Gabriella Davis, profile picture
Uploaded byGabriella Davis
3,221 views

External users

The document outlines guidelines for integrating external users into a community platform, highlighting what external users can and cannot do. It emphasizes the importance of identifying internal versus external users and the technical requirements needed for proper integration, such as directory configurations and role assignments. Additionally, it addresses security considerations and the limitations placed on external users to maintain a secure environment.

Embed presentation

Downloaded 58 times
Bringing External Users Into Your Connections 5 World Gabriella Davis! Technical Director! The Turtle Partnership September 2014
01 Let’s talk about me for a minute ✤ Admin of all things and especially quite complicated things where the fun is! ✤ Working with security , healthchecks, single sign on, design and deployment of Domino, ST, Connections and things that they talk to! ✤ Stubborn and relentless problem solver! ✤ Lives in London about half of the time
What’s This All About?
How Does It Work - The Brief Version
What Can An External Person Do? ✤ Be a full member of a Community that allows external users! ✤ Share Files with others as well as Download files shared with you ! ✤ See Activity Streams that they are invited into! ✤ Edit Their Profile! ✤ View business cards of anyone who has shared content with them
What Can’t An External Person Do? ✤ See Any Public Content! ✤ Create a community! ✤ Follow people! ✤ See or search the company directory! ✤ Use type-ahead to find people! ✤ See recommended content or people! ✤ Access the Profiles menu! ✤ Access other user profiles! ✤ See @Mentions for them
✤ An existing Community can’t become a Community that allows external users! ✤ Once created as either internal or allowing external user access - a Community cannot be changed! ✤ Only internal users with a specific role can invite and share with external users! ✤ Communites with external users must be restricted
In general an external user is limited to participating in a restricted community they are invited into This isn’t a bad thing
Let’s set things up or … here comes the technical bit
01 Internal vs External User Directories ✤ Who am I talking to? Who am I sharing with?! ✤ There needs to be a simple way of identifying internal vs external users! ✤ We need to tell Connections how to identify an internal and external user! ✤ There are three ways to do this! ✤ They all involve using TDI scripts
A Quick Catch Up On TDI ✤ To enable external users, the Profile DB must be used as a Directory! ✤ TDISOL found in the Connections install directory! ✤ Updated on Fix Central! ✤ Files we change for External users! ✤ profiles_tdi.properties! ✤ map_dbrepos_from_source.properties! ✤ sync_all_dns
Separate LDAP Branch or Server ✤ In map_dbrepos_from_source.properties! ✤ mode={func_mode_visitor_branch}! ✤ displayName={func_decorate_displayName_if_visitor}! ✤ displayNameLdapAttr=cn! ✤ decorateVisitorDisplayName= - External User! ✤ In profiles_tdi.properties! ! ! ✤ source_ldap_url_visitor_confirm! ✤ source_ldap_search_base_visitor_confirm*! ✤ source_ldap_search_filter_visitor_confirm
Separate LDAP Branch or Server ✤ In map_dbrepos_from_source.properties! ✤ mode={func_mode_visitor_branch}! ✤ displayName={func_decorate_displayName_if_visitor}! ✤ displayNameLdapAttr=cn! ✤ decorateVisitorDisplayName= - External User! ✤ In profiles_tdi.properties! ! ! ✤ source_ldap_url_visitor_confirm! ✤ source_ldap_search_base_visitor_confirm! ✤ source_ldap_search_filter_visitor_confirm
Separate LDAP Steps ✤ Ensure the External directory is also configured as a Federated Repository in WAS! ✤ otherwise your external users can’t authenticate! ✤ source_ldap_search_base_visitor_confirm must not be empty! ✤ In mapdb_repos_from_source add sync_source_url_enforce=true so TDI doesn’t remove one directory’s entries
LDAP Attribute ✤ This is a bit easier but needs careful managing! ✤ In mapdb_repos_from_source assign an LDAP attribute so that mode=“external”! ✤ displayName={func_decorate_displayName_if_visitor}! ✤ displayNameLdapAttr=cn! ✤ decorateVisitorDisplayName= - External User
LDAP Attribute As A Function ✤ Instead of mapping an LDAP attribute containing “external” to the mode= entry you can use a javascript function! ✤ The function must compute to the word ‘external’ for external users! ✤ It must be placed in profiles_functions.js file
Whatever Method You Choose ! sync_all_dns.bat when done .. on failure check the logs ibmdi.log and SyncUpdates.log
Exployee-Extended Role ✤ Not all internal users / employees can invite external users - they must have the special Connections role! ✤ “Employee-Extended! ✤ The only way to get this role is to be assigned it via wsadmin
Assigning Roles ✤ From /profiles/dmgr01/bin directory! ✤ wsadmin.bat/sh -lang jython -username <wasadmin> -password <password>! ✤ execfile(“profilesAdmin.py”)! ✤ ProfilesService.setRole(“gabriella@turtlepartnership.c om, EMPLOYEE_EXTENDED)
Securing the Perimeter
Directory Decisions ✤ How will external users register! ✤ Who will have rights to invite external users! ✤ Password quality
Anonymous Access ✤ Disable Anonymous access for all applications! ✤ Edit each application’s “security role to user group mapping” ! ✤ Ensure “reader” is not set to “Everyone”
Public Files ✤ External users can’t see public files! ✤ or can they?! ✤ If you use a caching proxy then the public cache will contain information external users shouldn’t see! ✤ Disable public caching in LotusConnections-config.mxl using <genericProperty name="publicCacheEnabled">false</ genericProperty>
Working with Libraries ✤ With CCM installed the URL /dm can provide access to any public Libraries! ✤ External users shouldn’t see public ANYTHING! ✤ Ensure the /dm URL is blocked from public interfaces
Desktop Plugin ✤ When using Connections, the interface constantly warns you if you are going to share with internal users! ✤ The desktop plugin doesn’t do that! ✤ This quote from the documentation says it all! ✤ “In addition, some operations might result in unexpected errors” !
Internal and External (Visitor) Views or.. Spot What’s Missing
Internal - Homepage
Visitor Homepage
Internal Community Page
Visitor Community Page
Internal - My Profile
Visitor My Profile
✤ As A Visitor…! ✤ You can add tags but not see existing tag lists! ✤ You can view partial business cards but not full profiles! ✤ You can search for content but that only finds things that are shared with you! ✤ You can share files but only with the Communities you are part of, not with people directly
✤ All of this is good - it keeps your environment secure! ✤ It protects your users from accidentally sharing something unintended! ✤ It doesn’t give up any information the external user doesn’t already know! ! ! ✤ Some things are a bit buggy but hopefully being fixed
01 Questions? ✤ Gab Davis - Technical Director! ✤ The Turtle Partnership! ✤ gabriella@turtlepartnership.com! ✤ GabriellaDavis on Skype! ✤ gabturtle on twitter

