This Readme file applies to the following licensed programs:
To see the latest information about the suite, hints and tips, workarounds, code fixes and white papers, see web site:
To access the suite support page, see:
An HTML version of the suite Getting Started manual is located on CD number 1 in directory \info\<xxx>\, where <xxx> indicates the language code for the version of the software you are installing. You can also access an HTML version of the book by doing one of the following:
After you install the suite, you can find translated text versions of the suite license agreement in directory ibmnt\license.
The following sections are considerations when installing WebSphere.
When you install WebSphere using Individual Product install, you must select all of the subcomponents you want to install. During the WebSphere installation, on the Choose Application Server Plugins window, check the box next to Version 1.3.3.x under IBM HTTP Server.
If you configure IBM HTTP Server with a port other than port 80, you must manually update the WebSphere sample shortcut. To change the shortcut, do the following:
http://hostname/IBMWebAS/Samples/Index.html
After adding the port number, the URL looks like the following:
http://hostname:8080/IBMWebAS/Samples/Index.html
The following sections are considerations when installing the Sample Applications.
Use the navigation links (for example, Back, Forward) provided with the Sample Applications. Avoid using the browser Back and Forward buttons.
When you install the Sample Applications, a window containing installation instructions will be displayed. Provide the following information to configure the Domino server.
During installation of the Sample Applications, the Domino web server will be configured to use port 80, and the IBM HTTP Server will be configured to use port 8080 or higher. If the Sample Applications installation detects that port 80 is already in use by another program, an informational message will be displayed prior to the Domino server configuration instructions shown above. If possible, you should reconfigure the other program to use a different port.
If you must change the Domino Web server's port number, use the Lotus Domino Administrator Client:
tell http quit load http
The Intranet Sales Manager and the Customer Service applications are based on Domino and utilize the Domino web server. The Employee Information Management and Buyers Club applications are based on WebSphere and utilize the IBM HTTP Server. The first time you run these applications, you may be asked to supply the hostname and port number information for the Domino web server and for WebSphere (IBM HTTP Server). Read the text of the prompt carefully to determine which web server's information should be provided.
If you enter incorrect hostname and port number information, links to some of the applications will fail. You can correct hostname and port number information by selecting Administrator Information on the Samples' main menu web page.
The following hints and tips relate to DB2 UDB.
Depending on the software products that are installed on the same Windows NT server as DB2 UDB, it is possible that several copies of ldap.dll may be present on the machine. If a back level version of ldap.dll is present, you may see the following error when you attempt to run the db2ldcfg command:
Cannot find ldap_server_free_list in dynamic library ldap.dll
You can correct this error by ensuring that you have installed the IBM SecureWay LDAP client, and that the directory for ldap.dll as provided with that client appears first in the Windows NT system path (before the directories for any other products that include ldap.dll).
To access two of the DB2 Extenders documentation files, correct the shortcut definitions by doing the following:
You should now be able to access the documents.
The following hints and tips relate to IBM Suites Web Administration.
If the port that the web server used for Web Administration is not the default port 80, then you must specify the port number when you start Web Administration:
http://hostName.domainName:portNumber/console
When you remove a server, the server drawer (if previously added) is not removed from IBM Suites Web Administration. When you log on after uninstalling a server, you get a message indicating the server is no longer present. Click OK and Web Administration works fine. You can then use the Console settings task to manually remove the drawer.
The following hints and tips relate to the IBM SecureWay Directory.
If you install SecureWay Directory on the same machine as your Windows NT Primary Domain Controller (PDC), make sure that the users have the user right to log on locally. To set this attribute, do the following:
After installing IBM SecureWay Directory and restarting your machine, the IBM SecureWay Directory service does not start automatically. To set the service to start automatically, do the following:
When reviewing the Windows NT Event Viewer - Application Log, you may see errors logged for the SecureWay Directory server which begin with the following text:
The description for Event ID () in Source () could not be found.
