Enabling expanded membership on the serverAdded by IBM on September 9, 2010 | Version 1 (Original)
|To enable the Expanded Membership Model (EMM) on the server, use the qpconfig.xml file.
To enable the Expanded Membership Model (EMM) on the server, use the qpconfig.xml file.
The effective use of groups in the LDAP directory is the best approach to handling large member access lists. If you are currently using Expanded Membership Model or would like to use it, refer to this technote
before installing or upgrading Lotus® Quickr™. The EMM feature should be considered an alternative method.
Table 1. Description of the expanded_membership_model setting in qpconfig.xml
- Open the qpconfig.xml file in the domino_data_root directory, or create the file if it does not exist already.
- Specify values in the expanded_membership_model element in the file. Values shown below are example values that you should customize to meet the needs of your environment.
Be sure to type the base_dn value using the exact character case used in the directory.
Table 1 describes these settings.
- Save the modified file.
- Enter the following command at the server console to restart the HTTP task:
|expanded_membership_model enabled=value||Type "true" to enable expanded membership or "false" to disable it. Do not type "false" if any places are set up to use expanded membership.|
|ldap_server ssl=value||Specify "true" to use SSL encryption when connecting to the LDAP directory server that will store the expanded membership groups. Otherwise, specify "false."|
|ldap_server port value||Type the port number for the LDAP directory server that will store the expanded membership groups. Typically an LDAP server uses port 389 for unencrypted connections and port 636 for SSL connections. |
|ldap_server hostname value||Type the host name of the LDAP directory server that will store the expanded membership groups. The host name can be the LDAP server that IBM® Lotus Quickr already uses, or a different one. You must specify a host name, regardless. The directory must allow write access.|
|ldap_server base_dn value||Type the base distinguished name (directory node) under which to create the groups. The base distinguished name must already exist in the directory - the server does not create it. The components of the base distinguished name do not have to be O and OU. Do not use "OU=QP" as part of the base distinguished name because that is a reserved organizational unit in Lotus Quickr. If the directory server that stores the expanded membership groups is the same one that Lotus Quickr uses for other purposes, for better performance, specify a base distinguished name for the expanded membership groups that is outside the base used for group lookups generally. For example, if the base specified for group lookups generally is OU=groups,O=acme, use a different base for the expanded membership groups, for example OU=emmgroups,O=acme. Using separate base distinguished names for the two types of groups optimizes performance by preventing unnecessary searches of the expanded membership groups during the process of user authentication.|
Note: If you use Microsoft® Active Directory, you must create a user entry in the directory that begins with CN=h_VirtualMember at the specified base_dn. For example, if you specify OU=emmGroups,DC=acme,DC=com as the base_dn, in Active Directory create the following user entry: CN=h_VirtualMember,OU=emmGroups,DC=acme,DC=com.
Parent topic: Using groups to extend membership: qd85
Next topic: Configuring the name and password to use to connect to the LDAP server: qd85