Professional Documents
Culture Documents
5install
These were the steps I followed to install IBM Connections 5.0. Everything was installed on a
single server.
1. Software
I downloaded the following files prior to installing:
IBM Connections V5.5 for IBM Connections Suite V5.5 Multiplatform Multilingual eAssembly
(CRY8MML)
IBM Connections V5.5 for Windows Multilingual (CN808ML )
IBM Connections V5.5 Wizard for Windows Multilingual (CN80DML )
NOTE: DO NOT download the wizard directory from the eAssembly, use the one
from the day 1 fixes instead
http://www-
933.ibm.com/support/fixcentral/swg/selectFixes?parent=Collaboration%2BSolutions
&product=ibm/Lotus/Lotus+Connections&release=5.5.0.0&platform=All&function=
all
IBM DB2 Server V10.5 for Windows on AMD64 and Intel EM64T systems (x64)
Multilingual (CIW3YML )
IBM Tivoli Directory Integrator Identity Edition V7.1.1 for Windows - x86-64,
Multilingual (CZUF7ML )
NOTE: wrong one showing in eAssembly
IBM Connections Content Manager V5.5 for IBM Connections Suite V5.5 Multiplatform
Multilingual eAssembly (CRY8NML)
IBM FileNet Content Engine V5.2.1 Windows Multilingual (CN216ML )
IBM FileNet Content Engine Client V5.2.1 Windows English (CN225EN )
IBM Content Navigator V2.0.3 for IBM Connections Enterprise Content Edition (CECE) V5.2
Multiplatform Multilingual eAssembly (CRVX7ML)
IBM Content Navigator V2.0.3 Windows Multilingual (CN0PVML )
Additional optional components that are not used during this install
IBM Connections V5.5 for IBM Connections Suite V5.5 Multiplatform Multilingual eAssembly
(CRY8MML)
IBM Connections V5.5 Cognos Wizard for Windows Multilingual (CN80GML )
IBM Cognos Business Intelligence Server 64-bit 10.2.2 Microsoft Windows
Multilingual (CN1YPML )
IBM Cognos Business Intelligence Transformer 10.2.2 Microsoft Windows
Multilingual (CN1Z0ML )
Optional components in Day 1 fixes not used in this part of the install
NOTE: The fix central link on this page did not work for me, so I used
http://www.ibm.com/support/fixcentral/swg/quickorder?product=ibm/Tivoli/Tivo
li+Directory+Integrator&release=7.1.1&platform=Windows&function=fixId&fixi
ds=7.1.1-TIV-TDI-
FP0003&includeRequisites=1&includeSupersedes=0&downloadMethod=ddp&so
urce=fc
FileNet Components
FileNet Content Engine 5.2.1 FP2 and Content Engine Client 5.2.1 FP2 -
http://www.ibm.com/support/fixcentral/swg/quickorder?parent=FileNet%2BProd
uct%2BFamily&product=ibm/Information+Management/FileNet+Content+Engin
e&release=5.2.1.2&platform=All&function=all&useReleaseAsTarget=true&sour
ce=fc
2.
3.
4.
5.
IBM Connections V5.5 for IBM Connections Suite V5.5 Multiplatform Multilingual eAssembly
(CRY8MML)
IBM WebSphere Application Server Network Deployment V8.5.5 (1 of 3) for
Multiplatform Multilingual (CIK2HML )
IBM WebSphere Application Server Network Deployment V8.5.5 (2 of 3) for
Multiplatform Multilingual (CIK2IML )
IBM WebSphere Application Server Network Deployment V8.5.5 (3 of 3) for
Multiplatform Multilingual (CIK2JML )
To install we will use the Install Manager we just installed. If it's not running, go to Start - Apps
- IBM Installation Manager - IBM Installation Manager
1. Go to File Preferences .... to add the WebSphere repository to IBM Install Manager
2.
3.
6. Click Install
7.
8.
9. NOTE: It's best to provide a path without spaces, so I removed Program Files (86)
10. NOTE: Again, make sure to provide a path without spaces, I again removed Program Files
(86)
11.
12.
13.
14.
NOTE: If you did not Start the Profile Management Tool in the last step, you can do that now by
going to Start - Apps - IBM WebSphere - Profile Management Tool
15.
