Enabling the discovery service for the HCL Connections™ Mail Plug-in

The discovery service enables the HCL Connections™ Mail Plug-in to access HCL Domino® or Microsoft™ Exchange mail services. The discovery service must be configured before running the HCL Connections™ Mail Plug-in.

Before you begin

To configure the discovery service, you need the following information:

Administrator-level user names and passwords for each LDAP server that you plan to connect to
Server name information for your LDAP servers and your Exchange domains

Exchange only: User name and password that is used to authenticate to the Exchange Autodiscovery servers

Procedure

If you are using only Domino® mail servers, skip to step 3.
If you are using Exchange mail servers, create a keystore certificate file. Do the following steps for each Exchange Autodiscovery server that your Active Directory server recognizes:
1. Ask your Exchange administrator for the certificates from the Exchange Autodiscovery servers.
2. Open a command prompt, and then enter the following command: keytool -import -file certificatefile.cer -alias server name -keystore name of keystore file.
3. Enter a six-character password twice. You need this password again for the configuration of Exchange servers in the socialmail-discovery-config.xml file.
4. When asked to trust this certificate, enter Y.
5. Add the IP addresses of the Exchange Autodiscovery servers to the hosts file of the WebSphere® Application Server and Connections server.
In the folder in which you installed the HCL Connections™ Mail Plug-in (specified during step 8 of Installing the HCL Connections™ Mail Plug-in), locate the socialmail-discovery-config-template.xml and the socialmail-discovery-config.xsd file. Copy both files to the following folder: WAS-root/AppServer/profiles/Dmgr01/config/cells/cell-name/LotusConnections-config.
Rename the copied socialmail-discovery-config-template.xml file to socialmail-discovery-config.xml.
In the socialmail-discovery-config.xml file, replace the example information with your information. For each server configuration in your environment, you must have a ServerConfig tag with a unique name attribute.
Example:
```
<ServerConfig name="domino1">
</ServerConfig>
```

Within each ServerConfig tag, insert the following tags, depending on the type of mail server:

Domino mail servers only:

Table 1. Insert these tags for Domino® mail servers
Property	Value
<ConfigType></ConfigType>	Enter `DOMINO`
<DirectoryServer></DirectoryServer>	Enter the IP address or fully qualified host name of the Domino® LDAP server that is used to determine the validity of email addresses and to return users’ mail setup data. Example: `9.119.6.07` or `serverName.company.com` Note: If Domino® servers are clustered, then the load-balancer or dispatcher that is used with Domino® must be configured to support LDAP look-up.
Optional: <port></port>	To specify a port for the URL specified in the DirectoryServer tag, enter the port number. The protocol for this port must match the protocol used to access Connections.
<DirectoryUser></DirectoryUser>	Enter the name of a Domino® user that has full read access to the LDAP service. Note: Enter only the username. For example, do not include "cn=" or "domain/".
<DirectoryPW></DirectoryPW>	Enter the password for the Domino® user specified in the DirectoryUser tag.
Optional: <FixedServer></FixedServer>	To specify a mail server that might not be the user’s primary server, enter the IP address or fully qualified host name. Example: `9.119.6.08` or `https://serverName.company.com` If this server includes a non-default port, the protocol must match the protocol used to access Connections. Example: `9.119.6.08` or `https://serverName.company.com:843`
<MailPattern type=" "/>	For each domain of email addresses that use this server configuration, enter a <MailPattern type=" " /> containing the domain. The domain is the portion of the email address that follows the at (@) symbol. Example: `<MailPattern type="example.com"/>`
Optional: <SecureLDAP></SecureLDAP>	Only used in combination with the Domino mail servers. SecureLDAP configures the discovery service to use TLS for service communication. Enter `true` Example: `<SecureLDAP>true</SecureLDAP>`

Example, including the optional SecureLDAP property:

<ServerConfig name="domino-config">
            <ConfigType>DOMINO</ConfigType>
            <DirectoryServer>domino.example.com</DirectoryServer>
            <DirectoryUser>username</DirectoryUser>
            <DirectoryPW>password</DirectoryPW>
            <port>636</port>
            <SecureLDAP>true</SecureLDAP>
            <MailPattern type="example.com"/>
 </ServerConfig>

Table 2. Insert these tags for Domino® mail servers that use iNotes® redirector for mail
Property	Value
<ConfigType></ConfigType>	Enter REDIRECT
<RedirectURL></RedirectURL>	Enter the URL to an iNotes® redirection application. The URL must include the redirect database name, unless the redirect database is set as the Home URL for the server. Example: `http://domino22.example.com/dwaredir.nsf` or `http://domino22.example.com` If this URL includes a non-default port, the protocol must match the protocol used to access Connections. Example: `http://domino22.example.com:843`
<MailPattern type=" "/>	For each domain of email addresses that use this server configuration, enter a <MailPattern type=" " /> containing the domain. The domain is the portion of the email address that follows the at (@) symbol. Example: `<MailPattern type="example.com"/>`

