Authenticating your IBM Domino and IBM XWork Server web apps against Active Directory (LDAP)

Posted on August 28, 2014 by Per Henrik Lausten

With IBM Domino and IBM XWork Server you can set up web authentication against an external LDAP such as Microsoft Active Directory. This is useful if you are deploying a web application and your users are already in an external directory. In this blog post I will show you how to set this up.

Create a Directory Assistance application on the server based on the Directory Assistance application template
Edit the server document in the Domino Directory and add the path to the Directory Assistance application from step 1 to the Directory Assistance database name field on the Basics tab
Create a new Directory Assistance document in the Directory Assistance application and fill out the following:
1. Domain type: LDAP
2. Domain name: Company domain (notice: the domain name in the Directory Assistance document MUST not be equal to the Domino domain!)
3. Company name: Company name
4. Naming Contexts (Rules) – Trusted for Credentials: Yes
5. Hostname: host name of Microsoft Active Directory (tip: use the Verify button to check access to the host)
6. Optional authentication credential for search: If the Active Directory does not allow anonymous LDAP searches, then add username and password for a user with access to Active Directory
7. LDAP vendor: Active Directory
8. Base DN for search: DC=company,DC=com (use the Suggest button to find the correct format)
9. Channel encryption: SSL or none (notice: if changing from SSL to none make sure that Naming Contexts (Rules) – Trusted for Credentials is not changed from Yes to No)
Restart your server

It’s now time to test your your LDAP configuration. Start by creating a new application with access control set to Readers for Default and No Access for Anonymous. Try to access the application from a browser and you will be prompted for credentials. Now logon using a valid username and password. You will be able to access the application if your Directory Assistance setup is working. Congratulations – you can now deploy your web application and have users authenticate using Microsoft Active Directory – without having any user details stored on the IBM Domino/IBM XWork server!

If authentication fails, you should start with issuing the “show xdir” command on the server console. You should see two entries in the list – the first one pointing to the Domino directory (names.nsf) and the second one pointing to your LDAP configuration.

You can also use the webauth_verbose_trace=1 option to enable debug messages on the server console by issuing “set conf webauth_verbose_trace=1” on the server console.

XPages and Domino 9.0.1 FP2: upgrades to CKEditor and Dojo

Posted on August 24, 2014 by Per Henrik Lausten

IBM released fix pack 2 for Domino and XWork Server 9.0.1 this week. Among many fixes it includes the following fix:

SPR# TMGN9KJTEB – Adds Internet Explorer 11 support for xPages

I asked Brian Gleeson from the IBM Dublin team what exactly this means, and he responded that it covers an upgrade of CKEditor from 3.6.x to 4.3.2 and an upgrade of Dojo from 1.8.3 to 1.9.2.

One issue I have seen so far with CKEditor 4.3.2 is that the “Insert image” button called ‘Image’ in a custom toolbar is different from the standard “Insert image” button used if you use the default toolbar. Instead, you need to use ‘IbmImage’ as the name of the image button.

The latest CKEditor adds a spell check option – either through the default toolbar or by adding ‘IbmSpellChecker’ to your custom toolbar. It’s great that the CKEditor in XPages finally adds that facility. Here it is in action:

CKEditor spell checker

With the new CKEditor the ‘toolbarType’ Dojo attribute no longer works. Instead use ‘toolbar’ as Dojo attribute with Slim, Medium, Large and Full as possible values.

XPages boilerplate: useful code snippets and modules for your next XPages project

Posted on December 11, 2013 by Per Henrik Lausten

When I start a new XPages project, I use lots of code snippets and modules from previous projects. Many of these code snippets and modules are open source or available on blog posts from fellow XPages bloggers. In this blog post I will list some of these useful code snippets and modules and hope that this will inspire you and help you enhance your next XPages project.

