Category Archives: connections

Home / technical Archive by category "connections"

Engage was amazing

Wow .. Engage is the biggest IBM user group outside of IBM’s own Connect (the conference formally known as Lotusphere).
Over 400 people gathered in Eindhoven for 2 days of fantastic content, great sessions and speakers, awesome networking and social events.

The venue was stunning .. basically we were in a flying saucer for 2 days. A great space, plenty of room for the sessions, massive area for sponsors and networking – the food was amazing, and there was chocolate and beer 🙂

I was lucky enough to speak with Christoph Stoettner on day one and our session was well received. Covering install, migrating, documenting and best practises for IBM Connections and its associated software in an hour and trying to cover all operating systems was fun .. but we managed and had 5 mins for Q&A. Speaking with Christoph is always a pleasure and never a chore 🙂

One of the highlights of the two days was the IBM Champion round table with the new General manager of ICS – Inhi Cho Suh. Announced into her new position at IBM Connect in January, she took time out of her busy schedule to spend a day at Engage. The Champions round table was great, the enthusiasm in the room from both Inhi and us was something I hadn’t seen for a while. Its so nice to have someone at the top that is as passionate about this stuff as we are. I am genuinely excited and looking forward to waht the future is going to offer. For customers and business partners alike – as we are all users of this software.

If you have never attended a user group, you should, there are many .. and they really do span world wide and covere a range of software that the ICS/Lotus brand covers. Thanks to the wonderful Amanda Bauman the user groups are now part of the  World Wide Independent User Group Alliance – IBM are standardising the way they support user groups which is fantastic.

Thank you again Theo and team for all the hard work you do .. and how are you going to top this next year?

I am looking forward to finding out


Latest PTFs appear to cause issues with TDI on iSeries

Bit of a weird gotcha we have discovered this week. TDI for Connections on iSeries was not happy with the latest PTF fixes applied to the machine.

TDI was working without issue prior to the PTF’s being applied. An IPL was performed to allow everything to apply correctly – that is when we noticed issues with TDI.

When attempting to populate the profiles DB or even run a collect_dns we were seeing an error. Nothing had changed in any of the config files but we were seeing an error relating to the LDAP URL.

On the off chance that something specific had been overwritten we decided to reinstall TDI. The only thing that had changed was the PTFs, so it was likely something in one of the many applied to the system had overwritten something that TDI was looking for.
The steps ran were as follows:

  • Uninstalled TDI
  • Removed the directories that had been created under the /QIBM/ProdData and /QIBM/UserData folders
  • Run – export QIBM_CCSID=819 as required
  • Install TDI and patch
  • Reconfigure the TDISOL directory – take the one from the /QIBM/ProdData/IBM/Connections/TDISOL as it is more up to date than the wizard version
  • Test

Theoretically nothing should have affected TDI – but something appears to have .. It was a fairly quick fix (about 2 hours in total)

So if you are running Connections on i and have applied the latest PTFs .. check the TDI sync still works

External users in connections, multiple LDAPs when using domino root

As mentioned in our presentation at EngageUG – We came across a problem when adding multiple LDAP repositories in WebSphere.

The scenario was a Domino customer – who use the root domino domain – had a requirement for a second LDAP repository in connections to manage external users. They are a global company and via directory assistance grab the users that need access to connections but have no control over the records themselves. The plan was to have a 2nd domino domain for external users that the admins could manage independently of the main directory / domain.

We hit a problem as when using the domino root – it does all sorts of *fun* things inside WebSphere to overwrite any 2nd LDAP or additional base realm entries. After much testing with domino and ad as a 2nd LDAP, all the known work arounds didn’t resolve the issue, we opened a PMR.

As it turns out the answer was pretty simple:

Set your domino root LDAP us as you would do normal – but, when you get to the point of adding the unique base entry to the realm add a name i.e o=dominoRoot (it doesn’t matter what this is as long as its o= something)

Select the tick the box to use a different distinguished name – leave the 2nd box blank

*EDIT* – you may need to add double quotes to provide a blank – i.e “” we will remove this in the next step


Save the config.

Next we need to edit the wimconfig to remove the offending entry that causes WebSphere to get confused.

The wimconfig can be found in <WAS_HOME>/profiles/Dmgr01/config/cells/<CELL_NAME>/wim/config

Find the entry relating to the new domino root entry .. and remove the duplicate base entry :

<config:baseEntries name=""/>
<config:baseEntries name="o=dominoldap" nameInRepository=""/>

remove the line
<config:baseEntries name=""/>

save and close the file and restart the deployment manager and connections nodes.

Once restarted the Domino root users and groups are still accessible inside WAS / Connections and it is now possible to add a second LDAP base entry correctly.

In the case of this particular customer we have added an External users AD, but another domino domain directory or any other supported LDAP should also work perfectly 🙂

Connections Monitoring – are you doing it?

