Oracle® Beehive Integration Guide Release 2 (2.0.1.8) Part Number E16650-06 |
|
|
PDF · Mobi · ePub |
This module provides an overview of Oracle Universal Content Management (Oracle UCM) integration with Oracle Beehive.
This module includes the following topics:
This section describes the benefits and limitations of integrating Oracle UCM with Oracle Beehive, provides an architectural overview and deployment models of this integration, and discusses network considerations.
For definition of terms used in this section, see the Glossary in Oracle Beehive Concepts.
This section contains the following topics:
"Architectural Overview of Oracle UCM Integration and Oracle Beehive"
"Network Considerations of Integrating Oracle UCM with Oracle Beehive"
Oracle UCM provides a central repository for Web site content management and other application content management.
Integrating Oracle Beehive with Oracle UCM enables users to access published content directly form their daily working environment in the context of team workspaces. Therefore, they collaborate in the Oracle Beehive team workspaces to browse a remote repository, read documents, update them, produce new content, and create shortcuts to remote documents and folders.
The limitations of integrating Oracle UCM with Oracle Beehive include the following:
Content that is hosted in Oracle UCM is accessible to Oracle Beehive as read-only.
Publishing to Oracle UCM is not supported in Oracle Beehive Release 2 (2.0.1.8).
You can manually check content back into Oracle UCM directly, using Oracle UCM client tools.
Beehive integration with Oracle UCM implements access to remote repositories.
The remote repository model of integration supports read-only access in Oracle UCM. It enables users to collaborate in Oracle Beehive Team Collaboration, to browse the remote repository, read documents, and create shortcuts to remote documents and folders. If content must be updated, it may be copied from a content repository to an Oracle Beehive team workspace.
Remember the following points:
Both the Oracle Beehive instance and the Oracle UCM instance must use the same user repository base.
The Oracle Beehive instance is aware of the Oracle UCM instance. Oracle UCM is not aware of Oracle Beehive. This ensures very minimal or no configuration changes to existing Oracle UCM deployments in the organization where Oracle Beehive is deployed.
Content is typically not duplicated or replicated between Oracle Beehive and Oracle UCM, and no copies of content from Oracle UCM are stored in Oracle Beehive. (Note, duplicate copies of content will exist if users manually copy content from Oracle UCM and paste it in Oracle Beehive workspaces.) This eliminates content management overhead, and ensures that Beehive users who access remote content always receive the most current content in Oracle UCM.
The access control and security applied to the content in Oracle UCM instances is maintained while users access content through Oracle Beehive.
For example, if a user does not have access to specific content in an Oracle UCM instance, he will not have access to the same content through Oracle Beehive.
Oracle Beehive users can access Oracle Beehive content, such as documents, Wiki pages, and forums, and also the remote content from a single client, the Oracle Beehive Team Collaboration. Users can manage this remote content and documents as a Oracle Beehive documents for collaboration purposes, creating shortcuts, applying tags and categories, and so on.
When Oracle UCM and Oracle Beehive are on the same network without a firewall, the steps described in this module work as expected.
In your organization, Oracle Beehive, Oracle UCM, and your user directory may be running on different secured networks. In that case, additional steps must be completed to ensure that the integration works.
If the LDAP is on a protected network, then Oracle Beehive and Oracle UCM servers must be granted access for user authentication.
If Oracle UCM is on a protected network, then access must be granted to the Oracle Beehive servers. There are two common configurations for this network architecture:
Oracle Beehive is in DMZ, and Oracle UCM is in the secure network. Then the firewall must be configured to allow Oracle Beehive servers (or Oracle Beehive server network) to initiate connections to Oracle UCM servers.
Oracle Beehive and Oracle UCM are on separate networks, separated by different NAT firewalls. In this scenario, integration may not be possible. Opening a tunnel to Oracle UCM enables all connections from the Oracle Beehive network to have administrative access to Oracle UCM.
Note that other network topologies may have different requirements for allowing connections between Oracle UCM and Oracle Beehive. For more information, contact Oracle Support.
Oracle Beehive supports integration with Oracle UCM 10g Release 3 or higher. At minimum, the user bases for Oracle UCM and Oracle Beehive must match. To meet this requirement, Oracle recommends that you configure Oracle UCM and Oracle Beehive to use the same user directory through LDAP.
To complete an integration with Oracle UCM, you must have the following privileges:
Oracle UCM Administrator privileges to configure an LDAP provider, and to configure roles, groups, and credential maps.
Command line administrator access to a server that hosts the Oracle UCM instance, to update configuration files and to restart the Oracle UCM instance.
Beehive System Administrator (Beekeeper) privileges for creating, enabling, disabling, or deleting remote repositories.
For each workspace, Oracle Beehive workspace-coordinator privileges (through Oracle Beehive Team Collaboration) for enabling remote content access for the workspace, and for creating additional remote mounts if needed. Remote repositories can refer to remote folders or saved UCM queries, while remote mounts can refer to remote repositories only.
In practice, if a remote repository is already defined, any workspace coordinator can configure remote mount points in a workspace they own. Because every user can create team workspaces, no additional privileges are required.
