« Intelligent Design --- not for the Vatican |
Four ballons and three candles! »
A client of mine wants to run DominoDAV.
So they decided to take advantage of their Websphere
entitlement for Domino. Since
the entitlement doesn't state a version we decided to give Websphere 6
a shot. Having struggled with Domino Websphere integration before (Portal
4 is a beast) I told the best of my wifes I won't be back for dinner. Actually
I wasn't. I was in time to pick up the kids from Kindergarten (which closes
as 5:30pm). Installation runs like a piece of cake. The installer for the
plug-in lists Domino 6.x in the menu and does everything. Authenticating
against the Domino LDAP, LTPA single sign on worked on the first try. The
instructions given in the
IBM security Redbook for Websphere 5
are still valid and quite helpful, while the Domino integration part is
missing from the Websphere
6 security handbook. Of course
you need a big box for satisfying result. I hit only two bumps on the road,
the first one due to my disbelieve it could be easy: We tried the snoop
servlet myserver:9080/snoop and it worked. Then I spend 20 minutes trying
to figure out under which URL the servlet would be available on the Domino
port. There seemed to be no configuration so myserver/servlets/snoop didn't
work. Finally I tried myserver/snoop and TADA... works as designed. So
the DSAPI filter for Websphere uses the Websphere application configuration
to redirect URLs from Domino, nicely done!
The second bump: When you link the Websphere
to Domino's LDAP you specify the name base (like o=myorg -> /O=MyOrg
) which is added to all lookups. While this works fine for the users it
seems not to work for groups (which by default are flat). I also wonder
how it would work if you have more than one org in your Domain. Seems I
need to brush up my LDAP skills a bit.
Now I'm itching to try that on Linux
with a Domino 7.0 server.
This site is in no way affiliated, endorsed, sanctioned, supported, nor enlightened by Lotus Software nor IBM Corporation. I may be an employee, but the opinions, theories, facts, etc. presented here are my own and are in now way given in any official capacity. In short, these are my words and this is my site, not IBM's - and don't even begin to think otherwise. (Disclaimer shamelessly plugged from Rocky Oliver)
© 2003 - 2013 Stephan H. Wissel - some rights reserved as listed here:
Unless otherwise labeled by its originating author, the content found on this site is made available under the terms of an Attribution/NonCommercial/ShareAlike Creative Commons License, with the exception that no rights are granted -- since they are not mine to grant -- in any logo, graphic design, trademarks or trade names of any type. Code samples and code downloads on this site are, unless otherwise labeled, made available under an Apache 2.0 license. Other license models are available on written request and written confirmation.