EMC Documentum My Documentum for Microsoft SharePoint

(1)

My Documentum for Microsoft

SharePoint

Version 6.5 SP2

Installation and Configuration Guide

P/N 300-009-826 A02

EMC Corporation Corporate Headquarters: Hopkinton, MA 01748-9103 1-508-435-1000 www.EMC.com

(2)

EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice.

THE INFORMATION IN THIS PUBLICATION IS PROVIDED AS IS. EMC CORPORATION MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Use, copying, and distribution of any EMC software described in this publication requires an applicable software license. For the most up-to-date listing of EMC product names, see EMC Corporation Trademarks on EMC.com.

(3)

Preface

...

9

Chapter 1 Introducing My Documentum for Microsoft SharePoint

...

11

My Documentum for Microsoft SharePoint overview

...

11

How My Documentum for Microsoft SharePoint works

...

11

Chapter 2 Planning for My Documentum for Microsoft SharePoint Installation

...

15

Typical installation scenario

...

15

My Documentum for Microsoft SharePoint prerequisites

...

16

Obtaining the installer files

...

17

Preparing for SSO

...

17

Preparing the Active Directory service

...

18

Creating the keytab file

...

19

Encrypting the super user password

...

20

Preinstallation checklist

...

22

Chapter 3 Installing and Configuring My Documentum for Microsoft SharePoint

...

23

Deploying the EAR files

...

24

Deploying the EAR files on JBoss

...

24

Deploying the emc-dfs.ear file

...

24

Deploying the emc-spa.ear file

...

25

Copying the MDSP JAR files to DFS

...

26

Referencing the JAAS login module

...

27

Setting up the DFS handler chain

...

28

Copying the runtime properties file to the EAR extraction folder

...

28

Deploying the EAR files on BEA WebLogic

...

29

Deploying the EAR files on Oracle AS

...

30

Deploying the EAR files on IBM WebSphere

...

32

Installing My Documentum for Microsoft SharePoint

...

34

Deploying the solution in Central Administration

...

34

Modifying the web.config file

...

35

Activating the feature in SharePoint

...

36

Completing the solution configuration

...

36

Setting the Java memory allocation

...

37

Setting logging permissions for the Application Pool account

...

38

Completing SSO configuration

...

38

Setting up LDAP authentication in Content Server

...

38

Enabling SSO in the cssp.config file

...

42

(4)

Overview

...

45

Add a Web Part

...

46

Remove a Web Part

...

48

Modifying Web Parts

...

49

Modify Web Parts overview

...

49

Modify a shared Web Part

...

51

Appearance

...

52 Title

...

52 Height

...

53 Width

...

53 Chrome state

...

53 Chrome type

...

54 Layout

...

54 Hidden

...

54 Direction

...

54 Zone

...

55 Zone Index

...

55 Advanced

...

55 Allow

...

56 Export mode

...

56 Title URL

...

56 Description

...

57 Help URL

...

57 Help mode

...

57

Catalog icon image URL

...

57

Title icon image URL

...

57

Import error message

...

57

Target audiences

...

58

EMC Documentum ToolPane

...

58

Libraries

...

59

Inactive menu item options

...

60

Display options

...

60

Advanced features options

...

61

Modify my Web Part

...

61

Documentum Log In

...

61 Appearance

...

62 Title

...

63 Height

...

64 Width

...

64 Chrome state

...

64 Chrome type

...

64 Layout

...

64 Hidden

...

65 Direction

...

65 Zone

...

65 Zone Index

...

65

EMC My Documentum for Microsoft SharePoint

...

66

My Documentum for SharePoint Site Settings

...

67

DFS path configuration

...

68

Library manager

...

68

Advanced features configuration

...

70

Property display options

...

72

Column header settings

...

74

Display options

...

75

Documentum Library

...

77

(5)

Chapter 5 Customizing My Documentum for Microsoft SharePoint

...

83

Configuring SSL

...

83

Using a BOCS server

...

83

Configuring BOCS in DA

...

84

Modifying the MDSP config file

...

84

Enabling CTS transformations

...

85

Chapter 6 Removing My Documentum for Microsoft SharePoint

...

87

Chapter 7 Troubleshooting Installation

...

89

Locating the log files

...

89

Your system fails the test for installation prerequisites

...

90

There is a Web Part Error on the SharePoint site

...

90

There are multiple DFS instances running

...

90

Appendix A Configurable Settings

...

91

(6)

List of Figures

Figure 1. Depiction of MDSP functionality

...

13

Figure 2. Typical installation scenario

...

16

Figure 3. Example of selected site

...

46

Figure 4. Edit page for selected site

...

47

Figure 5. Web Parts shared view edit options

...

47

Figure 6. Changing the shared view to the personal view

...

48

Figure 7. Web Parts personal view edit options

...

48

Figure 8. Personalize this page

...

49

Figure 9. Modify My Web Part

...

50

Figure 10. Show Shared View

...

50

Figure 11. Show Personal View

...

50

Figure 12. Selecting Modify Shared Web Part

...

51

Figure 13. Web Part editing pane

...