Example:

<ServerConfig name="domino-redirect">
		<ConfigType>REDIRECT</ConfigType>
		<RedirectURL>http://domino22.example.com</RedirectURL>
		<MailPattern type="example.com" />
		<MailPattern type="example2.com" />
</ServerConfig>

Exchange mail servers only:

Table 3. Insert these tags for Microsoft™ Exchange mail servers
Property	Value
<ConfigType></ConfigType>	Enter `EXCHANGE`.
<DirectoryServer></DirectoryServer>	Enter the IP address or fully qualified host name of the Active Directory LDAP server that is used to determine the validity of email addresses and to return users’ mail setup data. Example: `9.119.6.77` or `servername.example.com`
<DirectoryServerDomain></DirectoryServerDomain>	Enter the domain for access to the Active Directory Server.
<DirectoryUser></DirectoryUser>	Enter the name of an Exchange user that has read access to the Active Directory. Note: Enter only the username. For example, do not include "cn=" or "domain/".
<DirectoryPW></DirectoryPW>	Enter the password for the Exchange user specified in the DirectoryUser tag.
<CertificateFile></CertificateFile>	Enter the file path and file name to the keystore file that was created in step 2.
<CertificateFilePW></CertificateFilePW>	Enter the six-character password that was created in step 2.
<ADDomainUser></ADDomainUser>	Enter the domain qualifier and user name used to authenticate to the Autodiscovery servers. Example: `SMDEV2010\Administrator`
<ADDomainPW></ADDomainPW>	Enter the password used to authenticate to the Autodiscovery servers.
<MailPattern type=" "/>	For each domain of email addresses that use this server configuration, enter a <MailPattern type=" " /> containing the domain. The domain is the portion of the email address that follows the at (@) symbol. Example: `<MailPattern type="example.com"/>`

Example:

<ServerConfig name="exampleexchangeconfig">
		<ConfigType>EXCHANGE</ConfigType>
		<DirectoryServer>exchange.example.com</DirectoryServer>
		<DirectoryUser>username</DirectoryUser>
		<DirectoryPW>adminExpw</DirectoryPW>
		<DirectoryServerDomain>exchange.example.com</DirectoryServerDomain>
		<CertificateFile>c:\example\exchangecertificate</CertificateFile>
		<CertificateFilePW>exampleCellManager01/certificateFileAuth</CertificateFilePW>
		<MailPattern type="example.com"/>
		<MailPattern type="example2.com"/>
</ServerConfig>

To encrypt user names and passwords in the socialmail-discovery-config.xml file, follow these steps:

Using the Integrated Solutions Console, create aliases for each user name and password pair that you want to encrypt, by following these steps: Creating the J2C authentication data entry.

In the socialmail-discovery-config.xml file, replace the following tags with the new tags indicated. In the new tags, enter the alias that corresponds to one that you created in WebSphere® Application Server.

Table 4. Use these tags to encrypt user names and passwords in the xml file
Original tags	Replace with
DirectoryUser and DirectoryPW	DirectoryAuthAlias
Exchange only: ADDomainUser and ADDomainPW	ADDomainAuthAlias
Exchange only: CertificateFilePW	CertificateFileAuthAlias

Example:

<ServerConfig name="EncrytpedExchange">
   <ConfigType>EXCHANGE</ConfigType>
	  <DirectoryServer>exchange.example.com</DirectoryServer>
   <DirectoryServerDomain>exchange.example.com</DirectoryServerDomain>
		<DirectoryAuthAlias>exchangeLdapAuth</DirectoryAuthAlias>
   <CertificateFile>c:\example\exchangecertificate</CertificateFile>
		<CertificateFileAuthAlias>exampleCellManager01/certificateFileAuth</CertificateFileAuthAlias>
		<ADDomainAuthAlias>shimcon81CellManager01/addDomainAuth</ADDomainAuthAlias> 
   <MailPattern type="exchange.example.com"/>
</ServerConfig>

Delete examples from the xml file that do not apply to your environment.
Save and close the socialmail-discovery-config.xml file.
Synchronize the changes from the deployment manager to the nodes. Complete the steps in the following topic: Applying common configuration property changes

What to do next

To test the discovery service, log in to Connections, and then enter the following URL into your browser, where test-user-email is a user’s email address: http://yourserver/connections/resources/discovery/DiscoveryServlet?email=test-user-email

You should receive a response like the following example:

<SocialMailDiscovery>
<ConfigType>DOMINO</ConfigType>
<server>domino-mail.example.com</server>
<mailfile>mail/user-email.nsf</mailfile>
<fullapp>http://dominomail.example.com/mail/testuser.nsf</fullapp>
</SocialMailDiscovery>
.
.
.
</ConnectionsServices>
</SocialMailDiscovery>