Configuration parameters

AutoDeploy parameters

Name Description Default
mappedServers This property is used to map the WAR modules to the target servers (WAS servers + IHS webservers). The value is a concatenation of server strings. If ICXT should be installed into a cluster the string looks as follows WebSphere:cell=connectionsCell,node=HTTPNode,server=webserver1+WebSphere:cell=connectionsCell,cluster=ICXTCluster. This value assumes that the cell name is connectionsCell, and the node name of the Webserver is HTTPNode. These values must be adjusted according the target cell names. If ICXT should be installed to a single server the String might looks as follows WebSphere:cell=connectionsCell,node=HTTPNode,server=webserver1+WebSphere:cell=connectionsCell,node=connectionsNode,server=connectionsNode_ICXTServer1 NO VALUE SET PER DEFAULT
jarMappedServers This property is used to map the EJB modules to the target servers (WAS servers). The value is a concatenation of server strings. If ICXT should be installed into a cluster the string looks as follows WebSphere:cell=connectionsCell,cluster=ICXTCluster. This value assumes that the cell name is connectionsCell, the node name of the Webserver is HTTPNode and the node name of the ICXTServer is connectionsNode. These values must be adjusted according the names in the target cell. If ICXT should be installed to a single server (e.g. ICXTServer) the String might looks as follows WebSphere:cell=connectionsCell,node=connectionsNode,server=connectionsNode_ICXTServer NO VALUE SET PER DEFAULT

