Skip to main content

skip to main content

developerWorks  >  Lotus  >

Integrating IBM Lotus Workplace and Lotus Domino

developerWorks
Document options

Document options requiring JavaScript are not displayed


Rate this page

Help us improve this content


Level: Intermediate

JoAnn Jordan, Staff Software Engineer, IBM
Luciano Resende, Advisory Software Engineer, IBM

27 Sep 2004

Learn how you can integrate release 2.0 of Lotus Workplace into your existing Notes/Domino environment by setting up Domino and Lotus Workplace to share your Domino LDAP directory and Notes mail system.

Release 2.0 of Lotus Workplace and Lotus Notes/Domino 6.x have been enhanced with features designed to help you integrate Lotus Workplace into an existing Notes/Domino environment. This allows you to offer your users a choice of tools most suited to their specific needs, while protecting and leveraging your on-going investment in Lotus Notes/Domino.

In this article, we discuss two ways in which you can integrate Lotus Workplace and Lotus Notes/Domino. We begin by discussing how to configure Lotus Workplace to use your existing corporate Domino Directory as its LDAP directory. Then we introduce you to the Notes Mail portlet (part of the Common PIM portlets). The Notes Mail portlet (a "technical preview" version of which is available in release 2.0 of Lotus Workplace) allows your Lotus Workplace users to use Domino as their back-end mail server.

This article assumes that you're an experienced system administrator with some familiarity with Lotus Domino and Lotus Workplace. All features mentioned in this article are available in Notes/Domino 6.5.2 and release 2.0 of the Lotus Workplace family of products. For more information on what's new in release 2.0 of Lotus Workplace, see the article, "New features in release 2.0 of IBM Lotus Workplace."

Using Domino as the LDAP directory in Lotus Workplace

Currently there are approximately 110 million active Notes users. This represents a lot of Person documents stored in numerous Domino Directories worldwide. There are many good reasons why administrators would want to retain all this information. It's valuable, and they've already expended a great amount of time and resources to create and maintain it over the years. And Domino is a powerful and familiar tool for keeping directory data current. So even if you decide to introduce Lotus Workplace into your corporate environment, you may still want to use Lotus Domino to manage your corporate directory. You can do this by configuring Lotus Workplace to use Domino LDAP.

Configuring Lotus Workplace to use the Domino Directory through LDAP

Lotus Workplace uses a unique and immutable ID called extId to internally identify each user. The default Domino 6.x LDAP schema does not presently have an attribute that can be used for this unique ID. Therefore, you must make some modifications to all Person, Group, and Server/Certifier documents in the Domino LDAP to use it in Lotus Workplace. The Universal Note ID (UNID) will be used for this purpose. To add this unique ID, you must modify the design of the Domino Directory template (pubnames.ntf) to include a field called dominoUNID and add that field to the schema. Then you (or your Lotus Workplace administrator) must map dominoUNID to the Lotus Workplace attribute extId. (Lotus Notes/Domino 7.0 does not require this modification; its LDAP schema already has this unique ID. There are also plans to incorporate these changes into the default LDAP schema for future releases of Lotus Notes/Domino 6.x.)

Modifying the Domino Directory

As we mentioned, you must modify the Domino Directory before you can use it as the LDAP directory for Lotus Workplace. To do this, open the Domino Directory template pubnames.ntf in Domino Designer and add a computed shared text field named dominoUNID with the formula @Text(@DocumentUniqueID) to the Person, Group, and Server\Certifier forms:


Figure 1. Shared text field
Shared text field

Then refresh the design of the Domino Directory so that the dominoUNID field appears in any new documents created.

