Lotus Quickr 8.5.1 for Domino

Second Edition

December 2010

About this edition

In keeping with IBM's commitment to accessibility, this edition of the product documentation is accessible.

Printing

When you print this document some of the style elements are removed to create a better print output. Here are a few tips about printing:

The document length may exceed the browser's print capability. Microsoft Internet Explorer has demonstrated the ability to print large files successfully.
This document is long. Use print preview to determine the printed page length.
You can highlight section of the document and then choose to only print the selected content

Working offline

You can save a local copy of this document from your browser. Each browser has different menus and menu options. Consult the browser help if you need assistance saving the document locally.

Submitting feedback

If you would like to provide feedback about this document, see the Lotus Documentation Feedback Web site.

Product overview

Learn about new features in this version, supported hardware and software, and accessibility features.

What's new in this release

IBM® Lotus® Quickr® 8.5 for Lotus Domino® has a number of new features and functionality.

IBM® Lotus® Quickr™ 8.5.1 for Lotus Domino® delivers the following new features and functionality:

A direct upgrade path from the 8.1 version of Lotus Quickr to version 8.5.1 using the standard upgrade procedure.
The ability for users to take Lotus Quickr places offline, make changes to the places, and then synchronize the changes with the online version of the place on the server. This capability includes updating custom lists (a new feature in the Lotus Quickr 8.5 release).
Imports and exports of Microsoft Excel 2007 files.
Full interoperability with the recently released Lotus Connections 3.0.
Support for BIDI (bi-directional) languages.

See this topic for a complete list of new features in Lotus Quickr 8.5.

Accessibility features for Lotus Quickr

Accessibility features help users who have a disability, such as restricted mobility or limited vision, to use information technology products successfully.

Accessibility features

IBM strives to provide products with usable access for everyone, regardless of age or ability. The following list includes the major accessibility features in Lotus Quickr:

Keyboard-only operation
Interfaces that are commonly used by screen readers
Keys that are discernible by touch but do not activate just by touching them
Industry-standard devices for ports and connectors
The attachment of alternative input and output devices

The Lotus Quickr Information Center, and its related publications, are accessibility-enabled.

Keyboard navigation

Use the following key combinations to navigate the interface by keyboard:

To go directly to the Topic pane (the right hand side), press Alt+K, and then press Tab. Microsoft Internet Explorer only.
In the Topic pane, to go to the next link, press Tab.
To go directly to the Search Results view in the left hand side, press Alt+R. Microsoft Internet Explorer users then press Enter or Up arrow to enter the view.
To go directly to the Navigation (Table of Contents) view in the left hand side, press Alt+C. Microsoft Internet Explorer users then press Enter or Up arrow to enter the view.
To expand and collapse a node in the navigation tree, press the Right and Left arrows.
To move to the next topic node, press the Down arrow or Tab.
To move to the previous topic node, press the Up arrow or Shift+Tab.
To go to the next link, button, or topic node from inside one of the views, press Tab.
To scroll all the way up or down in a pane, press Home or End.
To go back, press Alt+Left arrow; to go forward, press Alt+Right arrow.
To go to the next pane, press F6.
To move to the previous pane, press Shift+F6.
To print the active pane, press Ctrl+P.

IBM and accessibility

See the IBM Human Ability and Accessibility Center for more information about the commitment that IBM has to accessibility:

Administrators: Deploying a preview guide to your users

The IBM® Lotus® Quickr™ 8.5 for Lotus Domino® preview guide is available for you to distribute to your users for new installations and upgrades to Lotus Quickr 8.5. This guide is designed to help your users become productive on the new software quickly, and to provide them with links to documentation resources for further help.

This guide provides the following information for this release:

Overview of several new features
Important changes from the previous release
Familiar features that remain the same
Links to product tours, reference cards, and product documentation
A few key productivity tips

You can download the preview guide from the Lotus Quickr wiki at http://www-10.lotus.com/ldd/lqwiki.nsf/dx/Administrators_Previewing_Lotus_Quickr_8.5_for_Domino_for_your_users. There are two files available to you:

An Adobe® PDF file, ready for e-mailing, printing, or distributing to your organization.
A Lotus Symphony™ ODT file that can be customized for your organization; for example, you can add contact information for your Help Desk.

It is recommended that you distribute the guide to your users before their new Lotus Quickr software is installed or updated.

Planning

Before installing IBM Lotus Quickr services for Lotus Domino or using the expanded membership feature, planning and requirement information must be considered.

Lotus Quickr services for Lotus Domino is a secure, portable, self-service Web application that provides instant, centralized, team places that can be used in both intranet and extranet deployments. It provides seamless online and offline support and enables teams to:

Coordinate people, tasks, plans, and resources.
Collaborate by sharing and discussing ideas, resolving issues, co-authoring documents, exchanging files, and managing schedules.
Communicate actions, decisions, key findings, and other knowledge by posting them to the team place.

To facilitate rapid deployment, ready-made templates are included. Use these templates, called PlaceTypes, to create sites designed to manage projects, facilitate discussion, plan events, or author and store project documents. Users can easily create, manage, and customize places. Using Java, HTML, and other tools, users with advanced Web skills can implement sophisticated customizations.

The Lotus Domino environment

IBM Lotus Quickr runs as a Web application on an IBM Lotus Domino server and leverages several of the server features.

The following Lotus Domino features are leveraged in Lotus Quickr to provide your organization with the full team collaboration environment:

Clustering and replication to update and distribute place content among servers.
Security to control access to places and servers.
Mail infrastructure to invite members to join places and to notify them of changes.
Single sign-on (SSO) to enable users to log in to a server without being prompted to log in again during the session.
Off-Line Services (DOLS) to enable users to take places offline and work while disconnected from the network.
Domain Search to support searches across multiple places and servers.
Directory services, an optional user directory configuration that leverages directory services features available through Domino.

In addition, integration with other applications and technologies is available in Lotus Domino. For instance:

It draws on the capabilities of IBM Lotus Sametime® to provide online awareness and real-time communication.
It supports the use of the Lightweight Directory Access Protocol (LDAP) to enable connection to an external LDAP-compliant directory for authenticating users and obtaining user and group information.
It uses Web services technology to enable users to use connectors to manage documents on the server through IBM Lotus Notes®, IBM Lotus Sametime, Lotus Symphony™, Microsoft Windows Explorer, and Windows Office applications.

Lotus Quickr for Lotus Domino administration involves using a combination of Lotus Domino and Lotus Quickr tools: Domino Administrator client, configuration through the Domino Directory (names.nsf), and notes.ini file on the Domino side, and qptool commands entered at the server console, the qpconfig.xml configuration file, and the Site Administration link on the server home page on the Lotus Quickr side.

Directory services

Place membership lists can be created locally in places (in CONTACTS1.NSF), so that specifying place members from a user directory is not required. However, connecting to a user directory maximizes the features that are available to you.

The following features are supported only when a user directory is in use:

IBM Lotus Sametime integrated in places
Expanded membership
My Places, a personal listing of places
Single sign-on authentication
Super user access to the server
User names in double-byte character sets
IBM Lotus Connections Profile Business Card Integration.

Connecting to a user directory also provides these member management features:

User information is managed in a central location, rather than in individual places.
External members use the same name and password to access any place of which they are a member, whereas local members might have different user names and passwords in each place.
Many of the qptool commands that enable you to manage member information for multiple places at once are available only for external members. For example, you can use the qptool addmember command to add external members to places, but not to add local members.

Local membership is supported, even when a user directory is used. The local Lotus Quickr administrator specified during installation is a local member of the server's Site Administration place.

To connect to a user directory, you have a choice of two directory services configurations. You can set up Lotus Quickr to control directory services, or you can set up the underlying Lotus Domino server to control directory services. When Lotus Quickr controls directory services, you connect to a single external LDAP directory server, and configure the LDAP directory connection through the Site Administration link and the qpconfig.xml file. When the underlying Lotus Domino server controls directory services, Lotus Quickr uses any of the directories that Lotus Domino does, for example, multiple directories accessed through directory assistance, and you use the directory services configuration procedures of Lotus Domino.

Security considerations

Decide whether users will authenticate anonymously or be required to use name-and-password authentication and whether to limit who can create places individually or by group.

By default, users can connect to a Lotus Quickr server anonymously or through basic name-and-password authentication. Server access is controlled through the Ports > Internet Ports > Web tab in the Server document in the Domino Directory.

By default, any user who can connect to the server can create places. The local Lotus Quickr administrator, created at the end of Lotus Quickr installation, can use the Site Administration > Security link on the home page to limit the ability to create places to specific authenticated users or groups. The local administrator can also designate additional administrators, who then have the ability to create and delete places, use the Site Administration link, and create and delete PlaceTypes.

Users who create places have "owner" access to their places, meaning they can see and edit all place content, as well as control all access to place content. The available places access levels are: Author, Reader, Editor, Manager, and Owner. An administrator can use the qpconfig.xml file to specify the name of a user or group in a user directory with owner access to all places on the server.

Note: If you want to use Lotus Sametime integration features, or to use My Places > Show Usage Statistics to run qptool commands on places, you must configure the server to use single sign-on authentication.

International considerations

If you use any IBM Lotus Quickr server that stores non-English content, you must set up the server to generate output using UTF-8 encoding so that page content displays correctly in non-English languages.

The Installation section of this documentation contains more detail on how to set up a server to generate output using UTF-8 encoding.

To enable people who use double-byte character set (DBCS) languages, such as Japanese or Chinese, to use My Places, you must enable single sign-on authentication on the server. In addition, you must use the notes.ini file to configure the DBCS language to use. See the Configuring section of this documentation for more information.

Selecting a different language

Users and administrators (using Site Administration) can select their preferred language when using Lotus Quickr.

Multiple languages can now be supported by a single server, allowing for deployment of fewer servers. Multiple language support is enabled for the Lotus Quickr 8.5 and 8.2 themes on the Lotus Quickr server. Multiple language support for Site administration and the Creating a place activity is also enabled.

Access the Language preferences in your browser:
- In Microsoft Internet Explorer: Click Tools > Internet Options and then click the Languages button.
- In Firefox: Click Tools > Options > Content tab page, and then click the Choose button for Choose your preferred language when displaying pages.
Configure Languages in order of preference by adding a new language and then moving it to the top.
Access a place to verify that it shows the new selected language.

Replacing the English version of online help with a different language version

You can download and use a different language version of the installed online help files (Main.nsf).

Lotus Quickr 8.5 contains an English version of the help files (Main.nsf), however, additional language versions are available for download. Follow these instructions to replace the English version of Main.nsf, with a different language version.

Download the help file and unzip it from one of the following sites:

ftp://public.dhe.ibm.com/software/lotus/info/quickr/main_nsf_help.zip

http://public.dhe.ibm.com/software/dw/lotus/quickr/main_nsf_help.zip

Select the version for your preferred language and complete the remaining instructions as appropriate to your operating system.

For Microsoft Windows platforms

Shut down the server by entering the following command:
```
> q
```
Copy your language version of Main.nsf to the following directory on the Lotus Quickr server, replacing the English version:
```
C:\Program Files\IBM\Lotus\Domino\data\LotusQuickr\Help
```
Start the server to reflect the change.

For AIX and Linux platforms

Shut down the server by entering the following command: > q
```
> q
```
Copy your language version of Main.nsf to the following directory on the Lotus Quickr server, replacing the English version:
```
/local/notesdata/LotusQuickr/Help
```
Start the server to reflect the change.

For IBM i platforms

For each individual Lotus Quickr server:

Stop the Lotus Quickr server using the WRKDOMSVR or ENDDOMSVR command.
Copy your language version of Main.nsf to the following directory on the Lotus Quickr server, replacing the English version:
```
<server_data_directory>/LotusQuickr/Help
```
Ensure the owner of the copied file is QNOTES by running the following command:
```
CHGOWN OBJ('<server_data_directory>/LotusQuickr/Help/Main.nsf') NEWOWN(QNOTES)
```
Restart the server.
Optional: To ensure that any Lotus Quickr servers configured in the future use the same language version of the help files:
1. Copy your language version of Main.nsf to the following directory, replacing the English version:
```
/QIBM/ProdData/LOTUS/QuickPlace/data/lotusquickr/Help
```
2. Ensure the owner of the copied file is QNOTES by running the following command:
```
CHGOWN OBJ('/QIBM/ProdData/LOTUS/QuickPlace/data/LotusQuickr/Help/Main.nsf') NEWOWN(QNOTES)
```

Lotus Quickr system requirements

Before installing IBM Lotus Quickr, review the hardware and software requirements.

See the detailed system requirements document at the following URL:

http://www.ibm.com/support/docview.wss?rs=3264&uid=swg27009740

Lotus Quickr release notes

Lotus Quickr 8.5 is available. Compatibility, installation, and other getting-started issues are addressed.

Description

IBM Lotus Quickr combined with IBM enterprise content management capability addresses a broad spectrum of collaboration, document sharing, and content management needs. Users can leverage the intuitive user interface of Lotus Quickr to work on projects together and then easily move the final product of their collaboration to the organization's Enterprise Content Management (ECM) repository.

Users can use the IBM Lotus Quickr Web interface or the Quickr connectors for a consolidated view of content in Quickr places and content in their ECM repository. This integration combines the flexibility and ease of use of IBM Lotus Quickr with the structure, discipline, and business-process capabilities of IBM ECM offerings.

IBM Lotus Quickr integrated with Lotus Connections combines social networking for business with the structure of Quickr places for sharing content and ideas. In addition, the results of a collaboration that begins with a Connections Activity can be published to a more formal Quickr place and combined with other work efforts.

New APIs make new events available for customers and independent software vendors to extend IBM Lotus Quickr:

Ability to manipulate and apply document types
Ability to manipulate property sheets
Ability to edit and retrieve extended metadata
Ability to make post custom queries
ATOM publishing and syndication of blog / wiki content
Ability to replicate document library content

Announcement

The Lotus Quickr 8.5 announcement is available at www.ibm.com/common/ssi/index.wss. See the announcement for the following information:

Detailed product description, including a description of new function
Product-positioning statement
Packaging and ordering details
International compatibility information

System requirements

For information about hardware and software compatibility, see the detailed system requirements document at http://www.ibm.com/support/docview.wss?rs=3264&uid=swg27009740.

Installing

For step-by-step installation instructions, see the Installing topics in this wiki.

Known problems

Known problems are documented in the form of individual technotes in the Support knowledge base at http://www.ibm.com/software/lotus/products/quickr/support/. As problems are discovered and resolved, the IBM Support team updates the knowledge base. By searching the knowledge base, you can quickly find workarounds or solutions to problems.

The following link launches a customized query of the live Support knowledge base: View all known problems for Lotus Quickr 8.5.

Installing and upgrading

This section describes installing and upgrading IBM Lotus Quickr services for Lotus Domino.

Installing on Windows

To install IBM Lotus Quickr on a Microsoft Windows system, you must prepare for the installation, perform any necessary configuration changes, and enable the Lotus Domino servlet engine.

Perform the following steps to install Lotus Quickr on a Windows system.

Preparing Lotus Domino to install Lotus Quickr on Windows

IBM Lotus Domino series must be dedicated for use with IBM Lotus Quickr. Steps must be taken during Lotus Domino installation and server setup before Lotus Quickr can be installed.

Review the detailed hardware and software requirements on the IBM Support site.

Review the known issues that are described on the IBM Support Site. To see only installation issues, select Installation in the Product Category list.

You also need to create a Web SSO configuration document in the Lotus Domino Directory.

Installing Lotus Domino on Windows

Before installing IBM Lotus Quickr on a Microsoft Windows system, you must first install IBM Lotus Domino using these options. Then configure the server setup using the procedure in the next topic.

If you install partitioned Lotus Domino servers so that you can install Lotus Quickr on each partition, when you configure the server for TCP/IP, assign a separate IP address to each partition rather than using port mapping. For more information, see the topic Partitioned servers and IP addresses in the Lotus Domino Information Center.

For information about installing the Lotus Domino 8.5.1 server, see the topic Installing Domino on Windows systems in the Lotus Domino Information Center. After installing Lotus Domino, you need to update it with Fix Pack 3.

Perform the following steps to install IBM Lotus Domino on a Microsoft Windows system.

Launch the Lotus Domino server installation program.
Select Install Domino Partitioned Servers if you plan to install Lotus Domino on multiple partitions.
Select Domino Enterprise Server as the server type.

Running Lotus Domino server setup on Windows

After IBM Lotus Domino is installed on a Microsoft Windows system, it must be configured before IBM Lotus Quickr can be installed.

Run the Lotus Domino server setup program by clicking the Domino server icon located on the desktop.

Perform the following steps to configure Lotus Domino on a Microsoft Windows system.

In the Server setup window, select Set up the first server or a stand-alone server.
In the Provide a server name and title window, type the server name and server title for the Lotus Domino server
In the Choose your organization name window, type the organization name and Organizer Certifier password.
Note: Use a Lotus Domino server certifier that includes no more than two organizational units (OUs). For example, the certifier /OU=Dallas/OU=Div1/O=Acme is acceptable, but the certifier /OU=Sales/OU=Dallas/OU=Div1/O=Acme is not acceptable. When you use more than two OUs, the internal names of local users defined in Lotus Quickr places are truncated and these users are unable to log in to the server. The local administrator specified at the end of this installation procedure is a required local user.
In the Choose the Domino domain name window, type the Domino domain name for the Lotus Domino server
In the Specify an Administer name and password window, type the name of the Domino administrator and the administrator password.
Select Also save a local copy of the id file and click Next.
Select Web browsers (HTTP services).
Consider whether to leave the Directory services (LDAP services) option selected, and click Next. You can run the LDAP task, but with a large number of users, you might affect performance.
Optional: For the Secure your Domino Server option, you can clear the Prohibit Anonymous access to all databases and templates option if the nature of your content is not proprietary or confidential.
Review your server setup options and click Setup to begin the server setup.
For information about setting up the Lotus Domino 8.5.1 server, see the topic Using the Domino Server Setup program in the Lotus Domino information center.

Configure an existing Lotus Domino server

You must install IBM Lotus Domino and configure it for IBM Lotus Quickr. Lotus Domino servers must be dedicated for use with Lotus Quickr. If you use a Lotus Domino for anything, such as mail, then configure a new Lotus Domino server that is dedicated to Lotus Quickr.

See the previous topic to set up a new Lotus Domino server. Use a Domino server certifier that includes no more than two organizational units (OUs). For example, the certifier /OU=Dallas/OU=Div1/O=Acme is acceptable, but the certifier /OU=Sales/OU=Dallas/OU=Div1/O=Acme is not acceptable because it has three organizational units. Otherwise the internal names of local users defined in Lotus Quickr places will be truncated and these users will be unable to log in to the server. The local administrator specified at the end of the installation is a required local user.

Refer to Preparing Your TCP/IP connection for additional information.

Enabling the Lotus Domino servlet engine on Windows

After you have installed or upgraded to IBM Lotus Quickr, you must enable the Lotus Domino servlet engine. The servlet engine must be enabled to use Lotus Quickr place administration and to ensure that the Lotus Quickr home page does not display empty.

Note: To use this feature you must configure the server to use single sign-on authentication.

Perform the following steps:

From IBM Lotus Notes or the Lotus Domino Administrator, open the Lotus Domino directory (names.nsf) on the server.
Open the server document in Edit mode.
Click Internet Protocols > Domino Web Engine.
Under Java Servlets, select Domino Servlet Manager in the Java servlet support field.
Save & Close the document.
Restart the Domino server for this configuration change to take effect.

Configuring multi-server single sign-on authentication on Windows

With multi-server single sign-on, users can log in to a server once and during that session access servers enabled for single sign-on in the DNS domain without providing names and passwords again.

Keep the following points in mind:

When Lotus Quickr controls directory services, single-server single sign-on authentication is not supported, however, multi-server single sign-on achieves a similar result.
URLs issued to servers configured for single sign-on must specify the full DNS server name in the SSO configuration document, not the host name or IP address. For browsers to be able to send cookies to a group of servers, the DNS domain must be included in the cookie, and the DNS domain in the cookie must match the server URL. This is why cookies cannot be used across TCP/IP domains.
Clustered servers must have the full DNS server name in the host name field of the Web Site or Server document so that the Internet Cluster Manager (ICM) can redirect to cluster members using SSO. If the DNS server hostname is not there, ICM redirects URLs to clustered Web servers with only the TCP/IP host name, by default, and cannot send the cookie because the DNS domain is not included in the URL.

Perform the following steps to configure multi-server single sign-on authentication. These steps apply regardless of whether Lotus Quickr or IBM Lotus Domino controls directory services.

Creating a Web SSO document on Windows

Create a Web SSO Configuration document if there is not one already.

The following steps pertain directly to configuration for Lotus Quickr. For complete explanations of all fields on the Web SSO configuration document, refer to the Lotus Notes and Domino Information center.

Open the Domino Directory (names.nsf) of an IBM Lotus Quickr server in the domain.
Click the Configuration > Servers > All Server Documents view.
Click Web and then cllick Create Web SSO Configuration.
Click Keys at the top of the Web SSO Configuration document.
To Initialize the Web SSO Configuration with a Domino shared secret key, click Create Domino SSO Key.

Complete the rest of the document as follows:

Field	Action
Configuration Name	Type LtpaToken. This value is required.
Organization	Leave this field blank so the document appears in the Web Configurations view.
DNS Domain	(Required) Type the DNS domain (for example, acme.com) for which the tokens will be generated. The servers enabled for single sign-on must all belong to the same DNS domain.
Domino Server Names	Type the names of the IBM Lotus Domino servers to participate in single sign-on; for example, server1/acme, server2/acme. This document is encrypted so that only you, the members of the Owners and Administrators fields, and the servers specified may edit it. Note: Type only Lotus Domino server names in this field; group names, wild cards, and WebSphere® server names are not allowed.
Expiration (minutes)	Specify the time period, in minutes, after which the token will expire. The default is 30 minutes. Note: The token will expire after this time period, regardless of whether the user is idle or not. Therefore, you may wish to increase the period to a larger amount to ensure users are not prompted to re-authenticate often.
Idle Session Timeout	Click Enabled and specify a Minimum Timeout value, in minutes, to indicate the number of minutes of inactivity after which the token will expire.

Click Save & Close to save the Web SSO Configuration document in the Web - Web Configurations view. A message on the status bar indicates the number of servers or people for whom the document is encrypted.
If you receive messages on the client indicating that a particular key was not found for encrypting the document, you might have to change your client's location document to point to a different mail or directory server that has all the public keys included in Server and Person documents.
If multiple servers will be using the SSO configuration, you must replicate names.nsf to each server so that they can accept the new configuration. You can run the replica command in the console using: load replica [targetserver] names.nsf.

Editing a Web SSO document on Windows

A Web SSO Configuration document may already exist for the domain. This might be the case, for example, if a IBM Lotus Sametime server is also installed in the domain. In this case, add the Lotus Domino names of the IBM Lotus Quickr servers to the existing Web SSO Configuration document.

Open the Domino Directory (names.nsf) of an IBM Lotus Quickr server in the domain.
Click the Web > Web Server Configurations view.
Open the Web SSO Configuration document in edit mode.
In the Domino Server Names field, add the hierarchical Domino server name of each Lotus Quickr server in the domain that will participate in single sign-on; for example, server1/acme, server2/acme.
Close and save the document.

Completing single sign-on setup on Windows

After you have created or edited the Web SSO Configuration document for the domain, complete single sign-on setup.

Perform the following steps:

Add the following setting to the notes.ini file of each IBM Lotus Quickr server that you will enable for single sign-on. This step prevents anonymous access to files in the html directory:
NoWebFileSystemACLs=1
Enable multi-server session-based authentication in the Server document for each Lotus Quickr server that you want to enable for single-sign on:
1. Open the Domino Directory (names.nsf) on the server.
2. Click the view Configuration > Servers > All Server Documents.
3. Click the Server document for the server and click Edit Server.
4. Click Ports > Internet Ports > Web, and enable Name-and-password authentication for the Web (HTTP or HTTPS) port.
5. Click the Internet Protocols - Domino Web Engine tab.
6. Next to Session authentication, select Multiple Servers (SSO).
7. Next to Web SSO Configuration, select LtpaToken.
8. Click Save & Close.
Create the Domino Web Server Configuration database (domcfg.nsf) if it does not exist:
1. From Lotus Domino administration, choose File > Application > New.
2. Next to Server at the top of the dialog box, select the server that runs Lotus Quickr.
3. Next to Title, type a descriptive title, for example, Web Server Configuration.
4. Next to File name, type domcfg.nsf. You must use this file name.
5. Next to Server in the middle of the dialog box, select any server.
6. Click Show advanced templates.
7. Next to Template, select Domino Web Server Configuration (domcfg5.ntf).
8. Click OK.
Create a mapping form in the Domino Web Server Configuration database to enable single-sign on to work with Lotus Quickr:
1. Open the Web Server Configuration database (domcfg.nsf).
2. Click Add Mapping.
3. Next to Applies To, select All Web Sites/Entire Server (default) or Specific Web Site/Virtual Server. If you select Specific Web Site/Virtual Server, a new field displays in which you specify the IP addresses of the Web Site documents or Virtual Servers.
4. Next to Target Database, type LotusQuickr/resources.nsf, replacing the default entry.
  The path is case-sensitive on UNIX. If you upgraded from an earlier release and did not change the root directory name, type QuickPlace/resources.nsf.
5. Next to Target Form, type QuickPlaceLoginForm.
  Note: The QuickPlaceLoginForm form is important for the local administrator's account to be able to sign in. This login form has special code to handle Quickr-specific users. It is not required for other servers because SSO does not work for local or Quickr-specific users.
6. Click Save & Close.
7. Replicate the database to all the Lotus Quickr servers that will use single sign-on.
After the Domino Web Server Configuration database has replicated, at the server console of each server, enter the following command to stop and restart the server:
```
restart server 
```
The message "Successfully loaded Web SSO Configuration" confirms single sign-on setup.

Enabling UTF-8 character encoding for non-English server versions on Windows

If you use any IBM Lotus Quickr server that stores content other than English, you must set up the server to generate output using UTF-8 encoding so that page content displays correctly in other languages.

Perform the following steps:

From IBM Lotus Notes or the Lotus Domino Administrator, open the Lotus Domino directory (names.nsf) on the server.
Open the server document and click Edit Server.
Click Internet Protocols > Domino Web Engine.
In the Character Set section, select Yes in the Use UTF-8 for output field.
Click Save & Close.
Enter the following command at the server console to restart the HTTP task:
```
restart task http 
```

Installing IBM Lotus Quickr on Windows

IBM Lotus Quickr is installed on a Microsoft Windows system using a wizard.

Perform the following steps to install Lotus Quickr on a Microsoft Windows system.

Stop the Lotus Domino server by typing exit or quit in the server command window.
Stop any other Windows programs that are running.
Stop any Web applications that listen on TCP/IP port 80. Skype is an example of a web application.
If you are installing from a network drive, navigate to the directory that contains the installation kit. If you are installing from physical media, such as a CD or DVD, insert it into the appropriate drive to start the installation.
Open the Server folder and double-click the setup.exe file located in the w32 directory on the media.
In the Software License Agreement window, click Accept.
In the Welcome window, click Next.
In the Choose Destination Location window, select the directory that stores the Lotus Domino program files, and then click Next.
In the Start Copying Files window, review the directory path names that are displayed, and if they are correct, click Next to begin the installation.
After installation is complete, the Lotus Quickr Server Configuration window opens automatically. Click Next.
In the Specify name and password window, type the user name and password to create an account for the first Lotus Quickr server administrator. Verify the password. Specify the name for a new, local administrator.
Note: Do not specify the name of the Lotus Domino server administrator or any other name from a user directory that Lotus Quickr uses. This local account is commonly referred to as the qpadmin or qradmin account.
In the Congratulations window, click Finish.

Modifying TCP/IP registry settings on Windows servers

If your IBM Lotus Quickr server runs on Microsoft Windows, you must modify specific TCP/IP registry parameters to ensure good performance.

For detailed information about these parameters, see the section "TCP/IP registry optimizations" in the IBM Redbooks publication, Tuning Windows Server 2003 on IBM System x Servers at http://www.redbooks.ibm.com/redpapers/pdfs/redp3943.pdf.

Adjust values for the following Windows TCP/IP Registry parameters on the server:

TcpTimedWaitDelay
MaxUserPort
TcpWindowSize
MaxFreeTcbs
MaxHashTableSize

Sample values for these parameters:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]

"TcpTimedWaitDelay"=dword:0000001e
"MaxUserPort"=dword:0000fffe
"TcpWindowSize"=dword:0000ffff
"MaxFreeTcbs"=dword:00011940
"MaxHashTableSize"=dword:0000ffff

Performing a silent installation of IBM Lotus Quickr on Windows

You can optionally install IBM Lotus Quickr in silent mode by specifying the installation settings in a script file, then running that file at a command prompt. You can install the Lotus Quickr server to one or more Microsoft Windows systems, each with a different installation configuration as necessary.

This topic describes how to install Lotus Quickr on a Windows system using a command prompt. To install using a wizard, see the previous topic.

If Lotus Quickr has been installed on this server previously, you need to purge the server notes.ini file of all Lotus Quickr variables.

Use the following guidelines when using command options:

When using long path and file name expressions with switches, enclose the expressions in quotation marks. The quotation marks indicate to the operating system that spaces within the quotation marks are not to be treated as command delimiters.
Do not leave a space between command options.
If you specify an alternate compiled script using the -f switch, always use the -f switch before specifying an -f1 or -f2 switch.
Placing the -f1 switch before the -f switch causes the -f1 switch to be ignored, and the response file (the .iss file) is created in the Windows folder. The silent installation is not launched and no log file is created, however the -f portion of the command is executed.
If the -f1 switch is not used, the silent installation looks for the response file setup.iss in the same folder as setup.exe. A log file is created in the same folder.
When the silent installation runs, a log file is created in the same folder as the response file. The log file has the default name setup.log, if the -f2 switch is not used with -f1.
Make sure that _user1.cab and _setup.dll are stored in the same folder as the compiled script. That is, if setup.ins resides in the C:\Mydir folder, then _user1.cab and _setup.dll must also reside in C:\Mydir.
setup.exe command options are not case-sensitive.

Note: For Lotus Quickr implementations on Windows 2008, 64-bit: When running a silent installation, an error is returned stating that the MSVCR71.dll file is missing. Go to the appropriate Microsoft support web site to retrieve the MSVCR71.dll file and install it in the directory it designates.

To install Lotus Quickr at a command prompt, you create system-generated setup files, then run the files.

Stop the Lotus Domino server by typing exit or quit in the server command window.
Stop any other Windows programs that are running.
Stop any Web applications that listen on TCP/IP port 80. Skype is an example of a Web application.
Insert and start the Lotus Quickr installation CD. If you are installing from a network drive, navigate to the directory that contains the installation kit.
Create a copy of the InstallShield Silent file in the Quickr directory by entering the following command at a command prompt. setup.exe -r
The -r option records your selections as you use the wizard to install. It creates the Setup.iss file.
To run the silent installation, do one of the following.
- To launch using the setup.ins and setup.iss files from the current folder, and create the setup.log file in the same folder, enter the following command at a command prompt: setup -s
- To launch using the setup.ins file from the current folder and the Mydir.iss file from the C:\Mydir folder, and create the setup.logfile in the C:\Mydir folder, enter the following command at a on the command prompt: setup -s -f1C:\Mydir\Mydir.iss
- To launch using the Mydir.ins and Mydir.iss files from the C:\Mydir folder, and create the setup.log file in the same folder, enter the following command at a command prompt: setup -s -fC:\Mydir\Mydir.ins -f1C:\Mydir\Mydir.iss
- To launch using the Mydir.ins and Mydir.iss files from the C:\Mydir folder, and create the mydir.log file in the same folder, enter the following command at a command prompt: setup -s -fC:\Mydir\Mydir.ins -f1C:\Mydir\Mydir.iss -f2C:\Mydir\Mydir.log

Installing on AIX

You can install IBM Lotus Quickr on a AIX® system using an installation wizard or command interface.

Perform the following steps to install IBM Lotus Quickr on an IBM AIX system.

Preparing Domino for Installing IBM Lotus Quickr on AIX

Before installing IBM Lotus Quickr on an IBM AIX system, review hardware requirements, software requirements, and known issues.

Review the hardware and software requirements on the IBM Support site.
Review the known issues that are described on the IBM Support site. To see only installation issues, select Installation in the Product Category list.

Enabling the Lotus Domino servlet engine on AIX

Note: To use this feature you must configure the server to use single sign-on authentication.

Perform the following steps:

From IBM Lotus Notes or the Lotus Domino Administrator, open the Lotus Domino directory (names.nsf) on the server.
Open the server document in Edit mode.
Click Internet Protocols > Domino Web Engine.
Under Java Servlets, select Domino Servlet Manager in the Java servlet support field.
Save & Close the document.
Restart the Domino server for this configuration change to take effect.

Configuring multi-server single sign-on authentication on AIX

With multi-server single sign-on, users can log in to a server once and during that session access servers enabled for single sign-on in the DNS domain without providing names and passwords again.

Keep the following points in mind:

When Lotus Quickr controls directory services, single-server single sign-on authentication is not supported, however, multi-server single sign-on achieves a similar result.
URLs issued to servers configured for single sign-on must specify the full DNS server name in the SSO configuration document, not the host name or IP address. For browsers to be able to send cookies to a group of servers, the DNS domain must be included in the cookie, and the DNS domain in the cookie must match the server URL. This is why cookies cannot be used across TCP/IP domains.
Clustered servers must have the full DNS server name in the host name field of the Web Site or Server document so that the Internet Cluster Manager (ICM) can redirect to cluster members using SSO. If the DNS server hostname is not there, ICM redirects URLs to clustered Web servers with only the TCP/IP host name, by default, and cannot send the cookie because the DNS domain is not included in the URL.

Perform the following steps to configure multi-server single sign-on authentication. These steps apply regardless of whether Lotus Quickr or IBM Lotus Domino controls directory services.

Creating a Web SSO Configuration document on AIX

Create a Web SSO Configuration document if there is not one already.

Open the Domino Directory (names.nsf) of an IBM Lotus Quickr server in the domain.
Click the Configuration > Servers > All Server Documents view.
Click Web and then cllick Create Web SSO Configuration.
Click Keys at the top of the Web SSO Configuration document.
To Initialize the Web SSO Configuration with a Domino shared secret key, click Create Domino SSO Key.

Complete the rest of the document as follows:

Field	Action
Configuration Name	Type LtpaToken. This value is required.
Organization	Leave this field blank so the document appears in the Web Configurations view.
DNS Domain	(Required) Type the DNS domain (for example, acme.com) for which the tokens will be generated. The servers enabled for single sign-on must all belong to the same DNS domain.
Domino Server Names	Type the names of the IBM Lotus Domino servers to participate in single sign-on; for example, server1/acme, server2/acme. This document is encrypted so that only you, the members of the Owners and Administrators fields, and the servers specified may edit it. Note: Type only Lotus Domino server names in this field; group names, wild cards, and WebSphere server names are not allowed.
Expiration (minutes)	Specify the time period, in minutes, after which the token will expire. The default is 30 minutes. Note: The token will expire after this time period, regardless of whether the user is idle or not. Therefore, you may wish to increase the period to a larger amount to ensure users are not prompted to re-authenticate often.
Idle Session Timeout	Click Enabled and specify a Minimum Timeout value, in minutes, to indicate the number of minutes of inactivity after which the token will expire.

Click Save & Close to save the Web SSO Configuration document in the Web - Web Configurations view. A message on the status bar indicates the number of servers or people for whom the document is encrypted.
If you receive messages on the client indicating that a particular key was not found for encrypting the document, you might have to change your client's location document to point to a different mail or directory server that has all the public keys included in Server and Person documents.
If multiple servers will be using the SSO configuration, you must replicate names.nsf to each server so that they can accept the new configuration. You can run the replica command in the console using: load replica [targetserver] names.nsf.

Editing a Web SSO document on AIX

Open the Domino Directory (names.nsf) of an IBM Lotus Quickr server in the domain.
Click the Web > Web Server Configurations view.
Open the Web SSO Configuration document in edit mode.
In the Domino Server Names field, add the hierarchical Domino server name of each Lotus Quickr server in the domain that will participate in single sign-on; for example, server1/acme, server2/acme.
Close and save the document.

Completing single sign-on setup on AIX

After you have created or edited the Web SSO Configuration document for the domain, complete single sign-on setup.

Perform the following steps:

Add the following setting to the notes.ini file of each IBM Lotus Quickr server that you will enable for single sign-on. This step prevents anonymous access to files in the html directory:
NoWebFileSystemACLs=1
Enable multi-server session-based authentication in the Server document for each Lotus Quickr server that you want to enable for single-sign on:
1. Open the Domino Directory (names.nsf) on the server.
2. Click the view Configuration > Servers > All Server Documents.
3. Click the Server document for the server and click Edit Server.
4. Click Ports > Internet Ports > Web, and enable Name-and-password authentication for the Web (HTTP or HTTPS) port.
5. Click the Internet Protocols - Domino Web Engine tab.
6. Next to Session authentication, select Multiple Servers (SSO).
7. Next to Web SSO Configuration, select LtpaToken.
8. Click Save & Close.
Create the Domino Web Server Configuration database (domcfg.nsf) if it does not exist:
1. From Lotus Domino administration, choose File > Application > New.
2. Next to Server at the top of the dialog box, select the server that runs Lotus Quickr.
3. Next to Title, type a descriptive title, for example, Web Server Configuration.
4. Next to File name, type domcfg.nsf. You must use this file name.
5. Next to Server in the middle of the dialog box, select any server.
6. Click Show advanced templates.
7. Next to Template, select Domino Web Server Configuration (domcfg5.ntf).
8. Click OK.
Create a mapping form in the Domino Web Server Configuration database to enable single-sign on to work with Lotus Quickr:
1. Open the Web Server Configuration database (domcfg.nsf).
2. Click Add Mapping.
3. Next to Applies To, select All Web Sites/Entire Server (default) or Specific Web Site/Virtual Server. If you select Specific Web Site/Virtual Server, a new field displays in which you specify the IP addresses of the Web Site documents or Virtual Servers.
4. Next to Target Database, type LotusQuickr/resources.nsf, replacing the default entry.
  The path is case-sensitive on UNIX. If you upgraded from an earlier release and did not change the root directory name, type QuickPlace/resources.nsf.
5. Next to Target Form, type QuickPlaceLoginForm.
  Note: The QuickPlaceLoginForm form is important for the local administrator's account to be able to sign in. This login form has special code to handle Quickr-specific users. It is not required for other servers because SSO does not work for local or Quickr-specific users.
6. Click Save & Close.
7. Replicate the database to all the Lotus Quickr servers that will use single sign-on.
After the Domino Web Server Configuration database has replicated, at the server console of each server, enter the following command to stop and restart the server:
```
restart server 
```
The message "Successfully loaded Web SSO Configuration" confirms single sign-on setup.

Installing Lotus Quickr on AIX

IBM Lotus Quickr can be installed on an IBM AIX system using a wizard. To install using a command line interface, see the next topic Performing a silent installation of Lotus Quickr on AIX.

Perform the following steps to install Lotus Quickr on an AIX system.

Review the hardware and software requirements on the IBM Support site.
Review the known issues that are described on the IBM Support site. To see only installation issues, select Installation in the Product Category list.
Install IBM Lotus Domino version 8.5.1 Fix Pack 3.
1. Select Domino Enterprise Server as the server type.
2. If you install partitioned Lotus Domino servers so that you can install Lotus Quickr on each partition, when you configure the Lotus Domino server for TCP/IP, assign a separate IP address to each partition rather than using port mapping. For more information, see the topic Partitioned servers and IP addresses in the Lotus Domino Information Center.
3. If you have partitioned Lotus Domino servers and only some of them run Lotus Quickr, you should keep the executable Lotus Domino code for the Lotus Quickr servers separate from the Lotus Domino code for the non-Quickr servers. That is, when installing Lotus Domino servers to run Lotus Quickr, specify a program directory different from the one used by non-Quickr servers. By keeping the code libraries separate for Lotus Quickr and non-Quickr servers, you have more flexibility managing fixes and updates. If a particular Lotus Domino fix is needed only for Lotus Quickr servers, then you do not need to install it on your other Lotus Domino servers.
4. Lotus Quickr can work in a mixed Lotus Domino environment containing servers running a combination of versions 8.5.1, 8.5 or 8.0.
Run the Lotus Domino server setup program.
1. Select to set up HTTP services.
2. Use a Lotus Domino server certifier that includes no more than two organizational units (OUs). For example, the certifier /OU=Dallas/OU=Div1/O=Acme is acceptable, but the certifier /OU=Sales/OU=Dallas/OU=Div1/O=Acme is not acceptable. Otherwise the internal names of local users defined in Lotus Quickr places are truncated and these users are not able to log in to the Lotus Quickr server.
3. Specify a required local user as the local administrator at the end of the installation.
For information about setting up the Lotus Domino 8.5.1 server, see the topic "Using the Domino Server Setup program" in the Lotus Domino Information Center.
Stop the Lotus Domino server by typing exit or quit in the server command window.
Open a terminal window and log in to the server as a root user.
Navigate to the directory that contains the installation kit.
Enter this command to start the installation:
./install
Press Enter to display the license agreement.
When you have read the agreement, press 1 to accept the agreement and continue with the installation.
Note: Many of the following steps require that you accept a default or type a new value. To change a default, press Enter and type a new value. After you enter a new setting, press Enter to accept the change and continue with the installation.
Specify the Lotus Domino program directory as the directory where the Lotus Quickr program files are installed. The default Domino program directory is opt/ibm/lotus. You must install the Lotus Quickr program files to the directory that stores the Lotus Domino program files. Press the Tab key to continue.
Specify the Lotus Domino data directory as the directory where the Lotus Quickr data files are installed. The default Domino data directory is /local/notesdata. You must install the Lotus Quickr data files into the directory that stores the Lotus Domino data files. Press the Tab key to continue.
Specify the UNIX user who owns the Lotus Quickr server files. This person must be the same user who owns the Lotus Domino server files.
Specify the UNIX group that owns the Lotus Quickr server files. This group must be the same group that owns the Lotus Domino server files. The UNIX user specified in the previous step must be a member of this group.
Type the name and password of the first Lotus Quickr administrator. Specify the name for a new, local administrator. Do not specify the name of the Lotus Domino server administrator or any other name from a user directory that Lotus Quickr uses.
When the installation program displays Configuration of the Install program is complete, press the Tab key to review your installation settings. For example:
Installation type: New Install

Program directory: /opt/ibm/lotus

Data directory: /local/notesdata

UNIX user: UNIX user

UNIX group: UNIX group
Press the Tab key to install Lotus Quickr.

Performing a silent installation of IBM Lotus Quickr on AIX

You can optionally installIBM Lotus Quickr in silently mode by specifying the installation settings in a script file, then running that script file from the command line. You can install the Lotus Quickr server to one or more IBM AIX systems, each with a different installation configuration as necessary.

To install using a wizard, see the previous topic Installing Lotus Quickr on AIX.

This procedure uses a copy of the Lotus Quickr script.dat file to use as your installation script file. Make a copy of the original file with the default configuration settings before you begin.

To install Lotus Quickr from a script file, follow these steps.

Open the copy of script.dat file in a text editor.

The installation file settings are listed in the following table in the order in which they display in the script file. For each configuration setting where you do not want the default installation behavior, modify the text as shown. For installations to multiple hosts, each host uses the default settings of the installation file, unless there is a custom_host_settings configuration setting for that particular host overriding the default settings.

Table 1. Installation file settings in the order that they are in script.dat.
Configurable item	Setting	Behavior
target_hosts	`#target_hosts=("host1","host2")`	Installs the Lotus Quickr Server on one or more target hosts, specified in quotation marks in a comma-separated list. The local host is only installed to if it is one of the hosts specified in the target_hosts list. In this example, Lotus Quickr is installed on host1 and host2.
program_directory	`program_directory = "/opt/lotusquickr"`	Installs the Lotus Quickr program directories and files in the /opt/lotusquickr/lotus directory, and creates a link from /opt/lotus to the /opt/lotusquickr/lotus program tree. This value is the default setting.
	`program_directory = "directorypath"`	Installs the Lotus Quickr program directories and files in the `directorypath`/lotus directory, and creates a link created from /opt/lotus to the `directorypath`/lotus program tree.
data_UNIX_user	`data_UNIX_user = "quickr"`	The Lotus Quickr data directories are owned by a user named quickr. This value is the default setting.
	`data_UNIX_user = "username"`	The Lotus Quickr data directories are owned by `username`.
data_UNIX_group	`data_UNIX_group = "quickr"`	The Lotus Quickr data directories are owned by the group named quickr. Note: The username specified for data_UNIX_user must be a member of the quickr group. This value is the default setting.
	`data_UNIX_group = "groupname"`	The Lotus Quickr data directories are owned by the group named `groupname` group. Note: The username specified for data_UNIX_user must be a member of the groupname group.
qpadmin	`qpadmin = "quickr"`	The Lotus Quickr sever administrator is quickr. This value is the default setting.
	`qpadmin = "adminid"`	The Lotus Quickr sever administrator is `adminid`.
qpadminpassword	`qpadminpassword = "password"`	The password of the user id specified for qpadmin.
data_directories	data_directories: "/local/lotusquickrdata" { }	The path for the Lotus Quickr data directories is /local/lotusquickrdata. The directories are owned by quickr, a member of the group quickr. This value is the default setting.
	data_directories: "directorypath" { data_UNIX_user = "username" data_UNIX_group = "groupname" }	The path for the Lotus Quickr data directories is `directorypath`, and the directories are owned by `username`, a member of `groupname`.
QRD_InstallType	`QRD_InstallType=2`	Perform a standard or full installation. This setting is ignored if Lotus Quickr has been installed on the Lotus Domino server before. This value is the default setting.
licenseAccepted	licenseAccepted="true"	To run the scripted installation, you need to read the license and accept its conditions by setting the parameter to true. A value of "true" means you accepted the license. If the variable is missing or set to "false", it means you have not accepted.
custom_host_settings	custom_host_settings: TargetHostname { program_directory = "directorypath" data_UNIX_user = "username" data_UNIX_group = "groupname" qpadmin = "adminid" qpadminpassword = "password" data_directories: "datadirectorypath" { data_UNIX_user = "username" data_UNIX_group = "groupname" } }	When installing on `TargetHostname`, the Lotus Quickr server files are installed in the `directorypath` directory, the data directory files are installed in the `datadirectorypath` directory, and are owned by `username`, a member of `groupname`. The administrative id is `adminid`, with a password of `password`. Note: The default behavior is to have no custom host settings. Custom host settings can be specified for some, all, or none of the hosts specified in target_hosts.

Save the script.dat file.
Start the silent installation by entering the following command on the command line../install -script /tmp/script.dat

Enabling UTF-8 character encoding on servers storing translated content on AIX

Perform the following steps:

From IBM Lotus Notes or the Lotus Domino Administrator, open the Lotus Domino directory (names.nsf) on the server.
Open the server document and click Edit Server.
Click Internet Protocols > Domino Web Engine.
In the Character Set section, select Yes in the Use UTF-8 for output field.
Click Save & Close.
Enter the following command at the server console to restart the HTTP task:
```
restart task http 
```

Installing on SUSE Linux operating systems

You can install IBM Lotus Quickr on a SUSE Linux system using an installation wizard or command interface. After installation, you must enable the IBM Lotus Domino servlet engine.

Preparing Lotus Domino to install Lotus Quickr on Linux

Before installing IBM Lotus Quickr on a Linux system, review hardware requirements, software requirements, and known issues.

Review the hardware and software requirements on the IBM Support site.
Review the known issues that are described on the IBM Support site. To see only installation issues, select Installation in the Product Category list.

Enabling the Lotus Domino servlet engine on Linux

Note: To use this feature you must configure the server to use single sign-on authentication.