This is a known problem. To determine if there are any serious errors, see the error log found in the SecureWay Directory Server Web Administration.
The following information replaces the information provided in the suite Getting Started manual, Chapter 6, Task 2: Configure the directory, Step 6 (configuring the SecureWay Directory to run with or without Secure Sockets Layer (SSL)).
| Note: | It is possible to obtain a certificate from a public certificate authority to be added to this file, but this is not necessary unless the server is to be accessed from outside the enterprise. |
The following hints and tips relate to the IBM Suites Directory Support.
Users and groups cannot have the common name cn=Domino or cn=NTV4. These names are reserved for use by the SecureWay Directory.
The populate utility populates attributes from Windows NT Domains as
follows:
| Directory Attribute | Taken from this Windows NT Attribute |
| User's Last Name | Username |
| User's Full Name | Username |
| User's User ID | Username |
| Group's Full Name | Group name |
Group memberships are preserved.
Only the global groups for the Windows NT domain are populated. Windows NT local groups are not populated.
The populate utility populates attributes from a Domino directory as
follows:
| Directory Attribute | Taken from this Domino Attribute |
| User's Last Name | Last Name |
| User's Full Name | User Name |
| User's User ID | Short Name, if present |
| Group's Full Name | Group Name |
Group memberships are preserved.
The following example for the Domino populate command appears in the suite Getting Started manual, Chapter 6, Task 5.
Enclose any command arguments that have several parts within quotes. The corrected example follows:
dom2ldif -i "e:\notes\data\sync.ini" -S domserv1 -D dominom1 -O domino1.ldif -G "ou=Marketing,o=Sales,c=US" -U "ou=Marketing,o=Sales,c=US" -A "sys=dominom1,cn=Domino,o=Sales, c=US"
The syntax for the Windows NT domain populate command follows. The nt2ldif command is case sensitive, and all options and parameters must be given in the case shown. This syntax is incorrect in the suite Getting Started manual, Chapter 6, Task 5.
nt2ldif -D dname -O outputfile -G grouplocation -U userlocation -A synchdomain -s TRUE
In both examples, to find the value for synchdomain, from the General Administration drawer of Web Administration, click Work with synchronized directories and then click Show all. The distinguished name appears on the next window.
The account validation utility requires users to provide a user ID and password to validate their new SecureWay Directory account that is created by the populate utility. If the users are populated from a Domino directory, then the user ID and password that is used to validate the account is the user's Domino short name and HTTP password, respectively.
To set the HTTP password for Domino users, do the following:
If you are going to populate more than 32,000 users and groups from a Windows NT Domain or Domino Domain to SecureWay Directory, it is recommended that you add the following stanza to the\sqllib\db2cli.ini file:
[COMMON] TempDir=x:\your-directory
where x:\your-directory specifies an existing directory on a drive that has space available. DB2 will write temporary files to this directory. The amount of space required depends on the size of the directory entries you are adding or updating, but generally does require more space than the size of the largest entry you are updating.
If this update is not made to db2cli.ini, the following error may be logged in SecureWay Directory's slapd error log:
[IBM][CLI Driver] CLI0157E Error opening a file. SQLSTATE=S1507
When you initially synchronize with a Windows NT Domain, attributes are
synchronized as follows:
| Directory Attribute | Goes to this Windows NT Attribute |
| User's User ID | Username |
| User's Password | Password |
| Group's Full Name | Group name |
| Group's members | Group's members |
No other fields are transferred to Windows NT Domains.
| Note: | When you create a new user and synchronize this user with a Windows NT Domain, Windows NT will automatically add this user to the Domain Users group in the Windows NT Domain. This is not automatically done in the SecureWay directory. |
When you initially synchronize with a Domino directory, attributes are synchronized as follows:
| Directory Attribute | Goes to this Domino Attribute |
| User's First Name | First Name |
| User's Last Name | Last Name |
| User's Full Name | User Name |
| User's Password | Password |
| User's User ID | Short Name |
| Group's Full Name | Group Name |
| Group's members | Group's members |
No other fields are transferred to Domino.
