IBM Team Workplace (QuickPlace) version 6.5.1
Consolidated Hot-Fix #240 for Windows
Installation Instructions
Last revision: 11/8/2007
1. Shutdown QuickPlace server.
2. Backup QuickPlace server – if anything goes wrong, we must be able to back-out.
3. If running QuickPlace Release 3.0.1 or earlier, first upgrade to Domino 6.5.1 and Team Workplace (QuickPlace) 6.5.1.
4. Install Domino Interim Fixpack #1 (IF1). (This fixpack is available for download from www.ibm.com)
5. For SPRs FFZG5YJA3E, WHZG5YF5TZ, HYZG5YFADP, see related technote for additional Domino requirement.
6. (FOR SPR #MBAS5KERPE and RMEK6GPL2Y ONLY)
For SPR #MBAS5KERPE and #RMEK6GPL2Y (DN remapping for LTPA token), the following is required:
· You must upgrade Domino server to 6.5.2 or 6.5.3.
· In notes.ini, use QuickPlaceRemapDN to remap the DN from an LDAP directory which uses a format not recognized by QuickPlace. The purpose of this setting is to look for the string that you provide, and take anything between that and the next slash to be the username to look up in the NAB.
For example, if you are authenticating users through Websphere Portal Server using MSSO, the LTPA token may contain a DN such as uid=jsmith/cn=users/ou=engineering/o=acme, whereas QuickPlace might be looking for this user in the format CN=John Smith/ou=engineering/o=acme. In this example, you would set:
QuickPlaceRemapDN=uid=
7. Replace the following files ( make a backup copy before replacing ):
· In the Domino program directory (example: c:\Lotus\Domino ):
§ nquickplace.dll
§ nquickplacers.dll
§ quickplace.jar
§ xalan.jar
§ xercesImpl.jar
§ xml-apis.jar
· In the Domino Data Directory (example: c:\Lotus\Domino\Data ):
§ qpconfig_sample.xml
· In the QuickPlace Template Data Directory (example: c:\Lotus\Domino\Data\quickplace\AreaTypes ):
§ Contacts.ntf
§ HaikuCommonForms.ntf
§ HaikuSetupNT.ntf
§ MeetingRoom.ntf
§ PageLibrary.ntf
· In the Domino server’s html directory (example: c:\Lotus\Domino\Data\domino\html ):
§ qp2.cab
· In the QuickPlace Directory (example: c:\Lotus\Domino\Data\quickplace ):
§ resources.nsf
§ PeopleOnline31.jar
· In the QuickPlace HTML Common Directory (example: c:\Lotus\Domino\Data\domino\html\qphtml\html\common ):
§ qp_write_html.js
· If your QuickPlace server is configured to work with a Sametime server, you must also replace the following file on all Sametime servers:
§ PeopleOnline31.jar
· In the Domino server’s program directory (example: c:\Lotus\Domino):
§ nquickplace.sym
8. Check if any of the requirements in the Configuration Settings Table below apply, if so, change the appropriate setting.
9. Upgrade places view definitions:
· Start a command prompt tool and change to the Domino’s program directory, then run:
§ nqptool.exe upgrade –server AND
§ nqptool.exe upgrade –a OR -p <placename> to update just one place.
· For SPR #ROHI6EUEYD only:
For SPR #ROHI6EUEYD (username displayed as UID component), in order to update the necessary design elements in existing places, it is required to force the design refresh of certain design elements by using the following command:
§ nqptool.exe upgrade –a -f OR -p <placename> -f to update just one place.
10. Clear client browser cache ( remove all cached documents ).
11. Restart the Domino/QuickPlace server.
12. Verify that the hotfix was applied:
· Check for the following message in the Domino Server console or log.nsf:
QuickPlace Server started. 350172.xxx (where xxx corresponds to the hotfix version.)
· Connect to the Team Workplace Welcome page from an internet browser.
· Display the HTML source for the page:
o From Internet Explorer menu, choose View -> Source
o From Mozilla menu, choose View -> Page Source
· Check the value of $HaikuForm near the top of the page. It should match the hotfix number. For example, for hotfix 350172.228, you will see <!-- $HaikuForm - 350172.225 -->.
13. Test changes.
TEAM WORKPLACE (QUICKPLACE) CONSOLIDATED 6.5.1 HOT-FIX #240:
RELEASE NOTES
SPR / SPR Description / Note* / Previous fixes involving Active Directory may have required adding the setting QuickPlaceHandleAD to the server’s notes.ini file. This setting is no longer needed, and must be removed. / Remove the following setting from notes.ini:
QuickPlaceHandleAD
CKHO5QBJSK / Rooms inherited from a PlaceType are not visible to the creator of the place / Starting with hotfix #34, rooms inherited from a PlaceType are now made visible, by default, to the creator of a place which is based on that PlaceType. You may change this setting for each PlaceType in PlaceType Options.