Perform the following steps:

From IBM Lotus Notes or the Lotus Domino Administrator, open the Lotus Domino directory (names.nsf) on the server.
Open the server document in Edit mode.
Click Internet Protocols > Domino Web Engine.
Under Java Servlets, select Domino Servlet Manager in the Java servlet support field.
Save & Close the document.
Restart the Domino server for this configuration change to take effect.

Configuring multi-server single sign-on for Linux

With multi-server single sign-on, users can log in to a server once and during that session access servers enabled for single sign-on in the DNS domain without providing names and passwords again.

Keep the following points in mind:

When Lotus Quickr controls directory services, single-server single sign-on authentication is not supported, however, multi-server single sign-on achieves a similar result.
URLs issued to servers configured for single sign-on must specify the full DNS server name in the SSO configuration document, not the host name or IP address. For browsers to be able to send cookies to a group of servers, the DNS domain must be included in the cookie, and the DNS domain in the cookie must match the server URL. This is why cookies cannot be used across TCP/IP domains.
Clustered servers must have the full DNS server name in the host name field of the Web Site or Server document so that the Internet Cluster Manager (ICM) can redirect to cluster members using SSO. If the DNS server hostname is not there, ICM redirects URLs to clustered Web servers with only the TCP/IP host name, by default, and cannot send the cookie because the DNS domain is not included in the URL.

Perform the following steps to configure multi-server single sign-on authentication. These steps apply regardless of whether Lotus Quickr or IBM Lotus Domino controls directory services.

Creating a Web SSO Configuration document on Linux

Create a Web SSO Configuration document if there is not one already.

Open the Domino Directory (names.nsf) of an IBM Lotus Quickr server in the domain.
Click the Configuration > Servers > All Server Documents view.
Click Web and then cllick Create Web SSO Configuration.
Click Keys at the top of the Web SSO Configuration document.
To Initialize the Web SSO Configuration with a Domino shared secret key, click Create Domino SSO Key.

Complete the rest of the document as follows:

Field	Action
Configuration Name	Type LtpaToken. This value is required.
Organization	Leave this field blank so the document appears in the Web Configurations view.
DNS Domain	(Required) Type the DNS domain (for example, acme.com) for which the tokens will be generated. The servers enabled for single sign-on must all belong to the same DNS domain.
Domino Server Names	Type the names of the IBM Lotus Domino servers to participate in single sign-on; for example, server1/acme, server2/acme. This document is encrypted so that only you, the members of the Owners and Administrators fields, and the servers specified may edit it. Note: Type only Lotus Domino server names in this field; group names, wild cards, and WebSphere server names are not allowed.
Expiration (minutes)	Specify the time period, in minutes, after which the token will expire. The default is 30 minutes. Note: The token will expire after this time period, regardless of whether the user is idle or not. Therefore, you may wish to increase the period to a larger amount to ensure users are not prompted to re-authenticate often.
Idle Session Timeout	Click Enabled and specify a Minimum Timeout value, in minutes, to indicate the number of minutes of inactivity after which the token will expire.

Click Save & Close to save the Web SSO Configuration document in the Web - Web Configurations view. A message on the status bar indicates the number of servers or people for whom the document is encrypted.
If you receive messages on the client indicating that a particular key was not found for encrypting the document, you might have to change your client's location document to point to a different mail or directory server that has all the public keys included in Server and Person documents.
If multiple servers will be using the SSO configuration, you must replicate names.nsf to each server so that they can accept the new configuration. You can run the replica command in the console using: load replica [targetserver] names.nsf.

Editing a Web SSO document on Linux

Open the Domino Directory (names.nsf) of an IBM Lotus Quickr server in the domain.
Click the Web > Web Server Configurations view.
Open the Web SSO Configuration document in edit mode.
In the Domino Server Names field, add the hierarchical Domino server name of each Lotus Quickr server in the domain that will participate in single sign-on; for example, server1/acme, server2/acme.
Close and save the document.

Completing single sign-on setup

After you have created or edited the Web SSO Configuration document for the domain, complete single sign-on setup.

Perform the following steps:

Add the following setting to the notes.ini file of each IBM Lotus Quickr server that you will enable for single sign-on. This step prevents anonymous access to files in the html directory:
NoWebFileSystemACLs=1
Enable multi-server session-based authentication in the Server document for each Lotus Quickr server that you want to enable for single-sign on:
1. Open the Domino Directory (names.nsf) on the server.
2. Click the view Configuration > Servers > All Server Documents.
3. Click the Server document for the server and click Edit Server.
4. Click Ports > Internet Ports > Web, and enable Name-and-password authentication for the Web (HTTP or HTTPS) port.
5. Click the Internet Protocols - Domino Web Engine tab.
6. Next to Session authentication, select Multiple Servers (SSO).
7. Next to Web SSO Configuration, select LtpaToken.
8. Click Save & Close.
Create the Domino Web Server Configuration database (domcfg.nsf) if it does not exist:
1. From Lotus Domino administration, choose File > Application > New.
2. Next to Server at the top of the dialog box, select the server that runs Lotus Quickr.
3. Next to Title, type a descriptive title, for example, Web Server Configuration.
4. Next to File name, type domcfg.nsf. You must use this file name.
5. Next to Server in the middle of the dialog box, select any server.
6. Click Show advanced templates.
7. Next to Template, select Domino Web Server Configuration (domcfg5.ntf).
8. Click OK.
Create a mapping form in the Domino Web Server Configuration database to enable single-sign on to work with Lotus Quickr:
1. Open the Web Server Configuration database (domcfg.nsf).
2. Click Add Mapping.
3. Next to Applies To, select All Web Sites/Entire Server (default) or Specific Web Site/Virtual Server. If you select Specific Web Site/Virtual Server, a new field displays in which you specify the IP addresses of the Web Site documents or Virtual Servers.
4. Next to Target Database, type LotusQuickr/resources.nsf, replacing the default entry.
  The path is case-sensitive on UNIX. If you upgraded from an earlier release and did not change the root directory name, type QuickPlace/resources.nsf.
5. Next to Target Form, type QuickPlaceLoginForm.
  Note: The QuickPlaceLoginForm form is important for the local administrator's account to be able to sign in. This login form has special code to handle Quickr-specific users. It is not required for other servers because SSO does not work for local or Quickr-specific users.
6. Click Save & Close.
7. Replicate the database to all the Lotus Quickr servers that will use single sign-on.
After the Domino Web Server Configuration database has replicated, at the server console of each server, enter the following command to stop and restart the server:
```
restart server 
```
The message "Successfully loaded Web SSO Configuration" confirms single sign-on setup.

Installing Lotus Quickr on a Linux operating system

IBM Lotus Quickr can be installed using a wizard on a Lotus Domino server running aLinux operating system. To install using a command line interface, see the next topic "Performing a silent installation of Lotus Quickr on a Linux operating system."

Perform the following steps to install Lotus Quickr on a Linux system.

Install IBM Lotus Domino version 8.5.1 Fix Pack 3.
1. Select Domino Enterprise Server as the server type.
2. If you install partitioned Lotus Domino servers so that you can install Lotus Quickr on each partition, when you configure the Lotus Domino server for TCP/IP, assign a separate IP address to each partition rather than using port mapping. For more information, see the topic Partitioned servers and IP addresses in the Lotus Domino Information Center.
3. If you have partitioned Lotus Domino servers and only some of them run Lotus Quickr, you should keep the executable Lotus Domino code for the Lotus Quickr servers separate from the Lotus Domino code for the non-Quickr servers. That is, when installing Lotus Domino servers to run Lotus Quickr, specify a program directory different from the one used by non-Quickr servers. By keeping the code libraries separate for Lotus Quickr and non-Quickr servers, you have more flexibility managing fixes and updates. If a particular Lotus Domino fix is needed only for Lotus Quickr servers, then you do not need to install it on your other Lotus Domino servers.
4. Lotus Quickr can work in a mixed Lotus Domino environment containing servers running a combination of versions 8.5.1, 8.5 or 8.0.
Run the Lotus Domino server setup program.
1. Select to set up HTTP services.
2. Use a Lotus Domino server certifier that includes no more than two organizational units (OUs). For example, the certifier /OU=Dallas/OU=Div1/O=Acme is acceptable, but the certifier /OU=Sales/OU=Dallas/OU=Div1/O=Acme is not acceptable. Otherwise the internal names of local users defined in Lotus Quickr places are truncated and these users are not able to log in to the Lotus Quickr server.
3. Specify a required local user as the local administrator at the end of the installation.
For information about setting up the Lotus Domino 8.5.1 server, see the topic "Using the Domino Server Setup program" in the Lotus Domino Information Center.
Stop the Lotus Domino server by typing exit or quit in the server command window.
Important: All Domino processes must be stopped.
Open a terminal window and log in to the Domino server as a root user. Lotus Quickr installation must be done by root.
Copy the <quickrdominolinuxname>.tar file to a directory on the server that has read, write, and execute permissions.
Navigate to the directory that contains the <quickrdominolinuxname>.tar file.
Enter this command to expand the tar file:
tar -xvf <quickrdominolinuxname>.tar
Navigate to the server directory that was created when the tar file was expanded.
Enter this command to start the wizard:
./install
In the Welcome window, press Tab to begin the installation.
The license agreement is displayed. When you have read the agreement, press 1 to accept the agreement and continue with the installation.
Note: Many of the following steps require that you accept a default or type a new value. To change a default, press Enter and type a new value. After you enter a new setting, press Tab to accept the change and continue with the installation.
Specify the Lotus Domino program directory as the directory where the Lotus Quickr program files are installed. The default Lotus Domino program directory is opt/ibm/lotus. You must install the Lotus Quickr program files to the directory that stores the Lotus Domino program files. Press Tab to continue.
Specify the Lotus Domino data directory as the directory where the Lotus Quickr data files are installed. The default Lotus Domino data directory is /local/notesdata. You must install the Lotus Quickr data files into the directory that stores the Lotus Domino data files. Press Tab to continue.
Specify the Linux user who owns the Lotus Quickr server files. This person must be the same user who owns the Lotus Domino server files.
Specify the Linux group that owns the Lotus Quickr server files. This group must be the same group that owns the Lotus Domino server files. The Linux user specified in the previous step must be a member of this group.
Type the name and password of the first Lotus Quickr administrator. Specify the name for a new, local administrator. Do not specify the name of the Lotus Domino server administrator or any other name from a user directory that Lotus Quickr uses.
When the installation program displays Configuration of the Install program is complete, press Tab to review your installation settings. For example:
Installation type: New Install

Program directory: /opt/ibm/lotus

Data directory: /local/notesdata

Domino UNIX user: Domino_user setup at Domino install

Domino UNIX group: Domino_group setup at Domino install
Press Tab to install Lotus Quickr.
After a successful installation, change from root to the Domino user specified in the installation settings. For example: su - Domino_user
Navigate to the Lotus Domino data directory specified in the installation settings.
Launch Lotus Domino: /opt/ibm/lotus/bin/server, where /opt/ibm/lotus is the location of the Domino server program files

Performing a silent installation of Lotus Quickr on a Linux operating system

You can optionally install IBM Lotus Quickr in silent mode on a Lotus Domino server running aLinux operating system by specifying the installation settings in a script file, then running that script file from the command line. You can install the Lotus Quickr server to one or more Linux systems, each with a different installation configuration as necessary.

To install using a wizard, see the previous topic Installing Lotus Quickr on AIX.

This procedure uses a copy of the Lotus Quickr script.dat file to use as your installation script file.

To install Lotus Quickr from a script file, follow these steps.

Make a copy of the original script.dat file with the default configuration settings.
Open the copy of the script.dat file in a text editor.

The installation file settings are listed in the following table in the order in which they display in the script file. For each configuration setting that you do not want to use the default value, modify the text as shown in the key-value pair column. For installations to multiple host systems, each system uses the default settings of the installation file, unless there is a custom_host_settings configuration setting for that particular system overriding the default settings.

Configurable item	Key-value pair	Description
target_hosts	`#target_hosts = ("host1","host2")`	Installs the Lotus Quickr Server on one or more target host systems, specified in double quotation marks in a comma-separated list. The local host is only installed if it is one of the hosts specified in the target_hosts list. In this example, Lotus Quickr is installed on host1 and host2.
program_directory	`program_directory = "/opt/lotusquickr"`	Installs the Lotus Quickr program directories and files in the /opt/lotusquickr/lotus directory, and creates a link from /opt/lotus to the /opt/lotusquickr/lotus program tree. This value is the default setting.
	`program_directory = "directorypath"`	Installs the Lotus Quickr program directories and files in the `directorypath`/lotus directory, and creates a link from /opt/lotus to the `directorypath`/lotus program tree.
data_UNIX_user	`data_UNIX_user = "quickr"`	The Lotus Quickr data directories are owned by a user named quickr. This value is the default setting.
	`data_UNIX_user = "username"`	The Lotus Quickr data directories are owned by `username`.
data_UNIX_group	`data_UNIX_group = "quickr"`	The Lotus Quickr data directories are owned by the group named quickr. Note: The username specified for data_UNIX_user must be a member of the quickr group. This value is the default setting.
	`data_UNIX_group = "groupname"`	The Lotus Quickr data directories are owned by the group named `groupname` group. Note: The username specified for data_UNIX_user must be a member of the groupname group.
qpadmin	`qpadmin = "quickr"`	The Lotus Quickr sever administrator is quickr. This value is the default setting.
	`qpadmin = "adminid"`	The Lotus Quickr sever administrator is `adminid`.
qpadminpassword	`qpadminpassword = "password"`	The password of the user id specified for qpadmin.
data_directories	data_directories: "/local/lotusquickrdata" { }	The path for the Lotus Quickr data directories is /local/lotusquickrdata. The directories are owned by a user named quickr, which is a member of the group quickr. This value is the default setting.
	data_directories: "directorypath" { data_UNIX_user = "username" data_UNIX_group = "groupname" }	The path for the Lotus Quickr data directories is `directorypath`, and the directories are owned by a user named `username`, which is a member of `groupname`.
QRD_InstallType	`QRD_InstallType=2`	Specifies whether a standard or full installation is performed. This setting is ignored if Lotus Quickr has been installed on the Lotus Domino server before. This value is the default setting.
licenseAccepted	licenseAccepted="true"	To run the scripted installation, read the license and accept its conditions by setting the parameter to true. A value of true means you accepted the license. If the variable is missing or set to false, the installation does not occur.
custom_host_settings	custom_host_settings: TargetHostname { program_directory = "directorypath" data_UNIX_user = "username" data_UNIX_group = "groupname" qpadmin = "adminid" qpadminpassword = "password" data_directories: "datadirectorypath" { data_UNIX_user = "username" data_UNIX_group = "groupname" } }	When installing on `TargetHostname`, the Lotus Quickr server files are installed in the `directorypath` directory, the data directory files are installed in the `datadirectorypath` directory, and are owned by a user named `username`, which is a member of `groupname`. The administrative id is `adminid`, with a password of `password`. Note: The default behavior is to have no custom host settings. Custom host settings can be specified for some, all, or none of the hosts specified in target_hosts.

Save the script.dat file.
Start the silent installation by entering the following command on the command line.
./install -script /<path>/script.dat

Enabling UTF-8 character encoding on servers storing translated content on Linux

Perform the following steps:

From IBM Lotus Notes or the Lotus Domino Administrator, open the Lotus Domino directory (names.nsf) on the server.
Open the server document and click Edit Server.
Click Internet Protocols > Domino Web Engine.
In the Character Set section, select Yes in the Use UTF-8 for output field.
Click Save & Close.
Enter the following command at the server console to restart the HTTP task:
```
restart task http 
```

Installing on IBM i

To install IBM Lotus Quickr on an IBM i system, you must first install and configure a compatible release of IBM Lotus Domino. Add Lotus Quickr to the server, then enable the Lotus Dominoservlet engine and, if necessary, UTF-8 encoding for non-English content.

To perform a new installation of Lotus Quickr on IBM i, complete the following tasks as appropriate:

Preparing for a new installation of Lotus Quickr on IBM i

IBM Lotus Domino version 8.5.1 Fix Pack 3 Interim Fix 2 (if you need ECM integration) must be installed on the same system as IBM Lotus Quickr 8.5.

Review Lotus Quickr version 8.5 detailed system requirements to verify that the components in your environment meet minimum product levels. Upgrade all hardware and software as needed.

Review the known issues that are described on the IBM Support site. To see only upgrade issues, select Upgrade in the Product Category list.

Before installing Lotus Quickr on IBM i, review these limitations.

You must install Lotus Domino Domino 8.5.1 Fix Pack 3 Interim Fix 2 (if you need ECM integration) and Lotus Quickr 8.5 on the same system. Install Lotus Domino first and then install Lotus Quickr. For further information on the Interim Fix 2, please read the Readme file of the fix.
Lotus Quickr must use the Lotus Domino HTTP server (the Domino HTTP server task). Lotus Quickr does not work with the IBM HTTP server. On the IBM i operating system, the IBM HTTP server can be running on your system for other applications. Follow the instructions in the topic "Verifying the configuration of IBM HTTP Server" to ensure that you do not encounter TCP/IP port conflicts between the Lotus Quickr server and the IBM HTTP server.
On IBM i, it is possible to configure multiple Lotus Quickr servers within the same LPAR, each running on a separate partitioned Lotus Domino server. Only one version of Lotus Quickr can be installed at a time, so every Lotus Quickr server within the LPAR must run the same version of Lotus Quickr. Also, each of the Lotus Quickr servers must use the same version of Lotus Domino. If there are other Lotus Domino servers in the LPAR that are not running Lotus Quickr, those servers can use a different version of Lotus Domino.
On the IBM i operating system, there are language considerations for Lotus Quickr. The QNOTES user profile has a locale object associated with it that identifies some of the language dependent settings, such as date and time separators, that are used by the server. Lotus Quickr and Lotus Domino share the QNOTES user profile and locale objects. As a result, when you add Lotus Quickr to a Lotus Domino server, Lotus Quickr uses the QNOTES user profile and the locale settings that are associated with the Lotus Domino server. Language packs are no longer required with the 8.5 version of Lotus Quickr.

For more information about Lotus Domino 8.5.1 on IBM i, see Domino 8.5 for i: Getting started.

Preparing your TCP/IP configuration

Assign TCP/IP addresses exclusively to the IBM Lotus Quickr, IBM Lotus Domino, IBM Lotus Sametimeand HTTP servers, add a TCP/IP interface and host name, and verify the server configurations.

Your system must have enough TCP/IP addresses defined so that you can that you can assign at least one for the exclusive use of each of the following servers:

Your Lotus Quickr server
Each Lotus Domino server
Each Lotus Sametime server
Each instance of IBM HTTP Server running on your system

Each of these servers must use a unique host name or TCP/IP address to avoid port conflicts between the servers. Do not attempt to use Lotus Domino port mapping.

Contact your network administrator to assign additional TCP/IP addresses and host names, if needed. Ensure that the new host names are also added to your Domain Name System (DNS) Server.

Complete the following tasks, as appropriate for your system:

Adding a TCP/IP interface and host name

Add a TCP/IP interface and host name to your system if your network administrator has assigned an additional TCP/IP interface for your use.

If your network administrator has assigned an additional TCP/IP interface for your use, follow these steps to add the interface to your system:

Open IBM i Navigator.
Open the system where you will add IBM Lotus Quickr.
Click Network.
Click TCP/IP Configuration.
Right-click Interfaces and select New Interface.
Select Local Area Network.
Follow the wizard's instructions to configure the TCP/IP interface. If you need assistance in any window of the wizard, click Help.

To add a host table entry for the TCP/IP interface

To add a host table entry for the TCP/IP interface that you plan to use for your Lotus Quickr server, follow these steps:

Open the host table.
1. Open IBM i Navigator.
2. Open the system where you plan to install Lotus Quickr.
3. Click Network.
4. Right-click TCP/IP Configuration and select Properties.
5. In the TCP/IP Configuration Properties window, click the Host Table tab.
Click Add.
In the IP Address field, enter the TCP/IP address that you have chosen to use for your Lotus Quickr server. For example, enter 10.1.2.4.
In the Host name field, enter the fully qualified name for the Lotus Domino server where you will add Lotus Quickr. For example, enter twpserver.example.com.
Optional: Enter a description in the Description field.
Click OK to add the entry to your server's host table.
Click OK to exit the TCP/IP Configuration Properties window.

Verifying the configuration of other Lotus Domino servers

Each IBM Lotus Domino server in your system must use a unique host name or TCP/IP address to avoid port conflicts between servers.

Complete the following steps to verify the configuration for each Lotus Domino server:

Open the server document of the Lotus Domino server.
Select Internet Protocols.
Click the HTTP tab.
In the Host name(s) field, enter a unique TCP/IP address or TCP/IP host name of your Lotus Domino server.
In the Bind to host name field, select Enabled.
Restart the Lotus Domino server for changes to take effect.

For more information about configuring a Lotus Domino server, see the Lotus Domino documentation.

Verifying the configuration of Lotus Sametime servers

See the IBM Lotus Sametime Information Center for information about correctly configuring your Lotus Sametime server to use a unique host name and TCP/IP address.

The Sametime Information Center is available on the Web at: http://www.lotus.com/ldd/doc.

Verifying the configuration of IBM Tivoli Directory Server

If the IBM Tivoli® Directory Server is used on the same system as IBM Lotus Quickr, it must use a unique host name or TCP/IP address to avoid port conflicts between servers. If you are not using Tivoli Directory Server with Lotus Quickr, it must be disabled.

To verify the configuration of Tivoli Directory Server, follow the procedure appropriate for your environment.

If you do not use Tivoli Directory Server on the same system

If you are not using Tivoli Directory Server on the same system as your Lotus Quickr server, disable it by completing these steps:

Open IBM i Navigator and open your system.
Click Network.
Click Servers.
Click TCP/IP.
From the list on the right, right-click Directory and select Stop.

If you use Tivoli Directory Server on the same system

If you are using it, complete these steps to force the Tivoli Directory Server to use a specific IP address:

Open IBM i Navigator and open your system.
Click Network.
Click Servers.
Click TCP/IP.
From the list on the right, right-click Directory and select Properties.
Click the Network tab.
Click IP Addresses.
Select Use selected IP addresses and specify from the list which interfaces you want to bind.
Click OK to close the Directory - IP Addresses page.
Click OK to close the Directory Properties page.

Verifying the configuration of IBM HTTP Server

Your IBM Lotus Quickr server uses the IBM Lotus Domino HTTP server. It is possible that you might have already configured IBM HTTP Server on your system for other applications. If so, then you must verify that each instance of the IBM HTTP Server is bound to a specific TCP/IP address.

To change the IBM HTTP Server settings, follow these steps:

If the IBM HTTP server is currently running, stop it.
1. Open IBM i Navigator.
2. Open the system where you plan to install Lotus Quickr.
3. Click Network.
4. Click Servers.
5. Click TCP/IP.
6. In the right pane, right-click HTTP Administration and select Stop Instance > All.
Start the HTTP Administration server.
1. Click Network.
2. Click Servers.
3. Click TCP/IP.
4. In the right pane, right-click HTTP Administration and select Start.
Open the IBM HTTP Server configurations page.
1. Start your Web browser.
2. Enter the following URL:
  http://hostname.example.com:2001/HTTPAdmin
  
  where hostname.example.com is the fully qualified host name of your system.
3. Click IBM Web Administration for IBM i.
4. Select the Manage tab.
5. Select the HTTP Servers tab.
Select a configuration from the menu at the top of the screen, and complete the following items for each configured instance of the IBM HTTP server.
1. From the list in the left pane, select General Server Configuration.
2. In the right pane, find the IP address and port table in the section called Server IP address and ports to listen on.
3. If one of the rows in the table has an asterisk (*) in the IP Address column, then the server is listening on all IP addresses. Select that row. Replace the asterisk (*) with the IP address for this server and click Continue.
4. When finished updating the server IP address table, click Apply to save your changes.
When each instance of the IBM HTTP server is configured to use a specific IP address, restart the HTTP servers.
1. Open IBM i Navigator.
2. Open the system where you plan to install Lotus Quickr.
3. Click Network.
4. Click Servers.
5. Click TCP/IP.
6. In the right pane, right-click HTTP Administration and select either Start Instance-->All, or select the particular server instances you would like to start.

For more information about managing IBM HTTP Server, see the IBM System i and i5/OS Information Center at:

http://www.ibm.com/eserver/iseries/infocenter

Installing and configuring a Lotus Domino server for Lotus Quickr

Before installing IBM Lotus Quickr, you must install a compatible release of IBM Lotus Domino and configure it for IBM Lotus Quickr.

For complete instructions about configuring a Lotus Domino server, see the Domino documentation available on the Web at http://www.ibm.com/developerworks/lotus/.

When installing and configuring Lotus Domino, be aware of the following limitations:

Your Lotus Domino server must be bound to the IP address prepared for use with Lotus Quickr. Before you begin, you must complete the previous task Preparing your TCP/IP configuration.
Use a Lotus Domino server certifier that includes no more than two organizational units (OUs). For example, the certifier /OU=Dallas/OU=Div1/O=Example is acceptable, but the certifier /OU=Sales/OU=Dallas/OU=Div1/O=Example is not acceptable. If you use more than two OUs, the internal names of local users defined in Lotus Quickr places are truncated and these users are unable to log in to the server.
The local administrator specified at the end of the installation is a required local user.

To bind the Lotus Domino server to the IP address set aside for Lotus Quickr, follow these steps:

Open the server document of the Lotus Domino server.
Select Internet Protocols.
Select the HTTP tab.
In the Host name(s) field, enter the TCP/IP address set aside for Lotus Quickr.
In the Bind to host name field, select Enabled.
Restart the Lotus Domino server for changes to take effect.

Enabling the Lotus Domino servlet engine on IBM i

Note: To use this feature you must configure the server to use single sign-on authentication.

Perform the following steps:

From IBM Lotus Notes or the Lotus Domino Administrator, open the Lotus Domino directory (names.nsf) on the server.
Open the server document in Edit mode.
Click Internet Protocols > Domino Web Engine.
Under Java Servlets, select Domino Servlet Manager in the Java servlet support field.
Save & Close the document.
Restart the Domino server for this configuration change to take effect.

Configuring multi-server single sign-on for IBM i

With multi-server single sign-on, users can log in to a server once and during that session access servers enabled for single sign-on in the DNS domain without providing names and passwords again.

Keep the following points in mind:

When Lotus Quickr controls directory services, single-server single sign-on authentication is not supported, however, multi-server single sign-on achieves a similar result.
URLs issued to servers configured for single sign-on must specify the full DNS server name in the SSO configuration document, not the host name or IP address. For browsers to be able to send cookies to a group of servers, the DNS domain must be included in the cookie, and the DNS domain in the cookie must match the server URL. This is why cookies cannot be used across TCP/IP domains.
Clustered servers must have the full DNS server name in the host name field of the Web Site or Server document so that the Internet Cluster Manager (ICM) can redirect to cluster members using SSO. If the DNS server hostname is not there, ICM redirects URLs to clustered Web servers with only the TCP/IP host name, by default, and cannot send the cookie because the DNS domain is not included in the URL.

Perform the following steps to configure multi-server single sign-on authentication. These steps apply regardless of whether Lotus Quickr or IBM Lotus Domino controls directory services.

Creating a Web SSO document for IBM i

Create a Web SSO Configuration document if there is not one already.

Open the Domino Directory (names.nsf) of an IBM Lotus Quickr server in the domain.
Click the Configuration > Servers > All Server Documents view.
Click Web and then cllick Create Web SSO Configuration.
Click Keys at the top of the Web SSO Configuration document.
To Initialize the Web SSO Configuration with a Domino shared secret key, click Create Domino SSO Key.

Complete the rest of the document as follows:

Field	Action
Configuration Name	Type LtpaToken. This value is required.
Organization	Leave this field blank so the document appears in the Web Configurations view.
DNS Domain	(Required) Type the DNS domain (for example, acme.com) for which the tokens will be generated. The servers enabled for single sign-on must all belong to the same DNS domain.
Domino Server Names	Type the names of the IBM Lotus Domino servers to participate in single sign-on; for example, server1/acme, server2/acme. This document is encrypted so that only you, the members of the Owners and Administrators fields, and the servers specified may edit it. Note: Type only Lotus Domino server names in this field; group names, wild cards, and WebSphere server names are not allowed.
Expiration (minutes)	Specify the time period, in minutes, after which the token will expire. The default is 30 minutes. Note: The token will expire after this time period, regardless of whether the user is idle or not. Therefore, you may wish to increase the period to a larger amount to ensure users are not prompted to re-authenticate often.
Idle Session Timeout	Click Enabled and specify a Minimum Timeout value, in minutes, to indicate the number of minutes of inactivity after which the token will expire.

Click Save & Close to save the Web SSO Configuration document in the Web - Web Configurations view. A message on the status bar indicates the number of servers or people for whom the document is encrypted.
If you receive messages on the client indicating that a particular key was not found for encrypting the document, you might have to change your client's location document to point to a different mail or directory server that has all the public keys included in Server and Person documents.
If multiple servers will be using the SSO configuration, you must replicate names.nsf to each server so that they can accept the new configuration. You can run the replica command in the console using: load replica [targetserver] names.nsf.

Editing a Web SSO document for IBM i

Open the Domino Directory (names.nsf) of an IBM Lotus Quickr server in the domain.
Click the Web > Web Server Configurations view.
Open the Web SSO Configuration document in edit mode.
In the Domino Server Names field, add the hierarchical Domino server name of each Lotus Quickr server in the domain that will participate in single sign-on; for example, server1/acme, server2/acme.
Close and save the document.

Completing single sign-on setup for IBM i

After you have created or edited the Web SSO Configuration document for the domain, complete single sign-on setup.

Perform the following steps:

Add the following setting to the notes.ini file of each IBM Lotus Quickr server that you will enable for single sign-on. This step prevents anonymous access to files in the html directory:
NoWebFileSystemACLs=1
Enable multi-server session-based authentication in the Server document for each Lotus Quickr server that you want to enable for single-sign on:
1. Open the Domino Directory (names.nsf) on the server.
2. Click the view Configuration > Servers > All Server Documents.
3. Click the Server document for the server and click Edit Server.
4. Click Ports > Internet Ports > Web, and enable Name-and-password authentication for the Web (HTTP or HTTPS) port.
5. Click the Internet Protocols - Domino Web Engine tab.
6. Next to Session authentication, select Multiple Servers (SSO).
7. Next to Web SSO Configuration, select LtpaToken.
8. Click Save & Close.
Create the Domino Web Server Configuration database (domcfg.nsf) if it does not exist:
1. From Lotus Domino administration, choose File > Application > New.
2. Next to Server at the top of the dialog box, select the server that runs Lotus Quickr.
3. Next to Title, type a descriptive title, for example, Web Server Configuration.
4. Next to File name, type domcfg.nsf. You must use this file name.
5. Next to Server in the middle of the dialog box, select any server.
6. Click Show advanced templates.
7. Next to Template, select Domino Web Server Configuration (domcfg5.ntf).
8. Click OK.
Create a mapping form in the Domino Web Server Configuration database to enable single-sign on to work with Lotus Quickr:
1. Open the Web Server Configuration database (domcfg.nsf).
2. Click Add Mapping.
3. Next to Applies To, select All Web Sites/Entire Server (default) or Specific Web Site/Virtual Server. If you select Specific Web Site/Virtual Server, a new field displays in which you specify the IP addresses of the Web Site documents or Virtual Servers.
4. Next to Target Database, type LotusQuickr/resources.nsf, replacing the default entry.
  The path is case-sensitive on UNIX. If you upgraded from an earlier release and did not change the root directory name, type QuickPlace/resources.nsf.
5. Next to Target Form, type QuickPlaceLoginForm.
  Note: The QuickPlaceLoginForm form is important for the local administrator's account to be able to sign in. This login form has special code to handle Quickr-specific users. It is not required for other servers because SSO does not work for local or Quickr-specific users.
6. Click Save & Close.
7. Replicate the database to all the Lotus Quickr servers that will use single sign-on.
After the Domino Web Server Configuration database has replicated, at the server console of each server, enter the following command to stop and restart the server:
```
restart server 
```
The message "Successfully loaded Web SSO Configuration" confirms single sign-on setup.

Preparing to install Lotus Quickr from a downloaded image on IBM i

When installing IBM Lotus Quickr for IBM i from a downloaded image instead of from physical media, you run a series of IBM i commands to prepare the downloaded files for installation.

You should have already installed Lotus Domino.

Follow these steps to download the installation package and create a library and save file for Lotus Quickr for IBM i. If you are installing from physical media, skip this task.

Download the installation package for Lotus Quickr if you have not already done so.
On your workstation, run the downloaded .exe file to extract the following files:
- A short Readme document
- QQUICKR: IBM i binary save file containing the Lotus Quickr software.
Sign on to the system with a user profile that has *ALLOBJ and *SECADM special authorities. You will also need the *IOSYSCFG (System configuration) *JOBCTL (Job control ) special authorities to perform installation and configuration.
On any IBM i command line, run the following commands to create a library and the required empty save file for the Lotus Quickr software:
```
CRTLIB MYLIB 
CRTSAVF MYLIB/QQUICKR
```
Open a Windows® command prompt session on your workstation and change to the directory that contains the downloaded files. For example:
```
cd c:\mydir
```
Start an FTP session with your system and transfer the downloaded files to the save file you created earlier. Use the same user profile that you used in step 2.
```
ftp [your IBM i server name or IP address]
username
password
bin 
put QQUICKR MYLIB/QQUICKR (replace 
quit 
```
The save file on your system now contains the Lotus Quickr software.

Pre-accepting the IBM Lotus Quickr software agreements before starting installation

To speed up installation on IBM i, you can "pre-accept" the IBM Lotus Quickr software agreements before starting installation.

If you are installing IBM Lotus Quickr from physical media, you should display and accept the Lotus Quickr software agreements before starting the installation. If you do not pre-accept the software agreements, the installation process will restore the product to the system, but then stop and wait for you to accept the agreements before completing the installation. Skip this task if installing from a downloaded image

To accept the Lotus Quickr software agreements before installing:

Insert the Lotus Quickr physical media into the optical drive of your system.
Enter the following command on an IBM i command line: GO LICPGM
The Work with Licensed Programs window displays.
From the Work with Licensed Programs menu, select option 5 (Prepare for install) and press Enter. The Prepare for Install window displays.
Type 1 in the option field next to Work with software agreements. Press Enter.
When the Work with Software Agreements window displays, you see all IBM licensed programs that require software agreement acceptance and whether the agreement has been accepted. Only licensed programs that are not yet installed display. The software agreements for Lotus Quickr do not display in the list until you restore them from the physical media in a later step.
Press F22 (Shift+F10) to restore the software agreements from the Lotus Quickr physical media.
For the Device parameter, specify the name of your optical drive, for example, OPT01. Press Enter to restore the Lotus Quickr software agreements to the system.
After the software agreements are restored from the Lotus Quickr physical media, the following message displays: Waiting for reply to message on message queue QSYSOPR. You can sign on to another session to respond to the message or ask the system operator to respond.
To view and respond to the message from another session:
1. Enter the following command on an IBM i command line: wrkmsgq qsysopr
2. Select option 5 to display the messages in the QSYSOPR message queue.
3. Locate the following message in the queue: Load the next volume in optical device OPT01. (X G)
  The Lotus Quickr software agreements have already been restored. If you want to restore more software agreements from another CD/DVD, insert the next and enter G . When the software agreements have been restored from the next CD/DVD, the message is issued again. When you are done, enter X.
  The Work with software agreements window includes an entry for Lotus Quickr: Licensed Program 5724S31.
Next to the entry for Licensed Program 5724S31, type 5 in the option field and press Enter to display the software agreement. Then, press F14 (Accept) to accept the terms of the software agreement.

Installing the IBM Lotus Quickr software on IBM i

IBM Lotus Quickr can be installed on an IBM i system by running the RSTLICPGM command.

If you are upgrading an existing Lotus Quickr server, see Upgrading a Lotus Quickr server on IBM i.

To install Lotus Quickr, follow these steps:

Review the hardware and software requirements on the IBM Support site.
Review the known issues that are described on the IBM Support site. To see only installation issues, select Installation in the Product Category list.
Sign on to your system with a user profile that has the required authority. To install and set up Lotus Quickr, your IBM i user profile must have the following special authorities:
- All object access (*ALLOBJ)
- Security administration (*SECADM)
- System configuration (*IOSYSCFG)
- Job control (*JOBCTL)
From the IBM i command line, run the appropriate command for installing from a downloaded image or physical media.
- Installing from a downloaded image
  1. Use the RSTLICPGM command to install from the save file you created when you downloaded the installation package. This example uses the save file MYLIB/QQUICKR:
```
RSTLICPGM LICPGM(5724S31) DEV(*SAVF) LNG(2924) SAVF(MYLIB/QQUICKR)
```
  2. When you are prompted to accept the Sametime software agreement, you must accept it in order to continue.
- Installing from physical media
  1. Insert the Lotus Quickr disk in your system optical drive and run the RSTLICPGM command, specifying the correct name of the optical device:
```
RSTLICPGM LICPGM(5724S31) DEV(OPT01) LNG(2924)
```
  The system loads the Lotus Quickr programs to the appropriate libraries and /QIBM directories. You will see status messages as the system installs the software.

Verifying your IBM i library list

While a single version of IBM® Lotus® Quickr supports multiple languages, the Lotus Quickr language feature for the Quickr licensed program is packaged using the English language feature code.

If the primary language of your system is not English, follow these steps to verify that QSYS2924 is in your library list:

Note: If the primary language of your system is English, you do not need to modify your library list.

From an IBM i command line, type the following command and press Enter:
```
WRKSYSVAL QSYSLIBL
```
On the Work with System Values display, type a 2 next to QSYSLIBL and press Enter.
On the Change System Value display, check whether QSYS2924 is included in the list. If it is listed, press F3 to exit. If it is not listed, proceed to step 4.
Type QSYS2924 next to Sequence Number 0 and press Enter.
Press F3 to exit.
If you changed the library list, sign off the system and sign back on to activate the new library list.

Adding Lotus Quickr to the Lotus Domino server

You can add IBM Lotus Quickr to an existing IBM Lotus Domino server for IBM i.

To add Lotus Quickr to a Lotus Domino server:

Stop the Lotus Domino server where you plan to add Lotus Quickr.
On any IBM i command line, type the following command and press F4: ADDLQPDOM.
Complete the following fields to add Lotus Quickr to the Lotus Domino server.
- Lotus Quickr Administrator - The name of the person who is the administrator for this Lotus Quickr server. The administrator's name must be a local user and must not be present in the external directory.
- Administrator password - The password that you want to use for the Lotus Quickr administrator's ID. Keep a record of this password because you will need it to sign on to the Lotus Quickr home page as the administrator.
- Server ID password - Required only if the Lotus Domino server is password protected; that is, only if a password was specified when the Domino server was registered. The default for this keyword is *NONE. If you use an additional Domino server with password protected (for example, for Sametime integration), you need to enter the password here.
- Start Lotus Domino Server - If you press F10, an additional parameter is displayed. This parameter gives you the option of starting the Lotus Quickr server immediately after adding it to the Lotus Domino server. To start the Lotus Dominoserver after adding Lotus Quickr, specify *YES.

Enabling UTF-8 character encoding on servers storing translated content on IBM i

Perform the following steps:

From IBM Lotus Notes or the Lotus Domino Administrator, open the Lotus Domino directory (names.nsf) on the server.
Open the server document and click Edit Server.
Click Internet Protocols > Domino Web Engine.
In the Character Set section, select Yes in the Use UTF-8 for output field.
Click Save & Close.
Enter the following command at the server console to restart the HTTP task:
```
restart task http 
```

Configuring a cluster

Configure clustering to provide high availability of servers in an IBM Lotus Quickr service. There are two aspects to clustering: configuring IBM Lotus Domino clustering to replicate data across the servers, and configuring a solution for distributing HTTP requests to the servers in the cluster.

Administering and managing a Lotus Quickr server that is in a cluster is the same as administering and managing a server that is not clustered. With the exception of adjustments to the load balancing hardware and software, you make changes individually to each server by addressing the server directly by its hostname or Domino name when you use any of the following methods or tools:

Using the browser to sign in to the server and visiting the Site Administration link.
Using the IBM Lotus Notes or the Domino Administrator to make changes, usually to the Lotus Domino Directory.
Setting up the Place Catalog for a cluster encompasses setting up My Places for your cluster.
Making changes using the file system such as modifying the NOTES.INI file or qpconfig.xml file or inspecting HTTP logs.

Note: Changes made through the Site Administration link do not replicate; you must make these changes on each server in a cluster.

When you run a qptool command on a server in a cluster, Lotus Quickr applies the command only to the server on which you run it. The results of the command then replicate to the other servers in the cluster. For example, if you lock a place on one server in a cluster, the place is locked immediately only on that server. The place is locked on the other servers after replication replicates the lock property on the place's databases to the other servers.

Perform the following steps to configure clustered servers:

Creating a Lotus Domino cluster

A Lotus Domino cluster is a group of two to six Lotus Domino servers that provides users with constant access to data, balances the workload between servers, improves server performance, and maintains performance when the size of your enterprise increases. The servers in a cluster contain replicas of databases that you want to be readily available to users at all times. If a user tries to access a database on a cluster server that is unavailable, Domino opens a replica of that database on a different cluster server, if a replica is available. Domino continuously synchronizes databases so that whichever replica a user opens, the information is always identical.

To create a cluster, you must have at least Author access, Delete Documents rights, and the ServerModifier and ServerCreator roles in the Lotus Domino Directory, and at least Author access to the Administration Requests database.

If possible, use the Lotus Domino administration server when creating a cluster. The administration server does not have to be part of the cluster.

See Domino Administration Help for detailed information on creating Lotus Domino clusters and managing cluster replication.

Note: If a server already belongs to a different cluster, you do not have to remove the server from that cluster before you add it to the new cluster. The Lotus Domino Cluster Administration Process removes the server from the original cluster and then adds it to the new cluster.

To create a cluster of IBM Lotus Quickr servers, perform the following steps:

From the Domino Administrator, click File > Open Server to open the administration server or another server in the Lotus Domino domain of the IBM Lotus Quickr servers.
Click the Configuration tab.
Click Server > All Server Documents.
Select the servers that you want to add to the cluster.
Click Add to Cluster.
When asked to choose the cluster you want to add the servers to, click Create New Cluster, and then click OK.
Type the name for the new cluster, and click OK.
Click Yes to add the servers to the cluster immediately, or click No to submit a request to the administration process to add the servers to the cluster.
If you chose Yes in the previous step, the cluster information is added immediately to the Domino Directory of the server you used to create the cluster. If this server is not part of the new cluster, replicate the changes to one of the servers you added to the cluster. If you chose No in the previous step, perform the following steps:
1. If you used a server other than the administration server to create the cluster, force replication between the server you used and the administration server so that the administration server receives the requested changes sooner.
2. Force replication between the administration server and the cluster servers so the cluster servers receive all the changes sooner.

Implementing a method for distributing HTTP requests

You can choose between two methods of distributing HTTP requests to servers in the cluster: load balancing or failover to a "hot-spare." Note that IBM Lotus Quickr requires that HTTP requests sent to one node are continuously sent to that node for a predetermined amount of time known, sometimes referred to as "sticky time."

Load balancing

The typical method is installing and setting up load balancing software. With load balancing, a virtual server is used to distribute HTTP requests so that the physical servers share the user load.

The maximum capacity of the cluster is approximately the sum of the capacities of the servers in the cluster. For example, a cluster of three servers that each support 1,000 users has approximately a maximum capacity of 3,000 concurrent users. However, if one server goes offline, the capacity of the cluster is reduced correspondingly (to 2,000 users in the example).

Therefore, the average capacity of a load-balanced cluster is less than the maximum possible, and allowance should be made for server downtime so that response times do not significantly decrease when a single server becomes unavailable. Having more than two servers in a cluster provides greater flexibility and reliability because when a server is taken offline for scheduled maintenance, failover can still occur among the remaining available servers.

You purchase a load balancing product separately, and set it up following the product documentation.

When you use load balancing, each physical server and place has an entry in the Place Catalog. In addition, there is an entry for the virtual server that represents the combination of all physical servers, and an entry for each place in the cluster that represents all the replicas of the place in the cluster.

Real-time updates to the Place Catalog (such as place creation, locking of a place, and place membership changes) are made in the place entries that correspond to the virtual server. The non-real time updates (such as place size, time last accessed, and time last modified) are made to the place entries that correspond to the physical servers in the cluster. This information allows the administrator to know the differences in access and size for the places in each of the physical servers in the cluster.

Use the qptool placecatalog -update command to synchronize the place entries that correspond to the physical servers and the place entries that correspond to the virtual server.

When using the Edge components Load Balancer for IBM® WebSphere® Application Server, the Websphere documentation provides instructions for configuring the load-balanced servers so they will accept a packet that was addressed to the cluster address. For most platforms, this is done by setting or aliasing the loopback device to the cluster address. If the Lotus Quickr servers in the cluster are running on Microsoft Windows 2008 or IBM i, special instructions are needed to properly complete the configuration for the load balanced servers as described in the following topics:

Microsoft® Windows® 2008: See How to configure the loopback adapter on Microsoft Windows 2008

IBM i: See Load Balancing IBM i servers: configuring the loopback device

Failover to a hot-spare

A less common method for distributing HTTP requests is failover to a hot spare, in which a primary server and a secondary server are clustered. The primary server handles user requests, and the secondary server is held in reserve in case the primary server fails or requires a scheduled stoppage. When the primary server is taken offline, user requests fail over to the hot spare until the primary server comes back online. In this type of cluster, the resources of the hot spare are not utilized while the primary server is active: the capacity of the cluster is the capacity of the primary server. Therefore, if a given server specification supports 1,000 concurrent users, two such servers are required to support 1,000 users. If the hot spare is identical to the primary server, the capacity remains the same after the primary server fails over.

With the hot-spare solution data is maintained in separate entries in the Place Catalog for each physical server, and for each place on a physical server.

Modifying scheduled qptool commands in the notes.ini file

You must modify scheduled qptool commands in server notes.ini files.

Perform the following steps:

Remove the following qptool commands from the notes.ini file of each server except the Place Catalog server:
- qptool newsletter -daily -a, from the ServerTasksAt1 parameter
- qptool remove -cleanup, from the ServerTasksAt2 parameter
- qptool placecatalog -push and qptool deadmail -cleanup from the ServerTasksAt3 parameter
These commands should run only on the Place Catalog server, to avoid duplication of newsletters and server tasks.
Add the following qptool command to the notes.ini file of the Place Catalog server only:
ServerTasksAt6=qptool placecatalog -update

This task updates statistics for the "virtual server" place documents.

Setting up the Place Catalog for a cluster

To ensure that a shared Place Catalog works properly for servers in a cluster, replicate the Place Catalog on the Place Catalog server to the other IBM Lotus Quickr servers in the cluster, and specify the details of the cluster environment in the qpconfig.xml file of each server in the cluster. All servers in a cluster should use the same qpconfig.xml settings.

Note: Do not put dedicated Place Catalog servers in one cluster, and the Lotus Quickr place servers that they catalog in a separate cluster. This configuration can cause poor failover performance.