Because this field is not added to existing documents, you need to open and save each existing document to populate it with this field. The following sample Notes agent updates the required documents with the dominoUNID field:

Sub Initialize
	Dim session As New NotesSession
	Dim db As NotesDatabase
	Dim doc As NotesDocument
	Dim view As NotesView

	Set db = session.CurrentDatabase
	Set view=db.getView("People")
	Set doc=view.GetFirstDocument()
	'Loop through all docs
	While Not(doc Is Nothing)
		Call doc.computewithform (False,False)
		Call doc.Save( True, False )
		Set doc = view.GetNextDocument(doc)
	Wend
	view.Refresh
	'Loop through all groups
	Set view=db.GetView("Groups")
	Set doc=view.GetFirstDocument()
	While Not(doc Is Nothing)
		Call doc.computewithform (False,False)
		Call doc.Save( True, False )
		Set doc = view.GetNextDocument(doc)
	Wend
	view.Refresh
	'Loop through all server certificates
	Set view=db.GetView("Certificates")
	Set doc=view.GetFirstDocument()
	While Not(doc Is Nothing)
		Call doc.computewithform (False,False)
		Call doc.Save( True, False )
		Set doc = view.GetNextDocument(doc)
	Wend
	view.Refresh
End Sub

Now create a group called wpsadmins in the Domino Directory. Add the user name you intend to use as the WebSphere administrator and the user name that will serve as the bind ID to that group. Then add the wpsadmins group to the Domino Directory's ACL and give that group Editor access.

You must also add or edit the Global Configuration document to include the necessary LDAP attribute types. To add the attribute types:

  1. Open the Domino Administrator, and choose Server - Configurations.
  2. Open the Global Configuration document, or create one if it doesn't already exist.
  3. On the Basic tab enable the option "Use these settings as default setting for all servers."
  4. Click the LDAP tab, and click Select Attribute Types.
  5. In the object class, choose the asterisk (*), and then click Display Attributes.
  6. Add the following attributes: HTTP-HostName, MailFile, MailServer, NetAddresses, Sametime, dominoUNID.
  7. Save and close the document.
  8. Reload the schema by issuing the following command from the Domino server console: tell ldap reloadschema.

We recommend that you create a full text index in the Domino Directory (names.nsf) to get better performance results when the WebSphere Portal server asks the Domino LDAP server to search for the dominoUNID attribute. If you don't create a full text index, linear searches will be performed on the Domino Directory, and LDAP searches will be costly.

Installing and configuring WebSphere Portal

Run the installation program for WebSphere Portal and use the configuration properties listed in the following table to configure WebSphere Portal to use a Domino LDAP server. (For a step-by-step description of the WebSphere Portal installation process, see the WebSphere Portal InfoCenter.)

