delete the place’s document from the Place Catalog, and delete the place’s mail-in

database entry from the Domino Directory.

Updating statistics in the Place Catalog

Use the QPTool placecatalog command to update statistics in the Place Catalog.

Use the placecatalog command for two purposes: to update PlaceLastModified and

the PlaceSize statistics, and to synchronize statistics in Place documents between a

master server and the other servers in a cluster.

Updating PlaceLastModified and PlaceSize statistics

Generally when a statistic for a place changes the Place document in the Place

Catalog is automatically updated to reflect the change. This automatic update

occurs immediately, or in the case of the PlaceLastAccessed statistic, within a

minute of the change.

Changes to the PlaceLastModified or the PlaceSize statistic are not updated in the

Place Catalog automatically however. To update these statistics in the Place Catalog

you use the placecatalog command with the -push argument on the place server.

By default the NOTES.INI file on a Lotus QuickPlace server includes the following

setting so that this command runs nightly at 3 AM to update the Place Catalog

with these two statistics for all places:

ServerTasksAt3=qptool placecatalog -push -a

Run the command manually, for example, before using the report command so that

you report up-to-date statistics.

Synchronizing Place document statistics in a cluster

Within a cluster, a place’s Place document for the master server might contain

different statistics than place documents for the other servers. Use the placecatalog

command with the -update argument on the Place Catalog server to synchronize a

place’s statistics across all Place documents. Use placecatalog -update, for example,

before using the report command in a cluster environment to ensure that the report

contains up-to-date statistics. For more information, see the chapter ″Administering

Lotus QuickPlace Servers in a Cluster.″

Syntax for the placecatalog command

The syntax for the placecatalog command is:

load qptool placecatalog arguments






-update Synchronizes statistics between the Place document

for the master server and the Place documents for

other servers. Run this command only on a Place

Catalog server.

-push Pushes PlaceLastModified and PlaceSize statistics

from this server to the Place Catalog. Run this

command only on a place server.

-a Updates statistics for all places on the server.

-p place(s) Updates statistics on a specified place or


-i inputfile Updates statistics on places specified in an XML

input file located in the server program directory.


default logs results to qptool.placecatalog.xml.

For more information on registering a server with the Place Catalog, see the topic

″Registering and unregistering places and servers on the server″ earlier in this

chapter, and the chapter ″Setting Up the Place Catalog.″

Generating reports about places and servers

Use the QPTool report command to pull information from the Place Catalog to

generate reports about places in the Lotus QuickPlace service and about servers

that use the service. You can use the report command on a place created prior to

version 7.0 only if you first use the qptool upgrade command to upgrade the place.

Using the report command, you can retrieve the following information from the

Place Catalog about places:

v Name

v Title

v Server name

v Size

v Date last accessed

v Date last modified

v Locked state

Note that although the Place Catalog lists the Readers, Authors, and Managers of

places you cannot use the report command to generate this information in a report.

Using the report command, you can retrieve the following information from the

Place Catalog about servers that use the Lotus QuickPlace service:

v Name

v Access Protocol

v Access TCP Port

v Access URL Prefix

If more than one server shares a Place Catalog, a report specifies data for all

servers in the service.


Before using the report command

Before you use the report command, do the following:

1. Make sure the Place Catalog is installed, populated, and full-text indexed.

2. Use the QPTool placecatalog command to update the statistics in the

PlaceCatalog.

For more information, see the topic ″Updating statistics in the Place Catalog″

earlier in this chapter.

3. Make sure the Place Catalog full-text index is up-to-date.

For information, see the chapter ″Setting Up the Place Catalog.″

To use the report command

The syntax for the report command is:

load qptool report arguments

The following table describes the arguments for this command.



-a Generates a report for all places.

-q query Generates a report on places that match the criteria

specified in a full-text query. In a query, you refine

a search by using operators in conjunction with any

of the following fields:

v PlaceName

v PlaceTitle

v PlaceServerName

v PlaceSize

v PlaceLastAccessed

v PlaceLastModified

For example, you can generate a report on all

places last accessed before a specified date.

Enclose a field specified in a query within brackets

[ ]. For information on using operators to refine a

search, see Notes Help.

-p place(s) Generates a report for a specified place or a


-s Generates a report using information in the

PlaceServers view for all servers listed in the Place

Catalog.



qptool.report.xml in the server program directory.

Examples of using the report command

The following table provides examples of using the report command.

Task Command

Report on a specific place >load qptool report -p placename


Task Command

Report on all places in the Place

Catalog

>load qptool report -a

Report on all places whose size is

greater than 1000 kilobytes

>load qptool report -q [PlaceSize]>1000.

Report on all places last accessed

before 5/30/2002

>load qptool report -q

[PlaceLastAccessed]<5/30/2002

Report on all places last modified

after 5/30/2002

>load qptool report -q

[PlaceLastModified]>5/30/2002

Report on all servers in the Place

Catalog using information from

PlaceServers view

>load qptool report -s

Report on all places and log results

to a non-default XML output file

qptool.myout.xml

>load qptool report -a -o qptool.myout.xml

Repairing places on the server

You can run the QPTool repair command to fix broken places on the Lotus

QuickPlace server. The repair command fixes very specific problems that are

described below. When the repair command fixes a problem on the server, record

as much information as possible about the original problem and then report this

information to a Lotus QuickPlace support technician, so that the technician can

reproduce the error and address the source of the problem.

The repair command is intended to get place up and running as soon as possible,

but it does not necessarily fix the source of the problem; rather, it renormalizes

data that is no longer synchronized. That is, until the source of the problem is

addressed, or until Lotus QuickPlace source code is fixed, the repair command will

work as a temporary solution. Use the Repair command for the following

problems.

Note: The Lotus QuickPlace Release Notes may describe additional situtations in

which to use QPTool repair.

Error: Entry not found in index or document has been deleted

When a document page is opened, Lotus QuickPlace checks if there is a draft

document associated with it, and if there is one, it shows two versions of that

page: the published version and the draft version. To do this, Lotus QuickPlace

checks a field in the published document called DraftVersionUNID. If a draft

document exists for this document page, the field contains the UNID of the draft

document.

The problem occurs either when 1) the field contains a UNID but the draft

document itself does not exist, which generates the ″Document has been deleted″

error, or 2) when the field contains a wrong UNID, which generates the ″Entry not

found in index″ error. This problem could be caused by abruptly ending a server

or client process (that is, if there is no transaction rollback).


Deleting one of multiple images causes image corruption

If there are multiple images on a page and one of the images is deleted, the

remaining images can become corrupted. Use the repair command to restore the

remaining images.

To use the repair command

The syntax for the repair command is:

load qptool repair arguments




-a Repairs all places on the server.

-p place(s) Repairs the specified place or space-separated list of

places.

-i inputfile Repairs places specified in an XML input file

located in the server program directory.


default logs results to QPTOOL.REPAIR.XML.

Cleaning up dead mail

Use the QPTool deadmail command to clean up Lotus QuickPlace dead mail.

The syntax for the deadmail command is:

load qptool deadmail arguments




-cleanup Cleans up Lotus QuickPlace dead mail.