If synchronization is enabled for a Windows NT domain after the SecureWay Directory has been populated from that domain, you must load the LDIF file used in population into the synchronization agent. This must be done before additional changes are made to the contents of the SecureWay Directory. To load the LDIF file, you use the ldapadd command as follows:
ldapadd -h hostname -p port -D masterdn -w password -c -f ldif_file
where:
To configure the synchronization agent, you edit the md.conf file. For synchronization with Domino, be aware of the following field restrictions.
Account validation for user entries populated from Windows NT domains only works if the server on which the IBM SecureWay directory is running is a member of the Windows NT domain from which population occurred, or if it is a member of a domain with a trust relationship with the Windows NT domain from which population occurred.
WARNING! If you use General Administration to remove a synchronized Windows NT or Domino domain for a user or group entry in the SecureWay Directory, the corresponding user or group is deleted from the Windows NT or Domino domain. Also, if you delete a user or group entry from the SecureWay Directory, and that user or group is synchronized with a Windows NT or Domino domain, the corresponding user or group entry in the Windows NT or Domino domain is also deleted.
If you want to remove synchronized entries from the IBM SecureWay Directory without affecting the corresponding entries in the Windows NT or Domino domain, or if you want to sever the synchronization between certain entries in the SecureWay Directory and any synchronized domains, do the following:
If you get a blank screen and a directory failed to synchronize to the SecureWay Directory, close and reopen your web browser, and try the synchronization again.
To start the IBM Key Management utility described in Task 7: Enable synchronization of users and groups with other directories, step 5a of the suite Getting Started manual, do the following:
In addition, step 5d of Task 7 states where to add the certificate from the <xxx>.arm file. You should place this file into the keyring created in Task 2, 1a.ii.
If you receive an error when attempting to remove an object (for example, removing an organizational unit), the problem is that the object has other objects beneath it in the directory tree. Delete all users, groups, or other objects beneath this object in the tree and try again.
If you receive an error message when trying to remove a synchronized directory, there may be at least one user or group that is synchronized with this directory. Remove the user or group synchronization from the synchronized directory and try again.
When you install eNetwork Communication Server, the user ID you supply must not be the same name as the machine name. Use a different name for this value.
If a component fails to install, a dialog appears at the end of the installation giving you the option to view the log file, IWIIINST.LOG, for any failed component. For Netscape Communicator, this file is located in the \ibmnt\netscape directory. See the suite Getting Started manual for additional information.
If you receive a message that a shortcut to an HTML file cannot be found, for example a message similar to the following:
"cannot find 'C:\<filename>\INDEX.HTML' (or config file) file.
Click OK to proceed. Even though the message displays, the requested HTML file displays. To avoid getting this message, you can change the name of the program that opens the HTML shortcut file.
The section Netscape FastTrack Considerations in the IBM Suites Getting Started manual describes how to manually configure the Netscape FastTrack web server. The suite installation program automatically configures this server now.
If you plan to use Microsoft Internet Explorer as your default web browser, install Internet Explorer 4.01 or later prior to installing the suite components.
If you have any prior version of Internet Explorer already installed on the server, install Version 4.01 with Service Pack 1 or later on the same drive. Having multiple versions of the same product on a single machine causes installation errors. In addition, MQSeries requires that you install Internet Explorer with the Java Virtual Machine component.
Before you install MQSeries, see the Quick Beginnings manual for more information. PDF versions of the Brazilian Portuguese, English, French, German, Italian, and Spanish manuals are located on CD number 6 in \mqseries\docs\Acrobat\<xx_xx>\, where <xx_xx> indicates the language code for the version of the software you are installing.
