Enabling multi-tenancy
Multi-tenancy allows multiple organizations to be part of the HCL Sametime® community. With multi-tenancy, Sametime users can chat, add users and groups to contact lists, and have awareness of users in their organization or in other organizations that are configured to be visible to them.
About this task
The multi-tenancy feature uses customized Java™ code to dynamically generate a filter and base distinguished names for LDAP searches on the Sametime Community Server. The CustomizedMultitenancy.class
and ConfigLoader.class
Java files containing the required code are automatically installed during the Sametime Community Server installation. The CustomizedMultitenancy.ini
file is also installed and contains the configuration settings and the configuration instructions for the multi-tenancy feature. These files are located in the java directory where Domino is installed.
For example,on Windows C:\Program Files\HCL\Domino\java.
The multi-tenancy feature is disabled by default.
Prerequisite LDAP Requirements
Users from all organizations should reside under one tree, with multiple branches.
For example:
If the base DN is CN=ORGANIZATIONS,OU=COLLAB,DC=HCL,DC=COM
An individual organization would be found at this baseDN(s):
O=Organization A,CN=ORGANIZATIONS,OU=COLLAB,DC=HCL,DC=COM
O=Organization B,CN=ORGANIZATIONS,OU=COLLAB,DC=HCL,DC=COM
Additionally, each user’s entry in LDAP must contain an attribute that also contains the name of the organization that the user belongs to.
For example,you can create an attribute called “organizationName” and the value set to the name of the organization.
organizationName=Organization A.
Procedure
-
Before making edits to the configuration, review your LDAP base DNs to determine which values should be used inside the
CustomizedMultitenancy.ini
. -
Complete the worksheet below to assist in completing the configuration:
Setting Name Description Example Your Value Base DN This is the top of your LDAP tree, where to start searching the directory CN=ORGANIZATIONS,OU=COLLAB, DC=HCL,DC=COM Organization BaseDN This is the location of the individual organizations. O=Organization A,CN=ORGANIZATIONS, OU=COLLAB,DC=HCL,DC=COM ORG_PART_OF_DN The attribute in the LDAP DN that contains the organization name. O PEOPLE_ROOT_BASE_DN This is the DN of the entry where to start searching for people. It should contain the lowest LDAP entry under which the entries of all the people in the organization are available. O=%S,CN=ORGANIZATIONS, OU=COLLAB,DC=HCL,DC=COM GROUPS_ROOT_BASE_DN This is the DN of the entry where to start searching for groups. It should contain the lowest LDAP entry under which the entries of all the people in the organization are available. O=%S,CN=ORGANIZATIONS, OU=COLLAB,DC=HCL,DC=COM PEOPLE_BASE_DN_TEMPLATE The DN of the entry at which to start the people or the groups LDAP search when the search is done in a sub tree of a particular organization. %S should always be present in the value. It will be dynamically replaced by the organization name during the resolve operation. O=%S GROUPS_BASE_DN_TEMPLATE The DN of the entry at which to start the people or the groups LDAP search when the search is done in a sub tree of a particular organization. %S should always be present in the value. It will be dynamically replaced by the organization name during the resolve operation. O=%S LDAP_ORG_ATTR The attribute in the LDAP directory that is present in every person and group entry and contains the organization name that this person or group belongs to. ORGANIZATIONNAME Note: Every value in thecustomizedMultitenancy.ini
must be in upper case. -
Using the values that have been identified, populate the settings in the
customizedMultitenancy.ini
file, following the examples inside the file. ThecustomizedMultitenancy.ini
is in the java folder inside the Domino program directory. - Save and close the customizedMultitenancy.ini file when complete.
-
Open the
sametime.ini
file using a text editor. -
Locate the existing [Config] section of the file.
- For Windows installs, add the following line, ensuring the correct path to the java directory:
ST_JAVA_CUSTOM_PATH=C:\Program Files\HCL\Domino\java
- For Linux installs, add the following line, ensuring the correct path to the java directory:
ST_JAVA_CUSTOM_PATH=/local/notesdata/java
- For Windows installs, add the following line, ensuring the correct path to the java directory:
-
Review the
ST_JAVA_CLASS_PATH
line and confirm that the path you entered in the above step is listed first on this line. -
Save and Close the
sametime.ini
file. - Launch the HCL Notes or Administrator client.
- Click Open > Applications > Open an Application
-
In the server name field, enter the Sametime Community server name. In the filename field enter
“stconfig.nsf”
. - Double-click the LDAPServer document.
- Inside the LDAPServer document, double-click to place in edit mode.
-
Change the following fields to the values shown below:
Search filter for resolving person names:CustomizedMultitenancy.peopleResolveFilter()
Search filter for resolving group names: CustomizedMultitenancy.groupsResolveFilter()
Base object when searching for person entries: CustomizedMultitenancy.peopleBaseDn()
Base object when searching for group entries: CustomizedMultitenancy.groupsBaseDn()
- Click File > Save to save the document.
- Restart the Community Server for these settings to take effect.
-
On the Sametime Proxy server, add the following section to the
stproxyconfig.xml file with the appropriate values for your configuration.
<multiTenancy> <key>O</key> <attr>ORGANIZATIONNAME</attr> </multiTenancy> </configuration>
-
On the Sametime Meeting server, add the JWT_ORGID_KEY to the custom.env
file with the appropriate values for your configuration.
<multiTenancy> <key>O</key> <attr>JWT_ORGID_KEY=O</attr> </multiTenancy> </configuration>
- Restart the Sametime Proxy server for the settings to take affect.