ExerciseBookCQ 5.3SystemAdministratorTrainingOdd

- /~\

L~ V.

~~\Technical Training

II

ICQ 5.3 System Administrator Training

World Standard Softare to Unif Your Business ww.day.comCopyright 2010, Day Software AG, Switzerland Day Company Confidential RevL.2 20101005

-Preface

5

6

7

13

Formatting Conventions

EXERCISE 1 - Install & Start an Author Instance

EXERCISE 2 - Edit a Page

EXERCISE 3 - Browse Related Application/Server Ititenaces 17

EXERCISE 4 - Change Default Passwords 23EXERCISE 5 - Configure Version Manager OSGi BlI ndle 33

EXERCISE 6 - Set up Replication Agents for two Pli blishInstances 38EXERCISE 7 - Activate Tree 47EXERCISE 8 - Add the Dispatcher to the 115 WebSe"ver 49

EXERCISE 9 - Add the Dispatcher to the Apache WebServer 52

EXERCISE 10 - Configure the Dispatcher 55

EXERCISE 11 - Optimize Tar PM on Author Instance 69

EXERCISE 12 - Backup Author Instance 71

EXERCISE 13 - Using cURL for Automated Backup 74

EXERCISE 14 - Cluster Two CO Instances 76

EXERCISE 15 - Create & Download a CO Package 81

EXERCISE 16 - Automating Package Manager with cURL 86

EXERCISE 17 - Creating Custom Log Files 91

EXERCISE 18 - User Administration and Security 95

EXERCISE 19 - Integrate with LDAP for Users and Groups 111

EXERCISE 20 - Find Slow Responses 120World Standard Softare to Unify Your Business. ~ww.d~.CQm 3Copyright 2010, Day Software AG, Switzerland Day Company Confidential RevL.220101005

-The current training material is indented as a introduction to administer CQ 5.x in aworking environment. The latest available release is 5.3. Training material will beaccordingly adapted to further product releases.Except Exercise 1, all other exercises have as a prerequisite a running CQ 5.x Authorinstance. Exercise 1 will lead you through the steps needed to install such an instance.Additional requirements are listed in the corresponding exercises.

The current exercise book contains some exercises which will be covered during trainingreinforcing the topics discussed during class. In the Appendix, you may find additionalexercises which can help you with different installation platforms.

World Standard Softare to Unify Your Business ww.day.com 5Copyright 2010, Day Software AG, Switzerland Day Company Confidential RevL.220101005

-

Goal

The following instructions explain how to install and start an Author instance. This isimportant because you will use this Author instance throughout this training to performtypical development tasks. To successfully complete and understand these instructions,you will need:

· A CQ5 quickstart JAR

· A valid CQ5 license key

· A JDK ;;= 1.5

· Approximately 800 MBs of free space

· Approximately 1 GB of RAM

What is an Author instance?

An Author instance is the CQ5 installation content authors will login to and managepages. This includes: 1) creating, 2) editing, 3) deleting, 4) moving, 5) etc. In addition,it is the installation you will be developing against as you can easily observe both Authorand Publish views.

How to install atl Author instance:

1. Create a folder structure on your file system where you will store, install, and startCQ5 (e.g. C:/day/cq5/author).

WARNING

MS Windows users, please do not use spaces in your newly created folder structure (e.g. C:/thisis bad/cq5/author). This will cause CQ5 to error.

2. Copy the CQ5 quickstart JAR and license. properties file from .iUSB'?/distribution/

cq5_wcm into the newly created folder structure.


-Preface

Formatting Conventions

EXERCISE 1 - Install & Start an Author Instance

EXERCISE 2 - Edit a Page

5

6

7

13

EXERCISE 3 - Browse Related Application/Server Intenaces 17

EXERCISE 4 - Change Default Passwords 23EXERCISE 5 - Configure Version Manager OSGi Bundle 33

EXERCISE 6 - Set up Replication Agents for two PublishInstances

EXERCISE 7 - Activate Tree

EXERCISE 8 - Add the Dispatcher to the liS WebServer

EXERCISE 9 - Add the Dispatcher to the Apache WebServer

EXERCISE 10 - Configure the Dispatcher

EXERCISE 11 - Optimize Tar PM on Author Instance

EXERCISE 12 - Backup Author Instance

EXERCISE 13 - Using cURL for Automated Backup

EXERCISE 14 - Cluster Two CQ Instances

EXERCISE 15 - Create & Download a CQ Package

EXERCISE 16 - Automating Package Manager with cURL

EXERCISE 17 - Creating Custom Log Files

EXERCISE 18 - User Administration and Security

EXERCISE 19 - Integrate with LDAP for Users and Groups

EXERCISE 20 - Find Slow ResponsesWorld Standard Softare to Unify Your Business WW.day.comCopyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

38

47

49

52

55

69

71

74

76

81

86

91

95

111

1203

-

CQ5 installstartup dialog

Continue reading the section Server is started.

COlllland Line start :

First of all, you may want to know which parameters are available to the server prior toinstallation. Therefore, enter following command to investigate a complete list of optionalparameters:

java -jar cq-author-4502.jar -h

CQ shows all command line options without starting the server.

You can now install/start CQ5 from the command line while increasing the Java heapsize, which will improve performance. Please see image below for an example of thecommand line.

CQ5 command line start

If using the command line, for a 32bit VM enter:

java -Xmx512M -jar cq5-author-4502.jar

World Standard Softare to Unify Your Business www.day.com 9Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

-In the appearing Login screen, enter the default administrator's credentials (admin/admin) then click OK.

CQ5 login dialog

The Welcome screen appears, displaying you the different possibilities to continue. Forthe next exercise, we'll access the Websites console.

CQ5 Welcome Screen

Start and stop CQ5 using scripts:

CRXDE Ute

Rc.plìt:ation

do-s.day,£om

d~ri.'j:ay"com


-Goal

The following instructions explain how to navigate to and edit a page. This is importantbecause you will use the the Websites Administrator Console to create and publish

content throughout the course. In addition, you should understand the interfaces used byyour author community.

To successfully complete and understand these instructions, you will need:

· A running CQ5 author instance

What are the available Author consoles ?

CQ uses a web-based graphical user interface, so you need a web browser to access CQ.The graphical user interface is divided into various web-based consoles where you canaccess all of the CQ functionality:

Console Description

Websites Access all the pages in your website; create, edit, and delete pages; start

a workflow; activate and deactivate pages; restore pages; check external

links; and access your user inbox.

Assets Manage digital assets.

Manage packages, designs,importers, workflow templates and scripts,repUcatIon agents and upgrades.

US0l Adrr;in,:;tratiort

andManage users and permissions.

Manage pages that are in a workflow, create new workflow models usingan easy to use graphical user interface.Workflow:;

AdrmnÎstration Manage your tags and taxonomies.

To Edit a page:

World Standard Softare to Unify Your Business ww.dav.com13Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

.After you open the page, you can start to add content. You do this by adding new orediting existing paragraphs (also called components).

To insert a new paragraph, double-click the area labeled Prag cOllponents or assets here...or drag a component from the floating toolbar (called sidekick) to insert a new paragraph.This area appears wherever new content can be added, such as at the end of the list ifother paragraphs exist or at the end of a column.

4. Drag the Text & i mage icon from the sidekick to the center of the dotted rectangle anddrop it in. The green check mark will tell you that the drag-and-drop is allowed.

5. Double-click the thumbnail placeholder for the component to open the dialog box.

'Nrn.~,,,,,,-.,-et:C;'i2L;m,El..,.. ~¡iaLimpolmlilÆ¡"tci",rtirxìc;!i ær_l~is cmmA£r.,mPlddn:~I~it"..¡~

~,;)n~,

6. Click the Illage tab to open the Image pane of the dialog box. Drag-and-drop an imagefrom the Content Finder to the dialog box.

World Standard Softare to Unify Your Business www.day.com15Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

-

Goal

The following instructions explain how to browse the application/server interfacesassociated with a CQ5 installation. This will enable you to use their administrative/configuration capabilities. To successfully complete and understand these instructions,you will need:

II A running CQ5 Author instance

What interfaces exist?

A typical CQ5 installation consists of a Java servlet engine (CQSE), a Java ContentRepository (CRX), and a Launchpad (Felix/Sling) application. They each have their ownWeb interface allowing you to perform expected administrative/configuration tasks.

How to browse the CQSE interface:

1. Enter the URL http://localhost:4502/admin in your favorite Web browser's address bar.

2. Enter the default administrators credentials (admin/admin) in the dialog - then clickOK. The CQSE main console appears.

http:rllocalhost:45Q2/admìri

CQSE login dialog

World Standard Softare to Unify Your Business ww.day.cQm 17Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

-jcr:created

)cr:createdBy

)cr:contentmanagement

bod

String

cq:PageContent

cq:Page

cq:Page

CRX content explorer viewing node /content/geometrixx/en/company

Cot1gratulatio"s! You have successfully logged into the CRX application and have browseda portion of the node (Web site) structure. To be a successful system administrator inCQ5, you need to be able to easily explore/edit nodes and properties at the CRX leveL.

How to browse the Felix interface:

1. Enter the URL http://localhost:4502/system/console in your favorite Web browser'saddress bar.

2. Enter the default administrators credentials (admin/admin) in the dialog - then clickOK. The Apache Felix Web Management Console appears, showing you the Bundlesapplication.