Core parameters

Name Description Default
ic360.configpath The file system directory that will be used for storing ICXT configuration items /tmp
ic360.samlconfig.path The file system directory that will be used for storing ICXT SAML configuration information. If not set, the default config path is located here: <ic360.configpath>/saml/ EMPTY STRING
ic360.audit.enabled Specify whether auditing should be enabled. The audit log contains all user interactions with ICXT (Who did what?). true
ic360.audit.log Specifies the location of the audit log. The compliance log contains all user interactions with ICXT (Who did what?). If not set, the default log file is located here: <ic360.configpath>/icxt_audit.log NO VALUE SET PER DEFAULT
ic360.feature.enabled.sqlviewer This property defines whether the SQLViewer should be activated, or not. The SQLViewer is a lightweight SQL client for executing select statements towards the Connections databases. It should only be activated in development environments false
ic360.ic.runas.enabled Specifies whether ICXT should use the built-in X-LConn-RunAs impersonation mode of Connections. This value must be changed for IC5.5– to false true
ic360.languages Specifies the languages that can be used within ICXT. The first language in the comma-separated list marks the default language. If the browser language cannot not be mapped to one of the languages from the list, the default language will be used instead en,de
ic360.logout.uri The logout URI that will be opened if the user clicks the logout button within the ICXT UI /profiles/ibm_security_logout
ic360.mode Defines a special mode. Proper values are: migration, cloud or cloud+migration NO VALUE SET PER DEFAULT
icxt.scheduler.enabled Specify whether ICXT should be use a scheduling engine. Some features (e.g: scheduled backups) won’t work, if this property is set to false true
icxt.scheduler.userstore.cron Specify the schedule calendar of the ICXT UserStore 0 30 */6 * * *
icxt.scheduler.userstore.enabled Specify whether the ICXT user store should be updated on a regular basis (every 6 hours). The UserStore is a file-based representation of the Profiles base and eases migrations the management of cloud tenants, as it allows to map a user with old or outdated identifiers (e.g. an old mail address) false
icxt.scheduler.userstore.onlysyncifmodified Specify if only users that were updated in the profiles DB or BSS API should be stored in the user store true
icxt.scheduler.contentstore.cron Specify the schedule calendar of the ICXT ContentStore job 0 10 */6 * * *
icxt.scheduler.contentstore.enabled Specify whether to activate the ContentStore false
icxt.scheduler.tmpcleanup.cron Specify the schedule calendar of the ICXT temporary files job 0 0 23 * * *
icxt.scheduler.tmpcleanup.enabled Specify whether ICXT temporary files should be cleaned up on a regular basis (every day 11pm) true
icxt.scheduler.uuidmappingcleanup.cron Specify the schedule calendar of the UUID mappings cleanup job 0 15 0 * * *
icxt.scheduler.uuidmappingcleanup.enabled Specify whether UUID mappings that are stored in the ESSAPPS database should be cleaned up on a regular basis (every day 1am) true
icxt.scheduler.uuidmappingcleanup.retentionInDays Specify the number of days for keeping a UUID mapping in the database 14
ic360.security.bypass If the is property is set to true all ICXT functions can be accessed by users that are assigned to the security role ic360. It should only be activated for migration purposes. false
ic360.security.loginform.redirect Defines whether ICXT should utilize an external application for authentication purposes. If this value is set, the ICXT login form won’t be shown. NO VALUE SET PER DEFAULT
wsadmin.type The connection type for accessing the WebSphere AdminClient SOAP
wsadmin.host The DeploymentManager hostname. This value must be changed, if ICXT is installed in a clustered installation or the DeploymentManager is not located on the same node as the ICXT server localhost
wsadmin.port The DeploymentManagers SOAP port. 8879
wsadmin.j2calias The name of the J2C alias that stores the Connections Admin credentials. connectionsAdmin
wsadmin.com.ibm.SOAP.requestTimeout The timeout for each AdminClient operation. 0
http.keyStore.path The keystore file that should be used for all secured interservice calls. If not specified a “trusting all”-store will be used EMPTY STRING
http.keyStore.type The type of the keystore file. PKCS12
http.keyStore.password The keystore password. WebAS
http.protocol The protocol to use for interservice calls. https
http.hostname The hostname to use for interservice calls. Set the Connections hostname that is configured in the LotusConnections-config.xml NO VALUE SET PER DEFAULT
http.hostname.ic360 The hostname to use for if the Connections URL differs from the ICXT URL (e.g.: in case of cloud mode) localhost
http.port The port to use for interservice calls. 443
http.conn.compression Specifies whether all REST calls should allow to receive GZIP compressed responses. gzip
http.conn.max The number of maximum parallel connections. 100
http.conn.max.perhost The number of maximum parallel connections per host. 100
http.conn.socket.timeout The socket timeout for all interservice calls. 1200000
http.conn.timeout The connection timeout for all interservice calls. 1200000
http.auth.admin.type The authentication type for all interservice calls of the administrative user. Proper values are FORM, BASIC, TAI and SAML BASIC
http.auth.admin.user The user that should be used for all interservice calls. Choose the Connections admin*! NO VALUE SET PER DEFAULT
http.auth.admin.password The user password. Choose the Connections admin password! NO VALUE SET PER DEFAULT
http.auth.admin.uri The uri that should be used for authenticate the administrative user /ic360/ui/auth-internal
http.auth.impersonateAdminOnly Defines whether any user impersonation attempt should be made with the admin user instead. This can be used in case there’s only one user that can be leveraged on the system due to limitation in impersonation configuration options. Set to true to enable. EMPTY STRING
http.auth.impersonation.type The authentication type for all interservice calls that needs an impersonation. If a cloud should be addressed, this value must be set to SAML. Proper values are FORM, BASIC, TAI and SAML TAI
http.auth.impersonation.password The password that should be used for all impersonations EMPTY STRING
http.auth.impersonation.uri The uri that should be used for authenticate the impersonated user. /ic360/ui/auth-internal
http.auth.impersonation.cache Specify whether the impersonation cookies should be cached or not. In case of expensive login attempts (e.g. ICC), this setting should be set to true. The cache TTL is set to 10 minutes. false
http.auth.impersonation.field Specifies the profile field that should be used as login attribute. Allowed values are: uid or mail uid
http.auth.impersonation.allowInactive Specifies whether inactive profiles should be allowed to impersonate themselves. Enabling this may have adverse effects in content restore scenarios. false
http.spnego.avoid If this flag is set to true, the URL parameter noSPNEGO will be appended to all TAI impersonation requests false
http.systemproxy.enabled If set to true, the internal HTTP client will obtain the proxy settings of the JVM false
http.error.403.lenient If set to true, the ICXT will retry POST and PUT operations by using the administrative user, if the HTTP status 403 was received true
datasource.jndi.blogs The JNDI name of the Blogs datasource. This value must be changed for IC5.0– to jdbc/rollerdb jdbc/blogs
datasource.jndi.profiles The JNDI name of the Profiles datasource. jdbc/profiles
datasource.jndi.communities The JNDI name of the Communities datasource. jdbc/sncomm
datasource.jndi.activities The JNDI name of the Activities datasource. jdbc/activities
datasource.jndi.dogear The JNDI name of the Dogear datasource. jdbc/dogear
datasource.jndi.files The JNDI name of the Files datasource. jdbc/files
datasource.jndi.forum The JNDI name of the Forum datasource. This value must be changed for IC5.0– to jdbc/forum jdbc/forums
datasource.jndi.homepage The JNDI name of the Homepage datasource. jdbc/homepage
datasource.jndi.metrics The JNDI name of the Metrics datasource. jdbc/metrics
datasource.jndi.wikis The JNDI name of the Wikis datasource. jdbc/wikis
cookie.lclang The Name of the HCL Connections cookie lcLang in this environment lcLang
icxt.runtime.persistence The persistence type ICXT uses to store configuration data. Allowed values are sqlite (only for development purposes), rdbms (requires DB creation) rdbms
icxt.runtime.persistence.db.jndi [In case a database is used] - specifies its host address / FQDN jdbc/essapps
icxt.runtime.persistence.db.schema [In case a database is used] - specifies the schema or the ICXT database port ESSAPPS
icxt.runtime.persistence.db.tableprefix specifies the table prefix that should be used ICXT_
icxt.login.oauth2.callbackUri [In case of ICC] - specifies the OAuth2 CallbackURI configured in the ICXT App registration EMPTY STRING
icxt.login.oauth2.clientId [In case of ICC] - specifies the OAuth2 ClientID configured in the ICXT App registration EMPTY STRING
icxt.login.oauth2.internal.clientSecret [In case of ICC] - specifies the OAuth2 ClientSecret configured in the ICXT App registration EMPTY STRING
icxt.acl.enabled Defines whether ICXT access roles can be leveraged within the environment. If this is set to false, ICXT will only allow access to features based on the access rights the user has on the HCL Connections content they are interacting with. Many feature will be unavailable with this as they aren’t exactly related to specific HCL Connections content. true
icxt.cache.userRoles.ttl Defines the time to life (in seconds) for cached user roles. The roles are calculated once and then stored for this timeframe. Reducing the cache duration improves the time it takes for role updates to take affect (that are not done directly in ICXT, e.g. LDAP group updates). 86400
ic.apps.context.mapping Allows to define mappings of default Connections contexts to adjusted ones so that ICXT will call correct Connections endpoints internally. This expects a comma seperated list of key=value pairs for default to adjusted contexts, e.g. /forums=/cnx8/forums,/wikis=/cnx8/wikis and so on. NO VALUE SET PER DEFAULT