16. Again, I chose cell here because everything is installed on a single machine. A more likely
scenario would be the DMGR and Connections Node(s) are on different machines. In which
case you would install the DMGR first (choosing Management here) then install the primary
node second (choosing Application server here) then federated the node with the DMGR
using the addNode.bat command.
17.
18. People typically chose wasadmin here, I like to use localadmin to remind myself that this is a
user created in the local WAS filestore. Either way is fine, just make sure this user does not
exist in LDAP.
19.
20.
21.
2. Login with the user created during the WebSphere Application Server install
3. Open Security – Global Security
4. Select Federated Repositories from the Available realm definitions field, and then click
Configure.
5. Click Add Repositories
6. and then, on the Repository reference page, click New Repository - LDAP repository
7. On the New page, type a repository identifier, such as myFavoriteRepository (I used icldap
IDSinto the Repository identifier field.
Specify the LDAP directory that you are using in the Directory type field.
Type the host name of the primary LDAP directory server in the Primary host name field.
The host name is either an IP address or a domain name service (DNS) name.
Provide values for the Bind distinguished name and Bind password fields.
Specify the login attribute or attributes that you want to use for authentication in the Login
properties field. Separate multiple attributes with a semicolon. For example: uid;mail. NOTE:
I would recommend having the first attribute uid, if you use something other than uid as the
first attribute, there are a number of post install steps that will need to be completed, it's just
easiest if you keep uid as the first attribute in the login settings.
Click Apply
NOTE: If this was Domino LDAP, set the first entry to root, and leave the second blank.
'root' is a special setting for WebSphere that tells it not to use a base. This will allow domino
customer to find the user in the primary directory and all secondary directories, as well as all
flat groups.
All other LDAP directories, set the entry to the base of your directory. My LDAP directory
is IBM Directory Server, so I set the base to dc=ibm,dc=com
11. In the Repository Identifier column, click the link for the repository or repositories that you
just added.
12. In the Additional Properties area, click the Federated repositories entity types to LDAP
object classes mapping link.
13. Click the Group entity type and modify the object classes mapping.
14. Set the objectClass to the group objectClass for you directory, and add the search base for
groups, Click Apply,
NOTE: For IDS this is typically groupOfUniqueNames,
ActiveDirectory this is typically Group
Domino this is typically dominoGroup
16. You can do the same for PersonAccount, in my LDAP, we use inetOrgPerson, so I did not
change anything
IDS it typically inetOrgPerson
Active Directory is typically person
Domino is typically dominoPerson
17. In the navigation links at the top of the page, click the name of the repository that you have
just modified to return to the Repository page.
18. Complete the following steps for group membership
a. Click the Group attribute definition link in the Additional Properties area,
d. Enter group membership values in the Name of member attribute and Object class fields.
Click Ok
IDS typically would be uniquemember : groupOfUniqueNames
Active Directory typically would be member : group
Domino typically would be member : dominoGroup
b. set the Name of group membership attribute to the attribute in the person record that
contains the groups a user is a member of.
IDS this is ibm-allgroups with scope of nested
Active Directory this is memberOf with scope of direct
Domino this is dominoAccessGroups with scope of nested
For IDS and Domino set the scope to Nested, for AD use Direct, otherwise nested groups
will not work correctly in AD
Click OK
c. Click Save
a. open Web and SIP security and select Single sign-on (SSO)
b. Set the domain name to the hostname you use to access connections (.ibm.com), you can
enable Interoperability mode if you want - if you do set LTPA V1 cookie name to
LtpaToken (case is important) -- I did not enable this for my environment
set LTPA V2 cookie name to LtpaToken2 (case is important)
I recommend you uncheck Web inbound security attribute propagation and Set security
cookies to HTTPOnly (this one must be unchecked if you want to enable Sametime
awareness with an STProxy server)
Click OK
22. Log out of the WebSphere Application Server Integrated Solutions Console and restart
WebSphere Application Server
a. Run C:\IBM\WebSphere\AppServer\profiles\Dmgr01\bin>stopManager.bat -username
localadmin -password password
b. Then C:\IBM\WebSphere\AppServer\profiles\Dmgr01\bin>startManager.bat
23. Verify that users in the LDAP directory have been successfully added to the repository:
a. From the WebSphere Application Server Integrated Solutions Console, select Users and
Groups > Manage Users.
b. In the Search by field, enter a user name that you know to be in the LDAP directory and
click Search. If the search succeeds the user exists in your LDAP directory.