Felix login dialog

3. Follow the link lece"trequests - then click on the Clear link to remove recent requests

from the displayed list.

World Standard Softare to Unify Your Business ww.day.com19Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

-How to use CRXP£ lite:

1. Enter the URL in your favorite Web browser's address bar.Or select the CRXDE Lite console from the Welcome screen.

2. In the upper right corner, click on the drop-down box displaying your user name(admin), then select Login_ Enter the default administrators credentials (admin/admin) inthe appearing dialog, while continuing to use the crx.default workspace - then select OK.

This will take you to CRXDE Lite with appropriate privileges and permissions.

3. Navigate to the folder /apps/geometrixxlcomponents to view the custom componentscreated for the Geometrixx Web site/project.

World Standard Softare to Unify Your Business ww.day.com 21Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

-

Goal

As you may already observed, all interfaces in CQ are sharing the same credentials forthe admin user. The following instructions explain how to change the default passwordsof CQ. This is important because it is part of the security checklist that will ensure yourinstallation cannot be easily infiltrated by hackers. To successfully complete andunderstand these instructions, you will need:


What to do about security?

Most security tasks are handled by a system administrator. It is a good idea for you, theadministrator to have a basic understanding of web application security concerns. Theprimary security concern you will focus on in this exercise is the simple changing ofpasswords, so that you may setup a team development environment as soon as the classis over.

When considering a standard CQ installation, there are three password changes and oneconfiguration you need to alter. If you consider a standard installation, and the elementsinvolved, it actually becomes quite clear. Reflect on the image below:

COSE

launcl'adlFelixlSling)

coiifig

'\

CRX "'

World Standard Softare to Unif Your Business ww.day.com 23Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

-

Change Password:

Old PEi55V)ord:

Nl''-V'1 P assv'Jord:

