Name | Description | Default |
---|---|---|
mappedServers | This property is used to map the WAR modules to the target servers (WAS servers + IHS webservers). The value is a concatenation of server strings. If ICXT should be installed into a cluster the string looks as follows WebSphere:cell=connectionsCell,node=HTTPNode,server=webserver1+WebSphere:cell=connectionsCell,cluster=ICXTCluster. This value assumes that the cell name is connectionsCell, and the node name of the Webserver is HTTPNode. These values must be adjusted according the target cell names. If ICXT should be installed to a single server the String might looks as follows WebSphere:cell=connectionsCell,node=HTTPNode,server=webserver1+WebSphere:cell=connectionsCell,node=connectionsNode,server=connectionsNode_ICXTServer1 | NO VALUE SET PER DEFAULT |
jarMappedServers | This property is used to map the EJB modules to the target servers (WAS servers). The value is a concatenation of server strings. If ICXT should be installed into a cluster the string looks as follows WebSphere:cell=connectionsCell,cluster=ICXTCluster. This value assumes that the cell name is connectionsCell, the node name of the Webserver is HTTPNode and the node name of the ICXTServer is connectionsNode. These values must be adjusted according the names in the target cell. If ICXT should be installed to a single server (e.g. ICXTServer) the String might looks as follows WebSphere:cell=connectionsCell,node=connectionsNode,server=connectionsNode_ICXTServer | NO VALUE SET PER DEFAULT |
Name | Description | Default |
---|---|---|
ic360.configpath | The file system directory that will be used for storing ICXT configuration items | /tmp |
ic360.samlconfig.path | The file system directory that will be used for storing ICXT SAML configuration information. If not set, the default config path is located here: <ic360.configpath>/saml/ | EMPTY STRING |
ic360.audit.enabled | Specify whether auditing should be enabled. The audit log contains all user interactions with ICXT (Who did what?). | true |
ic360.audit.log | Specifies the location of the audit log. The compliance log contains all user interactions with ICXT (Who did what?). If not set, the default log file is located here: <ic360.configpath>/icxt_audit.log | NO VALUE SET PER DEFAULT |
ic360.feature.enabled.sqlviewer | This property defines whether the SQLViewer should be activated, or not. The SQLViewer is a lightweight SQL client for executing select statements towards the Connections databases. It should only be activated in development environments | false |
ic360.ic.runas.enabled | Specifies whether ICXT should use the built-in X-LConn-RunAs impersonation mode of Connections. This value must be changed for IC5.5– to false | true |
ic360.languages | Specifies the languages that can be used within ICXT. The first language in the comma-separated list marks the default language. If the browser language cannot not be mapped to one of the languages from the list, the default language will be used instead | en,de |
ic360.logout.uri | The logout URI that will be opened if the user clicks the logout button within the ICXT UI | /profiles/ibm_security_logout |
ic360.mode | Defines a special mode. Proper values are: migration, cloud or cloud+migration | NO VALUE SET PER DEFAULT |
icxt.scheduler.enabled | Specify whether ICXT should be use a scheduling engine. Some features (e.g: scheduled backups) won’t work, if this property is set to false | true |
icxt.scheduler.userstore.cron | Specify the schedule calendar of the ICXT UserStore | 0 30 */6 * * * |
icxt.scheduler.userstore.enabled | Specify whether the ICXT user store should be updated on a regular basis (every 6 hours). The UserStore is a file-based representation of the Profiles base and eases migrations the management of cloud tenants, as it allows to map a user with old or outdated identifiers (e.g. an old mail address) | false |
icxt.scheduler.userstore.onlysyncifmodified | Specify if only users that were updated in the profiles DB or BSS API should be stored in the user store | true |
icxt.scheduler.contentstore.cron | Specify the schedule calendar of the ICXT ContentStore job | 0 10 */6 * * * |
icxt.scheduler.contentstore.enabled | Specify whether to activate the ContentStore | false |
icxt.scheduler.tmpcleanup.cron | Specify the schedule calendar of the ICXT temporary files job | 0 0 23 * * * |
icxt.scheduler.tmpcleanup.enabled | Specify whether ICXT temporary files should be cleaned up on a regular basis (every day 11pm) | true |
icxt.scheduler.uuidmappingcleanup.cron | Specify the schedule calendar of the UUID mappings cleanup job | 0 15 0 * * * |
