Urs-o-Log

To disable the possibility for a user to download the Lotus Quickr connectors via the browser you can add the following lines to QPCONFIG.XML:

If a user then clicks on the link a message box will be displayed, telling him that the download of the software is disabled.

Currently there is no possibility to hide the link completely.

My colleague Klaus Bild (thanks!) told me that it is in deed possible to hide the download link completely. Just insert the following lines in your QPCONFIG.XML:

Update (2008-09-18):

As both solutions did not really work nicely with 8.1 (first one only worked in MyPlaces but not within a place and the second one just hide the word “Download” but leave the rest alone) I just tried another one which now completly hides all references to the connectors:

When uploading files to a Quickr (Portal) library while having installed the “IBM Browser plug-in for documents” and using a forward proxy at the client you might get an “Error 12007” and no files will be uploaded.

The reason for that is that the plugin is using Microsoft Windows HTTP Services (WinHTTP) for communicating with the server and WinHTTP is not aware of the proxy settings configured in Internet Explorer.

To configure WinHTTP to use a proxy you first configure the proxy settings correctly in Internet Explorer and afterwards issue the command “proxycfg -u” at the DOS prompt. You can also directly configure the proxy settings for WinHTTP with this utility (look here for more information).

As this tool adds a key within HKEY_LOCAL_MACHINE you will need to have admin rights on the client to configure this.

The question is why Windows does not configure this correctly when you set a proxy in IE (or at least give the user the possibility to do this via the GUI).

Update:

In Windows 7 you should use instead the following commands:

Show current config:      netsh winhttp show proxy

Unset current config:     netsh winhttp reset proxy

Set current config:     netsh winhttp set proxy {proxy address:port} {bypass list}

I just created a new Wiki site called “Quickr Info“.

On this Wiki I will collect all kind of information about IBM Lotus Quickr. Although most of the information is already available in the Internet (on my personal blog, on other blogs, on IBM websites etc.) I am using this site to collect the information at one place.

I am using this place for my own convenience but maybe it is useful for others too.

… aber mein Leben besteht durchaus auch noch aus anderen Dingen als Lotus Quickr.

Bin allerdings derzeit ziemlich beschäftigt und in der verbleibenden Zeit hatte ich wenig Lust verspürt zu bloggen.

Aber soweit geht es uns gut. Letzte Woche haben wir unsere Indien-Erinnerungen bei Bollywood – The Show aufgefrischt und am Freitag haben wir Tränen gelacht bei Badesalz in Aschaffenburg.

Werde in Zukunft wieder versuchen außer Einträgen zu Quickr auch noch mal über andere Dinge zu schreiben … versprochen!

While using the wizard to enable LDAP security for Lotus Quickr (J2EE) together with an Domino LDAP directory I alway got the message “Entity does not exist in directory”. although I checked every user, group and passwords used I did not find the problem.

[More:]

I better should have read the documentation in InfoCenter first. 🙂

There it is decribed how to create person documents for the administrative users.

For the user “wpsbind” e.g. you have to add a person document and enter “wpsbind” into the field “Last name”. Then, and this is the important thing, you have to enter “wpsbind/DominoDomainName” as the first entry and “wpsbind” as the second entry into the field “Username”.

Caution: It is a bit unclear in the documentation what “DominoDomainName” stands for: Sometimes you can read “DominoDomain is your Lotus Domino Internet domain” and sometimes it is “DominoDomain is your Lotus Domino Domain”. So, in fact, it is really the Domino domain name of the LDAP server what you have to add after the slash.

You then have to make sure that the full name “wpsbind/DominoDomainName” (or whatever user you created for this purpose) has at least reader access to the Domino directory on the Domino LDAP server. If you have more than one address book added via directory assistance make sure that this user has reader access to all of them. Otherwise, or if one of the address books is not available to the LDAP server when you enable security for Quickr, the wizard may fail with an LDAP error 50.

Within the wizard you enter all users with the following syntax “cn=username,o=DominoDomainName”.

If you follow this rules then the wizard should enable LDAP security without a problem.

Update:

On one of the wizard’s screens you have to enter the “Web server host name”. Please make sure that you really enter only the host name without a leading “http://” as it is described in the help for this page. Otherwise enabling security will fail (as last message you will see “Calling ContentModelInitializer” in enable-ldap-security.log).

Below you find the QPCONFIG.XML which I used at a customer site to connect Lotus Quickr (Domino Services) to an Active Directory LDAP source for authentication.

Although this configuration worked in my environment you might need to adapt some parts to fit in your environment (especially some of the LDAP attributes used). You easily can check what attributes are used in your environment with a freeware tool called “Softerra Ldap Browser“.

[codesyntax lang=”xml” title=”qpconfig.xml”]

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<server_settings>

<offline enabled="true" use_login_passwords="true" >

<name_translation enabled="true">
<from_directory_name>
<translate from="CN=(.+)/(.+)/DC=acme/DC=com" to="CN=\1/\2/O=acme_com" />
</from_directory_name>
<to_directory_name>
<translate from="CN=(.+)/(.+)/O=acme_com" to="CN=\1/\2/DC=acme/DC=com" />
</to_directory_name>
</name_translation>

</offline>

<super_user enabled="true">
<dn>CN=IT_WindowsServer_Admins,OU=acme (Organisation),OU=acme Groups,DC=acme,DC=com</dn>
</super_user>

<user_directory>

<ldap>

<base_dn>
<group>DC=acme,DC=com</group>
</base_dn>

<schema>

<ldap_is_active_directory enabled="false" />
<do_not_deref_for_groups enabled="true" />
<dn_delimiter robust_compare="false"/>
<dn_incoming_is_native enabled="true"/>
<secondary_cn_component enabled="true"/>
<maintain_escape_character enabled="false"/>

<object_class>objectClass</object_class>
<user>
<object_class_value>person</object_class_value>
<common_name>cn</common_name>
<display_name>cn</display_name>
<first_name>givenname</first_name>
<last_name>sn</last_name>
<email>mail</email>
<phone>telephoneNumber</phone>
</user>
<group>
<object_class_value>group</object_class_value>
<common_name>cn</common_name>
<display_name>cn</display_name>
<member>member</member>
</group>
</schema>

<search_filters>
<authentication>
<![CDATA[
(|(sAMAccountName={0})(cn={0}))
]]>
</authentication>
<user_lookup>
<![CDATA[
(&(objectclass=person)(sn={0})(givenname={1}))
]]>
</user_lookup>

<group_lookup>
<![CDATA[
(&(objectclass=group)(cn={0}))
]]>
</group_lookup>

<group_membership>
<![CDATA[
(&(objectclass=group)(member={0}))
]]>
</group_membership>

</search_filters>

<member_lookup_ui>

<column_name>
<person>sn, givenname</person>
</column_name>

<column_disambiguate>
<person>dn</person>
</column_disambiguate>

</member_lookup_ui>

<search_ui_hint>
<![CDATA[
( enter <B>last name, first name</B>)
0; ]]>
</search_ui_hint>

<search_ui_index>sn</search_ui_index>

</ldap>

</user_directory>

</server_settings>

[/codesyntax]

In addition to the above configuration you need to add the root point of your LDAP tree (see above) in corresponding field in the Quickr Site Administration:

You also need to do some work to get the Quickr offline capability working with Active Directory. I will describe how to do this in a later post.

Update:

David Byrd has just published a very good article in the Quickr wiki regarding AD integration.