Confirrn:

~~~~~'0)

Note: '¡'our brO'i'iSer 'Nii! ask \IOU re'.,wthenticôte after the change.

CQSE change password confirm

Congratulations! You have successfully changed the CQSE default administrativepassword. Now focus on changing the content repository's (CRX) default administrativepassword.

fo change the content repository! CCRX) default adllinistrative password:

1. Navigate to the content repository (CRX) application.

· e.g. http://ocalhost:4502/crx

2. Follow the Log In link.


-

Nodi!'-T'Tpe ¿.\dvnFï~:;_tr-,_'Stnn

CRX user administration

5. Navigate to and select the admin user.

ad~nanbíSvmou$

aparker¡geometrixx. cClm

author

CRX admin user

6. Click the link Change Password.


--1. Navigate to the Launchpad (Felix/Sling) application.

· e.g. http://local

2. Enter the default administrator credentials - then select OK.

Ausername and password are being requested bV http://localhost:4502. The siteri1anagelYient Console"

Password:

User Name:

Launchpad login dialog

3. Select Configuration.

Console

Launchpad configuration

4. From the Configurations drop-down box, select the entry named Apache Felix OSc-i

Managellent Console - then cl ick the button Configure.

5. In the field labeled Password, enter the new password (training_osg¡) - then click Save.

World Standard Softare to Unify Your Business WW.day.cpm 29Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

-1. Select CRX Sling Client Repository (second entry, with the long ID) from Configuration

in the Launchpad application - then click Configure.

2. Enter the new password in the field labeled Adllin Password (training_crx) - then clickthe Save button.

JNDI

UR:.

J\lDI

I\ame

DëatJ':

Us€rld

Password

AdminUserld

AdminPassword

acc€sses

Na:-ne of the to access,

Sling client repository admin password

3. Validate changes have persisted properly by requesting the CQ application and login.

· Access CQ via http://localhost:4502/· Username = admin

· Password = training_crx

NOTE

It may take a minute or two for the changes to the CRX Sling Client Repository configuration to populatethoroughly.


-

Goal

aSCi is a fundamental element in the technology stack of CQ5. It is used tocontrol the composite bundles of CQ and their configuration.

aSCi provides the standardized primitives that allow applications to beconstructed from small, reusable and collaborative components. Thesecomponents can be composed into an application and deployed.

This allows easy management of bundles as they can be stopped, installed,started individually. The interdependencies are handled automatically. EachaSCi Component (see the aSCi Specification) is contained in one of the variousbundles.

The following instructions explain how to manage aSCi configuration settings.To successfully complete and understand these instructions, you will need:

· A running CQS author instance

By default, versions are never purged from the repository.

How are Versions Purged?

To control if, and how, versions are managed in your system:

1. Select CRXP£ Lite from the Welcome Screen.

World Standard Softare to Unify Your Business ww_dav_com 33Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

ti5. Fill in the dialog box:

.. Name: conftg

Ii Type: slíng:Folder

Pleas ~rite~ rtooe flame an; sei;

Name:.

~

l'f: ~;ø

.

OJ(

Create Node dialog

6. Right-click the config node you just created.

7. Choose Create --) Create Node

8. Fill in the dialog box:

.. Name: com.day.cq.wcm.core.impI.VersionManagerlmpl

· Value: sling:OsgiConftg

Now you must add properties to thecom.day.cq.wcm.core.impI.VersionManagerlmpl node. You add properties byfilling in the input boxes at the bottom of the properties pane.

9. Set the following three properties on thecom.day .cq .wcm .core. impl. VersionManagerl mpl node:

· Nal1e: versionmanager.purgingEnabled

· fype: Boolean

.. Value: checked (true)


-Mixir,

Deelop Re$Øtc

Stppo

I?roe-rteo

T"" Vall.e "mt Ma'lil r'1ultì-ie Auto Oæte

'~,maroge.miloc Smng

veoom.a~;i:.rçP¡l-~5::ingUfal5e fa&! 1a~52 fi&1

,:conlcri,Ieti: fil~~n ir. raise- fiJ~ fitio ril\s

Configured Version Manager

Congratulations! You have successfully configured an aSCi bundle! Now go backto the CQ5 Author interface and use the sidekick to create more than 5 versionsof any page. Notice what happens to the list of versions once you have morethan 5 versions.

World Standard Softare to Unify Your Business ww.day.com 37Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005

-· Return user input (for example, form input from the publish environment to the

author environment (under control of the author environment).

Replication, to a publish instance takes place in several steps:

· The author requests that certain content be published (activated)

This can be initiated by a manual request, or by automatic triggers which havebeen preconfigured.

· The request is passed to the appropriate default replication agent

An environment can have several default agents which will always be selectedfor such actions.

· The replication agent "packages" the content and places it in the replicationqueue.

· The colored status indicator is set for the individual pages in the SiteAdminconsole (Websites tab)

· The content is lifted from the queue and transported to the publish environmentusing the configured protocol

Normally, the configured protocol is HlTP.

· A servlet in the publish environment receives the request and publishes thereceived content.

How do I access and configure Replication Agents?1. Access the Tools tab in CQ5.

2. Click Replication (left pane to open the folder).

3. Double-click Agents on author (either the left or the right pane).

4. Click the appropriate agent name (which is a link) to show detailed

information on that agent.

5. Click Edit to open the configuration dialog:


-· Use for Reverse Replicatio.-: Indicates whether this agent will be used for reverse

replication; returns user input from the publish to author environment

6. Choose the rransport Tab

7. Make sure that the server and port specified in the URI are correct for thefirst Publish instance.

8. Verify that the specified User and Password are correct to access the firstPublish instance.

9. Click OK to save the settings.

Transport Tab Configuration Parameters:

· URI: This specifies the receiving servlet at the target location In particular, youcan specify the host name (or alias) and context path to the target instance here.

For example:· A Default Agent may replicate to http://localhost:4505/bin/receive?

s I ì ng :auth Req uestlog i n = i· A Dispatcher Flush agent may replicate to http://localhost:8000l

dispatcher /inval ¡date.cache

The protocol specified here (HTIP or HTIPS) will determine the transport

method.


-15. Select the Transport Tab and set the URI to the correct values for the second

Publish instance. Also make sure that the User and Password are correct for thesecond Publish instance.

16. Click OK to save the settings.

Proxy Tab Configuration Parameters:

The following settings are only needed if a proxy is configured in the network.

· Proxy Host: Hostname of the proxy used for transport.

· Proxy Port: Port of the proxy.· Proxy User: User name of the account to be used.

· Proxy Password: Password of the account to be used.

· Proxy NfLM l1olMah,: The proxy NTLM domain.

· Proxy NfLM Host: The proxy NTLM host.

Extended Tab Configuration Parameters:

Interface Socket interface to bind to:

· Hrrp Method: HTIP method to use.

· Hrrp Headers: These are used for Dispatcher Flush agents and specify elements

that must be flushed.

factionl indicates a replication action; fpathl indicates a path.

· ConnectTllMeout: Timeout (in milliseconds) to be applied when trying to establish a

connection.· Socket TllMeout: Timeout (in milliseconds) to be applied when waiting for traffc

after a connection has been established.· Protocol Version: Version of the protocol; for example "1.0" for HTIP /1.0.

Triggers Tab Configuration Parameters:

These settings are used to define triggers for automated replication:


-fo 1l0nitor a replicatio~ agent:

1. Access the fools tab in CQ.

2. Select ~eplication folder in the left pane to expand.

3. Double-click the link to agents for the appropriate environment (either theleft or the right pane); for example, Agents on author. The resulting window showsan overview of all your replication agents for the author environment, includingtheir target and status:

;;lI

4. Click the appropriate agent name (which is a link) to show detailedinformation on that agent:

World Standard Softare to Unify Your Business www.day.com 45Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005

-Goal

From the Websites tab you can activate the individual pages. When you haveentered, or updated, a considerable number of content pages - all of which areresident under the same root page - it can be easier to activate the entire treein one action. You can also perform a Dry Run to emulate an activation andhighlight which pages would be activated.

The following instructions explain how to browse the application/serverinterfaces associated with a CQ5 installation. This will enable you to use theiradministrative/ configuration capabilities. To successfully complete andunderstand these instructions, you will need:

· A running CQ5 Author instance

To activate a cOllplete tree of your website:

1. Access the Tools tab in CQ.

2. Click on Replication - the folder will expand.

3. Then double-click on Activate Tree.

4. A dialog screen, similar to that below, will open.

5. Enter /content/geometrixx/en/company (or something similar) into the StartPath. The Start Path specifies the path to the root of the section you want toactivate (publish). This page, and all pages underneath, will be considered foractivation (or used in the emulation if a Dry Run is selected).


-

Goal

The Dispatcher is Day's caching and/or load balancing tool. Using theDispatcher also helps protect your application server from attack. Therefore,you can increase protection of your CQ instance by using the Dispatcher inconjunction with an industry-strength web server.

The process for deploying the Dispatcher is independent of the web server andas platform chosen:

II Install the supported web server of your choice according to their own

documentation.II Install the Dispatcher module appropriate to the chosen web server and

configure the web server accordingly.II Configure the Dispatcher.

II Integrate with CQ to update the cache when the content in CQ changes.

In this exercise we will install the Dispatcher into an 115 web server.

To successfully complete and understand these instructions, you will need:


II A running CQ5 Publish instance

How does the Dispatcher plug into LIS?1. Unzip the latest Dispatcher build, appropriate for your operating system, to atemporary directory. The Dispatcher files are located on the memory stickunder /distribution/dispatcher.

2. Add the Dispatcher to the list of available ISAPI filters (by adding the DLL tothe liS) use the following steps:

· Extract dispJis.dll into the executable directory of the selected website under 115.Le. -(IISJNSTALLDIR;; /scripts


-4. To ensure access you have to:

· Inside the Internet Service Manager, right click the root node of the appropriatewebsite, then open its Properties dialog.

· Select the Directory Security tab.· Activate Anonymous access.

· To activate the changes you have to restart liS. Either from the liS controlwindow or from a command window:

· net stop w3svc - will stop the liS web publishing service· net start w3svc - will start it again