-o outputfile Logs results to the qptool.deadmail.xml file by

default, or to an XML file that you specify.

Adding and removing graphic text fonts

Use the qptool commands addgraphicfont and removegraphicfont to make fonts

available or unavailable for use as graphic text in pages, logos, and sidebar items.

The addgraphicfont command can make any font that is already installed in the

server’s operating system fonts directory available for use in graphic text. The

removegraphicfont command makes a font unavailable. These commands affect

only the availability of fonts in graphic text, not font availability in other text.

Note: For offline places to display graphic fonts added to the server, the fonts

must already be installed in the fonts directory of the client machine.

The following table shows the default location of the fonts directory for each

operating system Lotus QuickPlace supports.


Operating system Fonts directory location

Windows C:/WINNT/Fonts

Solaris /usr/openwin/lib/X11/fonts/

AIX /usr/lpp/fonts/

i5/OS /QIBM/ProdData/Lotus/QuickPlace/TTFONTS/GRAPHICFONTS

The syntax for the command is:

load qptool addgraphicfont[removegraphicfont] arguments




-name typefacename Specifies a typeface name to add or remove, or a

space-separated list of typeface names to add or

remove. If a typeface name contains spaces, enclose

the name in quotation marks (″″).

-i inputfile Adds or removes typeface names specified in an

XML input file located in the server program

directory.


default logs results to the file

qptool.addgraphicfront[removegraphicfont].xml.

The following table provides examples of using the QPTool addgraphicfont

command.

Task Command

Add the Comic Sans MS typeface. > load qptool addgraphicfront -name ″Comic Sans

MS″

Add the Comic Sans MS typeface

and the BordeauxLight typeface.

> load qptool addgraphicfront -name ″Comic Sans

MS″ BordeauxLight

Executing an XML API file

Use the QPTool execute command to execute an XML API file. The syntax for the

execute command is:

load qptool execute arguments




-i inputfile Specifies the XML API file to execute. If you do not

specify a path, the default location is the Domino

program directory.


default logs results to qptool.execute.xml in the

Domino program directory.


For more information on using XML to access the Lotus QuickPlace API, see the

Lotus QuickPlace Developer’s Guide.


Chapter 9 Troubleshooting

This chapter describes how to troubleshoot problems you may encounter with

Lotus QuickPlace administration.

Troubleshooting user directory problems

This section describes and suggests solutions to problems related to the user

directory. For more information on the user directory, see the chapter ″Connecting

to a User Directory.″

Can’t add a name from the user directory

If Lotus QuickPlace manages the lookups to a user directory and a user entry in

the directory does not include an attribute configured for the Lotus QuickPlace

member lookup user interface, the Add Members window does not display the

user entry. For example, the default qpconfig.xml member_lookup_ui setting is

<column_name> <person>sn, givenname</person></column_name>. If the user

entry is missing the givenname attribute, the user’s name won’t display in the Add

Members window.

Make sure the attributes you configure for the qpconfig.xml member_lookup_ui

setting exist in the schema of the external user directory.

For more information, see the chapter ″Connecting to a User Directory.″

Names of external users and groups are missing or displayed

as distinguished names

If Lotus QuickPlace manages lookups to the user directory, this problem can occur

if an attribute mapped to common_name or display_name in qpconfig.xml is not a

valid attribute in users’ directory entries. For example, if display_name is mapped

to cn but user entries do not use the cn attribute, the users’ names display

incorrectly in places. Map common_name and display_name to valid attributes.


Mapping dn to display_name causes problems

If Lotus QuickPlace manages lookups to the LDAP directory, specifying

<display_name>dn</display_name> in the <user directory> <ldap> <schema>

section of qpconfig.xml causes problems with workflow, notifications, calendar

subscriptions, and access control. Mapping dn to the display name is not

supported. Map another attribute in the schema to display name instead.

Using the type-in method to add users from an external

directory does not always work

If Lotus QuickPlace manages lookups to the user directory and you use the type-in

method to add users from the directory, you can’t add users by

″lastname,firstname″ even though the user_lookup filter is sn,givenname.

Currently when you use the type-in method to search for a name to add, you can

specify only the first attribute of the user_lookup filter but not the second attribute.


If just lastname finds a unique entry in the directory, the user will be added to the

place correctly. (You can also add members by typing the fully distinguished name

(cn=joe smith,ou=orgunit,o=org or joe smith/orgunit/org). If your user_lookup

filter is uid={0} and you want to add users in the text area by uid, you must also

change the search_ui_index value in qpconfig.xml to be uid.

You cannot add new users with automatic lookup if more than

one match is found

The automatic lookup feature in Lotus QuickPlace takes the input string entered

and does a wildcard search for all matches in the directory. For example, a search

on Joan Smith finds Joan Smith and Joan Smithe. If more than one match is found,

the name is not added because Lotus QuickPlace doesn’t know which name is the

correct one to add. In this situation, use the directory lookup interface to find the

name to add.

Cannot add two users with the same distinguished name as

members

If Lotus QuickPlace manages lookups to the directory and two users in the user

directory have identical distinguished names, you can add only one of the names

as a member of a place, even though the users may differ in other attributes, such

as uid and password. Since the two users share one distinguished name, both can

sign in and are considered the same user by Lotus QuickPlace. To resolve the

problem, add a middle initial or other distinguishing character to one of the

distinguished names so they are no longer identical.

Cannot create a place that has the same name as a user in

the user directory

You see an error if you attempt to create a place that has the same name as a user

in the user directory. When creating a place, use a place name that is not also an

external user name.

Places do not show changes to user information made in user

directory

When you change user information in the user directory other than user

passwords, places do not automatically reflect the changes. For example, if you

change a user’s email address in the external directory, the QPTool sendmail

command continues to send mail to the old address. Use the QPTool

updatemember command to update the user information in places, or open the

member pages in edit mode and then save them.

The updatemember command does not change an external member’s distinguished

name that is used for access control and stored internally in places. If external

members’ distinguished names change in the user directory, use the QPTool

changemember command or changehierarchy command to update the

distinguished names in places.


″OK with Anonymous access″ shows rather than ″OK with

credentials″ when saving user directory settings

If Lotus QuickPlace manages user directory lookups and you configure Lotus

QuickPlace to present a name and password when connecting, you notice the


message ″OK with Anonymous access″ instead of ″OK with credentials.″ Ignore

this message. Lotus QuickPlace will access the directory using the credentials you

provided.

User directory set to localhost or 127.0.0.1 causes server

crash

If Lotus QuickPlace manages user directory lookups and you set the user directory

for the Lotus QuickPlace server to an LDAP directory using localhost or 127.0.0.1

as the server name, you get random crashes of the server. To correct the problem,

set the LDAP directory to the DNS name of the server. Using the string ″localhost″

or the address 127.0.0.1 for a directory on the same machine as the Lotus

QuickPlace server is not supported.

What’s New notification doesn’t work for users who access

rooms through group membership

Users who access rooms through group membership cannot not receive what’s

new email notifications. This restriction occurs because members of a group do not

have a member profile that allows them to set the preference to receive the

notifications.

Troubleshooting security problems

This section describes and suggests solutions to problems related to security.

