After enabling my WorkPlace server with
the Domino LDAP service yesterday I discovered that my TeamSpaces and Document
library was no longer working and giving me an exception error.  This
was a problem that I had run into with WorkPlace WSE 2.5 when it was released
last year and I tracked it down to a problem with the security roles that
were mapped to the LWP_CAI application. Due to one of the settings I had
made during the ‘Enable LDAP’ process the security mapping could not find
my portal admin group.

Again this is down to where Domino puts
it’s groups in the hierarchical tree. Domino groups are not hierarchical
( although you can manually put /org in your group names ) therefore they
appear at the same level of the /O=yourOrg.

During the LDAP Enable process one of
the settings is the LDAPSuffix. This setting tells the poral server where
to start all LDAP searches. According to the helper file you should set
this to o=yourOrg but for a Domino LDAP server you should leave this blank
so that when the portal server is looking up your portal admin group it
will search the entire Domino LDAP source instead of only searching in
your users root org.

Right, now I should be able to get the
SSO running.

While surfing around for more info on Workplace
2.6 I came across the following beta for the IBM Workplace Forms that was
announced at Lotusphere.

http://www-10.lotus.com/ldd/beta/workplaceformsbeta.nsf/

After completing the install of the Workplace
server I then proceeded to configure the LDAP service.

As I’m running Domino 7 I didn’t need
to add the DominoUNID attribute to the Domino LDAP schema so I could skip
over that step.  I decided that I was going to use my own username
as the portal admin and use the LocalDomainAdmins group as the portal’s
admin group so I quickly checked the ACL of the NAB to make sure that the
entries for these had the correct rights.

The next stage was editing a small file
that would tell the Workplace server that I had granted write access to
the Domino LDAP server.  This will allow users to use the ‘Sign Up’
and ‘Edit Profile’ options within Workplace.  If you don’t want users
to use these options you just have to skip this step.

The next stage was to edit the helper
file with my usersnames and passwords and then run the configuration wizard.

The configuration wizard has not changed
that much from the previous versions, there are a few extra options for
moving the Workplace and Portal databases to different sources and the
disable/enable LDAP security option is still there. Disabling the security
took about 15 minutes to run on my test server and then enabling it took
another 25 minutes.

One thing to watch out for here is making
sure you have the correct servers up and running when you are runing the
wizard. For the disable security to work correctly you must have the couldscape
server and the appliction server up and running ( but not the portal server
or mail server ) and for the enable security you must only have the cloudscape
server running.  It would be nice if the wizard could start/stop these
for you or failing that could give a better error message when the required
servers are not detected.

A Domino specific gotcha is the LDAP
administrators group name. As Domino groups are not hierarchical you need
to remove the CN= bit from the front of the group name you enter into the
helper file or the enable security option will fail.

The next stage will be setting up SSO.

With Workplace Collaboration Services V2.6
announced at Lotusphere I decided to download it and check it out and see
how it compares to the 2.5 version that I last looked at.

One big change that I noticed immediately
was the download process. With the previous versions of WCS & WSE you
had to download the tar.gz files and then rename them correctly and place
them in the correct directory for the installer to work.  With this
version the downloads are all self extracting .exe’s.  Running the
downloaded files will extract out the .tar.gz files into the correct directory
structure for you.  This is a real time-saver.

The installation process is exactly
the same as in the previous versions, answer a few simple questions and
then wait for about 1 hour while the installer copies over the files and
then makes the required changes to suit your environment. If you are planning
on changing the directory to a different source after the install then
it’s recommended that you use ‘wpsadmin’ for the administrator username
and password during the install.

If you want to keep an eye on the install
process then I would recommend a great little utility called TailForWin32.
This utility will allow you to watch the installation log files so you
can see what the installer is doing. You can also use this utility to open
the log files while WCS is running, handy for checking on any issues you
may have while the system is up.

After the installation I noticed that
WCS does NOT install as a windows service. Considering that WSE 2.5 can
be installed as a windows service so that it can be started automatically
I feel that this is a small bit of a letdown in the 2.6 version of the
product. I understand that WSE is designed for a single machine and that
WCS is designed for multiple machines but at least make this an option
during the install routine.

I’m going to attempt to point the LDAP
to my Domino server now…