Perform the following steps:

Perform the following steps on each server in the cluster except the Place Catalog server:
1. Enter the following command at the server console to stop the HTTP task:
```
tell http quit
```
2. Enter the following command at the server console to flush the database cache:
```
dbcache flush
```
3. Delete the file PlaceCatalog.nsf from the server data directory.
4. Create a replica of PlaceCatalog.nsf from the PlaceCatalog server to this server.
Perform the following steps on each server in the cluster, including the Place Catalog server.
1. Open the qpconfig.xml file in the Domino data directory or create the file if it does not exist already.
2. Specify the following settings in the file, replacing values shown below with ones required by your environment:
```
<cluster>
   <master virtual="true" ssl="false">
      <port>80</port>
      <hostname>master.acme.com</hostname>
      <path_prefix><path_prefix />
   </master>
</cluster>
```
  Table 2 describes the settings.
3. Save the modified file.
4. Enter the following command at the server console to restart the HTTP task:
  restart task http
Restart the Place Catalog server.
Restart the other Lotus Quickr servers.
Enter the following command at the server console of each server, one server at a time:
```
load qptool register -server
```

Table 2. Cluster settings in the qpconfig.xml file
Setting	Description
virtual="value"	The primary (master) server for a cluster acts as a user's entry point to places on other servers in the cluster. If you use the failover to a "hot-spare" clustering solution in which the primary (master) server is a physical IBM Lotus Quickr server, specify virtual="false." If you use the load balancing clustering solution, in which the primary server is an IP sprayer that acts as a "virtual" server, specify virtual="true."
ssl="value"	If SSL is enabled on the primary server, specify ssl="true," otherwise specify ssl="false." Note: Regardless if you use clustering, setting this to "true" populates the My Places list with URLs that begin with https rather than http.
<port>value</port>	Specify the TCP port used to access requests by browsers, depending on whether SSL is enabled on the primary server. The default port is 80 for non-SSL connections and 443 for SSL connections.
<hostname>value</hostname>	Specify the DNS hostname of the primary (master) server (for example, master.acme.com).
<path_prefix> value</path_prefix>	If the Place Catalog (PlaceCatalog.nsf) is located in a subdirectory of the Lotus Domino data directory, type the subdirectory as the path_prefix. This information is used to create URLs to the primary server. For example, on Microsoft Windows, if you put the Place Catalog in the directory C:\domino\data\catalog, type catalog as the path_prefix value. Or if you put the Place Catalog in the directory C:\domino\data\other\catalog, type other\catalog.

Upgrading

You can install IBM Lotus Quickr 8.5 without an upgrade (no previous version installed), or you can upgrade to Lotus Quickr 8.5 only from Lotus Quickr version 8.2.

Check for known issues on upgrading on the IBM Support Site. To see just upgrade issues, select Upgrade in the Product Category list.

Upgrade overview

The supported upgrade path is from Lotus Quickr 8.2 to Lotus Quickr 8.5. All deployments prior to 8.2 need to upgrade to Quickr 8.2 before upgrading to version 8.5.

The upgrade process ensures the preservation of: data, forms, themes, custom code (such as placebots, views, and other design elements), event hooks or agents, and placetypes.

Design (schema) upgrade

All system design documents and any other system documents will be upgraded; that is, replaced or modified as needed. For example, a number of views were modified and new views created, all of which will be introduced into all places. This schema upgrade is necessary for all places.

Data upgrade

For Lotus Quickr 8.5 places using the new theme and user interface, the dependency on ActiveX and the DnD (drag-and-drop) applet has been removed. Also, the Quickr server supports a Preview capability that supports the imported file(s) functionality that used to exist in version 8.2. The upgrade process runs through all place content and re-maps form definitions as follows:

Table 3. Forms in Lotus Quickr 8.5 for Domino
Form in 8.5	Description
Upload	Single file upload. This form supports the upload action previously provided the Upload forms for single, multiple, and no attachments in Quickr 8.2.
Page	Create a web document with rich text and optional attachments (similar to 8.2)
Event	Calendar event (similar to 8.2)
Task	Simple task (similar to 8.2)
Link	Link page (similar to 8.2)
Imported Page	Single file upload with preview on the web. This form supports the import action previously provided by the Microsoft Word, Excel, and Multiple Imported forms in Quickr 8.2.
List	Create a list by defining fields or by importing a file
Custom Library	To point to an ECM library (only available when ECM is enabled on the server)

Theme upgrade

Lotus Quickr 8.5 employs a new architecture for theme support. If a place used the default theme in version 8.2, the place will be switched to use the Quickr Standard theme for Places (8.5) default theme and will have the following new features and functions:

Trash (Recycle Bin)
Lists
Imported File pages (that use a server-side preview facility)
Custom Library
New layout of content, comments, versions, attachments, and so on

If a place used any other theme from version 8.2, the place will retain its prior look and feel as the theme will not automatically get changed to the 8.5 default theme. Consequently, the new features and functions mentioned above will not be available. In order to enable the new functions and features, the theme will need to be changed to the default Quickr 8.5 theme either manually or using a qptool setTheme command.

Note: Once the theme has been changed, you will not be able to revert to the original 8.2 theme's look and feel.

Customized template and placetype issues

Forcing all placetypes that used the default theme to upgrade to the new 8.5 theme might cause issues, particularly if there was custom design elements and code in the place. By default, these placetypes should not be affected by the upgrade process and remain usable.

Preparing to upgrade

You upgrade to Lotus Quickr version 8.5 from an implementation of Lotus Quickr 8.2.

If you are using IBM Lotus QuickPlace® Version 7.0, you must first upgrade to Lotus Quickr Version 8.0 or 8.0.0.2, and then upgrade to Version 8.1. Once you have upgraded to Quickr 8.1, follow the steps in this section to upgrade to 8.2. Refer to the appropriate instructions for upgrading to Quickr 8.0 or 8.0.0.2 in the Lotus Quickr Version 8.0 information center

Before you upgrade, you need to review specific documentation and back up places and PlaceTypes. Places and PlaceTypes are assets that are critical to your organization and need to be backed up before upgrading.

Review the following information:
1. Review the known issues that are described on the IBM Support site. To see just upgrade issues, select Upgrade in the Product Category list.
2. Review Lotus Quickr Version 8.2 detailed system requirements to verify that the components in your environment meet minimum product levels. Upgrade all hardware and software as needed.
3. Make sure you have Lotus Domino 8.5.1 Fix Pack 3 available since Lotus Quickr requires the 8.5.1 version of Lotus Domino to run. At the appropriate time, the steps later in this section will direct you to upgrade the version of Domino on your Lotus Quickr server. For more information about planning the upgrade to Lotus Domino 8.5.1, see Upgrade Central: Planning your upgrade to Lotus Notes / Domino 8.5.1.
Make backup copies of all of the subfolders in the Lotus Domino server's data directory. Save the backup copies to different media from the media your organization uses for its standard backup process. Do not rely solely on your organization's standard backup process, because it might delete backup copies too quickly.
Record any explicitly locked places before migration so that you can lock them again manually if needed after the upgrade process is finished. After upgrading, the qptool command to unlock all places needs to be run so that places can be processed by the subsequent qptool commands. After all operations complete, all locked places will be unlocked. Some policy locked places will be locked again when the policy agent runs in the next time; but for places locked by a user manually, the lock status will not recover automatically.
Verify the backup media by restoring it. If this step is not possible, make duplicate backup copies.
Save the backup copies in a secure location for at least several months.

Now you are ready to begin the upgrade process.

Setting up a staging environment to perform an upgrade

Before implementing Lotus Quickr in a production environment, you should consider setting up a staging environment that enables you to perform a side-by-side upgrade to test how well the upgrade process handles any custom themes and placetypes from your Lotus Quickr 8.2 implementation.

You should perform a side-by-side upgrade and migration for a Microsoft Windows 2008 environment. You can run a side-by-side upgrade as follows:

Be sure you have backed up all places as described.
Set up or designate a separate staging server running Lotus Domino 8.5.1, Fix Pack 3, and Lotus Quickr 8.5 for Domino. Upgrade an existing Lotus Quickr 8.2 server as described or run the qptool upgrade server command as follows:
```
load qptool upgrade -server
```
Copy a representative subset of places that use a standard theme or custom themes, forms, and placetypes onto the staging server.
Run the upgrade command for all places as follows:
```
load qptool upgrade -a
```
Review and test the migrated places to ensure that they have upgraded properly and work as expected before completing upgrade for all Lotus Quickr 8.2 servers and places.

Starting to upgrade

You are ready to upgrade IBM Lotus Quickr servers for your platform on Microsoft Windows, IBM i, or IBM AIX after completing the preparatory steps.

To upgrade Lotus Quickr, follow the instructions appropriate to your operating system:

Upgrading to the new Lotus Quickr 8.5 theme

Administrators should upgrade Lotus Quickr places using themes based on the Lotus Quickr 8.2 or older theme to the Quickr Standard Theme (8.5) base to take advantage of the many new theme features and benefit from the added functionality not available in the older themes. When upgrading to 8.5, any place that does not use the Quickr 8.2 Standard theme will not be updated with new features such as the Trash folder, Lists, the Notes calendar overlay, and several other new features. For a given place to display these features, its theme must be changed to the Quickr 8.5 Standard theme, at which point further customizations can be made.

Themes based on the Lotus Quickr 8.5 code can provide a rich user experience and improved server performance and scalability. The Quickr Standard Theme is the default for the Standard place for Teams in Lotus Quickr 8.5 for Domino. Creating a place from this standard theme provides users with the 8.5 Web client and user experience with all the latest features, functionality, and capabilities such as Library uploads, customizable lists, What's New feed, the ability to overlay your Lotus® Quickr calendar onto your Lotus Notes® calendar, and a new browser-based rich text editor. The Quickr 8.2 theme provides the 8.2 Web client user experience and includes the new rich text editor. It can be useful if maintaining continuity with existing 8.2 theme-based places is important for you. Themes based on the default standard theme should migrate with all features intact unless placetype and template design elements have been significantly altered.

Note: Once a place's theme is changed to the Quickr Standard Theme (8.5), it cannot be reverted to a non-8.5 based theme later and any changes to look and feel will need to be done through customizations.

After completing the upgrade process, have people familiar with the migrated places test that the places have not lost content or functionality during the migration process.
Optional: You can use the qptool setThemes command to specify that selected or all migrated places use the standard Lotus Quickr 8.5 theme if desired.
Optional: Users can create custom themes based on the new standard theme as desired.

Setting themes for migrated places to the new standard for Lotus Quickr

You can use the setTheme qptool command to set the theme for all migrated places to be the standard Lotus Quickr 8.5 theme.

To change existing place themes to the new standard theme for Lotus Quickr, enter the following command at the server console: load qptool settheme arguments

where arguments can be any of those detailed in the following table:

Note: Once a place's theme is changed to the Quickr Standard Theme (8.5), it cannot be reverted to a non-8.5 based theme later.

Table 4. Arguments for the qptool setTheme command
Argument	Description
-?	Prints help on the command
-p	Updates the theme for a place or for a comma-delimited list of places.
-a	Updates themes for all places.

Controlling which themes are available for selection

You can modify theme attributes in the qpconfig.xml file to enable or prevent certain themes from displaying on the Customize page when users are in the process of creating a new place or customizing an existing place.

You can suppress older or unused themes and allow certain themes to be available for selection by creators of places.

This task assumes you have created and use a qpconfig.xml file derived from the qpconfig_sample.xml file delivered with this version of Lotus Quickr. If you have an existing qpconfig.xml file, copy and paste the <themes> section from the qpconfig_sample.xml file into your working qpconfig.xml.

Open your qpconfig.xml file in your preferred text editor and locate the <themes> section.
You can either:
- Set the restrict_choices attribute value to true to enable users to select from a limited list of themes on the Choose a Theme page.
- Set the restrict_choices attribute value to false if you want all themes to be available for user selection.
Be sure to save the edits you made to the qpconfig.xml file.

The following sample (enclosed within the Start/End of Sample section) shows only the Quickr Standard Theme selected to appear on the Choose a Theme page.

<!-- 
	   themes
	   =============
	   This setting controls Theme-related settings.

	   attribute         value    default  description
	   =========         =====    =======  ===========
	   restrict_choices  true              Only "allowed" and custom themes may be selected on the "Choose a Theme" page.
				   false    yes      ALL themes may be selected on the "Choose a Theme" page.

	   <allowed>:  quoted comma separated list of themes allowed IF restrict_choices="true", specified by name.  

		<themes restrict_choices="true">
		<allowed>"Quickr Standard Theme"</allowed>
	</themes>

Upgrading a Lotus Quickr server on Windows and AIX

Upgrading the Lotus Quickr server requires upgrading the Lotus Domino server for your appropriate operating system and also requires that you have completed the preliminary steps to prepare your environment for upgrade.

You need to complete backing up places and placetypes and reviewing Lotus Quickr technotes as previously described before you start the upgrade process.

Stop the Lotus Domino server.
Stop any other programs that are running.
Stop any Web applications that listen on TCP/IP port 80. Skype is an example of such an application.
Upgrade the Lotus Domino server on which the Lotus Quickr runs to version 8.5.1 with Fix Pack 3.
Perform the following steps appropriate to your operating system: For Microsoft Windows:
1. Insert and start the Lotus Quickr Version 8.5 physical media.
2. If you are installing from a network drive, navigate to the directory that contains the installation kit, and then run Setup.exe.
For AIX:
1. Open a terminal window and log in to the server as a root user.
2. Navigate to the directory that contains the installation kit.
3. Enter ./install to start the installation:
4. When prompted, type the number that corresponds to the language in which you prefer to read the Lotus Software Agreement.
5. Press Enter to continue, and then press Enter again to display the license agreement.
6. When you have read the agreement, press 1 to accept the agreement and continue the installation.
Follow the on-screen prompts to complete the upgrade and configuration.
If you plan to use new 8.5 versions of the IBM Lotus Connectors, be sure to download the appropriate connector.
- Connectors version 8.5 work with a Lotus Quickr 8.5 server.
- Connectors version 8.2 (or lower) users should upgrade their connectors to version 8.5 in order for them to work with a Lotus Quickr 8.5 server.
For more information, see the detailed system requirements to verify that the components in your environment meet minimum product levels.
Proceed to Completing the upgrade.

Upgrading a Lotus Quickr server on IBM i

You can upgrade an existing IBM Lotus Quickr 8.2 server to Lotus Quickr 8.5 on IBM i.

To upgrade an existing Lotus Quickr 8.2 server to Lotus Quickr 8.5 on IBM i:

Make sure you have completed the steps in the Preparing to upgrade topic.
Sign on to your system with a user profile that has the required authority. To upgrade Lotus Quickr, your IBM i user profile must have the following special authorities:
- All object access (*ALLOBJ)
- Security administration (*SECADM)
- System configuration (*IOSYSCFG)
- Job control (*JOBCTL)
End any existing Domino servers on your system. After ending the servers, be sure that any active Domino subsystems are also ended.
Delete any Lotus Quickr hotfixes if they are installed.
To see a list of Lotus Quickr hotfixes, type the following IBM i command and press Enter:
```
DSPPTF LICPGM(5724S31)
```
To delete the hotfixes, type the following command and press Enter:
```
RMVPTF LICPGM(5724S31)
```
Delete the Lotus Quickr licensed program by typing the following command and pressing Enter:
```
DLTLICPGM LICPGM(5724S31)
```
Upgrade each Lotus Quickr server to Lotus Domino release 8.5.1 Fix Pack 3 if you have not done so already. The specific steps for upgrading to Lotus Domino 8.5.1 Fix Pack 3 on IBM i are available here.
Start the Lotus Domino server and use Domino Administrator to edit the Server document. Verify that the "Fully qualified internet host name" field on the Basics tab contains the fully qualified name of the Domino server and not the name of the system. If necessary, edit the field and save the Server document.
End all Lotus Domino servers.
If installing from a downloaded image, complete the steps in Preparing to install Lotus Quickr from a downloaded image on IBM i.
If installing from physical media, complete the steps in Pre-accepting the IBM Lotus Quickr software agreements before starting installation.
From the IBM i command line, run the appropriate command for installing from a downloaded image or physical media.
- Installing from a downloaded image
  1. Use the RSTLICPGM command to install from the save file you created when you downloaded the installation package. This example uses the save file MYLIB/QQUICKR:
```
RSTLICPGM LICPGM(5724S31) DEV(*SAVF) LNG(2924) SAVF(MYLIB/QQUICKR)
```
  2. When you are prompted to accept the Sametime® software agreement, you must accept it in order to continue.
- Installing from physical media
  1. Insert the Lotus Quickr disk in your system optical drive and run the RSTLICPGM command, specifying the correct name of the optical device:
```
RSTLICPGM LICPGM(5724S31) DEV(OPT01) LNG(2924)
```
The system loads the Lotus Quickr programs to the appropriate libraries and /QIBM directories. You will see status messages as the system installs the software.
Start the Lotus Quickr server.
Note: When you start the Domino server you also start the Lotus Quickr server.
Proceed to Completing the upgrade.

Completing the upgrade

After you have upgraded the Lotus Quickr and Lotus Domino servers for your appropriate operating system, you need to perform several tasks to complete the upgrade process.

Upgrading the design of databases on the server

Before you upgrade places and PlaceTypes, use the qptool upgrade command to upgrade the design of all databases on the IBM Lotus Quickr server.

To upgrade the design of databases:

From the Lotus Domino server console, enter the following command:

load qptool upgrade -f -server

When the upgrade is finished, the qptool.upgrade.xml file is created in the Domino program directory. This file indicates if the upgrade was successful. The qptool.upgrade.xml contains the following xml:

<?xml version="1.0"?>
<service>
   <servers>
      <server>
         <hostname>servername</hostname>
         <placetypes/>
         <places/>
         <action_status action="upgrade">
           <code>code number(0 if successful)</code>
           <message>error message(if there's an error)</message>
         </action_status>
      </server>  
   </servers>
</service>

Note: The qptool.upgrade.xml file is overwritten each time qptool upgrade is run. When the qptool upgrade runs next time, the previous qptool.upgrade.xml is renamed with a time stamp, for example, qptool.upgrade.2010_08_20@07_17_27.xml. Therefore you should check the qptool.upgrade.xml file to ensure that the upgrade was successful before continuing to the next step, upgrading places and PlaceTypes.

Migrating place catalog statistics to the Place Statistics database

You need to migrate place catalog statistics for places and rooms from an existing Place Catalog database to the new Place Statistics database by manually refreshing the designs of each database

Place Catalog database (placecatalog.nsf) statistics have been removed from the Places and Rooms view (and other views that had those columns) and recreated in the Place Statistics database (placestatistics.nsf).

If you're doing a fresh deployment, with no existing places, then the placecatalog.nsf and placestatistics.nsf files will be all set with their form and view changes and no manual steps will be needed. If you are deploying onto an existing Quickr 8.2 deployment, you need to make manual adjustments to the placecatalog.nsf and placestatistics.nsf designs and then generate placestatistics.nsf documents to hold the statistics.

Shut down the Lotus Quickr for Domino server.
Change directory to the Domino program directory:
```
cd \<dominoprogramdirectory>
```
Refresh the designs of the Place Catalog and Place Statistics databases by running the following commands:
```
ndesign -f placecatalog.nsf 
ndesign -f placestatistics.nsf
```
Generate new documents in placestatistics.nsf for the place and room stats, and adjust existing documents in placecatalog.nsf by removing the stat items and adding a unid item, and then run the following command:
```
nqptool upgrade -server -f
```
Restart the server.

Upgrading places and PlaceTypes

After you upgrade the design of databases on the server, you can use the qptool server task to upgrade places and PlaceTypes to enable the new features in them. You can upgrade them all at once or incrementally.

Keep the following points in mind about upgrading:

Prior to upgrading places and PlaceTypes, you cannot use existing places or PlaceTypes to create new places or PlaceTypes.
Any custom policies will be lost.
Do not modify or refresh PlaceTypes until after they have been upgraded.
When a place is upgraded, the user interface components "SiteMapLauncher" and "MyPlaces" are not added to custom themes. Place managers must add these components themselves.
A place is locked while it is being upgraded. If you upgrade multiple places at the same time, only one place is locked at a time.
The qptool upgrade -server command upgrades server-related databases and settings, and the other upgrade commands ( qptool upgrade -p placename and qptool upgrade -a) upgrade places and custom placetypes.
After upgrading the design of databases on the server, you can upgrade all places and PlaceTypes at once. If there is a large amount of data to upgrade, this can take a considerable amount of time, even multiple days, and once begun, the process should not be stopped. If there is a large amount of data to upgrade, consider upgrading places and PlaceTypes incrementally instead as decribed in the next section.
Old PlaceTypes cannot be used to create new places, and old places cannot be used to create new PlaceTypes. Old places cannot be refreshed from their PlaceTypes, and old PlaceTypes cannot be refreshed from their places, until both are upgraded.

To log server activities related to upgrading places and PlaceTypes, use the notes.ini setting QuickPlaceUpgradeLogging=value, where value is a number from 1 to 4. Enable upgrade logging only temporarily to aid in troubleshooting.
To upgrade all places and PlaceTypes at the same time, open the Domino server console.
Enter the following qptool command
```
load qptool upgrade -f -a
```
Note: The qptool upgrade command should be run only on the primary server in a cluster.
When upgrading all places at the same time, you need to carefully review the output to ensure that the upgrade has completed successfully for every place. If the upgrade stops at a particular place or error messages are issued for a particular place you need to perform the following steps:
1. Restore the place from a backup.
2. Correct any problems reported.
3. Run the upgrade for that one place. The reason for this is that during the first upgrade attempt some processing may have been done that can cause the remaining processing not to be attempted if another upgrade for that place is attempted.
If you are upgrading Blog and Wiki placetypes and any child places created from these placetypes, you need to refresh the old placetypes and child places created based on these placetypes using the following command:
```
load qptool refresh -pt placetype 
load qptool refresh -p place
```

When the upgrade is finished, the file qptool.upgrade.xml is created by default in the Domino program folder. This file indicates whether the upgrade was successful. It contains the following xml:

<?xml version="1.0"?>
<service>
   <servers>
      <server>
         <hostname>servername/hostname>
         <placetypes/>
         <places>
            <place>
               <name>placename</name> 
               <action_status action="upgrade">
                  <code>code number(0 if successful)/code>
                  <message>error message(if there's an error)/message>
               </action_status>
            </place>
         </places
      </server>  
   </servers>
</service>

Upgrading places and placetypes incrementally

You can upgrade individual places and PlaceTypes incrementally, for example, if you have many of them to upgrade.

Note: If the place used to create a PlaceType still exists, upgrade the place before upgrading the PlaceType. To determine which place was used to create a PlaceType, log in to the server as an administrator, click Work with Templates > Create PlaceType to display the field Select the place to base this PlaceType on. Only places that have been enabled by their managers for use as PlaceTypes are shown.

To upgrade places and PlaceTypes incrementally, enter one of the commands described in the following table:

Table 5. Upgrading places and PlaceTypes incrementally
Task	Command
Upgrade one place	`load qptool upgrade -f -p place`
Upgrade multiple places	`load qptool upgrade -f -p place place place`
Upgrade one PlaceType	`load qptool upgrade -f -pt PlaceType`
Upgrade multiple PlaceTypes	`load qptool upgrade -f -pt PlaceType PlaceType PlaceType`

When the upgrade is finished, the file qptool.upgrade.xml is created by default in the Domino program folder. This file indicates whether the upgrade was successful. It contains the following xml:

<?xml version="1.0"?>
<service>
   <servers>
      <server>
         <hostname>servername</hostname>
         <placetypes/>
         <places/>
         <action_status action="upgrade">
           <code>code number(0 if successful)</code>
           <message>error message(if there's an error)</message>
         </action_status>
      </server>  
   </servers>
</service>

Unregistering and re-registering places with the Place Catalog

After you have upgraded places and PlaceTypes, unregister and then re-register the places with the Place Catalog. These steps add place fields to the Place Catalog that might be new in a release. You can unregister and re-register all places at once or do it incrementally. For places that were moved from another server, you only would need to reregister the places.

Registering and unregistering places when migrating

Use the qptool register command to add place documents in the Place Catalog for places created prior to enabling the Place Catalog or for places added from another server, to adjust server-specific information for a place that has been moved from another server or renamed on the same server, or to restore a place that was previously archived.

For example, if the Place Catalog is down for any period of time, unregister all places and then use the register command to register the place again so that the Place Catalog contains up-to-date place information.

To register places, enter the following command at the server console:

load qptool register arguments

where arguments are arguments described in Table 6

Table 6. Arguments for the qptool register command for places
Argument	Description
-?	Prints help on the command.
-placecatalog	Registers specified place(s) or this server in the Place Catalog.
-server	Registers this server in the Place Catalog. Note: Requires use of the -placecatalog argument
-install	Installs and resets server-specific information for places that have been: Moved to this server from another server Renamed on this server Restored from archive . Note: Before you run qptool register -install -a, run qptool remove -cleanup to avoid creating partial entries in the Place Catalog associated with places marked for removal.
-a	Registers all places.
-p place(s)	Specifies a place or a space-separated list of places to register.
-pt place(s)	Specifies a place type or a space-separated list of place types to register.
-pts	Registers all place types.
-i inputfilename	XML input file located in the server program directory that specifies the places to register.
-o outputfilename	XML output file that logs the results of the command. By default the command logs results to qptool.register.xml in the server program directory.

Table 7 provides examples of using the qptool register command for places.

Table 7. Examples of registering places
Task	Command
Register a place that has been moved from another server, renamed on the current server, or restored from archive	>load qptool register -p placename -install
Register a place in the Place Catalog only	>load qptool register -p placename -placecatalog
Register multiple places that have been moved from another server	>load qptool register -p place1 place2 place3 -install
Register all places on the server in the Place Catalog after upgrading to the current release and enabling the Place Catalog	>load qptool register -a -placecatalog
Register places specified in an input file	>load qptool register -i qptool.myinput.xml
Register a place and log results in a non-default output file	>load qptool register -p placename -o qptool.myout.xml

Enabling Domino Attachment and Object Service (Optional)

Enable Domino Attachment and Object Service (DAOS) to consolidate attachments in databases in a separate repository on the server so that they can be retrievable by reference.

Ensure that transaction logging is enabled.

With the release of its version 8.5, IBM Lotus Domino server employs the Domino Attachment and Object Service (DAOS) to save significant space at the file level by sharing data identified as identical between databases (applications) on the same server.

To enable Domino Attachment and Object Service (DAOS), an administrator needs to mark multiple selected databases for attachment consolidation as follows:

From the Lotus Domino Administrator, choose Files > Advanced Properties.
Enable the Use Domino Attachment and Object Service advanced database property for every database on the server that you want to be consolidated.
Run lo compact -c daos on to move existing attachments to the DAOS repository.

To judge whether this feature is desirable for a particular deployment and for complete instructions on how to use it, review the content at the following related topic link:

Upgrading the connectors on client workstations

Users can upgrade their connectors without having uninstall their previous versions.

The Lotus Quickr Connectors work with Lotus Quickr 8.5 for Portal and also for Lotus Domino, and with ECM QService 1.1. Connectors released with Lotus Quickr 8.2 also can work with Lotus Quickr 8.5 for Portal and for Lotus Domino, and with ECM QService 1.1.

Before upgrading connectors on client workstations, make sure users have the required versions of the applications already installed on the client workstations. The application requirements of the latest Lotus Quickr Connectors are as follows:

Note: The Lotus Quickr Connectors version 8.5 do not support Entry places. Users will not be able to add Entry places or access existing Entry places created in Lotus Quickr 8.2 using their 8.5 connectors. If a Lotus Quickr 8.2 server is left up and running with Entry places on it, users can still access those Entry places using their browsers.

Place connector for Lotus Notes requires Lotus Notes 8.0.2 (Standard and Basic) or Lotus Notes® 8.5.1 (Standard and Basic).
Place connector for Lotus Sametime requires Lotus Sametime 8.0.2 or Lotus Sametime 8.5.
Place connector for Lotus Symphony requires Lotus Symphony 1.3 and Lotus Notes 8.0.2 embedded or Lotus Notes 8.5.1 embedded.
Place connector for Microsoft Office/Outlook requires Microsoft Office XP, 2003, or 2007.

The following upgrade paths have been tested and are supported:

From Lotus Quickr Connectors 8.1.1 to Lotus Quickr Connectors 8.5
From Lotus Quickr Connectors 8.2 to Lotus Quickr Connectors 8.5
From Lotus Quickr Connectors 8.2 interim fixes to Lotus Quickr Connectors 8.5

Note: Upgrading from Lotus Quickr Connectors 8.1 to version 8.5 has not been tested but should work.

Manually upgrading client workstations to the latest Lotus Quickr Connectors

Follow these steps to upgrade the Quickr Connectors from a previous version without having end users uninstall first.

Make the qkrconn.exe available to end users.
User needs to double-click qkrconn.exe to begin installation.
Follow the self-explanatory prompts from the upgrade wizard. You can change the components during the upgrade for previous connectors releases. You can install one or all of them, as long as you have the supported versions of these applications installed on the client workstation already.
Reboot if prompted. If you do not, unexpected behavior may occur.

Silently upgrading client workstations to the latest Lotus Quickr Connectors

Follow these steps to upgrade the connectors from a previous version without having end users uninstall first. A silent installation means the end user does not need to perform the upgrade manually.

Ensure that all applications on the client workstations are shut down before the upgrade is started.
Save qkrconn.exe to the desired location to run the silent upgrading.
Enter the required silent install command qkrconn.exe with switches. For a full list of commands and switches, type qkrconn.exe /? You can install one connector or all of them, as long as you have the supported versions of these applications installed on the client workstation already. For example:
```
qkrconn.exe /install /quiet /forcerestart ADDLOCAL=WindowsExplorer,MicrosoftOffice,LotusNotes
```
Reboot after the upgrade is finished. If you do not, unexpected behavior might occur.

Installing a connectors interim fix

Follow these steps to patch the connectors with an interim fix.

Start the installation qkrconn.exe.
Follow the self-explanatory prompts from the upgrade wizard. You cannot change the components and the connectors install location during the upgrading.
Reboot if prompted. If you do not, unexpected behavior may occur.

Silently installing a connectors interim fix

Follow these steps to install an interim fix silently.

Ensure that all applications on the client workstations are shut down before the upgrade is started.
Save qkrconn.exe to the desired location to run the silent upgrading.
Enter the required silent install command qkrconn.exe with switches. To patch an existing 8.5 driver with a new 8.5 ifix driver silently, using REINSTALL parameter. For example, to patch all installed connectors:
```
qkrconn.exe /install /quiet /forcerestart REINSTALL=ALL
```
To patch the place connectors for Explorer and Notes only:
```
qkrconn.exe /install /quiet REINSTALL=WindowsExplorer,LotusNotes
```
Reboot after the upgrade is finished. If you do not, unexpected behavior may occur.

Support for Lotus Quickr Entry

If you use Lotus Quickr Entry places on an IBM Lotus Quickr 8.2 server, and want to keep using them, you need to keep that Quickr 8.2 server running. Lotus Quickr Entry is not supported on a Lotus Quickr 8.5 server. Lotus Quickr Entry places should remain on a Lotus Quickr 8.2 server.

If the Lotus Quickr 8.2 server runs a mix of Entry and regular places, you can migrate the "regular" places to a Lotus Quickr 8.5 server and leave the Entry places on the 8.2 server. If all you have on your 8.2 server are Entry places, you do not need to do anything. Just leave the Quickr 8.2 server as is (do not upgrade to version 8.5) and continue using the Entry places.

Uninstalling

Uninstall the product for supported platforms.

Uninstalling on Microsoft Windows.

Uninstall IBM Lotus Quickr on Microsoft Windows.

Open the Control Panel .
Open Add or Remove Programs and select Lotus Quickr Server, then click Remove.
Reboot the machine.
Remove the following directories:
- %DOMINO_PROGRAM_DIRECTORY%\data\domino\quickplace directory and all of its subdirectories
- %DOMINO_PROGRAM_DIRECTORY%\data\PlaceCatalog.nsf file
- %DOMINO_PROGRAM_DIRECTORY%\data\PlaceStatistics.nsf file
- %DOMINO_PROGRAM_DIRECTORY%data\domino\quickplace directory
- %DOMINO_PROGRAM_DIRECTORY%data\domino\html\qphtml\adminconsole directory
- %DOMINO_PROGRAM_DIRECTORY%data\domino\html\qphtml\ckeditor directory
- %DOMINO_PROGRAM_DIRECTORY%data\domino\html\qphtml\ecmintg directory
- %DOMINO_PROGRAM_DIRECTORY%data\domino\html\qphtml\mum directory
- %DOMINO_PROGRAM_DIRECTORY%data\domino\html\qphtml\widgets directory
- %DOMINO_PROGRAM_DIRECTORY%data\domino\html\qphtml\startunzip.log file
Delete the following parameters from the notes.ini file:
- QuickPlaceSubdirectory=LotusQuickr
- QuickPlacePassword=(G/kz5XXGHHBjlM3YAUhm)
- QuickPlaceAdmin=CN=admin/OU=QP/O=smith
- QPJC1=C:\DOMINOUPGRADE\quickplace.jar
- QPJC2=C:\DOMINOUPGRADE\log4j-118compat.jar
- QPJC3=C:\DOMINOUPGRADE\STCore.jar
- QPJC4=C:\DOMINOUPGRADE\STMtgManagement.jar
- QPJC5=C:\DOMINO\xsp\shared\lib\commons-logging.jar
- QPJC6=C:\DOMINO\abdera-core-0.4.0-incubating.jar
- QPJC7=C:\DOMINO\abdera-i18n-0.4.0-incubating.jar
- QPJC8=C:\DOMINO\abdera-parser-0.4.0-incubating.jar
- QPJC9=C:\DOMINO\axiom-impl-1.2.5.jar
- QPJC10=C:\DOMINO\axiom-api-1.2.5.jar
- QPJC11=C:\DOMINO\jaxen-1.1.1.jar
- QPJC12=C:\DOMINO\poi-3.6.jar
- QPJC13=C:\DOMINO\commons-io-1.4.jar
- QPJC14=C:\DOMINO\commons-fileupload-1.2.jar
- QPJC15=C:\DOMINO\odfdom.jar
- QuickPlaceUpgradeServerOnStartup=1
- QuickPlaceEnableVersionCheck=1
- QuickPlaceServerSettings=0
- QuickPlaceStandalone=0
- QRD_InstallType=2
- Remove QPJC values from JavaUserClassesExt
Remove the %DOMINO_PROGRAM_DIRECTORY%\data\LotusQuickr directory and its contents.

Uninstalling on IBM AIX or Linux

Uninstall IBM Lotus Quickr on IBM AIX or Linux.

Make sure not to edit the notes.ini file using the root user ID since this would change the notes.ini file's user and group ownership and prevent the reinstallation of Lotus Quickr.

Remove the following from $NOTESPROGRAMDIR:
- libquickplace_r.a
- quickplace
- libquickplace_r.a.0
- quickplace.jar
- quickplace_stop
- libquickplacers_r.a
- quickplacesetup
- libquickplacesetuprs_r.a
Remove the <Domino data directory>\domino\html\qphtml directory and all of its subdirectories.
Delete the following parameters from the notes.ini file:
- QuickPlacePassword=(G/kz5XXGHHBjlM3YAUhm)
- QuickPlaceAdmin=CN=admin/OU=QP/O=smith
- QPJC1=/opt/ibm/lotus/notes/latest/ibmpow/quickplace.jar
- QPJC2=/opt/ibm/lotus/notes/latest/ibmpow/log4j-118compat.jar
- QPJC3=/opt/ibm/lotus/notes/latest/ibmpow/xsp/proxy/WEB-INF/lib/commons-httpclient-3.0.1.jar
- QPJC4=/opt/ibm/lotus/notes/latest/ibmpow/xsp/proxy/WEB-INF/lib/commons-codec-1.3-minus-mp.jar
- QPJC5=/opt/ibm/lotus/notes/latest/ibmpow/xsp/shared/lib/commons-logging.jar
- QPJC6=/opt/ibm/lotus/notes/latest/ibmpow/abdera-core-0.4.0-incubating.jar
- QPJC7=/opt/ibm/lotus/notes/latest/ibmpow/abdera-i18n-0.4.0-incubating.jar
- QPJC8=/opt/ibm/lotus/notes/latest/ibmpow/abdera-parser-0.4.0-incubating.jar
- QPJC9=/opt/ibm/lotus/notes/latest/ibmpow/axiom-impl-1.2.5.jar
- QPJC10=/opt/ibm/lotus/notes/latest/ibmpow/axiom-api-1.2.5.jar
- QPJC11=/opt/ibm/lotus/notes/latest/ibmpow/jaxen-1.1.1.jar
- QPJC12=/opt/ibm/lotus/notes/latest/ibmpow/poi-3.6.jar
- QPJC13=/opt/ibm/lotus/notes/latest/ibmpow/commons-io-1.4.jar
- QPJC14=/opt/ibm/lotus/notes/latest/ibmpow/commons-fileupload-1.2.jar
- QPJC15=/opt/ibm/lotus/notes/latest/ibmpow/odfdom.jar
- QuickPlaceSubdirectory=LotusQuickr
- QuickPlaceStandalone=0
- QuickPlaceUpgradeServerOnStartup=0
- QuickPlaceEnableVersionCheck=1
- QuickPlaceServerSettings=1
- QRD_InstallType=2
- Remove QPJC values from JavaUserClassesExt
Remove the <Domino data directory>\LotusQuickr directory and its contents.
Note: This directory contains all of the data for your Lotus Quickr places. If you want to uninstall Lotus Quickr but keep your place information, do not delete this directory.

Uninstalling on IBM i

Uninstalling IBM Lotus Quickr on IBM i involves removing Lotus Quickr from all of the Lotus Quickr servers before uninstalling it.

Removing Lotus Quickr from a Lotus Domino server

Use the Remove IBM Lotus Quickr from a Domino Server command to remove IBM Lotus Quickr from a Lotus Domino server on IBM i.

The Remove Lotus Quickr from a Domino Server command makes the following changes to a Domino server:

Removes Lotus Quickr data from the Lotus Domino server.
Removes the Lotus Quickr directory from the Lotus Domino server data directory.
Changes the NOTES.INI file for the Lotus Domino server to disable Lotus Quickr.

To perform this task, you must have *ALLOBJ, *IOSYSCFG, *JOBCTL, and *SECADM special authorities. To remove Lotus Quickr from a Domino server, follow these steps.

End the Lotus Domino server and subsystem.
Enter the following IBM i command: RMVLQPDOM dominoservername
where dominoservername is the actual name of the Lotus Domino server.
Verify that you want to remove Lotus Quickr from the Lotus Domino server by typing G and pressing Enter.
Note: If you do not want to remove Lotus Quickr from the Lotus Domino server, press any other key.
Restart the Lotus Domino server.
To verify that Lotus Quickr was removed from the Lotus Domino server, use a Web browser to access the Lotus Quickr home page for the Lotus Domino server at the following URL:
http://dominoservername:port/lotusquickr

where dominoservername is the name of your Lotus Quickr server and port is the associated port number. For example:

http://twpserver1:81/lotusquickr

If removing an earlier release of Lotus QuickPlace®, access the following URL instead:

http://dominoservername:port/QuickPlace

You get an error indicating that the file was not found and you cannot access the Lotus Quickr home page.

Uninstalling

Delete any Lotus Quickr hot fixes if they are installed.
To see a list of the hotfixes, type the following IBM i command and press Enter:
```
DSPPTF LICPGM(5724S31)
```
To delete the hotfixes, type the following command and press Enter:
```
RMVPTF LICPGM(5724S31)
```
Delete the Lotus Quickr licensed program by typing the following command and pressing Enter:
```
DLTLICPGM LICPGM(5724S31)
```

Configuring services for Lotus Domino

Configure services for Lotus Domino to suit the needs of your organization and environment.

Creating and using the qpconfig.xml file

You use an XML configuration file, qpconfig.xml file, to perform many server configuration tasks. The server comes with a sample file, qpconfig_sample.xml, which is installed in the server data directory and which you use as a template.

The qpconfig_sample.xml file describes the available settings and their default values, and provides sample XML that you can customize to suit your needs.

Note: All servers in a cluster should use the same qpconfig.xml settings.

To create and use the qpconfig.xml file, perform the following steps:

Make a copy of qpconfig_sample.xml and name it qpconfig.xml.
Open the qpconfig.xml file using a text editor.
Locate the section of settings that you want to customize, for example:
```
Place Catalog
=============
```

Remove the following two lines from the located section, to enable the sample settings between the lines

<!--  =================== START OF SAMPLE ======================

      =================== END OF SAMPLE ========================  -->

Modify the sample settings as needed. For example, to configure a server to use a Place Catalog on the remote server, qkcat/acme, change the sample values from this:

<place_catalog enabled="true" log_level="0">
      <connection_pool size="8"/>
      <place_catalog_servers>
         <server>
            <domino_server_name>qpcat/IBM</domino_server_name>
            <nsf_filename>PlaceCatalog.nsf</nsf_filename>
         </server>
      </place_catalog_servers>
</place_catalog>

to this:

<place_catalog enabled="true" log_level="0">
      <connection_pool size="8"/>
      <place_catalog_servers>
         <server>
            <domino_server_name>qkcat/acme</domino_server_name>
            <nsf_filename>PlaceCatalog.nsf</nsf_filename>
         </server>
      </place_catalog_servers>
   </place_catalog>

Close the file and save it in the server data directory, for example, save it in C:\Program Files\Lotus\Domino\Data.
After modifying the qpconfig.xml you should open it in your browser to ensure that the xml is well formed.
Type the following command to restart the HTTP task so that the server recognizes the changes:
```
restart task http
```

Performing IBM i-specific configuration tasks

IBM Lotus Quickr for IBM i provides additional functions that enable you to change server properties and to change language dictionaries.

Changing Lotus Quickr server properties on IBM i

After you create an IBM Lotus Quickr server, you can change many of the properties that you originally specified. You must have *JOBCTL special authority to perform this task.

Perform the following steps:

Stop the server that you want to modify.
On any IBM i command line, type the following command and press Enter:
```
wrkdomsvr
```
On the Work with Domino Servers display, type a 2 in the Opt column next to the server name and press Enter.
On the Change Domino Server display, make any necessary changes to the values and press Enter.
Restart the Lotus Quickr server to make the changes take effect.

Connecting to a user directory

Connecting to a user directory, although optional, maximizes the features available to you.

Preparing to access LDAP directory servers from behind a firewall on IBM i

If a IBM Lotus Quickr server that runs on IBM i is behind a firewall and you plan to do user lookups in an LDAP directory that is outside the firewall, your system administrator must configure Client Socks support using IBM i Navigator.

For details of how to configure Client Socks support, see one of the following:

OS/400 Sockets Programming, SC41-5422-03 or later, which is available from the IBM i Online Library through the following Web site:
http://www.ibm.com/eserver/iseries/infocenter
AS/400 Internet Security: IBM Firewall for AS/400, SG24-2162, which is available from the IBM Redbooks Web site:
http://www.ibm.com/redbooks

User directories

When you set up directory services to connect the server to a user directory, administrators and place managers can add members to places by selecting names from the directory. Without a user directory, they must instead register local members in the membership database (Contacts1.nsf) of individual places.

Connecting to a user directory maximizes the features that are available to you. The following features are supported only when a user directory is in use:

IBM Lotus Sametime features integrated in places
My Places
Single sign-on authentication
Super user access to the server
User names in double-byte character sets

Connecting to a user directory also provides these user management features:

User information is managed in a central location, rather than in individual places.
External members use the same name and password to access any place of which they are a member, whereas local members might have different user names and passwords in each place.
Many of the qptool commands that enable you to manage member information for multiple places at once are available only for external members. For example, you can use the qptool addmember command to add external members to places, but not to add local members.

If you connect to a user directory, local membership is still supported. The local administrator specified during installation is a local member of the server's Site Administration place.

Supported directory services configurations

You can set up IBM Lotus Quickr to control directory services or set up the underlying Lotus Domino server to control directory services.

Table 8 highlights some of the benefits and limitations of these directory services configurations.

Table 8. Comparison of the supported directory services configurations
Feature support	Lotus Quickr control of directory services	Lotus Domino control of directory services
User Authentication	Supports only Domino basic name-and-password authentication or multi-server session-based (single sign-on) authentication.	Supports any user authentication method configured on the Lotus Domino server
Domino Internet Site documents	Not supported and Domino server cannot use	Supported
Directory	Supports one LDAP directory, and an optional additional LDAP directory for Lotus Quickr expanded membership use	Supports access to any directory that Lotus Domino server can access, including multiple directories accessed through Domino directory assistance
Lotus Quickr expanded membership	Supported	Not supported

Comparison of LDAP configuration options

Each supported directory services configuration has its own method and options for connecting to an LDAP directory.

Both directory services configurations support connections to an LDAP directory, a directory accessed through the Lightweight Directory Access Protocol (LDAP). Table 9 describes where to find the LDAP directory connection options, depending on which directory services configuration you use.

Table 9. Location of LDAP directory connection options
Option	Location when Lotus Quickr controls directory services	Location when Lotus Domino controls directory services
LDAP directory server port	Site Administration - User Directory page	Domino Directory and Directory Assistance document
Secure Sockets Layer (SSL) connections	Site Administration - User Directory page	Domino Directory and Directory Assistance document
SSL protocol to use	qpconfig.xml	Directory Assistance document
Whether expired SSL certificates accepted	qpconfig.xml	Directory Assistance document
Whether server certificate must include host name	qpconfig.xml	Directory Assistance document
Different search bases for groups and users	qpconfig.xml	Naming rules in Directory Assistance document
Control of attributes that display in Lotus Quickr interface	qpconfig.xml	None
Control of attributes that display in Lotus Quickr directory lookup interface	qpconfig.xml	None
Searches narrowed to names that are part of place name	Site Administration - User Directory page	None
Distinguished names that do not conform to the Domino naming convention	qpconfig.xml	Directory Assistance document with all-asterisk naming rule
Custom search filter for user authentication	qpconfig.xml	Directory Assistance document
Custom search filter for group authorization	qpconfig.xml	Directory Assistance document
Custom search filter for adding group members to places	qpconfig.xml	None
Custom search filter for adding user members to places	qpconfig.xml	None
Control whether nested groups are searched	qpconfig.xml	Directory Assistance document
Control levels of nested group searches	notes.ini	None
Search timeout	Site Administration - User Directory page	Directory Assistance document
Maximum entries returned	None	Directory Assistance document
Attribute to be used as name in SSO token	None	Directory Assistance document
Control over alias dereferencing	None	Directory Assistance document
Support of directory change detection	None	Directory Assistance document

Feature differences when accessing places through group membership

The behavior that users see when accessing places through membership in an external group can be different than when accessing places through individual membership.

Note: On IBM AIX servers, a maximum of 150 users from one group can be logged into a place simultaneously through the group membership. The server will not respond if that maximum is exceeded.

Table 10 summarizes the differences users see when accessing places through external group membership.

Table 10. Behavior differences when accessing places through membership in external groups
Feature	User experience when accessed through external group membership
Current user link	Link shows the member's name rather than the group name. There is no member profile available through the link.
Editor access	When a member of a group edits a page, other members of the group do not see the status of the page as checked out.
Members list	Members list shows the group name rather than the names of the members.
Member profile	Member profile for the group shows the group name. Members of the group do not have profiles, unless they also have access through individual membership.
Page author	Page author shows the members of a group rather than the group name.
Search pages by author	You can search by member of a group, not by group name.
Place invitations	A place invitation is sent to each member of a group.
Notifications	A page notification shows the e-mail address of the member of the group who sent it. The sender can send to the group name or can select specific members to send to. Ability to select specific members is controlled through the qpconfig.xml file.
What's new e-mails and calendar event subscriptions	Members of a group cannot receive what's new e-mails or calendar event subscriptions because they do not have profiles in which to set the preferences to receive them.
Form workflow: editor-in-chief approval cycle	Members of groups cannot submit or approve workflow pages because they don't have a required Member profile.
Custom member lookup interface controlled through the qpconfig.xml file (when IBM Lotus Quickr controls directory services)	Customizations to the member lookup interface do not apply to groups.
IBM Lotus Sametime awareness	Awareness is not available for members of a group from the Members Online window, but is available elsewhere in the context of a place.
Work offline	Members of groups cannot work offline.

Support for special characters in names

IBM Lotus Quickr supports some special characters in user and group names.

Table 11 summarizes special character support.