A second cn component in name is preventing user

authentication

If Lotus QuickPlace manages user directory lookups and the second component of

a user name in an external directory is cn, by default Lotus QuickPlace converts

the cn component to ou in the ACLs of places. For example, if the distinguished

name of a user in an external directory is uid=abrown,cn=users,dc=acme,dc=com,

by default Lotus QuickPlace instead uses this name in place ACLs:

uid=abrown,ou=users,dc=acme,dc=com. This conversion can prevent a user from

signing in to the place using the name with the cn component from the external

directory.

To resolve this problem, use the qpconfig.xml user directory setting

secondary_cn_component.


A user can’t sign into a place after a distinguished name

change

If you change the distinguished names of external user members in the user

directory, Lotus QuickPlace does not automatically update the distinguished names

in places and users will be unable to sign into places using the new names. If

external user members’ distinguished names change in the user directory, use the

QPTool changemember command or changehierarchy command to update the

distinguished names in places.


Chapter 9 Troubleshooting 133

User can’t sign in after name change in Domino Directory

If your LDAP directory is Domino Directory and use the Domino Administrator

client to change the last name of a user, the user can no longer log into places

using the short name. Use the Notes client rather than the Domino Administrator

client to change user names in a Domino Directory.

In a third-party authentication environment, users with

non-standard names are unable to authenticate

If you Lotus QuickPlace manages lookups to the user directory and a third-party

authentication application such as Netegrity SiteMinder finds distinguished names

that contain components other than the cn, ou, and o components familiar to

Domino, users can experience authentication failures. To workaround this problem,

use the user directory setting dn_incoming_is_native setting in the qpconfig.xml

file.


In a third-party authentication environment, users with

multi-character delimiters in their names are unable to

authenticate

If Lotus QuickPlace manages lookups to the user directory and you use a

third-party authentication product such as Netegrity SiteMinder, users with

distinguished names that contain multi-character delimiters that include a comma

or semicolon can experience user authentication failures. Use the dn_delimiter

setting in the user directory section of the qpconfig.xml file to workaround this

problem. For more information, see the chapter ″Connecting to a User Directory.″

Users are rechallenged for credentials when publishing and

lose their edits

When a user publishes a document after a long editing session, the user can be

rechallenged for credentials and lose the edits. When multi-server session

authentication (single sign-on) is used, there is a set time at which the LTPA

cookies expires, by default 30 minutes. To workaround this, set the timeout period

to a higher value, for example 10 hours. Or use a different authentication

mechanism that is based on user activity rather than absolute time.

If place member and super user have same name, the super

user gets member access

When you create a super user, they have manager access to places on the server.

But if you then open a place and add the super user (or someone with the same

name) as a place member with reader access, the Super User will only have Reader

access to the place.

Conversely, if a place has a member with reader access, and you then make the

member (or someone with the same name) a Super User, the Super User will only

have Reader access to that place.

A user who is a member of a group is not getting the

expected access

If you use the standard membership model and add a user name as a member of a

place or a room in a place and also add a group the user belongs to as a member,


the user’s access is determined by the access set for the user name rather than the

access set for the group name. This is the same security model used in Domino. If

you use expanded membership, the user’s access is determined by the access set

for the group name.

Troubleshooting QPTool problems

This section describes and suggests solutions to problems that can occur when

using QPTool commands. For more information on QPTool commands, see the

chapter ″Using QPTool Commands.″

Changehierarchy command adds entries to the Place Catalog

in situations when it shouldn’t

If the changehierarchy command puts an entry in the Place Catalog even when the

Place Catalog is disabled or when it is run on the quickplace place, enter the

following QPTool command to correct the problem:


Addmember command fails when you mistakenly use the -g

argument to add an individual user

If you use the addmember to add an individual user as a member of a place, and

you use the -g argument by mistake, the user is partially added as a group and the

addmember command fails. To correct the problem, use qptool unlock -p placename

to unlock the place, then delete the partial entry from the Members view. Add the

name back correctly using addmember without the -g argument.

Must unlock archived place before moving it back and

registering

When you use the QPTool archive command to archive a place, and then use

QPTool remove or QPTool remove -now to remove the place, an error is displayed

if you copy the place back from the archive directory and then try to use QPTool

register to register it. To correct the problem, use the QPTool unlock command to

unlock the place, and then register it.

QPTool changemember appears to change a user to a group

Changing a user into a group using the QPTool changemember command is not

allowed. However, the change will appear to have worked if you omit the -targetg

flag required for specifying the target group.

QPTool report returns the error ″Database is not full-text

indexed″

If you run the QPTool report command and the server console displays the error

″Database is not full-text indexed,″ the server is using a default local Place Catalog

that is not yet populated. To correct the problem, take one of the following steps:

v Populate the local Place Catalog and update its full-text index.

v Remove the local Place Catalog, specify the name of the local Place Catalog in

the qpconfig.xml file, and restart the server.

v In the qpconfig.xml file specify a Place Catalog on another server and restart the

server.


Uppercase place names specified in XML input are converted

to lowercase

If you use XML as input to a QPTool command, any uppercase characters in place

names are converted to lower case. This is equivalent to the behavior when

creating a place through the user interface. For example, if the following XML is

used as input to the QPTool execute command, the resulting place name will be

″createplace1_3″.

<service>

<servers>

<server local="true">

<places>

<place action="create">

<name>CreatePlace1_3</name>

<title>John Lennon’s Create Test Place # 3</title>

<members>

<person>

<dn>cn=John Lennon,ou=People1,o=haiku</dn>

</person>

</members>

</place>

</places>

</server>

</servers>

</service>

QPTool does not archive a place that already exists in the

specified archive directory

If you run QPTool archive on a place that already exists in the target archive

directory, the archived place is not updated. No error message occurs in this

situation. Delete the existing archive or rename the existing archive before running

QPTool archive, or archive to a different directory.

Can’t use QPTool commands on a place whose name begins

with a hyphen

If you are unable to use QPTool commands on a place whose name begins with a

hyphen, use an input XML file instead of -p (or -pt) to work around the problem.

For example, if you want to archive a place whose name begins with a hyphen,

perform the following steps:

1. Enter the following command:

load qptool unlock -p anotherplacewithoutthisproblem

2. Open the qptool.unlock.xml file, and change anotherplacewithoutthisproblem to

-placenamethat beginswithhyphen.

3. Save the file.

4. Enter the following command:

load qptool archive -i qptool.unlock.xml -dir d:\archivedirectory

QPTool changemember does not change the name in existing

page banners

When you use the QPTool changemember command to change the name of a user

in places, the original user name continues to show in the page banners of pages

the user created under the original name. The h_AlternateName field shows the

original author’s display name. Edit the page and save it to display the new name

instead.


QPTool remove -cleanup after QPTool remove -p placename

not working

If using QPTool remove -cleanup after QPTool remove -p placename does not

remove the place from the file system, perform the following steps to correct the

problem:

1. From the server console, enter the following command after entering QPTool

remove -p placename to clear any connections to the databases that you want

to remove:

dbcache flush

2. Run the following command:

load qptool remove -cleanup

In most instances, forcing a flush of the cache is not needed since QPTool remove

-cleanup runs off hours after the cache has already been cleared.