NOTE

Before you can start using the Dispatcher, you must configure the Dispatcher.

Congratulations! You have successfully integrated the Dispatcher with the liS webserver.


-· LoadModule to load the module 011 start up.· Dispatcher-specific configuration entries, including

DispatcherConfig,DispatcherLog and DispatcherLogLevel.

· SetHandler to activate the Dispatcher. LoadModule.

4. Register the Dispatcher module by adapting Apache's configuration file(apache_hotMe)/conf/htlpd.conf. The Dispatcher-specific configuration entries are

placed after the LoadModule entry.

5. Add the following text to the htlpd.conf file at the end of the Load Module section:

# LoadModule foo_module libexec/mod_foo.so# Add to the end of the LoadModule sectionLoadModule dispatcher_module modules/disp_apache2.2.dll

## configure the minimal setting for the dispatcher# the main configuration is read from the 'DispatcherConf ig' file.#~IfModule disp_apache2 .c~

# location of the configuration file. eg: 'conf / dispatcher. any'DispatcherConfig conf/dispatcher. any

# location of the dispatcher log file. eg: 'logs / dispatcher. log'DispatcherLog logs/dispatcher. log

# log level for the dispatcher log # 0 Errors# i Warnings# 2 Infos# 3 DebugDispatcherLogLevel 3

# Def ines the Server Header to be used:# undefined or 0 - the HTTP server header contains the CQ version.# if turned to i, Apache server header is usedDispatcherNoServerHeader 0

# if turned to i, request to / are not handled by the dispatcher# use the mod alias then for the correct mappingDispatcherDeclineRoot 0

# Defines whether to use pre-processed URLs:

# 0 - use the original URL passed to the web server.# i - the dispatcher uses the URL already processed by the handlers# that precede the dispatcher

# (i.e. mod_rewrite) instead of the original URL passed to the webserver.


-

Goal

Now that we have integrated the CQ5 Dispatcher with the web server, we mustconfigure the Dispatcher so that it can find its associated Publish instances,knows which pages to cache and where to cache them.

In this exercise we will configure the Dispatcher with appropriate settings tocache pages as desired, and define a Dispatcher Flush agent to invalidate thecache in response to content update. To successfully complete and understandthese instructions, you will need:

· A running CQS Author instance

· A running CQS Publish instance

Configuring the dispatcher .any fileBy default the Dispatcher configuration is stored in dispatcher.any, though youcan change the name and location of this file during installation. Thedispatcher.any file is independent of web server and operating system, so thefollowing instructions are appropriate to both liS and Apache. The onlydifference between the two configurations is the usage of the property /homepage, which is used only by liS.

fo configure the Pispatcher:

1. Open the dispatcher.any file with the text editor of your choice.

2. Make sure the /farms section matches your infrastructure. The /farmssection defines a list of farms or websites. Each /farms section defines:

· A set of load-balanced renderers.· The IP addresses and ports of the publish instances to serve and cache content

from.· Further characteristics including where to cache files, what to cache.

For each farm you can specify separate caching and rendering parameters,some of which have sub-parameters:

World Standard Softare to Unif Your Business ww.day.cgm 55Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

II

3. Verify the list of client headers in the dientheaders section.

# each farm configures a set off (loadbalanced) renders/farms

t# first farm entry (label is not important, just for you

convenience)/website

t# client headers which should be passed through to the render

instances/clientheaders

t"referer""user-agent""authorization""from""content-type""content-length""accept-charset""accept-encoding""accept-language""accept""host""if-match""if-none-match"" if-range""if-unmodif ied-since""max-forwards""proxy-authorization""proxy-connection""range""cookie""cq-action""cq-handle""handle""action""cqstats"

~

4. (lIS-only!) Adapt the homepage property.

/farmst


-dispatcher configuration). You can define several renders within a farm for loadbalancing.

/farmst# first farm entry (label is not important, just for you

convenience)/website

t

# the load will be balanced among these render instances/renders

t/publish1

t# hostname or IP of the render/hostname "127.0.0.1"

# port of the render/port "4503"

L

/publish2t

# hostname or IP of the render/hostname "127.0.0.1"

# port of the render/ port "4504"

ll

Using filters, you can specify which requests are accepted by the Dispatchermodule. All other requests are sent back to the server, where they are offeredto the other modules that run on the web server.

7. Adapt the filter properties to allow or deny access to certain paths.

NOTE

Day Software best practices suggest that you deny access to Ilibs, letc, Icrx, ladmin, Ivar, Itmp, Ihome, lapps and any other URis that should not be accessible from outside. Please seethe Security Checklist for further considerations when restricting access using the Dispatcher.

/farmst

/websitet


-/docroot: This link points to the document root of the web server.

/statfile and /statfileslevel define which parts of the website tree areinvalidated when pages are activated.

/allowAuthorized: Specifies whether requests (pages) that carry anauthentication header are cached.

/rules: List of cachable documents determines which documents arecached

/invalidate: Defines a list of all documents that are automaticallyrendered invalid after a content update.

The docroot link points to the document root of the web server. This is wherethe Dispatcher stores the cached documents, and this is where the web serverlooks for them. If you use multiple render farms, you have to define a differentdocument root on the web server for each farm, and specify the correspondinglink here.

8. Define the location of the web server cache to the Dispatcher.

/farmst

/websitet

/cachet# the cacheroot must be equal to the document root of

the webserver# /docroot "C:/lnetpub/wwroot"/docroot "":Apache_document_root:;"

9. Configuration of the Dispatcher is not yet complete, but at this point we cantest the configuration of the Dispatcher with the web server. Save your changesto the dispatcher.any file.

10. Restart the web server

11. Access the Geometrixx website using the following URLs:

Author instance: http://localhost:4502/content/geometrixx.html

Publish instance: http://localhost:4503/contentlgeometrixx.html


-necessary rights. However, in some setups it can be permissible to cacheauthenticated documents.

14. Set the /allowAuthorized property.

Icachet/docroot "C:/apache/htdocs"/statfileslevel "2"/allowAuthorized "0"

The ¡rules property defines which documents are cached, though theDispatcher never caches a document in the following circumstances:

· If the HTIP method is not GET.

Other common methods are POST for form data and HEAD for the HTIP header.· If the request URI contains a question mark ("7").

This usually indicates a dynamic page, such as a search result that does notneed to be cached.

. The file extension is missing.

The web server needs the extension to determine the document type (the MIME-type).

· The authentication header is set (this can be configured)

If you do not have dynamic pages (beyond those already excluded by the aboverules), you can let the Dispatcher cache everything.

15. Define the list of cachable documents:

/cachet/docroot "C: lapache/htdocs"/statfileslevel "2"/ allowAuthorized "0"/rules

t/0000

t/glob "*"/type "allow"

¡

10001ti glob "i en/news I *"

/type "deny"

World Standard Softare to Unify Your Business ww.dav_com 63Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

-10003tI glob "*. pdf"Itype "allow"

~

~

i 7. Save dispatcher.any changes.

Configuring the Dispatcher Flush AgentIn cases where there are multiple Publish instances, the dispatcher flush iscontrolled by a replication agent operating on the publish instance. However,the configuration is made on the authoring environment and then transferredby activating the agent:

i. Open the CQ Tools console.

2. Open the required replication agent; for example the Uispatcher Flush agent

under Agel'ls on Publish that is included in a standard installation.

3. In the Settings tab ensure that Enabled is active.


-

5. Open the friggers tab. Make sure only the On Modification parameter is checked.


-

Goal

As data is never overwritten in a tar file, the disk usage increases even whenonly updating existing data. When optimizing, the Tar Persistence Managercopies data that is still used from old tar files into new tar files and deletes theold tar fi les that contain only old or redundant data.

This exercise will show you multiple ways to optimize the Tar PM. Tosuccessfully complete and understand these instructions, you will need:


Manually optimizing tar files using CRX ConsoleTo optilliie tar files using the CRX console:

1. In the CRX Console, log in as administrator.

2. Click Repository Configuration.

3. Se lect Tar Persistence Manager Optilliiation and ci ick Start Optilliiation,

U",r,¡":¡ü, .ï,~~i;.~¡.h ;i4ÜI'.;j.i)(l(~.~ (i"~.,*~L,:':øH: l

TIJ$'- ll1" HJ1~im,i:',,~lflrH1

Since our repository has only i tar file (we haven't made enough changes to therepository), the optimization will have no effect.


It

Goal

Online repository backup lets you create, download and remove backup files. It is a "hot"or "online" backup feature and therefore can be executed while the repository is beingused normally in the read-write mode. Backup files are saved in the ZI P compression

format.

In this exercise, you will create a "hot" backup of your Author repository. To successfullycomplete and understand these instructions, you will need:


Creating an online backup

This backup method creates a backup of the entire repository, including CQ5 or otherapplications deployed into it. This method lets you create and later restore the entirerepository and applications running on it, including content, version history,configuration, software, hotfixes, custom applications, log files, search indexes, and soon.

This method works as a hot or online backup, so you can perform this backup while therepository is running. The repository is usable while the backup is running, howeverperformance of the repository will decrease. This method works for the default, TarPM-based CRX instances.

Backup files are saved in the Zi P compression format. By default, they are saved in theparent folder of the folder where the quickstart .jar is running. You can change thelocation where CRX saves backup files.

fo create a backup:

3. Go to the following URL: http://localhost:4502/crx.This will take you to the CRX MainConsole.

4. Log in as the administrator.

5. Click Repository Configuration


-The online documentation provides deeper information regarding this crucial topic,including different scenarios like backing up an clustered node, etc. Check it out underhttp://dev.day.com/content/docs/en/crx/2-0/administering/backup_and_restore.html.

Congratulations! You have successfully created a full backup of your Author repositorywithout taking the instance down.

World Standard Softare to Unify Your Business ww.dav.com 73Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

-The restore procedure is identical to the one described in previous exercise.

COl1gratulatiotls! You have successfully created an automated backup script.