Note: Assign a user with a valid profile within the HCL Connections environment

Module Profiles

Name Description Default
ldap.url The LDAP URl that should be used for lookups ldap://localhost:389
ldap.user The ldapbind user. admin
ldap.password The ldapbind password. admin
ldap.use.ssl Specify whether the LDAP connection should be secured. false
ldap.baseDN The base distinguished name that should be used for lookups . EMPTY STRING
ldap.service.className The class name of the ldap service that should be used. This class can be overridden or extended. Ask your ICXT contact for further information com.ibm.ess.ic.ic360.ldap.DefaultLdapService
ldap.field.uid The ldap field that should be used as PROF_UID. See the TDI map_dbrepos_from_source.properties file NO VALUE SET PER DEFAULT
ldap.field.login The ldap field that should be used as PROF_LOGIN. See the TDI map_dbrepos_from_source.properties file. If this field is not used, set the value to null NO VALUE SET PER DEFAULT
ldap.field.guid The ldap field that should be used as PROF_GUID. See the TDI map_dbrepos_from_source.properties file NO VALUE SET PER DEFAULT
ldap.field.displayName The ldap field that should be used as PROF_DISPLAY_NAME. See the TDI map_dbrepos_from_source.properties file NO VALUE SET PER DEFAULT
ldap.field.dn The ldap field that should be used as PROF_SOURCE_UID. See the TDI map_dbrepos_from_source.properties file NO VALUE SET PER DEFAULT
ldap.field.mail The ldap field that should be used as PROF_MAIL. See the TDI map_dbrepos_from_source.properties file NO VALUE SET PER DEFAULT
ic360.feature.profiles.cleanup.className The class name of thath should be used for performing profiles cleanup tasks. This class can be overridden or extended. Ask your ICXT contact for further information default
java.naming.referral The value of this property is a string that specifies how referrals shall be handled by the LDAP service provider. Possible values: follow, throw, ignore follow