More Related Content

PDF
External Users Accessing Connections
byGabriella Davis
 
PPSX
Webnet Presentation
byTrish Roque
 
PDF
What is jQuery?
bytina3reese7
 
PDF
Modern Web Development
byRobert Nyman
 
PDF
Planning & Completing An IBM Connections Upgrade
byGabriella Davis
 
PDF
Changing technologies
byGabriella Davis
 
PPTX
User Access Manager for IBM Connections (UAM)
byTIMETOACT GROUP
 
PDF
1084: Planning and Completing an IBM Connections Upgrade
byGabriella Davis
 
External Users Accessing Connections
byGabriella Davis
 
Webnet Presentation
byTrish Roque
 
What is jQuery?
bytina3reese7
 
Modern Web Development
byRobert Nyman
 
Planning & Completing An IBM Connections Upgrade
byGabriella Davis
 
Changing technologies
byGabriella Davis
 
User Access Manager for IBM Connections (UAM)
byTIMETOACT GROUP
 
1084: Planning and Completing an IBM Connections Upgrade
byGabriella Davis
 

Viewers also liked

PDF
Working With Sametime For Mobile Devices
byGabriella Davis
 
PDF
A Guide To Sametime 9.0.1 Audio & Video
byGabriella Davis
 
PDF
What We Wish We Had Known: Becoming an IBM Connections Administrator
byGabriella Davis
 