TEAM WORKPLACE (QUICKPLACE) CONSOLIDATED 6.5.1 HOT-FIX #240:
CONFIGURATION SETTINGS TABLE
IMPORTANT:
· The NOTES.INI file must always have a blank empty line at the end of the file.
· Adding settings to QPCONFIG.XML must be done within the <server_settings>…….</server_settings> tags.
SPR / Requirement / Setting* / Previous fixes involving Active Directory may have required adding the setting QuickPlaceHandleAD to the server’s notes.ini file. This setting is no longer needed, and must be removed. / Remove the following setting from notes.ini:
QuickPlaceHandleAD
MZHA6MF364 / For special handling of Chinese characters / Add the following to QPConfig.xml:
<server_settings>
<user_directory>
<ldap>
<schema>
<special_handle_chinese_char enabled="true" />
</schema>
</ldap>
</user_directory>
</server_settings>
MMOI6M3K28 / To specify a string that is only present in person DNs / <server_settings>
<sametime local_users="false" ldap="true">
<members_online>
<expand_external_groups enabled="true" max_depth="6" />
<person_unique_string>ui=</person_unique_string>
</members_online>
</sametime>
</server_settings>
IDEA679TFJ / To identify the attribute in a person record that holds group names / Add the following to QPConfig.xml:
<server_settings>
<user_directory>
<ldap>
<schema>
<group>
<attribute_in_person_record>memberOf</attribute_in_person_record >
</group>
</schema>
</ldap>
</user_directory>
</server_settings>
CWIR6MAUWU / To ensure active sessions are removed from Domino console after logout / Add the following to QPConfig.xml:
<server_settings>
<dont_use_logout_form_with_activex enabled="true"/>
</server_settings>
CTRP6KZT9M
RMEK6LNLN5 / To identify LDAP directory as Active Directory / Add the following to QPConfig.xml:
<server_settings>
<user_directory>
<ldap>
<schema>
<ldap_is_active_directory enabled="true"/>
</schema>
</ldap>
</user_directory>
</server_settings>
CPRE6M8PW9 / To prevent the dereferencing alias search on the initial search in a dual directory environment
To turn off the LDAP_DEREF_ALWAYS flag when doing an LDAP search for groups that contain a particular user as a member / Add the following to QPConfig.xml:
<server_settings>
<user_directory>
<ldap>
<search_filters>
<alias_lookup>
<![CDATA[(&(objectclass=person)(search_field={0}))]]>
</alias_lookup>
</search_filters>
</ldap>
</user_directory>
</server_settings>
Add the following to QPConfig.xml:
<server_settings>
<user_directory>
<ldap>
<schema>
<do_not_deref_for_groups enabled="true"/>
</schema>
</ldap>
</user_directory>
</server_settings>
CTRP6KWTSR / To allow slash in distinguished name (DN) of external user name / Add the following to QPConfig.xml:
<server_settings>
<user_directory>
<ldap>
<schema>
<allow_slash_in_ldapdn enabled="true"/>
</schema>
</ldap>
</user_directory>
</server_settings>
RMEZ6JWP93 / To prevent LTPA token from being broken when trying to access a place user is not a member of. / Add to notes.ini:
QuickPlaceKeepLTPA=1
AHOZ6KJNS9 / To disable HTTP Pragma header / Add to notes.ini:
QuickPlaceDisableHTTPPragma=1
When this is set to 1 and QuickPlace is writing out an HTTP response message, the following message will be written to the console:
“Response::QuickPlaceReply: Not writing out HTTP Pragma directive”
CPRE6JPS5M / To turn off the LDAP_DEREF_ALWAYS flag when doing an LDAP search for groups that contain a particular user as a member / Add the following to QPConfig.xml:
<server_settings>
<user_directory>
<ldap>
<schema>
<do_not_deref_for_groups enabled="true"/>
</schema>
</ldap>
</user_directory>
</server_settings>
JBOD62ANDR / To expand external groups for Sametime awareness / Add to notes.ini:
QuickPlaceNestedGroupLimit=<a number reflecting the maximum directory group nesting level>
Add the following to QPConfig.xml:
<server_settings>
<sametime local_users="false" ldap="true">
<members_online>
<expand_external_groups enabled="true" max_depth="12" />
</members_online>
</sametime>
</server_settings>
HHZG5UTNDU / To prevent upgrading the default theme when upgrading Quickplace / Add the following to QPConfig.xml:
<server_settings>
<upgrade>
<theme update_default_to_latest="false" />
</upgrade>
</server_settings>
RMEZ6CGHSJ / To identify LDAP directory as Active Directory / Add the following to QPConfig.xml:
<server_settings>
<user_directory>
<ldap>
<schema>
<ldap_is_active_directory enabled="true"/>
</schema>
</ldap>
</user_directory>
</server_settings>
CTRP6GALAA CTRP6G6SEL
JBOD6AHUPR / Setting for use when Distinguished Names contain LDAP special characters / Add the following to QPConfig.xml:
<server_settings>
<user_directory>
<ldap>
<schema>
<dn_delimiter robust_compare="false" />
<maintain_escape_character enabled="false" />
<dn_incoming_is_native enabled="false" />
</schema>
</ldap>
</user_directory>
</server_settings>
RMEK6GPL2Y / To disable alias cache.