Problem using nqptool commands on server/program

command line

The server/program command line has an 80-character limit. If you are entering an

nqptool command longer than 80 characters, it will not execute. Use either the

Domino server console or the command prompt, or use an input file and run

nqptool execute -i <inputfilename>.

Troubleshooting offline problems

This section describes and suggests solutions to problems that can occur when a

server is set up to allow users take places offline with Domino Off-Line Services

(DOLS.) For information on setting up Lotus QuickPlace for users to take places

offline, see the Lotus QuickPlace Installation and Upgrade Guide.

New rooms not installing to offline place during

synchronization

When users install places offline, DOLS installs any rooms that are part of the

place. However, if new rooms are added to the online place, those rooms do not

get downloaded offline during subsequent synchronizations.

Users should do the following to download the new rooms to the offline place:

1. Open the place offline.

2. Click ″Work Offline″ in the table of contents.

3. Click ″Offline Options.″

4. Select the rooms you want to synchronize offline.

5. Re-run synchronization to replicate the rooms offline.

Users are unable to sign in offline

If users are unable to sign in offline, make sure that users have added offline

passwords to their Member Profiles or that all places on the server or this

particular place are configured to use the Lotus QuickPlace sign-in passwords for

offline use. Also make sure that the setting EXTMGR_ADDINS=value exists in the

Lotus QuickPlace server’s notes.ini file, where value is one of the following

v nqpextmgr.dll (Windows)

v libqpextmgr_r.a (AIX)


v libqpextmgr.so (Solaris)

v qpexmgr (i5/OS)

Note: Make sure there is a blank line at the end of the notes.ini file.

User installing offline using Sun ONE Portal Server is

prompted to reauthenticate

Make sure that the Lotus QuickPlace server has the following notes.ini setting:

NoWebFileSystemACLS=1

Users can’t install places offline in a Netegrity SiteMinder

environment

Make sure the ″DSAPI filter file names″ field in the Server document lists the

DOLS DSAPI filter first.

1. Open the Server document in the Domino Directory,


3. Make sure one of the following values is the first one in the ″DSAPI filter file

names″ field:

4. On Windows: ndolextn

5. On AIX or Solaris: libdolextn

6. If you make a change to the field, enter the following command at the server

console:

restart server

Note: The recommended order of the three DSAPI filters (DOLS, Netegrity

SiteMinder, and QuickPlace) in the ″DSAPI filter file names″ field is:

1. DOLS DSAPI filter

2. Netegrity Siteminder DSAPI filter

3. QuickPlace DSAPI filter

Users see ERROR 500 message when installing offline

If users have problems installing offline and see ERROR 500 messages indicating

problems downloading offline configuration data, make sure the value in the

″DSAPI filter file names″ field in the Server document is correct.

1. Open the Server document in the Domino Directory.


3. Make sure the ″DSAPI filter file names″ field includes one of the following

values:

v On Windows: ndolextn

v On AIX or Solaris: libdolextn4. If you make a change to the field, enter the following command at the server

console:

restart server


A PlaceBot does not run offline

Make sure the PlaceBot is not a scheduled agent. DOLS does not support

scheduled agents. Check that the groups DOLS_Restricted_Agents and

DOLS_Unrestricted_Agents exist and that their security settings are correct. For

more information on these groups, see Domino Administrator Help.

Offline users can’t edit their member profiles when Sametime

is enabled and the place name begins with ″QuickPlace″

If you’ve enabled Sametime integration with Lotus QuickPlace, users cannot see

the View Profile link in the Members view needed to set their offline passwords in

member profiles if the name of the place begins with the string ″QuickPlace.″

To work around this problem, temporarily disable the chat functionality and use

the qptool register -install command to rename the place to begin with something

other than ″QuickPlace.″ Or, leave chat active and add the offline password by

clicking on the author link of a page and then clicking the View Profile menu link

to bring up the member profile.

Users with flat names can’t take places offline

Users with flat names can’t take places offline. Flat names are names without

distinguishing components, for example, cn=Ellen Brown. To correct the problem,

add distinguishing components to flat names. For example, change ″cn=Ellen

Brown″ to ″cn=Ellen Brown,o=acme.″

Users who install offline to Windows 2000 client are prompted

for Web Application password

Users should enter their offline passwords and confirm them and Offline install

will complete. This is the correct behavior if you are running multi-server single

sign-on authentication, client certificate SSL, or any other Internet authentication

security where the Internet password is not available to the DOLS download

control when users go offline.

Offline not working for external users after changemember or

changehierarchy commands used

Before using the changemember command to change a user or the changehierarchy

to change several users, instruct the affected offline external users to synchronize

data. After you run changemember or changehierarchy, tell the users to reinstall

the offline places.

Offline is not working for a super user

Offline functionality is not supported for a super user.

Offline users can’t use places and rooms accessed through

group membership

To use a place offline, users must be individual members (external or local) of the

place and any rooms. A user who has access to a place or rooms through a group

membership (external or local), cannot use the place or rooms offline.

Offline authors or readers see synchronization errors

Offline authors or readers see the following errors when they synchronize with

online places:


Author sees this error: Last sync status: Sections:2 - Errors:1 - Docs Received:0 -

Docs Sent:0

Reader sees this error: Last sync status: Sections:2 - Errors:2 - Docs Received:0 -

Docs Sent:0

These errors are expected behavior and are due to the fact that authors and readers

have limited write access or no write access to the server. Managers of places do

not see these errors because they have full access.

Problem installing places offline on Windows

To install places offline on Windows 2000 Professional or Windows XP

Professional, a user must have administrative rights to the workstation. Once the

place is installed, a user with limited rights or guest rights can use the place.

Cannot install places with the same name from two different

servers

If a user installs two offline places from two different servers and the places have

the same name, only the most recently installed place will open offline; the other

offline place is unusable. This is a known DOLS limitation.

Users who do not fill in offline passwords cannot install

places offline

Users who forget to fill in their offline passwords in their Member Records cannot

install offline and they see an Error 500 message. Make sure that users who plan to

go offline add Offline Passwords to their Members Records.

Offline users can’t send e-mail from a place

If you use the name_translation setting in qpconfig.xml, offline users whose names

are translated cannot send e-mail from a place.

For more information on the name_translation setting, see the chapter ″Connecting

to a User Directory.″

Database authorization failures occur during Domain Catalog

indexing when server is set up for Search Places and offline

use

If you use Search Places on a server that is set up for DOLS, and the server’s

LDAP directory is not a Domino directory or is a Domino directory in a different

domain than the Domain Catalog server, use the notes.ini setting

QuickPlaceExtensionManagerAllowServers=1 on the offline server. This setting

gives the Domain Catalog server access to the Lotus QuickPlace server’s databases.

If you don’t use this setting, database authorization failures occur during Domain

Catalog indexing.

Troubleshooting Sametime problems

This section describes and suggests solutions to problems that can occur when

Lotus QuickPlace is set up to use Sametime. For information on setting up Lotus

QuickPlace to work with Sametime, see the Lotus QuickPlace Installation and

Upgrade Guide.