PPTX
ConnectED 2015 - IBM Notes Traveler Daily Business
byRené Winkelmeyer
 
PDF
Connections Directory Integration: A Tour Through Best Practices for Directo...
byGabriella Davis
 
PDF
The Sametime Mobile Experience
byGabriella Davis
 
PDF
IBM Traveler Management, Security and Performance
byGabriella Davis
 
PDF
The SSL Problem and How to Deploy SHA2 Certificates
byGabriella Davis
 
PDF
Domino Adminblast
byGabriella Davis
 
PDF
Fun With SHA2 Certificates
byGabriella Davis
 
PDF
Upgrading to Sametime 9.0.1
byGabriella Davis
 
PPTX
Soccnx10: IBM Connections Troubleshooting or “Get the Cow off the Ice”
bypanagenda
 
PPTX
IBM Single Sign-On
byVan Staub, MBA
 
Working With Sametime For Mobile Devices
byGabriella Davis
 
A Guide To Sametime 9.0.1 Audio & Video
byGabriella Davis
 
What We Wish We Had Known: Becoming an IBM Connections Administrator
byGabriella Davis
 
ConnectED 2015 - IBM Notes Traveler Daily Business
byRené Winkelmeyer
 
Connections Directory Integration: A Tour Through Best Practices for Directo...
byGabriella Davis
 
The Sametime Mobile Experience
byGabriella Davis
 
IBM Traveler Management, Security and Performance
byGabriella Davis
 
The SSL Problem and How to Deploy SHA2 Certificates
byGabriella Davis
 
Domino Adminblast
byGabriella Davis
 
Fun With SHA2 Certificates
byGabriella Davis
 
Upgrading to Sametime 9.0.1
byGabriella Davis
 
Soccnx10: IBM Connections Troubleshooting or “Get the Cow off the Ice”
bypanagenda
 
IBM Single Sign-On
byVan Staub, MBA
 

Similar to External users

PPTX
The Dev-Admin Chimera: Customising Connections (with Gab Davis)
byMark Myers
 
PDF
Open Mic Webcast: "Connections Next - what to expect from the next version "
byVinayak Tavargeri
 
PDF
Becoming A Connections Administrator
byGabriella Davis
 
PDF
60 Admin Tips
byGabriella Davis
 
PDF
Engage2022 - Domino Admin Tips
byGabriella Davis
 
PDF
Xcc layout-options
byTIMETOACT GROUP
 
PDF
BP201 Creating Your Own Connections Confection - Getting The Flavour Right
byGabriella Davis
 
PPT
Domino security
bydominion
 
PPTX
XCC Benefits - Who profits from XCC?
byTIMETOACT GROUP
 
PDF
Practical solutions for connections administrators lite
bySharon James
 
PDF
Connections fornewbies
byr4ttl3r
 
PPT
Uklug 2014 connections dev faq
byMark Myers
 
PPTX
SPS-NYC 2017: Managing external users in Office 365
byMarijn Somers
 
PDF
Bp307 Practical Solutions for Connections Administrators, tips and scrips for...
bySharon James
 
PDF
IBM Connections 4.5 CR2 Installation - From Zero To Social Hero - 2.02 - with...
byFrank Altenburg
 
PDF
Ibmconnections4 5installation-fromzerotosocialhero-2-01-withdominoldapforslid...
byCristina Garrido Lema
 
PDF
Auto scaling and dynamic routing for was liberty collectives
bysflynn073
 
PDF
Xv ocd2010-jsharp
byJason Sharp
 
PDF
LDAP Applied (EuroOSCON 2005)
byFran Fabrizio
 
ODP
Putting *Sparkle* in Your Social Applications! Customization and Branding wit...
byMitch Cohen
 