Following table lists default and well-known field mappings between LDAP and Connections:

Property Domino Directory IBM Directory Service (formerly known as TDS) MS ActiveDirectory OpenLDAP
ldap.field.displayName cn cn displayName cn
ldap.field.dn $dn dn distinguishedName $dn
ldap.field.guid dominoUNID ibm-entryUuid |B|objectGUID entryUUID
ldap.field.mail mail mail mail mail
ldap.field.uid uid uid sAMAccountName uid

Note: If a field was mapped to a binary LDAP field, use the prefix |B|, e.g. the binary field objectGUID (e.g. ActiveDirectory) should be declared as |B|objectGUID

Module BackupStore

Name Description Default
persistence.exportfolder Specifies the folder where all exports should be stored in. /tmp/
persistence.migrationfolder Specifies the folder where all exports should be stored in. /tmp/ic360_migration
ic360.feature.backupstore.alternate.user Due to the fact that the administrative user is not allowed to act as a normal user, this user should be used as stand-in for unresolvable content creators. NO VALUE SET PER DEFAULT
ic360.feature.backupstore.crossrefresolution.skipfilesthatmatchprefix Specifies a comma-separated list of file prefixes that should be excluded while updating resolved UUIDs during a migration. In large environments it is suitable to skipp Wikipage version files pv_ NO VALUE SET PER DEFAULT
ic360.feature.backupstore.exportccm Enables/Disables export of CCM Libraries for Community Backup. Expects true or false false
ic360.feature.backupstore.exportmetaonly Specifies whether a content export should contain only the meta data files (no images, attachments, or binaries). Setting this option to true allows to gather information on the time it needs to backup things. Additionally, it is useful for preparing migrations, as migration groups can be created up-front. for all other use cases of ICXT, this option should be set to false false
ic360.feature.backupstore.maxfilehistory Specifies the number of file versions that will be downloaded and exported. If this value is 0 or below, all file versions will be downloaded and exported 0
ic360.feature.backupstore.maxversions Specifies the number of versions that will be kept in the backupstore per item. If this value is 0 or below, the backupstore will keep an unlimited number of versions 10
ic360.feature.backupstore.maxwikipagehistory Specifies the number of wikipage versions that will be downloaded and exported. If this value is 0 or below, all wikipage versions will be downloaded and exported 0
ic360.feature.backupstore.multipleversions Specifies whether a content export can have multiple versions, or if each export overrides the existing export. In case of a migration this property should be set to false true
ic360.feature.backupstore.scheduler.trashcleanup.enabled Specifies whether the cleanup task for emptying the trash should be executed or not. false
ic360.feature.backupstore.scheduler.onlyexportifmodified If set to true, the scheduler will evaluate the last modified timestamp of the container that should be exported and compare it with the value, of the last export. The scheduled export will be skipped if the item has not been changed true
ic360.feature.backupstore.softdeletion If set to true, deleted containers in the backupstore are moved to the trash. This setting could be activated for performance reasons, as the move operation would not result in a heavy IO operation on the NAS false
ic360.feature.backupstore.community.members.chunksize Defines the amount of members that should be processed in one single request. Tweak this parameter to adjust performance during member processing tasks 50
ic360.feature.backupstore.community.catalog.recreate Defines whether the Communities catalog should be recreated after restoring a Community. Setting this value to false will result in Communities not immediately showing up within the Communities view. true
ic360.feature.backupstore.apps-blacklist Specifies HCL Connections applications that should be ignored during ICXT processing. This also excludes Community Widget processing matched on the WidgetDefId. EMPTY STRING

Module Template

Note - most properties from the Module Backupstore also apply for this module.