World Standard Softare to Unify Your Business www.dav.com 75Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

-The first thing we need to do is decide on the central, network-accessiblelocation where we will put the shared journal. In general you would have theshared path pointing to a mounted networks drive (via NFSjSAN), but for ourpurposes, any central location will do. For example, we can choose C\cq\shared.

1. Make sure that the node that will become the llaster, the node running onport 4502 is not running.

2. Navigate to -clnstaIlDir::jrepository. Copy the shared folder and paste it intoC\cq.

3. We will tell the llaster node where to find its shared journal. Navigate to-clnstaIlDir::jrepository.

4. Open repository.xlll with a text editor.

5. Find the Cluster elelle"t and make the following changes:

.iCluster'?.iJournal class="com. day. crx. core. journal. FileJournal ",?

"param name="sharedPath" value="C:/cq/shared" I'?"param name=lmaximumSize" value="104857600" I'?


-5. Notice that this instance believes that it is the master of its own cluster.Notice the shared path points to its own repository.

os 'of,rido,/,:$ ;..p 5,1

User-m: admin I Workspace: uK.default I ,Ul.f.-LH!,I! I ;~i~~'.i.t;.b...W.QJ.-.k:,p'.g.i;.t;, I !n:,p'.tx.~.!u;.ell,

?oiiJ:!t.et"~

ldi:,itit'i df9bZ55a~'~~..()5.4 b d9- 3ó :;f"-f,:~62 ~.",6,jl.",,8

Host IOCêllhost:45G..

P,:opositorv Horne c: \cq\'-J uthür2\cn;. QUI..:.,:t.: ,i\xe p ositor\(

Sh¿,red path C: \cq\a uth;)t:'\crx -QIJickstartVe p o,,;;oi-y \,,,Íl ared

No siai/es conri-:çted

Shared p.,rth

6. Enter the shared path of our new cluster into the shared path input field.

UserID: admìn I Work~pace: cF"lo.default I Log Out I Switch Wo!"kspar:e I Imof.t'!woate

Naster"

Ide¡¡tit1' df9b255 a - 9':05-4 b d9- 665e-636B5e tid leeS

os ',ALir:do\~!s ;~:p 5.1

Host loc,:ilhost:4504

Repositor~f Horn!? C :\cq\author2\crx -qui ck ;;taii:\repos ¡tory

shared path C :\cq\a uthor2\crx .qui CK $td~"t\repo$¡t:rV\$hared

No ,¡¿:iiies connected

(;b,.t~~~-

Shaled inith !c/cq/shared

7. CI ick Join.

The join will take a few minutes as the Slave repository is being rewritten withthe information from the Shared Journal.


.Goal

The following instructions explain how to create a CQ package that willcombine all elements of the Training project, minus all jpegs. This is a goodexample of packaging application content, which you could then distribute toteam members for review. To successfully complete and understand theseinstructions, you will need:


· A completed Training project with appropriate extents ions

Why do I need CQ packages?Packages can include content and project-related data. A package is a zip fi Iethat contains the content in the form of a file-system serialization (called"vault" serialization) that represents the content from the repository as an easy-to-use-and-edit representation of fi les and folders.

Additionally, it contains vault meta information, including a filter definition, andimport configuration information. Additional content properties can be included

in the package, such as a description, a visual image, or an icon. Theseproperties are for the content package consumer for informational purposesonly.

You can perform the following actions with packages:

· Create new packages

· Modify existing packages

· Build packages

· Upload packages

· Install packages· Download packages from the package share library· Download packages from CQ to a local machine· Apply package filters

· View package information

fo create, build, and download a CQ package, in the -fools- section of CQ5:

World Standard Softare to Unify Your Business ww_dav_com 81Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005

-5. Enter the package "Group Name" (training) and "Package Name" (training-project).

traíníng

traínlng-proJ8ct

CQ new package dialog

6. Select the training-project package.

7. Add the Component Filter Definition to the paragraph system Component -then open (e.g. double-click).

Page view of component addition

8. Enter the "Root Path" (lapps/training) and a "Rule" that excludes all jpegs

(Exclude =:: .+\.jpg) - then select OK.


-JSP

.l /apps./training/'components/con tent, logo,/design_dialog, xmlA /apps/training/'component.s/content complexA /apps/ti-airiing/componen ts/content coilLplex./, content. Eml.l /apps/tra.ining,/components/content /comple:.:/complex, JSPA /apps/training/'components/content,/comple::.::/dialog, XJnl.l /apps,..ti-aining/components/content./complex/design_dialog, xml.l /apps/training/components/content/cOJlLplex/_c~edi tConf ig. xrri!A /apps/training/components/con ten t/search.l /apps/training/components/content/search/, content. xml.l ,/apps/training/components/content/search/seai'ch. JSPA /apps/training/srcA ./apps/training/installA /apps/ training/docroot.À /apps/training/training-widgets J s.À /apps/training/training-widgets J S/. coritent XII!.À /apps/training/training-widgets j s/f iles.À /apps/training/training-widgets J s/f i les/. content xml.À /apps/trainiug/training-widgets J s/f iles/training, JS.À /apps/training/global.À /apps/training/global/ini t jsp.À METÀ-INF/vaul t/det ini t ion/. content xml

Package created in 782ms.

Package build output

Package build information

10. Download the package by entering the URL of the package's ZiP in your Webbrowser's address bar.

· e.g. http://localhost:4502 /etc/packages/training/training-project.zip

Congratulations! You have successfully created a package, added a rule to thefilter definition, built the package, and have downloaded the package, whichyou can now share with your CQ development team.

World Standard Softare to Unify Your Business WW.day.comCopyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

85

-~response/

~data/+ -- - - - - - - - - - -+ - - - - - - - - - - -- - - - - - - - - -- - - - - - - - - - - - - - -- - - --+I Arguments I Comment I+- -- - - - - - - - - -+- - - - - - - - - - - - - - - - - - - - - - - - -- - -- - - - -- - - - - - --+I cmd=help I print this help I+-- - - - --- - - - -+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -- - - -- - - - - --+I cmd=ls I print a list of all packages I+-- - - - - - - - - - -+- -- - - - - - - -- - - - - - - - - - --- - - - - -- - - - - - --- - -- - +

cmd=rm I remove a packagename I package name

I (group) I group name (optional) I+- - - - - -- - -- - -+- - - - --- - - - - - -- - - - - - - - - - - - - - - - -- - - -- - - -- --+

cmd=build I build a packagename I package name

I (group) I group name (optional) I+- - - -- - - - - - - -+- - -- - - - -- - -- - - -- - - - - -- - ---- -- - - - - - - -- - ---+I cmd=ins I installs a packageI name I package nameI (group) I group name (optional) I+-- - - - - - - -- - -+- -- - -- - - - - - - -- - -- - - - - - - - - - - - - -- - -- - - - -- --+

cmd=unins I uninstalls a packagename I package name

I (group) I group name (optional) I+ --- --- - - - - --+- - -- - - - ----- - - - - - - - - -- - - - -- ---- - - -- -- - - --+I GET I downloads a package.I I ( content-disposition header containsI I the correct filename)I (cmd=get) I optionalI name I package nameI (group) I group name (optional) I+ -- - --- - - - - - -+- - - - -- - -- -- - - - - - - - - - - -- - - - - - - -- - - - - - - -- --+I POST I upload a new packageI file I pacakge to uploadI (name) I optional nameI (install) I automatically install package if 'true' I+--- - -- -- - - - -+- - --- - - -- - -- - --- - - ---- - - --- - -- - - - -- -- -- --+

~/data/~status code="200"/ok~/status/

~/response/~/crx/

2. List the packages currently available on this CQ instance:

curl -u admin:admin http:/ jlocalhost:4502/crx/packmgr/service.jsp?cmd=ls

You should get a response similar to the following:

~crx version="2. 0" user="admin" workspace="crx.default"/~request/

~param name="cmd" value="ls" //


-~/data?~status code=" 200"?ok~/status?

~/response?~/crx?

4. Install a package. Enter the following command to install the package you just

uploaded.

curl -u admin:admin -F name=training_import http://localhost:4502/crx/packmgr/service.jsp?cmd= inst

You should get a response similar to the following:

~crx version="2. 0" user="admin" workspace="crx.default"?~request?

~param name=" cmd" value=" inst" /?~param name=" inst" value="training import. zip" /?~param name="name" value="training import. zip" /?

~/request?~response?

~data?~log?

Installing content...1-- Collecting import information...1-- Installing node types...1-- - nt -? http://www . j cp. org/j cr /nt/1. 01-- - jcr -? http://www.jcp.org/jcr/1.01-- - sling -? http://sling.apache.org/jcr/sling/1.0

1-- A / content/dam/photos/ img4. jpg /j er: content/renditions/cq5dam. thumnail. 48.48 .png

1-- A / content/dam/photos/img4. jpg /j er: content/renditions/cq5dam. thumbnail .140 .100. png / j cr: content

1-- A / content/dam/photos/img4. jpg /j er: content/renditions/cq5dam. thumnail. 48.48. png /j cr: content1-- A /eontent/dam/photos/img4. jpg/jer: content/renditions/original1-- A /content/dam/photos/img4. jpg/jer: content/renditions/original/j cr: content1-- saving approx 42 nodes....1-- Package imported. Package installed in 294ms.

~/log?~/data?~status code="200"?ok~/status?

~/response?~/crx?


-

Goal

Various CQS log files provide detailed information about the current systemstate. In addition to the default system log files you can also create andcustomize your own log files. They can help you better track messagedproduced by your own applications and to separate them from the default logentries.

In this example, we will generate a new log file and monitor only messagesproduced by a specific set of CQS modules. To successfully complete and

understand these instructions, you will need:

. A running CQS Author instance

fo create a custOll log file with a specified log level:

1. Open CRXDE Lite so that you can define a new configuration for the customlog file. You can also use CRXDE or CRX Content Explorer to achieve the sameresults.

Create the Loggit'g Logger

2. If it doesn't already exist, create a new folder named "config" in /apps/geometrixx. Right-click on the geometrixx folder. Select New... Folder.

3. Under /apps/geometrixx/config, create a node for the new Apache Sling

Logging Logger Configuration. Right-click on the new config node and Select

New... Node.

. Nal1e:

fype:

org .apache.sl ing .commons.log. LogManager. factory .config- TRAININGsling:OsgiConfig.

World Standard Softare to Unify Your Business www.dav.com 91Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

-orQ,apoche,sliii IX_

l'iri:i." ,mom. liioÚ' org,apacne,felix Docom, da Up Do

Cm

Pr~~_"

:N"

~""g.~,'¡if.q.m~.Io.ticS ¡¡'i,~,~,~.ç¡~.~.~15 Qi\l.~'i,'S~.~~.ln,rima St'iIiJ "",,¡~,¡l;QI~~-re,,,wr,Oo fals faIr; trY\

;: Ctg.~,~ir.i.m~.Ic,pMt,. St¡,~ (O,J:¥.;JMM,yvn f¡¡1:='r'ns,S5:;~ "(01)' ;(2 t/lls( fßI~ ~abi

Create the Logging Writer

A logging writer is only necessary when a configuration that is different to thedefault. The default writer will select a default size of 10MB and 5 as the defaultnumber of files.

5. Under /apps/geometrixx/config, create a node for the new Apache Sling

Logging Writer Configuration. Right-click on the config node. Select New... Node.

. Name:

fype:

org .apache.sl i ng .commons .Iog .LogManager. factory. writer- TRAIN ING

sling:OsgiConfig.

6. Set the following properties on the neworg .apache. sling .commons.log .LogManager. factory .writer-trai ning node:

. Name: org .apache.sl i ng .commons .Iog. fi Ie

. fype: String

. Value: ../Iogs/training.log

. Name: org .apache.sl i ng .commons.log. fi Ie .size