The Dev-Admin Chimera: Customising Connections (with Gab Davis)
byMark Myers
 
Open Mic Webcast: "Connections Next - what to expect from the next version "
byVinayak Tavargeri
 
Becoming A Connections Administrator
byGabriella Davis
 
60 Admin Tips
byGabriella Davis
 
Engage2022 - Domino Admin Tips
byGabriella Davis
 
Xcc layout-options
byTIMETOACT GROUP
 
BP201 Creating Your Own Connections Confection - Getting The Flavour Right
byGabriella Davis
 
Domino security
bydominion
 
XCC Benefits - Who profits from XCC?
byTIMETOACT GROUP
 
Practical solutions for connections administrators lite
bySharon James
 
Connections fornewbies
byr4ttl3r
 
Uklug 2014 connections dev faq
byMark Myers
 
SPS-NYC 2017: Managing external users in Office 365
byMarijn Somers
 
Bp307 Practical Solutions for Connections Administrators, tips and scrips for...
bySharon James
 
IBM Connections 4.5 CR2 Installation - From Zero To Social Hero - 2.02 - with...
byFrank Altenburg
 
Ibmconnections4 5installation-fromzerotosocialhero-2-01-withdominoldapforslid...
byCristina Garrido Lema
 
Auto scaling and dynamic routing for was liberty collectives
bysflynn073
 
Xv ocd2010-jsharp
byJason Sharp
 
LDAP Applied (EuroOSCON 2005)
byFran Fabrizio
 
Putting *Sparkle* in Your Social Applications! Customization and Branding wit...
byMitch Cohen
 

More from Gabriella Davis

PDF
A Domino Admins Adventures (Engage 2024)
byGabriella Davis
 
PDF
. Design Decisions: Developing for Mobile - The Template Experience Project
byGabriella Davis
 
PDF
Domino Server Health - Monitoring and Managing
byGabriella Davis
 
PDF
Face Off Domino vs Exchange On Premises
byGabriella Davis
 
PDF
Adminlicious - A Guide To TCO Features In Domino v10
byGabriella Davis
 
PDF
An Introduction to Configuring Domino for Docker
byGabriella Davis
 
PDF
An Introduction To The DMARC SMTP Validation Requirements
byGabriella Davis
 
PDF
× The Road To A #Perfect10 - How To Get Ready For Domino, Sametime, VOP and T...
byGabriella Davis
 
PDF
An introduction to configuring Domino for Docker
byGabriella Davis
 
PDF
How To Approach GDPR Preparation & Discovery
byGabriella Davis
 
PDF
An Introduction To The DMARC SMTP Validation Requirements
byGabriella Davis
 
PDF
Brand Yourself
byGabriella Davis
 
PDF
Home Working
byGabriella Davis
 
PDF
A Guide To Single Sign-On for IBM Collaboration Solutions
byGabriella Davis
 
PDF
The Imposter Syndrome
byGabriella Davis
 
PDF
What's New in Notes, Sametime and Verse On-Premises
byGabriella Davis
 
PDF
An Introduction To Docker
byGabriella Davis
 
PDF
An Introduction To Docker
byGabriella Davis
 
PDF
Setting Up a Hybrid Domino Environment to Ease your Way to the Cloud
byGabriella Davis
 
PDF
Embracing iot in the enterprise
byGabriella Davis
 
A Domino Admins Adventures (Engage 2024)
byGabriella Davis
 
. Design Decisions: Developing for Mobile - The Template Experience Project
byGabriella Davis
 
Domino Server Health - Monitoring and Managing
byGabriella Davis
 
Face Off Domino vs Exchange On Premises
byGabriella Davis
 
Adminlicious - A Guide To TCO Features In Domino v10
byGabriella Davis
 
An Introduction to Configuring Domino for Docker
byGabriella Davis
 
An Introduction To The DMARC SMTP Validation Requirements
byGabriella Davis
 
× The Road To A #Perfect10 - How To Get Ready For Domino, Sametime, VOP and T...
byGabriella Davis
 
