Granting an administrator rights to Connections 4.5 communities

Integrating IBM® Sametime® Advanced with IBM Connections enables users to view the list of Connections communities from within the Sametime Advanced client's Broadcast Communities panel, and to post broadcast chats back to the communities as updates. You can integrate Sametime and Connections by granting the Sametime administrator permission to view all Connections communities.

About this task

To integrate Sametime with Connections, you must give the Sametime administrator permissions to view all of the communities in Connections. Sametime Advanced then uses that administrator's account to download the list of communities from Connections and display it in the Broadcast Communities panel in Sametime Advanced.

Integration between IBM Sametime and IBM Connections products is one of the features of the IBM Connections Suite V1.0.

Procedure

  1. Determine the name of the LDAP realm used by the Connections deployment:
    1. On the Connections deployment manager, log in to the WebSphere® Integrated Solutions Console as the WebSphere administrator.
    2. In the navigation list, click Security > Secure Administration, applications and infrastructure > Federated Repositories.
    3. Click Configure.
    4. On the main Federated repositories page, note the value for the realm name used for the Connections deployment.
    5. Close the Federated repositories page by clicking Cancel.
  2. Move to the computer hosting the Communities application for IBM Connections, and start the wsadmin client by completing the following steps:
    1. Open a command prompt, and then change to the following directory: 
      WAS_install_root\profiles\DM_profile\bin
      where WAS_install_root is the WebSphere Application Server installation directory and DM_profile is the deployment manager profile directory, typically dmgr01. For example, you might use the following default path on Microsoft™ Windows™:
      C:\Program Files\IBM\WebSphere\AppServer\profiles\Dmgr01\bin
      Attention: You must start the wsadmin client from this directory because the Jython files for the product are stored here. If you try to start the client from a different directory, the execfile() command that you subsequently call to initialize the administration environment for a Connections component does not work correctly.
    2. Start the wsadmin client with the following command:
      • Linux™:
        ./wsadmin.sh -lang jython -user was_admin_user_name -password was_admin_password -port SOAP_CONNECTOR_ADDRESS_port
      • Windows: 
        wsadmin -lang jython -user was_admin_user_name -password was_admin_password -port SOAP_CONNECTOR_ADDRESS_port
      where:
      • was_admin_user_name is the user name of the WebSphere administrator account on the Connections deployment manager.
      • was_admin_password is the password of the WebSphere administrator account.
      • SOAP_CONNECTOR_ADDRESS_port is the SOAP port for WebSphere Application Server on the Connections deployment manager. The default value of the SOAP port is 8879; if you are using the default port value, you do not need to specify this parameter. If you are not using the default port and you do not know the port number, you can look up its value in the WebSphere Application Server Integrated Solution Console. To look up the SOAP port number, perform the following steps:
        1. Open the Integrated Solution Console for the Connections deployment manager, and select System Administration > Deployment Manager.
        2. Locate "Additional properties" and expand Ports; then look for the SOAP_CONNECTOR_ADDRESS port entry to find the port number.
      For example:
      • Linux:
        ./wsadmin.sh -lang jython -user primaryAdmin -password p@assword -port 8879
      • Windows: 
        wsadmin -lang jython -user primaryAdmin -password p@assword -port 8879
  3. Now access and check out the Communities configuration file:
    1. Run the following command: execfile("communitiesAdmin.py")

      If you are prompted to specify a service to connect to, type 1 to pick the first node in the list. Most commands can run on any node, but if the command writes or reads information to or from a file using a local file path, you must pick the node where the file is stored.

    2. Check out the Communities configuration files using the following command:
      CommunitiesConfigService.checkOutPolicyConfig("Working_directory", "Cell_name")
      where:
      • Working_directory is the temporary working directory to which the configuration XML and XSD files are copied. The files are kept in this working directory while you make changes to them.
        Note: Linux only: The directory must grant write permissions or the command will not run successfully.
      • Cell_name is the name of the WebSphere Application Server cell hosting the Connections application. This argument is required. If you do not know the cell name, you can determine it by typing the following command in the wsadmin command processor: print AdminControl.getCell()
      For example, on Linux format the command as shown:
      CommunitiesConfigService.checkOutPolicyConfig("/opt/my_temp_dir", "CommServerNode01Cell")
    3. Change to the Working_directory where you stored the checked out files and open the communities-policy.xml file in a text editor.
    4. Make sure the file contains the following grant statement; if not, copy the following code and paste it into the section containing grant statements
      where:
      • Connections_Realm is the Connections LDAP repository realm name that you identified in step 1.
      • ST_Advanced_admin_user_name is the user name of the Sametime administrator who will have permissions to view Connections communities.
      Note: Even if the file already contains the grant statement, you must add the first statement from the following example with the appropriate realm and user name to specify the user who is receiving permissions.
      <comm:grant>
   <comm:principal class="com.ibm.ws.security.common.auth.WSPrincipalImpl" name="Connections_Realm/ST_Advanced_admin_user_name" />	
  	<comm:permission class="com.ibm.tango.auth.permission.CommunityManagementPermission" communityType="*" action="*" />
		<comm:permission class="com.ibm.tango.auth.permission.CommunityMembershipPermission" communityType="*" action="*" />
		<comm:permission class="com.ibm.tango.auth.permission.CommunityAccessPermission" communityType="*" action="*" />
		<comm:permission class="com.ibm.tango.auth.permission.CommunityReferencePermission" communityType="*" action="*" />
		<comm:permission class="com.ibm.tango.auth.permission.CommunityBroadcastPermission" communityType="*" action="*" />
		<comm:permission class="com.ibm.tango.auth.permission.CommunityInvitePermission" communityType="*" action="*" />
   </comm:grant>
    5. Save and close the file.
    6. Check in the updated file using the following wsadmin client command:
      CommunitiesConfigService.checkInPolicyConfig("Working_directory", "Cell_name")
  4. Exit the wsadmin client with the following command:

    exit

  5. Stop and restart the server.