Users can’t schedule meetings from a place

If users can schedule meetings directly from Sametime but not from a place, the

following situations can be the cause:

v The name used for integration with Sametime and Lotus QuickPlace in

stconfig.nsf is not in the [SametimeAdmin] role. Add the user name to the role.

v The password for the user name is mistyped in qpconfig.xml. Correct the

password in qpconfig.xml.

v Sametime uses the Domino Directory over NRPC but Lotus QuickPlace uses an

LDAP directory. Correct by using the LDAP directory for both products.

v You’ve restarted the Sametime server but haven’t restarted the Lotus QuickPlace

server. Restart the Lotus QuickPlace server after restarting the Sametime server.

v The ″Members can schedule online meetings″ feature is disabled in the place. To

correct the problem, sign into the place, click Customize, click Basics, and click

Change Basics. Under the Real-time collaboration heading, check the box next to

″Members can schedule online meetings.″

Sametime is not working for local users

Only users registered in an LDAP directory can use Sametime features. Lotus

QuickPlace, rather than Domino, must manage the lookups to the LDAP directory.

Online awareness not working for users whose names contain

accented characters

Users should sign in with names that do not contain accented characters.

External users with flat names cannot join online meetings

that they publish

External users that have flat names, for example cn=Jack Black, cannot join online

meetings that they publish. Users who publish online meetings in a place should

have names with distinguishing components rather than flat names.



Appendix A Lotus QuickPlace notes.ini Settings

This appendix summarizes the notes.ini settings used in Lotus QuickPlace. When

you edit the notes.ini file, make sure to leave a blank line at the end of the file.

Press Enter to create a blank line, if necessary.

Web page cache settings

Setting Description

QuickPlaceWebCacheDir Sets the cache directory

QuickPlaceWebCacheEnabled Disables or enables the cache

QuickPlaceWebCacheGCIntervalInMIN Sets the time interval for cache cleaning

QuickPlaceWebCacheLimitInMB Sets the cache size limit

QuickPlaceWebCacheLogging Enables Web page cache logging

QuickPlaceWebCacheUsers Sets the cache for anonymous users only

For more information on these settings, see the chapter ″Completing Additional

Server Configuration Tasks.″

Offline settings

The following table lists and briefly describes notes.ini settings used to set up

Lotus QuickPlace for users to take places offline.

For more information on these settings, see the Lotus QuickPlace Installation and

Upgrade Guide.

Setting Description

$DOLS_TCPIPAddress Used to configure a Lotus QuickPlace server

cluster that uses the IBM Network Dispatcher

to work with Domino Off-Line Services.

CheckCacheBeforeDSAPI Enables authentication to work for offline

users.

EXTMGR_ADDINS Enables Domino Off-Line Services to work

with Lotus QuickPlace.

NoWebFileSystemACLS Used to configure a Lotus QuickPlace server

and Sun ONE Portal Server to work with

Domino Off-Line Services.

Server logging settings

You can use notes.ini settings to log a variety of Lotus QuickPlace server activities.

Output is logged to the server console and to the log file (log.nsf). Logging can be

useful for troubleshooting problems. Since logging degrades server performance,

enable it on a temporary basis only.

To enable a specific type of logging, add the following line to the notes.ini file on

the Lotus QuickPlace server:


setting=level

where setting is a logging setting listed in the following table and level is the

desired level of logging.

For example:

QuickPlaceAuthenticationLogging=5

The following table describes the logging settings and the highest level of logging

available for each. The higher the level of logging you specify, the more verbose

the output. The default and lowest logging level, 0, logs only errors.

Logging setting Levels Description

QuickPlaceArchiveLogging 1 Archive tool logging.

QuickPlaceAuthenticationLogging 5 Authentication logging for authentication

events, failures, successes, group expansion,

and names list generation.

QuickPlaceCalendarSubscriptionLogging 0 Calendar event logging; 0 indicates this is

always on.

QuickPlaceCompressionLogging 1 Page compression logging.

QuickPlaceDbCommandPerformanceLogging 3 Server command performance logging.

QuickPlaceDOLSLogging 2 Domino Off-Line Services logging.

QuickPlaceDSAPILogging 5 DSAPI interface logging.

QuickPlaceExtensionManagerIfLogging 2 Offline place installation logging.

QuickPlaceHTTPInterfaceLogging 2 Lotus QuickPlace and Domino HTTP

interaction logging. It is useful primarily as

a first step toward isolating user

authentication problems or problems related

to the interaction between Lotus QuickPlace

and Domino. Use with other logging

settings, for example,

QuickPlaceAuthenticationLogging, it

provides a clearer picture of URL

processing.

QuickPlaceJavaLogging 5 Java Debug logging.

QuickPlaceJavaServerLogging 3 Java Server logging.

QuickPlaceJniLogging 1 Java Native Interface (JNI) to C++ layer

logging.

QuickPlaceJvmLogging 1 Java Virtual Machine logging.

QuickPlaceLargePOSTLogging 1 Large uploads logging.

QuickPlaceLockLogging 1 Place Lock tool logging.

QuickpPlaceLtpaLogging 1 LTPA logging when Domino manages

directory lookups.

QuickPlaceMailLogging 4 Lotus QuickPlace e-mail process logging.

QuickPlaceMembershipModelLogging 2 Expanded membership logging.

QuickPlaceMyPlacesLogging 3 My Places logging.

QuickPlaceQOMLogging 4 Object model logging.

QuickPlaceObjectPoolLogging 2 ObjectPool Memory management for

PlaceCatalog logging.



QuickPlacePerformanceLogging 1 Performance data collector logging.

QuickPlacePlaceCatalogLogging 4 Place Catalog logging.

QuickPlacePlaceCatalogQueryLogging 4 Queries into Place Catalog logging; use

level 4 to include more details on My Places

queries and QPTool report command

queries.

QuickPlacePlaceTypeCentralRefreshLogging 4 Place type refresh logging.

QuickPlaceSearchPlacesLogging 2 Search across places logging.

QuickPlaceSpellCheckEngineLogging 1 Spell checker engine logging.

QuickPlaceStyleSheetAttributeCmdLogging 2 Style sheet processing logging.

QuickPlaceStubMakerLogging 3 Stub creator logging for Lotus QuickPlace

cluster support.

QuickPlaceToolLogging 1 QPTool logging.

QuickPlaceUpgradeLogging 4 Upgrade logging (upgrade places).

QuickPlaceUserCacheLogging 1 User cache parameter logging.

QuickPlaceUserDirectoryLogging 1 User directory logging (applicable only

when Lotus QuickPlace manages lookups to

an LDAP directory) .

QuickPlaceWebCacheLogging 3 Web caching logging (caches pages sent to

browser).

Client logging settings

Use the following notes.ini settings on the Lotus QuickPlace server to enable client

logging. To use a specific setting, add the following line to the notes.ini file:

Setting=level

The table shows the highest level of logging available for each setting. The higher

the level of logging you specify, the more verbose the output. The default and

lowest logging level, 0, logs only errors.


$h_Debug 1 Enables the browser to display detailed

messages about JavaScript™ errors that

occur on the client, rather than the general

Lotus QuickPlace message, ″Unable to

process your request at this time.″

$h_ClientDebugConsole 5 Displays a console log on all clients that

access the Lotus QuickPlace server. For

Internet Explorer, the console log is an

additional browser window, and for other

browsers the console log is the JRE Java log

console. Use this setting on a temporary

basis to help IBM Support troubleshoot

specific client-side problems.

