Granting an administrator rights to Connections 4.5 communities
Integrating IBM® Sametime® Advanced with IBM Connections enables users to view the list of Connections communities from within the Sametime Advanced client's Broadcast Communities panel, and to post broadcast chats back to the communities as updates. You can integrate Sametime and Connections by granting the Sametime administrator permission to view all Connections communities.
About this task
To integrate Sametime with Connections, you must give the Sametime administrator permissions to view all of the communities in Connections. Sametime Advanced then uses that administrator's account to download the list of communities from Connections and display it in the Broadcast Communities panel in Sametime Advanced.
Integration between IBM Sametime and IBM Connections products is one of the features of the IBM Connections Suite V1.0.
Procedure
- Determine the name of the LDAP realm used by the Connections
deployment:
- On the Connections deployment manager, log in to the WebSphere® Integrated Solutions Console as the WebSphere administrator.
- In the navigation list, click Security > Secure Administration, applications and infrastructure > Federated Repositories.
- Click Configure.
- On the main Federated repositories page, note the value for the realm name used for the Connections deployment.
- Close the Federated repositories page by clicking Cancel.
- Move to the computer hosting the Communities application
for IBM Connections,
and start the wsadmin client by completing the following steps:
- Open a command prompt, and then change to the following
directory:
WAS_install_root\profiles\DM_profile\bin
whereWAS_install_root
is the WebSphere Application Server installation directory andDM_profile
is the deployment manager profile directory, typically dmgr01. For example, you might use the following default path on Microsoft™ Windows™:C:\Program Files\IBM\WebSphere\AppServer\profiles\Dmgr01\bin
Attention: You must start the wsadmin client from this directory because the Jython files for the product are stored here. If you try to start the client from a different directory, the execfile() command that you subsequently call to initialize the administration environment for a Connections component does not work correctly. - Start the wsadmin client with the following command:
- Linux™:
./wsadmin.sh -lang jython -user was_admin_user_name -password was_admin_password -port SOAP_CONNECTOR_ADDRESS_port
- Windows:
wsadmin -lang jython -user was_admin_user_name -password was_admin_password -port SOAP_CONNECTOR_ADDRESS_port
where:was_admin_user_name
is the user name of the WebSphere administrator account on the Connections deployment manager.was_admin_password
is the password of the WebSphere administrator account.SOAP_CONNECTOR_ADDRESS_port
is the SOAP port for WebSphere Application Server on the Connections deployment manager. The default value of the SOAP port is 8879; if you are using the default port value, you do not need to specify this parameter. If you are not using the default port and you do not know the port number, you can look up its value in the WebSphere Application Server Integrated Solution Console. To look up the SOAP port number, perform the following steps:- Open the Integrated Solution Console for the Connections deployment manager, and select System Administration > Deployment Manager.
- Locate "Additional properties" and expand Ports; then look for the SOAP_CONNECTOR_ADDRESS port entry to find the port number.
- Linux:
./wsadmin.sh -lang jython -user primaryAdmin -password p@assword -port 8879
- Windows:
wsadmin -lang jython -user primaryAdmin -password p@assword -port 8879
- Linux™:
- Open a command prompt, and then change to the following
directory:
- Now access and check out the Communities configuration
file:
- Run the following command:
execfile("communitiesAdmin.py")
If you are prompted to specify a service to connect to, type 1 to pick the first node in the list. Most commands can run on any node, but if the command writes or reads information to or from a file using a local file path, you must pick the node where the file is stored.
- Check out the Communities configuration files using
the following command:
CommunitiesConfigService.checkOutPolicyConfig("Working_directory", "Cell_name")
where:Working_directory
is the temporary working directory to which the configuration XML and XSD files are copied. The files are kept in this working directory while you make changes to them.Note: Linux only: The directory must grant write permissions or the command will not run successfully.Cell_name
is the name of the WebSphere Application Server cell hosting the Connections application. This argument is required. If you do not know the cell name, you can determine it by typing the following command in the wsadmin command processor:print AdminControl.getCell()
CommunitiesConfigService.checkOutPolicyConfig("/opt/my_temp_dir", "CommServerNode01Cell")
- Change to the Working_directory where you stored the checked out files and open the communities-policy.xml file in a text editor.
- Make sure the file contains the following
grant
statement; if not, copy the following code and paste it into the section containing grant statementswhere:Connections_Realm
is the Connections LDAP repository realm name that you identified in step 1.ST_Advanced_admin_user_name
is the user name of the Sametime administrator who will have permissions to view Connections communities.
Note: Even if the file already contains thegrant
statement, you must add the first statement from the following example with the appropriate realm and user name to specify the user who is receiving permissions.<comm:grant> <comm:principal class="com.ibm.ws.security.common.auth.WSPrincipalImpl" name="Connections_Realm/ST_Advanced_admin_user_name" /> <comm:permission class="com.ibm.tango.auth.permission.CommunityManagementPermission" communityType="*" action="*" /> <comm:permission class="com.ibm.tango.auth.permission.CommunityMembershipPermission" communityType="*" action="*" /> <comm:permission class="com.ibm.tango.auth.permission.CommunityAccessPermission" communityType="*" action="*" /> <comm:permission class="com.ibm.tango.auth.permission.CommunityReferencePermission" communityType="*" action="*" /> <comm:permission class="com.ibm.tango.auth.permission.CommunityBroadcastPermission" communityType="*" action="*" /> <comm:permission class="com.ibm.tango.auth.permission.CommunityInvitePermission" communityType="*" action="*" /> </comm:grant>
- Save and close the file.
- Check in the updated file using the following wsadmin
client command:
CommunitiesConfigService.checkInPolicyConfig("Working_directory", "Cell_name")
- Run the following command:
- Exit the wsadmin client with the following command:
exit
- Stop and restart the server.