For additional requirements, see installation steps above concerning QuickPlaceRemapDNs setting. / Add to notes.ini:
QuickPlaceDisableAliasCache=1
AHOZ6H3SFA / In addition to this QuickPlace hotfix and configuration settings, a Sametime hotfix is also required for your Sametime server. Please contact support for details. / Add the following to QPConfig.xml:
<sametime local_users="false" ldap="true" >
<reverse_proxy enabled="true">
<host_alias>sthostalias</host_alias>
</reverse_proxy>
</sametime>
where sthostalias is set to the alias of the Sametime server host that the reverse proxy is configured to use.
For example, if your reverse proxy is http://proxy.ibm.com and your backend Sametime server is sametime.ibm.com and your reverse proxy uses the alias “stserver” for the Sametime server, then the url via the reverse proxy would be http://proxy.ibm.com/stserver/stcenter.nsf. The reverse proxy re-routes the request to http://sametime.ibm.com/stcenter.nsf. In this scenario, you would set host_alias to stserver.
CLOH6FJAJX / To maintain consistency of Sametime status across portal applications in Lotus Workplace / Add to notes.ini:
QuickPlace_Use_DN_for_Awareness=1
QuickPlaceMatchDNCase=1
CTRP6GALAA
CTRP6G6SEL / To maintain escaped character in DN / Add the following to QPConfig.xml:
<server_settings>
<user_directory>
<ldap>
<schema>
<maintain_escape_character enabled="true"/>
</schema>
</ldap>
</user_directory>
</server_settings>
RMEZ5YVPYJ / To uncheck by default the checkbox to include the page abstract in the email notification / Add the following to QPConfig.xml:
<server_settings>
<notifications>
<message_rules>
<include_abstract enabled="false"/>
</message_rules>
</notifications>
</server_settings>
JHOD6B7HQT
JHOD64LMV7 / To prevent the conversion of a multi-valued RDN such as “ou=111+cn=Bill Mueller…” to “cn=111+cn=Bill Mueller…” when passing DN to Domino / Add to notes.ini:
QuickPlaceDoNotConvertMVRDN=1
Also contact customer support for additional requirement if existing places already have converted ACL entries.
RSCR5VZBP2,
RSCR5VMJSD / Contact support for Domino hotfix requirements.
Also add setting to notes.ini to ensure that reason for authentication failure is correctly displayed in Team Workplace. / Add to notes.ini:
QuickPlacePassReasonType=1
Also contact customer support for Domino hotfix.
RTIN67B2LZ / To display page, rather than folder contents, after publishing a page / Add the following to QPConfig.xml:
<server_settings>
<display_page_after_publish enabled="true"/>
</ server_settings >
SSEI68RMRU / To enable advanced search of external source / Add <external> section to qpconfig.xml as follows:
The enabled attribute can be true or false. Set to true to enable the external search feature.
The url value is the URL to the external search source, with a placeholder for the search term
The search_term_placeholder value is the placeholder in the above URL, which will be replaced with the search term
The search_form_label value is the text label shown on the Advanced Search form for the external search radio button
The frame_width value is the width (either in % or pixels) of the search results frame - not required, default is 100%
The frame_height value is the height (in pixels) of the search results frame - not required, default is 2000
For example:
<search_places enabled="true" log_level="0" anonymous="true">
<external enabled="true">
<url>
<![CDATA[
http://hostname:port/servlet/JKMSearchController?AppID=Demo&desTemplateFile=
AllOptions.txt&desClientLocale=enUS&DESMaxHits=5&DESPageSize=5&DESGetPage=1&
DESBoolean=Find&DESReturnResults=Sorted&DESQueryString=TeamWorkplaceSearchTerm&
DESTimeOut=60
]]>
</url>
<search_term_placeholder>TeamWorkplaceSearchTerm</search_term_placeholder>
<search_form_label>Company Knowledge Base</search_form_label>
<frame_width>100%</frame_width>
<frame_height>2000</frame_height>
</external>
</search_places>
KHIA67BPDK / To use Distinguished Name (DN) rather than Common Name (CN) for Sametime awareness because CN contains comma / Add to notes.ini:
QuickPlace_Use_DN_for_Awareness=1
RMEZ63KKAV / To resolve problem where a custom form created with Name Popup field is showing the field blank in the folder view / Add to notes.ini:
QuickPlaceUseAlternateColumnDisplayNameFormula=1
CTRP5XR7GN
MMOI66CPUY / To examine QuickPlace URLs for possible cross-scripting attacks / Add <xss_protection> section to qpconfig.xml as follows:
The enabled attribute can be true or false. Set to true to check URLs for potential XSS attacks.
