External users
-
Upload
gabriella-davis -
Category
Presentations & Public Speaking
-
view
876 -
download
0
description
Transcript of External users
![Page 1: External users](https://reader034.fdocuments.in/reader034/viewer/2022051515/553905c4550346b4378b48ec/html5/thumbnails/1.jpg)
September 2014
Bringing External Users Into Your Connections 5 WorldGabriella Davis!Technical Director!The Turtle Partnership
![Page 2: External users](https://reader034.fdocuments.in/reader034/viewer/2022051515/553905c4550346b4378b48ec/html5/thumbnails/2.jpg)
01
Let’s talk about me for a minute
✤ Admin of all things and especially quite complicated things where the fun is!
✤ Working with security , healthchecks, single sign on, design and deployment of Domino, ST, Connections and things that they talk to!
✤ Stubborn and relentless problem solver!
✤ Lives in London about half of the time
![Page 3: External users](https://reader034.fdocuments.in/reader034/viewer/2022051515/553905c4550346b4378b48ec/html5/thumbnails/3.jpg)
What’s This All About?
![Page 4: External users](https://reader034.fdocuments.in/reader034/viewer/2022051515/553905c4550346b4378b48ec/html5/thumbnails/4.jpg)
![Page 5: External users](https://reader034.fdocuments.in/reader034/viewer/2022051515/553905c4550346b4378b48ec/html5/thumbnails/5.jpg)
How Does It Work - The Brief Version
![Page 6: External users](https://reader034.fdocuments.in/reader034/viewer/2022051515/553905c4550346b4378b48ec/html5/thumbnails/6.jpg)
What Can An External Person Do?
✤ Be a full member of a Community that allows external users!
✤ Share Files with others as well as Download files shared with you !
✤ See Activity Streams that they are invited into!
✤ Edit Their Profile!
✤ View business cards of anyone who has shared content with them
![Page 7: External users](https://reader034.fdocuments.in/reader034/viewer/2022051515/553905c4550346b4378b48ec/html5/thumbnails/7.jpg)
What Can’t An External Person Do?
✤ See Any Public Content!
✤ Create a community!
✤ Follow people!
✤ See or search the company directory!
✤ Use type-ahead to find people!
✤ See recommended content or people!
✤ Access the Profiles menu!
✤ Access other user profiles!
✤ See @Mentions for them
![Page 8: External users](https://reader034.fdocuments.in/reader034/viewer/2022051515/553905c4550346b4378b48ec/html5/thumbnails/8.jpg)
✤ An existing Community can’t become a Community that allows external users!
✤ Once created as either internal or allowing external user access - a Community cannot be changed!
✤ Only internal users with a specific role can invite and share with external users!
✤ Communites with external users must be restricted
![Page 9: External users](https://reader034.fdocuments.in/reader034/viewer/2022051515/553905c4550346b4378b48ec/html5/thumbnails/9.jpg)
In general an external user is limited to participating in a restricted community they are invited into
This isn’t a bad thing
![Page 10: External users](https://reader034.fdocuments.in/reader034/viewer/2022051515/553905c4550346b4378b48ec/html5/thumbnails/10.jpg)
Let’s set things up or … here comes the technical bit
![Page 11: External users](https://reader034.fdocuments.in/reader034/viewer/2022051515/553905c4550346b4378b48ec/html5/thumbnails/11.jpg)
01
Internal vs External User Directories
✤ Who am I talking to? Who am I sharing with?!
✤ There needs to be a simple way of identifying internal vs external users!
✤ We need to tell Connections how to identify an internal and external user!
✤ There are three ways to do this!
✤ They all involve using TDI scripts
![Page 12: External users](https://reader034.fdocuments.in/reader034/viewer/2022051515/553905c4550346b4378b48ec/html5/thumbnails/12.jpg)
A Quick Catch Up On TDI
✤ To enable external users, the Profile DB must be used as a Directory!
✤ TDISOL found in the Connections install directory!
✤ Updated on Fix Central!
✤ Files we change for External users!
✤ profiles_tdi.properties!
✤ map_dbrepos_from_source.properties!