. fype: String

. Value: 1mb

· Name: org.apache.sling.commons.log.file.number

World Standard Softare to Unify Your Business ww.dav_com 93Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005

-

Goal

This exercise describes how to configure and manage user authentication andauthorization within the CQ5 scope. To successfully complete and understand theseinstructions, you will need:

II A running CQ5 author instance

Users and GroupsUsers

Users: A user models either a human user or an external system connected to the system.The user account holds the details needed for accessing CQ. A key purpose of anaccount is to provide the information for the authentication and login processes -

allowing a user to log in. Each user account is unique and holds the basic accountdetails, together with the privileges assigned. Users are often members of Groups, whichsimplify the allocation of these permissions and/or privileges.

G-roups: Groups are collections of users and/or other groups; these are all called Membersof a group. Their primary purpose is to simplify the maintenance process by reducing thenumber of entities to be updated, as a change made to a group is applied to all membersof the group.

Both users and groups can be configured using the Security Console. You can manage allusers, groups, and associated permissions using the Security Console. All the proceduresdescribed in this section are performed in this window.

World Standard Softare to Unify Your Business ww_dav_com 95Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005

-Hide Edit y

L. madmit'

r~1'admir

v PUD. f"lcxì,

admil'Îstrators adiriristratol$

l Sort

Soa rlOnvrrOl.$ arorvrrOt:$

l'11'eA!ìsor Parker

m

author aLtbo,

oortribl.tor ContribLtors

~'Crjl e,,'C!Ì''C~

Jo1'l' l:

First, we will create 2 user accounts. After that, we create a group and assign someproject specific restrictions to it. Finally, we add the new users to this group.

Creating Users and Groups

To create a new user:

1. In the Security window tree list, click Edit) Create) Create User.

Create U;ra

Createadministratois adrri 11 istrawr:;

anonymous arlOnyil)Activate

DeactivateAlisol1 Parkr

31.trlor aiArlor

2. The Create User dialog box appears. Enter the required details and click Create:


-7. ci ick the Page Perllissions tab. You wi" notice that John has no access to any part ofthe website. The default permissions policy in CQ5 is "deny all".

In CQ5, permissions grant or deny access to content objects. Privileges are used toassign access to the functionality within the application.

8. Click the Replication Privilege tab. You will note the same. John has no rights to

replicate/activate pages.

9. Click the Privileges tab. You will note that he does not have privileges to modify the

hierarchy.

10. No users are specified as potential impersonators of John.

a aparkerljgeometrixx,com Alison Parker

S ~uthor authoris contributor Contributors

is everyone everyone

a ¡brown John Browa ¡doe(ggeometrixx,com John Doe

S jsmith Jane Smith

m tag-admnistrators tag-administrators

~'...v,)varijo".''-Jetc';;::::icontent

G)',',~:CamDaigns

'Ð:'JEnglish(t _::Fran~ais

in user-administrators user-administrators

0J-',:::'Italiari:ZyJB:iiti

"'''::i;~!User Generated Content,.t ,''-'-'-'-:Wiki Content

Qtmp);'':ihome

æ workflow-editors workflow-editors

tß workflow-users workflow-users

We want now create a group with some access rights you could use in future projects,then put the created user(s) into this group. The requirement list for this group memberslooks like:

. Provide access only to the consoles Websites and Iligital Assets. That means, deniedaccess to the other ones (fools, Users, Workfow, fagging).

. Members of this group are allowed to modify content of already existing pages locatedunder Geometrixx ~ English, add new paragraphs and delete them.

. Pages located under Geometrixx ~ French (Français) should be accessed in read-onlymode.

. Page Geometrixx ~ German (Deutsch) is not accessible at all (not visible) to membersof the group.

World Standard Softare to Unify Your Business www.day.cgm 99Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

-2. Click the Page Pen-Missions tab. The tree map will open.

3. it's a good idea to provide read-access to entire repository. Project-specific restrictionscan be easily added at a later time point. Select the node CQ. Per default, users have allaccess rights denied. To provide read access to the root node (CQ), double-click under

the column Itead and select "allow" from the appearing drop-down box. Since accessrights are automatically inherited to child nodes, all members of the legal group havenow read access to all nodes in the CRX repository.

4. Click Save.

Manage Access f:ights for different Websites:

5. Navigate in the tree map to the page you want to add permissions. In our case: CO/content/Geometrixx Demo Site/English.

6. Click the page in the tree. Notice the permissions specified on the right.

7. Double-click under the column Modify and select "allow" from the drop down list.

8. Do the same for the columns Create and Pelete. The red corner indicates that the itemlisted has not yet been saved.

9. Save.

10. Navigate to CQ/content/Geometrixx Demo Site/Deutsch and select "denyN in the f:eadcolumn.

11. Save.

Manage Access f:ights for Pesign:

12. Set Modify rights to "denyN on node CQ/etc/Designs to restrict general usage of alldesigns or select the appropriate design you want to constrain. Make sure, Read accessto designs is still granted, otherwise, page content cannot be correctly rendered.

13. Click Save to persists your modifications into the CRX repository.


-6. Now let's modify the replication privileges for the French branch. Click Add and selectthe page CQlcontent/Geometrixx Demo Site/Français. Veny replication privi leges to it.

7. Repeating previous step, Allow replication to CQ/content/Geometrixx Demo Site/

Français/products.

8. Click Save.

m. admin Adminjstratottp. administrators administrators

a anonymous anonymousff aparker~geornetrixx,CDm Alison Parker

£. author authorat contributor Contributors

ø. everyone everyone

S jbrown John Brown;S- jdoe(ggeometri::x,com John Doe

-S jsmith Jane Smith

¡n tag-administreitors tag-administrators

~ user-administrators user-administrators

ti workflow-editors worklow-editors

fl workflow-users workflow-users

As you can see, you can provide fine-grained replication privileges not only for an entiretree branch, but even on page leveL.

Users without replication privilege granted still have access to the Activate!eactivatebuttons. Clicking on them will not have the desired effect immediately. Instead, aworkflow is started which puts the requested action in the inbox of a privileged userrequesting him to approve and finish the action.

Setting standard privileges:

Standard privileges included in the installation of CQ WCM are for modifying thehierarchy; in other words, creating or deleting pages. The list of privileges available maybe extended for your project.

1. Select the Legal group from the list, double-click to open, and click Privileges.

2. The Hierarchy ModHication privileges will be shown. Make sure Veny is selected.

3. If necessarily, click Save.

l7eny access rights to consoles:

World Standard Softare to Unif Your Business ww.day.cQm 103Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

-6. Follow the link New ACE. The section Local Access Control Policies changes its

appearance.

Sclei-L,

AppHæble Accss Control Po!ís

1;0 ilCditlonal policies to apply

I.l Access Control Polics

re,,:writejcr.illljC. rerr.oveChldNoóes

Effecthie Aa:ssCoiirol Po4icies

7. Click the Srowse button. A new window labeled Principal Srowser appears, displayingall available users and groups.

8. Select the Legal group and click the Select button. The window Principal Srowser

closes and the selected group Legal is shown in the column PrincipaL.

World Standard Softare to Unify Your Business www.dav_com 105Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

-

Applicable Accss Control Policies

Lol Access Control Policies

Effectiv Access Control Policies

I1.Click OK to close the Aecess Control Editor.

12.Repeat steps 3 - 10 to modify the access rights to the other console buttons. Theconsole buttons are represented in CRX by following nodes:

Site Admin (Websites)

DAM Admin

lIibs/wcm/core/content/siteadmi n

/Iibs/wcm/core/content/damadmin

Tools /Iibs/wcm/core/content/misc

Security (Users)

Workflow

/Iibs/cq/secu rity /content/adm in

II ibs/cq/workflow /content/console

/Iibs/cq/tagging/content/tagadmi nTagging

Adding a User and a ~roup to a ~roup

World Standard Softare to Unify Your Business www.dav.com107Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

-3. I n the lllpersonate as: box, choose jbrow.,.

The current user is changed to John 8rown.

After you browsed some pages, you can finish impersonation by clicking theim personated user's name and select Revert to self.

Peleting Users or troups

To delete a user:

1. In the Security window, select Jane Smith (jsmith). If you want to delete multiple

items, Shift+click or Control+click to select them.

2. Click Edit or right-click the user to bring up the context menu. Select Pelete. CQ WCMasks if you are sure.

3. Click OK to confirm.

World Standard Softare to Unif Your Business www.day.com109Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005

-

Goal

You can configure LDAP authentication as a JAAS Uava Authentication andAuthorization Service) module. For this, you need to specify the JAASconfiguration file to the virtual machine.

This exercise will show you how to integrate with an LDAP server and importusers from the LDAP server to the CQ5 instance. To successfully complete andunderstand these instructions, you will need:

II A running CQ5 author instance

II An LDAP server

Setting up a local l,DAP server

1. In the directory distribution/ldap of the training memory stick, you find a ziparchive named openldap-2.2.19-ssl-win32.zip. It contains a pre-configuredOpenLDAP server already containing a set of test users and groups, ready to beused with CRX.

Extract the zip archive to the C:\ drive. As a result, you'll have the LDAP serverinstalled in C:\openldap. Open a command shell (Start # Run..., type in cmd, hitenter. In the command shell, change directory to the OpenLDAP folder by

issuing the command cd c:\openldap :

2. Then enter the command slapd -d 1 which starts the LDAP server. The LOAPserver has fully started when you see the following line at the end of thecommand shell window:


-5. The LDAPbrowser is pre-configured with the correct login information toaccess the local directory server. Select the Quick Connect tab.

Anonymous bínd

User Info

ON:

Password:

6. Fill in the host name and the port number.

. Host:Port:

localhost389.

7. Click fetch l1Ns button to access the Distinguished Name tree.

8. Click Connect.

9. You will see the defined users and groups that will be imported into CQ5.


-class="org. apache. jackrabbi t. core. securi ty. simple. SimpleWorkspaceAccessManager" I'?

.iUserManager class="com. day. crx. core. CRxuserManagerlmpl "'?.iparam name="usersPath" value=" /home/users" I'?.iparam name="groupsPath" value=" /home/groups" I;:.iparam name="defaultDepth" value=" i" I'?

.i /UserManager'?~/Securi tyManager'?

JAAS works on the basis of "LoginModules". In a JAAS configuration file you candefine a sequence of login modules.

An incoming request will be accepted by the first defined login module forauthentication. If the login module cannot authenticate, the request will bepassed on to the next login module in the list of definitions.