c. Click on the user, then click the Groups tab, you should see a list of groups the user
belongs to
24. Once the DMGR is finding users correctly from LDAP, restart the nodeagent to pick up the
changes by running
a. C:\IBM\WebSphere\AppServer\profiles\AppSrv01\bin>stopNode.bat -username
localadmin -password password
b. C:\IBM\WebSphere\AppServer\profiles\AppSrv01\bin>startNode.bat
IBM Connections V5.5 for IBM Connections Suite V5.5 Multiplatform Multilingual eAssembly
(CRY8MML)
IBM DB2 Server V10.5 for Windows on AMD64 and Intel EM64T systems (x64)
Multilingual (CIW3YML )
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
3.
4.
5.
6.
7.
3. From the Computer Management console, select System Tools > Local Users and Groups.
4. Right-click Users and select New User.
5. Add a user named lcuser. Enter the required details, including the password. Clear the User
must change password at next logon check box. Click Create.
6. Click Close.
7. Open the Users object, right-click lcuser, and select Properties from the context menu.
8. Click the Member Of tab and then click the Add button.
9. Type DB2USERS in the Enter the object names to select field, and click Check Names.
10. This should resolve to the local DB2USERS group, Click OK.
11. Click OK again to save your changes and Close the Computer Management console
5.2. Create Connections databases with wizard
Software needed for this step:
3.
4.
5.
6.
7.
8.
9.
6. Install and configure Tivoli Directory Integrator 7.1.1 fp3
Software needed for this step:
IBM Tivoli Directory Integrator Identity Edition V7.1.1 for Windows - x86-64,
Multilingual (CZUF7ML )
Because I am using Windows 2012, I have to launch the install a bit differently, the following
technote has details on the first steps I going through to run the install of TDI. If this was
Windows 2008, I could simply use launchpad.exe
http://www-01.ibm.com/support/docview.wss?uid=swg21634336
2. Under the Compatibility mode section, set the check box to true for "Run this program in
compatibility mode for"
Under the drop down select Windows 7 .
Click on OK to apply the compatibility mode.
3. Run install_tdiv711_win_x86_64.exe
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16. Uncheck Start Configuration Editor and click Done
C:\IBM\TDI\V7.1.1\bin\applyUpdates.bat -queryreg
Fixes Applied
=-=-=-=-=-=-=
TDI-7.1.1-FP0003(7.1.1.0)
Components Installed
=-=-=-=-=-=-=-=-=-=
BASE
SERVER
-TDI-7.1.1-FP0003
CE
-TDI-7.1.1-FP0003
JAVADOCS
-TDI-7.1.1-FP0003
EXAMPLES
EMBEDDED WEB PLATFORM
AMC
Deferred: false
change this to
1. Copy the Wizards directory from the IBM Connections day 1 fixes download (interim fix:
5.5.0.0-IC-D1-DBWizard-LO87408-Windows) to the system where Tivoli Directory
Integrator is installed.
2. Run C:\Downloads\ic55\Wizards\populationWizard.bat
3.
4.
5.
6.
7.
9. Update the mapping of any attributes in LDAP you want to sync over to the profiles database.
The most important one is guid. By default this maps to an attribute in LDAP that is
controlled by the LDAP directory and will never change for a user. This attribute is used the
internal ID of the user in Connections and should never change. the default guid is typically
the best attribute to use, however if your organization has a policy where when a user is
modified in LDAP you remove them from the directory and re-add them, then another
attribute may be best for you. Ideally you want to have an attribute that will never change for
a specific user.
NOTE: If you change this from the default mapping additional changes will need to be made
in Connections after the install. I will discuss those changes when appropriate.
10.
11.
12.
NOTE: You may want to go ahead and create a windows task run the “sync_all_dns.bat”
command nightly to keep the LDAP directory in sync with profiles database.
When you run the sync_all_dns.bat TDI will get a list of all the users in LDAP and in the profiles
database, then will compare the users to determine if a user in LDAP and profiles is the same
user. By default we use the uid attribute for that comparison. This should be an attribute that
will never change in LDAP or the profiles database. In many cases the uid attribute works well,
but if in your organization, if a users name changes, their uid changes, this may not be the best
choice for you. If you already updated the guid when populating the profiles database to an
attribute that will never change, or if the default guid will never change I would recommend
updating the hash key to guid for the sync command as well.