Useful code snippets and modules:

email bean by Tony McGuckin (for easy sending of emails)
multi-page messages by Mark Leusink (for displaying “error” messages on one XPage that originates from another XPage)
session expiration phase listener by Weihang Chen (for proper handling of the scenario where the session expires)
localization setter by Sven Hasselbach (for setting the correct locale for the browser session)
flashScope by Andy Cunliffe (for creating flashScope variables – a sort of view scope variable that can be used across pages)
example customizer bean by Jesse Gallagher for the Dynamic View Control from Extension Library (for customizing the look of the generated output of the Dynamic View control)
JSFUtil: originally introduced to XPages by Tim Tripcony, and since then modified and extended by several. Here’s one version of JSFUtil by Jesse Gallagher. JSFUtil is a must-have for working with XPages in Java
Standby Dialog custom control by Fredrik Norling (for making it obvious for the user of your app that server processing is taking place)
XPages Document Locker by Fredrik Norling (for easy document locking)
DbLookup & DbColumn, with cache, sort and unique by Tom Steenbergen (for improved DbLookup and DbColumn with caching support)
SSJS Form Validation That Triggers ErrorMessage Controls by Don Mottolo (for central validation of input fields)
DateConverter by Tommy Valand (for easy conversion of dates to/from strings)
Display warning message if Internet Explorer uses Compatibility View mode by myself (useful for displaying a message to the user if Internet Explorer is set to run in Compatibility View mode)
Phase listener to set IE to edge or X-UA-Compatible value by Mark Hughes (useful for instance for making Internet Explorer 11 behave by setting the value to “IE=10”)

You can also take a look at the XPages Scaffolding project by Jesse Gallagher. At least look at the README.md file in which Jesse describes what’s included.

Of course, you should not forget all the useful libraries and tools available in OpenNTF Essentials (both in the Essentials Runtime and in Essentials Toolbox) such as the OpenNTF Domino API, XPages Debug Toolbar and XPages Log File Reader. Also of great value is Auto Logins which provides “remember me” functionality for your app.

IBM Notes 9.0.1 and IBM Domino 9.0.1 are now available for download

Posted on October 29, 2013 by Per Henrik Lausten

IBM Notes 9.0.1 and IBM Domino 9.0.1 are now available for download on Passport Advantage.

This release includes 292 documented fixes (as of this evening). Here’s the “Top 20” fix list according to IBM.

Some of the 9.0.1 part numbers:

IBM Notes Client 9.0.1 for Windows English: CIQ7REN
IBM Notes Client 9.0.1 for Mac English: CIQ7UEN
IBM Notes, Domino Designer and Admin 9.0.1 client: CIQ91EN
SwiftFile 4.2.1 for IBM Notes 9.0.1 English: CRP4BEN
IBM Domino Server 9.0.1 64 bit for Windows English: CIQ7WEN
IBM Domino Server 9.0.1 64 bit for Linux for xSeries English: CIQ7ZEN
IBM Notes Traveler 9.0.1 for Windows Multilingual: CIQ7BML
IBM Notes Traveler 9.0.1 for Linux for xSeries Multilingual: CIQ7CML
IBM Domino Social Edition OpenSocial component 9.0.1 64 bit for Windows English: CIQ85EN
IBM Domino Social Edition OpenSocial component 9.0.1 64 bit for Linux for xSeries English: CIQ89EN
IBM XWork Server 9.0.1 64 bit for Windows English: CIQ8DEN
IBM XWork Server 9.0.1 64 bit for Linux for xSeries English: CIQ8HEN

How to force a reload of JS and CSS files when changed

Posted on April 10, 2013 by Per Henrik Lausten

Caching of Javascript and CSS files is great and really improves performance in the browser. But caching also means that changes to the files are not picked up. So how do you get the browser to automatically reload the files when you have updated them because of new requirements, bug fixed etc.?

There are several ways to achieve this. On Apache you can for instance use the modpagespeed module that automatically changes links to resources when the backend resource files change. Other ways include manually adding a version number to your resources (?version=1234), and changing the file name of the resource.