After being to a few user groups lately and seeing all the great monitoring tools for Domino I am interested in what people use to monitor connections.

The WebSphere piece of connections can put a lot of people off and I am wondering if something was available would you use it?

  • If you do monitor, what do you use
  • If something was available with a *dashboard* would you use it?
  • What features would you like in a monitoring app
  • Would you be interested in something bundled in Nagios etc

I have created a quick survey which should only take you 2 mins to fill in, if you can spare the time to fill it in I would be most grateful

You can use the survey below or head to the link here:


Create your free online surveys with SurveyMonkey , the world’s leading questionnaire tool.

Issues with CCM, Cognos and looking up Domino LDAP users using complex filters

Thanks to Martin Leyrer for pointing this technote out

There appears to be an issue with CCM and Cognos integration if you are using domino LDAP and are using complex ldap search filters

The CCM symptoms are:

When LDAP users try to access a community library they have the following error:

“The library may have been deleted or modified, or your access may have changed. Try reloading. If that fails, contact the library owner.”


When user clicks into the Library, there is no “Upload Files” or “New Folder” buttons present, even though they are a Community Member or Owner

This does not happen for non-LDAP local users like ‘wasadmin’.

The Cognos symptoms are:

it’s not possible to add LDAP users to the IbmConnectionsMetricsAdmin role, but it is possible to add non-LDAP local users like ‘wasadmin’


Good news there is a fix

You must contact Domino Support to obtain a Hotfix for SPR CAHT959LQG for your specific Domino version

The Full description of the problem can be found in the technote here

Fun and games with Community Widgets

Last night we managed to close a PMR that had been open for a few weeks on a strange issue with Community Widgets.

Rewind 3 or 4 weeks – One our amazing customers made some security changes which in turn required some reconfiguration of Connections. We switched to a secure LDAP connection, reconfigured WebSphere global security and changed the LDAP realm to fix and LTPA issue we had seen and also just for good measure switched the WebSphere Admin user to be an LDAP user – a few changes to implement at once, but not rocket science.


The only bit of reconfiguration that needs a bit of work is the changing of the connections admin user – previously we had just used the standard wasadmin user,  Connections application security was switched (using the community scripts – thank you Christoph), changing references to administrative credentials was completed and the lovely task of updating the messaging bus was completed.


Everything worked exactly as expected except for 2 tiny issues – Adding the blogs and surveys widgets inside a community thew a nasty error.









The errors in the logs were not actually helping much – just saying the new admin user did not have the authority, which didn’t really make much sense as all the other widgets were adding to communities without issue and the blogs app worked perfectly outside of Communities – also any exiting blog widgets were also working as expected.

After some very intensive investigation from IBM Support, especially Justin Cornell who ploughed through much logs, traces, fiddler records and a live debugging session where he saw the problem live – we were still no closer to getting to the bottom of the issue. Justin then brought up the issue in a team meeting and another college mentioned that he had seen something similar.

Waltz and Sonata were recognizing the new admin user but something else was still not quite right – the suggestion was to remove and remap the admin user for the applications – forcing the remapping of the security and flushing any old info relating to the old admin user. We also re-synced the new admin user against all the connections applications just to be sure using the Application.MemberService.syncMemberExtIdByEmail(“emailhere“) command. After this was done we still had the same problem. By now this was becoming extremely frustrating – it made no sense, it should just work!

It was a public holiday in the UK on Monday so I didn’t notice the mail Justin had sent me straight away – he suggested that before this goes up yet another level of the support chain that we remap the widget admins again, just to make sure that it had actually added the new admin user correctly. After quickly jumping on to the Deployment manager machine and remapping the widget admin user for the blogs application and restarting the blogs app we attempted to add the widget to a community again – AND IT WORKED !! Re-mapping the admin user for the Forms Experience Builder (surveys) app and restarted that application also resolved the issue with that widget too.

It appears that re-mapping these individually and saving and restarting flushed out any cached or old admin information, when it was done as part of a script or mass change it didn’t seem to clear out the old info.

This is one of the most frustrating and strangest issues we have seen with Connections – as theoretically nothing has changed. The new admin user was mapped correctly previously – but re-mapping it fixed it.

Thanks IBM Support and the very tenacious Justin who was just as frustrated and determined to get to the bottom of the issue.





Help IBM shape connections search

If you are interested in helping IBM shape the search application inside Connections there is a survey that you can participate in.

This is a short survey to better understand attitudes and behaviors around search and how users – well – use it 🙂

You can find the search survey here

Fill it in and you will make a Connections product manager very happy 🙂

Weird issue deploying Connections Mail

I have been looking to implement Connections mail for a while for one of my customers, after finally sorting out some SSO issues we had been seeing I was ready to deploy into their DEV/TEST environment. No problem I thought – Connections mail is a very simple install a couple of config files and a quick wsadmin command to get the help to work.