An introduction to configuring Domino for Docker
byGabriella Davis
 
How To Approach GDPR Preparation & Discovery
byGabriella Davis
 
An Introduction To The DMARC SMTP Validation Requirements
byGabriella Davis
 
Brand Yourself
byGabriella Davis
 
Home Working
byGabriella Davis
 
A Guide To Single Sign-On for IBM Collaboration Solutions
byGabriella Davis
 
The Imposter Syndrome
byGabriella Davis
 
What's New in Notes, Sametime and Verse On-Premises
byGabriella Davis
 
An Introduction To Docker
byGabriella Davis
 
An Introduction To Docker
byGabriella Davis
 
Setting Up a Hybrid Domino Environment to Ease your Way to the Cloud
byGabriella Davis
 
Embracing iot in the enterprise
byGabriella Davis
 

Recently uploaded

PDF
AAC2026_Keynote_Horx Strathern_Megatrends Countertrends.pdf
byAgile Austria Conference
 
PDF
Ratio-and-Financial-Statement-Analysis.pdf
byRenzoAldeguer
 
PPTX
PRESENTATION OF RESEARCH REPORTS-Research methodology.pptx
byShaliniR691
 
PDF
🇮🇳🇮🇳🇮🇳 Welcome to India 🇮🇳🇮🇳🇮🇳.pdf
bymanjusuhag88
 
PDF
When to Use Google Ads Instead of Local Service Ads: 4 Clear Scenarios
byDigital Harvest
 
PPTX
WEEK-1-3-Measure-of-Position-ILLUSTRATING-AND-CALCULATING.pptx
bymonmonlamanilao
 
PDF
Reasons LSA Ranking Dropped: 3 Causes That Push You Into “See More”
byDigital Harvest
 
PDF
AI for Tree People - Wisconsin Arborist Association Conference - 20260216
byphilippotyondy
 
PDF
AAC2026_Batusek_Beyond the Bus Factor: Build your teams for for the future.pdf
byAgile Austria Conference
 
PDF
Fix Your LSA Reputation Score: 7 Signals That Improve LSA Rankings
byDigital Harvest
 
PPTX
2026-02-15 Hebrews 07 (shared slides).pptx
byDale Wells
 
PDF
AAC2026_Richter_Why Agile Alone Isn't Enough - From Agile Methods to Goal-Dir...
byAgile Austria Conference
 
PPTX
Bob Stewart Women at the well. 02 15 2026pptx
byFamilyWorshipCenterD
 
PDF
LSA Case Study: Cabinet Maker’s Busiest December Using Google Local Services Ads
byDigital Harvest
 
PDF
Designing Spaces that Open Science and Foster Creative Activities (SPCS prese...
bynami575695
 
PDF
AAC2026_Sakotnik_Courage Over Fear: How Wise & Bold Leaders Shape the Future.pdf
byAgile Austria Conference
 
PDF
French Revolution { Class 9 } Presentation .pdf
bymanjusuhag88
 
PDF
AAC2026_Liebisch_It Starts With You - How Personal Growth Builds the Foundati...
byAgile Austria Conference
 
AAC2026_Keynote_Horx Strathern_Megatrends Countertrends.pdf
byAgile Austria Conference
 
Ratio-and-Financial-Statement-Analysis.pdf
byRenzoAldeguer
 
PRESENTATION OF RESEARCH REPORTS-Research methodology.pptx
byShaliniR691
 
🇮🇳🇮🇳🇮🇳 Welcome to India 🇮🇳🇮🇳🇮🇳.pdf
bymanjusuhag88
 
When to Use Google Ads Instead of Local Service Ads: 4 Clear Scenarios
byDigital Harvest
 
WEEK-1-3-Measure-of-Position-ILLUSTRATING-AND-CALCULATING.pptx
bymonmonlamanilao
 
Reasons LSA Ranking Dropped: 3 Causes That Push You Into “See More”
byDigital Harvest
 
AI for Tree People - Wisconsin Arborist Association Conference - 20260216
byphilippotyondy
 