In this configuration, the first login module configured is the nativeCRXLoginModule, which tries to authenticate using CRX's local users:

com.day.crx.core.CRXloginModule suffcient;

Only if the user of the request cannot be found among the local CRX users, therequest will be handed over to the next login module, which is the LDAP loginmodule:


-autocreate. group. cn=" rep: cn"autocreate. group. localadrin=" adrin"autocreate . group. uniquernember = "uniquernember"autocreate . group. description = "description"autocreate. path=" splitdn"

cache .expiration=" 600"

cache.rnaxsize=" 100" ;J ;

NOTE

The IdapJogin.conf configuration information used for this exercise is specific to the LDAPserver provided for this exercise. You configuration information will be different and specific toyour directory server.

7. Restart CQ5 for the changes to take effect. From the command line startCQ5 with the following option:

java - Djava.security.auth.login.config=crx-quickstartl server l etclIdap_login.conf -jar cq-author-4502Jar

CRX logs a message (default logging config) confirming which authenticationconfiguration will be used:

· default Repository Login-configuration

· external JAAS login-configuration

*INFO*DefaultSecurityManager: init: use Repository Login-Configuration forcorn. day. crx

*INFO*DefaultSecurityManager: init: use JAAS login-configuration forcom. day. crx

Importing Users from LDAP to CQ5

The LDAP example configuration file contains 5 groups: Authors, Marketing,Human Resources, Products and Management. All groups are member of theAuthors group.

The users themselves are distributed over the department-specific groups;none of them is explicitly in the Authors group, but implicitly, since theirspecific groups themselves are members of the Authors group.


II5. Examine the Idap.log and error-log files from CRX to debug for errors.

The online documentation provides you comprehensive information regarding LDAP

connectivity to CRX. Check out some of the pages under day.com/content/docslurrent/admin ng/ldap....authentication.html .

Congratulations! You have successfully integrated CQ5 with an LDAP server andimported a set of users and groups from that server.

World Standard Softare to Unify Your Business ww.dav.com11 9Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005

-Performance Optimization Methodology

A performance optimization methodology for CQ projects can be summed up tofive very simple rules that can be followed to avoid performance issues from theget go. These rules, to a large degree, apply to Web projects in general, and arerelevant to project managers and system administrators to ensure that theirprojects will not face performance challenges when launch time comes.

Planning for Optimization

Around 10% of the project effort should be planned for the performance

optimization phase. Of course, the actual performance optimizationrequirements will depend on the level of complexity of a project and the

experience of the development team. While your project may ultimately notrequire all of the allocated time, it is good practice to always plan forperformance optimization in that suggested range.

Whenever possible, a project should first be soft-launched to a limited audiencein order to gather real-life experience and perform further optimizations,

without the additional pressure that follows a full announcement.

Once you are "live", performance optimization is not over. This is the point intime when you experience the "real" load on your system. It is important to planfor additional adjustments after the launch.

Since your system load changes and the performance profiles of your systemshifts over time, a performance "tune-up" or "health-check" should be

scheduled at 6-12 months intervals.

Simulate Reality

If you go live with a Web site and you find out after the launch that you run intoperformance issues there is only one reason for that: Your load andperformance tests did not simulate reality close enough.

Simulating reality is diffcult and how much effort you will reasonably want toinvest into getting "real" depends on the nature of your project. "Real" meansnot just "real code" and "real traffc", but also "real content", especially

regarding content size and structure. Keep in mind that your templates maybehave completely different depending on the size and structure of the

repository.

Establish Solid Goals


-The above numbers assume the following conditions:

.. measured on publish (no authoring environment and/or CFC overhead)

.. measured on the server (no network overhead)

.. not cached (no CQ-output cache, no Dispatcher cache)

.. only for complex items with many dependencies (HTML, JS, PDF, ...)

.. no other load on the system

There are a certain number of issues that frequently contribute to performanceissues which mainly revolve around (a) dispatcher caching ineffciency and (b)the use of queries in normal display templates. JVM and as level tuning usuallydo not lead to big leaps in performance and should therefore be performed atthe very tail end of the optimization cycle.

Your best friends during a usual performance optimization exercise are therequest.log, component based timing, and last but not least - a Java profiler.

How to monitor Page response times: To monitor Page response times:

1. Navigate to and open the file request.log located at -(cq-install-dir:: jcrx-quickstartjlogs.

2. Request a Page in author that utillizes your Training Template andComponents.

.. e.g. /content/training/en/company

3. Review the response times directly related to the previous step's request.

· A Page request of /content/training/en/company


-fo lfonitor COllponent based tilling:

1. Request a Page in author that utilizes your Training Template and

Components.

II e.g. /content/training/en/company

2. View the HTML source of the Page requested in step 1.

3. Navigate to and se lect the "filling chart URL" located in the HTM L sou rce.

II You wìl find this URL most likely near the bottom of the HTML source, as it is

generated by the foundation timing Component

~~(!iv claS5="toolbar")-~;sc.ril)t type="te:-tr javascr ipt ,,)-co. ùrCM. edit (( "path": "/content/traìning/en/company/ jcr: content/toolbar" r "type-(I sc.ript)--(/div:;

-(àiv class="disc lairner":;dìsc laimer.(/ (h.".;"-z/div).

HTML source timing chart urI

4. Copy the "Tilfing chart URL" - then paste it in the address bar of your favorite

Web browser.

5. Investigate the visual output to identify any Component that may be causinga slow response time.


-To find long lasting requests/responses:

1. Navigate to the helper tool rlog.jar located in .:cq-install-dir;: /crx-quickstart/opt/helpers using your command line.

DOS location of rlogJar

2. Enter the command java -jar rlog.jar in your command line to get helpconcerning possible arguments.

DOS rlog.jar help

World Standard Softare to Unif Your Business www.dav.com127Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

-2. Select Ctrl-Shift-U to view the timing statistics for that Page.

¿ge lo¿d $~.eic$eic$:I 635 m$ $~¿rt huilding edieing=

676 I 676 m$ Compl ete document lo.dedI 6SO m5 5~¿rt render ing rollover

i I 68i m5 Compl eted render ing rollover

I 687 m5 St.re render ing rolloveri I 688 m$ Compl eted render ing rollover

--- I 692 m5 St.r~ render ing rolloveri I 693 m5 Compl eted render ing rollover

--- I 698 rn5 St.rt render ing rolloveri I 699 m5 Completed rendering rollover

--- I 737 rn5 St.rt rendering rolloveri I 73S m5 Completed rendering rollover

I 743 m$ St.rt render ing rollovero I 743 rns Completed rendering rollover

I 748 ms St.rt render ing rolloveri I 749 ms Co~.leted rendering rollover

I 754 m5 St.rt rendering rolloveri I 7SS m5 Completed rendering rollover

I 810 m$ St.re rendering rollovero I S10 rns Compl eted render ing rollover

I 821 rns finished huil ding edit ings3ii I 987 ms 5t.rt render ing s idek ieki47 I ii34 ms - Coi~leted rendering $idekiek

Page timing statisticsCongratulations! You have successfully viewed the timing statistics for a Page.

Again, this is to aid you in reviewing the performance of specific Pages, so thatyou may meet your project's performance goals.

fo investigate a systell where sOlle processes are really sloYl but not blocking:

A simple CPU profiling tool is included with CRX 2.0.x. To start it, open:

http://localhost:4502/crx/diagnostic/prof. jsp

1. Set the sample interval and stack depth (or use the default)

2. Click "Start Collecting" and wait to collect data while your slow processexecutes

3. Click "Stop" to stop data collection

4. Examine the results

Additional External fools:


-

GoalIf an application opens JCR sessions explicitly, it is the responsibility of thedeveloper to ensure the proper closure of these sessions. If not, such sessionswill not be subject of garbage collection and thus will stay in memory, causingabove listed symptoms. Each JCR session (CRXSession) creates and maintains itsown set of caches which adds to the overall resource consumption.

In this exercise, we will generate stack traces for the CQ5 instance and analyzethose traces with session_analyzer.jar. To successfully complete andunderstand these instructions, you will need:


· session_analyzer.jar from the USB stick

Finding Unclosed Sessions

1. Discover the process id for the CQ5 process by issuing the followingcommand in a command line window: jps-I

2. Run following command to determine the overall number of currentCRXSessions held in memory:

jmap -histo .-pid'? I grep CRXSessionlmpl

World Standard Softare to Unify Your Business ww.day.com131Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005

-This will generate a new file output.txt that contains the stack trace of unclosedsessions, sorted by stack trace content. Each stack trace is one line, and'compressed' a bit (repeated prefixes are removed). The session id is at the endof the line.

corn. day. crx. j 2ee. JCRExplorerServlet. login (JCRExplorerServlet. java: 521)ResourceServlet. spoolResource (ResourceServlet. java: 148)java.lang.Thread.run(Thread.java:595): session# 10023

This example means session #10023 was not closed, and the stack traceincluded the given lines when the session was opened. Based on this outputyou should be able to find the defect code location and fix the problem.

Congratulations! You have successfully found and analyzed unclosed JCRsessions.

World Standard Softare to Unify Your Business www.dav.com133Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

-CRXDE Lite Console

2. If the /apps/geometrixx/config folder does not exist:

a. Navigate to /apps/geometrixx.

b. Right-click on the geometrixx node.

c. Select Create and follow the arrow to Create Node.

Ji~..."

r~

d. Fill in the dialog box:

Name:Type:

configsling:Folder

p~ enter !"rx ii~ aM ~ i'1l.

i..me:

typ:

CNce

Create Node dialog


-

Goal

Sometimes it makes sense to analyze the network traffc between the client(web browser) and the server (CQ5) to detect possible bottlenecks. For thispurpose we use a tool provided out-of-the-box by CQ5 : proxy.jar.

This tool redirects all HTIP requests to/from the server. This utility, which logsthe complete HTTP conversation, is installed as a proxy between a client and aserver.

Proxy.jar is not aware of the underlying application protocol. It simply dumpsthe complete communication stream including content and headers. Thismeans, you can use the application to analyze traffc of any protocol e.g., SMTP,LDAP, HTTPS, etc. Proxy.jar can also be used as a simple port forwarding proxy