Table 11. Support for special characters in names
Special character	Allowed for local users	Allowed for local groups	Allowed for external users and groups
@	Yes	No	No
<	No	No	No
>	No	No	No
&	No	No	No
:	No	No	No
;	No	No	No
^	No	No	Yes
, (comma)	No	No	Yes
=	No	No	Yes
(	No	No	Yes
)	No	No	Yes
#	No	No	Yes
\	No	No	Yes
/	No	No	Yes
\|	No	No	No
*	No	No	No
+	No	No	Yes
"	No	No	No
' (apostrophe)	Yes	Yes	Yes

Connecting to the Lotus Domino directory using Domino Native Authentication (non-LDAP)

Setting up the underlying IBM Lotus Domino to control directory services enables you to take advantage of the directory services and authentication methods that Lotus Domino supports.

CAUTION:

Switching from Domino control of directory services to Lotus Quickr control is not supported because members added to places during Domino control of directory services are not recognized after the switch.

Perform the following steps to set up Lotus Domino to control directory services.

If users are located in a secondary directory rather than the Domino server's primary Domino Directory, set up directory assistance for the secondary directory. For instructions, see the section Directory Services - Directory Assistance in the Contents view of Domino Administrator Help. Keep the following points in mind:
- Create a Directory Assistance document for each directory that contains Lotus Quickr users.
- To use groups from a directory as place members, specify "Group Authorization" in the Directory Assistance document. Locate all such groups in one directory because you can enable this option for one directory only.
- If the secondary directory is an LDAP directory and there are distinguished names in the directory that don't conform to the Domino naming convention, use an all-asterisk naming rule in the Directory Assistance document.
Perform the following steps:
1. Log in to the Lotus Quickr server as an administrator.
2. Click Site Administration.
3. Click User Directory.
4. Click Change Directory.
5. In the Type list select Domino Server.
6. Select one of the following options
  - To allow place managers to create local members, click Allow managers to create new users in each place.
  - To prevent place managers from creating local members and require them to select members from a user directory, click Disallow new users.
Click Next. Make sure to complete this step so your changes take effect.

Note: When Domino controls directory services, you cannot use expanded membership.

For information on setting up directory services on the Domino server, see the Directory Services section in the Contents view of Domino Administrator Help.

Switching to Domino control of directory services

You can switch from IBM Lotus Quickr control of directory services to Lotus Domino control.

CAUTION:

After you make this change, reverting to Lotus Quickr control of directory services is not supported.

Perform the following steps:

Set up Lotus Domino to control directory services.
Use the qptool changehierarchy command to change the format of the distinguished names of external members in places to use the Lotus Domino forward slash (/) delimiter.
For example, to change the names of users and groups within the hierarchy ou=boston,o=acme to the Lotus Domino counterpart hierarchy, ou=boston/o=acme in place P1, use the following command:
```
load qptool changehierarchy -sourceh ou=boston,o=acme -targeth ou=boston/o=acme -p P1
```
Or to make the same change in all places, use the following command:
```
load qptool changehierarchy -sourceh ou=boston,o=acme -targeth ou=boston/o=acme -a
```
Restart the server by entering the following command at the server console:
```
restart server
```

Connecting to an LDAP server - Allowing Lotus Quickr to control directory services

When you set up IBM Lotus Quickr to control directory services, you specify an LDAP directory server to connect to.

When you set up IBM Lotus Quickr to control directory services, you specify an LDAP directory server to connect to. The directory must be a supported LDAP product that is tested and certified with this version of Lotus Quickr. Refer to the detailed system requirements on the IBM Support site for a complete list of supported LDAP directories.

Make sure the LDAP directory server is running.
Log in to the Lotus Quickr server as an administrator.
Click Site Administration > User Directory > Change Directory.
In the Type list select LDAP Server.
In the Name field, type the fully-qualified host name of the LDAP server, for example, ldap.acme.com.
In the Port number field, type the port number that the LDAP server uses to communicate with other servers. The default is 389, the port typically used.
Optional: Select Check for SSL connection with LDAP user directory. If you select this option and SSL is configured on the Lotus Quickr server and the LDAP server, the Lotus Quickr server will initiate all requests to the LDAP user directory as SSL encrypted requests.
Optional: In the Search base field type a distinguished name that represents the location in the directory name hierarchy at which to begin searches, for example, o=acme, ou=sales,o=acme, or dc=acme,dc=com. By default the Search base you specify applies to both user and group searches. However, you can use the qpconfig.xml file to specify a different search base for group searches.
Optional: Click Narrow searches to the place name to confine searches launched from a place to user directory names that include the name of that place. For example, with this option checked, if a user does a directory search from a place called Sales Support, the search looks only for users who have Sales Support in their user names.
Important: Do not select this setting if your organization uses only three organizational units in names, because it will restrict you to a maximum of three places.
If a user name and password are required to access directory information on the LDAP server, perform the following steps:
1. Click Check to use credentials specified below when searching the directory.
2. Type the user name, an LDAP distinguished name, for example cn=admin,o=acme.
3. Type the password.
  Note: If the password has an expiration date, make a note of it, because you will need to update this field with a new password then.
Optional: In the Authentication Timeout and Search Timeout fields, change the maximum amount of time, in seconds, the server can take to authenticate a user from the user directory or to perform a search. The default value for both time-out settings is 120 seconds and is adequate in most environments. If connections to the LDAP server are very slow, consider increasing the time-out values. If connections are very fast, consider reducing the values. If you leave the fields blank, the default settings are used. The LDAP server might also have time-out limits configured. In this case, the effective time-out limits are whichever are lowest between the Lotus Quickr server and the LDAP server.
Note: Specifying 0, which allows the Lotus Quickr server to take an unlimited amount of time for user authentication and searches, is not recommended.
Select one of the following options:
- To allow place managers to create local members, select Allow managers to create new users in each place.
- To prevent place managers from creating local members and require them to select members from a user directory, click Disallow new users.
Click Next. Make sure to compete this step so your changes take effect.

If in the future you want to change the LDAP directory that Lotus Quickr uses, repeat these steps. If there are distinguished names in the new directory that are different from the names in the original directory, use the qptool changehierarchy or changemember command to update the names in places.

Note: The distinguished names of users and groups should be unique. If there are two identical distinguished names in the directory, only one of the names can be added to a place as a member. If two distinguished names are identical, add a middle initial or other distinguishing character to one of the names to make each name unique.

Customizing Lotus Quickr control of directory services

Use qpconfig.xml and notes.ini settings to customize IBM Lotus Quickr control of directory services.

Customizing the attributes displayed for users and groups

Users and groups in an LDAP directory are described by a variety of attributes. For example, the value for a user's first name is often stored as the givenname attribute and the last name as the sn (surname) attribute. Not all LDAP directories define attributes in the same way.

To display accurate information about users and groups in the IBM Lotus Quickr user interface, such as names, phone numbers, and e-mail addresses when Lotus Quickr controls directory services, you might need to change some of the default attributes. For example, by default the Lotus Quickr assumes an LDAP directory uses the sn attribute to define a user's last name. However, if your LDAP directory uses the lastname attribute instead, you must use the qpconfig.xml file to specify the correct attribute.

Perform the following steps to customize the attributes displayed for users and groups:

Change values in the <schema> element of the qpconfig.xml file as required by your LDAP directory. The following example shows lastname for the <last_name> value instead of the default value of sn.

  <user_directory>
    <ldap>
      <schema>
        <object_class>objectClass</object_class>
        <user>
          <object_class_value>person</object_class_value>
          <common_name>cn</common_name>
          <display_name>cn</display_name>
          <first_name>givenname</first_name>
          <last_name>lastname</last_name>
          <email>mail</email>
          <phone>telephone</phone>
        </user>
        <group>
          <object_class_value>groupOfNames</object_class_value>
          <common_name>cn</common_name>
          <display_name>cn</display_name>
          <member>member</member>
        </group>
      </schema>
    </ldap>
  </user_directory>

Note: Using distinguished names as the display name is not supported.

Save the modified qpconfig.xml file.
Enter the following command at the server console to restart the HTTP task on the server:
```
restart task http
```
If there are existing places, use the qptool updatemember command to update places to reflect the change. This step is not necessary if you have updated only attributes that are used in authentication, for example <display_name>, because these are updated automatically when you restart the http task.

If your LDAP directory server allows anonymous access, ensure it will return the attributes you specify.

Customizing search filters

If IBM Lotus Quickr control directory services, you can use the qpconfig.xml file to customize the attributes it looks for during various types of searches.

Customizing searches for login names

When an external member logs in to a place, by default the server searches the cn, uid, and shortname attributes in the LDAP directory for matches to the login name. You can use the qpconfig.xml file to specify other attributes for which to search.

Note: The qpconfig.xml file is case-sensitive, so when typing the names of attributes you must use the same character case used in your directory. Specifying case incorrectly causes directory lookup problems.

Perform the following steps:

Change values in the <authentication> element (within the <search_filters> element) of the qpconfig.xml file as required by your LDAP directory. Values shown below are the default values.

<user_directory>
    <ldap>
      <search_filters>
        <authentication><![CDATA[(|(cn={0})(uid={0})(shortname={0}))]]>
        </authentication>
        <user_lookup><![CDATA[(&(objectclass=person)(sn={0})(givenname={1}))]]>
        </user_lookup>
        <group_lookup><![CDATA [(&(objectclass=groupOfNames)(cn={0}))]]>
        </group_lookup>
        <group_membership><![CDATA [(&(objectclass=groupOfNames)(member={0}))]]>
        </group_membership>
      </search_filters>
    </ldap>
  </user_directory>

Save the modified qpconfig.xml file.
Enter the following command at the server console to restart the HTTP task on the server:
```
restart task http
```

For example, to look for a login name in the cn attribute or in the mail attribute, change the authentication element in qpconfig.xml to: <authentication><![CDATA[(| (cn={0})(mail={0}))] ]></authentication>

Note that the zero {0} is required. The authentication filter looks for only one name value in an attribute.

Customizing the user lookup search

When someone types a name in the directory lookup interface to search for name to add as a place member, by default the server expects a last name, optionally followed by a comma (,) and first name, and searches for the last name in the sn attribute and the first name in the givenname attribute. By default the server also assumes that names are found in entries defined as objectclass=person. You can use the qpconfig.xml file to specify other attributes for which to search and a different object class definition.

Perform the following steps:

Change values in the <user_lookup> element of the qpconfig.xml file as required by your LDAP directory. Values shown below are the default values.

<user_directory>
    <ldap>
      <search_filters>
        <authentication><![CDATA[(|(cn={0})(uid={0})(shortname={0}))]]>
        </authentication>
        <user_lookup><![CDATA[(&(objectclass=person)(sn={0})(givenname={1}))]]>
        </user_lookup>
        <group_lookup><![CDATA [(&(objectclass=groupOfNames)(cn={0}))]]>
        </group_lookup>
        <group_membership><![CDATA [(&(objectclass=groupOfNames)(member={0}))]]>
        </group_membership>
      </search_filters>
    </ldap>
  </user_directory>

Save the modified qpconfig.xml file.
Enter the following command at the server console to restart the HTTP task on the server:
```
restart task http
```

For example, to search for the second specified name as a value for the mail attribute rather than the givename attribute, change the line as follows:

<![CDATA[(&(objectclass=person)(sn={0})(mail={1}))]]>

Note that zero {0} and one {1} indicate the first and second, comma-separated input values, respectively. Lotus Quickr does not accept more than two input values for the name.

If you customize this search filter, you should also customize the hint the interface provides for searching and possibly other directory lookup user interface settings.

Customizing the group lookup search

When someone types the name of a group in the directory lookup interface to search for a group name to add as a place member, by default the server searches for the group name in the cn attribute of groups defined as objectclass=groupOfNames You can use the qpconfig.xml file to specify a different attribute for which to search and a different group object class definition.

Perform the following steps:

Change values in the group_lookup element of the qpconfig.xml file as required by your LDAP directory. Values shown below are the default values.

<user_directory>
    <ldap>
      <search_filters>
        <authentication><![CDATA[(|(cn={0})(uid={0})(shortname={0}))]]>
        </authentication>
        <user_lookup><![CDATA[(&(objectclass=person)(sn={0})(givenname={1}))]]>
        </user_lookup>
        <group_lookup><![CDATA [(&(objectclass=groupOfNames)(cn={0}))]]>
        </group_lookup>
        <group_membership><![CDATA [(&(objectclass=groupOfNames)(member={0}))]]>
        </group_membership>
      </search_filters>
    </ldap>
  </user_directory>

Save the modified qpconfig.xml file.
Enter the following command at the server console to restart the HTTP task on the server:
```
restart task http
```

For example, to search for the objectclass value groupOfUniqueNames and search for the name in the grouptitle attribute, change the line as follows, where the zero {0} indicates that Lotus Quickr looks for only one name as input for a group name. :

<group_lookup><![CDATA [(&(objectclass=groupOfUniqueNames)(grouptitle={0}))]]></group_lookup>

Customizing the search used to determine group membership

After the server authenticates a user, it searches for all the groups of which the user is a member, in order to determine user access to places through group membership. By default the server searches for the users' names in the member attribute of groups defined as as objectclass=groupOfNames You can use the qpconfig.xml file to specify a different attribute for which to search and a different group object class definition.

Perform the following steps:

Change values in the group_membership element of the qpconfig.xml file as required by your LDAP directory. Values specified below in bold are the default values.

<user_directory>
    <ldap>
      <search_filters>
        <authentication><![CDATA[(|(cn={0})(uid={0})(shortname={0}))]]>
        </authentication>
        <user_lookup><![CDATA[(&(objectclass=person)(sn={0})(givenname={1}))]]>
        </user_lookup>
        <group_lookup><![CDATA [(&(objectclass=groupOfNames)(cn={0}))]]>
        </group_lookup>
        <group_membership><![CDATA [(&(objectclass=groupOfNames)(member={0}))]]>
        </group_membership>
      </search_filters>
    </ldap>
  </user_directory>

Save the modified qpconfig.xml file.
Enter the following command at the server console to restart the HTTP task on the server:
```
restart task http
```

For example, to search for the objectclass attribute value groupOfUniqueNames and the uniquemember attribute value, change the line as follows, where the zero {0} indicates that Lotus Quickr looks for only one name as input for a group name.:

<group_membership><![CDATA[(&(objectclass=groupOfUniqueNames)(uniquemember={0}))]]></group_membership>

How the Exact Match lookup option affects search filters

When a user searches the directory for a user or group to add to a place, whether or not the user selects the Exact Match search option has an effect on the search filters that is used.

For example, Table 12 describes the search filter used for user name lookups when one value and two comma-separated values are entered, depending on the Exact Match setting.

<user_lookup><![CDATA[(&(objectclass=person)(sn={0})(mail={1}))]]></user_lookup>

Table 12. Effect of Exact Match lookup option
Exact Match setting	Search filter used when users searches for: smi	Search filter used when user searches for: smi, @acme
Selected	sn=smi mail=*	sn=smi mail=@acme
Not selected	sn=smi* mail=*	sn=smi* mail=@acme*

Customizing the directory lookup interface

If IBM Lotus Quickr controls directory services, use the qpconfig.xml file to customize the user interface that users see when looking up users in the directory to add as place members. You can customize the search hint and also customize how the user interface displays the results of user searches.

Customizing the search hint in the directory lookup interface

By default the directory lookup interface prompts users to search for user names by typing last name, first name. If you have customized the user lookup search, also customize the search hint to reflect the change.

Perform the following steps:

Change values in the <search_ui_hint> element of the qpconfig.xml file. Values shown below are the default values.

<user_directory>
    <ldap>
      <search_ui_hint><![CDATA[( enter <B>last name, first name</B>)]]>
      </search_ui_hint>
      <search_ui_index>sn</search_ui_index>
    </ldap>
</user_directory>

Save the modified qpconfig.xml file.
Enter the following command at the server console to restart the HTTP task on the server:
```
restart task http
```

For example, if you specified the following line in the <user_lookup> element of qpconfig.xml:

<user_lookup><![CDATA[(&(objectclass=person)(sn={0})(mail={1}))]]></user_lookup>

you might then specify the following line in the <search_ui_hint> element:

<![CDATA[( enter <B>last name, email</B>)]]>

Note: You can specify a maximum of 250 characters.

Customizing the display of search results

By default, when a user searches for users in the directory, the search results show the values for the sn and givename attributes in the first column, distinguished names in the second column, and the sn attribute in the range field at the top of the search results box. To display different attribute values, change the values for the member_lookup_ui and search_ui_index elements in the qpconfig.xml file.

Perform the following steps:

To change the attributes that display in the first and second columns of search results, change values in the <member_lookup_ui> element of the qpconfig.xml file. Values specified below in bold are the default values. Change the value of the column_name element to change the attributes that display in the first column of results, and change the value of the column_disambiguate element to change the attribute that displays in the second column.
```
<user_directory>
    <ldap>
      <member_lookup_ui>
        <column_name>
          <person>sn, givenname</person>
        </column_name>
        <column_disambiguate>
          <person>dn</person>
        </column_disambiguate>
      </member_lookup_ui>
    </ldap>
  </user_directory>
```
To change the attribute value used to display the current range of names at the top of the results box, change the value of the <search_ui_index> element in qpconfig.xml. By default the value for the sn attribute shows in the range.
```
<user_directory>
    <ldap>
      <search_ui_index>sn</search_ui_index>
    </ldap>
</user_directory>
```
Save the modified qpconfig.xml file.
Enter the following command at the server console to restart the HTTP task on the server:
```
restart task http
```

For example, display the sn and mail attribute values in the first results column, specify:

<column_name>
   <person>sn, mail</person>
</column_name>

Sample user directory settings

If IBM Lotus Quickr controls directory services, the qpconfig.xml must be customized. Sample qpconfig.xml files are provided for Sun Java System Directory Server or IBM Tivoli Directory Server.

Because each directory can have a custom configuration, it is important to verify these with the LDAP directory administrator. The default values are assumed for omitted settings.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<server_settings>
   <user_directory>
      <ldap>
         <schema>
           <group>
             <object_class_value>groupOfUniqueNames</object_class_value>
             <member>uniquemember</member>
           </group>
         </schema>
         <search_filters>
            <group_lookup><![CDATA[(&(objectclass=groupOfUniqueNames)(cn={0}))]]>
            </group_lookup>
            <group_membership><![CDATA[(&(objectclass=groupOfUniqueNames)(uniquemember={0}))]]>
            </group_membership>
         </search_filters>
      </ldap>
   </user_directory>
</server_settings>

Customizing the search base used for group searches

By default, the search base you specify when you connect to an LDAP directory server is used for both user and group searches. You can use the qpconfig.xml file to specify a search base specifically for group searches.

For example, if the names of the groups you want to search are under ou=groups,o=acme in the directory name hierarchy, you could specify ou=groups,o=acme as the search base for groups so that only that branch of the directory is used for group searches.

Perform the following steps:

Specify a value in the <base_dn> element of the qpconfig.xml file, for example:

<user_directory>
   <ldap>
      <base_dn>
         <group>ou=groups,o=acme</group>
      </base_dn>
   </ldap>
</user_directory>

Save the modified qpconfig.xml file.
Enter the following command at the server console to restart the HTTP task on the server:
```
restart task http
```

Using nested groups

If your directory has nested groups -- groups within groups -- that contain the names of IBM Lotus Quickr users, use a notes.ini file setting to allow searches of the nested groups.

Perform the following steps:

Open the notes.ini file in the server's data directory.
Add the following line to the notes.ini file:
```
QuickPlaceNestedGroupLimit=value
```
where value represents the number of levels of groups the server can search. By default the level is 1, meaning that the server doesn't search nested groups.

Note: Specifying a value much larger than needed can degrade LDAP lookup performance.
Make sure to leave a blank line at the end of the file, and then close and save the file.
Enter the following command at the server console to restart the server so the change takes effect:
```
restart server
```

Customizing SSL connections

If you selected the option Check for SSL connection with LDAP user directory when you set up the connection to the LDAP directory server, optionally use qpconfig.xml settings to customize the Secure Sockets Layer (SSL) connection.

Perform the following steps:

Specify values in the <ssl_protocol> element of the qpconfig.xml file, for example:
```
<ldap>
   <ssl protocol="3" accept_expired_certs="true" 
verify_servername=" true"/>
</ldap>  
```
Table 13 describes the settings.
Save the modified qpconfig.xml file.
Enter the following command at the server console to restart the HTTP task on the server:
```
restart task http
```

Table 13. SSL settings in the qpconfig.xml file
Setting	Description
protocol="number"	Type one of the following numbers to specify the SSL protocol used for the connection to the LDAP server: 0 - Negotiated (default) 1 - LDAP V2.0 only 2 - LDAP V3.0 handshake 3 - LDAP V3.0 only 4 - LDAP V3.0 with V2.0 handshake
accept_expired_certs="value"	Type "false" to prevent Lotus Quickr from accepting a certificate from the LDAP server if the certificate has expired. Type "true" (the default) to accept a certificate that has expired.
verify_servername="value"	Type "false" to prevent Lotus Quickr from verifying whether the LDAP server host name matches the host name in the SSL certificate. Type "true" (the default) to require that the host name matches the host name in the certificate. Note: If the value is set to "true" but the host name does not match the host name in the certificate, then LDAP authentications fail.

Using accented characters in user names (AIX)

If IBM Lotus Quickr runs on IBM AIX use a notes.ini file setting to allow the use of accented characters in LDAP directory user names.

Perform the following steps:

Add the following setting to the server notes.ini file::
PLATFORM_CSID=20
Make sure to leave a blank line at the end of the file, and then close and save the file.
Enter the following command at the server console:
```
restart server
```

Testing access to an LDAP directory server

If the connection is done to the LDAP directory server anonymously (that is, without supplying credentials), the LDAP directory server must allow anonymous access to the attributes used by Lotus Quickr. You can use the Lotus Domino ldapsearch tool to test the server access to LDAP attributes.

To test access to attributes, from the program directory on the Lotus Quickr server, enter a command such as the following one:

ldapsearch -h ldap.acme.com cn=arch*

In this example, ldap.acme.com is the LDAP directory server. The command returns the list of accessible users with common names that begin with the string "arch". If your LDAP directory server is configured to allow access only with specific credentials, you can use the same search, supplying the credentials on the command line:

ldapsearch -h ldap.acme.com -D [username] -w [password] cn=arch*

Using the ldapsearch tool is one of the first steps to take when troubleshooting LDAP directory problems. If you cannot do lookups using ldapsearch there is an underlying network or directory server problem. For more information on ldapsearch, see Domino Administrator Help.

Access to the Domino Directory through LDAP

If you use the Domino Directory as your LDAP directory, fields in the Domino Directory are mapped to LDAP attributes. To view the mapping, open the Domino LDAP Schema database (schema.nsf) on the server. Lotus Quickr and ldapsearch use the attribute names rather than field names. For example, the field OfficePhoneNumber in the Domino Person document is mapped to the LDAP attribute telephonenumber. Telephonenumber is the name used in ldapsearch and in Lotus Quickr.

If Domino is your LDAP directory and Lotus Quickr connects to it anonymously, you can edit the Domain Configuration Settings document in the Domino Directory to update the list of attributes allowed for anonymous access. For more information on setting access to a Domino LDAP directory, see Domino Administrator Help.

Disconnecting from a user directory

If you disconnect from a user directory, place managers can specify only local members. Any existing external place members no longer have access to the places.

Perform the following steps to disconnect from a user directory:

Log in to the Lotus Quickr server as an administrator.
Click Site Administration.
Click User Directory.
Click Change Directory.
In the Type field click No Directory.
Click Next.

Configuring the Place Catalog

The Place Catalog is a database that collects information about IBM Lotus Quickr places and servers. A local Place Catalog is enabled by default on each Lotus Quickr server.

Note: You can customize the Place Catalog configuration, for example, set up a Place Catalog server, which is a server with a Place Catalog that multiple servers share.

Perform the following steps to configure Place Catalog settings in the qpconfig.xml file.
Note: If you have only one server in your environment, or if you have more than one server but each uses its own Place Catalog, these steps are unnecessary unless you want to customize the Place Catalog settings.
1. Open the qpconfig.xml file in the Domino data directory or create the file it it does not exist already.
2. Specify the following settings in the file, replacing the values shown below with ones required for your environment:
```
<place_catalog enabled="true" log_level="0">
   <connection_pool size="8"/>
   <place_catalog_servers>
      <server>
         <domino_server_name>PlaceCatalog/Acme
         </domino_server_name>
      <nsf_filename>PlaceCatalog.nsf</nsf_filename>
      </server>
   </place_catalog_servers>
</place_catalog>
```
  See Table 14 for a description of the settings.
3. Save the modified file.
4. Enter the following command at the server console to restart the HTTP task:
```
restart task http
```
  Note: If you use clustering, you must complete additional steps to set up the Place Catalog for the cluster environment.
If you will use a Place Catalog server with a Place Catalog that multiple servers share, perform the following steps on the Place Catalog server:
1. Make sure the server is accessible to other Lotus Quickr servers over Lotus Notes RPC (TCP/IP port 1352) and the HTTP protocols. This is set up by default.
2. Open the Place Catalog: from IBM Lotus Notes, click File > Database > Open, select the Place Catalog server in the Server field, and then type placecatalog.nsf in the Filename field.
  Note: You must type the file name because, by default, the Open Database window does not display the Place Catalog database for you to select.
3. Click File > Database > Access Control, and give access only to Lotus Quickr servers and system administrators. By default, the database has the following listed as Managers in the ACL: Lotus Quickr Place Catalog server, the IBM Lotus Dominoadministrator, LocalDomainServers, and QuickPlaceAdministratorsSUGroup.
4. Click File > Database > Properties, click the second-to-the-last tab on the right, and click Create Index to create a full-text index. The Place Catalog database must be full-text indexed for the qptool report command and the My Places feature to work. For more information on creating and updating full-text indexes, see Domino Administrator Help.

Table 14. Place Catalog settings in the qpconfig.xml file
Element or attribute	Description
place_catalog enabled	The place_catalog section contains settings to enable the server to use a Place Catalog. Set the "enabled" attribute to "true" to tell the server to search for an existing Place Catalog. The default setting is enabled="true." To prevent the server from looking for a Place Catalog, change the enabled attribute to enabled="false" or remove the entire <place_catalog> section.
log_level	You can log operations related to the Place Catalog in the Domino server console as follows: Level 1 - Logs all Catalog database open and close operations Level 2 - Logs all server registration operations Level 3 - Logs all place registration operations Level 4 - Logs all member registration operations Each level also includes the information in the levels below it.
connection_pool size	For efficiency, the Lotus Quickr server creates a pool of connections to the Place Catalog that can be shared by the different requests the server receives. This number should reflect the number of simultaneous requests that could result in a query or update to the Place Catalog. These types of requests include creation of places, the addition of or changes to place membership, and administration requests made by qptoo1. You may want to start with a number representing a third of the maximum HTTP threads. For example, if the server uses 90 threads, then set this value to 30.
domino_server_name	Type the Domino hierarchical name of the Place Catalog server, for example, PlaceCatalog/Acme. If this server will use a Place Catalog on a different server, specify the name of that server.
nsf_filename	Specify the name of the Place Catalog database, for example, PlaceCatalog.nsf. If this server will use a Place Catalog on a different server, specify the database name of that Place Catalog on that server.

How the Place Catalog Works

The Place Catalog contains data on IBM Lotus Quickr servers, and the places, rooms, and members on those servers. Each server, place, and room has a separate entry in the Place Catalog. An entry is implemented as an IBM Lotus Notes document.

The Place Catalog enables administrators to use the qptool report command, or an XML interface to the Lotus Quickr Java XML API, to report statistics on places and servers. It enables place members to use My Places to see a list of places they belong to and statistics about those places, as well as to search content across places and servers.

Note: A room entry in the Place Catalog is labeled as a place entry. However, it shows statistics for the room only.

The following figure shows an example of a Catalog entry for a place named "place1:"

The following figure shows a Place Catalog entry for a Lotus Quickr server called "server1.acme.com."

How entries are updated

Some events cause immediate updates to the Place Catalog, while others cause updates only after the qptool placecatalog -push command is run. By default, a server notes.ini file includes the setting ServerTasksAt3=qptool placecatalog -push -a so that the command runs daily at 3 A.M.

The following place and room statistics are updated through qptool placecatalog -push:

PlaceLastModified
PlaceSize
NumberOfReaders
NumberOfAuthors
NumberOfManagers
NumberOfEditors
NumberOfDocs
NumberOfDrafts
NumberOfAttachments
NumberOfCustomForms
NumberOfOfflineInstalls
LargestDocSize
LasyDayUses
LastDayReads
LastDayWrites
LastWeekUses
LastWeekReads
LastWeekWrites
LastMonthUses
LastMonthReads
LastMonthWrites

The following table describes the events that cause immediate updates to the Place Catalog:

Table 15. Events that are create or update Place Catalog entries in real time
Event	Description
Server registration or unregistration	A server becomes part of the service when qptool register -server command is issued, or when a place is created on the server. When a place is created, an entry for the server is immediately created in the Catalog if one does not already exist. Similarly, when qptool unregister -server is issued, the entry for the server is immediately removed from the Catalog.
Place removal by qptool unregister	The server's place entry is removed. If the place is part of a Lotus Quickr server cluster with a virtual server, the virtual server place entry is also removed.
Place creation from a browser or by qptool register	A new entry is created. The Place Catalog server must be running for users to create new places in the service. If the place is created on one server in a cluster, an entry for the virtual server is also created.
Place creation on a cluster server node by qptool replicamaker	A place entry for that server cluster node is created.
Place deletion from a browser or by qptool remove	The place's entry is deleted. Its name cannot be used for a new place until the qptool remove -cleanup command has run, either automatically overnight, or manually by the administrator. In a cluster environment, this would have to be done on all cluster nodes.
Place deletion in a cluster server node by qptool remove -cleanup	The place's entry for that server node is deleted from the catalog.
Member creation	The new member is added to the place entry with the proper access level.
Member removal	The member is removed from the place entry.
Member access change	The member moves to the field appropriate to their new access level.
Place accessed	The PlaceLastAccessed field is updated, which can take up to a minute.
Place login	The LoginCounts field value is incremented.
Document read	The DocReadCounts field value is incremented.
Posting	The PostingCounts field value is incremented.
Place locking by qptool lock	The PlaceIsLocked field of the Place Catalog entry is set to 1. If the place is in a cluster with a virtual server, the PlaceIsLocked field in the virtual server entry is also set to 1.
Place unlocking by qptool unlock	The PlaceIsLocked field of the Place Catalog entry is set to 0. If the place is in a cluster with a virtual server, the PlaceIsLocked field in the virtual server entry is also set to 0.

Note: You can use the qptool placecatalog -reset command to reset the place login, document read, and posting values to 0.

Rebuilding the Place Catalog

In the event that the Place Catalog becomes corrupt or if the server names or have changed, a rebuild of the placecatalog.nsf database using the placecatalog.ntf template may be required. This also requires a re-register of all servers and places to populate the placecatalog.nsf database with the required documents. This procedure should be performed when there is no user activity on the server as this will affect the My Places and other features of Quickr Domino.

Rebuilding the Place Catalog in a stand-alone Quickr environment

(If the server is clustered then refer to the section titled: Rebuilding the Place Catalog in a clustered Lotus Quickr for Domino environment.

Check the qpconfig.xml file and ensure it contains the required <place_catalog> configuration. If users will be connecting to Lotus Quickr using a Virtual Hostname, go to the <Cluster> section of the qpconfig.xml to ensure that this is correctly configured with the required correct hostname and protocol prior to the rebuild.
Unregister the server and all places using the following qptool commands:
```
load qptool unregister –server
load qptool unregister –a
```
When the previous commands have completed successfully, stop the HTTP task by issuing the following Domino console command:
```
Tell http quit
```
Enter the Domino console command:
```
dbcache flush
```
Open the Domino\data directory and delete the database placecatalog.nsf.
Open the Domino\data directory and delete the database placecatalog.ft folder.
Restart the Domino HTTP server task. This should automatically generate a new placecatalog.nsf database based on the placecatalog.ntf template database.
Run the following Domino console command to re-register the Place server document(s) in the placecatalog.nsf.
```
load qptool register –server
```
Run the following Domino console command to re-register all places and create the place documents in the placecatalog.nsf.
```
load qptool register –a
```
To update the statistics for each place in the newly recreated place documents, run the following qptool command:
```
load qptool placecatalog –update
```

Rebuilding The Place Catalog In A Clustered Quickr Domino Environment

These steps apply to a Quickr Domino clustered environment if the placecatalog.nsf is replicated to all servers in the cluster. In this scenario, before you begin, choose one Lotus Quickr for Domino server to be the primary server for performing the majority of administration tasks.

The first six steps (1 – 6) are to be carried out on all Lotus Quickr Domino servers in the cluster:

Check the Domino\Data\qpconfig.xml file to ensure it contains the required <place_catalog> and <Cluster> configuration.
Add the parameter <always_update_using_master_cluster_server enabled="true"> to the <place_catalog> section of the qpconfig.xml, for example:
```
<place_catalog enabled="true" log_level="0">
       <always_update_using_master_cluster_server enabled="true"/>
....
    </place_catalog>
```
Unregister the server and all places by entering the Domino console commands:
```
load qptool unregister –server
load qptool unregister –a
```
Stop the HTTP task by issuing the Domino console command:
```
Tell http quit
```
Release the placecatalog.nsf database from the cache by entering the Domino console command:
```
dbcache flush
```
Open the Domino\data directory and delete the database placecatalog.nsf.
Note: The Domino indexer or other Domino tasks might not release the placecatalog.nsf database for deletion. In some cases a server shut down is required.
Open the Domino\data directory and delete the database placecatalog.ft folder.
Note: The Domino indexer or other Domino tasks might not release the folder for deletion. In some cases a server shut down is required.
On only the primary Quickr Server in the cluster, restart the HTTP task:
```
Load http
```
A new empty placecatalog.nsf database based on the placecatalog.ntf template database should automatically be created in the Domino\Data directory on server or HTTP restart if the database does not exist. However the My Places feature will contain an empty list of places until the server and places are re-registered.
The Placecatalog.nsf database Access Control List (ACL) should include LocalDomainServers as manager. All Quickr servers in the cluster should be in the Domino LocalDomainServers group. If this is not the case, add every server as Manager to the ACL of the placecatalog.nsf.
Create a replica copy of the new placecatalog.nsf from the primary server to all servers in the cluster.
On all Lotus Quickr servers in the cluster, run the following Domino console command to re-register the Place server document(s) in the placecatalog.nsf:
```
load qptool register –server
```
Replicate the placecatalog.nsf so that all servers in the cluster are synchronized.
On all Lotus Quickr servers in the cluster, run the following Domino console command to re-register all places and create the place documents in the placecatalog.nsf:
```
load qptool register –a
```
Replicate the placecatalog.nsf again so that all servers in the cluster are synchronized.
On only the primary Lotus Quickr server in the cluster, run the following commands:
```
load qptool placecatalog -push -a
load qptool placecatalog –update
```
Replicate the placecatalog.nsf so that all servers in the cluster are synchronized. A placecatalog document should exist for every physical server and one document for the virtual. There should be several place documents for every place. Every place should have a document for each of the physical servers and the virtual cluster server. So in a two-server Quickr cluster, there should be three server placecatalog documents. For every place on the server there should also be three place documents. If this is not the case you may need to manually remove any duplicate documents that have been generated.
Restart HTTP on the remaining Lotus Quickr servers in the cluster.
Ensure the Placecatalog.nsf FT index folder is created on all Lotus Domino servers. This will happen automatically within one hour if the UPDATE task is running.

Configuring security

Configuring security for the IBM Lotus Quickr involves configuring user authentication, configuring user access to the server, as well as performing other miscellaneous security configuration tasks.

Configuring user authentication

By default, the server uses basic name-and-password authentication to authenticate place members that connect through Web browsers or Lotus Quickr connectors. If you configure the server to connect to a user directory, there are additional methods available for authentication of external members, with the methods available dependent on whether IBM Lotus Quickr or IBM Lotus Domino controls directory services.

If Lotus Quickr controls directory services, you can use the default basic name-and-password authentication or multi-server session-based name-and-password authentication (single sign-on). With single sign-on, users can log in to a server once and during that session automatically access any server enabled for single sign-on in the DNS domain without providing names and passwords again.

If Lotus Domino controls directory services, you can use multi-server single sign-on internet client authentication, or SSL certificate authentication. For information on configuring user authentication when Lotus Domino controls directory services, see Domino Administrator Help.

In addition to these authentication methods, Lotus Quickr supports the use of custom authentication applications through the Domino Server API (DSAPI). This interface allows some third-party vendors to design a DLL to support authentication for access to Lotus Quickr place databases.

Note: To use SSL to encrypt the data transferred between Web browsers and Lotus Quickr server, enable SSL on the Domino Web server. For more information, see Domino Administrator Help.

Modifying cache settings related to user authentication

After a IBM Lotus Quickr server successfully authenticates a user, it adds the user's name, password, and the groups of which the user is a member to its user cache. The next time the user attempts to authenticate, the server can quickly access the information in the cache to speed up authentication. You can modify the maximum number of user entries allowed in the cache and the length of time the entries remain in the cache.

Peform the following steps:

Open the notes.ini file in the domino_server_root directory with a text editor.
To change the maximum number of user entries allowed in the cache, specify the following setting. The default value is 64 entries.
```
QuickPlaceMaxCachedUsers=number
```
where number is a number of user entries.

When the cache reaches the specified number, older entries are removed to make room for new ones that are needed.
To specify the length of time user entries remain in the cache before the server removes them, specify the following setting. By default, entries remain in the cache for 120 seconds.
```
QuickPlaceExpireCachedUsers=interval
```
where interval is the length of time in seconds.
Make sure to leave a blank line at the end of the file. Press Enter, if necessary, to create one.
Close and save the file.
Enter the following command at the server console to restart the server so your changes takes effect:
```
restart server
```

Configuring access to the server

A user with administrator access can control who has administrator access to the IBM Lotus Quickr server, who can create places on the server, and who has super user access to the server.

Specifying administrators

A user with administrator access can use the Site Administration link to perform a variety of administrative tasks, can create and delete places and PlaceTypes, and can control which users can create places. You created a local administrator as part of server installation. You can give additional users administrator access.

Giving administrator access to external users

Use the Site Administration link to add or remove administrator access for external users.

Perform the following steps:

Log in to the server as an administrator.
Click Site Administration.
Click Security.
To grant a user administrator access, perform the following steps:
1. Below Who can administer this server, click Add.
2. Select Add existing network users from the directory.
3. Click Directory.
4. Search for the name.
  Tip: If the results of the search span multiple pages, use the arrow boxes above the name list to view the next or previous page of results.
5. Select the check box next to each name that should have administrator access.
6. Click Add.
7. Click Close.
8. Click Next.
To remove administrator access for a user, perform the following steps:
1. Below Who can administer this server? click Remove.
2. Select the check box next to each name that should no longer have administrator access.
3. Click Next.

Giving administrator access to local users

You can use the Site Administration link to add and remove local administrators, and to modify local administrator names, passwords, and e-mail addresses. Note that you cannot remove or modify the local administrator account that you created during server installation.

Perform the following steps:

Log in to the server as an administrator.
Click Site Administration.
Click Security.
To add a new local administrator, perform the following steps:
1. Below Who can administer this server, click Add.
2. If the server is not connected to a user directory, type the user name, password, and e-mail address for the new local administrator, and then click Next. If the server is connected to a user directory, instead perform the following steps:
  1. Click Create new users specially for access to this Lotus Quickr server.
  2. Type the user name.
  3. Click Next.
  4. Type the password and e-mail address.
  5. Click Next.
To modify a local administrator's name, password, or e-mail address, perform the following steps:
1. Below Who can administer this server?, highlight the administrator to modify.
2. Click Modify.
3. Change the user name, password, or e-mail address, as desired.
4. Click Next.
To remove a local administrator, perform the following steps:
1. Below Who can administer this server? click Remove.
2. Select the check box next to each name that should no longer have administrator access.
3. Click Next.

User authentication with cn as the second distinguished name component

If IBM Lotus Quickr controls directory services and the second component of a user's distinguished name in an external directory is cn, by default the server converts the cn component to ou in the access control lists of places. You can fix this by specifying a qpconfig.xml file setting.

If IBM® Lotus Quickr controls directory services and the second component of a user's distinguished name in an external directory is cn, by default the server converts the cn component to ou in the access control lists of places. This conversion can prevent a user from signing in to the place. For example, if the distinguished name of a user in an external directory is uid=abrown,cn=users,dc=acme,dc=com, by default the server uses the following name instead in place access control lists: uid=abrown,ou=users,dc=acme,dc=com (in the Domino format uid=abrown/ou=users/dc=acme/dc=com).

If you experience authentication failures because of this behavior, correct the problem by specifying the following setting in the qpconfig.xml file to retain second cn components found in names:

<user_directory>
   <ldap>
      <schema>
        <secondary_cn_component enabled="true"/>
      </schema>
    </ldap>
</user_directory>

Specifying who can create places on the server

As administrator, you can allow only specific users to create places or you can allow all users who have access to the server to create places. Someone with super user access to the server can create places without being given this access explicitly.

Specifying which external users can create places

If the server is connected to a user directory, use the Site Administration link to specify the names of external users who you want to allow to create places.

Perform the following steps:

Log in to the server as an administrator.
Click Site Administration.
Click Security.
To grant a user the access to create places, perform the following steps:
1. Below Who can create new places on this server?, select Only specific users (or groups) who provide a name and password.
2. Click Add.
3. Select Add existing network users from the directory.
4. Click Directory.
5. Search for the name.
  Tip: If the results of the search span multiple pages, use the arrow boxes above the name list to view the next or previous page of results.
6. Select the check box next to each name that should have administrator access.
7. Click Add.
8. Click Close.
9. Click Next.
To remove a user's access to create places, perform the following steps:
1. Below Who can create new places on this server? click Remove.
2. Select the check box next to each name that should no longer have the access to create places.
3. Click Next.

Specifying which local users can create places

Use the Site Administration link to specify the names of any local users who you want to allow to create places.

Perform the following steps:

Log in to the server as an administrator.
Click Site Administration.
Click Security.
To grant a user the access to create places, perform the following steps:
1. Below Who can create new places on this server, select Only specific users (or groups) who provide a name and password.
2. Click Add.
3. If the server is not connected to a user directory, type the user name, password, and optional e-mail address for the local user, and then click Next. If the server is connected to a user directory, instead perform the following steps:
  1. Click Create new users specially for access to this Lotus Quickr server.
  2. Type the user name.
  3. Click Next.
  4. Type the password and optional e-mail address.
  5. Click Next.
To modify the name, password, or e-mail address of a local user who can create places, perform the following steps:
1. Below Who can create places on this server?, highlight the name to modify.
2. Click Modify.
3. Change the user name, password, or e-mail address, as desired.
4. Click Next.
To remove the access to create places from a user, perform the following steps:
1. Below Who can create places on this server? click Remove.
2. Select the check box next to each name that should no longer be allowed to create places.
3. Click Next.

Allowing all users who have access to the server to create places

You can allow all users who can access the server to create places on it. This access is not allowed by default.

Perform the following steps:

Log in to the server as an administrator.
Click Site Administration.
Click Security.
Below Who can create new places on this server, select Anyone who can connect to the server.

Specifying owner (super user) access to the server

A user granted owner (formerly known as super user) access to the server can read and edit every page in every place, customize every place, control the membership of every place, create places, and use the Site Administration link to perform administration tasks. By default, no owner is defined.

Note the following additional points about owner access:

You can give owner access only to an external user or group.
Offline functionality is not supported when accessing a server as an owner.
You use the qpconfig.xml file to control owner access from a browser and a QuickPlaceAdministratorsSUGroup in the Domino Directory to control owner access from a Lotus Notes client.
Place managers automatically have owner access to the places they manage, and can give additional users owner access to those places. See the Help for additional information on place membership.
If a user is an owner as well as an explicit member of a place, the user's level of access depends on whether the place uses standard membership or expanded membership. If the place uses standard membership, the user gets the access assigned through the explicit membership. If the place uses expanded membership, the user gets owner access to the place. For example, if a user with owner access is also a member of a place with Reader access and the place uses standard membership, the user has Reader access to the place. However, if the place uses expanded membership, the user has owner access to the place.
There still is a site-wide super user that is known as such.

Specifying who has super user access from a browser

Use the qpconfig.xml file to specify who has super user access to the server when accessing it from a browser. You can specify only one name as a super user, either an external user or an external group name.

Perform the following steps

Open the qpconfig.xml file in the domino_data_root directory, or create the file if it does not exist already.
Specify the following setting in the file, for example:
```
<super_user enabled="true">
   <dn>cn=Lotus Quickr Admin,o=ibm</dn>
</super_user>
```
where cn=Lotus Quickr Admin,o=ibm is the distinguished name of a user or group in the user directory. Type the distinguished name exactly as it is in the directory; be sure to match character case and to include any spaces in the name.
Save the modified file.
Enter the following command at the server console to restart the HTTP task:
```
restart task http 
```

Specifying who has super user access from a Lotus Notes client

Create a group in the Lotus Domino Directory to specify who has super user access when accessing the server from a IBM Lotus Notes client.

Perform the following steps:

Create a group called QuickPlaceAdministratorsSUGroup in the Domino Directory that the Lotus Notes clients use.
Add as members the names to which you want to grant super user access.

Note: You can give the same user or users super user access through the browser and through Lotus Notes if the Lotus Notes client's Domino Directory is also the IBM Lotus Quickr user directory. Create the QuickPlaceAdministratorsSUGroup as described above, and also specify CN=QuickPlaceAdministratorsSUGroup as the distinguished name in the super_user element in the qpconfig.xml file.

Using groups to extend membership

You can set up expanded membership, use the qpconfig.xml file to enable the feature on the server, use the Site Administration link to configure the name and password to use to connect to the LDAP directory, and use qptool to enable expanded membership in a place or places.

The effective use of groups in the LDAP directory is the best approach to handling large member access lists. The EMM feature should be considered an alternative method.

Enabling expanded membership on the server

To enable the Expanded Membership Model (EMM) on the server, use the qpconfig.xml file.

The effective use of groups in the LDAP directory is the best approach to handling large member access lists. If you are currently using Expanded Membership Model or would like to use it, refer to this technote before installing or upgrading Lotus Quickr. The EMM feature should be considered an alternative method.

Open the qpconfig.xml file in the domino_data_root directory, or create the file if it does not exist already.
Specify values in the expanded_membership_model element in the file. Values shown below are example values that you should customize to meet the needs of your environment.
```
<expanded_membership_model enabled="true">
   <ldap_server ssl="false">
      <port>389</port>
      <hostname>quickr.acme.com</hostname>
      <base_dn>OU=emmGroups,O=acme</base_dn>
   </ldap_server>
</expanded_membership_model>
```
Note: Be sure to type the base_dn value using the exact character case used in the directory.
Table 16 describes these settings.
Save the modified file.
Enter the following command at the server console to restart the HTTP task:
```
restart task http 
```

Table 16. Description of the expanded_membership_model setting in qpconfig.xml
Setting	Description
expanded_membership_model enabled=`value`	Type "true" to enable expanded membership or "false" to disable it. Do not type "false" if any places are set up to use expanded membership.
ldap_server ssl=`value`	Specify "true" to use SSL encryption when connecting to the LDAP directory server that will store the expanded membership groups. Otherwise, specify "false."
ldap_server port `value`	Type the port number for the LDAP directory server that will store the expanded membership groups. Typically an LDAP server uses port 389 for unencrypted connections and port 636 for SSL connections.
ldap_server hostname `value`	Type the host name of the LDAP directory server that will store the expanded membership groups. The host name can be the LDAP server that IBM Lotus Quickr already uses, or a different one. You must specify a host name, regardless. The directory must allow write access.
ldap_server base_dn `value`	Type the base distinguished name (directory node) under which to create the groups. The base distinguished name must already exist in the directory - the server does not create it. The components of the base distinguished name do not have to be O and OU. Do not use "OU=QP" as part of the base distinguished name because that is a reserved organizational unit in Lotus Quickr. If the directory server that stores the expanded membership groups is the same one that Lotus Quickr uses for other purposes, for better performance, specify a base distinguished name for the expanded membership groups that is outside the base used for group lookups generally. For example, if the base specified for group lookups generally is OU=groups,O=acme, use a different base for the expanded membership groups, for example OU=emmgroups,O=acme. Using separate base distinguished names for the two types of groups optimizes performance by preventing unnecessary searches of the expanded membership groups during the process of user authentication. Note: If you use Microsoft Active Directory, you must create a user entry in the directory that begins with CN=h_VirtualMember at the specified base_dn. For example, if you specify OU=emmGroups,DC=acme,DC=com as the base_dn, in Active Directory create the following user entry: CN=h_VirtualMember,OU=emmGroups,DC=acme,DC=com.