1. Open C:\IBM\TDI\V7.1.1\tdisol\TDI\profiles_tdi.properties
2. update sync_updates_hash_field and set it to guid
sync_updates_hash_field=guid
IBM Connections V5.5 for IBM Connections Suite V5.5 Multiplatform Multilingual eAssembly
(CRY8MML)
IBM WebSphere Application Server V8.5.5 Supplements (1 of 3) for Multiplatform
Multilingual (CIK1VML )
IBM WebSphere Application Server V8.5.5 Supplements (2 of 3) for Multiplatform
Multilingual (CIK1WML )
IBM WebSphere Application Server V8.5.5 Supplements (3 of 3) for Multiplatform
Multilingual (CIK1XML )
Typically I do this step after the install of Connections, however in the 5.5 installer there is an
option to map the HTTP Server with the Connections web modules, so I went ahead and
installed the IBM HTTP Server here and configured SSL. Now the install of Connections will
complete the integration of Connections and the IBM HTTP Server.
1. Run IBM Installation Manager by going to Start - All Apps - IBM Installation Manager -
IBM Installation Manager
4. Browse to the location of the WAS 8.5.5 Supplements files and supplements fp7 files
Uncheck Search service repositories during installation and update and click Ok
5.
6. Select IBM HTTP Server v8.5.5.5, Plug-ins v8.5.5.5 and WebSphere Customization Toolbox
click Next>
7.
8. Make sure to select IBM HTTP Server, Web Server Plug-ins for IBM WebSphere Application
Server and WebSphere Customization Toolbox and change the Install path:
9.
10.
11.
12.
8.2. Configure Plug-In with WebSphere Customization toolbox
1. If the Web Server Plug-in Customization Toolbox is not running start it by going to Start --
Apps - IBM WebSphere - Web Server Plug-in Configuration Toolbox
2.
3.
4. Set Name to Plugin Location, and browse to where you installed the plugin in the previous
step
5.
6.
7.
8. Add anIHS administrator name. This user should NOT exist in LDAP
9.
10.
13.
14.
15.
6. Set the Key Label and Common name to the hostname of the IHS Server, and set validity
period to the length of time you want this certificate to be valid, I chose 10 years because it's
just a test environment and I don't want to have to update it:
NOTE: If you want to use a key size larger than 2048, you will need to update to the to the
unrestricted policy files in WebSphere. The following technote has details: http://www-
01.ibm.com/support/docview.wss?uid=swg21663373
LoadModule was_ap22_module
"C:\IBM\WebSphere\Plugins\bin\32bits\mod_was_ap22_http.dll"
WebSpherePluginConfig……
4. Save and Close httpd.conf
6. Enter a host, port and alias of the HTTP Server and click Retrieve signer information
7. Click OK
8. Click Save
IBM Connections Content Manager V5.5 for IBM Connections Suite V5.5 Multiplatform
Multilingual eAssembly (CRY8NML)
IBM FileNet Content Engine V5.2.1 Windows Multilingual (CN216ML )
IBM FileNet Content Engine Client V5.2.1 Windows English (CN225EN )
IBM Content Navigator V2.0.3 for IBM Connections Enterprise Content Edition (CECE) V5.2
Multiplatform Multilingual eAssembly (CRVX7ML)
IBM Content Navigator V2.0.3 Windows Multilingual (CN0PVML )
FileNet Components
FileNet Content Engine 5.2.1 FP2 and Content Engine Client 5.2.1 FP2 -
http://www.ibm.com/support/fixcentral/swg/quickorder?parent=FileNet%2BProduct%2B
Family&product=ibm/Information+Management/FileNet+Content+Engine&release=5.2.
1.2&platform=All&function=all&useReleaseAsTarget=true&source=fc
The FileNet files are all extracted into their own directory I used C:\Downloads\ic55\FileNet
I extracted the downloads in the following order, simply overwriting any existing files:
http://www-01.ibm.com/support/docview.wss?uid=swg21968883
1. Make sure to restart the DMGR and nodeagents just before starting the install.
a. Stop nodeagent:
C:\IBM\WebSphere\AppServer\profiles\AppSrv01\bin>stopNode.bat -username
localadmin -password password
b. Stop DMGR:
C:\IBM\WebSphere\AppServer\profiles\Dmgr01\bin>stopManager.bat -username
localadmin -password password
c. Start DMGR:
C:\IBM\WebSphere\AppServer\profiles\Dmgr01\bin>startManager.bat
d. Start nodeagent:
C:\IBM\WebSphere\AppServer\profiles\AppSrv01\bin>startNode.bat
2. Run C:\Downloads\ic55\IBM_Connections_Install\IM\install.bat, Click Install IBM
Connections 5.0.0, and click Launch the IBM Connections 5.0 install wizard
3.