icxt.scheduler.uuidmappingcleanup.enabled | Specify whether UUID mappings that are stored in the ESSAPPS database should be cleaned up on a regular basis (every day 1am) | true |
icxt.scheduler.uuidmappingcleanup.retentionInDays | Specify the number of days for keeping a UUID mapping in the database | 14 |
ic360.security.bypass | If the is property is set to true all ICXT functions can be accessed by users that are assigned to the security role ic360. It should only be activated for migration purposes. | false |
ic360.security.loginform.redirect | Defines whether ICXT should utilize an external application for authentication purposes. If this value is set, the ICXT login form won’t be shown. | NO VALUE SET PER DEFAULT |
wsadmin.type | The connection type for accessing the WebSphere AdminClient | SOAP |
wsadmin.host | The DeploymentManager hostname. This value must be changed, if ICXT is installed in a clustered installation or the DeploymentManager is not located on the same node as the ICXT server | localhost |
wsadmin.port | The DeploymentManagers SOAP port. | 8879 |
wsadmin.j2calias | The name of the J2C alias that stores the Connections Admin credentials. | connectionsAdmin |
wsadmin.com.ibm.SOAP.requestTimeout | The timeout for each AdminClient operation. | 0 |
http.keyStore.path | The keystore file that should be used for all secured interservice calls. If not specified a “trusting all”-store will be used | EMPTY STRING |
http.keyStore.type | The type of the keystore file. | PKCS12 |
http.keyStore.password | The keystore password. | WebAS |
http.protocol | The protocol to use for interservice calls. | https |
http.hostname | The hostname to use for interservice calls. Set the Connections hostname that is configured in the LotusConnections-config.xml | NO VALUE SET PER DEFAULT |
http.hostname.ic360 | The hostname to use for if the Connections URL differs from the ICXT URL (e.g.: in case of cloud mode) | localhost |
http.port | The port to use for interservice calls. | 443 |
http.conn.compression | Specifies whether all REST calls should allow to receive GZIP compressed responses. | gzip |
http.conn.max | The number of maximum parallel connections. | 100 |
http.conn.max.perhost | The number of maximum parallel connections per host. | 100 |
http.conn.socket.timeout | The socket timeout for all interservice calls. | 1200000 |
http.conn.timeout | The connection timeout for all interservice calls. | 1200000 |
http.auth.admin.type | The authentication type for all interservice calls of the administrative user. Proper values are FORM, BASIC, TAI and SAML | BASIC |
http.auth.admin.user | The user that should be used for all interservice calls. Choose the Connections admin*! | NO VALUE SET PER DEFAULT |
http.auth.admin.password | The user password. Choose the Connections admin password! | NO VALUE SET PER DEFAULT |
http.auth.admin.uri | The uri that should be used for authenticate the administrative user | /ic360/ui/auth-internal |
http.auth.impersonateAdminOnly | Defines whether any user impersonation attempt should be made with the admin user instead. This can be used in case there’s only one user that can be leveraged on the system due to limitation in impersonation configuration options. Set to true to enable. | EMPTY STRING |
http.auth.impersonation.type | The authentication type for all interservice calls that needs an impersonation. If a cloud should be addressed, this value must be set to SAML. Proper values are FORM, BASIC, TAI and SAML | TAI |
http.auth.impersonation.password | The password that should be used for all impersonations | EMPTY STRING |
http.auth.impersonation.uri | The uri that should be used for authenticate the impersonated user. | /ic360/ui/auth-internal |
http.auth.impersonation.cache | Specify whether the impersonation cookies should be cached or not. In case of expensive login attempts (e.g. ICC), this setting should be set to true. The cache TTL is set to 10 minutes. | false |
http.auth.impersonation.field | Specifies the profile field that should be used as login attribute. Allowed values are: uid or mail | uid |
http.auth.impersonation.allowInactive | Specifies whether inactive profiles should be allowed to impersonate themselves. Enabling this may have adverse effects in content restore scenarios. | false |
http.spnego.avoid | If this flag is set to true, the URL parameter noSPNEGO will be appended to all TAI impersonation requests | false |
http.systemproxy.enabled | If set to true, the internal HTTP client will obtain the proxy settings of the JVM | false |
http.error.403.lenient | If set to true, the ICXT will retry POST and PUT operations by using the administrative user, if the HTTP status 403 was received | true |