Configuring the name and password to use to connect to the LDAP server

Configure a user name and password for the IBM Lotus Quickr server to provide when connecting to the LDAP directory server that stores the expanded membership groups. The name and password must correspond to a valid user record in the directory, and the name must have write access to the base distinguished name used for the expanded membership groups.

If the directory allows anonymous write access to the base distinguished name (not a typical configuration), this step is unnecessary.

Perform the following steps:

Log in to the server as an administrator.
Click Site Administration.
Click User Directory.
Click Change Directory.
Below Expanded Membership Model:
- Type the user name in distinguished name format, for example, cn=qpadmin,o=acme.
- Type the password for the name.
Note: You see the Expanded Membership Model option only after you have enabled expanded membership on the server through the qpconfig.xml file
Click Next.

Enabling expanded membership in places

If you have enabled expanded membership on the server, use the qptool membershipmodel command to enable expanded membership in one place, specific places, or all places. The effective use of groups in the LDAP directory is the best approach to handling large member access lists.

After you have enabled expanded membership in a place, reverting the place to standard membership is not supported. If there are replicas of a place, run the command on one replica only.

To enable expanded membership in a place or places, enter the following command at the server console:

load qptool membershipmodel arguments

where arguments are arguments described in the following table:

Table 17. Arguments for enabling expanded membership in places
Argument	Description
-?	Prints help on the command.
-toexpanded	Converts places to expanded membership.
-a	Runs the command on all places that do not currently use expanded membership
-p `places`	Runs the command on a place or a space-separated list of places.
-i inputfilename	Runs on places specified in an XML input file.
-o outputfilename	XML output file that logs the results of the command. By default the command logs results to qptool.membershipmodel.xml in the server program directory.

Table 18 provides examples of using the membershipmodel command to enable expanded membership in places.

Table 18. Examples of enabling expanded membership in places
Task	Command
Enable "placeofmanymembers" to use expanded membership.	>load qptool membershipmodel -toexpanded -p placeofmanymembers
Enable all places that do not currently use expanded membership to use expanded membership.	>load qptool membershipmodel -toexpanded -a

Hiding the Log In and Log Out links

After a user logs in to a place, the interface displays the Log Out link, and when the user logs out, the Log In link. You can hide the Log In and Log Out links after a user logs in. You might want to do this if single sign-on is enabled on the server, or if the server is running on a public pedestal, for example, at a trade show.

Perform the following steps to hide the Log In and Log Out links after initial log in:

Open the qpconfig.xml file in the domino_data_root directory, or create the file if it does not exist already.

Specify the following settings in the file:

<authentication>
    <sign_out enabled="false"/>
    <sign_in enabled="false"/>
</authentication>

Save the modified file.
Enter the following command at the server console to restart the HTTP task:
```
restart task http 
```

Configuring browser caching for tighter security

For additional security, configure the server to clear the Internet Explorer browser cache on user logout, and to prevent caching of IBM Lotus Quickr pages in browsers.

Clearing Lotus Quickr files from the Internet Explorer cache

This feature is supported for Internet Explorer only and only applies to blogs or wikis still using the ActiveX control. In Lotus Quickr 8.5, standard places no longer use the ActiveX control, so this setting is not applicable for them.

As a security measure, configure the server to clear the IBM Lotus Quickr files (files from any URL that contains "/quickplace/" or "/quickr/" ) from the browser cache when users click Log Out from places. The browser cache is cleared only if the sign_out element in the qpconfig.xml file is set to true, if ActiveX controls are enabled on the server, and if ActiveX is enabled on the browser. Internet Explorer enables ActiveX by default.

The Log Out link is never available to anonymous users, and to users who access places in accessibility mode on a server that is not enabled for single sign-on. The Log Out link is unavailable to all users if you configure the server to hide the Log Out link. If the Log Out link is unavailable for any of these reasons, you can configure the server to prevent caching of Lotus Quickr pages on browsers.

To configure the server to clear Lotus Quickr files from the Internet Explorer cache, perform the following steps:

Open the qpconfig.xml file in the domino_data_root directory, or create the file if it does not exist already.

Specify the following settings in the file:

<authentication>
   <sign_out enabled="true"/>
      <clear_browser_cache enabled="true"/>
</authentication>

Save the modified file.
Enter the following command at the server console to restart the HTTP task:
```
restart task http 
```

Preventing caching of pages that contain data on browsers

By default, the server caches on browsers all IBM Lotus Quickr pages that users access. As a security measure, use the qpconfig.xml file to allow the server to cache only pages that do not contain data.

Any IBM Lotus Quickr pages containing data that users access after you have added this setting are not cached. Pages that do not contain user data continue to be cached for better performance. This feature is available for all supported browsers.

Perform the following steps to prevent caching pages that contain data:

Open the qpconfig.xml file in the domino_data_root directory, or create the file if it does not exist already.

Specify the following settings in the file:

<browser_caches_place_content enabled="false">
</browser_caches_place_content>

Save the modified file.
Enter the following command at the server console to restart the HTTP task:
```
restart task http 
```

Protecting against cross-site scripting (XSS) attacks and additional security settings

As an administrator, you can configure several security settings for your system in the qpconfig.xml file. You can configure settings to guard your server against cross-site scripting attacks. Additionally, you can predefine a set of uploadable file types and create a set of privileged users that can upload files of file types in addition to the predefined file types.

Perform the following steps:

Locate the qpconfig.xml file in the domino_data_root directory, or create the file if it does not exist already. If there is no qpconfig.xml file, make a copy of the qpconfig_sample.xml file in the domino_data_root directory and name the copy qpconfig.xml.
Make sure there is a <security> section in the file. If there is no <security> section, copy that element from the qpconfig_sample.xml file.

Within the <security> element, apply the following configurations settings:

Table 19. Description of elements in the security section
Element	Description
`<xss_protection>`	Set the enabled attribute to `true` to enable protection against cross-site scripting attacks via upload of files injected with XSS code.
`<urilink_field_protection>`	Set the enabled attribute to `true` to enable predefining and checking schemes and protocols entered in the link field.
`<allowed_schemes>`	Specify the values of the allowed schemes and protocols for the link fields. Remember: http and https protocols are implicitly included in the list of allowed schemes.
`<uploadable_filetypes>` (element of `<security>`)	Set the enabled attribute to `true` to restrict the uploadable files by the predefined list of file types. Specify a comma-separated list of the permissible uploadable file types as the value of this element. Tip: To allow all file types, specify ".*"; to allow upload of files with no extension, specify "."
`<privileged>`	Set the enabled attribute to `true` to specify privileged users.
`<users>`	Specify the privileged users.
`<uploadable_filetypes>` (element of `<privileged>`)	To enable the privileged users to upload files of file types in addition to the ones specified in the direct `<uploadable_filetypes>` element of the `security` element, set the enabled attribute of the `<uploadable_filetypes>` element to `true`. Specify a comma-separated list of the additional file types that can be uploaded by the privileged user as the value of the `<uploadable_filetypes>` element. Tip: To allow all file types, specify ".*"; to allow upload of files with no extension, specify "."

Save the qpconfig.xml file.
Enter the following command at the server console to restart the HTTP task on the server.
```
restart task http 
```

The following example describes the required security settings in qpconfig.xml for a system that provides protection against cross site scripting attacks, restricts users to upload files of file types, .txt,.pdf,.doc,.ppt,.xls,.docx,.pptx,.xlsx,.png,.jpg,. and gif only, and does not allow upload of files that contain link fields with schemes other than http, https, ftp and linkto.

Further, the following settings grant privileges to users, Lotus Quickr Admin and Lotus Domino Admin, to upload files of additional file types, .html,.htm,.css,.java,.lss.

<security>
      <xss_protection enabled="true" />
      <urilink_field_protection enabled="true">
         <allowed_schemes>ftp,mailto</allowed_schemes>
      </urilink_field_protection>
      <uploadable_filetypes enabled="true">.txt,.pdf,.doc,.ppt,.xls,.docx,.pptx,.xlsx,.png,.jpg,.gif</uploadable_filetypes>
      <privileged enabled="true">
         <users>
	    			<dn>cn=Lotus Quickr Admin,o=ibm</dn>
	    			<dn>cn=Lotus Domino Admin,o=ibm</dn>
		 		</users>
         <uploadable_filetypes enabled="true">.html,.htm,.css,.java,.lss</uploadable_filetypes>
      </privileged>
   </security>

Configuring FIPS

To make your implementation of IBM Lotus Quickr services for Lotus Domino FIPS compliant (which provides stronger protection for ID files, mail and documents, and single sign-on (SSO) configurations), you need to enable FIPS on a reverse proxy server that uses the Caching Proxy and Load Balancer Edge components included with the WebSphere Application Server. The reverse proxy server must be enabled for SSL and FIPS so that all requests to Lotus Quickr services for Domino go through the proxy.

The communication with the Lotus Domino backend is handled by the reverse proxy server only; there is no direct browser access by clients.

The Advanced Encryption Standard (AES) algorithm is optionally available for use with some encryption features. The AES algorithm is widely used and is approved by Federal Information Processing Standard (FIPS) 140-2. AES is currently available for ID file encryption, mail and document encryption, SSO configuration using the LtpaToken2 format, and SSL cipher configuration.

Set up FIPS on the Lotus Domino server where the Lotus Quickr server is located.
Halt the proxy server.
Access and open edit the ibmproxy.conf configuration file on the reverse proxy server by following the instructions in Appendix B–Configuration File Directives of the Caching Proxy Administration Guide.
Find the FIPSEnable (Enabling Federal Information Processing Standard (FIPS) approved ciphers for SSLV3 and TLS) directive and set it to on. The default value is off.
Save your changes to ibmproxy.conf configuration file.
Restart the reverse proxy server for your changes to take effect.

Integrating with other applications

Your users can use connectors to work with documents on a IBM Lotus Quickr server from their desktop applications. Users can use IBM Lotus Sametime features within places, if you enable that capability on the server.

Enabling Lotus Connections features in Lotus Quickr

IBM Lotus Quickr supports several features in Lotus Connections and is correspondingly supported by them.

The following features are available:

Lotus Connections Profile business card display for Lotus Quickr users
From a Lotus Connections activity a user can publish content to a Lotus Quickr library
From a Lotus Connections community a user can create a Lotus Quickr place, wiki, or blog

Integrating Lotus Connections and Lotus Quickr

The following steps provide an overview of the process of integrating Lotus Connections and IBM Lotus Quickr.

The Lotus Quickr server, Lotus Connections server, and Lotus Domino server must use the same LDAP server and be in the same domain.

The Lotus Quickr, Lotus Connections server, and WebSphere® Application Server must use the same LDAP server and be in the same domain.

Refer to the Lotus Quickr wiki for the most recent deployment details for Siteminder, the HTTP server, proxy servers, and Tivoli Access Manager.

You can perform many of these steps using the wsadmin command line tool, which requires administrative access to the WebSphere Application Server.

The first two steps (and associated substeps) need to be performed on the Lotus Connections server and are fully documented in the Lotus Connections information center (which is linked-to from these steps). The instructions pointed out here are provided to reinforce certain important tasks for integration.

On the Lotus Connections server: enable Lotus Quickr integration with the Connections Activities feature (completely described in the Lotus Connections information center) so that users can publish a file in an activity to a Lotus Quickr library to share it with a larger group or to store the file. Important tasks are as follows:
1. Edit the configuration property settings of Activities in the oa-config.xml file on the Activities server to allow users to publish file attachments from an activity to a Lotus Quickr library.
2. Provide a list (QuickrWhitelistProvider) of the supported Lotus Quickr servers to the proxy server, so that it honors any requests made for access to one of the supported Lotus Quickr servers.
On the Lotus Connections server: enable Lotus Quickr integration with the Connections Community feature (completely described in the Lotus Connections information center) so that community members can organize and share files, and collaborate on documents from a central location. Tasks to be aware of are as follows:
1. Optional: If you want single sign-on to operate between Lotus Connections and Lotus Quickr, set up SSO between Lotus Connections and Lotus Quickr before installing the Lotus Connections Connector for Quickr.
2. Make sure all running servers have the same OS time zone, date, and time.
3. Install the Lotus Connections Connector for Quickr on the Lotus Connections server (completely described in the Lotus Connections information center). During installation of the Lotus Connections Connector for Lotus Quickr, you are prompted to enable Lotus Quickr users to associate wiki or team place placetypes with a community. Users would need to click a checkbox under Associated Applications to associate the wiki or team place with the community being created. Your installation decisions are captured in the communities-quickr-config.xml file. As administrator you can edit this configuration file to add up to five Lotus Quickr server/placetype template combinations.
4. Optional: Edit Lotus Quickr settings for use with communities in the communities-quickr-config.xml file on the Lotus Connections server (stored in <WAS_HOME>\profiles[PROFILE]\config\cells[CELL]\LotusConnections-config\). See Editing the Lotus Quickr configuration file for more information.
5. If desired, you can change the settings for when the QuickrDelayedSync task runs in the communities-quickr-config.xml (on one server in a cluster only). QuickrDelayedSync (enabled by default) is a task that propagates changes to Lotus Quickr at a later time if the Lotus Quickr server is down when a community change occurs. You can change the following values:
  - comm:startDelay The delay in minutes before the task starts. Default is 60 minutes.
  - comm:taskInterval The delay in minutes between consecutive tasks. Default is 60 minutes.
  - comm:daysBackToScan Limits the search for communities changes. The default value of 14 means that only communities that have been modified in the past two weeks (14 days) will be checked for missed propagations.
6. If you have not already done so, check IBM Fix Central to download fixes and patches for Lotus Connections and particularly, for interim Fixes that support integration with Lotus Quickr for Domino.
On the Lotus Quickr server: configure the <profile_server> section of the qpconfig.xml file (located in the server's domino_data_root directory) to include a link to the business card as shown in the following example:
```
<profile_server> 
<server_name>servername.apps.acme.ibm.com</server_name> 
<semantic_tag_service_location>/profiles/ibm_semanticTagServlet/javascript/semanticTagService.js?loadCssFiles=false</semantic_tag_service_location> 
</profile_server>
```
Where
- servername is the name of the profile server
- semantic_tag_service_location is the location of the semantic tag service javascript file
- javelin_tag_location is the location of the javelin tag
You need to restart the server after making the changes in qpconfig.xml.
Configure the LotusConnections-config.xml file to include a link to the business card. For instructions, refer to Integrating with Lotus Quickr.
To configure Lotus Connections Profile business card display for Lotus Quickr users, register the Lotus Connections server URL as follows:
1. Login in to the WebSphere Application Server administrative console (https://yourportalservername:10039/admin).
2. Navigate to Resources > URL Providers and then select the Default URL Provider.
  Note: For a cluster, administrators must perform the configuration for URL Providers on the cell level.
3. Click the URLs link on the right side of the page, click New, and then enter following values:
  - Name: CONNECTIONS_PEOPLE_CARD
  - JNDI name: JNDI_CONNECTIONS_PEOPLE_CARD
  - Category: CATEGORY_CONNECTIONS_PEOPLE_CARD
  - Specification: http://yourConnectionsServer.lotus.com:<port-number>/profiles/html/businessCard (the URL of your Connections server)
4. Restart the WebSphere Portal server.

Users can hover over a person's name to invoke the action Click here to view business card, then click it to see the Connections profile card.

The communities-quickr-config.xml file

The attribute values that initially appear in the communities-quickr-config.xml file are dictated by choices you make during the installation process. If you need to change your default configuration, refer to this sample of the communities-quickr-config.xml file.

Each enabled placetype template shows up as a separate associated application on the Edit Community form. A maximum of five associated applications can appear. For the Standard placetypes, administrators typically change just the enabled attribute and perhaps the role assignments, but they can also add custom placetypes.

Table 20. Attributes associated with placetypes
Attribute	Description
comm:QuickrPlaceType,	For each place type, the name attribute must be unique.
comm:managedApplicationTypeID	The ID must be unique, never change, and be 24 bytes or less.
comm:placeTemplate	The template name to be used when creating a place, such as `Team Place` and `Team Wiki` for a Lotus Quickr services for WebSphere Portal implementation.
comm:server	This value must match the name in the comm:QuickrServer element described in Table 2.
comm:resourceBundleName	The name of a property file on the Communities application classpath for strings presented in the user interfaces. The file must have the following keys: label.applicationName label.applicationShortName str.place.title–The value may contain a {0} placeholder for the name of the community
comm:ownersRole comm:membersRole comm:publicRole	Role names can be either the role title in English or the id field returned for the roles feed. If anonymous access is not allowed, the comm:publicRole element should be omitted or left empty.
comm:contentFeedLink	Optional. Name of the link field in a place entry to be used for the place's feed. For wikis, valid values are `wikis` and `blogs` For teamspaces, valid values are `wikis`, `blogs`, and `documentLibraries`. Always use `content`.

  <comm:QuickrPlaceType name="DominoWiki" enabled="true">
  <comm:managedApplicationTypeID>QuickrDominoWiki</comm:managedApplicationTypeID> 
  <comm:placeTemplate>Wiki</comm:placeTemplate> 
  <comm:server>DefaultServer</comm:server> 
  <comm:resourceBundleName>com.acme.lconn.comm.quickr.resources.QuickrWikiResources</comm:resourceBundleName> 
  <comm:ownersRole>Manager</comm:ownersRole> 
  <comm:membersRole>Editor</comm:membersRole> 
  <comm:publicRole>Reader</comm:publicRole> 
  <comm:contentFeedLink>content</comm:contentFeedLink> 
  </comm:QuickrPlaceType>
  <comm:QuickrPlaceType name="DominoTeamPlace" enabled="true">
  <comm:managedApplicationTypeID>QuickrDominoTeamspace</comm:managedApplicationTypeID> 
  <comm:placeTemplate>h_StdPlaceType</comm:placeTemplate> 
  <comm:server>DefaultServer</comm:server> 
  <comm:resourceBundleName>com.acme.lconn.comm.quickr.resources.QuickrTeamspaceResources</comm:resourceBundleName> 
  <comm:ownersRole>Manager</comm:ownersRole> 
  <comm:membersRole>Editor</comm:membersRole> 
  <comm:publicRole>Reader</comm:publicRole> 
  <comm:contentFeedLink>content</comm:contentFeedLink> 
  </comm:QuickrPlaceType>
  <comm:QuickrPlaceType name="PortalWiki" enabled="false">
  <comm:managedApplicationTypeID>QuickrPortalWiki</comm:managedApplicationTypeID> 
  <comm:placeTemplate>Team Wiki</comm:placeTemplate> 
  <comm:server>DefaultServer</comm:server> 
  <comm:resourceBundleName>com.acme.lconn.comm.quickr.resources.QuickrWikiResources</comm:resourceBundleName> 
  <comm:ownersRole>Managers</comm:ownersRole> 
  <comm:membersRole>Editors</comm:membersRole> 
  <comm:publicRole>Readers</comm:publicRole> 
  <comm:contentFeedLink>wikis</comm:contentFeedLink> 
  </comm:QuickrPlaceType>
  <comm:QuickrPlaceType name="PortalTeamPlace" enabled="false">
  <comm:managedApplicationTypeID>QuickrPortalTeamspace</comm:managedApplicationTypeID> 
  <comm:placeTemplate>Team Place</comm:placeTemplate> 
  <comm:server>DefaultServer</comm:server> 
  <comm:resourceBundleName>com.acme.lconn.comm.quickr.resources.QuickrTeamspaceResources</comm:resourceBundleName> 
  <comm:ownersRole>Managers</comm:ownersRole> 
  <comm:membersRole>Editors</comm:membersRole> 
  <comm:publicRole>Readers</comm:publicRole> 
  <comm:contentFeedLink>documentLibraries</comm:contentFeedLink> 
  </comm:QuickrPlaceType>

Note: Your WebSphere® Application Server port numbers might be different. If you do not know which ports are assigned to the features, see the serverindex.xml file stored in the node directory.

Table 21. Attributes for the Lotus Quickr server
Attribute	Description
comm:QuickrServer	Multiple QuickrServer entries are allowed but each name attribute must be unique.
comm:host	Server hostname.
comm:port	The http port number.
comm:sslPort	The https port number.
comm:authentry	Name of the authentication alias resource (J2C) created within the WebSphere Application Server administrative console. The J2C alias is automatically created by the Quickr Connector Installer during installation and does not have to be created manually using the WebSphere Application Server administrative console. Once installation is complete, this value can be changed.
comm:serverType	Value must match the name of a QuickrServerType such as `Domino` or `Portal`.

  <comm:QuickrServer name="DefaultServer">
  <comm:host>myserver.domain.com</comm:host> 
  <comm:port>80</comm:port> 
  <comm:sslPort>443</comm:sslPort> 
  <comm:authentry>Myserver/Alias</comm:authentry> 
  <comm:serverType>Domino</comm:serverType> 
  </comm:QuickrServer>

Table 22. Attributes for feeds
Attribute	Description
QuickrServerType	Values should not be changed.
comm:contextPath	Can be found in place feeds as http://<server>:<port>/<contextPath>/places/feed.
comm:publicEntryTitle, comm:publicEntryId, comm:publicEntryContent	Correspond to the fields of the Atom entry added to a members feed (for a role) when public access is granted.

  <comm:QuickrServerType name="Domino">
  <comm:contextPath>dm/atom/</comm:contextPath> 
  <comm:publicEntryTitle>Anonymous</comm:publicEntryTitle> 
  <comm:publicEntryId>oid:null</comm:publicEntryId> 
  <comm:publicEntryContent><member type="user" dn="Anonymous"/></comm:publicEntryContent> 
  </comm:QuickrServerType>
  <comm:QuickrServerType name="Portal">
  <comm:contextPath>myqcs/rest/</comm:contextPath> 
  <comm:publicEntryTitle>All Authenticated Users</comm:publicEntryTitle> 
  <comm:publicEntryId>all-authenticated-users</comm:publicEntryId> 
  <comm:publicEntryContent /> 
  </comm:QuickrServerType>
  </comm:config>

Table 23. Attributes for the QuickrDelayedSync task . The following attributes need to be set for the QuickrDelayedSync task so that it can propagate changes to Lotus Quickr at a later time if the Lotus Quickr server is down when a community change occurs:
Attribute	Description
comm:startDelay	The delay in minutes before the task starts.
comm:taskInterval	The delay in minutes between consecutive tasks.
comm:daysBackToScan	Limits the search for communities changes. The default value of 14 means that only communities that have been modified in the past two weeks (14 days) will be checked for missed propagations.

  <comm:QuickrDelayedSync enabled="true">
  <comm:startDelay value="60" /> 
 <!-- 
 minutes 
  --> 
  <comm:taskInterval value="60" /> 
  <!-- 
 minutes 
  --> 
  <comm:daysBackToScan>14</comm:daysBackToScan> 
  </comm:QuickrDelayedSync>
  </comm:config>

Configure Lotus Quickr for ECM Integration

This section describes how to configure IBM Lotus Quickr for integration with Enterprise Content Management (ECM) systems, IBM FileNet P8 and IBM Content Manager.

IBM introduces the following two ECM services for integrating Lotus Quickr document collaboration capabilities with the comprehensive infrastructure of ECM systems, IBM FileNet P8 and IBM Content Manager:

IBM FileNet® Services for Lotus Quickr
IBM Content Manager Services for Lotus Quickr

This integration helps you manage and control content created by shared workgroups across your organization. Using these services, you can manage content to address your archiving and regulatory requirements and corporate governance mandates, as well as integrate the content into your business process.

More specifically, you can use these ECM services to:

Publish Lotus Quickr documents to the two ECM systems.
Create and manage links to documents stored in these ECM systems from Lotus Quickr libraries and rich text areas of pages.
Store and retrieve documents of the ECM systems directly from within desktop applications, such as IBM Lotus Notes, IBM Lotus Sametime, Microsoft Windows Explorer, Microsoft Outlook, Microsoft Office applications, and IBM Lotus Symphony by using Lotus Quickr connectors.
Use the Custom Library portlet to store, retrieve and update data directly from ECM using Lotus Quickr.
Search and retrieve documents available in the ECM systems from Lotus Quickr Search Center.

Note: To be able to perform all the above operations, the subsequent topics of this section describe the required configuration steps at the Lotus Quickr server only. For the installation of the two ECM services and the configuration at systems other than Lotus Quickr, appropriate hyperlinks have been provided to the relevant documentation.

ECM settings in the qpconfig.xml file

The Lotus Quickr for Domino qpconfig.xml file contains a number of ecm-specific settings in an ecm integration section.

Settings

<ecm_integration enabled="true">: The attribute 'enabled' is the switch of ECM integration. If its value is false, then all the ECM features are disabled, including document publish, view publish, link page, ECM search, and custom library.
<targetHost>: The URL of the default ECM server used for the document publishing activity.

<targetLibrary>/QuickrRoot/QKSmokeApplication/QKSmokeLibrary </targetLibrary>: The path of the default library in default ECM server used for the document publishing activity.

<targetFolder> /1/ </targetFolder>: The path of the default folder in default ECM server used for the document publishing activity.

<publishType> copy </publishType>: Default publish action (copy, move, link) used for the document publishing activity.

<allowHostEdit enabled ="true"> </allowHostEdit>: If the value of the attribute 'enabled' is false, then users cannot type a server URL in the publishing wizard. The Server field will be read-only and its value is the URL of the default ECM server (target_server).

<forceDefaultPublishLocation enabled ="false"> </forceDefaultPublishLocation >: If the value of the attribute 'enabled' is true, then the Select Location view will be skipped. Documents will be published to the default folder (target_folder) in the default library (target_library) of the default ECM server (target_server).

<forceDefaultOperation enabled = "false"> </forceDefaultOperation>: If the value of the attribute 'enabled' is true, then Select Publish Option view will be skipped. Document publish will get default publish action (publish_type) as its parameter.

<metaDataMapping>

Use for metadata mapping, for example:

<metaDataMapping>
			<form_1D5BA335D8D4DC33482576350021326F formName="TestForm">
        		<mappingInfo docType = "kdoctype">
        		<mapping field = "c_char" propertySheetType = "kevinps1" property = "kevinps1.kchar"/>
                <mapping field = "c_date" propertySheetType = "kevinps2" property = "keivnps2.kdate"/>                        
        		</mappingInfo>
	        </form_1D5BA335D8D4DC33482576350021326F>
......			
</metaDataMapping>

<ECM_Search_Target name="sample02" url="http://sample02.website.com:9080"/>: ECM search target server.

The following shows a sample qpconfig.xml file with ecm integration settings enabled:

=============== START OF SAMPLE =================
<ecm_integration enabled="true">
<targetHost>
http://server_name.website.com:9080
</targetHost>

<targetLibrary>
/QuickrRoot/QKSmokeApplication/QKSmokeLibrary
</targetLibrary>

<targetFolder>
/Test/
</targetFolder>

<setDefaultOperation>
link
</setDefaultOperation>

<allowHostEdit enabled ="true">
</allowHostEdit>

<forceDefaultPublishLocation enabled ="false">
</forceDefaultPublishLocation >

<forceDefaultOperation enabled = "false">
</forceDefaultOperation>
<metaDataMapping>
<form_4CF46B0FFCD3EE67482576E7003D0266 formName="MappingTestG">
<mappingInfo docType="CM_Briefing">
</mappingInfo>
</form_4CF46B0FFCD3EE67482576E7003D0266>
</metaDataMapping>
<ECM_Search_Target name="sample02" url="http://sample02.website.com:9080"/>
</ecm_integration>
=============== END OF SAMPLE ===================

Configure Single Sign-On for ECM Services

Configure Single Sign-On (SSO) for your ECM services setup to enable a seamless user experience.

Configure Single Sign-On (SSO) between the servers of your ECM setup so that a user logged into Lotus Quickr does not have to enter additional credentials for authentication to the ECM server and at the same time, security is not compromised across the servers.

SSO can be configured using the IBM WebSphere Application Server's Lightweight Third Party Authentication (LTPA) mechanism or any of the third-party products supported by the Lotus Quickr server and the ECM server, such as Tivoli Access Manager and Computer Associates eTrust SiteMinder.

If, for any reason, SSO is impossible, you must set up global credentials for accessing the ECM server. Setting up global credentials is also required to enable part of the link resolution. You can configure global credentials using the IBM WebSphere Portal Credential Vault.

Completing single sign-on between WebSphere Application Server and Lotus Quickr for Domino

You need to configure Lotus Quickr for Domino and WebSphere Application Server to share the same LDAP server and the same LTPA key for ECM services.

Export the LTPA key from the WebSphere Application Server that you want to set up single sign-on with.
Add the following setting to the notes.ini file of each IBM Lotus Quickr server that you will enable for single sign-on. This step prevents anonymous access to files in the html directory:
NoWebFileSystemACLs=1
Configure Web SSO as follows:
1. Open the Domino Directory (names.nsf) on the server.
2. Click Create Web > SSO Configuration.
3. Click Keys > Import WebSphere LTPA keys.
4. On the Basics tab in the WebSphere Information section, for Configuration name select or enter LtpaToken.
5. Enter your DNS Domain such as acme.com.
6. Ensure that Map names in Ltpa tokens is Enabled.
7. Complete the Token Format field by selecting LtpaToken and LtpaToken2 (compatible with all releases of Domino).
8. Enter the external common LDAP server in the LDAP realm field. Be sure to include a backslash “\” before the port number of the LDAP server, such as dom2ldap.us.acme.com\:389.
9. Click Refresh and for the Web SSO Configuration field select LtpaToken.
10. Click Save & Close.
After you have created or edited the Web SSO Configuration document for the domain, enable multi-server, session-based authentication in the Server document for each Lotus Quickr server that you want to enable for single-sign on:
1. Open the Domino Directory (names.nsf) on the server.
2. Click the view Configuration > Servers > All Server Documents.
3. Click the Server document for the server and click Edit Server.
4. Click Ports > Internet Ports > Web, and enable Name-and-password authentication for the Web (HTTP or HTTPS) port.
5. Click the Internet Protocols - Domino Web Engine tab.
6. Next to Session authentication, select Multiple Servers (SSO).
7. Next to Web SSO Configuration, select LtpaToken.
8. Click Save & Close.
Create the Domino Web Server Configuration database (domcfg.nsf) if it does not exist:
1. From Lotus Domino administration, choose File > Application > New.
2. Next to Server at the top of the dialog box, select the server that runs Lotus Quickr.
3. Next to Title, type a descriptive title, for example, Web Server Configuration.
4. Next to File name, type domcfg.nsf. You must use this file name.
5. Next to Server in the middle of the dialog box, select any server.
6. Click Show advanced templates.
7. Next to Template, select Domino Web Server Configuration (domcfg5.ntf).
8. Click OK.
Create a mapping form in the Domino Web Server Configuration database to enable single-sign on to work with Lotus Quickr:
1. Open the Web Server Configuration database (domcfg.nsf).
2. Click Add Mapping.
3. Next to Applies To, select All Web Sites/Entire Server (default) or Specific Web Site/Virtual Server. If you select Specific Web Site/Virtual Server, a new field displays in which you specify the IP addresses of the Web Site documents or Virtual Servers.
4. Next to Target Database, type LotusQuickr/resources.nsf, replacing the default entry.
  The path is case-sensitive on UNIX. If you upgraded from an earlier release and did not change the root directory name, type QuickPlace/resources.nsf.
5. Next to Target Form, type QuickPlaceLoginForm.
  Note: The QuickPlaceLoginForm form is important for the local administrator's account to be able to sign in. This login form has special code to handle Quickr-specific users. It is not required for other servers because SSO does not work for local or Quickr-specific users.
6. Click Save & Close.
7. Replicate the database to all the Lotus Quickr servers that will use single sign-on.
Ensure that ECM integration is enabled in qpconfig.xml and, if necessary, update the LDAP setting section of qpconfig.xml to synchronize with the configuration of the external LDAP Server defined in the Domino SSO configuration document.
After the Domino Web Server Configuration database has replicated, at the server console of each server, enter the following command to restart the server: restart server The message "Successfully loaded Web SSO Configuration" confirms single sign-on setup.
In Site Administration on the Lotus Quickr server, set the external LDAP server to be the same as the SSO configuration document.

iNotes proxy configuration

You must configure the iNotes® proxy to enable Enterprise Content Management.

Complete steps in Enabling Web 2.0 features before you configure the iNotes proxy.

Use the following steps to configure your iNotes proxy.

Open the names.nsf file.
Click Policy and then Add Policy to create a Policies document.
Enter */proxy for the Policy name.
Select Organizational for the Policy type.
For Security, click New to create a security document.
Select the Proxies tab and click Edit List.
Enter the following information in the corresponding fields to create a new white-list rule, then click Add/Modify Value .
1. Context: /xsp/proxy/BasicProxy/
2. URL: http://sample.website.com:9080/
3. Actions: GET,POST,HEAD,PUT,DELETE
4. Cookies: *
5. Mime-types: *
6. Headers: *
Enter the following information in the corresponding fields to create a second white-list rule, then click Add/Modify Value .
1. Context: /xsp/proxy/BasicProxy/
2. URL: http://sample.website.com:10038/
3. Actions: GET,POST,HEAD,PUT,DELETE
4. Cookies: *
5. Mime-types: *
6. Headers: *
Click Ok.
In the Security field, click the arrow to and select Security from the list.
Click Save and restart the server.

Linking to ECM documents

IBM Lotus Quickr users can link to ECM documents from a Lotus Quickr library or the rich text areas of pages.

Prerequisites

Note: As long as the qpconfig.xml setting the <ecm_integration enabled> is set to true, Lotus Quickr users can create links to ECM documents in their Lotus Quickr libraries and in the rich text areas of pages. This enables them to always view and download the latest content of the linked ECM documents from Lotus Quickr. Additionally, Lotus Quickr users can copy, move, rename, and delete these ECM document links.

Lotus Quickr users can create links to ECM documents in their Lotus Quickr libraries and in the rich text areas of blogs, wikis, lists, forums, and comments. This enables them to always view and download the latest content of the linked ECM documents from Lotus Quickr. Additionally, Lotus Quickr users can copy, move, rename, and delete these ECM document links.

To enable linking to ECM documents, specify values for the custom properties of the QuickrWhitelistProvider and QuickrPublishConfig resource environment providers.

QuickrWhitelistProvider

The QuickrWhitelistProvider resource environment provider enables you to specify a list of allowed domains that can be accessed from your Lotus Quickr environment. Configuring this resource environment provider is important to prevent access to external servers with malicious content. Use this resource environment provider to specify the web address of the ECM system that is to be accessed for creating the document links.

QuickrPublishConfig

Use the QuickrPublishConfig resource environment provider to enable linking to ECM documents and to specify the name of the credential vault slot that you create if it is impossible to configure Single Sign-On (SSO) between Lotus Quickr and the ECM server.

To specify values for the properties of the two resource environment providers:

Log in to the administrative console for WebSphere Application Server or the administrative console for deployment manager, in a clustered environment.
Click Resources > Resource Environment Providers.
In the Node field, set the browsing scope to either your server's node in case of a single-server environment, or your cluster.
Click QuickrWhitelistProvider and then click Custom properties.
Configure the properties for your system, as per the information provided in the following table.
Note: The name and value of this property is case-sensitive.

Property name

allowExample
where allow is a fixed, mandatory prefix and Example is any string that you can choose to help you remember the domain to which you allow access from Lotus Quickr by using this property.

Property description

The values for all properties starting with the prefix allow are inspected to determine the servers a user can connect to. Keeping this list of servers secure ensures that Lotus Quickr cannot be used to connect to an untrusted domain, sending potentially confidential information through cross site scripting attacks.
Recommended value
The value for this property can be an exact domain name, a domain name prefixed with . to indicate all of its sub-domains, or an IP address.
For example, for a property with name allowExample consider the following values:
- www.example.com would allow access to www.example.com only.
- .example.com would allow access to www.example.com and content.example.com and all other sub-domains of example.com
- An IP address will allow access to the domain corresponding to that IP address only
As an alternative to steps 1-5, perform the following steps while the WebSphere Application Server is running,
1. Execute the add-whitelist-domain configuration task from the quickr_server_root/config/ directory:
  - Windows: WPSconfig.bat add-whitelist-domain -DAddDomain=domain_name
  - Linux: ./WPSconfig.sh add-whitelist-domain -DAddDomain=domain_name
  where, AddDomain is the name of the property starting with the prefix allow and domain_name is the value for AddDomain. Both the property name and property value are case-sensitive.
2. Restart the WebSphere Application Server for the configuration settings to take effect.
Navigate back to the list of resource environment providers and click QuickrPublishConfig and then click Custom properties.
Configure the properties for your system, as per the information provided in the following table.
Note: The names and values of these properties are case-sensitive.
- - qkrPublishConfig.publishEnabled: Set this property to true to enable creating links to documents in a remote ECM repository from your Lotus Quickr system.
  - Default Value: false
  - Recommended Value: true
- qkrPublishConfig.targetHost: Specifies the service URL where the ECM services are installed. The value for this property should be of the form http(s)://host(:port). The value of the port depends on the other profiles running on WebSphere Application Server; the default port is usually 9080 if there are no other profiles running on the WebSphere Application Server.
  - Default Value:
  - Recommended Value: http://ecmservices.yourco.com:9080
- qkrPublishConfig.allowHostEdit: Set to true to enable users to edit the Server field of the document picker and specify an ECM server for creating document links.
  If the value of qkrPublishConfig.allowHostEdit is false and a value has been specified for the qkrPublishConfig.targetHost property the Server field of the document picker will be read-only.
  - Default Value: false
  - Recommended Value:
- qkrPublishConfig.lookupVaultSlot: The name of the credential vault slot where the credentials for creating links to documents in the remote repository are stored. This property should be used only when configuring Single Sign-on (SSO) is not possible. See the Set up global credentials using Credential Vault topic for steps to add a vault slot and configure credentials.
  - Default Value: FilingSlot
  - Recommended Value: If you are using SSO, don't specify any value for this property.
    Important: If you have configured SSO between the Lotus Quickr server and the ECM server and still specify a slot name for this property, the credentials stored in the credential vault slot will override the SSO credentials for linking to the ECM server.
Tip: To view the other important custom properties of the QuickrPublishConfig resource environment provider, see Configure document publishing to ECM repositories.
Save the changes to your master configuration, and restart Lotus Quickr.
Note: Lotus Quickr must be restarted every time updates are made to this configuration.

Configure document publishing to ECM repositories

Configure your Lotus Quickr server to enable publishing Lotus Quickr documents to an ECM repository.

Configuring document publishing to ECM

Prerequisites

Note: Lotus Quickr users need to have appropriate access rights to the ECM libraries and folders for publishing documents.

Attention: This section provides instructions for configuring your Lotus Quickr server to enable publishing of Lotus Quickr documents to ECM systems, such as IBM FileNet P8 and IBM Content Manager. You cannot use these instructions to publish documents to a document library of an external Lotus Quickr server.

To enable document publishing, specify values for the custom properties of the QuickrPublishConfig resource environment provider. The QuickrPublishConfig resource environment provider enables you to specify the service URL of the server where the ECM services have been installed, the path or the ID of the library and the target folder to publish the Lotus Quickr documents.

Additionally, you need to configure the QuickrWhitelistProvider resource environment provider enables you to specify a list of allowed domains that can be accessed from your Lotus Quickr environment. Configuring this resource environment provider is important to prevent access to external servers with malicious content. Use this resource environment provider to specify the web address of the ECM system that is to be accessed for creating the document links.

To specify the values for the custom properties of the two resource environment provider:

Log in to the administrative console for WebSphere Application Server in a standalone environment or the administrative console for deployment manager, in a clustered environment.
Click Resources > Resource Environment Providers.
In the Node field, set the browsing scope to either your server's node in case of a single-server environment, or your cluster if in a clustered environment.
Click QuickrWhitelistProvider and then click Custom properties.

Configure the properties for your system, as per the information provided in the following table.

Note: The name and value of this property is case-sensitive.

Property name	Property description	Recommended value
`allowExample` where `allow` is a fixed, mandatory prefix and `Example` is any string that you can choose to help you remember the domain to which you allow access from Lotus Quickr by using this property.	The values for all properties starting with the prefix allow are inspected to determine the servers a user can connect to. Keeping this list of servers secure ensures that Lotus Quickr cannot be used to connect to an untrusted domain, sending potentially confidential information through cross site scripting attacks.	The value for this property can be an exact domain name, a domain name prefixed with . to indicate all of its sub-domains, or an IP address. For example, for a property with name `allowExample` consider the following values: `www.example.com` would allow access to `www.example.com` only. `.example.com` would allow access to `www.example.com` and `content.example.com` and all other sub-domains of `example.com` An IP address will allow access to the domain corresponding to that IP address only

Navigate back to the list of resource environment providers and click QuickrPublishConfig and then click Custom properties.

Configure the properties for your system, as per the information provided in the following table.

Note: All of these properties and their values are case-sensitive.

Property name	Property description	Default value	Recommended value
`qkrPublishConfig.publishEnabled`	Determines whether publishing to a remote ECM repository is enabled on your Lotus Quickr system. When enabled, Lotus Quickr displays publishing actions in the user interface.	`false`	`true`
`qkrPublishConfig.targetHost`	Specifies the service URL where the ECM services are installed. The value for this property should be of the form `http(s)://host(:port)`. The value of the port depends on the other profiles running on WebSphere Application Server; the default port is usually 9080 if there are no other profiles running on the WebSphere Application Server.		`http://ecmservices.yourco.com:9080`
`qkrPublishConfig.targetLibrary`	Specifies the absolute path or the ID of the library to which Lotus Quickr documents will be published. For example, `/QuickrRoot/<application name>/<library name>`	For IBM FileNet Services for Lotus Quickr: `/QuickrRoot/DefaultPlace/DefaultLibrary` For IBM Content Manager Services for Lotus Quickr: `/cmRoot/defaultApp/defaultLib`	`/QuickrRoot/<application name>/<library name>`
`qkrPublishConfig.targetFolder`	This folder path, along with the name of the local library, is prepended to the paths of all the published documents to avoid library conflicts. The path specified here is relative to the path in which you mapped your library.	`/ManagedDocuments`
`qkrPublishConfig.rootApplication`	The path to the root application object in the remote, ECM repository.	For IBM FileNet Services for Lotus Quickr: `/QuickrRoot` For IBM Content Manager Services for Lotus Quickr: `/cmRoot`	This path is specific to the implementation of the ECM service and must be identified by the service provider.
`qkrPublishConfig.publishVaultSlot`	Specifies the name of the credential vault slot where the global publishing credentials are stored. See the Set up global credentials using Credential Vault topic for details.		If you are using single sign-on (SSO), this field should be left empty. Important: If you have configured SSO between the Lotus Quickr server and the ECM server and still specify a slot name for this property, the credentials stored in the credential vault slot will be used for publishing to the ECM server rather than the SSO credentials.
`qkrPublishConfig.forceDefaultPublishLocation`	Set to false if you want to enable users to choose the publish location, otherwise the documents will be published depending on the value specified for the `qkrPublishConfig.targetFolder` property.	`false`
`qkrPublishConfig.forceDefaultOperation`	Set to true to impose the default publish operation (copy, move, or replace with link) as specified by the value of the `qkrPublishConfig.setDefaultOperation` property. Set to false if you want the user to be able to specify the publish operation when publishing a document.	`false`
`qkrPublishConfig.setDefaultOperation`	Specify the default publish operation when a Lotus Quickr document is to be published to an ECM repository. Or, if `qkrPublishConfig.forceDefaultOperation` is set to true, then the value for this property determines the publishing operation that Lotus Quickr should assume when publishing the document. Possible values are: move, copy, link.	`link`
`qkrPublishConfig.allowHostEdit`	Set to true to enable users to edit the Server field in the Publish Wizard and specify an ECM server for publishing Lotus Quickr documents. If the value of `qkrPublishConfig.allowHostEdit` is false and a value has been specified for the `qkrPublishConfig.targetHost` property the Server field of the document picker will be read-only.	`false`
`qkrPublishConfig.docTypeContainer`	The location on the ECM Services server where the document types of the ECM repository are defined. The value for this property can be either an absolute path or a relative path. If it is an absolute path, a search for mapped document types will take place in this location. If it is a relative path, the path will be appended to the target library to look up non-shared document types, otherwise, for shared document types, the relative path will be appended to the `rootApplication` path for the look up.	For IBM FileNet Services for Lotus Quickr: `QuickrDocumentTypeContainer` For IBM Content Manager Services for Lotus Quickr: `/cmRoot/ALLITEMTYPES_APP/ALLITEMTYPES_LIB`	This path is specific to the implementation of the ECM service and must be identified by the service provider.

Save the changes to your master configuration and restart Lotus Quickr.
Note: Lotus Quickr must be restarted every time updates are made to this configuration.

Customize the Publish Wizard

You can customize the Publish Wizard to make adding Lotus Quickr documents to an ECM repository easier FOR USERS.

Publish wizard customizations

If the publish operations within a team are fairly uniform, you can customize the Publish Wizard to assume values for some of the fields and display minimum data entry screens. This makes adding Lotus Quickr documents to an ECM repository easier.

By customizing the Publish Wizard, you assign a default behavior to the Publish Wizard every time a Lotus Quickr user tries to publish a document. Depending on the extent of customization, it is possible that the wizard does not show up at all and the publish operation is performed automatically, using the predefined values for several publish options.

You can customize the Publish Wizard by configuring the following two properties of the QuickrPublishConfig resource environment provider from the administrative console for WebSphere Application Server in a standalone environment or the administrative console for deployment manager, in a clustered environment.

setDefaultOperation is a string value that determines the default publish operation. The available options are copy for copying the documents, move for moving the documents, and link for moving the document to the ECM repository and inserting a link. The default value for this property is link.
forceDefaultOperation is a Boolean value that determines the user's ability to change the default publish operation and specify a publish operation other than the one set for the setDefaultOperation property. The default value for this property is false, which means the user can make changes to the publish option.

These two properties will work in conjunction with the Boolean property forceDefaultPublishLocation to determine the behavior of the Publish Wizard. There will be four possible behaviors of the wizard, depending on the values of these properties:

`qkrPublishConfig.forceDefaultPublishLocation`	`qkrPublishConfig.forceDefaultOperation`	Outcome
`true`	`true`	The Publish Wizard never displays. When the user clicks Publish to from the context menu of a document, pre-configured default publish location and default operation are assumed for the publish operation. Note: In this case, the user cannot input any required properties the document may need.
`true`	`false`	The Publish Wizard does display, but the Select Location screen is skipped, and the required properties screen is displayed, followed by the Publish Options screen. In the Publish Options screen, the publish operation as set by the value of the `setDefaultOperation` property will selected, but it can be changed.
`false`	`true`	The Publish Wizard does display, but the Publish Options screen is skipped. Thus, the wizard starts with the Select Location screen, the user specifies the target server and the target folder, enters any required properties in the next screen, and is presented with a Publish button instead of Next button, with the value of `setDefaultOperation` determining the publish option to be used.
`false`	`false`	The Publish Wizard displays and exhibits its default behavior. The user can enter any location and choose any publish option, although the value of `setDefaultOperation` will determine which publish option is the default publish operation.

Examples

Scenario 1: Configuring a default publish location

In this scenario, the Publish wizard does not provide the option to select an ECM location.