✤ sync_all_dns
![Page 13: External users](https://reader034.fdocuments.in/reader034/viewer/2022051515/553905c4550346b4378b48ec/html5/thumbnails/13.jpg)
Separate LDAP Branch or Server
✤ In map_dbrepos_from_source.properties!
✤ mode={func_mode_visitor_branch}!
✤ displayName={func_decorate_displayName_if_visitor}!
✤ displayNameLdapAttr=cn!
✤ decorateVisitorDisplayName= - External User!
✤ In profiles_tdi.properties! ! !
✤ source_ldap_url_visitor_confirm!
✤ source_ldap_search_base_visitor_confirm*!
✤ source_ldap_search_filter_visitor_confirm
![Page 14: External users](https://reader034.fdocuments.in/reader034/viewer/2022051515/553905c4550346b4378b48ec/html5/thumbnails/14.jpg)
Separate LDAP Branch or Server
✤ In map_dbrepos_from_source.properties!
✤ mode={func_mode_visitor_branch}!
✤ displayName={func_decorate_displayName_if_visitor}!
✤ displayNameLdapAttr=cn!
✤ decorateVisitorDisplayName= - External User!
✤ In profiles_tdi.properties! ! !
✤ source_ldap_url_visitor_confirm!
✤ source_ldap_search_base_visitor_confirm!
✤ source_ldap_search_filter_visitor_confirm
![Page 15: External users](https://reader034.fdocuments.in/reader034/viewer/2022051515/553905c4550346b4378b48ec/html5/thumbnails/15.jpg)
Separate LDAP Steps
✤ Ensure the External directory is also configured as a Federated Repository in WAS!
✤ otherwise your external users can’t authenticate!
✤ source_ldap_search_base_visitor_confirm must not be empty!
✤ In mapdb_repos_from_source add sync_source_url_enforce=true so TDI doesn’t remove one directory’s entries
![Page 16: External users](https://reader034.fdocuments.in/reader034/viewer/2022051515/553905c4550346b4378b48ec/html5/thumbnails/16.jpg)
LDAP Attribute
✤ This is a bit easier but needs careful managing!
✤ In mapdb_repos_from_source assign an LDAP attribute so that mode=“external”!
✤ displayName={func_decorate_displayName_if_visitor}!
✤ displayNameLdapAttr=cn!
✤ decorateVisitorDisplayName= - External User
![Page 17: External users](https://reader034.fdocuments.in/reader034/viewer/2022051515/553905c4550346b4378b48ec/html5/thumbnails/17.jpg)
LDAP Attribute As A Function
✤ Instead of mapping an LDAP attribute containing “external” to the mode= entry you can use a javascript function!
✤ The function must compute to the word ‘external’ for external users!
✤ It must be placed in profiles_functions.js file
![Page 18: External users](https://reader034.fdocuments.in/reader034/viewer/2022051515/553905c4550346b4378b48ec/html5/thumbnails/18.jpg)
Whatever Method You Choose !
sync_all_dns.bat when done .. on failure check the logs ibmdi.log and SyncUpdates.log
![Page 19: External users](https://reader034.fdocuments.in/reader034/viewer/2022051515/553905c4550346b4378b48ec/html5/thumbnails/19.jpg)
Exployee-Extended Role
✤ Not all internal users / employees can invite external users - they must have the special Connections role!
✤ “Employee-Extended!
✤ The only way to get this role is to be assigned it via wsadmin
![Page 20: External users](https://reader034.fdocuments.in/reader034/viewer/2022051515/553905c4550346b4378b48ec/html5/thumbnails/20.jpg)
Assigning Roles
✤ From /profiles/dmgr01/bin directory!
✤ wsadmin.bat/sh -lang jython -username <wasadmin> -password <password>!
✤ execfile(“profilesAdmin.py”)!
✤ ProfilesService.setRole(“[email protected], EMPLOYEE_EXTENDED)
![Page 21: External users](https://reader034.fdocuments.in/reader034/viewer/2022051515/553905c4550346b4378b48ec/html5/thumbnails/21.jpg)
Securing the Perimeter
![Page 22: External users](https://reader034.fdocuments.in/reader034/viewer/2022051515/553905c4550346b4378b48ec/html5/thumbnails/22.jpg)
Directory Decisions
✤ How will external users register!