4. I removed Program Files from the path:
5. Scroll down and selected IBM Connections Content Manager if you want
6.
7.
8.
9. The user fnanon is a system user in my LDAP directory that will only be used for anonymous
access to FileNet
10. Scroll down to enter the location of the FileNet installs you downloaded and extracted before
starting the install, and click Validate
11.
12.
13.
14. Enter the information, then scroll down and click Validate
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
Once the install finishes, look in the nodeagent systemout.log log located at
C:\IBM\WebSphere\AppServer\profiles\AppSrv01\logs\nodeagent for the following line:
ADMA7021I: Distribution of application <connections_app> completed successfully.
2. on the right hand side, scroll down to Server Infrastructure, open Java and Process
Management and click on Process definition
Because I chose to configure the Web Server during the install, the settings and configuration for
Connections will use the IBM HTTP Server url for communication. So before I start the server
for the first time, I need to make sure the HTTP Server plugin is configured to access the
different Connections components.
1. If it's not already open, open a browser to the Integrated Solutions Console and login
(http://cprice55.swg.usma.ibm.com:9060/ibm/console)
LoadModule was_ap22_module
"C:\IBM\WebSphere\Plugins\bin\32bits\mod_was_ap22_http.dll"
WebSpherePluginConfig "C:\IBM\WebSphere\Plugins\config\webserver1\plugin-cfg.xml"
Make sure the value for WebSpherePluginConfig matches where the plugin-cfg.xml was
propagated to
1. Start IBM Connections, wait for the node to completely sync, then run the following
commands to start the environment
a. Stop the nodeagent:
C:\IBM\WebSphere\AppServer\profiles\AppSrv01\bin>stopNode.bat -username
localadmin -password password
b. Stop the DMGR:
C:\IBM\WebSphere\AppServer\profiles\Dmgr01\bin>stopManager.bat -username
localadmin -password password
c. Start the DMGR
C:\IBM\WebSphere\AppServer\profiles\Dmgr01\bin>startManager.bat
d. Start the nodeagent:
C:\IBM\WebSphere\AppServer\profiles\AppSrv01\bin>startNode.bat
e. Start the Connections node(s):
C:\IBM\WebSphere\AppServer\profiles\AppSrv01\bin>startServer.bat iccluster_server1
Once you get the successfully started message, you are ready to access Connections over the http
server address
4. Add the following statement to specifically indicate that image files and binaries must not be
compressed to prevent web browser hangs:
5. Add the following statement to ensure that proxy servers do not modify the User Agent
header needed by the previous statements:
6. Add the following statement to ensure you can access the acce tool (admin client for FileNet)
SetEnvIf Request_URI ^/acce(.*) no-gzip dont-vary
11.2. Configure Connections to use IHS to download files
This is an optional step, but recommended in the infocenter. See the following section for details.
http://www-
01.ibm.com/support/knowledgecenter/SSYGQH_5.5.0/admin/install/t_install_post_files_downlo
ads.dita
2. Run C:\IBM\Connections\ccmDomainTool\createGCD.bat
3. First it will ask you for the DMGR admin ID (localadmin for my environment), then the
password
6.
12.2. Create FileNet ObjectStore
7. Run C:\IBM\Connections\ccmDomainTool\createObjectStore.bat
10. Same as I did with the GCD, I set the administrator group from my LDAP directory
11. Next enter the url used to access Connections (https://cprice55.swg.usma.ibm.com) NOTE:
It must be the SSL url
12.
http://www-01.ibm.com/support/docview.wss?uid=swg21972646
5.
6.
7.
8.
9.
10.
11.
12.
13. After the fix has been applied, shut Connectiosn down. Delete the contents of
C:\IBM\WebSphere\AppServer\profiles\AppSrv01\temp -
NOTE: If this step is missed when you access connections again, you will see the theme
from Connectons 5.0