To configure this scenario, ensure that either single sign-on or global credentials have been configured for the Lotus Quickr and the ECM servers and then specify the values for the following custom properties of the QuickrPublishConfig resource environment provider, followed by a restart of the Lotus Quickr server:

Property name	Property value
qkrPublishConfig.publishEnabled	`true`
qkrPublishConfig.targetHost	`http://<hostname>:9080`
qkrPublishConfig.targetLibrary	For IBM FileNet Services for Lotus Quickr: `/QuickrRoot/DefaultPlace/DefaultLibrary` For IBM Content Manager Services for Lotus Quickr: `/cmRoot/defaultApp/defaultLib`
qkrPublishConfig.targetFolder	`/<foldername>`
qkrPublishConfig.forceDefaultPublishLocation	`true`
qkrPublishConfig.publishVaultSlot	Specifies the name of the credential vault slot where the global publishing credentials are stored, in case SSO has not been configured. Remember: If you have configured SSO between the Lotus Quickr server and the ECM server and still specify a slot name for this property, the credentials stored in the credential vault slot will be used for publishing to the ECM server rather than the SSO credentials.

Note: Depending on your setup, you may need to specify the values for the other custom properties of the QuickrPublishConfig resource environment provider.

Scenario 2: Configuring a default publishing operation to a default ECM location

In this scenario, the Publish wizard does not provide the option to select an ECM location or a publish operation. In fact, the Publish wizard is not displayed at all when Publish to is selected from the context menu of a Lotus Quickr document. Pre-configured default publish location and default operation are assumed for the publish operation.

To perform this configuration, ensure that either single sign-on (SSO) or global credentials have been configured for the Lotus Quickr and the ECM servers and then specify the values for the following custom properties of the QuickrPublishConfig resource environment provider, followed by a restart of the Lotus Quickr server:

Property name	Property value
qkrPublishConfig.publishEnabled	`true`
qkrPublishConfig.targetHost	`http://<hostname>:9080`
qkrPublishConfig.targetLibrary	For IBM FileNet Services for Lotus Quickr: `/QuickrRoot/DefaultPlace/DefaultLibrary` For IBM Content Manager Services for Lotus Quickr: `/cmRoot/defaultApp/defaultLib`
qkrPublishConfig.targetFolder	`/<foldername>`
qkrPublishConfig.forceDefaultPublishLocation	`true`
qkrPublishConfig.forceDefaultOperation	`true`
qkrPblishConfig.setDefaultOperation	`copy`, `move`, or `link`
qkrPublishConfig.publishVaultSlot	Specifies the name of the credential vault slot where the global publishing credentials are stored, in case SSO has not been configured. Remember: If you have configured SSO between the Lotus Quickr server and the ECM server and still specify a slot name for this property, the credentials stored in the credential vault slot will be used for publishing to the ECM server rather than the SSO credentials.

Note: Depending on your setup, you may need to specify the values for the other custom properties of the QuickrPublishConfig resource environment provider.

Publish wizard customizations

You can publish a document or page from Quickr to the ECM server.

The default Publishing Web user interface (Publish Wizard) has two windows.

The Publish to External Location window is used to choose the publish target location.
The Select Publish Option window is used to choose how to deal with the published document or page. If metadata (properties) mapping is configured, you also see a Metadata Mapping window with which you can edit the values of metadata.

By using qpconfig.xml, you can customize the Publish Web user interface as shown in the following table:

Table 24. Qpconfig.xml settings for the publish wizard
Element	Description
<targetHost>http://lwptsthink47.cn.ibm.com:9080</targetHost>	URL of default ECM server.
<targetLibrary> /QuickrRoot/QKSmokeApplication/QKSmokeLibrary </targetLibrary>	Path of default library in default ECM server.
<targetFolder> /Test/</targetFolder>	Default doc publish target folder in default ECM server.
<setDefaultOperation>link </setDefaultOperation>	Default publish action (copy, move, link).
<allowHostEdit enabled ="true"> </allowHostEdit>	If the value of the attribute “enabled” is false, then users cannot type the server URL in the publish wizard. The Server field will be read only, and its value is the URL of the default ECM server (targetHost )
<forceDefaultPublishLocation enabled ="false"> </forceDefaultPublishLocation >	If the value of the attribute “enabled” is true, then the Select Location window will be skipped. Documents will be published to the default folder (targetFolder) in the default library (targetLibrary) of the default ECM server (targetHost).
<forceDefaultOperation enabled = "false"> </forceDefaultOperation>	If the value of the attribute “enabled” is true, then the Select Publish Option window will be skipped. Document publish will get default the publish action (setDefaultOperation) as its parameter.

The forceDefaultPublishLocation and forceDefaultOperation parameters can be combined to achieve different Publish Web user interfaces, as shown in the following table:

Table 25. Elements and their output
forceDefaultPublishLocation	forceDefaultOperation	Output
true	true	The Publish Wizard never displays. When you click Publish To from the context menu of a document, a pre-configured default publish location and default operation are used for the publish operation.
true	false	The Publish Wizard does display, but the Select Location window is skipped. The Required Properties window displays, followed by the Publish Options window, in which the publish operation is set by the value of the setDefaultOperation parameter.
false	true	The Publish Wizard does display, but the Publish Options window is skipped. Thus the wizard starts with the Select Location window, the user specifies the target server and the target folder, enters any required properties in the next window, and is presented with a Publish button instead of a Next button, with the value of setDefaultOperation determining the publish option to be used
false	false	The Publish Wizard displays and exhibits its default behavior. The user can enter any location and choose any publish option, although the value of setDefaultOperation determines which publish option is the default publish operation.

Map Lotus Quickr metadata with the ECM metadata for document publishing

Configure a basic mapping between the metadata associated with IBM Lotus Quickr documents to the metadata required for storing the documents published from Lotus Quickr to an ECM repository.

You need to map the properties associated with Lotus Quickr documents with the equivalent properties available in the ECM repositories. These properties are aggregated as Forms in Lotus Quickr, classes in IBM FileNet P8, and as attribute groups in IBM Content Manager. This mapping ensures that the field values associated with the Lotus Quickr documents are retained and transferred along with the document during a publish operation to an ECM repository.

Similarly, you can map the Lotus Quickr document types with the ECM document types. Document types help in associating Forms with a document. When you map Lotus Quickr document types with the ECM document types, document publishing stores Lotus Quickr documents as instances of the configured item types (as in IBM Content Manager) or classes (as in IBM FileNet P8) in the target ECM systems.

The configuration of mappings displays the Edit Properties page in the Publish wizard. The fields shown on this page are the properties that make up the target ECM document type. The page displays values pre-filled in the fields that have been mapped from Lotus Quickr to the ECM system. If you expect a field to have a value because the Lotus Quickr document has that field, check that the mapping is correct and that the corresponding datatypes of the fields can be mapped.

Note: Refer also to the Working with Documents section in the IBM Content Manager documentation for general information about Lotus Quickr documents published to an IBM Content Manager repository and mapping of metadata in the context of an IBM Content Manager repository.

Using Forms

Understand the Forms and recommendations for mapping Forms of IBM Lotus Quickr with their ECM equivalents.

Forms are a way of associating some relevant information or metadata with a document. This metadata is in the form of several user-defined and system-defined properties that describe a document.

Forms in Lotus Quickr

In Lotus Quickr, a Form contains fields of information that can be associated with a document type. For example, a date or a person field can be added to a Form.

In Lotus Quickr there are two kinds of documents, Page and Document. Before working with metadata mapping, you should understand the difference between a Page and a Document. When a document has a Single Attachment field but no Rich Text field, it is a Document; otherwise, it is a Page. So, when customizing a form, if you add a Single Attachment field but do not add a Rich Text field, the document created from that form is a Document.

When you upload or import a file, it is a Document. Other contents like page, link, Forum Topic and response, comments and list items are all pages. On the ECM server side, you can create a Page from some—but not all—document types in the ECM repository. Not all document types support Pages, but all document types supporting Pages also support Documents. It is OK to map a Document Form to a document type supporting a Page, but if you try to map a Page Form to a document type that doesn't support Page, it will fail.

Not all ECM document types support the Lotus Quickr Page document type. But all document types that support a Page also support a Document. Therefore, you can map a Document Form to a document type that supports a Page Form. If you map a Page Form to an ECM document type that does not support a Page Form a mapping failure occurs.

Property templates in IBM FileNet P8

In IBM FileNet P8, property templates define properties that can be associated with an object.

There are eight datatypes available for the properties that can be associated with an object. These are:

Binary
Boolean
DateTime
Float
ID
Integer
Object
String

A property template in IBM FileNet P8 provides the Lotus Quickr equivalent of a Form.

For more information about properties and property templates in FileNet P8, see the IBM FileNet P8 help topic Content Engine Administration > Properties.

Attribute groups in IBM Content Manager

In IBM Content Manager, properties are referred to as attributes. An attribute stores units of data (metadata) or values that describe a certain characteristic or property (for example, first name, surname, age, city, and so forth) of an item.

The available attribute types in IBM Content Manager are:

Character
Variable character
Short integer
Long integer
Decimal
Double
Date
Time
Time stamp
BLOB (Binary Large Object)
CLOB (Character Large Object)

For more information about attributes in IBM Content Manager, see Creating an attribute.

Similar to Forms of Lotus Quickr, attribute groups are available in IBM Content Manager. An attribute group is a convenient way to group one or more attributes together.

For more information about attribute groups in IBM Content Manager, see Creating attribute groups.

Recommendations for property type mappings

Table 26. Recommended property type mappings between Lotus Quickr, IBM FileNet P8, and IBM Content Manager
Lotus Quickr	IBM FileNet P8	IBM Content Manager
Plain Text	String	Variable character/Char
Text Area	String	Variable character/Char
Plain Text	Integer	Short integer/Long integer
Plain Text	Float	Decimal/Double
Rich Text	Object	CLOB
Name Pop-up	String	Variable character/Char
Pop-up List	String	Not applicable
Date Pop-up	DateTime	Date
Time Pop-up	DateTime	Time
Calandar Date-Time	DateTime	Timestamp
Task	String	Variable character/Char

Note:

Not all the property template types available in IBM FileNet P8 can be mapped to the available fields of Lotus Quickr. For example, the Binary property template type of FileNet P8 cannot be mapped to any of the available Lotus Quickr field.
When publishing Lotus Quickr documents that have a Time property on a Form to IBM FileNet P8, viewing the FileNet P8 document from the Lotus Quickr Connectors will show a timestamp property whose time part is the value from Lotus Quickr and whose date part is Jan. 1, 1970 (or Dec. 31, 1969 if the time specified is before midnight, GMT).
Not all the attribute types available in IBM Content Manager can be mapped to the available fields of Lotus Quickr. For example, the BLOB attribute type of IBM Content Manager cannot be mapped to any of the available Lotus Quickr fields.

Use the following methods to map the Lotus Quickr fields to those on your ECM repository.

Use the qpconfig.xml to configure mapping

Make appropriate configuration settings from the WebSphere Application Server administrative console to map the existing IBM Lotus Quickr property sheets to their ECM equivalents.

In Lotus Quickr you can customize a form to include different fields. Here a form is treated as a kind of document type, and you can then create a document from that customized form.

When metadata mapping between Quickr and ECM is enabled you can map a form to a document type. Then, when you publish a Quickr document created from that form, Lotus Quickr uses the mapped document type to create an ECM document, and the property's value will be the mapped field's value.

Below is a list of the metadata mapping types that are supported in Lotus Quickr.

Explicit mapping: Configures which form is mapping to which document type on the ECM server side, and which field is mapping to which property implicitly.
Semi-implicit mapping: Configures which form is mapping to which document type on the ECM server side explicitly, but does not configure which field is mapping to which property. If one field's name in Quickr matches one property's name, then they are mapped implicitly.
N fields to One property mapping: More than one field is mapping to only one property (this is a subcategory of Explicit mapping). The fields' names should be separated by a blank space.

Perform the following steps to use metadata mappings:

Customize a DemoForm in Lotus Quickr, adding a Plain Text field, a Date Pop-up field, and an Attachments field.
Configure qpconfig.xml to apply one of these three mapping types. You can run qptool to help to generate the mapping table:
- load qptool execute -i input.xml -o output.xml
Below is a sample of the input.xml file:
```
<?xml version="1.0"?>
<service>
<servers>
<server>
<hostname>QDServer.cn.ibm.com</hostname>
<places>
<place action="getMetadataCfg">
<name>demomapping</name>
</place>
</places>
</server>
</servers>
</service>
```
Note: Change “hostname” to your actual Quickr server's hostname, and change “name” to your place name.

The draft mapping is generated in an output.xml file. The following is a sample of the mapping information:

<form_60F44D802AC79D72482576F9002C5D11 formName="DemoForm">
<mappingInfo docType="">
<mapping field="c_DemoText" property="" propertySheetType=""/>
<mapping field="c_DemoDate" property="" propertySheetType=""/></mappingInfo>
</form_60F44D802AC79D72482576F9002C5D11>

Copy and paste the draft mapping into qpconfig.xml. You can then change it to set the different mapping types, as follows:

Explicit mapping

<form_60F44D802AC79D72482576F9002C5D11 formName="DemoForm">
<mappingInfo docType="DemoECMDocType">
<mapping field="c_DemoText" property="SSName" propertySheetType="PST1"/>
<mapping field="c_DemoDate" property="Date" propertySheetType="PST2"/></mappingInfo>
</form_60F44D802AC79D72482576F9002C5D11>

Semi-implicit mapping

<form_60F44D802AC79D72482576F9002C5D11 formName="DemoForm">
<mappingInfo docType="DemoECMDocType">
</form_60F44D802AC79D72482576F9002C5D11>

N to One property mapping

<form_60F44D802AC79D72482576F9002C5D11 formName="DemoForm">
<mappingInfo docType="DemoECMDocType">
<mapping field="c_DemoText c_DemoDate" property="Summary" propertySheetType="PST1"/>
</mappingInfo>
</form_60F44D802AC79D72482576F9002C5D11>

Note: When mapping N fields to One property, the property can only be the String type.

Restart Lotus Quickr.
Note: Lotus Quickr must be restarted every time updates are made to this configuration.

Use the following mapping strategy when filling in the property fields:

1. If a property value exists for a Lotus Quickr document or page, then use that value even if an ECM value exists.
2. If a property value only exists for ECM, then use the ECM document value.
3. If a value does not exist for the Lotus Quickr document or the ECM document, then use the default value for that property according to the ECM property type.

Note: When a Lotus Quickr document/page has been published before, then the corresponding ECM document/page already exists. ECM property value means the value of the property in this existing ECM document/page. The default value for ECM means the default value defined in an ECM document type.

Searching and retrieving ECM content

Configure your ECM setup to enable search across ECM repositories.

IBM Lotus Quickr users can perform a search over documents stored in an ECM repository using the Lotus Quickr search. The scope of this search, however, depends on the ECM repository that you have configured for integration with Lotus Quickr. The scope of a search from Lotus Quickr across IBM Content Manager is the subset of IBM Content Manager that comprises documents added from Lotus Quickr to IBM Content Manager using IBM Content Manager Services for Lotus Quickr, for example, by a publish operation or by using Lotus Quickr Connectors. If you have configured an IBM FileNet P8 repository, the search scope covers all the documents of the repository.

Search queries are submitted by using the Search box that is available at the side of Place Actions. With appropriate configuration settings, a Lotus Quickr user can view and use the Enterprise Content search scope from the search. Lotus Quickr users can download and view summary pages of the ECM documents returned in the result set.

Enterprise Content search scope

You can search over documents stored in an ECM repository by using Enterprise search. To do this, you must enable it and set the target ECM repository in qpconfig.xml under ECM configuration section as follows:

<ECM_Search_Target name="server_name" url="http://ecmserver1.cn.ibm.com:9080"/>

Restart the server for the changes to take effect.

Only one ECM server can be added for an ECM search. The ECM search field is located next to Place Actions.

Validate the search service configuration

Validate your search service configuration.

After you catalog the search service to the Lotus Quickr server, you must validate the search service configuration to ensure you can search directly from the Lotus Quickr search.

If you have already updated the index frequency or satisfied with the default frequency, simply add a sample document to the default ECM library using either Lotus Quickr Connectors (desktop integration) or by publishing a Lotus Quickr document to the default ECM library, provided you have configured the appropriate settings for publishing documents to the ECM repository. Next, make sure that the document is indexed on the remote server before you try to search it. Lastly, conduct a text search using the Lotus Quickr search.

To validate the search service configuration:

Add a document using desktop integration

Using the Lotus Quickr Connectors (desktop integration), add some sample documents to the remote ECM repository that you have configured for integration with Lotus Quickr.

Search from Lotus Quickr

Conduct a simple search from the Enterprise Content search scope directly from Lotus Quickr to validate the search configuration.

To conduct a search:

Log on to the Lotus Quickr server using your user ID and password.
At the top of the Lotus Quickr Home page, click the search scope icon and select the Enterprise Content search scope.
Enter a word you know exists within your ECM repository content and press Enter.
All the documents that contain the word you searched will display on the page. Obtaining search results indicates successful configuration of the search service.

Terminology and concepts

Get familiar with the terms used in the subsequent topics for configuring IBM Lotus Quickr integration with ECM systems.

Terms shown in italics are defined elsewhere in this topic.

A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

A

Application Engine: Application Engine is the IBM FileNet P8 component that hosts the Workplace web application, Workplace java applets, and application development tools. It is the presentation layer for both process and content.
attribute: In IBM Content Manager, a unit of data that describes a certain characteristic or property (for example, name, address, age, and so forth) of an item, and which can be used to locate that item. An attribute has a type, which indicates the range of information stored by that attribute, and a value, which is within that range.
attribute group: In IBM Content Manager, convenience grouping of one or more attributes. For example, Address attribute group might include the attributes Street, City, State, and Zip.

C

Content Engine: An IBM FileNet P8 component that is capable of managing enterprise-wide workflow objects, custom objects, and documents by offering powerful and easy-to-use administration tools. Using these tools, an administrator can create and manage the classes, properties, storage, and metadata that form the foundation of an Enterprise Content Management system.
Custom Library: A Custom Library provides a connection to an ECM library from a Lotus Quickr place. This allows you to upload new documents, edit existing documents, replace documents and delete documents on an ECM server directly from a Lotus Quickr place.

D

document type: An object that allows aggregation of property sheets on Lotus Quickr documents and enforces a certain file extension or mime type on Lotus Quickr documents. See also local document types and shared document types.

E

ECM: See Enterprise Content Management.
ECM documents: Documents stored in an ECM repository. These documents can either be documents originally stored in the ECM repository or can be documents published from Lotus Quickr to the ECM repository.
ECM document links: Links created to documents of an ECM repository either explicitly from Lotus Quickr libraries and rich text areas, or by moving Lotus Quickr documents to an ECM repository using the Replace with link option of the Publish wizard.
ECM repository: For the purpose of this documentation, a subset of a complete enterprise content management offering that encompasses its content storage capabilities.
ECM services: A set of services that enable integration between Lotus Quickr and Enterprise Content Management systems, such as IBM FileNet P8 and IBM Content Manager. ECM services include IBM FileNet Services for Lotus Quickr and IBM Content Manager Services for Lotus Quickr.
ECM system: For the purpose of this documentation, a subset of a complete enterprise content management offering that encompasses the content storage capabilities as well as the configurability aspect of the ECM offering.
Enterprise Content Management: A set of tools and technologies that help companies make better decisions faster by managing content, optimizing associated business processes, and enabling compliance through an integrated information infrastructure.

F

FileNet P8: See IBM FileNet P8

I

IBM Content Manager: An ECM system that stores, manages, accesses, and distributes all types of digital content; integrates with core applications; offers scalability, security, and openness on AIX, Windows NT,Linux or Solaris.
IBM Content Manager Services for Lotus Quickr: A set of services that enables integration between Lotus Quickr and IBM Content Manager.
IBM DB2 Information Integrator for Content: A component of DB2 Content Manager that allows you to quickly access information across all your content servers.
IBM FileNet P8: A reliable, scalable and highly available enterprise platform that enables you to capture, store, manage, secure and process information to increase operational efficiency and lower total cost of ownership.
IBM FileNet Services for Lotus Quickr: A set of services that enables integration between Lotus Quickr and IBM FileNet P8.
IBM FileNet Workplace XT: Workplace XT is an optional IBM FileNet P8 platform component (similar to Application Engine) that hosts the Workplace XT web application, providing access to the process and content functionality of IBM FileNet P8. You can install Workplace XT in addition to or in place of Application Engine.
item: In IBM Content Manager, generic term for an instance of an item type. For example, an item might be a folder, document, video, or image.
item type: In IBM Content Manager, a template for defining and later locating like items, consisting of a root component, zero or more child components, and a classification.

L

library server: The component of a DB2® Content Manager system that stores, manages, and handles queries on items. In DB2 Content Manager, an item is a generic term for an instance of an item type and might be a folder, document, video, or image.
local document type: A document type that is available only to the library in which it was authored.

O

object store: A set of services provided by Content Engine to access and manage documents and other objects. An object store resides in a FileNet P8 domain, which can contain many object stores.

P

parametric search: A query for objects that is based on the properties of the objects.
property sheet: Collections of user-defined and system-defined data applicable to Lotus Quickr documents. In IBM FileNet P8, a property sheet is an Enterprise Manager dialog box made up of tabbed pages, also called property pages, that make available such things as the object's descriptive information, properties, and security settings.
publish: The action of copying or moving documents from Lotus Quickr to an ECM repository.
publish wizard: A user interface element consisting of dialogs that guide through the sequence of steps to publish a Lotus Quickr document to an ECM repository. The publish wizard is displayed whenever the Publish to option is selected from the context menu of a document in a library of a Lotus Quickr system appropriately configured for publishing documents to an ECM repository.

Q

QuickrPublishConfig: A resource environment provider accessible from the administrative console for WebSphere Application Server that you need to configure to enable publishing of Lotus Quickr documents to an ECM repository.
QuickrWhitelistProvider: A resource environment provider accessible from the administrative console for WebSphere Application Server that enables you to specify a list of allowed domains that can be accessed from your Lotus Quickr environment. Configuring this resource environment provider is important to prevent access to external servers with malicious content.

R

resource manager: The component of a DB2 Content Manager system that manages objects. These objects are referred to by items stored on the library server.

S

shared document type: A document type that is available to all the libraries; irrespective of the library in which it was authored.

W

Workplace: An end-user web application that provides access to the document management capabilities and is tightly integrated with the business process management capabilities of IBM FileNet P8. This application allows users to add documents and other items to an object store, to browse and search for items, and to run workflows.

Workplace XT (client): An end-user web application that provides access to the document management capabilities of, and is tightly integrated with the business process management capabilities of, IBM FileNet P8.

Troubleshooting

Know the limitations and workarounds for problems when configuring IBM Lotus Quickr for ECM integration.

Troubleshoot integration of Lotus Quickr with IBM FileNet P8

Access the following links to troubleshoot problems with IBM FileNet Services for Lotus Quickr

Lotus Quickr troubleshooting technotes: http://www.ibm.com/support/search.wss?tc=SSCUPCT
All troubleshooting information for IBM FileNet Services for Lotus Quickr and for IBM FileNet P8, in general, can be found in the Troubleshooting Guide available on the Product Documentation for FileNet P8 Platform page.

Troubleshoot integration of Lotus Quickr with IBM Content Manager

Access the following links to troubleshoot problems with IBM Content Manager Services for Lotus Quickr

Lotus Quickr troubleshooting technotes: http://www.ibm.com/support/search.wss?tc=SSCUPCT
Troubleshooting IBM Content Manager Services for Lotus Quickr in the IBM Content Manager Information Center
Troubleshooting search in the IBM Content Manager Information Center

Enabling Lotus Sametime features in places

You can enable the awareness, instant messaging, and Web conferencing (meeting) features of IBM Lotus Sametime in places. Then members of a place can see when other members are online, chat with other members, and schedule and participate in online meetings with other members all from within the place.

Note the following requirements for this feature:

Refer to the Lotus Quickr system requirements to see which version of Lotus Sametime is compatible.
On the IBM AIX and IBM i operating systems, you can install Lotus Quickr and Lotus Sametime on one computer if they are installed on separate partitioned IBM Lotus Domino servers. On Microsoft Windows you must install the two products on separate computers.
The Lotus Quickr and Lotus Sametime servers must reside in the same Lotus Domino domain and the same DNS domain.
You must enable single sign-on authentication for Lotus Quickr and for Lotus Sametime.
The Lotus Sametime features are available only to place members registered in an LDAP directory, and not to local users.
Domino LDAP must be used on Lotus Quickr if a Native Domino directory is used on Sametime because the name formatting must be identical.
If you use a Lotus Domino Directory as your LDAP Directory, using one on a different server than either the Lotus Quickr or Lotus Sametime server is recommended. Then if you shut down one of the application servers (Lotus Quickr or Lotus Sametime), other servers continue to have access to the LDAP directory. The Lotus Sametime server requires access to the directory to run.

Perform the following steps:

Preparing the servers to enable Lotus Sametime features in places

Before you enable IBM Lotus Sametime features in places you must prepare the servers.

The steps described here assume that you are enabling the Lotus Sametime features for the first time rather than upgrading an existing integration configuration. The steps also assume that you installed either Lotus Sametime or IBM Lotus Quickr first and are now integrating with the other product. If instead you are installing both of the products at the same time, you should set up multi-server session-based authentication (single sign-on) between the IBM Lotus Domino servers on which they run before installing the products. Using this approach, you can first isolate and solve any authentication problems that might arise between the Lotus Domino servers.

Perform the following steps:

Make sure that you have installed or upgraded to Lotus Quickr. When prompted for the administrator name and password during a new installation, type a name that is not in the LDAP directory.
Connect Lotus Quickr to the same LDAP directory that you also use for Lotus Sametime. Both servers must use the same directory.
Make sure that you have installed the appropriate version of Lotus Sametime. For more information, see the Lotus Sametime installation guide that is appropriate for your platform, available on the Web at http://www.lotus.com/ldd/doc.
Note: Configure the Lotus Sametime server to use HTTP port 80 or to tunnel over port 80; this step is required for the awareness feature.
Verify that awareness and instant messaging are working for Lotus Sametime. If you plan to integrate Web conferencing (meetings) with Lotus Quickr, verify, too, that Web conferencing is working.
Perform the following steps to update the Web SSO Configuration for Ltpa token document that was created when you installed Lotus Sametime:
1. Ensure that the Lotus Domino Directory on the server has replicated throughout the Lotus Domino domain since you installed Lotus Sametime.
2. Using IBM Lotus Notes open the Lotus Domino Directory on the Lotus Sametime server.
3. Click the Configuration > Web Server Configurations view.
4. From within this view, expand the list of Web SSO Configurations.
5. Open the Web SSO Configuration for Ltpa Token document in edit mode. If you cannot edit the document, contact an administrator about getting edit access or editing the document for you.
6. Make sure that the Domino Server Names field contains the name of each of the Lotus Quickr and Lotus Sametime servers that should participate in single sign-on.
7. Make sure that the DNS Domain field contains the fully-qualified DNS domain name of the Lotus Quickr and Lotus Sametime servers.
8. Click Keys > Create Domino SSO Key if you want to create a new key for SSO.
9. Open the Server document for the Lotus Sametime server.
10. Click Internet Protocols > Domino Web Engine.
11. In the HTTP Sessions section, select LtpaToken in the Web SSO Configuration field.
12. Click Save & Close.
13. Replicate the edits to the Lotus Quickr server.
Perform the following steps to enable single sign-on authentication on the Lotus Quickr server:
1. From IBM Lotus Notes, open the Lotus Domino Directory for the domain.
2. Open the Server document for the Lotus Quickrserver in edit mode.
3. Click Ports > Internet Ports > Web and then in the Name & password field for the Web port select Yes.
4. Click Internet Protocols > Domino Web Engine , and in the Session authentication field select Multiple Servers (SSO), and then click OK.
5. In the Web SSO Configuration field, select LtpaToken.
6. Click Save & Close.
7. Add the following setting to the notes.ini file on the Lotus Quickrserver: NoWebFileSystemACLs=1
8. Create a database from the Domino Web Server Configuration template (domcfg5.ntf), giving the database the file name domcfg.nsf.
9. Open the database you created and click Add Mapping to open a mapping document.
10. In the Target Database field of the mapping document, type lotusquickr/resources.nsf.
11. In the Target Form field, type QuickPlaceLoginForm, and then click Save & Close to save the document.
Optional: To be able to create an online meeting if the Lotus Quickr server is enabled for SSL, perform the following steps:
1. Using your preferred browser, export the SSL certificate, for example, named something similar to dq18sv.cer. Different browsers use slightly different methods for exporting certificates.
2. Import the certificate into JRE security as follows:
  1. Launch ikeyman, the IBM Key Management application, for example, located in C:\Program Files (x86)\IBM\Lotus\Domino\jvm\bin\ikeyman.exe.
  2. Select JCEKS as the key database type.
  3. Open C:\Program Files (x86)\IBM\Lotus\Domino\jvm\lib\security\cacerts using the password changeit.
  4. Switch to Signer Certificates, click Add, and import the certifier dq18sv.cer.
  5. Close ikeyman.
3. Open java.security, for example, located under C:\Program Files (x86)\IBM\Lotus\Domino\jvm\lib\security\java.security.
4. Change the keystore.type setting to jceks as follows: keystore.type=jceks.
Restart the Lotus Domino servers.
Perform the following steps to verify that single sign-on is working between Lotus Quickr and Lotus Sametime:
1. From a browser, connect to the Lotus Quickr server. Because multi-server sign-on is enabled, you must enter the fully qualified host name to connect, for example, http://qpserver.acme.com/quickplace
2. Log in to Lotus Quickr using the name of an external user registered in the LDAP directory.
3. Create a test place and verify that you can add several members from the LDAP directory.
4. Using the same browser session, connect to the Lotus Sametime server. For example, enter http://stserver.acme.com/stcenter.nsf.
5. Go to the Attend Meeting page and verify that you are still logged on to the server. If you can authenticate once and remain logged on to both Lotus Quickr and Lotus Sametime, multi-server sign-on is working. If you must authenticate more than once, multi-server sign-on is not working and you must resolve the problem before continuing.

Enabling awareness and instant messaging in places

Enable online awareness and instant messaging so that place members can see when other members are online and can chat with them from places.

Perform these steps:

Copying the required Java files

To prepare to enable instant messaging and awareness in places, copy required Java files to the IBM Lotus Sametime server.

Perform these steps:

Download the Lotus Sametime 8.5x Software Development Kit (SDK) to a convenient directory. Find the tookit on the Toolkits tab of the Lotus Downloads section of developerWorks® at http://www.ibm.com/developerworks/lotus/downloads/toolkits.html.
Unzip the download file to a convenient directory to access the contents of the bin subdirectory.
In the Lotus Sametime server data directory, create the subdirectory path Domino\html\QuickPlace\peopleonline. For example, on Microsoft Windows, if the path to the data directory is C:\Lotus\Domino\Data, the path to the peopleonline subdirectory should be C:\Lotus\Domino\Data\Domino\html\QuickPlace\peopleonline.

(IBM i only) Change the owner of the new subdirectories to QNOTES. For example, enter the following commands:

CHGOWN OBJ('*!ENTITY!*ST_server_data_dir>/Domino/html/QuickPlace') NEWOWN(QNOTES)
CHGOWN OBJ('*!ENTITY!*ST_server_data_dir>/Domino/html/QuickPlace/peopleonline') NEWOWN(QNOTES)

Copy the files listed below to the QuickPlace\peopleonline subdirectory you just created on the Lotus Sametime server:

File name	Copy from	Copy to
STComm.jar	client\stjava\bin subdirectory of the Lotus Sametime SDK	\Domino\html\QuickPlace\peopleonline subdirectory of the Lotus Sametime server data directory
CommRes.jar	client\stjava\bin subdirectory of the Lotus Sametime SDK	\Domino\html\QuickPlace\peopleonline subdirectory of the Lotus Sametime server data directory
PeopleOnline31.jar	On WindowsIBM AIX, AIX, the Lotus Quickr subdirectory of the Lotus Quickr server data directory. For example: On Windows: C:\Lotus\Domino\Data\LotusQuickr\PeopleOnline31.jar On AIX: /opt/notesdata/LotusQuickr/PeopleOnline31.jar On IBM i the following directory: /qibm/proddata/lotus/QuickPlace/DATA/LOTUSQUICKR/PeopleOnline31.jar	\Domino\html\QuickPlace\peopleonline subdirectory of the Lotus Sametime server data directory

File name

Copy from

Copy to

STComm.jar

client\stjava\bin subdirectory of the Lotus Sametime SDK

\Domino\html\QuickPlace\peopleonline subdirectory of the Lotus Sametime server data directory

CommRes.jar

client\stjava\bin subdirectory of the Lotus Sametime SDK

\Domino\html\QuickPlace\peopleonline subdirectory of the Lotus Sametime server data directory

PeopleOnline31.jar

On WindowsIBM AIX, AIX, the Lotus Quickr subdirectory of the Lotus Quickr server data directory. For example:

On Windows:

C:\Lotus\Domino\Data\LotusQuickr\PeopleOnline31.jar

On AIX:

/opt/notesdata/LotusQuickr/PeopleOnline31.jar

On IBM i the following directory:

/qibm/proddata/lotus/QuickPlace/DATA/LOTUSQUICKR/PeopleOnline31.jar

\Domino\html\QuickPlace\peopleonline subdirectory of the Lotus Sametime server data directory

Verify that the QuickPlace\peopleonline subdirectory contains the three files.

(IBM i only) Enter the following command to ensure that QNOTES is the owner of each of the files:

CHGOWN OBJ('*!ENTITY!*ST_server_data_dir>/Domino/html/QuickPlace/peopleonline/*') NEWOWN(QNOTES)

Specifying the Lotus Sametime server for Lotus Quickr to use

Use the Site Administration link on the IBM Lotus Quickr to specify the IBM Lotus Sametime server to use.

Perform these steps:

Log in to Lotus Quickr as an administrator.
Click the Site Administration link.
Click Other Options.
Click Edit Options.
Below Sametime Servers, type the URL for the Lotus Sametime server in the Sametime Community Server field, specifying the fully qualified host name, for example http://stserver.acme.com.
Note: If your Lotus Sametime server is configured to use Secure Sockets Layer (SSL), type https:// in the URL rather than http://.
Click Next.
Wait a few minutes for the setting to take effect, or restart the Lotus Quickr server to enable awareness and instant messaging immediately .

Verifying that places are enabled for awareness and instant messaging

Verify that awareness and instant messaging is enabled and working in places.

Perform these steps:

Perform the following steps to verify the IBM Lotus Quickr settings:
1. Log in to a place as a manager.
2. Click Customize.
3. Click Basics.
4. Ensure that Members can see who is online and send instant messages is checked. This option only appears if Sametime awareness is enabled through Site Administration.
5. Click Done.
To verify that awareness is working, log in to a place using a name in the user directory and check for the awareness icon next to your login name.
Note: Lotus Sametime features are available only to members registered in a user directory and not to members registered locally in places.
To verify that instant messaging is working, click the Chat link on the right side of a page, right-click your name in the members list, or the name of another member that is online, and select Message.

Enabling online meetings

After you have enabled awareness and instant messaging in places, you can enable online meetings so that members can participate in online meetings from places.

Perform the following steps:

Configuring a user for Lotus Quickr meeting integration

Configure a meeting user on the IBM Lotus Sametime server for integration with IBM Lotus Quickr.

Perform these steps:

Register a user with an Internet password in the Domino Directory on the Lotus Sametime server. Use this name only for integration of Lotus Sametime with Lotus Quickr.
Add the name of that user to the access control list (ACL) of the STConfig.nsf database on the Lotus Sametime server. Assign the user name Manager access, the "Person" user type, and the [SametimeAdmin] role. For more information on database ACLs, see Domino Administrator Help.
Shut down and restart the Lotus Sametime server.

Copying files required for online meetings

Copy and configure files on the Lotus Quickr server.

Perform these steps:

Copy the files from the Lotus Sametime server to the Lotus Quickr server, as described in the following tables:

On Microsoft Windows:

File	Copy from	Copy to
STMtgManagement.jar	Domino program directory of the Lotus Sametime server, for example: C:\Program Files\Lotus\Domino	Domino program directory of the Lotus Quickr server, for example: C:\Program Files\Lotus\Domino
STCore.jar	Lotus Domino program directory of the Lotus Sametime server.	Lotus Domino program directory of the Lotus Quickr server.
ServiceLocator.properties	Lotus Domino program directory of the Lotus Sametime server.	Lotus Domino program directory of the Lotus Quickr server.
sametime.ini	Lotus Domino program directory of the Lotus Sametime server.	Lotus Domino program directory of the Lotus Quickr server

On IBM AIX:

File	Copy from	Copy to
STMtgManagement.jar	Lotus Domino program directory of the Lotus Sametime server, for example: /opt/lotus/notes/<latest>/ibmpow/	Lotus Domino program directory of the Lotus Quickr server, for example: /opt/lotus/notes/<latest>/ibmpow/
STCore.jar	Lotus Domino program directory of the Lotus Sametime server.	Lotus Domino program directory of the Lotus Quickr server.
ServiceLocator.properties	Lotus Sametime server data directory, for example: /opt/notesdata	Lotus Quickr server data directory, for example: /opt/notesdata
sametime.ini	Lotus Sametime server data directory.	Lotus Quickr server data directory.

On IBM i

File	Copy from	Copy to
STMtgManagement.jar	The following directory on IBM i server where you installed Lotus Sametime: /qibm/proddata/lotus/sametime	The following recommended directory on the IBM i server on which you installed Lotus Quickr: /QIBM/UserData/Lotus/QuickPlace/
STCore.jar	The following directory on the IBM i server where you installed Lotus Sametime: /qibm/proddata/lotus/sametime	The following recommended directory on the IBM i server on which you installed Lotus Quickr: /QIBM/UserData/Lotus/QuickPlace/
ServiceLocator.properties	Lotus Sametime server data directory.	Lotus Quickr server data directory.
sametime.ini	Lotus Sametime server data directory.	Lotus Quickr server data directory.

(IBM i only) Use the CHGOWN command to change the owner of the files copied in the previous step to QNOTES. For example, enter the following commands:

CHGOWN OBJ('/qibm/userdata/lotus/quickplace/ST*') NEWOWN(QNOTES)
CHGOWN OBJ('<QP_server_data_directory>/sametime.ini') NEWOWN(QNOTES)
CHGOWN OBJ('<QP_server_data_directory>/ServiceLocator.properties') NEWOWN(QNOTES)

On the Lotus Quickr server, edit the JavaUserClassesExt setting in the notes.ini file.
- On Windows, add the text indicated in bold below to the setting. Where a path is indicated, substitute your own Lotus Domino program directory path.

JavaUserClassesExt=QPJC1,QPJC2,QPJC3,QPJC4

QPJC1=C:\PROGRAM FILES\LOTUS\DOMINO\quickplace.jar

QPJC2=C:\PROGRAM FILES\LOTUS\DOMINO\log4j-118compat.jar

QPJC3=C:\PROGRAM FILES\LOTUS\DOMINO\STCore.jar

QPJC4=C:\PROGRAM FILES\LOTUS\DOMINO\STMtgManagement.jar

On AIX, add the text indicated in bold below to the setting. Where a path is indicated, substitute your own Lotus Domino program directory path.

JavaUserClassesExt=QPJC1,QPJC2,QPJC3,QPJC4

QPJC1=/opt/lotus/notes/<latest>/ibmpow/quickplace.jar

QPJC2=/opt/lotus/notes/<latest>/ibmpow/log4j-118compat.jar

QPJC3=/opt/lotus/notes/< latest >/ibmpow/STCore.jar

QPJC4=/opt/lotus/notes/< latest >/ibmpow/STMtgManagement.jar

On IBM i, add the text indicated in bold below, assuming you added the STMtgManagement.jar and STCore.jar files to the recommended directory:

JavaUserClassesExt=LQPJava1,LQPJava2,LQPJava3,LQPJava4

LQPJava1=/QIBM/ProdData/Lotus/QuickPlace/quickplace.jar

LQPJava2=/QIBM/ProdData/Lotus/QuickPlace/log4j-118compat.jar

LQPJava3=/QIBM/UserData/Lotus/QuickPlace/STCore.jar

LQPJava4=/QIBM/UserData/Lotus/QuickPlace/STMtgManagement.jar

Configuring the qpconfig.xml file for online meetings

Specify online meeting settings in the qpconfig.xml file on the Lotus Quickr server.

Perform these steps:

Look for the qpconfig.xml file in the Lotus Quickr server data directory. If there is no qpconfig.xml file, make a copy of the qpconfig_sample.xml file and name the copy qpconfig.xml.
Open the qpconfig.xml file with a text editor.
Make sure there is a <sametime> section in the file. If there is no <sametime> section, copy that section from the qpconfig_sample.xml file.
If the following lines exist in the<sametime> section of the file, remove them to enable the settings in the <sametime> section:
```

```

Within the <credentials> element, type the distinguished name and Internet password of the user you configured in the Domino Directory for Lotus Quickr meeting integration.

<sametime ldap="true">  
   <meetings invite_servers="false">    
      <tools>
         <audio enabled="true"/>
         <video enabled="true"/>
      </tools>
      <credentials>
        <dn>cn=John Doe/o=acme</dn>
        <password>xw356l78</password>
      </credentials>
   </meetings>
</sametime>

Specify other <sametime> settings as needed:
- If the Lotus Sametime server is configured to invite other Lotus Sametime servers to meetings, set invite_servers="true" in the <meetings> element to support that feature in Lotus Quickr.
- If you do not want to use audio Web conferencing features, set the audio enabled attribute to "false" in the <tools> element.
- If you do not want to use Web conferencing video features, set the video enabled attribute to "false" in the <tools> element.
Save the qpconfig.xml file and restart the server for the settings to take effect.

Specify the Lotus Sametime meeting server for Lotus Quickr to use

Use the Site Administration link on the IBM Lotus Quickr server to specify the IBM Lotus Sametime meeting server to use.

Perform these steps:

Log in to Lotus Quickr as an administrator.
Click the Site Administration link.
Click Other Options.
Click Edit Options.
Below Sametime Servers, type the URL for the Lotus Sametime server in the Sametime Meeting Server field, specifying the fully qualified host name, for example http://stserver.acme.com.
Click Next.

Verifying that place members can use online meetings

To test the online meeting configuration, verify that members of places can use online meetings.

Perform these steps:

Log in to a place as a manager.
Click Customize.
Click Basics.
On the Change Basics page, make sure that Members can schedule online meetings is selected.
Click Done.
Click the name of the place to return to the beginning.
Create an event in your Calendar, and expand Sametime Meeting.
Fill in the relevant fields, and then click Create.

Users who subscribe to calendar events should receive an invitation in their mail, with a link to the meeting. For more information on subscribing to calendar events, click Help in a place.

Setting up Lotus Quickr for offline use

Domino Off-Line Services provides the means for users to take places offline, make changes to the places, and then synchronize the changes with the online version on the server. A user must be an individual member of a place to take it offline; users who access a place through group membership cannot take places offline.

Offline use is supported only for Microsoft Windows users. The IBM Lotus Quickr for Domino offline feature is not enabled in the initial eGA version of 8.5 but will be delivered in a subsequent interim fix soon after eGA.

To set up IBM Lotus Quickr for offline use, perform the following steps:

Enabling Domino Off-Line Services

The first step in setting up IBM Lotus Quickr for offline use is enabling Domino Off-Line Services.

Enabling Domino Off-Line Services on Windows, Linux, or AIX

To enable Domino Off-Line Services if your server runs on the Microsoft Windows or IBM AIX operating system, edit the Domino Directory and the notes.ini file.

Note: Users who are members of external groups cannot take a place offline.

Perform the following steps:

Start the Domino server.
Open the Domino Directory, typically, names.nsf.
Open the server's Server document in the directory.
Click Internet Protocols - HTTP.
Type the following value in the DSAPI filter file names field, if it is not already there:
- On Windows: ndolextn
- On AIX or Linux: libdolextn
Save the edited Server document.
Stop the Domino server.
Navigate to the Domino program directory, and open the Domino server's notes.ini file.
Add the two settings indicated in the following table to the notes.ini file:
Table 27. Lines to add to the notes.ini file
Operating system

Settings

Windows

CheckCacheBeforeDSAPI=1

AIX, Linux

EXTMGR_ADDINS=libqpextmgr_r.a

CheckCacheBeforeDSAPI=1
Make sure there is a blank line at the end of the notes.ini file. Press Enter to create a blank line, if necessary.
Save the file.
Start the Domino server.

Table 27. Lines to add to the notes.ini file
Operating system	Settings
Windows	CheckCacheBeforeDSAPI=1
AIX, Linux	EXTMGR_ADDINS=libqpextmgr_r.a CheckCacheBeforeDSAPI=1

Enabling Domino Off-Line Services on IBM i

If your server runs on the IBM i operating system, use IBM i Navigator to ensure that Domino Off-Line Services is properly enabled on your IBM Lotus Domino server:

Stop the Domino server.
Using IBM i Navigator, open the system where your Domino server is located and display the list of Domino servers.
- Click Network.
- Click Servers.
- Click Domino to display the list of Domino servers.
If necessary, change the server setting to enable Domino Off-Line Services.
- Right-click your Domino server and select Properties.
- On the Services tab, select Domino Off-Line Services from the "Enable services" list.
- Click Enable.
- Click OK.
  Tip: You can also use an IBM i command interface and enter the following command:
CHGDOMSVR SERVER(servername) DOLS(*YES)

where servername is the name of your Domino server.
Edit the notes.ini file for your Domino server:
- Right-click your Domino server and select Properties.
- On the Initialization File tab, click Edit and add the following settings:
```
EXTMGR_ADDINS= qpexmgr 
CheckCacheBeforeDSAPI=1
```
  Note: If these lines begin with a semicolon (;), then these lines are designated as comments, and the semicolon should be removed.
- Save and close the notes.ini file.
- Click OK on the Properties dialog box.
Start the server.

Creating certifier IDs for offline use

To set up authentication for offline members, you create one or more certifier IDs that can authenticate the members, and then attach each certifier ID to an Offline Security Policy document in the Offline Services database (doladmin.nsf). When members install places offline, the Domino server uses the certifier ID to generate new user IDs, and downloads the IDs to the members' computers. These IDs are used to authenticate the members when they synchronize the offline and online versions of places.

Understanding the certifier ID requirements

Certifier IDs are required to ensure offline user authentication works when users are in different organizational hierarchies from the IBM Lotus Quickr server, when users are at different levels of organizational hierarchy, or for other security and organizational situations.

The following points about certifier IDs are important to keep in mind to ensure offline user authentication works properly. For more information on certifier IDs, see Domino Administrator Help.

New organization certifier required for external users in a different organization from the server

If external offline users are in a different organization hierarchy from the IBM Lotus Domino server on which IBM Lotus Quickr runs, you must create an organization certifier ID for their organization, cross-certify that certifier ID with the Domino server's organization certifier ID, and then attach the cross-certified ID to an Offline Security Policy document. For example, if the Domino server is within the /Org organization, but there are external users within the /Acme organization, create an /Acme organization certifier ID, cross-certify it with the /Org certifier ID, and then create an Offline Security Policy document and attach the cross-certified /Acme certifier ID to it.

Certifiers authenticate one level down

A certifier ID authenticates only users with names at its level and one organizational unit level down in the name hierarchy. For example, the /Acme organization certifier authenticates Alice Brown/Acme, Lee Moutal/Marketing/Acme, and Maryane Burns/Sales/Acme, but not Claudia Basso/East/Sales/Acme. To authenticate Claudia Basso/East/Sales/Acme, you must create an organizational unit certifier ID for /Sales/Acme, and then create an Offline Security Policy document and attach the ID to it.

Separate organizational unit certifier recommended for external users within the same organization as the server

If offline users are within the organization hierarchy of the Domino server on which Lotus Quickr runs, put them under their own organizational unit certifier as a security measure to limit their access to the Domino server.