✤ Who will have rights to invite external users!
✤ Password quality
![Page 23: External users](https://reader034.fdocuments.in/reader034/viewer/2022051515/553905c4550346b4378b48ec/html5/thumbnails/23.jpg)
Anonymous Access
✤ Disable Anonymous access for all applications!
✤ Edit each application’s “security role to user group mapping” !
✤ Ensure “reader” is not set to “Everyone”
![Page 24: External users](https://reader034.fdocuments.in/reader034/viewer/2022051515/553905c4550346b4378b48ec/html5/thumbnails/24.jpg)
Public Files
✤ External users can’t see public files!
✤ or can they?!
✤ If you use a caching proxy then the public cache will contain information external users shouldn’t see!
✤ Disable public caching in LotusConnections-config.mxl using <genericProperty name="publicCacheEnabled">false</genericProperty>
![Page 25: External users](https://reader034.fdocuments.in/reader034/viewer/2022051515/553905c4550346b4378b48ec/html5/thumbnails/25.jpg)
Working with Libraries
✤ With CCM installed the URL /dm can provide access to any public Libraries!
✤ External users shouldn’t see public ANYTHING!
✤ Ensure the /dm URL is blocked from public interfaces
![Page 26: External users](https://reader034.fdocuments.in/reader034/viewer/2022051515/553905c4550346b4378b48ec/html5/thumbnails/26.jpg)
Desktop Plugin
✤ When using Connections, the interface constantly warns you if you are going to share with internal users!
✤ The desktop plugin doesn’t do that!
✤ This quote from the documentation says it all!
✤ “In addition, some operations might result in unexpected errors” !
![Page 27: External users](https://reader034.fdocuments.in/reader034/viewer/2022051515/553905c4550346b4378b48ec/html5/thumbnails/27.jpg)
Internal and External (Visitor) Views or.. Spot What’s Missing
![Page 28: External users](https://reader034.fdocuments.in/reader034/viewer/2022051515/553905c4550346b4378b48ec/html5/thumbnails/28.jpg)
Internal - Homepage
![Page 29: External users](https://reader034.fdocuments.in/reader034/viewer/2022051515/553905c4550346b4378b48ec/html5/thumbnails/29.jpg)
Visitor Homepage
![Page 30: External users](https://reader034.fdocuments.in/reader034/viewer/2022051515/553905c4550346b4378b48ec/html5/thumbnails/30.jpg)
Internal Community Page
![Page 31: External users](https://reader034.fdocuments.in/reader034/viewer/2022051515/553905c4550346b4378b48ec/html5/thumbnails/31.jpg)
Visitor Community Page
![Page 32: External users](https://reader034.fdocuments.in/reader034/viewer/2022051515/553905c4550346b4378b48ec/html5/thumbnails/32.jpg)
Internal - My Profile
![Page 33: External users](https://reader034.fdocuments.in/reader034/viewer/2022051515/553905c4550346b4378b48ec/html5/thumbnails/33.jpg)
Visitor My Profile
![Page 34: External users](https://reader034.fdocuments.in/reader034/viewer/2022051515/553905c4550346b4378b48ec/html5/thumbnails/34.jpg)
✤ As A Visitor…!
✤ You can add tags but not see existing tag lists!
✤ You can view partial business cards but not full profiles!
✤ You can search for content but that only finds things that are shared with you!
✤ You can share files but only with the Communities you are part of, not with people directly
![Page 35: External users](https://reader034.fdocuments.in/reader034/viewer/2022051515/553905c4550346b4378b48ec/html5/thumbnails/35.jpg)
✤ All of this is good - it keeps your environment secure!
✤ It protects your users from accidentally sharing something unintended!
✤ It doesn’t give up any information the external user doesn’t already know!
!
!
✤ Some things are a bit buggy but hopefully being fixed
![Page 36: External users](https://reader034.fdocuments.in/reader034/viewer/2022051515/553905c4550346b4378b48ec/html5/thumbnails/36.jpg)
01
Questions?
✤ Gab Davis - Technical Director!
✤ The Turtle Partnership!
✤ GabriellaDavis on Skype!
✤ gabturtle on twitter