AAC2026_Batusek_Beyond the Bus Factor: Build your teams for for the future.pdf
byAgile Austria Conference
 
Fix Your LSA Reputation Score: 7 Signals That Improve LSA Rankings
byDigital Harvest
 
2026-02-15 Hebrews 07 (shared slides).pptx
byDale Wells
 
AAC2026_Richter_Why Agile Alone Isn't Enough - From Agile Methods to Goal-Dir...
byAgile Austria Conference
 
Bob Stewart Women at the well. 02 15 2026pptx
byFamilyWorshipCenterD
 
LSA Case Study: Cabinet Maker’s Busiest December Using Google Local Services Ads
byDigital Harvest
 
Designing Spaces that Open Science and Foster Creative Activities (SPCS prese...
bynami575695
 
AAC2026_Sakotnik_Courage Over Fear: How Wise & Bold Leaders Shape the Future.pdf
byAgile Austria Conference
 
French Revolution { Class 9 } Presentation .pdf
bymanjusuhag88
 
AAC2026_Liebisch_It Starts With You - How Personal Growth Builds the Foundati...
byAgile Austria Conference
 

External users

  • 1.
    Bringing External UsersInto Your Connections 5 World Gabriella Davis! Technical Director! The Turtle Partnership September 2014
  • 2.
    01 Let’s talkabout me for a minute ✤ Admin of all things and especially quite complicated things where the fun is! ✤ Working with security , healthchecks, single sign on, design and deployment of Domino, ST, Connections and things that they talk to! ✤ Stubborn and relentless problem solver! ✤ Lives in London about half of the time
  • 3.
  • 5.
    How Does It Work - The Brief Version
  • 6.
    What Can AnExternal Person Do? ✤ Be a full member of a Community that allows external users! ✤ Share Files with others as well as Download files shared with you ! ✤ See Activity Streams that they are invited into! ✤ Edit Their Profile! ✤ View business cards of anyone who has shared content with them
  • 7.
    What Can’t AnExternal Person Do? ✤ See Any Public Content! ✤ Create a community! ✤ Follow people! ✤ See or search the company directory! ✤ Use type-ahead to find people! ✤ See recommended content or people! ✤ Access the Profiles menu! ✤ Access other user profiles! ✤ See @Mentions for them
  • 8.
    ✤ An existingCommunity can’t become a Community that allows external users! ✤ Once created as either internal or allowing external user access - a Community cannot be changed! ✤ Only internal users with a specific role can invite and share with external users! ✤ Communites with external users must be restricted
  • 9.
    In general anexternal user is limited to participating in a restricted community they are invited into This isn’t a bad thing
  • 10.
    Let’s set thingsup or … here comes the technical bit
  • 11.
    01 Internal vsExternal User Directories ✤ Who am I talking to? Who am I sharing with?! ✤ There needs to be a simple way of identifying internal vs external users! ✤ We need to tell Connections how to identify an internal and external user! ✤ There are three ways to do this! ✤ They all involve using TDI scripts
  • 12.
    A Quick CatchUp On TDI ✤ To enable external users, the Profile DB must be used as a Directory! ✤ TDISOL found in the Connections install directory! ✤ Updated on Fix Central! ✤ Files we change for External users! ✤ profiles_tdi.properties! ✤ map_dbrepos_from_source.properties! ✤ sync_all_dns
  • 13.
    Separate LDAP Branchor Server ✤ In map_dbrepos_from_source.properties! ✤ mode={func_mode_visitor_branch}! ✤ displayName={func_decorate_displayName_if_visitor}! ✤ displayNameLdapAttr=cn! ✤ decorateVisitorDisplayName= - External User! ✤ In profiles_tdi.properties! ! ! ✤ source_ldap_url_visitor_confirm! ✤ source_ldap_search_base_visitor_confirm*! ✤ source_ldap_search_filter_visitor_confirm
  • 14.
