IBM Team Workplace (QuickPlace) 6.5.1 for Domino 6.5.4

Consolidated Hot-Fix #135 for Windows

Installation Instructions

Last revision: 10/12/07

1.  Shutdown QuickPlace 6.5.1

2.  Backup QuickPlace server – if anything goes wrong, we must be able to back-out.

3.  (FOR SPR #MBAS5KERPE ONLY)

For SPR #MBAS5KERPE (DN remapping for LTPA token), the following is required:

·  In notes.ini, use QuickPlaceRemapDN to remap the DN from an LDAP directory which uses a format not recognized by QuickPlace. The purpose of this setting is to look for the string that you provide, and take anything between that and the next slash to be the username to look up in the NAB.

For example, if you are authenticating users through Websphere Portal Server using MSSO, the LTPA token may contain a DN such as uid=jsmith/cn=users/ou=engineering/o=acme, whereas QuickPlace might be looking for this user in the format CN=John Smith/ou=engineering/o=acme. In this example, you would set:

QuickPlaceRemapDN=uid=

4.  Replace the following files ( make a backup copy before replacing ):

·  In the Domino program directory (example: c:\Lotus\Domino ):

§  nquickplace.dll

§  nquickplacers.dll

§  quickplace.jar

§  xalan.jar

§  xercesImpl.jar

§  xml-apis.jar

·  In the Domino Data Directory (example: c:\Lotus\Domino\Data ):

§  qpconfig_sample.xml

·  In the QuickPlace Template Data Directory (example: c:\Lotus\Domino\Data\quickplace\AreaTypes ):

§  Contacts.ntf

§  HaikuCommonForms.ntf

§  HaikuSetupNT.ntf

§  MeetingRoom.ntf

§  PageLibrary.ntf

·  In the Domino server’s html directory (example: c:\Lotus\Domino\Data\domino\html ):

§  qp2.cab

·  In the QuickPlace Directory (example: c:\Lotus\Domino\Data\quickplace ):

§  resources.nsf

§  PeopleOnline31.jar

·  In the QuickPlace HTML Common Directory (example: c:\Lotus\Domino\Data\domino\html\qphtml\html\common ):

§  qp_write_html.js

·  If server is configured to allow users to take places offline, replace the following files in the Domino Off-line File Set Directory (example: c:\Lotus\Domino\Data\domino\HTML\download\filesets ), and see step 11 below.

§  n_QuickPlace.inf

§  n_QuickPlace.exe

·  If QuickPlace server is configured to work with a Sametime server, replace the following file on all Sametime servers:

§  PeopleOnline31.jar

·  In the Domino server’s program directory (example: c:\Lotus\Domino):

§  nquickplace.sym

5.  Check if any of the requirements in the Configuration Settings Table below apply, if so, change the appropriate setting.

6.  Upgrade places view definitions:

·  Start a command prompt tool and change to the Domino’s program directory, then run:

§  nqptool.exe upgrade –server AND

§  nqptool.exe upgrade –a OR -p <placename> to update just one place.

·  For SPR #ROHI6EUEYD only:

For SPR #ROHI6EUEYD (username displayed as UID component), in order to update the necessary design elements in existing places, it is required to force the design refresh of certain design elements by using the following command:

§  nqptool.exe upgrade –a -f OR -p <placename> -f to update just one place.

7.  Clear client browser cache ( remove all cached documents ).

8.  Restart the Domino/QuickPlace server.

9.  Verify that the hotfix was applied:

·  Check for the following message in the Domino Server console or log.nsf:

QuickPlace Server started. 350654.xx (where xx corresponds to the hotfix version.)

·  Connect to the Team Workplace Welcome page from an internet browser.

·  Display the HTML source for the page:

o  From Internet Explorer menu, choose View -> Source

o  From Mozilla menu, choose View -> Page Source

·  Check the value of $HaikuForm near the top of the page. It should match the hotfix number. For example, for hotfix 350654.108, you will see <!-- $HaikuForm - 350654.108 -->.

10. Test changes.

11. If necessary (users take places offline) upgrade off-line QuickPlace:

·  From client, uninstall iNotes.

·  Sign-in to place and install offline using Work Offline link.

·  Restart Lotus iNotes Sync Manager.


TEAM WORKPLACE (QUICKPLACE) 6.5.1 FIXPACK for DOMINO 6.5.4 CONSOLIDATED HOT-FIX #137:

RELEASE NOTES

SPR / SPR Description / Note
* / Previous fixes involving Active Directory may have required adding the setting QuickPlaceHandleAD to the server’s notes.ini file. This setting is no longer needed, and must be removed. / Remove the following setting from notes.ini:
QuickPlaceHandleAD
CKHO5QBJSK / Rooms inherited from a PlaceType are not visible to the creator of the place / Rooms inherited from a PlaceType are now made visible, by default, to the creator of a place which is based on that PlaceType. You may change this setting for each PlaceType in PlaceType Options.


