Getting started with IBM Lotus Quickr 8.5.1 for Domino

Before you begin

Before getting started, you should review the Lotus Quickr 8.5.1 for Domino documentation and the IBM Support Techdoc #7009740, "IBM Lotus Quickr detailed system requirements," to ensure you have all the installation media and that the prerequisites are satisfied.

Installation

This article outlines the steps for installing IBM® Lotus® Quickr® 8.5.1 for Domino® on Microsoft® Windows. For additional details and installation steps on other operating systems, review the product documentation topic, "Installing and upgrading."

Here, Lotus Quickr 8.5.1 is installed on a Domino 8.5.1 FP5 Windows server using a graphical interface wizard.

Procedure

1. Stop the Domino server by typing "quit" in the server console.
2. Stop any other Windows applications that are running.
3. Stop any other Web applications that listen on TCP/IP port 80.
4. Navigate to the directory that contains the installation kit, either on a network location or a physical media such as CD or DVD.
• NOTE: If using a Webkit downloaded from Passport Advantage, first run the self-extracting executable and specify a directory to extract the installation kit to.
5. Open the server directory and double-click the setup.exe file.
6. In the Software Licence Agreement window, click Accept.
7. In the Welcome window, click Next.
8. In the Choose Destination Location window, select the directory that stores the Lotus Domino program files and click Next.
9. In the Start Copying Files window, review the directory path names that are displayed and, if they are correct, click Next to begin the installation.
10. After the installation completes, the Quickr Server Configuration window automatically opens. Click Next.
11. In the Specify name and password window, type the user name and password to create an account for the Lotus Quickr server administrator. Verify the password, and specify the name for a new, local administrator unique to Lotus Quickr.
• IMPORTANT: Do not specify the name of the Domino server administrator or any other name from a user directory that Lotus Quickr will use, as this may cause issues later on. This local account will be used for initial configuration or, as a backup administrative account, if the user directory becomes unavailable. A typical account name to use here is "qpadmin."
12. In the Congratulations window, click Finish.
13. Start Domino and look for the server console notification indicating that Lotus Quickr is running:
• HTTP Server:Lotus Quickr Services loaded successfully. Release: 8.5.1.0 Build: QRD8.5.1_20101110.1609 On Domino: Build V851FP5_09292010
14. Open the Domino Administrator client and access the Server Configuration document and put it in Edit mode.
15. Select Internet Protocols --- Domino Web Engine tab, and in the Java Servlets section, change the Java servlet support field to "Domino Servlet Manager"; Save & Close the document.
16. Restart HTTP, using the server console command "restart task http".
17. Verify that you can access Lotus Quickr through a Web browser by accessing

Upgrading to the latest Fixpack

Between major releases, updates to Lotus Quickr 8.5.1 for Domino are released by IBM Support in the form of Fixpacks. It is recommended to run the latest Fixpack, to take advantage of the newest features and fixes from Lotus Quickr Development. Fixpacks are available from the IBM Support Portal Fix Central site and are installed by use of a graphical installer on Windows.

Accessing the latest Fixpack

1. Navigate to Fix Central through your Web browser.
2. For the Product Group, select Lotus; from Lotus, select Lotus Quickr for Domino; for Installed Version, select 8.5.1; for Platform, select Windows (or other appropriate platform); click Continue.
3. In the Identify Fixes page, select "Browse for fixes" and click Continue.
4. Select the latest Fixpack and click Continue; you will be prompted to sign in with your IBM ID.
5. Download the .jar file and the .doc file. The .zip file is used for manual installation and is not needed for a Windows installation.

Installing the Fixpack

1. Review the .doc file downloaded from Fix Central; this contains the detailed Fixpack installation instructions and additional information about the fixes packaged in the Fixpack.
2. Stop the Domino server.
3. Copy the .jar installation file you downloaded from Fix Central into the Domino\jvm\lib\ext directory.
4. Double-click the .jar installation file to run the installer.
5. In the Fixpack Installer dialog, confirm that the displayed Notes.ini path is the correct Domino installation, and click Yes.
6. Once the installation has completed, you will be prompted to view the Readme file; you can choose No, as this is the same document as downloaded from Fix Central and reviewed in Step 1.
7. Start Lotus Domino and look for the server console notification indicating that Lotus Quickr is running, and note that the Release line now indicates the appropriate Fixpack level.
8. Issue the following commands on the server console:
• load qptool upgrade -f -server
• load qptool upgrade -f -a

Configuring Multi-server Single Sign-On authentication

It is recommended to configure Mult-Server Single Sign-On (MSSO) on the Quickr server, even if used in a single-server environment. Single-server Single Sign-On is not supported with Lotus Quickr for Domino.

Creating the Web SSO Configuration document and LTPA Token

1. Open the Server Configuration document in Edit mode.
2. Click the Create Web button and choose SSO Configuration.
3. Click the Keys button and choose Create Domino SSO Key.
4. The Configuration Name must be LtpaToken. Do not change this value.
5. Enter the DNS Domain for which the token will be generated.
6. Under Participating Servers, select the Domino Server Names that will participate SSO; at minimum, select the Quickr server.
7. Click Save & Close to save the document.
8. Back in the Server Configuration document, select Internet Protocols --- Domino Web Engine tab.
9. Under the HTTP Sessions section, change the Session authentication field to "Multiple Servers (SSO)", and the Web SSO Configuration field to "LtpaToken".
10. Click Save & Close to save the document.