Appendix A Lotus QuickPlace notes.ini Settings 145


h_ExceptionDetail=1 1 Adds the source code name and line

number from which errors and warnings

are generated to the error and warning

messages that the server sends to the

browser. Use this setting on a temporary

basis to help IBM Support troubleshoot a

problem.

Logging degrades performance, so enable it on a temporary basis only.

Attachment and file import logging

If you encounter attachment or file import problems from the client, you can

enable upload control logging on the client to help troubleshoot the problem.

Create an environment variable called QPCTRLLOG whose value is the path and

filename of the log file to use. Whenever the browser engages the upload control,

the upload control appends a log sequence to the log file. Do not leave logging

enabled because the log file will continue to grow and can cause the client to run

out of disk space.

Other settings

The following table lists and briefly describes a variety of notes.ini settings not

included in the previous tables.

Setting Description

$h_MailDomain Specifies the domain of the server that hosts

the place to which Lotus QuickPlace routes

replies to e-mail generated from places. For

more information, see the chapter ″Completing

Additional Server Configuration Tasks.″

h_ScopeURLinQP Enables image caching in environments that do

not use single sign-on authentication. For more

information, see the chapter ″Completing

Additional Server Configuration Tasks.″

h_UndelivMail Specifies the place to which Lotus QuickPlace

routes replies to e-mail generated from places.

For more information, see the chapter

″Completing Additional Server Configuration

Tasks.″

NoWebFileSystemACLs Prevents anonymous access to files in the html

directory and is part of setting up single

sign-on authentication. For more information

see the chapter ″Setting Up Security.″

PLATFORM_CSID Required on UNIX servers to support names in

a user directory that contain accented

characters. For more information, see the

chapter ″Connecting to a User Directory.″

QuickPlaceExpireCachedUsers Specifies the length of time user entries remain

in the user cache. For more information, see the

chapter ″Setting Up Security.″


Setting Description

QuickPlaceExtensionManagerAllowServers Gives a Domain Catalog server the access to

index the places on a Lotus QuickPlace server

that uses the Search Places feature and Off-Line

Services. For more information, see the chapter

″Completing Additional Server Configuration

Tasks.″

QuickPlaceMaxCachedUsers Specifies the maximum number of users

allowed in the user cache. For more

information, see the chapter ″Setting Up

Security.″

QuickPlaceNestedGroupLimit Allows searches of nested groups in the user

directory. For more information, see the chapter

″Connecting to a User Directory.″

QuickPlaceUpgradeServerOnStartup Controls whether a server is upgraded on

startup. For more information, see the Lotus

QuickPlace Installation and Upgrade Guide.

ServerTasksAt Used to schedule qptool commands -- such as

refresh, deadmail, placecatalog, and newsletter

-- to run daily. For more information, see the

chapter ″Using QPTool Commands.″

Appendix A Lotus QuickPlace notes.ini Settings 147


Notices

This information was developed for products and services offered in the U.S.A.

IBM may not offer the products, services, or features discussed in this document in

other countries. Consult your local IBM representative for information on the

products and services currently available in your area. Any reference to an IBM

product, program, or service is not intended to state or imply that only that IBM

product, program, or service may be used. Any functionally equivalent product,

program, or service that does not infringe any IBM intellectual property right may

be used instead. However, it is the user’s responsibility to evaluate and verify the

operation of any non-IBM product, program, or service.

IBM may have patents or pending patent applications covering subject matter

described in this document. The furnishing of this document does not grant you

any license to these patents. You can send license inquiries, in writing, to:

IBM Director of Licensing

IBM Corporation

North Castle Drive

Armonk, NY 10504-1785

U.S.A.

The following paragraph does not apply to the United Kingdom or any other

country where such provisions are inconsistent with local law:

INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS

PUBLICATION “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER

EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED

WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS

FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or

implied warranties in certain transactions, therefore, this statement may not apply

to you.

This information could include technical inaccuracies or typographical errors.

Changes are periodically made to the information herein; these changes will be

incorporated in new editions of the publication. IBM may make improvements

and/or changes in the product(s) and/or the program(s) described in this

publication at any time without notice.

Any references in this information to non-IBM Web sites are provided for

convenience only and do not in any manner serve as an endorsement of those Web

sites. The materials at those Web sites are not part of the materials for this IBM

product and use of those Web sites is at your own risk.

IBM may use or distribute any of the information you supply in any way it

believes appropriate without incurring any obligation to you.

Licensees of this program who wish to have information about it for the purpose

of enabling: (i) the exchange of information between independently created

programs and other programs (including this one) and (ii) the mutual use of the

information which has been exchanged, should contact:

IBM Corporation

Office 4360


One Rogers Street

Cambridge, MA 02142

U.S.A.

Such information may be available, subject to appropriate terms and conditions,

including in some cases, payment of a fee.

The licensed program described in this information and all licensed material

available for it are provided by IBM under terms of the IBM Customer Agreement,

IBM International Program License Agreement, or any equivalent agreement

between us.

Information concerning non-IBM products was obtained from the suppliers of

those products, their published announcements or other publicly available sources.

IBM has not tested those products and cannot confirm the accuracy of

performance, compatibility or any other claims related to non-IBM products.

Questions on the capabilities of non-IBM products should be addressed to the

suppliers of those products.

This information contains examples of data and reports used in daily business

operations. To illustrate them as completely as possible, the examples include the

names of individuals, companies, brands, and products. All of these names are

fictitious and any similarity to the names and addresses used by an actual business

enterprise is entirely coincidental.

Trademarks

The following terms are trademarks of International Business Machines

Corporation in the United States, other countries, or both:

AIX

Domino

Domino Designer

IBM

i5/OS

iSeries

Lotus

Lotus Notes

Notes

OS/400

QuickPlace

Sametime

Secure-Way

WebSphere

Microsoft and Windows are trademarks of Microsoft Corporation in the United

States, other countries, or both.

Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the

United States, other countries, or both.

UNIX is a registered trademark of The Open Group in the United States and other

countries.

Other company, product, or service names may be trademarks or service marks of

others.