Distinguished names that do not follow the Domino naming convention require translation

Domino recognizes only the following delimiters in a distinguished name: "CN,"OU," "O," and (optionally) "C". If the distinguished names of external member use different delimiters, you must use the name_translation setting in the offline section of the qpconfig.xml file on the server to translate them to the Domino format. When you create an Offline Security Policy document, you use the Domino format when specifying the certifier name.

/QP organizational unit certifier required for local users

For local offline users, create the organizational unit certifier /QP from the Domino server's certifier. For example if the Domino server's certifier is the organization certifier /Org, use the /Org certifier ID to create the organizational unit certifier /QP/Org, and then attach the /QP/Org certifier ID to an Offline Security Policy document. Or if the Domino server's certifier is the organizational unit certifier /Sales/Org, use the /Sales/Org certifier ID to create the organizational unit certifier /QP/Sales/Org, and then attachthe/QP/Sales/Orgcertifier to an Offline Security Policy document.

Separate Security Policy documents required for local and external users

You must create separate Security Policy documents and IDs for local users (users registered in places) and external users (users registered in a directory). You can attach only one certifier ID to each Security Policy document.

Creating an organization certifier for external members in a different organization

Certifier IDs are required to ensure offline user authentication works when users are in different organizational hierarchies from the IBM Lotus Quickr server.

If external offline members are in a different organization hierarchy than the IBM Lotus Domino server on which IBM Lotus Quickr runs, create an organization certifier ID for that organization and then cross-certify that certifier ID with the Domino server's certifier ID. For example, if the Domino server certifier is the /Org certifier, but external users are within the /Acme organization, create an /Acme organization certifier ID and then cross-certify /Acme with /Org.

To create the organization certifier:

From the Domino Administrator, select your server, for example, ServerA/Org.
Click the Configuration tab.
On the right pane of the Domino Administrator, click Registration, and then click Organization to open the Register Organization Certifier dialog box.
Click Registration Server and choose the Domino server's name, for example, ServerA/Org, and then click OK.
In the Organization name field, type the organization name of the external users, for example, Acme.
Optional: Type a country code.
In the Certifier password field, type a password for the new organization certifier ID.
Click Set ID File and specify a file name, for example acme.id, and local path name in which to save the new certifier ID file.
Note: For security reasons, back up doladmin.nsf and delete the ID file from your system directory after this ID is attached to an Offline Security Policy document.
Optional: Complete additional fields in the Register Organization Certifier dialog box. Click ? for information on these fields.
Click Register to create the organization certifier ID locally and to register the certifier in the Domino Directory of the Domino server.
Perform the following steps to cross-certify the certifier ID you created with the Domino server certifier:
1. If you are using a remote Domino Administrator client, copy the Domino server's certifier ID to the local machine. By default, the server's certifier ID file is called cert.id and is located in the Domino data directory on the server.
2. Verify that the Domino server is selected in the Domino Administrator.
3. From the Domino Administrator, click Configuration.
4. Click Certification, and then click Cross Certify.
5. Click Certifier ID and select the Domino server certifier ID, for example, cert.id, and then click OK.
6. Type the password for the Domino server's certifier ID. The administrator who set up the Domino server created this password.
7. In the Choose ID to be Cross-Certified dialog box, select the organizational certifier ID you created, for example, acme.id,
8. In the Issue Cross Certificate dialog box, click Cross Certify to create a cross-certificate in the Domino Directory of the Domino server.

Creating an organizational unit certifier for external members

If external members are in a different organization from the Lotus Domino server, create an organizational unit certifier ID for these members if their names are more than one organizational unit level down in the name hierarchy from the organization certifier you created in the previous step.

For example, to authenticate Claudia Basso/East/Sales/Acme, you must create an organizational unit certifier for /Sales/Acme from the /Acme certifier. However, for the users Alice Brown/Acme, Lee Moutal/Marketing/Acme, and Maryane Burns/Sales/Acme, there is no need to create an organizational unit certifier because the /Acme certifier will authenticate them.

If members are in the same organization as the Domino server, creating an organizational unit certifier ID from the server certifier specifically for them is recommended as a way to restrict their access to the server.

To create the organizational unit certifier:

Make sure the certifier ID from which you will create the organizational unit certifier is stored locally on the machine on which you run the Domino Administrator.
From the Domino Administrator, select the Domino server, for example, ServerA/Org.
Click Configuration.
Click Registration > Organizational Unit.
Click Server and select the Domino server.
Click Certifier ID and choose the certifier ID to use to create the organizational unit certifier, for example, acme.id or cert.id, and then click OK.
Type the password for the selected certifier ID and click OK.
If the message The certifier ID you have chosen does not contain recovery information is displayed, read the message, and click OK.
In the Register Organizational Unit Certifier dialog box, click Registration Server and choose the Domino server, for example, ServerA/Org.
Optional: Click Certifier ID to change which certifier ID to use to register the new certifier ID.
In the Organizational Unit field, type the name for the organizational unit. For example, if the users are under Sales/Acme, type Sales.
In the Certifier Password field, type a password for the new certifier.
Click Set ID File and specify the file name and local path name for the new organizational unit certifier ID file.
Note: For security reasons, back up doladmin.nsf and delete the ID file from your system directory after this ID is attached to an Offline Security Policy document.
Optional: Complete the additional fields in the Register Organizational Unit Certifier dialog box. Click ? for information on these fields.
Click Register to create the organizational unit certifier ID file locally and to register the new certifier in the Domino Directory of the Domino server.

Creating a /QP organizational unit certifier for local members

For local offline members, use the Lotus Domino server's certifier to create the organizational unit certifier /QP. For example, if the Domino server's certifier is the organization certifier /Org, use the /Org certifier to create the organizational unit certifier /QP/Org. Or if the Domino server's certifier is /West/Org, use the /West/Org certifier to create the organizational unit certifier /QP/West/Org.

To create the /QP organizational unit certifier:

Make sure the Domino certifier ID is stored locally on the machine on which you run the Domino Administrator. By default, the Domino server ID is cert.id.
From the Domino Administrator, select the Domino server, for example, ServerA/Org.
Click Configuration.
Click Registration > Organizational Unit.
Click Server and select the Domino server.
Click Certifier ID, select the Domino server certifier ID, then click OK.
Type the password for the certifier ID and click OK. The administrator who set up the Domino server created this password.
If you see the message The certifier ID you have chosen does not contain recovery information, read the message and click OK.
In the Register Organizational Unit Certifier dialog box, click Registration Server and choose the Domino server, for example, ServerA/Org.
In the Organizational Unit field, type QP.
In the Certifier Password field, type a password for the new certifier.
Optional: Click Set ID File to specify the file name and local path name in which to store the /QP organizational unit certifier ID file.
Note: For security reasons, back up doladmin.nsf and delete the ID file from your system directory after this ID is attached to an Offline Security Policy document.
Optional: Complete the additional fields in the Register Organizational Unit Certifier dialog box. Click ? for information on these fields.
Click Register at the bottom of the dialog box to create the /QP oganizational unit certifier ID file locally and to register the organizational unit in the Domino Directory on the Domino server.

Creating an Offline Security Policy document

Create an Offline Security Policy document for each certifier you created for offline users. Offline Security Policy documents are stored in the doladmin.nsf database on the Lotus Domino server.

Perform the following steps:

From the Domino Administrator, select your server, for example, ServerA/Org.
Click Configuration.
In the left pane, click Offline Services, and then click Security.
Click New Security Policy.
In the Security domain field, type the hierarchical name of an organization or organizational unit certifier you created for offline users. Remember to type the leading forward slash (/). The following names are examples of certifier names:
- /Acme
- /Sales/Acme
- /QP/Org
Note: Specify a country code if the certifier uses one, for example, /Sales/Acme/US.

In the ID deployment policy field, click one of the following options:

Table 28. ID deployment policy options
Option	Description
Prompt for ID during download	Before offline installation, users are asked to specify where on their computers their user IDs are stored. The administrator must provide the IDs to the users. This is the default ID deployment policy. This option is recommended for and applies only to offline users who are IBM Lotus Notes users registered with Notes IDs in the primary Domino Directory of the Domino server (names.nsf).
Automatically generate user IDs	Before offline installation, a certifier ID is generated for users automatically. If you select this option, the Automatic tab is displayed. Click this tab and attach the certifier ID to be generated, set the password, and set the ID expiration date. You must select this option if offline users are not registered in the primary Domino Directory of the Domino server. For example, you must select this option if offline users are registered in a remote LDAP directory.

Optional: Click Overwrite existing user IDs to cause users' offline IDs to be overwritten with a new ID each time they install a place offline.
Note: Do not select this option if offline encryption is used. Users whose IDs are overwritten will not be able to open an offline place encrypted with a key from the previous ID.
Save the document.

For security reasons, after you have created all the Offline Security Policy documents that you require, back up the doladmin.nsf database and then delete any of the new certifier ID files from your system directory.

Translating LDAP distinguished names for offline use

Domino recognizes only distinguished names that contain the traditional Domino "CN,"OU," "O," and (optionally) "C" components. If the distinguished names of external members in an LDAP directory do not follow this model and you use Domino Off-Line Services with IBM Lotus Quickr, you must use qpconfig.xml settings to translate users' names into a format that Domino recognizes, and then translate those names back into their original LDAP format.

For example, the distinguished name "CN=James Moore, OU=East, O=Acme, C=US" does not require translation, but the name UID=James Moore/C=US/OU=East/O=acme.com does.

How to configure translation

To translate distinguished names, you use the name_translation element in the offline element of the qpconfig.xml file to create name translation rules. Translation rules typically contain text strings with symbols that are used to match text patterns. Translation rules are specified in the <translate> element. The following example of translation rules in the qpconfig.xml file translate distinguished names that follow this pattern "uid=value/c=value/ou=bluepages/o=ibm.com" into the Domino-style name "CN=value/OU=bluepages_value/O=ibm_com." The two <translate> elements contain the rules. The "from" and "to" attributes within the <translate> elements contain regular expressions, for example, "uid=(.+)/c=(.+)/ou=bluepages/o=ibm\.com." The regular expressions contain symbols, for example, (.+) and \:

<server_settings>
   <offline enabled="true">
      <name_translation enabled="true">
         <from_directory_name>
            <translate from="uid=(.+)/c=(.+)/ou=bluepages/o=ibm\.com" to="CN=\1/OU=bluepages_\2/O=ibm_com" />
         </from_directory_name>
         <to_directory_name>
            <translate from="CN=(.+)/OU=bluepages_(.+)/O=ibm_com" to="uid=\1/c=\2/ou=bluepages/o=ibm.com" />
         </to_directory_name>
      </name_translation>
   </offline>
</server_settings>

You create rules for translating LDAP names to Domino names within the <from_directory_name> elment. You specify each LDAP name attribute in the "from" attribute, using symbols to account for any possible value the attribute might have. For example, the (.+) symbol means "one or more occurrences of any character." In the preceding sample, this accounts for any value the "uid" and "c" attributes might have. You also use symbols to translate syntax that otherwise might be interpreted as a special character. For example, the \ symbol turns off the special meaning of the character which follows. Without this symbol in "o=ibm\.com," the dot (".") would be interpreted by its special character meaning, which is "match any single character."

The "to" attribute specifies Domino attributes using symbols to match values from the LDAP attributes and to arrange them in a way Domino recognizes. For example, the symbol \1 means "whatever matched the first regular expression." So, the CN attribute's value will match the first regular expression (.+) found in the "from" attribute. In the same way, the symbol \2 means "whatever matched the second regular expression." So, the OU value will be the explicitly stated "bluepages_" plus the second regular expression (.+), which in this case is the value of the country, or "c", attribute. The O attribute is explicitly stated. You can have up to nine regular expressions in one rule.

You create rules for translating Domino names back to LDAP names within the <to_directory_name> element using the same method.

The preceding translation rules result in the following example translations:

Table 29. Example translations
LDAP directory name	Domino name
uid=Joe User/c=us/ou=bluepages/o=ibm.com	CN=Joe User/OU=bluepages_us/O=ibm_com
uid=Nils Nilsen/c=dk/ou=bluepages/o=ibm.com	CN= Nils Nilsen/OU=bluepages_dk/O=ibm_com

Notice that the regular expressions accommodate the country, or "c," code. There is no need to have a separate translation rule for each country code because they can be captured by a (.+) expression, and then inserted anywhere in the translated name with a \[number] expression.

Note: The LDAP names specified in from_directory_name and to_directory_name must exactly match the case that is used for the names in the LDAP directory. The attributes of the Domino-style names specified in from_directory_name and to_directory_name (CN, OU, O, or O) must be uppercase.

Table of expressions

There are many symbols that can be used in regular expressions, but only a few are useful for the purpose of translating a non-conforming LDAP name to a Domino name. The following table lists of these symbols, with examples that show how they match a particular LDAP name. All of the examples shown here will match the LDAP distinguished name "uid=Joe User/c=us/ou=People1/o=org.com." The symbols described are in bold text in the examples:

Table 30. Table of expressions
Symbol	Description	Example
(.+)	Represents one or more occurrences of any character.	uid=(.+)/c=(.+)/ou=bluepages/o=ibm\.com
\1, \2, \3, etc.	\1 represents a match with the first regular expression; \2 represents a match with the second regular expression, and so on. Up to 9 regular expressions may be used in one rule.	CN=\1/OU=bluepages_\2/O=ibm_com
\c	Turns off the meaning of any special character 'c'.	uid=Joe User/c=us/ou=People1/o=org\.com
.	Matches any single character.	uid=Joe User/c=us/ou=People./o=org
[...]	Matches any of the enclosed characters.	uid=Joe User/c=us/ou=People[123456789]/o=org
[^...]	Matches any character that is not enclosed.	uid=Joe User/c=us/ou=People[^2-9]/o=org
n-n	Matches any character in this range.	uid=Joe User/c=us/ou=People[0-9]/o=org[._]com
*	Matches any number (zero or more) of the preceding character or bracketed expression.	uid=Joe U.*/c=us/ou=People1/o=org\.com
+	Matches one or more of the preceding character or bracketed expression.	uid=Joe [A-Za-z]+/c=us/ou=People1/o=org\.com
(regexp)	Delineates a regular expression so that it can be used in the replacement string (the "to" string in <translate>).	uid=Joe User/c=(.+)/ou=People1/o=org\.com

Example of translating names that contain the dc attribute

If the distinguished names of external members in an LDAP directory do not follow the traditional Domino model and you use Domino Off-Line Services with IBM Lotus Quickr, you must use qpconfig.xml settings to translate users' names into a format that Domino recognizes, and then translate those names back into their original LDAP format.

The following settings provide an example of translating names that appear in the LDAP user directory as cn=name,ou=People1,dc=acme,dc=com.

<server_settings>
   <offline enabled="true">
      <name_translation enabled="true">
         <from_directory_name>
            <translate from="cn=(.+)/ou=People1/dc=acme/dc=com" to="CN=\1/OU=People1/O=acme_com" />
         </from_directory_name>
         <to_directory_name>
            <translate from="CN=(.+)/OU=People1/O=acme_com" to="cn=\1/ou=People1/dc=acme/dc=com" />
         </to_directory_name>
      </name_translation>
   </offline>
</server_settings>

Configuring offline use for specific environments

Specific configuration steps are required if you use IBM Network Dispatcher, Sun Java System Portal Server, or CA SiteMinder in your IBM Lotus Quickr environment.

Configuring offline use in an environment that uses IBM Network Dispatcher

If you use IBM Network Dispatcher to distribute HTTP requests to clustered IBM Lotus Quickr servers, use the notes.ini setting $DOLS_TCPIPAddress to enable users to take places offline from any server in the cluster.

Add the following setting to the notes.ini file on each server in the cluster:

$DOLS_TCPIPAddress=hostname

where hostname is the fully-qualified host name or IP address of one Lotus Quickr server in the cluster.

For example, if the servers in a cluster are blue.enterprise.com, green.enterprise.com, and red.enterprise.com, and the network dispatcher is colors.enterprise.com, you could add the following setting to the notes.ini file on blue.enterprise.com, green.enterprise.com, and red.enterprise.com:

$DOLS_TCPIPAddress=blue.enterprise.com

Configuring offline use in an environment that uses Sun Java System Portal Server

If you use Sun Java System Portal Server with IBM Lotus Quickr as a reverse proxy, use the notes.ini setting NoWebFileSystemACLS to prevent users from having to re-authenticate after installing places offline.

Add the following setting to the notes.ini file of a Lotus Quickr server:

NoWebFileSystemACLS=1

Configuring offline use in an environment that uses CA SiteMinder

If your environment uses CA SiteMinder for authentication, you must list the Domino Server API (DSAPI) filter for Domino Off-Line Services before the CA SiteMinder filter in the list of DSAPI filters in the server's Server document in the Domino Directory.

Note: CA SiteMinder is supported only on IBM Lotus Quickr servers that run on Microsoft Windows.

Perform the following steps:

Open the Server document in the Domino Directory on the IBM Lotus Quickr server.
Click the Internet Protocols - HTTP tab.
Make sure the following filter is the first listed in the DSAPI filter file names field in the DSAPI section, and that the path to the CA SiteMinder WebAgent filter is listed on a separate line below it. For example:
```
ndolextn
C:\Program Files\CA\SiteMinder Web 
Agent\Bin\DOMINOWebAgent.dll
```
If you make a change to the field, restart the server by entering the following command:
```
restart server
```

Using a passthru server for offline use

If you want users to connect to a IBM Lotus Quickr server through an intermediary passthru server when installing places offline, use the Site Administration link to specify the name of the passthru server.

Perform the following steps:

Log in to the server as an administrator.
Click Site Administration.
Click Other Options.
Click Edit Options.
Below Domino Offline Passthru Server, type the canonical name (for example, Passthru/Acme) and the fully-qualified host name (for example, passthru.acme.com) of the passthru server.
Click Next.

Performing optional offline configuration tasks

Optionally you can use an alternate Web server for offline software installation, enable offline place encryption, enable IBM Lotus Quickr sign in passwords for offline use, or hide the work offline link.

Using an alternate Web server for offline downloads

You can copy the Domino Off-Line Services client software to a directory on an alternate Web server, and then use the Site Administration link on the IBM Lotus Quickr server to specify a URL that points to that directory. Then the client software is installed from the alternate server.

When users take their first place offline, the Domino Off-Line Services client software is installed on their machines so that they can manage their offline places. Because the software files are relatively large, place performance can be affected when users install their first places offline. To avoid this situation, you can use an alternate Web server for downloads of the Domino Off-Line Services client software.

Perform the following steps:

Copy the contents of the <server_data_directory>\domino\html\download\filesets directory to any directory used for downloads on the Web server.
Log in to the Lotus Quickr server as an administrator.
Click Site Administration.
Click Other Options.
Click Edit Options.
Below Alternate Offline Download URL, type an alternate URL that points to the directory with the copied offline files, for example:
```
http://web.acme.com/download/filesets
```
Click Next.

Using Lotus Quickr login passwords for offline use

Use the qpconfig.xml file to enable users to use their IBM Lotus Quickr login passwords when they log in to any offline places so they do not have to remember a separate password for each offline place.

By default, offline users must specify an offline password in the Member Profile for each offline place of which they are a member. Use the use_login_passwords setting and the password_synchronization setting in the offline section of the qpconfig.xml file to enable offline users to use their Lotus Quickr login passwords when they log in to any offline place. This feature is supported for both external and local members. These settings apply to all places on the server, although users still can specify place-specific offline passwords through their Member Profiles. If you do not enable this setting server-wide through the qpconfig.xml file, managers of places can enable the feature for places they manage through the Customize > Basics page.

Note: If any of a user's places is encrypted offline, the user's password for all offline places must be the same. This applies to external as well as local users.

Perform the following steps:

Open the qpconfig.xml file in the domino_data_root directory, or create the file if it does not exist already.
In the offline section, type "true" for the use_login_passwords attribute.
In the password_sychronization section, type "true" for the enabled attribute.
Save the qpconfig.xml file.
Enter the following server console command:
```
restart task http
```

The following example shows the qpconfig.xml file when this feature is enabled:

<offline enabled="true" use_login_passwords="true">
<password_synchronization enabled="true">
....
....
</password_synchronization>
</offline>

Hiding the Work Offline link from users

At times you might want to hide the Work Offline link to prevent users from installing places offline, for example, during server maintenance.

Perform the following steps:

Open the qpconfig.xml file in the domino_data_root directory, or create the file if it does not exist already.
In the offline section, type "false" for the offline enabled attribute.
Save the qpconfig.xml file.
Enter the following server console command to restart the server:
```
restart task http
```

Configuring the My Places feature

The My Places feature enables external place members to see a list of links to all the places they belong to, and users with super-user server access to see links to all places on the server. Super users and place managers use My Places to see place statistics and administer places using qptool commands. You can customize the My Places feature.

Enabling DBCS members to use My Places

Perform the following steps to modify the notes.ini file and to re-index the views in the Place Catalog:

Open the notes.ini file in the domino_server_root directory with a text editor.
Add the following line to the file:
```
Country_Language=xx[-xx]
```
where xx is one of the codes in the following table:
Table 31. Country_Language setting codes
CollationName

Code

Japanese

ja

Korean

ko

Simplified Chinese

zh-cn

Traditional Chinese

zh-tw
Make sure to leave a blank line at the end of the file. Press Enter, if necessary, to create one.
Close and save the file.
Enter the following command at the server console to restart the server so your changes takes effect:
```
restart server
```
Perform the following steps to re-index the Place Catalog on the server:
1. From IBM Lotus Notes, choose File > Database > Open.
2. Select the IBM Lotus Quickr server in the Server field, and then type placecatalog.nsf in the Filename field.
  Note: The Open Database window does not display the Place Catalog database by default.
Click File > Database > Properties.
Click the second tab from the right, and then click Update Index.

Table 31. Country_Language setting codes
CollationName	Code
Japanese	ja
Korean	ko
Simplified Chinese	zh-cn
Traditional Chinese	zh-tw

Opening places in a new browser window

Places opened through My Places open in the current browser window, by default. Use the qpconfig.xml file to open places accessed through My Places in a new browser window, instead.

Perform the following steps:

Open the qpconfig.xml file in the domino_data_root directory, or create the file if it does not exist already.

Specify the following settings in the file:

<my_places>
   <place_links open_new_window="true"/>
</my_places>

Save the modified file.
Enter the following command at the server console to restart the HTTP task:
```
restart task http 
```

Using a custom application for My Places

Use the qpconfig.xml file to specify a URL to call a custom portal application for displaying My Places.

Perform the following steps:

Open the qpconfig.xml file in the domino_data_root directory, or create the file if it does not exist already.

Specify the following settings in the file:

<my_places>
   <place_ui enabled="true">
      <url>URL</url>
   </place_ui>
</my_places>

where URL is the URL for the application, for example:

https://portal.abc.com/myplaces

Save the modified file.
Enter the following command at the server console to restart the HTTP task:
```
restart task http 
```

Specifying rules for a reverse proxy configuration

If a reverse proxy mediates connections to IBM Lotus Quickr, specify proxy rules for Lotus Quickr.

Specify the following rules:

Proxy /qphtml/*             <protocol>://<servername>/qphtml/*
Proxy /<label>/*       <protocol>://<servername>/*
Proxy /<quickrroot>/*  <protocol>://<servername>/<quickrroot>/*

where:

<protocol> is http or https

<servername> is the fully-qualified host name of a load balancing server or a Lotus Quickr server

<quickrroot> is the Lotus Quickr URL root. This value is lotusquickr unless you have upgraded from Lotus QuickPlace and did not change the URL root, in which case the value is quickplace.

In addition, perform the following steps:

1. In the qpconfig.xml file add the following:

<cluster>  <master virtual="true" ssl="false">  <port>80</port>  <hostname>proxy.ibm.com/qp1</hostname>  <path_prefix></path_prefix>  </master>  </cluster>

In the ibmproxy.conf file add the following:

Proxy /qp1/* http://qpserver.ibm.com/* :80  Proxy /qp1:80/* http://qpserver.ibm.com/* :80   ReversePass http://qpserver.ibm.com/* http://proxy.ibm,com/qp1/*  ReversePass http://qpserver.ibm.com/QuickPlace* http://proxy.ibm,com/qp1/QuickPlace*

Replace proxy.ibm.com with the Fully Qualified Domain Name (FQDN) of your Edge Proxy server.
Replace qpserver.ibm.com with FQDN of the Quickr server.
Replace qp1 with the actual junction name.

If it is necessary for the My Lotus Team WorkPlace Portlet to contact Quickr through the Edge server, the administrator can configure the portlet and modify the QuickPlaceHostName parameter to be proxy.ibm.com/qp1.

For example:

Proxy /qphtml/*                        https://qk.acme.com/qphtml/*
Proxy /quickr_services_for_LD/*        https://qk.acme.com/*
Proxy /lotusquickr/*                   https://qk.acme.com/lotusquickr/*

Customizing Web page cache settings

Web page caching greatly improves the response time of the IBM Lotus Quickr server. Use the notes.ini file to customize Web page cache settings.

Without a cached copy of a Web page, the HTTP server must access the database upon every HTTP request, which results in a slower response time for the Lotus Quickr server. If a Web page is cached, the server only has to pick up the page from the database one time, and then create a user-specific, cached copy of the page at that time. Upon subsequent requests for the page, the server retrieves and provides the cached copy, as long as it is still valid. If the server is brought down, the existing cache is maintained after the server is brought back up.

Certain actions cause the cache for a page to become invalid. Once a cached paged is invalid, the next time the page is accessed it is re-cached. Following are some examples of how the entire cache or specific pages within the cache can become invalid:

A change to the server configuration made through the Site Administration link, for example a change to the default maximum attachment size allowed, invalidates all places on the server (the entire cache).
If the Place Catalog is enabled, a change in the Place Catalog database invalidates the entire cache.
A change in qpconfig.xml invalidates the entire cache.
A change to place membership -- a member is added, modified, or deleted -- invalidates the cache for all databases associated with that place -- main.nsf and all the inner rooms. A change to inner room membership invalidates the cache for that particular room and its child rooms.
A change in rooms -- a room is created or deleted -- invalidates the cache for all databases associated with that place.
A page published in the Main room (main.nsf) invalidates the cache for all databases associated with that place.
A page published in a parent room invalidates the cache for the parent room and the child rooms below it.
A page published in a child room invalidates the cache for the child room and for any rooms below it. The cache for the parent room pages remain valid.
A customization to a parent room, for example a theme change or a custom form, invalidates the cache for the parent room and the child rooms below it.

Perform the following steps to adjust Web page cache settings:

Open the notes.ini file in the domino_server_root directory with a text editor.
Specify any settings described in Table 32.
Make sure to leave a blank line at the end of the file. Press Enter, if necessary, to create one.
Close and save the file.
Enter the following command at the server console to restart the server so your changes takes effect:
```
restart server
```

Table 32. Web page cache settings in the notes.ini file
Setting	Description
QuickPlaceWebCacheEnabled=`value`	Enables or disables Web page caching. When set to 1 or omitted, enables Web page caching. When set to 0, disables Web page caching.
QuickPlaceWebCacheDir= `path`	Specifies the full path to the cache directory on the server. If omitted, the default path is `domino_data_root/domino/lotusquickr/cache`.
QuickPlaceWebCacheLimitInMB=size	Specifies a maximum size, in MB, for the cache. If omitted, or if a negative value is specified, the maximum size is 50 MB.
QuickPlaceWebCacheGCIntervalInMIN=interval	Specifies the time interval, in minutes, for cache cleaning. If omitted, or if a negative value is specified, then the interval is 60 minutes.
QuickPlaceWebCacheUsers=anonymous	Enables caching for anonymous users only. If omitted, and by default, caching is enabled for all users.
QuickPlaceWebCacheLogging=level	Specifies the level (1, 2, 3), for cache logging. Level 1 is the least detailed and 3 is the most detailed. Logging is written to `domino_data_root/log.nsf`.

Configuring cross-place searching

Configure cross-place searching to enable external place members to use the advanced search feature to search multiple places.

A manager of a place enables or disables advanced search within a place. IBM Lotus Quickr provides two types of advanced search features, one of which enables users to search across multiple places. Cross-place searching requires you to configure Domino Domain Search and a Domain Catalog server, a server that has a Domain Catalog and that builds a domain index. The Lotus Quickr server running on the Domain Catalog server handles all cross-place search requests.

For more information on advanced search and cross-place searching, see the Help. For more information on Domino Domain Search, see Domino Administrator Help.

Note the following points about cross-placing searching:

Cross-place searching respects all access permissions on content, and so users must retain a single identity to be able to search across places. To search across places, authenticated users must be registered in a user directory. Local users can search only within a place.
If room access is controlled by a local group, even if the user has access through the local group, cross-place searches won't be able to find the document from the room. Restrict room access using groups from an external user directory.
If you use more than two Lotus Quickr servers, including the Domain Catalog server, you must configure multi-server session-based authentication (single sign-on).
To remove places when cross-place searching is in use, use qptool remove , which marks the places for deletion, rather than the qptool remove -now, which deletes them immediately. This way, the nightly qptool remove -cleanup command deletes the places after information in the search index is cleared.
If you use cross-place searching on a server that is set up for Lotus Domino Off-Line Services, and the server's LDAP directory is not a Lotus Domino directory or is a Lotus Domino directory in a different domain than the Domain Catalog server, use the notes.ini setting QuickPlaceExtensionManagerAllowServers=1 on the offline server. This setting gives the Domain Catalog server access to the Lotus Quickr server's databases. If you don't use this setting, database authorization failures occur during Domain Catalog indexing.

To configure cross-place searching, perform the following steps:

Perform the following steps to configure Domain Search:
1. From IBM Lotus Notes, open the Domino Directory (names.nsf) for the domain.
2. Open the Server document of the Domino server that will index the Domain Catalog.
3. Click Server Tasks > Domain Catalog, and in the Domain Catalog field select Enabled.
  Note: This step starts the Catalog task and creates the Domain Catalog. The Catalog task keeps the Database Catalog current. You should run the task on a schedule, for example, by including the task name in the ServerTasksAt1 notes.ini setting.
4. For optimum performance, repeat step 2b and step 2c on the other servers in the domain, so that each server creates and manages its portion of the Domain Catalog. That way, the Domain Catalog server can simply copy the entries from each server to its Domain Catalog database.
5. Wait for the Catalog task to stop on the Domain Catalog server.
6. In the Server document of the Domain Catalog server, click Server Tasks > Domain Indexer, and in the Schedule field, click Enabled to enable the Domain Indexer task. Specify a schedule for running the Domain Indexer.
Perform the following steps on each Lotus Quickr server to configure the qpconfig.xml file:
1. Open the qpconfig.xml file in domino_data_root or create the file if it does not exist already.
2. Specify the following settings, providing values suitable for your environment, and then save the modified file:
```
<search_places enabled="true" anonymous="true">
   <domain_catalog_server ssl="false">
      <port>80</port>
      <domino_server_name>qkdcs/acme</domino_server_name>
      <path_prefix></path_prefix>
      <hostname>qkdcs.acme.com</hostname>
   </domain_catalog_server>
</search_places>
```
  Table 33 describes the settings.
  Note: Settings marked with an asterik (*) should be specified on every Lotus Quickr server except the Domain Catalog server. Do not use them on the Domain Catalog server.
3. Enter the following command at the server console to restart the HTTP task:
```
restart task http 
```

Table 33. qpconfig.xml settings for cross-place searching
Setting	Description
enabled	When set to "true" enables cross-place searches. When set to "false," prevents cross-place searching.
anonymous	When set to "true" allows anonymous users to search across places. When set to "false" returns an error when anonymous users issue cross-place searches. If you allow anonymous users to search across places, and the manager of a particular place does not want to expose the contents of the place to anonymous users through cross-place searching, the manager should make sure that anonymous access to the place is disabled, and limit the place membership to specified users and groups in the directory. If you allow anonymous access, make sure that anonymous users have the same access as the -Default- access in the ACL for CATALOG.NSF on the Domain Catalog server.
SSL*	When set to "true" defines that SSL generates the URL for the domain catalog server (HTTPS). When set to "false" defines that HTTP generates the URL.
port*	Defines the port used in the URL for the Domain Catalog server.
path_prefix*	Defines a path prefix for the URL for the Domain Catalog server.
hostname*	Specifies the hostname of the Domain Catalog server.
domino_server_name*	Specifies the Domino server name of the Domain Catalog server for example, ServerCatalog/Acme. Before removing places from this server, the server does a lookup to the Domain Catalog server to verify if the search index is cleared.

Prohibiting room creation

By default, place managers and owners can create rooms in their places. As an Administrator, you can prohibit these users from creating rooms by configuring appropriate settings in the qpconfig.xml file.

Perform the following steps:

Locate the qpconfig.xml file in the domino_data_root directory, or create the file if it does not exist already. If the qpconfig.xml file does not exist, make a copy of the qpconfig_sample.xml file in the domino_data_directory and name the copy qpconfig.xml.
Make sure there is a <rooms> section in the file. If there is no <rooms> section, copy that section from the qpconfig_sample.xml file.
In the <create> child-element, type false for the enabled attribute.
Save the qpconfig.xml file.
Enter the following command at the server console to restart the HTTP task on the server.
```
restart task http 
```

The following example shows the qpconfig.xml file when the room creation is prohibited:

<rooms>
	<create enabled = "false">
	</create>
</rooms>

Enabling uploads of 10 MB or larger files

To enable uploading of files to the server that are larger than 10 MB, you should check specific settings for the Lotus Quickr/Domino server and increase them as necessary.

Perform the following steps:

Check the Maximum Attachment size setting by using Site Administration > Other Options and, if necessary, increase this setting to the desired size.
Perform the following steps from IBM Lotus Notes:
1. Open the Domino Directory (names.nsf) of the Lotus Domino server where Quickr is installed.
2. Click Configuration > Servers > All Server Documents, and open the server's Server document in edit mode.
3. Click Internet Protocols > Domino Web Engine.
4. In the Post Data section, set the Maximum Post Data size to the desired size. The default size is 10000 KB (10 MB).
5. Click Internet Protocols > HTTP.
6. In the HTTP Protocol Limits section, set Maximum size of request content to the desired size. The default size is 10000 KB. Specify 0 to allow uploads unlimited in size.
7. Save and close the document.
Note: These changes will also affect the size allowed when files are uploaded using a web browser.

Administering services for Lotus Domino

Administer a server, manage places and PlaceTypes, maintain the server, and use PlaceBots to automate tasks.

Starting and stopping Lotus Quickr

You start IBM Lotus Quickr by starting the IBM Lotus Domino server on which it is installed.

Follow these steps to start or stop your server.

Starting Lotus Quickr on Windows

To start IBM Lotus Domino and IBM Lotus Quickr on Microsoft Windows, double click the Lotus Domino Server icon on the Desktop.

If your Lotus Domino deployment runs Lotus Domino as a Windows service that is started automatically when Windows is started, you can skip this step. If clicking on the desktop icon results in a "partition already in use" error, it means that Lotus Domino (and, therefore) Lotus Quickr are running already.

Starting Lotus Quickr on AIX or Linux

Start IBM Lotus Quickr by entering a command at the command prompt.

Perform the following steps:

Log in as the Lotus Domino UNIX user who owns the Lotus Domino Data Directories. This is the UNIX user name that was specified when Domino was installed.
Navigate to the Domino data directory.
Enter one of the following commands:
- To run the server console in the background enter:
```
<Domino program directory>/bin/server &
```
- To run the server console in the foreground enter:
```
<Domino program directory>/bin/server
```

For example, if you used the default Domino program directory and want to run the server console in the background, enter:

/opt/ibm/lotus/bin/server &

Starting Lotus Quickr on IBM i

Enter a command at the command line to start IBM Lotus Quickr.You must have *JOBCTL special authority to perform this task.

Tip: You can also perform this task using IBM i Navigator. For more information, see Domino 8.5 for i: Getting Started.

Perform the following steps:

On any IBM i command line, type the following command and press Enter:
```
wrkdomsvr
```
On the Work with Domino Servers display, type 1 in the Opt column next to the Lotus Quickr server you wish to start and press Enter.
If the server is password protected, type 8 next to the Lotus Quickr server to work with the console, and press Enter.
Enter the password at the appropriate prompt.
Press F3 to exit the console.
Tip: You can also start the server by entering STRDOMSVR SERVER(servername) where servername is the name of the Lotus Quickr server.
Starting the server may take a few minutes. You can verify that the HTTP task and the Lotus Quickr services have started by displaying the console, which is option 5 from the Work with Domino Servers display. Look for the following message:
```
HTTP Server: Lotus Quickr Services loaded successfully.
```
You can verify that the Lotus Quickr server has started by using a Web browser to access the server home page at the following URL: http://DominoServerName:port/lotusquickr
where DominoServerName is the fully qualified host name of the Lotus Domino server and port is the TCP/IP port number.

Note: Specifying a port number is only required if the port defined for Lotus Quickr is not the default port 80.

Stopping Lotus Quickr on Windows, Linux, or AIX

Use a server console command to stop the server.

Enter either of the following commands at the IBM Lotus Dominoserver console:

exit

quit

Stopping Lotus Quickr on IBM i

Enter a command at the command line to stop the server. You must have *JOBCTL special authority to perform this task.

Tip: You can also perform this task using IBM i Navigator. For more information, see Domino 8.5 for i: Getting Started.

Perform the following steps:

On any IBM i command line, type the following command and press Enter:
```
WRKDOMSVR
```
On the Work with Domino Servers display, type 6 in the Opt column next to the IBM Lotus Quickr server and press Enter.
Note: This will stop the server in a controlled state.
Press Enter to confirm your server selection.
Tip: You can also stop the server by entering the following command:

ENDDOMSVR SERVER(servername)

where servername is the name of the Lotus Quickr server.
Periodically press F5 to refresh your screen and wait for the server status to be *ENDED.
Note: Stopping the server may take a few minutes.

Understanding administration tools

To configure and administer the server, use qpconfig.xml file settings, qptool commands, the Site Administration link on the server home page, and notes.ini file settings specific to IBM Lotus Quickr. In addition to these, you may need to perform IBM Lotus Domino server configuration tasks, for example, to set up mail routing.

Using qptool

qptool is a server task that you run with commands and associated arguments to perform a variety of administration tasks related to managing places and place membership. You can run qptool from the IBM Lotus Quickr server console or from an operating system command prompt. Use qptool while the server is running.

The Place Catalog reflects changes that result from qptool commands. You can also run qptool from a batch file or other program.

Perform the following steps to run qptool from the server console:

load qptool [command] [arguments]

Perform the following steps to run qptool from the command prompt:

Navigate to the Domino program directory (the root installation directory). For example, navigate to C:\Program Files\Lotus\Domino.
Enter one of the following commands:
- On Microsoft Windows:
```
nqptool [command] [argument]
```
- On IBM AIX and SUSE Linux:
```
qptool [command] [argument]
```
- On IBM i:
```
qptool server [servername][command] [arguments]
```
  where [servername] is the name of the Lotus Quickr server.
Note:
To see a list of arguments for a command, enter the following qptool task:
```
load qptool [command] -?
```
For a list of qptool commands, refer to the qptools Reference Guide.

qptool commands

qptool is a server task that you run with commands and associated arguments to perform a variety of administration tasks related to managing places and place membership. The following table lists the available qptools and provides general description of its function. Use qptool while the server is running.

Table 34.
qptool command	Description
addgraphicfont	Add one or more Graphic Text fonts to the server.
addmember	Add a directory user to places.
archive	Archive (copy) specified places to a backup directory in the file system.
changehierarchy	Rename the hierarchy of all members.
changemember	Rename a member and/or transfer access permissions from one member to another.
deadmail	Cleanup Lotus Quickr dead mail.
execute	Execute an XML API file.
lock	Lock specified places.
membershipmodel	Convert membership model or move LDAP Lotus Quickr groups.
newsletter	Send personalized newsletters to subscribing members
password	Change the password of a local user.
placecatalog	Push statistics to the place catalog and update cluster statistics
refresh	Refresh places or PlaceTypes
register	Register places or this server with the Lotus Quickr service and make them ready for use.
remove	Remove or mark for removal specified places and placetypes.
removegraphicfont	Remove one or more Graphic Text fonts from the server.
removemember:	Remove a member from places.
repair	Detect and add orphaned rooms to the table of contents of the room. It also removes any room documents that do not point to room files.
replicamaker	Automate the creation and deletion of replication stubs for specified places or placetypes between two servers.
report	Generate a report from data stored in the place catalog.
sendmail	Send a broadcast e-mail message to the managers, or all members, of specified places.
setTheme	Set the theme of place or places.
unlock	Unlock specified places.
unregister	Unregister places or this server with the Lotus Quickr server, and make the names no longer reserved.
updatemember	Update directory user's member record with directory information.
upgrade	Upgrade places and PlaceTypes.

For example, to lock a place called place1 by running qptool from the server console, enter the following command:

load qptool lock -p place1

Using the Site Administration link

When you log in to the server as an IBM Lotus Quickr administrator, you have access to the Site Administration link on the home page. From there you can set up a connection to a user directory, control access to the server, as well as specify other configuration options.

Perform the following steps to use the Site Administration link.

Open a browser and enter the server's host name appended by /LotusQuickr. For example:
```
http://servername.enterprise.com/LotusQuickr
```
Click Login and type a Lotus Quickr server administrator user name and password, for example, the name and password of the local administrator created during installation.
Click Site Administration.
Click Security to control access to the server, for example, to control who can create places and who can use Site Administration to perform administration tasks.
Click User Directory to connect to a user directory to maximize the features that are available to you and to make user management easier.
Click Other Options to perform any of the following configuration tasks:
- Disable support for ActiveX file attachment and import features.
- Disable support for Java applet rich text features.
- Disable form agents (PlaceBots).
- Change the maximum allowed attachment size.
- Connect to IBM Lotus Sametime servers to enable Lotus Sametime features in places.
- Specify an offline passthru server or specify an alternate download location for installation of the offline client software.
- Configure an email URL prefix.
- Disable calendar subscriptions.

Enabling AdminP to work on the Lotus Quickr server

You can configure AdminP to make managing Rename and Delete activities in the user directory easier.

If you are using a Lotus Domino directory for Lotus Quickr authentication (either natively or via LDAP), then you can use the AdminP process to facilitate the renaming or deletion of a user across all your places.

Configure your Lotus Quickr server to support rename and deletion of users with the AdminP process.

Ensure that AdminP is listed as a task in the ServerTasks entry in the notes.ini of your Lotus Quickr server.
Add one of the following notes.ini settings depending on your operating system:
- Windows: extmgr_addins=nqpcmextmgr
- AIX: extmgr_addins=libqpcmextmgr_r.a
- Linux: extmgr_addins=libqpcmextmgr.so
Restart the Lotus Domino server.

From now on, whenever you rename or delete users from your Domino Directory using AdminP, the user renames and deletions will also be reflected in your Lotus Quickr places.

Refer to your Lotus Domino documentation for more help using the AdminP process.

Using the notes.ini file

Use the notes.ini file, automatically installed in the server program directory, to configure Web page cache settings, offline settings, temporary logging settings to aid in troubleshooting, and miscellaneous other settings.

For complete information about notes.ini settings, refer to the developerWorks notes.ini glossary. Perform the following steps to specify a setting in the notes.ini file:

Open the notes.ini file in the server program directory, for example, C:\Program Files\Lotus\Domino.
Add or modify the setting.
Make sure there is a blank line at the end of the file. If there is not a blank line, press Enter to add one.
Close and save the modified file.
Enter the following command at the server console to restart the server so the change takes effect:
```
restart server
```

notes.ini settings

Client logging settings

Use the following notes.ini settings on the IBM Lotus Quickr server to enable client logging.

To use a specific setting, add the following line to the notes.ini file:

Setting=level

The table shows the highest level of logging available for each setting. The higher the level of logging you specify, the more verbose the output. The default and lowest logging level, 0, logs only errors.

Logging setting	Levels	Description
$h_Debug	1	Enables the browser to display detailed messages about JavaScript errors that occur on the client, rather than the general Lotus Quickr message, "Unable to process your request at this time."
$h_ClientDebugConsole	5	Displays a console log on all clients that access the Lotus Quickr server. For Internet Explorer, the console log is an additional browser window, and for other browsers the console log is the JRE Java log console. Use this setting on a temporary basis to help IBM Support troubleshoot specific client-side problems.
h_ExceptionDetail=1	1	Adds the source code name and line number from which errors and warnings are generated to the error and warning messages that the server sends to the browser. Use this setting on a temporary basis to help IBM Support troubleshoot a problem.

Logging degrades performance, so enable it on a temporary basis only.

Attachment and file import logging

If you encounter attachment or file import problems from the client, you can enable upload control logging on the client to help troubleshoot the problem. Create an environment variable called QPCTRLLOG whose value is the path and filename of the log file to use. Whenever the browser engages the upload control, the upload control appends a log sequence to the log file. Do not leave logging enabled because the log file will continue to grow and can cause the client to run out of disk space.

For complete information about notes.ini settings, refer to the developerWorks notes.ini glossary.

Offline settings

The following table briefly describes notes.ini settings used to set up IBM Lotus Quickr for users to take places offline.

Table 35. offline notes.ini settings
Setting	Description
$DOLS_TCPIPAddress=1	Used to configure a cluster that uses the IBM Network Dispatcher to work with Domino Off-Line Services. A value of 0 (zero) disables this setting.
CheckCacheBeforeDSAPI=1	Enables authentication to work for offline users. A value of 0 (zero) disables this setting.
EXTMGR_ADDINS= dependent on operating system On Windows: ndolextn On AIX: libdolextn	Enables Domino Off-Line Services to work with Lotus Quickr
NoWebFileSystemACLS=1	If you use Sun Java System Portal Server with IBM Lotus Quickr as a reverse proxy, use this notes.ini setting to prevent users from having to re-authenticate after installing places offline. A value of 0 (zero) disables this setting.

For complete information about notes.ini settings, refer to the developerWorks notes.ini glossary.

Other settings

The following table lists miscellaneous notes.ini settings that pertain to Lotus Quickr for Domino.

Table 36. Miscellaneous notes.ini settings
Setting	Description
$h_MailDomain=mydomain.com	Specifies the domain of the server that hosts the place to which IBM Lotus Quickr routes replies to e-mail generated from places. Combined with the next setting "h_Undelivmail" defines the name used for Quickr place generated e-mails for newsletters.
h_UndelivMail=QuickrPlacename	Specifies the place to which Lotus Quickr routes replies to e-mail generated from places. Combined with the previous setting $h_MailDomain defines the name used for Quickr place generated e-mails for newsletters.

h_ScopeURLinQP=1	Enables image caching in environments that do not use single sign-on authentication. A value of 0 (zero) disables this setting.

NoWebFileSystemACLs	Prevents anonymous access to files in the html directory and is part of setting up single sign-on authentication. Also, if you use Sun Java System Portal Server with IBM Lotus Quickr as a reverse proxy, use this notes.ini setting to prevent users from having to re-authenticate after installing places offline. A value of 0 (zero) disables this setting.
PLATFORM_CSID=hhh where hhh is a hex number that represents the codepage ... 0CEE 1258 0CC8 1381 001B 1383 001B 1386	Required on UNIX servers to support names in a user directory that contain accented characters. For example: PLATFORM_CSID=CA5 would set Notes to use Code Page 256.
QuickPlaceExpireCachedUsers=<time interval in seconds>	Specifies the length of time user entries remain in the user cache.
QuickPlaceExtensionManagerAllowServers=1	Gives a Domain Catalog server the access to index the places on a Lotus Quickr server that uses the Search Places feature and Off-Line Services. A value of 0 (zero) disables this setting.
QuickPlaceMaxCachedUsers=<n>	Specifies the maximum number of users allowed in the user cache.
QuickPlaceNestedGroupLimit=<n>	Controls how deep LDAP queries are performed to return groups nested in other groups. For example QuickPlaceNestedGroupLimit=1 limits lookups to 1 nested group instead of the default 8.
QuickPlaceUpgradeServerOnStartup=1	Controls whether a server is upgraded on startup. A value of 0 (zero) disables this setting.
HTTPAllowDecodedUrlPercent=1	Ensures that an uploaded document or a page attachment whose name includes a special character can be previewed. A name that includes a special character has to be encoded, which introduces the percent sign (%) in the url. Special characters that need to be encoded can include but are not limited to: Dollar ("$") Ampersand ("&") Plus ("+") Comma (",") Forward slash/Virgule ("/") Colon (":") Semi-colon (";") Equals ("=") Question mark ("?") 'At' symbol ("@")
Windows: extmgr_addins=nqpcmextmgr AIX: extmgr_addins=libqpcmextmgr_r.a Linux: extmgr_addins=libqpcmextmgr.so	Enables AdminP task to work on the Quickr for Domino server. Needs to be added manually to the notes.ini file.

