My experiences with IBM Connections 5

My experiences with IBM Connections 5

Some days ago IBM Connections 5 was released. I stopped all my other tasks and installed it immediately 😉

First of all I was a bit disappointed, because the UI does look pretty much the same as the current version. Only small changes could be seen directly. But the changes are cool in its details… I really like the activity stream search. The new overview of the activity stream is a good help.

Here I would like to share some findings, especially regarding the external access and TDI. There are some additions to the TDI package that need to be adapted to get an automated sync of external members working. Furthermore users need to be flagged (or their role needs to be changed) in order to be able to decide whether a Community allows external users or not.

Installation / technical details

The installation changes so far, that a new WebSphere Application Server version is shipped. Only WAS 8.5.5.1 with iFixes is supported:

PM91417:Partial application updates will not update JARs in non-active Java EE locations - 
Note: If you have the old version of PM91417 you should uninstall it and reinstall the new one.


PM94437: VMM Connection Pool  fix for W3 PMR 38527,l6Q,000

PI15998: Hanging in the EJB deploy process due to a dead lock in JDT

IBM Connections 5 directly gets 2 iFixes that need to be installed after the main installation: 

LO80986
LO80688

The installation routines got far better:

  • No more need to manually open the /acce page in order to configure Filenet. This is done completely by the script that you execute.
  • The cognos / metrics installation got much better. The Installation / configuration is now solved using the Installationmanager

No new databases are included in this release.

But DB2 10.1 FP4 is prerequisite, as there is an error with the FP3 drivers when executing the createGCD.sh script:

http://www-01.ibm.com/support/docview.wss?uid=swg21654176

IBM Connections 5 uses JAVA 6. Other than WebSphere Portal 8.5 that uses JAVA 7. A bit sad but let`s see when this will be changed.

External Communities

External Communities is a new feature in IBM Connections 5.

In order to enable a user to decide if a community can be shared with externals, the user needs to have a special role assignement that can be given using a wsadmin command.

You need to change the users role to EMPLOYEE_EXTENDED:

ProfilesService.setRole("testadmin@ibm.com", EMPLOYEE_EXTENDED)

You can also provide a list of users stored in a file. Then the enabled user gets the checkbox to allow external users to a Community.

If a community was created with the “External Access” Feature enabled, the table COMMUNITY in the Schema SNCOMM contains an attribute “INTERNAL_ONLY” – this controls the behaviour whether external users are allowed for a community or not:

Value:
1 - only internal users allowed
0 - internal and external users are allowed

If you specify 1, only internals will be found by the community member search (where you add new members to restricted communities)

 

LDAP TDI Sync for external users

Now it is clear that there will be no custom LDAP / repository in the standard that holds external users. Everything is handled by the synchronization of the TDI.

Btw. TDI (or the new name “SDI” – Security Directory Integrator) is supported from version 7.1.1 FP3 – otherwise the shipped assembly lines will not work.

External synchronization can be realized like this (there are 2 methods):

  • sync via external attribute in the LDAP

    • controlled via mapping in the file “map_dbrepos_from_source.properties”

    • in this case we used a custom attribute “externalUser” in our LDAP. The evaluation logic regarding this attribute is
      exact String "internal" --> internal user 
      exact String "external" --> external user
      non of the above Strings --> internal user
  • sync via separate LDAP branch

    • controlled via profiles_tdi.properties setting
    • If you synchronized internal users you set:
      source_ldap_url=ldap
      source_ldap_search_base
      source_ldap_search_filter
    • … and empty the “_visitor_confirm” values or comment the three lines

    • If you synchronize external users you set:
      source_ldap_url_visitor_confirm=
      source_ldap_search_base_visitor_confirm=
      source_ldap_search_filter_visitor_confirm=
    • … and empty the “standard” values or comment the three lines

    • This means that syncing internal and external users is a separate process, where it is best practice to have 2 separate solution directories (e.g. tdisol_internal & tdisol_external)
    • Additionally you need to set “mode” property in the map_db_from_source.properties file to “mode={func_mode_visitor_branch}”

 

I tested both methods and it seems to work fine. We`ll see what is the better approach, either to flag users in the LDAP or managing another LDAP branch.

I`ll keep you updated with new experiences and things I found out

 

One thought on “My experiences with IBM Connections 5

Leave a Reply

Your email address will not be published. Required fields are marked *