The filterquick value identifies characters that must show up in the URL in order to warrant further URL checking.
The filter value contains a regular expression defining a potential XSS URL. If xss_protection is enabled, URL's matching this expression will show the user an error page. There may be multiple filter values.
For example:
<sever_settings>
<security>
<xss_protection enabled = "true">
<filterquick value="%:<+"/>
<filter value="\<[^(\>)]*(S|s)(C|c)(R|r)(I|i)(P|p)(T|t)[^(\>)]*\>"/>
<filter value="javascript[^(\:)]*\:"/>
<filter value="\<[^(\>)]*(I|i)(M|m)(g|G)[^(\>)]*\>"/>
</xss_protection>
</security>
</sever_settings>
SSHI5BAP5N / Allows sending “What’s New” emails to groups / Add the following to QPConfig.xml:
<notifications>
<recipient_rules>
<send_news_to_groups enabled="true"/>
</recipient_rules>
</notifications>
TEAM WORKPLACE (QUICKPLACE) CONSOLIDATED 6.5.1 HOT-FIX #240:
FIXES INCLUDED IN THIS RELEASE
Created / SPR / Build # / Problem description11/7/2007 / RELS78CN5C / 350172.240 / XSS vulnerability when anonymous access disabled on HTTP port
9/21/2007 / HHZG5UTNDU / 350172.239 / Upgrade of placetypes giving file not found error
7/27/2007 / RELS72S25H / 350172.237 / External group expansion for mail not working with Active Directory qpconfig setting
7/07/2007 / HHZG5UTNDU / 350172.236 / Upgrade of placetypes giving file not found error
2/12/2007 / CPRE6WUU7D / 350172.235 / Unable to remove/revoke users when EMM enabled againist AD or IDS ldap
11/16/2006 / CTHES6U8JF / 350172.233 / Validate link URLs for script tags
11/16/2006 / CJR3CFA00QP / 350172.233 / Upload file limit (>400 attachments now allowed on Windows 2000 & later versions)
10/10/2006 / CTRP6T7TWG / 350172.225 / Time/Date crash
9/13/2006 / JSOA6TG3GA / 350172.220 / Changing the Place Title in Change Basics does not affect DOLS subscription title
9/13/2006 / SANN6QGJLC / 350172.220 / Awareness icon does not appear on Members page
8/19/2006 / DDAY6SCPFD / 350172.219 / “The recipient address is not valid” when sending notifications from QuickPlace
8/19/2006 / BTLW6S2DY5 / 350172.219 / XSS attack
8/19/2006 / MMOI6NBTKV / 350172.219 / Quickplace server crashes when running qptool newsletter
8/19/2006 / ROHI6QKBRB / 350172.219 / Imported Word document isn’t displayed correctly
6/13/2006 / SANN6PMJ4G / 350172.216 / User with “@” in name can not access room if in internal group
6/13/2006 / RSCR5GSKXM / 350172.216 / Workflow email notification fails with error “The recipient address is not valid”
5/25/2006 / RMEZ6MXMZ6 / 350172.215 / Members Online window never populates if moved away from page where chat was initiated from
5/25/2006 / MMOI6P9JH9 / 350172.215 / Server crash when click Chat
5/25/2006 / MMOI6MFLLT / 350172.215 / Members Online window hangs upon launch
5/15/2006 / CTRP6LMKVF / 350172.211 / HTTP crash JpegException, GetMemberInfo, GetHaikuDatum and LoadDictionary
5/10/2006 / SANN6PGH28 / 350172.210 / Multiple server crashes after installing hotfix
5/09/2006 / MZHA6MF364 / 350172.208 / SSO authentication fails for some special Chinese name users
5/09/2006 / MMOI6PFMTV / 350172.208 / Workflow notification email address invalid if username has @ symbol
5/04/2006 / TEDS6N6RZY / 350172.207 / Microsoft Internet Explorer ActiveX change breaks QuickPlace
5/04/2006 / RTIN6MWQKF / 350172.207 / Bad customer code in custom theme causes server crash
4/07/2006 / CKHO6GMJK6 / 350172.201 / Unable to login with shortname variation on Expanded Membership Model (EMM) place
3/29/2006 / SANN679JXX / 350172.198 / Many reorderings of TOC causes h_Position to no longer be unique
3/29/2006 / PKAY6L4NG2 / 350172.198 / With EMM place, popup for adding editor to existing page displays without Add/Close buttons