datasource.jndi.blogs | The JNDI name of the Blogs datasource. This value must be changed for IC5.0– to jdbc/rollerdb | jdbc/blogs |
datasource.jndi.profiles | The JNDI name of the Profiles datasource. | jdbc/profiles |
datasource.jndi.communities | The JNDI name of the Communities datasource. | jdbc/sncomm |
datasource.jndi.activities | The JNDI name of the Activities datasource. | jdbc/activities |
datasource.jndi.dogear | The JNDI name of the Dogear datasource. | jdbc/dogear |
datasource.jndi.files | The JNDI name of the Files datasource. | jdbc/files |
datasource.jndi.forum | The JNDI name of the Forum datasource. This value must be changed for IC5.0– to jdbc/forum | jdbc/forums |
datasource.jndi.homepage | The JNDI name of the Homepage datasource. | jdbc/homepage |
datasource.jndi.metrics | The JNDI name of the Metrics datasource. | jdbc/metrics |
datasource.jndi.wikis | The JNDI name of the Wikis datasource. | jdbc/wikis |
cookie.lclang | The Name of the HCL Connections cookie lcLang in this environment | lcLang |
icxt.runtime.persistence | The persistence type ICXT uses to store configuration data. Allowed values are sqlite (only for development purposes), rdbms (requires DB creation) | rdbms |
icxt.runtime.persistence.db.jndi | [In case a database is used] - specifies its host address / FQDN | jdbc/essapps |
icxt.runtime.persistence.db.schema | [In case a database is used] - specifies the schema or the ICXT database port | ESSAPPS |
icxt.runtime.persistence.db.tableprefix | specifies the table prefix that should be used | ICXT_ |
icxt.login.oauth2.callbackUri | [In case of ICC] - specifies the OAuth2 CallbackURI configured in the ICXT App registration | EMPTY STRING |
icxt.login.oauth2.clientId | [In case of ICC] - specifies the OAuth2 ClientID configured in the ICXT App registration | EMPTY STRING |
icxt.login.oauth2.internal.clientSecret | [In case of ICC] - specifies the OAuth2 ClientSecret configured in the ICXT App registration | EMPTY STRING |
icxt.acl.enabled | Defines whether ICXT access roles can be leveraged within the environment. If this is set to false, ICXT will only allow access to features based on the access rights the user has on the HCL Connections content they are interacting with. Many feature will be unavailable with this as they aren’t exactly related to specific HCL Connections content. | true |
icxt.cache.userRoles.ttl | Defines the time to life (in seconds) for cached user roles. The roles are calculated once and then stored for this timeframe. Reducing the cache duration improves the time it takes for role updates to take affect (that are not done directly in ICXT, e.g. LDAP group updates). | 86400 |
ic.apps.context.mapping | Allows to define mappings of default Connections contexts to adjusted ones so that ICXT will call correct Connections endpoints internally. This expects a comma seperated list of key=value pairs for default to adjusted contexts, e.g. /forums=/cnx8/forums,/wikis=/cnx8/wikis and so on. | NO VALUE SET PER DEFAULT |
Note: Assign a user with a valid profile within the HCL Connections environment
Name | Description | Default |
---|---|---|
ldap.url | The LDAP URl that should be used for lookups | ldap://localhost:389 |
ldap.user | The ldapbind user. | admin |
ldap.password | The ldapbind password. | admin |
ldap.use.ssl | Specify whether the LDAP connection should be secured. | false |
ldap.baseDN | The base distinguished name that should be used for lookups . | EMPTY STRING |
ldap.service.className | The class name of the ldap service that should be used. This class can be overridden or extended. Ask your ICXT contact for further information | com.ibm.ess.ic.ic360.ldap.DefaultLdapService |
ldap.field.uid | The ldap field that should be used as PROF_UID. See the TDI map_dbrepos_from_source.properties file | NO VALUE SET PER DEFAULT |
ldap.field.login | The ldap field that should be used as PROF_LOGIN. See the TDI map_dbrepos_from_source.properties file. If this field is not used, set the value to null | NO VALUE SET PER DEFAULT |
ldap.field.guid | The ldap field that should be used as PROF_GUID. See the TDI map_dbrepos_from_source.properties file | NO VALUE SET PER DEFAULT |
ldap.field.displayName | The ldap field that should be used as PROF_DISPLAY_NAME. See the TDI map_dbrepos_from_source.properties file | NO VALUE SET PER DEFAULT |
ldap.field.dn | The ldap field that should be used as PROF_SOURCE_UID. See the TDI map_dbrepos_from_source.properties file | NO VALUE SET PER DEFAULT |
ldap.field.mail | The ldap field that should be used as PROF_MAIL. See the TDI map_dbrepos_from_source.properties file | NO VALUE SET PER DEFAULT |