if you need to go through a different port to test a CQ5 instance.

Note: Proxy.jar can be used to:

· Check for cookies and their values· Check for HTTP request and response headers and their values· Check if "Keep-Alive" works

· Find lost requests· Find hanging requests

In this example, we will install proxy.jar between the browser client and CQ5.To successfully complete and understand these instructions, you will need:


· proxy.jar from -(lnstalIDir /crx-quickstart/opt/helpers· proxytext.zip content package containing a sample template for use with

proxy.jar

Install the Proxy Test Template1. Open the CRX Content Explorer Console of your instance

http://localhost:4502/crx

2. Login as admin.


-The available parameters are:

Parameterhost

remote port

Description

Host of running C05 instance, e.g. "Iocalhost'

The port used by CQ5 instance on which proxy. jar wil forward allrequests.. e.g. "4502".

on which proxy. jar is listening. e.g. "44",local port

The available options are:

Option~q

DecriptionQuiet Mode

~b

Use it if you don't want proxy.jar to send its output to the console (sinceoutputtng to the console slows down the connection), you can redirect theoutput to a log file with this option.

Binary Mode

-t

This option helps you look for specìfic byte combrnations in the traffic. Theoutput wil contain hexadecimal and cnaraceroutput.

log entries

-Iogfîle dlename;:

option adds a timestamps to each log entry. The time resolution is inseconds. This may not be suitable for checking single requests. Use theTimestamps option if you run proxy .j ar over a longer time period.

Write to a log file

-I c:umlndention~

Dumps the conversation into a log file, even if in "Quiet Mode -q".

Add Indention

For better readabilty, each active connecion gets. indented. If the default16 levels do not suit you fine, you can change the amount by adding the..umlndentions;: you want.

2. Start up proxy.jar with the following command:

java -jar proxy.jar local host 4502 4444 -Iogfile proxytest.log

World Standard Softare to Unify Your Business ww.dav.com139Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005

-3. Open the log file proxytest.log and analyze a section of log entries. Keep inmind that we used a simple script displaying some text and a .png image. Sowe should see two connections for this related request. Any other connectionsare the result of the welcome page and authentication mechanism.

Startup Info:

Starting proxy for localhost: 4502 on port 4444using logfile: /cq5/author/crx-quickstart/opt/helpers/proxytest. log

The start of the first connection (0) requesting the main HTML page. The HTTPheader fields are listed:

C-O-#OOOOOO -~ (GET /proxytest.html HTTP/I.l )C-0-#000030 -~ (Host: localhost:4444 )C-0-#000052 -~ (USer-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5;en-US;rv:I.9.lb3) Gecko/20090305 Firefox/3.lb3 )C-0-#00016I -~ (ACcept: text/html, application/xhtml+xml, application/xml; q=O. 9 , * / * ; q=O . 8 )C-0-#000234 -~ (Accept-Language: en-us,en;q=0.7,fr;q=0.3 )C-0-#000276 -~ (ACcept-Encoding: gzip,deflate )C-0-#000307 -~ (ACcept-Charset: ISO-8859-I,utf-8;q=0.7,*;q=0.7

The client requests a "Keep Alive" connection (wants to send multiple requestsover the same connection):

C-0-#000355 -~ (Keep-Alive: 300 )C-0-#000372 -~ (Connection: keep-alive

This proxy tool is also useful to verify if cookies are properly set or not. Herewe see a generated cookie named JSESSIONID. This cookie is automaticallycreated if not explicitly denied in the JSP script using

o(%(Q page session="false" ?:

C-0-#000396 -~ (Cookie: clickstreamcloud=marketing: interest/product=l3,marketing: interest/ business=63, marketing: interest/ investor=58 ,marketing: interest/servic)C-0-#000537 -~ (es=46 ,marketing: interest/employment=6;ys-cq-cf -c lipboard=o% 3Acollapsed % 3Db%2 53AI; ys-cq-cf-east=o% 3Acollapsed% 3Db%253AI;ys-cq-cf-tabpanel=o)C-0-#00067 8 -~ (%3AactiveTab%3Ds%253AcfTab-Images;


-S-1-Finished: 22899 bytes (1.0 kb/s)C-1-Finished: 6271 bytes (0.0 kb/s)S-O-Finished: 138895 bytes (6.0 kb/s)C-O-Finished: 7398 bytes (0.0 kb/s)

The above exercise is simple and the log entries should be easy to analyze,since the two connections occur one after the other (first HTML request, thenthe browser realizes that it has an image to request and opens a secondconnection). Generally, a normal page generates many parallel requests forimages, css, javascript files, etc., each of which are referenced within the HTMLstream. So the log entries will overlap on parallel open connections. In thatcase, it's recommended to start the proxy with option "-i", (add indentions) toget better readability.

Congratulations! You have successfully analyzed a conversation between a CQ5browser client and the CQ5 server.


-As with any upgrade, you should carefully consider value versus risk for yourdeployment. This includes testing the planned upgrade to ensure it passes youracceptance tests.

What will be Upgraded

The repository upgrade, as recommended here, has the following effect on thesystem. The following are upgraded:

· Infrastructure: CRX Repository with all repository management and

development tools· CQS Platform: CRXDE support package for CRXDE Lite and CRXDE

The following are not upgraded:

· Apache Sling and Apache Felix framework

· None of the CQ5 application components (bundles); with the exception ofthe CRXDE support package

The recommendation not to upgrade the Apache Sling and Felix frameworks, orany other application components, ensures that the stability of the CQ5application as a whole is retained by minimizing the changes.

The following are removed:

· CRXDE Lite was a separate web application in CQ 5.3 (CRX 2.0). It is nowintegrated into the main CRX web application.


-

~..~~ ~1;:IIOtl~AG. "'~..""12. Using the CQSE admin console, Stop the CRX Launchpad application

13. Stop and Remove both:

· Icrxde (the CRXDE application)

· Icrx (the CRX application)

14. Add a new:

· Icrxreferencing the following file from the unpacked CRX 2.1:crx-quickstart/ server /webapps / crx-explorer _crx.war


-5. Restart CQ to ensure that all OSCi bundles have been started.

NOTE

In case of problems with CQ startup, please open the Apache Felix Web ManagementConsole (http://-:host:; :-:port:; /system/console) and check if all the bundles have beenstarted. If a restart does not help, please start the bundles manually.

15. Confirm the upgrade of CRX by accessing:

· CRXfor example, http://localhost:4502 /crx /index.jsp

The version details on the welcome screen will now show 2.1.· CRXDE Lite

for example, http://localhost:4502 /crxdelThe version details on the welcome screen will now show 2.1.

· CQuse CQ to access your content, check everything is operating asexpected.

CAUTION

You must test the operation of the upgraded instance; highly customized

items may need to be upgraded separately.

NOTE

CRXDE Lite is now bundled with CRX (and not a separate webapp), accessusing /crxde; for example, http://localhost:4502/crxdel).


-sudo In -s dispatcher-apache2.2-4.0.6.so mod_dispatcher.so

After doing so you will be able to see in the finder the filemod_dispatcher.so in the /usr/libexec/apache2/ folder

indude!ib

Hbexec

II airportd

apache2dispat cher-apadie2, 2 -4,0,6.50hupd.exp

II Ubphp5,so

II mod_actionsso

II mod_aHauo

II mod_así,so

II mod_auth_basic50

II mod3lUlh_digesi.SO

II mcd_aUlhIUIMll,SO

II mod_auth,ullx:Lso

II mod_authn_dbm"o

II mO(Cauthn_defaulLSo

II mod_aulhn_f¡e,so

II m()tauthz_dbm,so

II mod_aulhz_defauILSO

Apr 20, 20lD 9:02 AMMar 19, 2010 4:09 I'M

Apr 20, 20lD 9:02 AMApr 20, 2010 9:07 AM

Feb 11,2010 3:34 AMToday, 1:44PM

Today, 136 PM

Oct 16,2009 5:11 AM

Feb 11, 20lO 5:32 AM

Dec 9, 20097:25 I'MDec 9. 2009 7:25 PM

Dec 9,20097:25 I'MDec 9, 2009 725 PMDec 9, 2009 725 PMDec 9, 2009 725 PM

Dec 9, 2009 7:25 PM

Dec 9. 2009 7:25 PM

Dec 9.20097:25 PM

Dec 9, 2009 7:25 PM

Dec 9. 2009 7:25PMDec 9. 2009 7:25PM

18.Next, in the finder window of /private navigate to /private/etc/apache2and copy the dispatcher.any file from the unpacked dispatcher archive tothis location.

Configuring httpd.conf

Tell Apache about the Dispatcher. In the folder /private/etc/apache2 you will

find the httpd.conf file (we are using the default apache server that comes withMacOS X). You can also use the httpd.conf file attached that comes with the

dispatcher archive from the USB memory stick.

Follow the instructions in Exercise - Add the Dispatcher to the ApacheWebServer with the following exceptions:

World Standard Softare to Unify Your Business www.day.com151Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005

-The http server process has to have read/write access to that folder in order towrite the cache files. You can of course choose another folder but then you haveto be sure that the httpd server daemon has read and write access to it (chown,chgrp).

1. You must create this folder using a terminal window. Enter the followingcommands:

cd / Library /WebServer /then this

mkdir cache

2. Change the owner and the group of the cache folder

sudo chown _www cachesudo chgrp _www cache

Restart Apache

1. Launch your system preferences

2. Then click sharing in the internet and wireless group of preferences

3. Then launch the webserver by clicking Web sharing. Your apache webserverwill be running then on the port 80.If you see Web Sharing already running, stop it and relaunch it so that yourApache server can get the new configuration loaded


-DO'Taín Name d.iy.com Search Base

Admín Usef~1D adf~iif1

Password p.iS5

Contall

Importing Initial Users and Groups

We need a tool to help us import our initial groups and users into the LDAPserver so that we can test our CQ5 configuration. For that we will use theApache Directory Studio.

We could use probably the LDAP Enabler application but then we would have to

enter everything by hand. The Apache Directory Studio lets us import Idif files.

NOTEActually, you can use any other application that allow you to import Idif files.

CAUTIONDon't close the LDAP Enabler application though, cause then you'll be shutting down the

LDAP server.

1. Copy the ApacheDirectoryStudio-macosx-..version;: .dmg file from ..USB;: /distribution/MaclDAP to your Applications folder. Or you can download itfrom http://directory.apache.org/studiol .

2. Install the Directory Studio.

3. After launching Apache Directory Studio, configure the connection to theLDAP server. Click on the yellow icon (Idap) in the left bottom corner of theappl ¡cation.

World Standard Softare to Unify Your Business ww.dav_com 155Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005

-Bind password: pass

Authentîcation

Please select In oluthel1ti71eiltío11 method and ínputauthertifìcJtior (Jat,L

8. Click on "Check Authenlication" in order to see if our parameters are definedcorrectly. If the test is successful, a message should appear saying that "theauthentication was successful".

9. If the was successful, click on Finish, all the other parameters used aredefaults.

10. Our connection is verified and we can check the LDAP browser. The LDAPbrowser is will be partially hidden by the LDAP connection window sominimize the LDAP window or just click on the window that is underneath.See figure below:

; Opel'Ciirinean

World Standard Softare to Unif Your Business ww.day.com157Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005

ExerciseBookCQ 5.3SystemAdministratorTrainingOdd

Documents

Transcript of ExerciseBookCQ 5.3SystemAdministratorTrainingOdd