For complete information about notes.ini settings, refer to the developerWorks notes.ini glossary.

Server logging settings

You can use notes.ini settings to log a variety of IBM Lotus Quickr server activities. Output is logged to the server console and to the log file (log.nsf). Logging can be useful for troubleshooting problems. Since logging degrades server performance, enable it on a temporary basis only.

To enable a specific type of logging, add the following line to the notes.ini file on the IBM Lotus Quickr server:

setting=level

where setting is a logging setting listed in the following table and level is the desired level of logging.

For example:

QuickPlaceAuthenticationLogging=5

The following table describes the logging settings and the highest level of logging available for each. The higher the level of logging you specify, the more verbose the output. The default and lowest logging level, 0, logs only errors.

Table 37. notes.ini server logging settings
Logging setting	Levels	Description
QuickPlaceArchiveLogging	1	Archive tool logging.
QuickPlaceAuthenticationLogging	5	Authentication logging for authentication events, failures, successes, group expansion, and names list generation.
QuickPlaceCalendarSubscriptionLogging	2	Calendar event logging.
QuickPlaceCompressionLogging	1	Page compression logging.
QuickPlaceDbCommandPerformanceLogging	3	Server command performance logging.
QuickPlaceExtensionManagerIfLogging	2	Offline place installation logging.
QuickPlaceHTTPInterfaceLogging	2	Lotus Quickr and IBM Lotus Domino HTTP interaction logging. It is useful primarily as a first step toward isolating user authentication problems or problems related to the interaction between Lotus Quickr and Lotus Domino. Use with other logging settings, for example, QuickPlaceAuthenticationLogging, it provides a clearer picture of URL processing.
QuickPlaceJavaLogging	5	Java Debug logging.
QuickPlaceJavaServerLogging	3	Java Server logging.
QuickPlaceJniLogging	1	Java Native Interface (JNI) to C++ layer logging.
QuickPlaceJvmLogging	1	Java Virtual Machine logging.
QuickPlaceLargePOSTLogging	1	Large uploads logging.
QuickPlaceLockLogging	1	Place Lock tool logging.
QuickpPlaceLtpaLogging	1	LTPA logging when Lotus Domino controls directory services.
QuickPlaceMailLogging	4	Lotus Quickr e-mail process logging.
QuickPlaceMembershipModelLogging	2	Expanded membership logging.
QuickPlaceMyPlacesLogging	3	My Places logging.
QuickPlaceQOMLogging	4	Object model logging.
QuickPlaceObjectPoolLogging	2	ObjectPool Memory management for PlaceCatalog logging.
QuickPlacePerformanceLogging	1	Performance data collector logging.
QuickPlacePlaceCatalogLogging	4	Place Catalog logging.
QuickPlacePlaceCatalogQueryLogging	4	Queries into Place Catalog logging; use level 4 to include more details on My Places queries and qptool report command queries.
QuickPlacePlaceTypeCentralRefreshLogging	4	Place type refresh logging.
QuickPlaceSearchPlacesLogging	2	Search across places logging.
QuickPlaceSpellCheckEngineLogging	1	Spell checker engine logging.
QuickPlaceStyleSheetAttributeCmdLogging	2	Style sheet processing logging.
QuickPlaceStubMakerLogging	3	Stub creator logging for Lotus Quickr cluster support.
QuickPlaceToolLogging	1	qptool logging.
QuickPlaceUpgradeLogging	4	Upgrade logging (upgrade places).
QuickPlaceUserCacheLogging	1	User cache parameter logging.
QuickPlaceUserDirectoryLogging	1	User directory logging (applicable only when Lotus Quickr controls directory services) .
QuickPlaceWebCacheLogging	3	Web caching logging (caches pages sent to browser).
QuickPlacePlaceStatisticsLogging	4	Place statistics logging
QuickPlaceNSFLogging,	5	NSF database logging
QuickPlaceDocumentLogging	5	Document-level logging
QuickPlaceLDAPLogging	5	LDAP logging
QuickPlacePreviewLogging	1	Document preview generation logging

Web page cache settings

The following table describes notes.ini settings used to customize the Web page cache.

Table 38. Web page cache notes.ini settings
Setting	Description
QuickPlaceWebCacheDir==<pathname>	Sets the cache directory. where <pathname> is the full file path name of the directory. If this variable is omitted from your server's notes.ini, the server cache is automatically set to the default directory (<NOTESPROGRAM>\data\cache.
QuickPlaceWebCacheEnabled=1	Disables or enables the cache. A value of 0 (zero) disables this setting.
QuickPlaceWebCacheGCIntervalInMIN=<minutes>	Sets the time interval for cache cleaning
QuickPlaceWebCacheLimitInMB=<MB>	Sets the cache size limit. This variable sets the cache size limit in megabytes. If you enter a number of zero or less (or omit the variable from your notes.ini file), the cache size limit defaults to 50 MB.
QuickPlaceWebCacheLogging=<n>	Sets the cache logging level, which determines how detailed log messages will be. Acceptable values are 1, 2, or 3; where 1 is the least detailed and 3 is the most detailed.
QuickPlaceWebCacheUsers=<value>	Defines which users will be affected by caching. By default, server caching applies to all users when the cache is enabled. To set the cache for anonymous users only, enter QuickPlaceWebCacheUsers= Anonymous.

For complete information about notes.ini settings, refer to the developerWorks notes.ini glossary.

Managing place membership

Use qptool commands to manage place membership.

Adding external members to places

You can use the qptool addmember command to add a name from a user directory as a member of a place or places. When you use qptool addmember rather than the user interface, you can add a member to multiple places at once.

Keep the following points in mind:

When you use the command, you must use the -reader, -author, -editor, -manager, or -owner argument to specify the access the member has to the place's main room. Optionally, you can use the -allrooms argument to apply the member's main room access to all subrooms.
If you use the user interface to change an existing external member's access to the main room in a place, subrooms do not inherit the access change. To change an existing member's access to all rooms in a place, use the qptool removemember command to delete the member from the place, and then use qptool addmember -allrooms to add the member again with the new access.
You cannot use the command to add local members.
You cannot use the command to add members to the LotusQuickr/lotusquickr place used for server administration.

Enter the following command at the server console to add external members to places:

load qptool addmember arguments

where arguments are arguments described in

Table 39. Arguments for the qptool addmember command
Argument	Description
-?	Prints help on the command.
-dn name	Specifies the name of an external user or group to add as a member. If the name contains at least one space, include quotation marks (" ") around it. Specify the name exactly as it is defined in the directory, for example: "cn=Connor Jones,ou=Sales,o=Acme" Include any spaces in the name. Specify the character case (uppercase or lowercase) correctly. Note: The server does not look up the name in the user directory to verify the name you specify. Be sure the name you specify is valid.
-g	Indicates that a name specified for the -dn argument is the name of a group. You must use this argument to add an external group. If you use qptool addmember without the -g argument to add an external group as a member of a place, users who are members of the group can't access the place through the group membership, and the group may not show up in the user interface in some places.
-reader	Adds the specified name as a Reader of a place.
-author	Adds the specified name as an Author of a place.
-editor	Adds the specified name as an Editor of a place.
-manager	Adds the specified name as a Manager of a place.
-owner	Adds the specified name as an Owner of a place.
-allrooms	Applies the place access specified for the name to all rooms in a place. If you omit this argument, the name's specified access applies only to a place's main room.
-a	Adds the specified name as a member of all places on the server.
-p place(s)	Adds the specified name as a member of a specific place or space-separated list of places.
-i inputfilename	XML input file located in the server program directory that specifies the places in which to add an external member.
-o outputfilename	XML output file that logs the results of the command. By default the command logs results to qptool.addmember.xml in the server program directory.

Table 40 provides examples of the qptool addmember command.

Table 40. Examples of the qptool addmember command
Task	Command
Add the user cn=Connor Jones,ou=Sales,o=Acme as an author of all rooms in Place1	load qptool addmember -dn "cn=Connor Jones,ou=Sales,o=Acme" -author -allrooms -p Place1
Add the group cn=Salesgroup,o=Acme as a reader of the main room in all places	load qptool addmember -dn cn=Salesgroup,o=Acme -g -reader -a

Adding local members to places

Add a local member when you want to grant access to an individual who is not currenlty registered on an existing local database, or when you want a member of a group to have access to one or more rooms, without granting access to all the rooms of a place.

For example, suppose you have a place called Budgets within a larger place called Office, and the Employees group has access to Office. If you want bring in a consultant to have access to the Budgets room, you could create a local member for the place called Budgets and enter in the names of the conslutant that should have access to room Budgets, without granting the consultant access to the Office place.

To create a new user specifically for this place:

Click Members in the place's table of contents
Click Create Members
Decide what level of access the new member should have, and then click the appropriate tab
1. Reader
2. Author
3. Editor
4. Manager
5. Owner
Note: Readers only can view content but cannot post new content, authors can contribute and update their own content, and editors can add and update their own content as well as the content of other place members. In addition to Editor permissions, managers and owners can remove content added by any place members, customize the place, and control membership of all rooms.
Enter the person's name in Firstname Lastname format.
Supply a password and, optionally, an e-mail address.
(Optional) Supply an e-mail address.
Click OK to save your additions.

If you or another place manager registered the local member, you can edit all the membership information for that member, including the member's password.

Changing member names in places

Use the qptool changemember command to change the name of a local user member, external user member, or external group member in specified places. For example, if you have changed the name of an external user in the user directory, use qptool changemember to make the change in the places to which the user belongs.

The changemember command changes a single user or group name. If you need to change a large number of user or group names, see Renaming of users and groups.

The original name is referred to as the source name and the name to which you change, the target name.

Using qptool changemember, you can do the following tasks:

Change a user or group name to a new name -- for example, change the name of a user who recently married, so the user can continue to access a place using the new name. In this case, the target name is a new name.
Change the name of a user or group to the name of another existing user or group -- for example, change the name of a user who leaves the company to the name of a remaining user who assumes the original user's responsibilities. The access the target name has to places is the higher level of access between the source and target names. For example, if the source name is a manager of a place and the target name is a reader of the place, the target name becomes a manager of the place and has access to all pages previously accessible to the source and target names. The same access control principle applies to room access.
Change the name of a local user to the name of an external user in a user directory -- for example, to move from a pilot deployment that uses local users to a production deployment that uses a corporate directory.

You can make these combinations of name changes:

Local user name to local user name
Local user name to external user name
External user name to external user name
External group name to external group name

Note: If an external user accesses a place through membership in an external group, the user's name is not listed as a member in the place's Contacts1.nsf database, but is included in security fields within the place. For example, if the user creates a page, the user's name is listed in the page's h_Authors field. If the external user's name changes in the user directory, you use the changemember command to change the user's name in a place, so that the name is changed in these security fields and the user's access to the place continues.

You cannot make these combinations of name changes:

External user name to local user name
External group name to local user name
External group name to external user name
Local user name to external group name
External user name to external group name

Enter the following command at the server console to rename members in places:

load qptool changemember arguments

where arguments are described in Table 41.

Note: Specify names exactly, remembering to include any spaces and to use the exact character case. If a name contains spaces, put quotation marks (") around it.

Table 41. Arguments for the qptool changemember command
Argument	Description
-?	Prints help on the command.
-sourcedn name	Specifies the distinguished name of an external user or group member as it currently appears in places, for example, "cn=Connor Jones, ou=Sales,o=Acme."
-sourceu name	Specifies the current name of a local user member, for example, "Joe Smith."
-sourceg	Indicates that the specified source name is that of an external group.
-targetdn name	Specifies the new distinguished name of an external user or group member. for example: "cn=Representatives,ou=Sales,o=Acme" Note: IBM Lotus Quickr does not look up the target name in the user directory to verify it, so be sure that the name is valid.
-targetu name	Specifies the new name of a local user, for example, "Joe Smith."
-targetg	Indicates that the specified target name is that of an external group.
-p place(s)	Specifies a place or a space-separated list of places in which to rename the user or group.
-i inputfilename	XML input file located in the server program directory that specifies the places in which to rename the user or group.
-o outputfilename	XML output file that logs the results of the command. By default the command logs results to qptool.changemember.xml in the server program directory.

Table 42 provides examples of using the qptool changemember command.

Table 42. Examples of qptool changemember
Task	Command
Change the name of local user name to an external user name.	>load qptool changemember -p PlaceName -sourceu localuser -targetdn "CN=ExternalUser,O=[Organization]"
Change an external user name to an external user name.	>load qptool changemember -p PlaceName -sourcedn "CN=External User,O=[Organization]" -targetdn "CN=New External User,O=[Organization]"
Change an external group name in multiple places.	>load qptool changemember -p PlaceName1 PlaceName2 -sourceg -sourcedn "CN=External Group,O=[Organization]" -targetg -targetdn "CN=New External Group,O=[Organization]"

You also can rely on adminP to change member names if you have enabled it. Refer to Enabling AdminP to work on the Lotus Quickr server.

Renaming of users and groups

Use the qptool changemember command to rename users and groups from one value into another and to perform batch renames of large numbers of users and groups. The name values are generally entered as command line arguments.

This feature can be leveraged for directory switch operations within IBM Lotus Quickr. It would require custom development to generate the formatted XML files and map the names from the original directory to the new directory. You should test this method on a test place and backup the places first. Customization is not supported and may not work in a later or previous version.

The changemember command differs from the changehierarchy command in that the whole name can be changed and not just the hierarchical component (for example, OU=NA/O=IBM).

To rename users and groups enter the following command at the server console:

load qptool changemember -p PlaceName -sourcedn "CN=External User,O=IBM" -targetdn "CN=New External User,O=IBM"

This command renames the user in a place called PlaceName from CN=External User to CN=New External User.

To make a large number of changes, it would be much easier to batch-process all user/group name changes at a place level and execute them using the qptool execute command.

The command to batch-process name changes using an XML file would be as follows:

load qptool execute -i xmlfile.xml -o xmlfile_out.xml

You also can rely on adminP to rename users and groups if you have enabled it. Refer to Enabling AdminP to work on the Lotus Quickr server.

The following XML structure demonstrates a set of actions performed on a place called qp_innovation. In this example, several external users are renamed from one DN to another, a new user is added, and a user is removed. This example uses an XML file and the qptool execute command.

The xmlfile.xml file specified in the -i argument would contain the XML structure.
The results would be written into the file called xmlfile_out.xml as specified in the -o argument.

The actions to be executed are as follows:

Add user: CN=newuser,ou=users,dc=corp,dc=ibm,dc=com as reader
Remove user: CN=Old User,OU=NA,O=IBM
Rename user: CN=Corp User,OU=NA,O=IBM to CN=corpuser,ou=users,dc=corp,dc=ibm,dc=com
Rename user: CN=Corp A User,OU=NA,O=IBM to CN=corpauser,ou=users,dc=corp,dc=ibm,dc=com
Rename user: CN=Corp B User,OU=NA,O=IBM to CN=corpbuser,ou=users,dc=corp,dc=ibm,dc=com

<?xml version='1.0'?>
<service>
  <servers>
    <server local='true'>
      <places>
        <place>
          <name>qp_innovation</name>
          <members>
            <person action='add' id='newuser'>
              <dn>CN=newuser,ou=users,dc=corp,dc=ibm,dc=com</dn>
            </person>
            <person action='remove'>
              <dn>CN=Old User,OU=NA,O=IBM</dn>
            </person>
            <person action='rename'>
              <dn>CN=Corp User,OU=NA,O=IBM</dn>
              <new_dn person='true'>CN=corpuser,ou=users,dc=corp,dc=ibm,dc=com</new_dn>
            </person>
            <person action='rename'>
              <dn>CN=Corp A User,OU=NA,O=IBM</dn>
              <new_dn person='true'>CN=corpauser,ou=users,dc=corp,dc=ibm,dc=com</new_dn>
            </person>
            <person action='rename'>
              <dn>CN=Corp B User,OU=NA,O=IBM</dn>
              <new_dn person='true'>CN=corpbuser,ou=users,dc=corp,dc=ibm,dc=com</new_dn>
            </person>
          </members>

          <rooms>
            <room>
              <name>main.nsf</name>
             <access>
                <readers>
                  <member action='add'>
                    <link idref='newuser'/>
                  </member>
                </readers>
              </access>
            </room>
          </rooms>

        </place>
      </places>
    </server>
  </servers>
</service>

Changing the hierarchy of member names in places

You can use the qptool changehierarchy command to change the hierarchy of external user and group member names in places. For example, if your company name changes, and as a result you change the name hierarchy in the user directory, use qptool changehierarchy to change the names in places.

Or if you create a new group with a new hierarchy in your external directory to encompass what was previously two groups, you can change the names of the original group members in places to the name of the new group.

The changehierarchy command does not operate on local users.

Note: If an external user accesses a place through membership in an external group, the user's name is not listed as a member in the place's Contacts1.nsf database, but is included in security fields within the place. For example, if the user creates a page, the user's name is listed in the page's h_Authors field. If you use the changehierarchy command and the name hierarchy you are changing applies to the user's name in a place, the user's name is changed in these security fields and the user's access to the place continues.

Note: Flat Domino groups are unsupported and will lead to group expansion issues and product limitations. Also, users who are members of external groups cannot take a place offline.

To change the hierarchy of names in places, enter the following command at the server console:

load qptool changehierarchy arguments

where arguments are described in Table 43

Note: Specify the name hierarchy exactly, remembering to include any spaces and to use the exact character case that is used in the directory. If a name hierarchy contains spaces, put quotation marks (") around it.

Table 43. Arguments for the qptool changehierarchy command
Argument	Description
-?	Prints help on the command.
-sourceh hierarchy	Specifies the original name hierarchy to change, for example, OU=people,O=group
-targeth hierarchy	Specifies the new name hierarchy, for example, OU=people2,O=group. The name hierarchy you specify should correspond to a valid name hierarchy in the external directory.
-a	Changes the hierarchy of member names in all places that have member names with the original name hierarchy.
-p place(s)	Changes the hierarchy of member names in a place or space-separated list of places.
-i inputfilename	Changes the hierarchy of member names in places specified in an XML input file located in the server program directory.
-o outputfilename	XML output file that logs the results of the command. By default the command logs results to qptool.changehierarchy.xml in the server program directory.

Table 44 provides examples of qptool changehierarchy.

Table 44. Examples of qptool changehierarchy
Task	Command
Change the names of users and groups within the hierarchy OU=boston,O=acme to the hierarchy OU=detroit,O=acme in the place P1	>load qptool changehierarchy -sourceh OU=boston,O=acme -targeth OU=detroit,O=acme -p P1
Changes the names of users and groups with the hierarchy OU=boston,O=acme to the hierarchy OU=detroit,O=acme in all places	>load qptool changehierarchy -sourceh OU=boston,O=acme -targeth OU=detroit,O=acme -a

You also can rely on adminP to change the hierarchy of member names if you have enabled it. Refer to Enabling AdminP to work on the Lotus Quickr server.

Updating external member information in places

When information about an external member, such as an e-mail address, changes in the user directory, use the qptool updatemember command to update the information in places.

qptool updatemember updates the following information:

E-mail address (external users)
First name (external users)
Last name (external users)
Phone number (external users)
Display name (external users)
Display name (external groups)

qptool updatemember does not operate on local members.

Note: The command does not change an external member's distinguished name stored internally in places and used for access control. If external members' distinguished names change in the user directory, use the qptool changemember or qptool changehierarchy command to update the distinguished names in places.

To update external member information in places, enter the following command at the server console:

load qptool updatemember arguments

where arguments are described in Table 45.

Note: Specify names exactly, remembering to include any spaces and to use the exact character case. If a name contains spaces, put quotation marks (") around it.

Table 45. Arguments for the qptool updatemember command
Argument	Description
-?	Prints help on the command.
-dn name	Specifies the name of an external user or group whose member information has changed in the user directory, for example:. "cn=Connor Jones,ou=Sales,o=Acme" If you use this argument, do not use -allmembers.
-allmembers	Updates all external member information in the specified place(s). If you use this argument, do not use -dn name. You can run qptool updatemember -allmembers -a on a schedule. How often you should run it depends on how often the contents of your user directory changes.
-g	Indicates that a name specified for the -dn argument is the name of a group.
-a	Updates external member information in all places
-p place(s)	Updates external member information in a specific place or space-separated list of places.
-i inputfilename	XML input file located in the server program directory that specifies the places in which to update external member information.
-o outputfilename	XML output file that logs the results of the command. By default the command logs results to qptool.updatemember.xml in the server program directory.

Table 46 provides examples of the qptool updatemember command.

Table 46. Examples of qptool updatemember
Task	Command
Update the member information for the user cn=Connor Jones,ou=Sales,o=Acme in all places	load qptool updatemember -dn "cn=Connor Jones,ou=Sales,o=Acme" -a
Use the notes.ini file to update all member information in all places daily at 3 AM.	ServerTasksAt3=qptool updatemember -allmembers -a
Update the member information for the group cn=Adminstrators,o=Acme in all places	load qptool updatemember -dn cn=Administrators,o=Acme -g -a

Removing members from places

Use the qptool removemember command to remove local or external members from places.

Enter the following command at the server console::

load qptool removemember arguments

where arguments are arguments described in Table 47

Table 47. Arguments for the qptool removemember command
Argument	Description
-?	Prints help on the command.
-dn name	Name of an external user or group to remove. If the name contains a space, include quotation marks around it. Specify the name exactly as it is defined in the external directory, for example: "cn=connor jones,ou=sales,o=acme" Include any spaces in the name. Specify the character case (uppercase or lowercase) correctly.
-g	Indicates that a specified distinguished name is that of a group.
-u name	Name of a local user to remove. If the name contains a space, include quotation marks around it, for example: "Jonathan Carter"
-a	Removes the specified name from all places.
-p place(s)	Removes the specified name from a place or a space-separated list of places.
-i inputfilename	XML input file located in the server program directory that specifies the places from which to remove the specified name.
-o outputfilename	XML output file that logs the results of the command. By default the command logs results to qptool.removemember.xml in the server program directory.

Table 48 provides examples of the command.

Table 48. Examples of the qptool removemember command
Task	Command
Remove the external user cn=connor jones,ou=sales,o=acme from the place P1	>load qptool removemember -dn "cn=connor jones,ou=sales,o=acme" -p P1
Remove the external group cn=managers,ou=groups,o=acme from the place P1	>load qptool removemember -g -dn "cn=managers,ou=groups,o=acme" -p P1
Remove the local user Jonathan Carter from the places P1 and P2	>load qptool removemember -u "Jonathan Carter" -p P1 P2
Remove the external user cn=connor jones,ou=sales,o=acme from all places	>load qptool removemember -dn "cn=connor jones,ou=sales,o=acme" -a
Remove the external group cn=managers,ou=groups,o=acme from places specified in the XML input file qptool.myremmem.xml	>load qptool removemember -i qptool.myremmem.xml -g -dn "cn=managers,ou-groups,o-acme"
Remove the external user cn=connor jones,ou=sales,o=acme from the place P1 and log the command output to the non-default XML output file qptool.myoutfile.xml	>load qptool removemember -dn "cn=connor jones,ou=sales,o=acme" -p P1 -o qptool.myoutfile.xml

Changing local member passwords

Use the qptool password command to change passwords for local members.

Note: To change the password for an external member, change the member's entry in the user directory.

To change local member passwords, enter the following command at the server console:

load qptool password arguments

where arguments are described in Table 49

Table 49. Arguments for the qptool password command
Argument	Description
-?	Prints help on the command.
-u name	Specifies of the name of the local member whose password you are changing. If the name has spaces, include quotations marks around the name, for example: "Joe Smith."
-pw password	Specifies the new password.
-p place (s)	Specifies a place or a space-separated list of places on which to change the user's password.
-i inputfilename	XML input file located in the server program directory that specifies places on which to change the user's password.
-o outputfilename	XML output file that logs the results of the command. By default the command logs results to qptool.password.xml in the server program directory.

Table 50 provides examples of the command.

Table 50. Examples of the qptool password command
Task	Command
Change the password for a local user whose name has no spaces	>load qptool password -p placename -u joeuser -pw newpassword
Change the password for a local user whose name includes spaces	>load qptool password -p placename -u "joe user" -pw newpassword

Managing expanded membership

Use the qptool membershipmodel to enable expanded membership in places, to recreate expanded membership groups if you change the LDAP directory or base distinguished name used for them, or to resolve problems with expanded membership groups.

CAUTION:

Do not use the membershipmodel command until you have read about expanded membership and how to set it up.

Expanded membership

Expanded membership increases the maximum number of place members from 900 to 4000. Since a place set up to use expanded membership cannot revert to standard membership, consider the implications for directory services, access control and user interfaces before using this feature.

IBM Lotus Quickr by default lists the names of place members in the database access control lists (ACLs) of the rooms in a place. The combined names in an access control lists cannot exceed 32K in size, which limits a place to approximately 300 to 900 members, depending on the length of the members' distinguished names. Expanded membership removes this limitation by generating groups in an LDAP directory to store the names of individual members, and using these groups, rather than the individual user names, in room access control lists.

Important considerations

Consider the following points before you use the expanded membership model (EMM):

The effective use of groups in the LDAP directory is the best approach to handling large member access lists. The EMM feature should be considered an alternative method. If you are currently using Expanded Membership Model or would like to use it, refer to this technote before installing or upgrading Lotus Quickr.
Flat Domino groups are unsupported and will lead to group expansion issues and product limitations.
After you have set up a place to use expanded membership, you cannot revert the place to standard membership.
Expanded membership is supported only when Lotus Quickr, not IBM Lotus Domino, controls directory services.
If the directory server used for the expanded membership groups is also the Lotus Quickr user directory, specify a base distinguished name for the expanded membership groups that is outside the scope of the base distinguished name that Lotus Quickr uses for group lookups generally.
Do not modify the expanded membership groups.
The LDAP directory that stores the expanded membership groups must allow write access.
The user name and password used uses to manage the expanded membership groups (configured through Site Administration > User Directory page) must have write access to the base distinguished name configured for the groups.
Expanded membership is certified for 4000 external user members in a place.
LDAP directory servers can limit the number of members allowed in groups.
Places that use expanded membership cannot be used to create PlaceTypes.
Expanded membership pertains to individual external members and not to local members or to external group members.
Users who are members of external groups cannot take a place offline.
Do not disable expanded membership on the server if there are places that use it.

Expanded membership groups

When a place uses expanded membership, Lotus Quickr creates room-specific access control groups in an LDAP directory. The LDAP directory can be one that Lotus Quickr uses generally, or a different directory.

Lotus Quickr creates the following groups in this LDAP directory for the main room (Main.nsf) of a place and adds them to the main room database ACL:

cn=h_Managers,ou=placename,base_dn

cn=h_Editors,ou=placename,base_dn

cn=h_Authors,ou=placename,base_dn

cn=h_Readers,ou=placename,base_dn

where

placename is the name of the place.

base_dn is a base distinguished name for the expanded membership groups that is configured through the qpconfig.xml file.

When an external user member is added to the place, Lotus Quickr adds the user's name to one of these groups, according to the access assigned to the user. For example, Lotus Quickr adds an external user member with Reader access to the place's "cn=h_Readers...." group.

If someone creates a subroom, Lotus Quickr creates the following groups in the directory, and adds the groups to the subroom ACL:

cn=h_Managers,ou=uniquenumber,ou=placename,base_dn

cn=h_Editors,ou=uniquenumber,ou=placename,base_dn

cn=h_Authors,ou=uniquenumber,ou=placename,base_dn

cn=h_Readers,ou=uniquenumber,ou=placename,base_dn

where

uniquenumber is the unique number XXXXXXXX in the room name "PageLibraryXXXXXXXX.nsf" that identifies the room.

placename is the name of the place that contains the room.

base_dn is the base distinguished name configured for the expanded membership groups.

Removing an external user member from a place removes the user's name from the expanded membership groups associated with the place. Removing an external user member from a subroom, removes the user's name from the appropriate Lotus Quickr group associated with the subroom. Removing a place or a subroom removes the expanded membership groups associated with the place or subroom.

Examples of expanded membership groups

Suppose a place named salestrends uses expanded membership and the base distinguished name specified in the qpconfig.xml file for the expanded membership groups is ou=groups,o=teamworkplace. If someone adds an external user member to salestrends with Author access, Lotus Quickr adds the user's name to a group created in the LDAP directory called cn=h_Authors,ou=salestrends,ou=groups,o=teamworkplace. The group is included in salestrends' Main.nsf room ACL.

Suppose someone creates a subroom named PageLibrary85256CD200797D7B.nsf within salestrends and adds an external user member to the subroom with Reader access. Then Lotus Quickr adds the user's name to a group generated in the LDAP directory called cn=h_Readers,ou=85256CD200797D7B,ou=salestrends,ou=groups,o=teamworkplace. The group is included in the subroom ACL.

Access control in places that use expanded membership

Expanded membership uses group names in room ACLs rather than individual user names to control the access of individual external user members. As a result, the access given to an individual external user member no longer takes precedence over the access assigned to groups the user belongs to, or over super user access. The access control behavior for expanded membership differs from standard membership in the following ways:

With expanded membership, an external user who is an explicit member of a place and who is also a super user has super user access to the place. With standard membership, the external user has the access the place assigns the user, not the super user access.
With expanded membership, if an external user is an explicit member of a place (through a Lotus Quickr group) and also belongs to another group that is a member of the place, the user's access is the higher access of the two groups. With standard membership, the user has the access assigned to the individual user member.

User interface differences in places that use expanded membership

If you enable expanded membership for a place, users see the following changes:

When usersadd members they are no longer presented with a list of members with check boxes next to the member names. Instead, they click a button to display a window from which they can search for the members to add.
To create PlaceBots in a place, users must add a local user as a manager and then log in as that manager.
When posting, the option to notify all members is not available.
Users cannot create a PlaceType from a place that uses expanded membership.

Enabling expanded place membership

After you have enabled expanded membership in a place, reverting the place to standard membership is not supported. If there are replicas of a place, run the command on one replica only.

To enable expanded membership in a place or places, enter the following command at the server console:

load qptool membershipmodel arguments

where arguments are arguments described in the following table:

Table 51. Arguments for enabling expanded membership in places
Argument	Description
-?	Prints help on the command.
-toexpanded	Converts places to expanded membership.
-a	Runs the command on all places that do not currently use expanded membership
-p `places`	Runs the command on a place or a space-separated list of places.
-i inputfilename	Runs on places specified in an XML input file.
-o outputfilename	XML output file that logs the results of the command. By default the command logs results to qptool.membershipmodel.xml in the server program directory.

Table 18 provides examples of using the membershipmodel command to enable expanded membership in places.

Table 52. Examples of enabling expanded membership in places
Task	Command
Enable "placeofmanymembers" to use expanded membership.	>load qptool membershipmodel -toexpanded -p placeofmanymembers
Enable all places that do not currently use expanded membership to use expanded membership.	>load qptool membershipmodel -toexpanded -a

Changing the directory server or base distinguished name used for the expanded membership groups

Use the qptool membershipmodel to change the LDAP directory server or base distinguished name used for expanded membership groups.

Perform the following steps in the exact order given:

Enter the following command at the server console to remove all of the existing expanded membership groups from the directory server that currently stores them:
```
load qptool membershipmodel -rmgroups -a
```
Change the host name or base distinguished name specified in the expanded membership model section of the qpconfig.xml file. You can change one or both settings.
- To change the directory server in which to store the expanded membership groups, change the hostname setting, and optionally the ssl and port setting.
- To change the base distinguished name under which to store the expanded membership groups, change the base _dn setting. Make sure the new base_dn value exists on the directory server.
Enter the following command at the server console to restart the HTTP task:
```
restart task http 
```
If the user name and password the IBM Lotus Quickr server will use to manage the groups at the new LDAP directory location are not the ones currently configured, use the Site Administration > User Directory page to configure the correct user name and password. Make sure the name you specify has write access to the base distinguished name used for the expanded membership groups.
If you changed the base_dn setting, enter the following command at the server console to update the names of the groups in the place ACLs of all the places that use expanded membership:
```
load qptool membershipmodel -basedn -a
```
Enter the following command at the server console to generate the groups at the new directory location for each place that uses expanded membership:
```
load qptool membershipmodel -addgroups -a
```

Recreating expanded membership groups to resolve problems

If expanded membership is used and My Places or cross-place searching does not work, the expanded membership groups may be corrupt or out of synchronization with their places. Remove and then recreate the groups to correct the problem.

Enter the following commands at the server console:

load qptool membershipmodel -rmgroups -p place
load qptool membershipmodel -addgroups -p place

where place is the name of one place or a space-separated list of places.

Managing places using My Places and qptool commands

Use My Places and qptool commands to manage places.

Using My Places for place administration

External members who have at least reader access to places can use My Places to display statistics about the places. External members with manager access can use My Places to perform place administration tasks.

Using My Places to display place statistics

Use My Places to display a variety of statistics about the places that you have access to.

Perform these steps:

Log in to the server.
Click My Places from any page.
Click Show Usage Statistics.

My Places then shows the following information about each place that you have access to:

Name
Title
Size
Date last accessed
Date last modified
Number of logins since installation or since qptool placecatalog -reset was run on the place.
Number of document reads since installation or since qptool placecatalog -reset was run on the place.
Number of postings since installation or since qptool placecatalog -reset was run on the place.
Number of readers, authors, managers, and editors
Number of documents, draft documents, attachments, and custom forms
Number of offline installs
Largest document size
Number of uses, reads, and writes within the last day, week, and month.

Using My Places to perform place administration tasks

Managers of places can use My Places to lock and unlock places, update and reset place data statistics, and remove places.

Perform the following steps

Log in to the server.
Click My Places from any page.
Click Show Usage Statistics.

Click the drop-down arrow next to a place that you manage, select Admin Actions, and then select a command described in the following table

Table 53. Administration actions available from My Places
Command	Description
Lock Place	Issues the load qptool lock command on the server to lock and place and prevent users from accessing it.
Unlock Place	Issues the load qptool unlock command on the server to unlock a locked place.
Update Place Data Statistics	Issues the load qptool placecatalog -push command on the server to update statistics for the place in the place catalog that are not updated automatically in real-time.
Reset Place Data Statistics	Issues the load qptool placecatalog -reset command to reset the login, documents reads, and posting counts to 0 in the place catalog, so that you can measure them for a specific time period.
Remove Place	Issues the load qptool remove command on the server to mark a place for removal. Users will no longer be able to access a place marked for removal.

Sending mail to place members

Use the qptool sendmail command to broadcast an e-mail message to place managers or to all members of a place. The sendmail command is useful for communicating administration issues. For example, you could send a broadcast e-mail to the managers of places if the places have exceeded a predetermined size limit and will be archived.

Enter the following command at the server console to send mail to place members:

load qptool sendmail arguments

where arguments are described in the following table Table 54:

Table 54. Arguments for qptool sendmail
Argument	Description
-?	Prints help on the command.
-template template	XSL template file that specifies the message.
-managers	Sends mail to managers only. Without this argument, sends mail to all members, including the managers.
-i inputfile	A required argument that specifies the places and other data in an XML input file located in the server program directory. If you are using tags for title, size, last_accessed or last_modified, values for those fields must exist in the input file. The qptool sendmail command only looks to the input file for its data; it does not query the places for the tag values.
-o outputfile	Logs results to a specified XML output file. By default logs results to qptool.sendmail.xml in the program directory.

Sample template file

Customize the following sample template to suit your needs:

<?xml version="1.0"?>
<xsl:stylesheet 
	xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
	version="1.0"
	xmlns:lsxlt="http://xml.apache.org/xslt"
	xmlns:java="http://xml.apache.org/xslt/java">
<xsl:template match="place">
  <mail>
  <from>E-mail address here</from>
  <cc>List of e-mail addresses here</cc>
  <bcc>List of e-mail addresses here</bcc>
  <subject>Subject string here</subject>
  <body>

This mail is sent to members of place '<xsl:value-of select="./name"/>' by qptool sendmail using xsl as a mail template. Some other fields you might want to use are:

TITLE:  '<xsl:value-of select="./title"/>',
SIZE:  '<xsl:value-of select="./size"/>', 
LAST_ACCESSED:  '<xsl:value-of select="./last_accessed"/>', 
LAST_MODIFIED:  '<xsl:value-of select="./last_modified"/>' 
 </body>
  </mail>
</xsl:template>
</xsl:stylesheet>

Note: You can include information about each place in the e-mail to managers or members of that place. The tags used in the template look like:

'<xsl:value-of select="./fieldname"/>'

where fieldname is the name of a field in the input XML.

Sending newsletters to subscribers

Use the qptool newsletter command to send daily and weekly newsletters to members of places. Members of a place can receive daily newsletters if daily newsletters are enabled for the place in Customize > Basics and can receive weekly newsletters if weekly newsletters are enabled in Customize > Basics. To receive a newsletter, a member must subscribe to newsletters in the member information page and must have a valid e-mail address.

Note: IBM Lotus Quickr cannot mail newsletters to groups. If you want to mail a newsletter to a user who is a member of a group, add the user as an individual member of the place.

To send newsletters, enter the following command from the server console:

load qptool newsletter arguments

where arguments are described in Table 55

A place will not send out a newsletter unless the following requirements are met:

The place manager has enabled newsletters in the Basic Options. By default, newsletters are enabled.
The place's newsletter setting (Daily vs. Weekly) matches that of the argument used in the qptool command. If the -daily flag is used with qptool newsletter, the place will not send out a newsletter if it is set to weekly.

Table 55. Arguments for qptool newsletter
Argument	Description
-?	Prints help on the command.
-daily	Sends newsletters in daily format. By default the NOTES.INI file includes the setting ServerTasksAt1=qptool newsletter -daily -a so that daily newsletters are sent at 1 AM for all places. You can change the time when daily newsletters are sent by modifying the notes.ini file or scheduling the command through a Program document.
-weekly	Sends newsletters in weekly format. Using a Program document to schedule the mailing of weekly newsletters for all places is recommended. Weekly newsletters typically take longer to process then daily newsletters, especially if there are many members and places. Server performance can slow during processing. Therefore, schedule the newsletter -weekly command to run during non-business hours, for example Friday evenings or Saturdays. Note: Place members who sign up to receive weekly newsletters only receive them if you create a Program document in the Domino Directory with qptool newsletter -weekly -a and set a time and day for the server to collect and send weekly newsletters.
-a	Sends newsletters for all places.
-p place(s)	Sends newsletters for a place or a space-separated list of places.
-i inputfile	Sends newsletters for places specified in an XML input file located in the server program directory.
-o outputfile	Logs results to a specified XML output file. By default logs results to qptool.newsletter.xml in the program directory.

Locking and unlocking places on the server

Use the qptool lock and qptool unlock commands to take places in and out of service without stopping the server. Use the lock command to put places temporarily out of service during maintenance operations and then use the unlock command when the maintenance operations are complete.

When you have locked a place, a user trying to access that place receives a message that you specify.

Other qptool commands lock places specified in the command automatically before running and then unlock the places when the operations are complete. However, you might want to lock a place before running multiple qptool commands to prevent users from accessing the place until you have finished running the commands. For example, you might want to lock a place while using the qptool changemember command to change several member names within the place to prevent members from accessing the place until all the name changes are complete.

When a place is locked, the only qptool command you can run on it is qptool unlock.

Enter the following command the server console to lock or unlock a place:

load qptool lock[unlock] arguments

where arguments are described in Table 56

Table 56. Arguments for qptool lock and qptool unlock
Argument	Description
-?	Prints help on the command.
-a	Locks/unlocks all places.
-p place(s)	Specifies a place or a space-separated list of places to lock/unlock.
-message message	Specifies a message to display to users who visit a locked place to indicate it is unavailable. Use quotes if the message contains spaces.
-i inputfile	XML input file located in the server program directory that specifies the places to lock/unlock.
-o outputfile	XML output file that logs the results of the command. By default the command logs results to qptool.lock.xml or qptool.unlock.xml in the server program directory. Note: To receive even more information during the lock/unlock process, you can set QuickPlaceLockLogging=1 in the notes.ini file.

Table 57 provides examples of the commands.

Table 57. Examples of qptool lock and qptool unlock
Task	Command
Lock a place.	> load qptool lock -p placename -message "Place is undergoing membership changes. Please try back after 4 pm." (where placename is the name of the place being locked).
Unlock a place.	> load qptool unlock -p placename

You also can lock and unlock places from Place Administration as described here: Locking and unlocking places.

Archiving places

Use the qptool archive command to copy place directories and their contents to a specified archive directory.

Use the archive command when you want to:

Back up active places by archiving them to a target directory without deleting them from the server.
Back up active places before moving them to another server.
Back up inactive places before removing them from the server.

To archive places, enter the following command from the server console:

load qptool archive arguments

where arguments are described in Table 58.

Table 58. Arguments for qptool archive
Argument	Description
-?	Prints help on the command.
-dir path directory	Directory in which to archive places. If you specify an archive directory without an explicit path, the specified archive directory is put in the server data directory. If the specified directory does not already exist, it is created. Note: The archive command does not archive a place that already exists in the archive directory.
-a	Archive all places.
-p place(s)	Specifies a place or a space-separated list of places to archive.
-i inputfilename	XML input file located in the server program directory that specifies the places to archive.
-o outputfilename	XML output file that logs the results of the command. By default the command logs results to qptool.archive.xml in the server program directory.

Table 59 provides examples of using the archive command.

Table 59. Examples of qptool archive
Task	Command
Back up all places on the server	>load qptool archive -dir x:\qpbackup -a
Archive more than one place to a target directory below c:\	>load qptool archive -dir c:\threeplaces -p placeone placetwo placethree
Archive places specified in an XML input file to a directory below c:\	>load qptool archive -i qptool.archive.xml -dir c:\threeplaces
Archive a place to a directory below c:\ and log output to a non-default XML file location.	>load qptool archive -p placename -dir c:\placenameback -o c:\qptool.archive.xml

Restoring an archived place that you removed

If you archived a place and removed it from the server but now want to restore the place, use the qptool unlock and qptool register commands.

Perform the following steps:

Use an operating system copy command to copy the archived place back to the domino_data_root\LotusQuickr directory.

Enter the following commands at the server console:

load qptool unlock -p place  
load qptool register -p place -install

For example, suppose you used the following commands to archive placeone and remove it from the server data directory:

load qptool archive -p placeone -dir d:\archivedir
load qptool remove -p placeone -now

To restore placeone, perform the following steps:

Copy d:\archivedir\placeone\ to the domino_data_root\LotusQuickr\ directory.

Enter the following commands at the server console::

load qptool unlock -p placeone  
load qptool register -p placeone -install

Renaming places

Use the qptool unregister and register commands to rename a place.

Perform the following steps:

Enter the following commands from the server console:
```
load qptool unregister -p placename
load qptool lock -p placename
```
where placename is the current name of the place to be renamed.
Enter the following command from the server console to release any open database handles to the place:
```
Dbcache flush
```
Through the file system, rename the place's folder in the domino_data_root\LotusQuickr directory.
Enter the following commands from the server console:
```
load qptool unlock -p placename
load qptool register -p placename -install
```
where placename is the new name of the place.

Moving a place from one current-release server to another

You can move a place from one current-release server to another.

Perform the following steps:

Enter the following command at the server console to make an archive copy of the place before you move it:
```
load qptool archive -p placename -dir archive_directory
```
Enter the following command at the server console to unregister the place from the Place Catalog:
```
load qptool unregister -p placename
```
Use a file system command to copy the place's directory and contents from the domino_data_root\LotusQuickr directory on the original server to the same location on the target server.
Enter the following command to unlock the place on the target server:
```
load qptool unlock -p placename
```
Enter the following command on the target server to update place information in the place and in the Place Catalog:
```
load qptool register -p placename -install 
```
Enter the following command to delete the place from the original server:
```
load qptool remove -p placename
```

If the original and target servers use different user directories, and the external members of a place have different distinguished names in each directory, use the qptool changemember or changehierarchy command to change the names in the place so these users can continue to access it.

Removing places and PlaceTypes from the server

Use the qptool remove command to remove places or PlaceTypes from the IBM Lotus Quickr server. You might want to remove a place or PlaceType that is no longer used or that hasn't been used for a long time.

To remove places or PlaceTypes, enter the following command from the server console:

load qptool remove arguments

The following table describes the arguments for the command.

Argument	Description
-?	Prints help on the command.
-now	Deletes places or PlaceTypes immediately. If you do not use this argument, places or PlaceTypes are only marked for removal. A place or PlaceType that is marked for removal is inaccessible from a browser but still exists in the file system. Note: Do not use this argument to remove a place in a cluster, as the deletion may not replicate.
-cleanup	Deletes places or PlaceTypes that were previously marked for removal through the remove command or that were deleted through the Lotus Quickr user interface. The ServerTasksAt2 NOTES.INI setting includes qptool remove -cleanup, so that the command runs by default at 2 AM. Note that the -cleanup argument does not work on places that are in the database cache. Since QPTool -cleanup typically runs off-hours, places are not in the database cache when the command is run. If you run qptool remove -cleanup at other times, use the dbcache flush command to flush databases from the cache before using -cleanup. For more information on the database cache, see Domino Administrator Help.
-a	Marks for removal or deletes all places on the server. This argument does not run on PlaceTypes.
-p place(s)	Specifies a place or a space-separated list of places to mark for removal or to delete.
-pt PlaceTypes	Specifies a PlaceType or a space-separated list of PlaceTypes to mark for removal or to delete.
-i inputfilename	XML input file located in the server program directory that specifies places or PlaceTypes to mark for removal or to delete.
-o outputfilename	XML output file that logs the results of the command. By default the command logs results to qptool.remove.xml in the server program directory.

Note: If you use Search Places on the server, do not use the -now argument to remove places. Instead use the remove command without the -now argument and mark the places for removal. After you mark the places for removal, run the Catalog and Domidx tasks on the Domain Catalog server. After the Domidx task has completed, use the remove command with the -cleanup argument to remove the places. Follow this removal procedure to ensure that information in documents from the deleted places is also removed from the search index.

The following table provides examples of using the remove command.

Task	Command
Mark the place P1 for removal	>load qptool remove -p P1
Mark all places on the server for removal	>load qptool remove -a
Mark PlaceType PT1 for removal	>load qptool remove -pt PT1
Mark places P1, P2, and P3 for removal	>load qptool remove -p P1 P2 P3
Mark places for removal that are specified in the XML input file qptool.removeinput.xml	>load qptool remove -i qptool.removeinput.xml
Mark the place P1 for removal and log output to the non-default XML file qptool.removeoutput.xml	>load qptool remove -p P1 -o qptool.removeoutput.xml
Remove the place P1 immediately	>load qptool remove -p P1 -now
Remove all PlaceTypes on the server immediately. Note that you cannot use the -a argument to remove all PlaceTypes.	>load qptool remove -pt PT1 PT2 PT3 PT4 PT5 -now

Reactivating a place mistakenly removed using QPTool remove

If you remove a place using qptool remove by mistake, (without the -now argument), you can reinstate the place. To do so, from Notes, edit the database titles of Main.nsf, Contacts1.nsf, and any PageLibraryxxx.nsf files for the place and change them from [delete pending] to the name of the place. You must also use qptool register -p placename to re-create the place document in the Place Catalog.

Completing the deletion of a place mistakenly deleted through the file system

If you mistakenly use a file system command to delete a place, rather than the qptool remove command or the Lotus Quickr user interface, the place still has a Place