Index

Special characters-i argument

QPTool 99

$h_MailDomain settingdescribed 94

AAccess

administrator 69, 70

controlling for server 69

creating places 71, 72, 73

super user 73

ACLsexpanded membership and 74

ActiveXenabling 83, 84

Administration placeserver settings 83

Administration PlaceTypes roomdeleting PlaceTypes from 55

refreshing PlaceTypes from 53

Administration settingsspecifying 5

Administration toolsdescribed 5

Administratorschanging passwords for 71

modifying information for 69

removing 69, 70

signing in as 9

specifying 69, 70

Advanced Searchdescribed 85

Agents. See PlaceBots 83

Anonymous accessuser directory and 29

API file, XMLexecuting 129

Archived placesrestoring 119

Archivingplaces 119

Attachmentsblocking HTML scripts in 81

client logging 145

restricting size 83

Authenticationbrowsers and 65

cache settings and 68

logging 143

search filters 20

single sign-on 65, 66, 67

time-out settings 18

troubleshooting 24

Authorizationerrors with Domain Catalog 85

BBacking up

Lotus QuickPlace 9

base_dn settingdescribed 26

Basic refreshdescribed 50

browser_caches_place_content enabled

settingdescribed 81

Browsersauthentication and 65

cache settings 81

clearing cache 81

CCache

clearing browser 81

enabling logging 90, 143

images 92

Cache settingsbrowser 81

page 90

user 68

Calendar eventslogging 143

Calendarsintegrating e-mail with 83

Microsoft Outlook 93

Notes 5 93

CGI variablesdisplaying in source pages 92

cgi_variables settingdescribed 92

clear_browser_cache settingdescribed 81

Clientlogging 145

Clustersadding servers 59

overview 57

Place Catalog entries for 61

QPTool commands in 99

removing servers 63

replica stub creation 114

replica stub creation logging 143

setting up 59

settings for Place Catalog 61

synchronizing statistics 124

types of 57

common_name settingdescribed 19

Compressiondisabling 92

logging 143

connection_pool settingdescribed 39

DDBCS (double-byte character set)