To integrate Oracle Beehive with Oracle UCM, you must prepare the Oracle UCM instance for integration, and also ensure that both a remote repository and a remote mount exists.
This section contains the following topics:
To prepare an Oracle UCM instance for integration with Oracle Beehive, you must complete the following tasks:
Oracle UCM must be configured to allow administrative access to the middle tiers of the Oracle Beehive instance used in the integration. This means that the integration is made through an LDAP instance that is configured for use with the appropriate Oracle Beehive instance.
To configure host-based authentication:
Log in to the server that hosts the Oracle UCM instance.
Change to the UCM_HOME
/config
directory.
UCM_HOME
is the directory where Oracle UCM is installed.
Edit the file config.conf
in one of the following ways:
Set the SocketHostAddressSecurityFilter
property to enable all hosts to connect:
SocketHostAddressSecurityFilter=*.*.*.*
Set the SocketHostAddressSecurityFilter
property to enable only one hosts to connect:
SocketHostAddressSecurityFilter=1.2.3.4
Set the SocketHostAddressSecurityFilter
property to enable several specified hosts to connect:
SocketHostAddressSecurityFilter=1.2.3.4 1.2.3.5,1.2.3.6,1.2.3.7
Restart the Oracle UCM instance:
UCM_HOME/etc/idcserver_restart
Oracle UCM and Oracle Beehive must leverage the same user base. Oracle recommends that you create and configure an LDAP provider to prepare the Oracle UCM instance for integration with Oracle Beehive.
To create and configure an LDAP provider:
Log in to the Oracle UCM interface using a sysadmin
account.
In the navigation bar, click Administration.
Click Providers.
The Providers page displays.
On the Providers page, select Add a new LDAPUSER provider.
Enter values for the following fields:
Provider Name
Source Path
LDAP Server
LDAP Port
Credential Map
Default Network Roles
LDAP Admin DN
To authenticate users, you must map logins into Oracle UCM to the correct user fields in LDAP.
Log in to the server that hosts the Oracle UCM instance.
Change to the UCM_HOME
/data/providers/
provider_name
directory.
UCM_HOME
is the directory where Oracle UCM is installed.
provider_name
is the directory for the LDAP provider created in section "Creating and Configuring an LDAP Provider".
Edit the file provider.had
by adding the following line:
LdapUserSearchFilter=(&objectclass=person)(mail=user))
Restart the Oracle UCM instance:
UCM_HOME/etc/idcserver_restart
In the security protocol for Oracle UCM, users are assigned roles and content is assigned to security groups. In this context, roles have permissions for groups.
You must create roles and security groups in Oracle UCM to prepare it for integration with Oracle Beehive.
Examples of security groups could be of the type OUR_PUBLIC_GROUP
. Examples of security roles could be of the following types:
All users: OUR_USERS
with READ
, WRITE
, DELETE
permissions for OUR_PUBLIC_GROUP
Administrators: OUR_ADMINS
with READ
, WRITE
, DELETE
, ADMIN
permissions for OUR_PUBLIC_GROUP
Log in to the Oracle UCM interface using a sysadmin
account.
In the navigation bar, click Administration.
Click Admin Applets.
Select User Admin.
A User Admin window appears.
In the User Admin window, select the Security menu, and then select Permissions by Role.
In the new window, click Add New Role.
In the new window, enter the name of the new role you are creating.
Click OK.
Close the Permission by Role window.
Log in to the Oracle UCM interface using a sysadmin
account.
In the navigation bar, click Administration.
Click Admin Applets.
Select User Admin.
A User Admin window appears.
In the User Admin window, select the Security menu, and then select Permissions by Group.
In the new window, click Add Group.
In the new window, enter the name and description of the new group you are creating.
Click OK.
Close the Permission by Role window.
Log in to the Oracle UCM interface using a sysadmin
account.
In the navigation bar, click Administration.
Click Admin Applets.
Select User Admin.
A User Admin window appears.
In the User Admin window, select the Security menu, and then select Permissions by Group.
Select an existing security group.
A list of available roles appears.
Select a role and click Edit Permissions.
Select the permissions for that role in the security group.
Click OK.
Close the Permission by Role window.
You must register the credential map that is specified in the section "Creating and Configuring an LDAP Provider".
Log in to the Oracle UCM interface using a sysadmin
account.
In the navigation bar, click Administration.
Click Credential Map.
Enter the name of the credential map that you specified when creating the LDAP provider, in step 5 of "Creating and Configuring an LDAP Provider".
In the text field, add the following entry:
|#all|, %% |#all|, OUR_USERS &<login_id>, OUR_ADMINS
This uses the example from "Creating Security Roles, Groups, and Permissions"
Click OK.
This section briefly discusses remote repositories, demonstrates how to create a one through the beectl
command line, and how to configure it by enabling it in Oracle Beehive Team Collaboration.
Note that you must create a remote repository based on a seeded RemoteRepositoryDefinition
. If an appropriate remote repository exists, you may use it instead. Also, remote repositories can be either be path-based or query-based.