TEAM WORKPLACE (QUICKPLACE) 6.5.1 FIXPACK for DOMINO 6.5.4 CONSOLIDATED HOT-FIX #137:

CONFIGURATION SETTINGS TABLE

IMPORTANT:

·  The NOTES.INI file must always have a blank empty line at the end of the file.

·  Adding settings to QPCONFIG.XML must be done within the <server_settings>…….</server_settings> tags.

SPR / Requirement / Setting
* / Previous fixes involving Active Directory may have required adding the setting QuickPlaceHandleAD to the server’s notes.ini file. This setting is no longer needed, and must be removed. / Remove the following setting from notes.ini:
QuickPlaceHandleAD
MZHA6MF364 / For special handling of Chinese characters / Add the following to QPConfig.xml:
<server_settings>
<user_directory>
<ldap>
<schema>
<special_handle_chinese_char enabled="true" />
</schema>
</ldap>
</user_directory>
</server_settings>
MMOI6M3K28 / To specify a string that is only present in person DNs / <server_settings>
<sametime local_users="false" ldap="true">
<members_online>
<expand_external_groups enabled="true" max_depth="6" />
<person_unique_string>ui=</person_unique_string>
</members_online>
</sametime>
</server_settings>
IDEA679TFJ / To identify the attribute in a person record that holds group names / Add the following to QPConfig.xml:
<server_settings>
<user_directory>
<ldap>
<schema>
<group>
<attribute_in_person_record>memberOf</attribute_in_person_record >
</group>
</schema>
</ldap>
</user_directory>
</server_settings>
CWIR6MAUWU / To ensure active sessions are removed from Domino console after logout / Add the following to QPConfig.xml:
<server_settings>
<dont_use_logout_form_with_activex enabled="true"/>
</server_settings>
CTRP6KZT9M
RMEK6LNLN5 / To identify LDAP directory as Active Directory / Add the following to QPConfig.xml:
<server_settings>
<user_directory>
<ldap>
<schema>
<ldap_is_active_directory enabled="true"/>
</schema>
</ldap>
</user_directory>
</server_settings>
CPRE6M8PW9 / To prevent the dereferencing alias search on the initial search in a dual directory environment
To turn off the LDAP_DEREF_ALWAYS flag when doing an LDAP search for groups that contain a particular user as a member / Add the following to QPConfig.xml:
<server_settings>
<user_directory>
<ldap>
<search_filters>
<alias_lookup>
<![CDATA[(&(objectclass=person)(search_field={0}))]]>
</alias_lookup>
</search_filters>
</ldap>
</user_directory>
</server_settings>
Add the following to QPConfig.xml:
<server_settings>
<user_directory>
<ldap>
<schema>
<do_not_deref_for_groups enabled="true"/>
</schema>
</ldap>
</user_directory>
</server_settings>
CTRP6KWTSR / To allow slash in distinguished name (DN) of external user name / Add the following to QPConfig.xml:
<server_settings>
<user_directory>
<ldap>
<schema>
<allow_slash_in_ldapdn enabled="true"/>
</schema>
</ldap>
</user_directory>
</server_settings>
RMEZ6JWP93 / To prevent LTPA token from being broken when trying to access a place user is not a member of. / Add to notes.ini:
QuickPlaceKeepLTPA=1
AHOZ6KJNS9 / To disable HTTP Pragma header / Add to notes.ini:
QuickPlaceDisableHTTPPragma=1
When this is set to 1 and QuickPlace is writing out an HTTP response message, the following message will be written to the console:
“Response::QuickPlaceReply: Not writing out HTTP Pragma directive”
AHOZ6H3SFA / In addition to this QuickPlace hotfix and configuration settings, a Sametime hotfix is also required for your Sametime server. Please contact support for details. / Add the following to QPConfig.xml:
<sametime local_users="false" ldap="true" >
<reverse_proxy enabled="true">
<host_alias>sthostalias</host_alias>
<host_timeout>30000</host_timeout>
</reverse_proxy>
</sametime>
where sthostalias is set to the alias of the Sametime server host that the reverse proxy is configured to use.
For example, if your reverse proxy is http://proxy.ibm.com and your backend Sametime server is sametime.ibm.com and your reverse proxy uses the alias “stserver” for the Sametime server, then the url via the reverse proxy would be http://proxy.ibm.com/stserver/stcenter.nsf. The reverse proxy re-routes the request to http://sametime.ibm.com/stcenter.nsf. In this scenario, you would set host_alias to stserver.
CPRE6JPS5M / To turn off the LDAP_DEREF_ALWAYS flag when doing an LDAP search for groups that contain a particular user as a member / Add the following to QPConfig.xml:
<server_settings>
<user_directory>
<ldap>
<schema>
<do_not_deref_for_groups enabled="true"/>
</schema>
</ldap>
</user_directory>
</server_settings>
JBOD62ANDR / To expand external groups for Sametime awareness / Add to notes.ini:
QuickPlaceNestedGroupLimit=<a number reflecting the maximum directory group nesting level>
Add the following to QPConfig.xml:
<server_settings>
<sametime local_users="false" ldap="true">
<members_online>
<expand_external_groups enabled="true" max_depth="12" />
</members_online>
</sametime>
</server_settings>
HHZG5UTNDU / To prevent upgrading the default theme when upgrading Quickplace / Add the following to QPConfig.xml:
<server_settings>
<upgrade>
<theme update_default_to_latest="false" />
</upgrade>
</server_settings>