    Separate LDAP Branchor Server ✤ In map_dbrepos_from_source.properties! ✤ mode={func_mode_visitor_branch}! ✤ displayName={func_decorate_displayName_if_visitor}! ✤ displayNameLdapAttr=cn! ✤ decorateVisitorDisplayName= - External User! ✤ In profiles_tdi.properties! ! ! ✤ source_ldap_url_visitor_confirm! ✤ source_ldap_search_base_visitor_confirm! ✤ source_ldap_search_filter_visitor_confirm
  • 15.
    Separate LDAP Steps ✤ Ensure the External directory is also configured as a Federated Repository in WAS! ✤ otherwise your external users can’t authenticate! ✤ source_ldap_search_base_visitor_confirm must not be empty! ✤ In mapdb_repos_from_source add sync_source_url_enforce=true so TDI doesn’t remove one directory’s entries
  • 16.
    LDAP Attribute ✤This is a bit easier but needs careful managing! ✤ In mapdb_repos_from_source assign an LDAP attribute so that mode=“external”! ✤ displayName={func_decorate_displayName_if_visitor}! ✤ displayNameLdapAttr=cn! ✤ decorateVisitorDisplayName= - External User
  • 17.
    LDAP Attribute AsA Function ✤ Instead of mapping an LDAP attribute containing “external” to the mode= entry you can use a javascript function! ✤ The function must compute to the word ‘external’ for external users! ✤ It must be placed in profiles_functions.js file
  • 18.
    Whatever Method YouChoose ! sync_all_dns.bat when done .. on failure check the logs ibmdi.log and SyncUpdates.log
  • 19.
    Exployee-Extended Role ✤Not all internal users / employees can invite external users - they must have the special Connections role! ✤ “Employee-Extended! ✤ The only way to get this role is to be assigned it via wsadmin
  • 20.
    Assigning Roles ✤From /profiles/dmgr01/bin directory! ✤ wsadmin.bat/sh -lang jython -username <wasadmin> -password <password>! ✤ execfile(“profilesAdmin.py”)! ✤ ProfilesService.setRole(“gabriella@turtlepartnership.c om, EMPLOYEE_EXTENDED)
  • 21.
  • 22.
    Directory Decisions ✤How will external users register! ✤ Who will have rights to invite external users! ✤ Password quality
  • 23.
    Anonymous Access ✤Disable Anonymous access for all applications! ✤ Edit each application’s “security role to user group mapping” ! ✤ Ensure “reader” is not set to “Everyone”
  • 24.
    Public Files ✤External users can’t see public files! ✤ or can they?! ✤ If you use a caching proxy then the public cache will contain information external users shouldn’t see! ✤ Disable public caching in LotusConnections-config.mxl using <genericProperty name="publicCacheEnabled">false</ genericProperty>
  • 25.
    Working with Libraries ✤ With CCM installed the URL /dm can provide access to any public Libraries! ✤ External users shouldn’t see public ANYTHING! ✤ Ensure the /dm URL is blocked from public interfaces
  • 26.
    Desktop Plugin ✤When using Connections, the interface constantly warns you if you are going to share with internal users! ✤ The desktop plugin doesn’t do that! ✤ This quote from the documentation says it all! ✤ “In addition, some operations might result in unexpected errors” !
  • 27.
    Internal and External(Visitor) Views or.. Spot What’s Missing
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34.
    ✤ As AVisitor…! ✤ You can add tags but not see existing tag lists! ✤ You can view partial business cards but not full profiles! ✤ You can search for content but that only finds things that are shared with you! ✤ You can share files but only with the Communities you are part of, not with people directly
  • 35.
    ✤ All ofthis is good - it keeps your environment secure! ✤ It protects your users from accidentally sharing something unintended! ✤ It doesn’t give up any information the external user doesn’t already know! ! ! ✤ Some things are a bit buggy but hopefully being fixed
  • 36.
    01 Questions? ✤Gab Davis - Technical Director! ✤ The Turtle Partnership! ✤ gabriella@turtlepartnership.com! ✤ GabriellaDavis on Skype! ✤ gabturtle on twitter