In addition, you can access all language versions (including Japanese, Korean, Simplified Chinese, and Traditional Chinese) of the Quick Beginnings manual plus several other MQSeries publications in \mqseries\HTMLHelp\<xx_xx>\, where <xx_xx> indicates the language code for the version of the software you are installing. You must install the HTML Help tool to view this documentation (see \mqseries\Prereqs\HTMLHelp\).
If installed, you have access to the following information from the MQSeries for Windows NT entry on Windows:
In addition, see web sites:
This section defines national language considerations for the suite components:
The following topics are national language considerations for IBM Suites Web Administration.
If you use Web Administration with the Simplified Chinese (CHS) version of Netscape Navigator 4.51, you may find the fonts too small for productive use. You can set the variable width and fixed width font size from the Netscape Navigator dialogs by selecting Edit, Preferences, open the Appearance category, and click Fonts.
If you run Web Administration from a machine with a locale setting of Traditional Spanish, you may see English instead of Spanish text in some places. Either use Microsoft Internet Explorer instead of Netscape Navigator or change your default locale to Mexico.
The following topics are national language considerations for IBM Suites directory support:
You cannot use the account validation utility to set the initial password for an account populated from Windows NT or Domino, if the original user ID or password contained DBCS characters. You must use the user management forms in the General Administration drawer in the IBM Suites Web Administration to set the password.
When you edit the md.conf file to enable directory synchronization, you must ensure that this file is stored in the UTF-8 codepage. This is automatic if all file contents are in US English characters, because the UTF-8 representation of US English characters is the same as the Windows native representation. This is not true for the character sets of most other languages.
IBM SecureWay synchronization agent includes a utility to convert files from the Windows native codepage for the active locale to UTF-8. Instead of using this utility, we recommend that you edit and save the file using Netscape Composer by doing the following.
If you are setting up synchronization with a Domino domain, be careful to put the certificateexpirationdate in a format appropriate to the locale. For the United states, the expiration date might be 12/31/2000, but the same date must be written 31/12/2000 for most European locales, and 2000/12/31 for Japan, China, and some other locales.
If you use SecureWay Directory as your directory server, refer to the SecureWay Directory documentation for information regarding national language support considerations.
For data entry and storage, SecureWay Directory only supports characters contained in the codepages associated with the following languages:
The default locale for machines on which the SecureWay Directory server and the browser used for either IBM Suites Web Administration or SecureWay Directory Administration must be set for one of these languages or another language which uses one of the same codepages. In addition, your browser must also be configured to accept and display character data for the default locale. For example, Dutch characters can be used as long as Dutch is set as the default locale since both Dutch and English use the same codepage.
This limitation also applies to character information entered using IBM Suites Web Administration when used in conjunction with a SecureWay Directory. This includes information related to users, groups, suffixes, organization units, organizations, domains, and localities.
If you use Domino as your directory server, refer to the Domino documentation for information regarding national language support considerations.
The following topics are national language considerations for Netscape Communicator:
In some cases, when you install Netscape Communicator on DBCS language versions of the Windows NT operating system, the installation may stop or hang during the installation of the RealPlayer component. If this occurs, cancel the suite installation, uninstall Netscape Communicator using Add/Remove Programs, and reinstall Netscape Communicator using Individual Product install. When the Netscape Setup Type window appears, select Custom and then click Next. On the Netscape Communicator 4.51 Options window, deselect the RealPlayer 5.0 component. Click Next and then proceed normally through the remaining installation panels.
The installation program and the server and client components in the suite are translated into all languages listed in the suite Getting Started manual with the following additional exceptions:
(C) Copyright IBM Corporation and others 1985, 1999. All rights reserved. U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
This page may contain other proprietary notices and copyright information, the terms of which must be observed and followed.
The following terms are trademarks of the IBM Corporation in the United States or other countries:
The following terms are trademarks of other companies:
Other company, product and service names may be trademarks or service marks of others.