For IBM Domino, IBM XWork Server and XPages you can of course manually change the file name of your resources when content changes (and remember to update references to those files in your code). A better method is to create your own versioning system for your resources based on the idea of adding a unique id to the link to the resources. The following describes this method.

You can add a version number to an application scoped bean and then update that version number whenever you want the browser to reload your resources. Here’s a code snippet for such a version number bean (this is only some of the stuff needed for a bean – see my blog post about creating a bean for more details) :

public class Config implements Serializable {
	private static final long serialVersionUID = 6469339826789980362L;
	private static final String version = "20130410";

	public static String getVersion() {
		return version;
	}
}

Using this bean I can then create links to my Javascript and CSS files like this:

<xp:this.resources>
	<xp:script clientSide="true">
		<xp:this.src><![CDATA[${javascript:"/jsCommon?open&v=" + config.getVersion()}]]></xp:this.src>
	</xp:script>
	<xp:styleSheet>
		<xp:this.href><![CDATA[${javascript:"/custom.css?open&v=" + config.getVersion()}]]></xp:this.href>
	</xp:styleSheet>
</xp:this.resources>

The links then look like this in the browser:

db.nsf/custom.css?open&amp;v=20130410
db.nsf/jsCommon?open&amp;v=20130410

Whenever I want to force a reload, I then update the version string in my Config bean. The resources are then reloaded.

Free 1-day seminar on April 24 hosted by Notesnet.dk

Posted on March 20, 2013 by Per Henrik Lausten

I am proud to announce a free 1-day seminar hosted by Notesnet.dk. The purpose of the seminar is to show companies the powerful features of IBM Notes 9, IBM Domino 9, IBM XWork Server 9, IBM Connections 4.5, XPages and much more – including case stories. The seminar is for existing IBM Domino customers and for potential IBM Domino customers, and takes place on April 24.

Have a look at the agenda and sign up to attend if the seminar is of interest to you. The seminar and online content is in Danish.

Sherlock Web: a QHSE management system (based on XPages and IBM XWork Server)

Posted on May 14, 2012 by Per Henrik Lausten

I am currently busy working on Sherlock Web: a complete web solution for management of quality, health, safety and environment (QHSE). The solution is based on XPages and the IBM XWork Server and is available as a hosted solution or as an on-premises solution. The licensing cost of the server and application platform is fixed at $2000 per year, since the solution runs on the IBM XWork Server. This makes it an ideal platform for companies with a large number of users.

Sherlock Web is based on the existing Sherlock Lotus Notes solution that runs successfully at more than 500 companies. However, Sherlock Web does not require a Lotus Notes client at all – all you need to use Sherlock Web is a web browser, a tablet (such as the iPad or the Samsung Galaxy Tab) or a smartphone (such as an iPhone or an Android phone).

The document management part of Sherlock Web

You can attend 2 free (physical) seminars at IBM in Denmark on May 24 and May 30 where the Sherlock Web solution will be introduced. For more information and information on how to sign up for the event, please visit the Danish IBM Social Business blog. If you are unable to attend the seminar, you can get more information at the Danish Sherlock site and at the international Sherlock site and by contacting the Sherlock team.

Lotus Notes/Domino 8.5.3 and IBM XWork Server 8.5.3 are here

Posted on October 4, 2011 by Per Henrik Lausten

It’s October 4th and Lotus Notes and Domino 8.5.3 are now available for download on Passport Advantage. The brand new IBM XWork Server has also been announced.

I have been looking forward to this release in general, and in particular because of features specifically for XPages developers:

improved JavaScript editor
finally a java design element for XPages
Dojo 1.6.1
OneUI version 2.1 (which looks very similar to the prototype 3.0 version that the Lotus Notes and Domino Application Development wiki uses)
option to combine CSS and JS in a single file to improve site speed
improved HTML5 support such as support for adding HTML5 attributes
source control enablement

I look very much forward to an improved experience when working with XPages development in the Domino Designer client. Happy coding!

Per Henrik Lausten

A blog on HCL Domino, HCL XWork Server, XPages, Java and more

Tag Archives: IBM XWork Server