Property Domino server value Comments
WasUseridcn=wpsadmin,o=lotusDistinguished name of the user ID for WebSphere Application Server security authentication.
WasPassword<password>Password for the user ID for WebSphere Application Server security authentication.
WpsContextRootlwpNone
WpsDefaultHomeworkplaceNone
WpsPersonalizedHomemyworkplaceNone
WpsHostName<your server name>Fully qualified name of the WebSphere Portal host name (for example, server.yourdomain.com).
WpsHostPort9081None
PortalAdminIdcn=wpsadmin,o=lotusDistinguished name of the user ID for the WebSphere Portal administrator.
PortalAdminIdShortwpsadminShort WebSphere Portal administrator ID.
PortalAdminPwd<password>Password of the user ID for the WebSphere Portal administrator.
PortalAdminGroupIdcn=wpsadminsGroup ID for the WebSphere Portal administrator group.
PortalAdminGroupIdShortwpsadminsWebSphere Portal administrator group ID.
LookAside<FALSE/TRUE>Change to TRUE when you enable security.
LDAPHostName<your domino server>Fully qualified name of the LDAP server host name (for example, server.yourdomain.com).
LDAPAdminUIdcn=wpsadmin,o=lotusLDAP administrator ID.
LDAPAdminPwd<password>LDAP administrator password.
LDAPBindIDcn=wpsbind,o=lotusDistinguished name of the user ID for LDAP Bind authentication.
LDAPBindPasswordwpsbindShort user ID for LDAP Bind authentication.
LTPAPassword<password>Password to encrypt and decrypt the LTPA keys.
SSOEnabledtrueSpecifies that the single sign-on function is enabled.
SSODomainName<yourdomain.com>Specifies the domain name (ibm.com, for example) for all single sign-on hosts.
LDAPServerTypeDOMINO502Type of LDAP server to be used for WebSphere Portal.
LDAPSSLEnabledfalseSpecifies whether or not secure socket communications is enabled to the LDAP server.
DbTypedb2Type of database to be used for WebSphere Portal.
DbDriverCOM.ibm.db2.jdbc.app.DB2DriverName of class SqlProcessor to use to import SQL files, also known as "JDBC provider."
DbDriverDsCOM.ibm.db2.jdbc.DB2ConnectionPoolDataSourceName of class SqlProcessor to use to import SQL files via data source.
DbUrljdbc:db2:wps50WebSphere Portal database URL.
DbUserdb2adminDatabase administrator user ID.
DbPassword<password>Database administrator password.
DbLibraryd:/ibm/sqllib/java/db2java.zipDirectory and the name of the zip file containing db.driver class.
WpcpDbNamewpcp50WebSphere Portal content publishing database name.
WpcpDbUserdb2adminDatabase administrator user ID.
WpcpDbPassword<password>Database administrator password.
WpcpDbUrljdbc:db2:wpcp50WebSphere Portal content publishing database URL.
FeedbackDbNamewps50Name of the feedback database.
FeedbackDbUserdb2adminDatabase administrator user ID.
FeedbackDbPassword<password>Database administrator password.
FeedbackDbUrljdbc:db2:wps50Feedback database URL.
WmmDbNamewps50Name of the WebSphere Member Management database.
WmmDbUserdb2adminDatabase administrator user ID.
WmmDbPassword<password>Database administrator password.
WmmDbUrljdbc:db2:wps50Database URL.
LDAPSuffixleave blankLDAP suffix appropriate for your LDAP server.
LdapUserPrefixuidLDAP user prefix appropriate for your LDAP server.
LDAPUserSuffixleave blankLDAP user suffix appropriate for your LDAP server.
LdapGroupPrefixcnLDAP group prefix appropriate for your LDAP server.
LDAPGroupSuffixleave blankLDAP group suffix appropriate for your LDAP server.
LDAPUserObjectClassinetOrgPersonLDAP user object class appropriate for your LDAP server.
LDAPGroupObjectClassgroupOfNamesLDAP group object class appropriate for your LDAP server.
LDAPGroupMembermemberLDAP group member attribute name appropriate for your LDAP server.
LDAPUserFilter(&(|(cn=%v)(uid=%v))(objectclass=inetOrgPerson))LDAP user filter appropriate for your LDAP server (to work with default values in WebSphere Member Manager). This will be added to the properties file. Change it as appropriate before you enable security.
LDAPGroupFilter(&(cn=%v)(objectclass=groupOfNames))LDAP group filter appropriate for your LDAP server (to work with default values in WebSphere Member Manager). This will be added to the properties file. Change it as appropriate before you enable security.

The preceding table shows sample configuration values we used in our testing environment. The administrator user is called wpsadmin, and the Domino Directory is configured with the organization name lotus. You will need to substitute some of these values to represent your organization environment setup (for example, passwords, administrator user name, and so on).

Mapping extID to newly created dominoUNID

In the file wmmLDAPServerAttributes.xml located in the folder <drive>:\WebSphere\PortalServer\wmm (where <drive> is the disk name, for example, C), change the pluginAttributeName for the extId attribute from distinguishedName to dominoUNID. Then open the file <drive>:\WebSphere\PortalServer\shared\app\wmm\wmm.xml and make the following changes: In the <supportedLdapEntryTypes> section, change the objectClassesForRead and objectClassesForWrite for each supportedLdapEntryType and the rdnAttrType for the person attribute:

       <supportedLdapEntryTypes>
		<supportedLdapEntryType name="Person"
			rdnAttrTypes="cn" 
			objectClassesForRead="dominoPerson"
			objectClassesForWrite="dominoPerson"/>
		<supportedLdapEntryType name="Group"
			rdnAttrTypes="cn"
			objectClassesForRead="dominoGroup"
			objectClassesForWrite="dominoGroup"/>
		<supportedLdapEntryType name="Organization"
			rdnAttrTypes="o"
			objectClassesForRead="dominoOrganization"
			objectClassesForWrite="dominoOrganization"/>
		<supportedLdapEntryType name="OrganizationalUnit"
			rdnAttrTypes="ou"
			objectClassesForRead="dominoOrganizationalUnit"
			objectClassesForWrite="dominoOrganizationalUnit"/>