settings for 44

Dead mailcleaning up 128

DeadMailQP.nsfdescribed 94

DesignPlaceTypes and 47

Display namesupdating in places 105

display_name settingdescribed 19

Distinguished namestroubleshooting 24

dn_delimiter settingdescribed 24

dn_incoming_is_native settingdescribed 24

Documentationadditional for i5/OS 12

overview of 11

DOLSlogging 143

troubleshooting 137

Domain Catalogauthorization errors 85

configuring 85

Domain Catalog serverdescribed 85

Domain Searchenabling 85

domcfg.nsfcreating 67

Domino Off-Line ServicesSearch Places feature with 85

Domino Web Server Configuration

databasecreating 67

domino_server_name settingdescribed 39

Double-byte character set (DBCS)settings for 44

DSAPIauthentication and 65

interface logging 143

Eemail setting

described 19

Errorstroubleshooting 127

Exact match optionin search filters 20

Examplesexpanded membership 74

ExitingLotus QuickPlace 8


Expanded membershipaccess control differences 74

changing directory configuration 79

described 74

disabling 77

examples 74

groups 74, 79

important points 74

logging 80

setting up 77, 78, 79

troubleshooting 107

user interface differences 74

expanded_membership_model settingdescribed 77

External userssearch filters for 20

FFile import

client logging 145

FirewallsLDAP directories and i5/OS 16

first_name settingdescribed 19

Foldersrefreshing 50

replacing 51

Fontsadding and removing 128

footer settingdescribed 94

Footersspecifying 94

GGateway server

URL for 83

Graphic fontsadding and removing 128

Group namesadding 100

changing 102

changing hierarchy 104

removing 109

special characters in 35

Group searchesspecifying a search base for 26

group_lookup settingdescribed 20

group_membership settingdescribed 20

Groupsbehavior of 30

expanded membership 74, 79

expanding in e-mail 93

nested 27

search filters for 20

Hh_Managers

in task pages 50

h_ScopeURLinQP settingdescribed 92

h_UndelivMail settingdescribed 94

Hierarchy, namechanging 104

HTML scriptsblocking in attachments 81

HTTPlogging 143

Ii5/OS

administration tasks 9

IBM Directory Serverdirectory settings for 28

Imagescaching 92

in footers 94

Inheritancefolders 51

folders and 50

membership in PlaceTypes 49

PlaceBots 54

refresh and 50

rooms and 50, 51

Invitationspassword prompt in 93

iPlanet. See Sun Java System Directory

Server 28

JJava

logging 143

Java appletsenabling 83

JavaScriptclient logging 145

LLanguage dictionaries

i5/OS 10

last_name settingdescribed 19

LDAP directoriesaccented characters 29

and SSL connections 27

anonymous access 29

comparison of options for 14

connecting to 16

customizing lookup interface 23

customizing searches of 20

disconnecting from 30

expanded membership and 74, 77,

78, 79

firewalls and i5/OS 16

Lotus QuickPlace schema and 19

nested groups 27

search base for groups 26

setting up Domino management

of 16

setting up QuickPlace management

of 18, 19

special characters in names 35

switching 28

LDAP directories (continued)testing access 29

LDAP RFC 3377dn_delimiter setting and 24

LDAP serversexpanded membership and 74, 77,

78, 79

Linksblocking protocols in 80

Locking placescommands for 118

Log filesextracting information from 95

log_level settingdescribed 39

Loggingnotes.ini settings for 90, 114, 143, 145

user activity 95

Lotus QuickPlace schemamapping to 19

LTPAlogging 143

MMail

ambiguous names and 93

configuring replies to 94

expanding groups 93

gateway server URL for 83

integrating with calendars 83

logging 143

notification settings 93

routing 1

sending to place members 111

Mail addressesupdating in places 105

Mail templatesample file 111

Mail, deadcleaning up 128

Master serverdescribed 61

master settingdescribed 61

member settingdescribed 19

member_lookup_ui settingdescribed 23

Membersadding 74, 100


changing names 102

expanded membership 74

removing 109

updating information 105

Membershipinheriting in PlaceType 49

through groups 30

Microsoft Outlookcalendar notifications 93

MSSOconfiguring 66, 67

My Placescustom applications for 88

logging 143

open_new_window setting 88


My Places (continued)place_ui setting 88

NNames

accented characters in 29

adding 100

changing 102


PlaceTypes, reordering 48

removing 109


updating in places 105

Netegrity SiteMindertroubleshooting 24

New featuresdescribed 1, 3, 5

Newsletterssending 110

notes.ini settingscache 68, 90, 92

client logging 145

double-byte character set 44

logging 114

mail 94, 128

newsletter 110

offline setup 143

Place Catalog 124

places and PlaceTypes 122

server logging 143

single sign-on 67

Notification settingsdescribed 93, 94

NoWebFileSystemACLs settingdescribed 67

nsf_filename settingdescribed 39

OObject model

logging 143

object_class settingdescribed 19

object_class_value settingdescribed 19

Offline accessdownload URL 83

notes.ini settings for 143

passthru servers and 83

troubleshooting 137, 143

open_new_window settingMy Places 88

PPage compression

disabling 92

PagesCGI variables in 92

specifying footer for 94

ParametersMy Places URL 88

Passthru serversenabling 83

Password messageinvitations and 93

password_message settingdescribed 93

Passwordschanging for administrators 71


resetting 108

Performanceimage caching and 92

logging 143

page caching and 81

Web page caching and 90

Phone numbersupdating in places 105

phone settingdescribed 19

Place Catalogcluster information in 61

described 37, 41

logging 143

registering places and servers 37

reports 125

setting up 37

settings 37

statistics 124

updating 41

Place Catalog serversrecovering 44

Place documentsupdating statistics 124

Place Locklogging 143

place_catalog settingdescribed 39

place_catalog_servers settingdescribed 39

place_ui settingMy Places 88

PlaceBotsenabling 83

expanded membership and 74

signing 54

PlaceLastModified statisticsupdating 124

Placesaccess to create 71, 72, 73

adding members 100

archiving 119

changing member names 102, 104

expanded membership in 79

inheritance and 49

invitations to 93

locking and unlocking 118

moving 120

PlaceTypes and 47

refreshing 50, 53, 116

registering 112

removing 122

removing members 109

renaming 120

repairing 127

replacing 51

replication 114

reports on 125

updating member information 105

Places, archivedrestoring 119

PlaceSize statisticsupdating 124

PlaceTypescopying 54

creating 47

creating descriptions of 47

deleting 55

described 47

expanded membership and 74

hiding from list 48

inheritance and 49

ordering list of 48

PlaceBots and 54

refreshing 49, 116

refreshing with 50, 53

removing 122

replacing with 51

replication 114

updating 49

Port settingschanging 112

Protocol settingschanging 112

Protocolsblocking in link URLs 80

Qqpconfig_sample.xml

described 5

qpconfig.xmlbrowser cache settings 81

CGI variable setting 92

cluster settings 61

configuring for Place Catalog 37

creating 6

described 5

expanded membership settings 77

footer setting 94

LDAP directory settings 19

LDAP settings 26

notification settings 93

search places settings 87

security settings 80, 81

Sign In and Sign Out settings 91

super user setting 73

user directory settings 20, 24

QPTool-i argument with 99

clusters and 99

described 99

logging 143

troubleshooting 135

QPTool achive commandlogging 143

QPTool addgraphicfont commanddescribed 128

QPTool addmember commandadding place members 100

QPTool archive commandarchiving places 119

QPTool changehierarchy commandchanging hierarchy 104

QPTool changemember commandchanging names 102

Index 153

QPTool deadmail commandcleaning up dead mail 128

QPTool execute commandXML API file 129

QPTool lock/unlock commandPlace Catalog and 41

places 118

QPTool membershipmodel command 79

using expanded membership 107

QPTool newsletter commandsending newsletters 110

QPTool password commandresetting passwords 108

QPTool placecatalog commandupdating statistics 41, 124

QPTool refresh command-r (replace) argument 50, 51

controlling 53

logging 143

places and PlaceTypes 49, 50, 116

replication and 49

QPTool register command 41

QPTool register/unregister

command 112

QPTool remove commandPlace Catalog and 41


QPTool removegraphicfont commanddescribed 128

QPTool removemember commandremoving place members 109

QPTool repair commandplaces 127

QPTool replicamaker commandPlace Catalog and 41

replica stubs 114

verbose mode 114

QPTool report commandPlace Catalog reports 125

QPTool sendmail commandmail 111

QPTool update member commandschema mapping changes 19

QPTool updatemember commandupdating member information 105

QPTool upgrade command 99

QuickPlaceAdministratorsSUGroup groupdescribed 73

QuickPlaceExpireCachedUsers settingdescribed 68, 146

QuickPlaceWebCacheDir settingdescribed 90

QuickPlaceWebCacheEnabled settingdescribed 90

QuickPlaceWebCacheGCIntervalInMIN

settingdescribed 90

QuickPlaceWebCacheLimitInMB settingdescribed 90

QuickPlaceWebCacheUsers settingdescribed 90

RRefresh command

places and PlaceTypes 50, 53, 116

replication and 49

Refresh levelsinheritance and 50

Registrationchanging port/protocol settings 112

places 37, 112

servers 37, 112

Replica stubsautomating 114

Replicationscheduling 114

ReportsPlace Catalog 125

Roomsinheritance and 51

refreshing 50

replacing 51

SSametime

enabling 83

troubleshooting 140

SearchAdvanced Search feature 85

Search baseLDAP directories and 26

LDAP servers and 16

Search filterscustomizing 20

exact match option 20

Search hintcustomizing 23

Search Placeslogging 143

Off-Line Services 85

removing places 122

setting up 85, 87

Search resultscustomizing 23

search_places settingdescribed 87

search_ui_hint settingdescribed 23

search_ui_index settingdescribed 23

secondary_cn_component settingdescribed 24

SecureWay. See IBM Directory Server 28

Securityblocking HTML scripts 81

blocking protocols in link URLs 80

clearing browser cache 81

controlling server access 69

hidden CGI variables 92

page caching and 81

Server commandsperformance logging 143

Server Settings roomdescribed 5


specifying settings 83

Serverschanging properties on i5/OS 10

clustering 57

registration 112

reports on 125

status on i5/OS 10

Servers, virtualsetting up 61

Set QuickPlaceWebCacheLogging settingdescribed 90

Sign In linkhiding 91

Sign Out linkhiding 91

sign_in settingdescribed 91

sign_out settingdescribed 81, 91

Single sign-onlogging 143

setting up 65, 66, 67

support for 65

Spelling checkeri5/OS 10

logging 143

SSLLDAP directories and 27

setting up 65

StartingLotus QuickPlace 6

StatisticsPlace Catalog 124

StoppingLotus QuickPlace 8

Style sheetlogging 143

Sun Java System Directory Serverdirectory settings for 28

Super usersdescribed 73

super_user settingdescribed 73

TTime-out settings

for authentication 18

Toolsadministration 5

Troubleshootingauthentication 143

calendar events 143

DOLS 143

DSAPI 143


Java 143

large uploads 143

locked places 143

logging activity 114

mail 143

My Places 143

offline access 137

offline installs 143

page cache 143

page compression 143

performance 143

place archiving 143

Place Catalog 143

place upgrades 143

QPTool 143

QPTool commands 135

refreshing PlaceTypes 143

repairing places 127


Troubleshooting (continued)replica stub creation 143

Sametime 140

Search Places 143

server command performance 143

URL processing 143

user cache 143

user directories 24, 131, 143

UUNIX

accented characters in names 29

UNIX commandsWindows and 95

Unlocking placescommands for 118

Upgradelogging 143


Upload controlclient logging 145

URLsblocking protocols in 80

gateway server 83

My Places 88

offline access 83

User directoriesadvantages of 13

anonymous access to 29

comparison of LDAP options 14

customizing lookup interface 23

customizing searches of 20

disconnecting from 30

distinguished names and 24

expanded membership 74, 77, 78, 79

logging 143

nested groups 27

setting up Domino management

of 16, 17

setting up QuickPlace management

of 18

special characters in names 35

supported configurations 13

testing access 29

troubleshooting 131

User namesaccented characters 29

adding 100

ambiguous 93

changing 102


distinguished name format 24

expanded membership 74, 78

LDAP directories and 19

removing 109


user_lookup settingdescribed 20

Userstracking 95

UTF-8 settingenabling and disabling 95

VVirtual servers

setting up 61

WWeb page caching

settings for 90

Web Server Configuration databasecreating 67

Web server loggingsetting up 95

Web SSO Configuration documentcreating 66

WindowsUNIX commands and 95

XXML API file

executing 129

Index 155


��

Part Number: AD0EQNA

Program Number: 5724-J24

Printed in USA

G210-1999-00

(1P)

P/

N: AD

0EQN

A

Lotus 7 Administrators Guide

Documents

lotus quickplace aix

lotus quickplace windows

lotus quickplace i5os7

lotus quickplace i5os8

lotus quickplace administrator

domino directory

lotus quickplace server

user directory configurations