Once I had deployed I was seeing the strangest issues –

Contact your system administrator:
Missing element with class=”os-site-mail-notify”

After spending a few hours trying to work out what the issue was, sanity checking myself in the Connections skype chat and much google-ing – I threw in the towel and opened a PMR. I did my usual of explaining the situation, listing OS and level, Connections versions and fixes etc and sending in a screen shot, Log files and the Connections mail config file – a couple of hours later I had a response.

It appears that something has changed between V4 and V4.5 of connections – I had customisations brought over from V4 and copied the header.jsp as it looked on first glance that there was no changes between 4 & 4.5

In Version 4.5 the span for the mail notify icons is :
–%><span class=”os-site-mail-notify”></span><%–

Previously it was:
–%><span id=”os-site-mail-notify”></span><%–

Changing this span from id to class resolved my issue.

So the moral of the story is even if you think nothing has changed – it most likely has

Big thanks to Jonathan P. Dormady Staff Software Engineer in Connections Support for finding me a solution so quickly

So that’s how he did it – Luis Benitez tells all

Our favourite IBM Connections product manager is releasing a series of blog posts on what code and products were used in his Keynote / OGS demo at Connect.

I must admit I was impressed and only yesterday I blogged on my personal blog that I wished we knew more on what products made up the OGS demos.

Great post by Luis, can’t wait to read the rest of the series

The full post can be found here:

The Code Behind My IBM Connect 2014 Keynote Demo

mod_deflate compressing your Connections pages before they hit the client

The Apache v2 module mod_deflate is extremely handy if you are serving IBM Connections up to remote locations with little bandwidth. Some of the Connections pages have large css or java script files that are required to function correctly but for countries that have poor connection to the remote server this causes slow page load times and sometimes timeouts.

So mod_deflate to the rescue ..

open your httpd.conf file and ensure that the mod_deflate is uncommented

LoadModule deflate_module modules/

just before section 3 for virtual hosts – add the following

## set deflate
<IfModule mod_deflate.c>
SetOutputFilter DEFLATE
# Netscape 4.x has some problems…
BrowserMatch ^Mozilla/4 gzip-only-text/html
# Netscape 4.06-4.08 have some more problems
BrowserMatch ^Mozilla/4\.0[678] no-gzip
# MSIE masquerades as Netscape, but it is fine
# BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
# NOTE: Due to a bug in mod_setenvif up to Apache 2.0.48
# the above regex won’t work. You can use the following
# workaround to get the desired effect:
BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
# Don’t compress already-compressed files
SetEnvIfNoCase Request_URI .(?:gif|jpe?g|png)$ no-gzip dont-vary
SetEnvIfNoCase Request_URI .(?:exe|t?gz|zip|bz2|sit|rar)$ no-gzip dont-vary
SetEnvIfNoCase Request_URI .(?:avi|mov|mp3|mp4|rm|flv|swf|mp?g)$ no-gzip dont-vary
SetEnvIfNoCase Request_URI .pdf$ no-gzip dont-vary
DeflateCompressionLevel 9
### Section 3: Virtual Hosts

Note – I have the DeflateCompressionLevel set to 9 – this is the highest amount of compression. Depending on the load and size of your HTTP server this may use a lots of CPU time to deflate, this may need to be monitored and tuned for your specific server

Inside the virtual host for the secure Connections server add the same deflate directive (see example below)

<VirtualHost *:443>
Include “/opt/IBM/HTTPServer/conf/rewrite.conf”
Header set Access-Control-Allow-Origin “*”
## set deflate
<IfModule mod_deflate.c>
SetOutputFilter DEFLATE
# Netscape 4.x has some problems…
BrowserMatch ^Mozilla/4 gzip-only-text/html
# Netscape 4.06-4.08 have some more problems
BrowserMatch ^Mozilla/4\.0[678] no-gzip
# MSIE masquerades as Netscape, but it is fine
# BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
# NOTE: Due to a bug in mod_setenvif up to Apache 2.0.48
# the above regex won’t work. You can use the following
# workaround to get the desired effect:
BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
# Don’t compress already-compressed files
SetEnvIfNoCase Request_URI .(?:gif|jpe?g|png)$ no-gzip dont-vary
SetEnvIfNoCase Request_URI .(?:exe|t?gz|zip|bz2|sit|rar)$ no-gzip dont-vary
SetEnvIfNoCase Request_URI .(?:avi|mov|mp3|mp4|rm|flv|swf|mp?g)$ no-gzip dont-vary
SetEnvIfNoCase Request_URI .pdf$ no-gzip dont-vary
DeflateCompressionLevel 9


restart the HTTP server and the deflate module will be active

You can test the compression by visiting and enter a url of a Connections page

For instance I put the profiles page of a customer’s server here that mod_deflate is enabled and the compression was a massive 67.4%

Original Size: 7.27 KB
Compressed Size: 2.37 KB
Data Savings: 67.4%

So all in all if you have sites that are in bandwidth starved places – mod_deflate is worth taking a look at.