In that same section and in the <supportedMemberTypes> section of the <drive>:\WebSphere\PortalServer\shared\app\wmm\wmm.xml file, change rdnAttrTypes for the Person attribute from uid to cn. Search for wmmGenerateExtId and set it to false.

If you are running Domino 6, you also need to change the adapterClassName of wmmLDAP from DominoLdapAdapterImpl to Domino6LdapAdapterImpl.

Installing and configuring Lotus Workplace

To install and set up Lotus Workplace, follow the instructions in the Lotus Workplace InfoCenter.



Back to top


The Notes Mail portlet

Lotus Workplace comes with a number of portlets that facilitate various forms of collaboration, such as Web conferencing and instant messaging. One of these is the Notes Mail portlet. This portlet lets you utilize the Lotus Workplace mail user interface with your existing Domino messaging infrastructure. The user interface is served up using the J2EE page generation technologies provided by Websphere Portal, and the data is retrieved from normal Domino mail files. This lets you treat the Notes Mail portlet as just another client for the Domino mail server. Users can continue to use the Notes client, Domino Web Access, or Web mail if they chose.

For some users (especially those who have grown accustomed to using Web-based email), the functionality offered by the Notes Mail portlet may meet all their needs. And you have the option of later migrating these users to Lotus Workplace Messaging transparently without changing their user experience. Others will find this portlet ideal for occasionally checking their mail files quickly from their corporate portal, while still using Lotus Notes or Domino Web Access for most of their email activities.

In this section, we describe how to set up the Notes Mail portlet.

Enabling the Notes Mail portlet in Domino

After you install and configure Lotus Workplace, you can enable the Notes Mail portlet. To use the Notes Mail portlet, you also need to enable this feature in Lotus Domino. In the technical preview release of the Notes Mail portlet, you need Lotus Domino 6.0.4 or 6.5.2.

Before enabling the Notes Mail portlet in Lotus Domino, you must download the appropriate fix pack (652HF65_W32.exe and 604HF19_W32.exe for Windows, and 652HF33-aix.tar for AIX). These can be downloaded from the Sandbox. Without the fix pack, the stability of the Domino server is compromised.

After installing the fix pack, update the Notes.ini file on your Domino mail server to include the following settings:

Keyword Value Description
HTTPDomWSAppSpace1This enables Domino XML services on the Domino server.
HTTPDomWSConvertFormat2This enables MIME as the streaming format for the Notes documents. This will cause an additional Domino server task (dwsaddin), which is responsible for converting Notes documents to a MIME stream, to run.
DWSAddinMaxThreads20This can be used to adjust the maximum number of Notes documents that can be converted to MIME streams simultaneously. The default is 20.
HTTPDomWSForceFromValue0Enable this if you want to always force the From field in a mail message to be set to the current authenticated user name.

In future Domino releases, these Notes.ini settings will be available as part of the Configuration Settings on the Domino server. Also, if you plan to run Lotus Workplace and Lotus Domino on the same system, set the Domino HTTP setting to a non-conflicting port (for instance, port 8080).

Adding the Notes mail page to Lotus Workplace

The Notes Mail portlet is a technical preview for Lotus Workplace 2.0. Therefore, it is not added to the My Workplace page by default. To use the Notes Mail portlet, you must first run the batch file to create the Notes mail page, then give users access to view that page.

Creating the Notes mail page
To create the Notes mail page, do the following:

  1. Open the file createDominoPages.bat from <LWP>\config\portal\access\mailbox.
  2. Replace the values <WPS> with the path to your WebSphere Portal install, and <SERVER> with the URL to that server.
  3. Verify that the wpsadmin account ID and password are correct.
  4. With the servers running, open a command prompt and run the batch file createDominoPages.bat. Verify that there are no errors in the command window.
  5. Log into Lotus Workplace as wpsadmin and verify that the Notes mail page appears. (Initially, only wpsadmin can see the Notes mail page because other users have not yet been given rights to view the portlet.)

