This article describes how to integrate the Socialtext wiki into Lotus Connections. It documents the steps used by the Lotus System Verification Test (SVT) team to set up and test this environment.
Quick guide for Socialtext wiki server installation
We used the SocialText Demo VMware image for our testing. For installation instructions and source file, refer to "Installing Socialtext Virtual."
1. Download the image file;
2. Start the VM;
3. Login with demo/demo;
4. DHCP setup, specify domain name and get IP address;
5. Create administrative account;
* sudo -u www-data st-admin create-user --email email@example.com --password password
* sudo -u www-data st-admin add-workspace-admin --email firstname.lastname@example.org --workspace admin
* sudo -u www-data st-admin give-system-admin --email email@example.com
5. Then try http:// yourserver.com to access SocialText wiki server.
You should use SocialText v18.104.22.168, the version for which the SocialText plug-in was developed.
Specific configuration related with Lotus Connections integration
A. Configure SocialText for LDAP
To integrate SocialText wiki into Lotus Connections, make sure the same LDAP repository is used by the two products. The integration needs the same LDAP to be used by Lotus Connections and Socialtext wiki. The LDAP supported by both the products include IBM Directory Server (IDS), Microsoft Active Directory (AD) and eDir. See the configuration guide
from Socialtext wiki website for reference.
1) Net::LDAP module installed: Run "sudo cpan -i Net::LDAP".
Select "No" for the following options to automate install module, make sure it is up-to-date;
2) Configure LDAP configuration file "ldap.yaml", find it at "/etc/socialtext/ldap.yaml". Customize the file for your LDAP server.
See the LDAP configuration options from Socialtext
Example for IBM Directory Server (IDS) LDAP configuration:
base: l=SharedLDAP,c=US,ou=Lotus,o=Software Group,DC=ibm,DC=com
3) Configure Socialtext to use the LDAP specified.
Edit configuration file "socialtext.conf" from "/etc/socialtext/socialtext.conf", Find the user_factories entry and change it to "user_factories: LDAP:[config_id];
Run "st-config user_factories "LDAP:;Default"" directly.
For example: config the file with "user_factories: LDAP:lccn37;Default" for IDS LDAP above.
4) Restart Socialtext server. Run "sudo /etc/init.d/apache-perl restart"
5) Then admin user and LDAP users can log in to Socialtext server to create workspace.
B. Configure SocialText for SSL
For security considerations, you might want to enable SSL.
1) Copy the Key and Certificate files
For test purposes, we use the existing "snakeoil" key and certificate that are present just by copying the files to the proper new names:
cp ssl-cert-snakeoil.pem [fully_qualified_hostname].crt
cp ssl-cert-snakeoil.key [fully_qualified_hostname].key
Note: Use root user to execute these cmd if demo user lacks access.
2) Enable HTTPS
$ sudo dpkg-reconfigure st-webserver
$ sudo /etc/init.d/apache-perl restart
$ sudo /etc/init.d/apache2 restart
3) Restart Socialtext server.
4) Then you can access the server via https:///.
C. Enable SSO, Configure Socialtext for LTPA for SSO
Socialtext consumes the LTPA token for user authentication.
1) st-config set challenger LTPA
2) st-config set credentials_extractors BasicAuth:LTPA:Guest
3) st-ltpa-config set shared_key bKAhJp6deTZlqNOJBWKQzn+cJsir+kz4e3fh13en4Cw=
st-ltpa-config set challenge_uri http://www.example.com/login
D. Configure proxy-config.xml
After completing the setup and configuration for your Socialtext server, make sure your proxy-config.xml on the Lotus Connections server is set to the following to allow authenticated feeds and the passing of the LTPA token for feeds:
Configure Socialtext plugin for Communities of Lotus Connections
1. Set up an authentication alias for the superuser on Deployment Manager (DM) server.
Go to WebSphere Application Server Admin console, From Security -> secure administration, applications, infrastructure, Expand Java Authentication and Authorization Service, Click on JAAS - J2C Authentication data, new an Alias. User ID and Password should be admin user for Socialtext wiki.
2. Use Connector Wizard to help perform "Configure" and "Copy SocialText Plugin Jar files (tango.socialtext.jar, JSON4J.jar) to the connector libraries install location.
Note: For a cluster, run wizard on each node.
a) Start the Wizard:
From Connector installation directory "...\install\socialtext", run setup file to start the Wizard.
b) On the wizard panel, fill the configuration info as below:
The wikiHost, wikiHostPort, wikiHostSslPort need to be updated for the Socialtext wiki server;
The usernameAttr is the LDAP attribute used as the login id for the Socialtext wiki server;
The baseUri need to be updated for the Socialtext wiki server, leave it blank if no need for “/Socialtext”;
The authentry should be alias name added at Step 1. Note the name should be “nodename/aliasname”;
The ldapHost and ldapPort are the hostname and port for the LDAP server used by the Communities server and Socialtext server.
The ldap bind user authentication alias should be alias name added at Step 1. Note: It's only required if LDAP is with authenticated binding (e.g. AD).
c) Then, fill the connector related locations info as below:
Lotus Connections install home directory - "...\WebSphere\LotusConnections".
Connector libraries install location - "...\[WAS_HOME]\profiles[PROFILE]\installedApps[CELL]\Communities.ear\tango.web.ui.war\WEB-INF\lib".
Connector configuration install location - "...\[WAS_HOME]\profiles[PROFILE_NAME]\config\cells[CELL_NAME]\LotusConnections-config".
d) Finish the wizard successfully.
3. Copy below configuration files from "...\[WAS_HOME]\profiles[PROFILE_NAME]\config\cells[CELL_NAME]\LotusConnections-config" on the primary node
to the same location for the Deployment Manager
4. From admin console, fully resynchronize nodes, then restart the cluster.
SocialText wiki integration in Lotus Connections configuration is complete. You can associate a Socialtext wiki with a community when start a Community.
NOTE: All customer environments are different. Our results were obtained in a controlled test environment. Customer environments are typically less optimal and may not provide the same results. Understanding your environment (usage scenario, network, etc...) is crucial before recommending scaling numbers, hardware and solutions.
Content authored by the Lotus SVT team and posted on their behalf