Creating the Web Server Configuration database

1. In the Domino Administrator client, select File --- Application --- New.
2. Next to Server, choose the server that runs Lotus Quickr, and next to Title, enter a descriptive name such as Web Server Configuration.
3. Next to File name, type "domcfg.nsf". You must use this file name.
4. Next to Server in the middle of the dialog box, select any server.
5. Click Show advanced templates, and next to Template, select Domino Web Server Configuration (domcfg5.ntf); click OK.

Configuring the Lotus Quickr HTML Log-in form

1. In the newly created Web Server Configuration database, click Add Mapping.
2. Change the Target Database field to "LotusQuickr/resources.nsf", and change the Target Form field to "QuickPlaceLoginForm"
3. Click Save & Close to close the document, and close the Web Server Configuration database.
4. Restart HTTP on the Domino server console.
5. Open a Web browser and navigate to the Quickr server.
6. Click Log In and confirm you now see the Lotus Quickr HTML Log In page instead of a pop-up dialog, and confirm you can log in with the qpadmin account.

For additional information on Web SSO Configuration and the Web Server Configuration database, refer to the product documentation topic, "Configuring multi-server single sign-on authentication on Windows."

Configuring an external user directory

In addition to maintaining a use base local to individual places, Lotus Quickr 8.5.1 for Domino can manage external user directories, including Domino Directories natively and both Domino and third-party LDAP directories. Configuring your Quickr server to manage an external directory allows you to leverage a centralized user base, rather than registering local members in individual places, and integrate with other Lotus products more easily.

Configuring Domino Native authentication

1. Log in to the Quickr server with the local Quickr administrator account (qpadmin).
2. Click the Site Administration link in the lower left-hand corner, under the title Lotus Quickr.
3. In the left-hand table of contents, click User Directory.
4. Click Change Directory and from the Type menu, choose Domino Server.
5. Select one of the following options:
• To allow place managers to create local members, click "Allow managers to create new users in each place".
• To prevent place managers from creating local members and require them to select members from a user directory, click "Disallow new users (recommended)"..
6. Click Next. Make sure to compete this step so your changes take effect.
7. Confirm the settings are correct, and that the response says OK and confirms your new users choice.

For additional information on Domino Native authentication, refer to the product documentation topic, "Connecting to the Lotus Domino directory using Domino Native Authentication (non-LDAP)".

Configuring LDAP Authentication

1. Make sure the LDAP directory server is running, and log in to the Lotus Quickr server as an administrator.
2. Select Site Administration --- User Directory --- Change Directory.
3. In the Type list, select "LDAP Server".
4. In the Name field, type the fully qualified host name of the LDAP server, for example, "ldap.acme.com".
5. In the Port number field, type the port number that the LDAP server uses to communicate with other servers. The default is 389, the port typically used.
6. If a user name and password are required to access directory information on the LDAP server, perform the following steps:
1. Click Check to use credentials specified below when searching the directory.
2. Type the user name, an LDAP distinguished name, for example cn=admin,o=acme.
3. Type the password. NOTE: If the password has an expiration date, make a note of it, because you will need to update this field with a new password then.

7. Select one of the following options:

• To allow place managers to create local members, select "Allow managers to create new users in each place".
• To prevent place managers from creating local members and require them to select members from a user directory, click "Disallow new users (recommended)".

8. Click Next. Make sure to compete this step so your changes take effect.
9. Confirm the settings are correct, and that the response says OK and confirms your new users choice.

For information on the additional optional parameters in the LDAP configuration, or for information on customizing control of directory services, refer to the product documentation topic, "Connecting to an LDAP server - Allowing Lotus Quickr to control directory services".

Specifying additional Administrators

Once you have configured your Lotus Quickr server to manage an external user directory, you can choose users from the external directory to elevate to Administrator rights on the Quickr server.

Site administration

1. Log in to the Quickr server as an administrator, and select Site Administration --- Security.
2. In the "Who can administer this server" section, click Add, and then click Directory.
3. Enter a user name from the directory and click Search, or click a letter to browse to the directory by name.
4. Select the user(s) you wish to add as Administrators and click Add.
5. Click Close, and click Next.
6. Log out of Lotus Quickr and log in as one of the users newly assigned to administrative access. Confirm access to the Site Administration section.

Super User

Even as an Administrator, a user must have explicit access to a place via the Place Membership page, in order to see a place in the My Places page and access the place. To provide visibility and access to all places globally, you can enable a user or a group Super User access to the Quickr site:

1. Access the Domino data directory at the server OS level, and create a file named "qpconfig.xml".
2. Enter the sample XML code in listing 1 into the file, changing the value in the tags to the distinguished name (DN) of the user or group you wish to grant Super User rights.
• NOTE: For Domino Native authentication, enter the DN with slashes, for example, cn=Quickr Admin/o=ibm For LDAP, use commas, per the sample code in listing 1.
3. Save and close the qpconfig.xml file.
4. Restart HTTP on the Quickr server.

Listing 1. Sample XML code


For additional Security topics, refer to the product documentation topic, "Configuring security (advanced)".

Conclusion

At this point, the Quickr server is up and running, and configured for a user directory and administration. For additional topics see the Lotus Quickr 8.5.1 for Domino Documentation or search the Lotus Quickr Wiki.

About the author

Chris Magnell has been an IBM Support Engineer since 2006, focusing on various Lotus Software products such as Lotus Notes, Lotus iNotes, and Lotus Quickr for Domino. Chris is currently a Support Engineer with the Lotus Quickr for Domino Team. You can reach him at camagnel@us.ibm.com.