After the batch file runs successfully, you can log into Lotus Workplace as the administrator and verify that the Notes Mail portlet appears on the Notes mail page:


Figure 2. Notes Mail portlet
Notes Mail portlet

Enabling users to use the Notes Mail portlet
After you create the Notes mail page, you must enable it in the user policy, so users other than wpsadmin can see it. The following procedure enables the default user policy. If you want only a small subset of users to use the Notes Mail portlet, create a new policy for those users and enable the technical preview section for that policy. For more information on creating policies, see the Lotus Workplace InfoCenter.

  1. Open the Lotus Workplace administration console on port 9091.
  2. Open the Manage User Policy page under Lotus Workplace - Users.
  3. Edit the default user policy by enabling Demonstration features in the Allow technical preview features section of the policy page.
  4. Restart the server.
  5. Log into Lotus Workplace as the Workplace administrator.
  6. Switch to the Notes Mail portlet.
  7. Click the Configure icon in the title bar.
  8. Open the Mail Configuration page by clicking on the small wrench icon located in the portlet title bar.

    Figure 3. Portlet title bar icons
    Portlet title bar icons
  9. Enter the fully qualified host name of the Domino mail server (for example, server.domain.com).
  10. Enable the option "Allow portlet users to change the mail server in edit mode."

    Figure 4. Mail Configuration screen
    Mail Configuration screen
You can also select the type of authentication being used: Basic (users have to specify user name and password) or single sign-on (SSO). If you choose the second option, you must set up SSO between WebSphere and Domino servers. Click OK.

Users can now open the Notes Mail tab and click the edit button (which appears as a pencil icon in the Mail portlet title bar) to enter their Notes user names and passwords along with the Notes server name:


Figure 5. Entering the Notes mail user name and password
Entering the Notes mail user name and password

Users must then click the Edit Mail Source button to enter specific information about the mail file location. The Mail server name is the fully qualified name of the Domino mail server (for instance, server.domain.com):


Figure 6. Entering the mail server name
Entering the mail server name

Using the Notes Mail portlet

The technical preview version of the Notes Mail portlet available in release 2.0 of Lotus Workplace supports some favorite Notes client features, such as nested folders, the ability to create personalized signatures, enabling and disabling out of office, and support for pervasive UI. Figure 7 shows the Notes Mail portlet interface:


Figure 7. Notes Mail portlet interface
Notes Mail portlet interface

There are two known issues with the technical preview of the Notes Mail portlet. The Mail view interface doesn't reflect the fact that some columns aren't sortable (or are sortable in only one direction). Also, the usage indicator and search are not implemented, although these options are visible. These issues will be addressed in the final release of the Notes Mail portlet.

Feature enhancements are planned for future releases of the Notes Mail portlet, including calendar support.



Back to top


Conclusion

Integrating Lotus Notes/Domino and Lotus Workplace allow you to take advantage of the best of each platform. Lotus Domino provides a powerful and easy-to-maintain LDAP directory for Lotus Workplace. And the Notes Mail portlet delivers a common user experience for all mail users, whether they are using Lotus Workplace or Lotus Domino. This gives you a great transition solution as you move your users from one platform to another.



Resources



About the authors

JoAnn Jordan joined Lotus/IBM in 1996 and has been a member of the Lotus Workflow quality assurance team since 2000. Previously, JoAnn worked on products such as Lotus SmartSuite and Freelance Graphics.


Luciano Resende is a PCLP developer and has been an Advisory Software Engineer in the Knowledge Management Products Group at IBM Software Group for almost two years. He was relocated from Lotus Professional Services in Brazil, where he worked as a Senior Consultant for eCommerce and ERP Integration projects.




Rate this page


Please take a moment to complete this form to help us better serve you.



YesNoDon't know
 


 


12345
Not
useful		Extremely
useful
 


Back to top