This chapter provides tips about installing and configuring Lotus Domino to operate with the Webgate. Topics include:
Note:
The information here presumes that you are familiar with your operating system commands, Lotus Notes, and the Domino Web server.
Ensure that your Oracle Access Manager Console is running and get familiar with:
Before you install the Webgate with a Domino Web server, you need a properly installed and set up Domino Enterprise Server R5. The following information focuses on Solaris. However, with some modifications, these steps can be used as a guide for other UNIX systems.
Note:
You need to register if this is the first time you download from lotus.com.
To download the Domino Web server on UNIX
Download Lotus Domino from the following URL:
http://www-10.lotus.com/ldd/down.nsf
Untar the downloaded file to your staging area. For example:
gct@planetearth[/export/users2/gct/temp] 433 : ls C37UUNA.tar
gct@planetearth[/export/users2/gct/temp] 434 : tar xf C37UUNA.tar
gct@planetearth[/export/users2/gct/temp] 435 : ls C37UUNA.tar sol/
You need to install Domino as user "root". The installation script creates soft link, /opt/lotus, to link to your Lotus Domino installation directory.
To install the Domino Web server on UNIX
Run the install script for the Domino Web server. For example:
gct@planetearth[/export/users2/gct/temp/sol] 441 : su root Password: root@planetearth[/export/users2/gct/temp/sol] 1 : ls install* license.txt script.dat sets/ tools/ root@planetearth[/export/users2/gct/temp/sol] 2 : root@planetearth[/export/users2/gct/temp/sol] 2 : ./install ======================================================== Domino Server Installation ======================================================== Welcome to the Domino Server Install Program. Type h for help on how to use this program. Press TAB to begin the installation. -------------------------------------------------------- Type h for help Type e to exit installation Press TAB to continue to the next screen. --------------------------------------------------------
You are asked to select the setup type.
Select Setup type. For example:
Select Setup type: [Domino Enterprise Server]
Complete the installation with the following considerations in mind. For example:
The default program directory is set to /opt/lotus. You may over write it to another directory. For example, /export/home/WWW/lotus.
The default data directory is set to /local/notesdata1. You may also over write this to something else. For example, /export/home/WWW/lotus/data1.
Over write Domino UNIX user to own data directory. The default user is set to notes. You may change it to a valid UNIX user. For example, gct or root.
Over write "The UNIX user for this directory must be a member of this group". The default group is set to notes. You may change it to a valid UNIX group name. For example: oblix.
Note:
Be sure to put Domino data directory in your $PATH before you proceed from here.
After successfully installing, you must set up the first Domino server.
Run /opt/lotus/bin/http httpsetup.
By default, Domino will use port 8081.
Ensure that port 8081 is not already in use.
Launch your browser and enter the URL that follows. For example:
http://hostname:8081
Follow instructions on the screen and keep the following in mind.
Check HTTP to get the Web server.
Ensure the designated administrator has a first and last name.
Keep passwords simple, and record them in a safe location. For example, oracleoracle.
Run all commands as the UNIX user that you've configured for this Domino Web server.
WARNING:
Do not run as root.
After successfully setting up the first Domino Web server, you must start it.
Run /opt/lotus/bin/server.
Launch your browser and enter the following URL.
For example:
http://hostname:80/names.nsf
You will be prompted for login name and password.
Select Server-Server.
Select your intended server.
Select Edit Server.
Select Ports, select Internet Ports, then click Web.
Change the value for TCP/IP port number to your desired port number.
Click Save and Close to save all your changes.
Restart server /opt/lotus/bin/server.
Enabling SSL is not mandatory for the Webgate. However, if you need to generate a keyring file (.kyr) and its corresponding stash file (.sth) from the Lotus Notes client on a Windows system to the UNIX system, use the steps that follow.
To generate the keyring and stash files
Launch the Lotus Notes Client on your Windows system.
For example:
File, select Databases, then click Open
Select Server Certificate Admin.
Create the key ring file.
Create the certificate request.
Install the trusted root certificate into the key ring file.
Install the certificate into the key ring file.
Copy or ftp the newly created keyring file and stash file from the Windows system to your UNIX computer.
Store both files in your Domino data directory.
Launch your browser and enter the following URL.
For example:
http://hostname:port/names.nsf
You will be prompted for login name and password
Select Server-Server.
Select your intended server.
Select Edit Server.
Select Ports, select Internet Ports, then click Web.
In the SSL Key file name field, enter the absolute path to the keyring file.
Change the SSL Port number value to your desired port number.
Enable SSL port status.
Select Client Certificate "Yes" for Client Certificate authentication.
Click Save and Close to save all your changes.
Restart the Web server.
For example:
/opt/lotus/bin/server
The Domino security API filter, DSAPI, is an authentication method that enables you to register a DLL with the Domino Web server. In this case, the Web server calls the Webgate DLL to authenticate the user when a request for authentication occurs rather than using SSL or basic authentication.
Authentication within Domino is optional with the Oracle Access Manager DSAPI filter. You can implement certain aspects of authentication that the default Web server does not support.
Task overview: Completing Webgate and filter installation
Before you install the Webgate on a Domino Web server, complete all steps described earlier.
Complete the Webgate installation and Web server update as described in "Locating and Installing the Latest OAM 10g Webgate for OAM 11g".
See "Completing the Webgate Installation" and choose one of the two options discussed there.
To ensure the Domino Web Server can use the Webgate DLL, you need to edit the enter the name or names of the DLL/DLLs (DSAPI libraries) to be called for authentication in the DSAPI filter file names field of the HTTP tab under the Internet Protocols tab in the Server document.
Note:
Relative paths will be based on the Domino executable directory. DSAPI filter libraries will be called to handle events in the order they appear in this list.
There are two ways to install the filter:
Through a Web browser and names.nsf (option 1)
Through a Lotus Notes workstation and the Address Book (option 2)
Option 1: To setup the DSAPI filter to access names.nsf
Go to the names.nsf URL and log in. For example:
http://hostname:port/names.nsf
Click the Server-Servers link.
A Java applet will be loaded.
Select a server from those listed.
Click the Edit Server link to go to Edit mode.
Click the Internet Protocols link.
By default, the HTTP tab is selected and information is displayed in Edit mode.
Look for DSAPI where it says "DSAPI filter file names:", then type in the absolute path to the libwebgate.so file.
Save your changes.
Restart the Domino http server task.
Option 2: To access the Address Book through Lotus Notes
Open Domino Name and Address book. For example, select:
File, Database, Open, then click Address Book
Switch to server view and open the server document.
Edit the server document.
Click the Internet Protocols tab.
By default, the HTTP tab is selected and information is displayed in Edit mode.
Look for DSAPI where it says "DSAPI filter file names:", then type in the absolute path to the libwebgate.so file.
Save your changes.
Restart the Domino http server task.