ic360.feature.profiles.cleanup.className | The class name of thath should be used for performing profiles cleanup tasks. This class can be overridden or extended. Ask your ICXT contact for further information | default |
java.naming.referral | The value of this property is a string that specifies how referrals shall be handled by the LDAP service provider. Possible values: follow, throw, ignore | follow |
Following table lists default and well-known field mappings between LDAP and Connections:
Property | Domino Directory | IBM Directory Service (formerly known as TDS) | MS ActiveDirectory | OpenLDAP |
---|---|---|---|---|
ldap.field.displayName | cn | cn | displayName | cn |
ldap.field.dn | $dn | dn | distinguishedName | $dn |
ldap.field.guid | dominoUNID | ibm-entryUuid | |B|objectGUID | entryUUID |
ldap.field.mail | ||||
ldap.field.uid | uid | uid | sAMAccountName | uid |
Note: If a field was mapped to a binary LDAP field, use the prefix |B|, e.g. the binary field objectGUID (e.g. ActiveDirectory) should be declared as |B|objectGUID
Name | Description | Default |
---|---|---|
persistence.exportfolder | Specifies the folder where all exports should be stored in. | /tmp/ |
persistence.migrationfolder | Specifies the folder where all exports should be stored in. | /tmp/ic360_migration |
ic360.feature.backupstore.alternate.user | Due to the fact that the administrative user is not allowed to act as a normal user, this user should be used as stand-in for unresolvable content creators. | NO VALUE SET PER DEFAULT |
ic360.feature.backupstore.crossrefresolution.skipfilesthatmatchprefix | Specifies a comma-separated list of file prefixes that should be excluded while updating resolved UUIDs during a migration. In large environments it is suitable to skipp Wikipage version files pv_ | NO VALUE SET PER DEFAULT |
ic360.feature.backupstore.exportccm | Enables/Disables export of CCM Libraries for Community Backup. Expects true or false | false |
ic360.feature.backupstore.exportmetaonly | Specifies whether a content export should contain only the meta data files (no images, attachments, or binaries). Setting this option to true allows to gather information on the time it needs to backup things. Additionally, it is useful for preparing migrations, as migration groups can be created up-front. for all other use cases of ICXT, this option should be set to false | false |
ic360.feature.backupstore.maxfilehistory | Specifies the number of file versions that will be downloaded and exported. If this value is 0 or below, all file versions will be downloaded and exported | 0 |
ic360.feature.backupstore.maxversions | Specifies the number of versions that will be kept in the backupstore per item. If this value is 0 or below, the backupstore will keep an unlimited number of versions | 10 |
ic360.feature.backupstore.maxwikipagehistory | Specifies the number of wikipage versions that will be downloaded and exported. If this value is 0 or below, all wikipage versions will be downloaded and exported | 0 |
ic360.feature.backupstore.multipleversions | Specifies whether a content export can have multiple versions, or if each export overrides the existing export. In case of a migration this property should be set to false | true |
ic360.feature.backupstore.scheduler.trashcleanup.enabled | Specifies whether the cleanup task for emptying the trash should be executed or not. | false |
ic360.feature.backupstore.scheduler.onlyexportifmodified | If set to true, the scheduler will evaluate the last modified timestamp of the container that should be exported and compare it with the value, of the last export. The scheduled export will be skipped if the item has not been changed | true |
ic360.feature.backupstore.softdeletion | If set to true, deleted containers in the backupstore are moved to the trash. This setting could be activated for performance reasons, as the move operation would not result in a heavy IO operation on the NAS | false |
ic360.feature.backupstore.community.members.chunksize | Defines the amount of members that should be processed in one single request. Tweak this parameter to adjust performance during member processing tasks | 50 |
ic360.feature.backupstore.community.catalog.recreate | Defines whether the Communities catalog should be recreated after restoring a Community. Setting this value to false will result in Communities not immediately showing up within the Communities view. | true |
ic360.feature.backupstore.apps-blacklist | Specifies HCL Connections applications that should be ignored during ICXT processing. This also excludes Community Widget processing matched on the WidgetDefId. | EMPTY STRING |
Note - most properties from the Module Backupstore also apply for this module.