RMEZ6CGHSJ / To identify LDAP directory as Active Directory / Add the following to QPConfig.xml:
<server_settings>
<user_directory>
<ldap>
<schema>
<ldap_is_active_directory enabled="true"/>
</schema>
</ldap>
</user_directory>
</server_settings>
CTRP6HQ4VQ
CTRP6GALAA CTRP6G6SEL
JBOD6AHUPR / Contact Support for a Domino Hotfix, which is required in addition to this QP hotfix.
Setting for use when Distinguished Names contain LDAP special characters / Add the following to QPConfig.xml:
<server_settings>
<user_directory>
<ldap>
<schema>
<dn_delimiter robust_compare="false" />
<maintain_escape_character enabled="false" />
<dn_incoming_is_native enabled="false" />
</schema>
</ldap>
</user_directory>
</server_settings>
JBOD62ANDR / To expand external groups for Sametime awareness / Add the following to QPConfig.xml:
<server_settings>
<sametime local_users="false" ldap="true">
<members_online>
<expand_external_groups enabled="true" max_depth="12" />
</members_online>
</sametime>
</server_settings>
CLOH6FJAJX / To maintain consistency of Sametime status across portal applications in Lotus Workplace / Add to notes.ini:
QuickPlace_Use_DN_for_Awareness=1
QuickPlaceMatchDNCase=1
RMEZ5YVPYJ / To uncheck by default the checkbox to include the page abstract in the email notification / Add the following to QPConfig.xml:
<server_settings>
<notifications>
<message_rules>
<include_abstract enabled="false"/>
</message_rules>
</notifications>
</server_settings>
JHOD6B7HQT
JHOD64LMV7 / To prevent the conversion of a multi-valued RDN such as “ou=111+cn=Bill Mueller…” to “cn=111+cn=Bill Mueller…” when passing DN to Domino / Add to notes.ini:
QuickPlaceDoNotConvertMVRDN=1
Also contact customer support for additional requirement if existing places already have converted ACL entries.
RSCR5VZBP2,
RSCR5VMJSD / Contact support for Domino hotfix requirements.
Also add setting to notes.ini to ensure that reason for authentication failure is correctly displayed in Team Workplace. / Add to notes.ini:
QuickPlacePassReasonType=1
Also contact customer support for Domino hotfix.
RTIN67B2LZ / To display page, rather than folder contents, after publishing a page / Add the following to QPConfig.xml:
<server_settings>
<display_page_after_publish enabled="true"/>
</ server_settings >
SSEI69RMRU / To enable advanced search of external source / Add <external> section to qpconfig.xml as follows:
The enabled attribute can be true or false. Set to true to enable the external search feature.
The url value is the URL to the external search source, with a placeholder for the search term
The search_term_placeholder value is the placeholder in the above URL, which will be replaced with the search term
The search_form_label value is the text label shown on the Advanced Search form for the external search radio button
The frame_width value is the width (either in % or pixels) of the search results frame - not required, default is 100%
The frame_height value is the height (in pixels) of the search results frame - not required, default is 2000
For example:
<search_places enabled="true" log_level="0" anonymous="true">
<external enabled="true">
<url>
<![CDATA[
http://hostname:port/servlet/JKMSearchController?AppID=Demo&desTemplateFile=
AllOptions.txt&desClientLocale=enUS&DESMaxHits=5&DESPageSize=5&DESGetPage=1&
DESBoolean=Find&DESReturnResults=Sorted&DESQueryString=TeamWorkplaceSearchTerm&
DESTimeOut=60
]]>
</url>
<search_term_placeholder>TeamWorkplaceSearchTerm</search_term_placeholder>
<search_form_label>Company Knowledge Base</search_form_label>
<frame_width>100%</frame_width>
<frame_height>2000</frame_height>
</external>
</search_places>
KHIA67BPDK / To use Distinguished Name (DN) rather than Common Name (CN) for Sametime awareness because CN contains comma / Add to notes.ini:
QuickPlace_Use_DN_for_Awareness=1
RMEZ63KKAV / To resolve problem where a custom form created with Name Popup field is showing the field blank in the folder view / Add to notes.ini:
QuickPlaceUseAlternateColumnDisplayNameFormula=1
CTRP5XR7GN
MMOI66CPUY / To examine QuickPlace URLs for possible cross-scripting attacks / Add <xss_protection> section to qpconfig.xml as follows:
The enabled attribute can be true or false. Set to true to check URLs for potential XSS attacks.
The filterquick value identifies characters that must show up in the URL in order to warrant further URL checking.
The filter value contains a regular expression defining a potential XSS URL. If xss_protection is enabled, URL's matching this expression will show the user an error page. There may be multiple filter values.
For example:
<sever_settings>
<security>
<xss_protection enabled = "true">
<filterquick value="%:&lt;+"/>
<filter value="\&lt;[^(\&gt;)]*(S|s)(C|c)(R|r)(I|i)(P|p)(T|t)[^(\&gt;)]*\&gt;"/>
<filter value="javascript[^(\:)]*\:"/>
<filter value="\&lt;[^(\&gt;)]*(I|i)(M|m)(g|G)[^(\&gt;)]*\&gt;"/>
</xss_protection>
</security>
</sever_settings>
SSHI5BAP5N / Allows sending “What’s New” emails to groups / Add the following to QPConfig.xml:
<notifications>
<recipient_rules>
<send_news_to_groups enabled="true"/>
</recipient_rules>
</notifications>


