Weblogic Domino Service Setup Guide

Administration

This chapter describes administration and configuration of the Lotus Domino server as related to the WebLogic Domino Service.

This chapter contains the following section:

Access Control List and Permissions

The WebLogic Domino Service runs and connects to other Domino servers in the same Notes domain where the server is running. Therefore, the Lotus Domino server running the WebLogic Domino Service must have permissions to access a mail database in order to retrieve data from that mail database. This is accomplished by the Lotus Domino server being a member of the LocalDomainServers group and with that group having permissions to access the mail database. At a minimum, the LocalDomainServers group (or the specified server) must have the ACL permissions described in Table 2-1 in order to read a mail database:

Table 2-1 Required Permissions

Permission	Description	Required
Create Documents	Allows the user to create documents, such as memos, appointments, and tasks.	Yes
Delete Documents	Allows the user to delete documents.	Yes
Read Public Documents	Allows the user to read documents.	Yes
Write Public Documents	Allows the user to write documents.	Yes
Create Personal folders/view	Allows the user to create views.	Yes
Create Shared folders/views	Allows the user to create folders for mail.	Yes

Note: These permissions correspond to the Editor Access Level without the following: Create Personal agents and Create LotusScript/Java agent.

When connecting as a specific user, the Java caller specifies a user's name and Internet password to create a session. The WebLogic Domino Service authenticates the user using the Internet password and authorization against the ACL is performed. The WebLogic Domino Service authorizes the user by examining the ACL permissions available on the mail database for that user. If the user meets the minimum user permissions, as described above, regardless of Access Level, the user is granted access; otherwise, an invalid user and password exception is thrown.

Note: The Lotus Domino user's Internet password is checked for authentication. If the Lotus Domino user is using the Domino feature More Secure Internet Password and you are running on Lotus Domino R5, this feature must be disabled in order to authenticate a user.

Read/Unread Marker Support

Before the WebLogic Domino Service updates a read/unread marker on a document, it checks if the database Do not mark modified documents as Unread property is enabled on the user's mail database. Setting this property is equivalent to opening the user's mail database in Notes and toggling the setting found at:

File > Database > Properties > Design

The WebLogic Domino Service will enable this property if it is not enabled. Enabling this property eliminates inconsistencies in the read/unread state between two Lotus Domino mail clients.

Domino Service Configuration Database

Configuration and logging for the WebLogic Domino Service is stored in a database called bea_config.nsf. This configuration database is copied to %LOTUS_DOMINO_DATA%\bea_config.nsf during installation of the WebLogic Domino Service.

The database contains the views shown in Table 2-2.

Table 2-2 Database Views

Parameter	Description
BEA Domino Service Configuration	Contains the Configuration document that stores configurable properties for the Domino Service. WebLogic Domino Service Configuration.
All Events > By Date	Events categorized by date.
All Events > By Date & Method Name	Events categorized by date and Domino Service method.
All Events > By Date & Session	Events categorized by date and session.
All Events > By Server & Date	Events categorized by Domino Service server and date.
All Events > By Session ID and Thread ID	Events categorized by session ID and HTTP task thread ID.
All Events > By Thread ID	Events categorized by HTTP task thread ID.
Login by User & Date	Logins by user and date.

Additionally, the database template bea_config.ntf is installed at %LOTUS_DOMINO_DATA%\db.

This section contains the following topics:

Replication

The configuration database can be replicated and information shared across other WebLogic Domino Service installations. This database is set to disable replication by default.

Perform the following steps to enable replications:

Browse to Database properties > Replication Settings... > Other.

Uncheck Temporarily disable replication for this replica.

This step is optional: replicate only the configuration options (not the log documents), by browsing to Database properties > Replication Settings... > Space Savers, checking Documents in specified views or folders and selecting the BEA Domino Service Configuration view.

Note: Do not replicate this database if you plan to have the Log Level set to Debug due of the high amount of logging.

WebLogic Domino Service Configuration

The WebLogic Domino Service Configuration database view contains the configuration document. This document contains the fields for configuring the WebLogic Domino Service execution. This document is only read when the Domino HTTP task starts. The Domino HTTP needs to be stopped and restarted for WebLogic Domino Service configuration changes to take effect.

See Table 2-3 for settings.

Table 2-3 Domino Service Configuration Settings

Parameter	Description
Attachment Size Limit (in bytes)	The maximum size of attachments allowed in bytes. The default is 500000.
Attachment Temp Directory	The location used by the service to temporarily transfer attachments. The default is the `D:\temp` directory.
Session Timeout (in seconds)	The inactivity in seconds when a session will automatically close. The default is 300.
Log Level	The amount of information written to the log. The level Debug is used to track individual requests and it provides the most information. Use Info for tracking user sessions. Use Warning for tracking basic Domino errors. Use Error for the least amount of information or only startup and fatal errors. The default setting is Info.
Skip Authentication?	A flag to indicate whether to use Domino user authentication. This parameter is used when integrating the Domino Service with Netegrity SiteMinder. Netegrity SiteMinder.
User Id Header	Name of header attribute to contain the user Id when running with Netegrity SiteMinder. Netegrity SiteMinder.

Maintaining Service Logs

Because the bea_config.nsf contains log entries, this database can grow very large. This is particularly true if the Log Level is set to Debug. For this reason, the bea_config.nsf is configured by default with Remove documents not modified in the last: 15 days. This configuration can be changed depending on your development or production requirements. This setting is available from a Notes client at Database properties > Replication Settings... > Space Savers.

Netegrity SiteMinder

The WebLogic Domino Service supports integration with the Netegrity SiteMinder for single sign on.

Perform the following steps to configure SiteMinder support:

Set Skip Authentication to Yes.

Confirm that User Id Header matches the header attribute that will contain the user Id supplied by the SiteMinder webagent. For example, DominoUID.

Configure the SiteMinder webagent as follows:

Set SkipDominoAuth = no
Set DominoUseHeader = DominoUID
Set DominoLookupHeaderForLogin = yes
Create a user attribute response with variable name DominoUID set to the user profile for the Domino username.