Name Description Default
community.template.admin.user Specifies the (technical) user that all content of of templated Communities should be created as. The user configured via http.auth.admin.user
persistence.templatefolder Specifies the folder that should store the Community templates EMPTY STRING
community.template.bootstrapPrivately Defines whether a Community should be created as private in order to hide away events and notifications generated during template based generation. Note This requires the creation of private Communities to be generally allowed. true

Module PDFExport

Name Description Default
wkhtmltopdf.command.exec Specifies binary executable that should be invoked for pdf exports (e.g.: /mnt/my_shared_fs/icxt/pdf/wkhtmltox/bin/wkhtmltopdf) wkhtmltopdf
wkhtmltopdf.parallel.processing.limit Number of wkhtmltopdf commands that can be executed simultaneously. A larger number results in additional throughput (concurrent sessions), but will require more CPU load 6
wkhtmltopdf.command.options Specifies additional options (as comma-separated key=value pairs) that should be used as wkhtmltopdf arguments EMPTY STRING
pdf.user.uid The user uid that is used to request profile pictures .If not set http.auth.admin.user will be used. NO VALUE SET PER DEFAULT
pdf.user.password The user password that is used to request profile pictures .If not set http.auth.admin.password will be used. NO VALUE SET PER DEFAULT
ic360.pdfexport.template.showDefault Defines whether a (basic) default PDF Template should be available in the PDF Export dialog, or whether a defined template should be used as default. Use true to add a default template, false to not add one, or use a template label to make this template the default. true
ic360.pdfexport.previewMode.selected Defines whether the preview mode is active by default in the PDF Export dialog. Disabling this will lead to increased load on the system as well as longer rendering times for the documents. true
icxt.pdfexport.backup.meta.fields The fields that will be rendered into pdf content for all backup pdf exports. A comma seperated list of values. Default contains all values. author,created,summary,tags,title,titlePage,updated
icxt.pdfexport.access.requiredrole Specifies the required access role a user must suffice in order to leverage the PDF Export feature. Valid roles are PDFExport+ItemViewer, PDFExport+ItemEditor and PDFExport+ItemOwner. The roles are calculated based on the HCL Connections content the user wants to execute PDFExport functionality for. PDFExport+ItemEditor
ic360.pdfexport.dir Defines the file system folder where rendered PDFs should be stored. This includes both temporary PDFs and finalized ones. /tmp
ic360.pdfexport.performance.thresholdLimit The number of entries/pages to consider for including headers and footers in the generated PDF. A large number impacts performance as it consumes more resources. Pages selected beyond this limit will extend processing times and result in a simplified output. 500
ic360.pdfexport.maxEntriesSupported The maximum number of entries/pages supported for PDF export. Selecting more than this may impact performance and lead to longer processing times. 10000

Module FixURLs

Name Description Default
icxt.fixurl.wikis.read.share Determines whether wiki page content should be scanned for the search pattern, which is the default behavior. Since wiki page and rich text content is persistent on the CNX file share, this may result to long runtimes due to IO delays. In this case, this property can be set to false to return all pages without verifying them. This means there are more page checks happening during the update/replace step, however this will not apply changes for false positives. true

Module QDoc

Name Description Default
ic360.qdoc.technical.user.uid Specifies the technical user* (by uid) that should be used for managing Workflow Activities. This user has to be added to the Community marked for QDoc. NO VALUE SET PER DEFAULT
ic360.qdoc.workflowactivity.name The Suffix for the Workflow Activity Name. This will be added to the Document Name that is in the workflow process. Workflow Activity
ic360.qdoc.auditactivity.name The identifier with which Audit Activities will be matched in a QDoc Community. Audit Activities always need to include the configured Id in their name. Audit
ic360.qdoc.workflowactivity.assignedTo.enabled If set, it will add To-Dos for users added in a Workflow to the Workflow Activity. If the user is not already in the QDoc-Community, he will also be added to the Community for this false
ic360.qdoc.workflowactivity.todo.id A prefix used for the title of every To-Do generated in the Workflow Activities EMPTY STRING
ic360.qdoc.template.showDefault Defines whether a (basic) default Document Template should be available in the QDoc Document creation wizard true

Note: Assign a user with a valid profile within the HCL Connections environment

Module Enhanced Wikis

Name Description Default
ic360.enhancedwikis.technical.user.uid Specifies the technical user* (by uid) that should be used for creating/managing content. NO VALUE SET PER DEFAULT
ic360.enhancedwikis.features Specifies the features that should be allowed in the wiki enhancement step. Currently only templating is supported templating

Note: Assign a user with a valid profile within the HCL Connections environment