TEAM WORKPLACE (QUICKPLACE) 6.5.1 FIXPACK for DOMINO 6.5.4 CONSOLIDATED HOT-FIX #135:

FIXES INCLUDED IN THIS RELEASE

SPR / Problem description

RELS72S25H

/ Active Directory qpconfig setting breaks expansion of external groups for notifications

ROHI6U3BGP

/ Excel 2000 VML indent fix
QPTR5J9RG / Expanded Memory Model integration with Active Directory
VSTB6UJNP7 / Dual Directory mapping no longer allows UID workaround
BTLW6S2DY5 / XSS attack
JSOA6TG3GA / Changing the Place Title in Change Basics does not affect DOLS subscription title
SANN6QGJLC / Awareness icon does not appear on Members page
MMOI6NBTKV / Quickplace server crashes when running qptool newsletter
ROHI6QKBRB / Imported Word document isn’t displayed correctly
RSCR5GSKXM / Workflow email notification fails with error “The recipient address is not valid”
RMEZ6MXMZ6 / Members Online window never populates if moved away from page where chat was initiated from
MMOI6P9JH9 / Server crash when click Chat
MMOI6MFLLT / Members Online window hangs upon launch
CTRP6LMKVF / HTTP crash JpegException, GetMemberInfo, GetHaikuDatum and LoadDictionary
SANN6PGH28 / Multiple server crashes after installing hotfix
MZHA6MF364 / SSO authentication fails for some special Chinese name users
MMOI6PFMTV / Workflow notification email address invalid if username has @ symbol
TEDS6N6RZY / Microsoft Internet Explorer ActiveX change breaks QuickPlace
RTIN6MWQKF / Bad customer code in custom theme causes server crash
SANN679JXX / Many reorderings of TOC causes h_Position to no longer be unique
CKHO6GMJK6 / Unable to login with shortname variation on Expanded Membership Model (EMM) place
PKAY6L4NG2 / With EMM place, popup for adding editor to existing page displays without Add/Close buttons
SANN6MXQYJ / All Places view of placecatalog.nsf shows deleted places
JNES65SQAT / What’s New does not show name after “Page edited by”
VSTB6LBSM2 / Place name link formatting not affected by stylesheet for certain pages
MMOI6M3K28 / Textured background disappears after upgrade from 3.0.1
MMOI6MFLLT / Members online window hangs upon launch
IDEA679TFJ / Group membership resolution incorrect on Active Directory
CWIR6MAUWU / The “sign out” link for QuickPlace not using “?logout” functionality that most other Domino databases use
CTRP6KZT9M / After hotfix, Active Directory users can not login – caused by extra space in DN
CPRE6M8PW9 / Poor performance with dual directory configuration with large ldap directories
MGAR5AMNPL / Search Again button seems to be functioning as a “back” button
CTRP6JU75K / User with escaped plus sign (‘\+’) in DN can not view attachments
VSTB6L6UM2 / Triangle Marker Button does not accept Arial Black as font in Team WorkPlace
RMEK6LNLN5 / Display name is full DN and membership UI is blank when members are added
CKHO6J7JUS / Search All Places results have corrupted url and abstract