This section contains the following topics:
When a user is connected to a remote repository, the remote mounts have read-only access.
Users can do the following:
Browse remote mounts, including drill down folder trees and read documents
Create shortcuts to a remote folder or document
Copy documents and folders locally to the Oracle Beehive workspace
Users cannot do the following:
Upload a document directly to a remote mount
Create, update, or delete folders or documents
You can create and configure a remote repository using Oracle Beekeeper. For more information, see "Managing Remote Repositories" in Oracle Beekeeper Online Help.
You can also create and configure a remote repository using the beectl add_remote_repository
command.
To create and configure a remote repository using beectl:
Decide on the repository definition you want to use.
At this time, Oracle Beehive supports only Oracle UCM.
Create a remote repository configuration file.
The following code is an example of a configuration file.
<?xml version="1.0" encoding="UTF-8" ?> <RemoteRepositoryInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xml.oracle.com/beehive/remotecontent/ remote_repository_template.xsd" xmlns="http://xml.oracle.com/beehive/remotecontent"> <name>computer_name</name> <remote_repository></remote_repository> <description>repository_with_UCM_instantiated</description> <definitionname>Oracle UCM</definitionname> <scope>enpr=oracle</scope> <Attributes> <attribute> <name>host</name> <defaultValue>default_value_of_machine</defaultValue> <final>true</final> </attribute> </Attributes> </RemoteRepositoryInfo>
Add the remote repository to the workspace using the following command:
beectl add_remote_repository -–file /path/remote_repository_file.xml
You enable remote repositories for workspaces using Oracle Beehive Team Collaboration. To enable a remote repository, you must have workspace coordinator privileges in the workspace where you want to enable the remote repository.
For more information, including the steps to enable a remote repository using Oracle Beehive Team Collaboration, see the Oracle Beehive Team Collaboration Help at the following location:
http://www.oracle.com/technology/products/beehive/beehive_users/2_0/teamcollab.htm
You can create a remote mount in a workspace either through Oracle Beehive Team Collaboration or using the beectl add_remote_share
command. In either case, ensure that you have workspace coordinator privileges in the workspace.
For the steps to enable a remote mount using Oracle Beehive Team Collaboration, see Oracle Beehive Team Collaboration Help at the following location:
http://www.oracle.com/technology/products/beehive/beehive_users/2_0/teamcollab.htm
For the steps to enable a remote mount using the beectl add_remote_share
command, see "Creating a Remote Mount Using beectl".
You can create a remote repository using the beectl add_remote_share
command. Also, you may create a remote mount in a workspace even without an enabled remote repository in that workspace. The mount will remain hidden until the remote repository is enabled in the workspace.
Note that the terminology remote mount in Oracle Beekeeper is equivalent to remote share in the XML files used by the beectl
command environment.
To create a remote mount using beectl:
Decide on the remote repository to use as the basis for the mount or share.
Create a remote mount configuration file. See folder_mount.xml
and query_share.xml
for examples.
The following code is an example of a folder-based mount configuration file.
<?xml version="1.0" encoding="UTF-8" ?> <RemoteShareInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xml.oracle.com/beehive/remotecontent/ remote_share.xsd" xmlns="http://xml.oracle.com/beehive/remotecontent"> <name>computer_name_folders_only</name> <remote_share></remote_share> <description>Beehive_Documents_Folder_on_Oracle_UCM</description> <repository_scope>enpr=oracle</repository_scope> <repository_name>UCM_repository_name</repository_name> <scope>wksp=Beehive Team,enpr=oracle</scope> <Attributes> <attribute> <name>rootPath</name> <value>/value_of_root_path</value> </attribute> </Attributes> </RemoteShareInfo>
The following code is an example of a query-based mount configuration file.
<?xml version="1.0" encoding="UTF-8" ?> <RemoteShareInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xml.oracle.com/beehive/remotecontent/remote_share. xmlns="http://xml.oracle.com/beehive/remotecontent"> <name>computer_name_search_only</name> <remote_share></remote_share> <description>Beehive Search on Oracle UCM.</description> <repository_scope>enpr=oracle</repository_scope> <repository_name>UCM_repository_name</repository_name> <scope>wksp=Beehive Team,enpr=oracle</scope> <Attributes> <attribute> <name>searchQuery</name> <value><![CDATA[dDocTitle <matches> `*RCS*`]]></value> </attribute> </Attributes> </RemoteShareInfo>
Add the remote mount to the workspace using the following command:
beectl add_remote_share –file /path/remote_share_file.xml
The system administrator can disable select repositories in all workspaces, by using the Oracle Beekeeper interface.
After the repository or mount are defined and configured, the workspace coordinator performs the following tasks:
The workspace coordinator must enable the specific repository to make it available in that workspace. Each workspace can have its own set of enabled repositories.
After a repository is enabled, a default mount to that repository is created.
The workspace coordinator may also create additional mounts to the same repository, based either on a folder or on a saved query.
The workspace coordinator may disable previously enabled repositories. This action does not delete any mounts, but it only removes them from the view of the user.