Name | Description | Default |
---|---|---|
community.template.admin.user | Specifies the (technical) user that all content of of templated Communities should be created as. | The user configured via http.auth.admin.user |
persistence.templatefolder | Specifies the folder that should store the Community templates | EMPTY STRING |
community.template.bootstrapPrivately | Defines whether a Community should be created as private in order to hide away events and notifications generated during template based generation. Note This requires the creation of private Communities to be generally allowed. | true |
Name | Description | Default |
---|---|---|
wkhtmltopdf.command.exec | Specifies binary executable that should be invoked for pdf exports (e.g.: /mnt/my_shared_fs/icxt/pdf/wkhtmltox/bin/wkhtmltopdf) | wkhtmltopdf |
wkhtmltopdf.parallel.processing.limit | Number of wkhtmltopdf commands that can be executed simultaneously. A larger number results in additional throughput (concurrent sessions), but will require more CPU load | 6 |
wkhtmltopdf.command.options | Specifies additional options (as comma-separated key=value pairs) that should be used as wkhtmltopdf arguments | EMPTY STRING |
pdf.user.uid | The user uid that is used to request profile pictures .If not set http.auth.admin.user will be used. | NO VALUE SET PER DEFAULT |
pdf.user.password | The user password that is used to request profile pictures .If not set http.auth.admin.password will be used. | NO VALUE SET PER DEFAULT |
ic360.pdfexport.template.showDefault | Defines whether a (basic) default PDF Template should be available in the PDF Export dialog, or whether a defined template should be used as default. Use true to add a default template, false to not add one, or use a template label to make this template the default. | true |
ic360.pdfexport.previewMode.selected | Defines whether the preview mode is active by default in the PDF Export dialog. Disabling this will lead to increased load on the system as well as longer rendering times for the documents. | true |
icxt.pdfexport.backup.meta.fields | The fields that will be rendered into pdf content for all backup pdf exports. A comma seperated list of values. Default contains all values. | author,created,summary,tags,title,titlePage,updated |
icxt.pdfexport.access.requiredrole | Specifies the required access role a user must suffice in order to leverage the PDF Export feature. Valid roles are PDFExport+ItemViewer, PDFExport+ItemEditor and PDFExport+ItemOwner. The roles are calculated based on the HCL Connections content the user wants to execute PDFExport functionality for. | PDFExport+ItemEditor |
ic360.pdfexport.dir | Defines the file system folder where rendered PDFs should be stored. This includes both temporary PDFs and finalized ones. | /tmp |
ic360.pdfexport.performance.thresholdLimit | The number of entries/pages to consider for including headers and footers in the generated PDF. A large number impacts performance as it consumes more resources. Pages selected beyond this limit will extend processing times and result in a simplified output. | 500 |
ic360.pdfexport.maxEntriesSupported | The maximum number of entries/pages supported for PDF export. Selecting more than this may impact performance and lead to longer processing times. | 10000 |
Name | Description | Default |
---|---|---|
icxt.fixurl.wikis.read.share | Determines whether wiki page content should be scanned for the search pattern, which is the default behavior. Since wiki page and rich text content is persistent on the CNX file share, this may result to long runtimes due to IO delays. In this case, this property can be set to false to return all pages without verifying them. This means there are more page checks happening during the update/replace step, however this will not apply changes for false positives. | true |
Name | Description | Default |
---|---|---|
ic360.qdoc.technical.user.uid | Specifies the technical user* (by uid) that should be used for managing Workflow Activities. This user has to be added to the Community marked for QDoc. | NO VALUE SET PER DEFAULT |
ic360.qdoc.workflowactivity.name | The Suffix for the Workflow Activity Name. This will be added to the Document Name that is in the workflow process. | Workflow Activity |
ic360.qdoc.auditactivity.name | The identifier with which Audit Activities will be matched in a QDoc Community. Audit Activities always need to include the configured Id in their name. | Audit |
ic360.qdoc.workflowactivity.assignedTo.enabled | If set, it will add To-Dos for users added in a Workflow to the Workflow Activity. If the user is not already in the QDoc-Community, he will also be added to the Community for this | false |
ic360.qdoc.workflowactivity.todo.id | A prefix used for the title of every To-Do generated in the Workflow Activities | EMPTY STRING |
ic360.qdoc.template.showDefault | Defines whether a (basic) default Document Template should be available in the QDoc Document creation wizard | true |
Note: Assign a user with a valid profile within the HCL Connections environment
Name | Description | Default |
---|---|---|
ic360.enhancedwikis.technical.user.uid | Specifies the technical user* (by uid) that should be used for creating/managing content. | NO VALUE SET PER DEFAULT |
ic360.enhancedwikis.features | Specifies the features that should be allowed in the wiki enhancement step. Currently only templating is supported | templating |
Note: Assign a user with a valid profile within the HCL Connections environment