51

Figure 14. Modify Shared Web Part Appearance

...

52

Figure 15. Builder text entry box

...

53

Figure 16. Modify Shared Web Part Layout

...

54

Figure 17. Modify Shared Web Part Advanced (top and bottom halves of section)

...

55

Figure 18. EMC Documentum ToolPane

...

58

Figure 19. Library editing dialog box

...

60

Figure 20. Modify My Web Part

...

61

Figure 21. Documentum Login screen

...

62

Figure 22. Modify My Web Part Appearance

...

63

Figure 23. Builder text entry box

...

63

Figure 24. Modify My Web Part Layout

...

65

Figure 25. Site collection features page

...

66

Figure 26. Site collection settings for EMC My Documentum

...

67

Figure 27. DFS path configuration screen

...

68

Figure 28. Library manager default screen

...

69

Figure 29. Documentum login screen

...

69

Figure 30. Modify Documentum libraries

...

70

Figure 31. Advanced features configuration default screen

...

71

Figure 32. Modify advanced features options

...

72

Figure 33. Properties display options default screen

...

73

Figure 34. Column header settings screen

...

74

Figure 35. Modify column header settings

...

75

Figure 36. Display options default settings

...

76

(7)

Figure 38. Reordering according to selected attribute

...

78

Figure 39. User actions for Web Parts

...

78

Figure 40. Logging in

...

78

Figure 41. Logged in

...

79

Figure 42. Documentum Search log in

...

79

Figure 43. Documentum search log in

...

80

Figure 44. Simple Search

...

80

Figure 45. Default screen for Documentum Search

...

81

(8)

List of Tables

Table 1. MDSP installer packages and host locations

...

17

Table 2. Windows domain functional levels for SSO

...

18

Table 3. Preinstallation checklist

...

22

(9)

This guide describes how to install and configure My Documentum for Microsoft SharePoint as an integration to an existing SharePoint deployment. It provides preinstallation guidance for My Documentum for Microsoft SharePoint as well as information relating to removal and troubleshooting.

Intended audience

This manual is intended primarily for administrators who are installing this application as an integration to an existing SharePoint deployment. You should have SharePoint knowledge and experience and be familiar with SharePoint’s Central Administration interface.

Revision history

The following changes have been made to this document.

Revision date Description

October 2009 Initial publication.

November 2009 Republished to reflect corrections to “Deploying the emc-spa.ear file” procedures in Chapter 3.

(10)

(11)

Introducing My Documentum for

Microsoft SharePoint

This chapter describes My Documentum for Microsoft SharePoint and its main functions: • My Documentum for Microsoft SharePoint overview, page 11

• How My Documentum for Microsoft SharePoint works, page 11

My Documentum for Microsoft SharePoint

overview

My Documentum for Microsoft SharePoint (MDSP) provides a set of Web Parts that can be easily deployed to Windows SharePoint Services (WSS) or Microsoft Office SharePoint Server (MOSS). These Web Parts provide direct client-level access to Documentum Content Server through a SharePoint interface.

End users can access Documentum from SharePoint through the Documentum Library and Documentum Search Web Parts. Either Kerberos Single sign-on (SSO) or session-based SSO can be used to securely access Documentum features and content.

How My Documentum for Microsoft SharePoint

works

In a My Documentum for Microsoft SharePoint deployment, SharePoint users have seamless access to content in a Documentum library. Several processes work together to manage this functionality, as illustrated inFigure 1, page 13.

(12)

Client access to Documentum is handled as follows:

1. After starting a SharePoint session, a SharePoint user logs in to either the Documentum Library or Documentum Search Web Part.

2. The SharePoint server service gathers login information to pass to Documentum.

3. The Documentum Foundation Service (DFS) service passes user credentials to Content Server to obtain a session for the SharePoint user.

4. The SharePoint user is granted access to the Documentum library. Depending on which MDSP Web Part was invoked, the user can browse or search the library and perform actions such as check in, check out, and edit. The My Documentum for Microsoft SharePoint User Guide describes Documentum Web Part functionality in detail.

(13)

(14)

(15)

Planning for My Documentum for

Microsoft SharePoint Installation

This chapter describes a typical installation, highlights any software or hardware considerations that you should be aware of before installing My Documentum for Microsoft SharePoint, and outlines preinstallation tasks:

• Typical installation scenario, page 15

• My Documentum for Microsoft SharePoint prerequisites, page 16

• Obtaining the installer files, page 17

• Preparing for SSO, page 17

• Preinstallation checklist, page 22

Typical installation scenario

My Documentum for Microsoft SharePoint provides Web Parts that enable SharePoint users to search, browse, and access content in a Documentum Content Server. EMC Documentum Foundation Services (DFS) and SharePoint server services handle authentication requests between the SharePoint client and Documentum. Windows Active Directory service plays a role in handling Single sign-on (SSO).

Many components of My Documentum for Microsoft SharePoint are installed on the DFS host. The installer executable (setup.exe) is deployed on all web front-end (WFE) servers in the SharePoint farm, and the solution is deployed to the farm through SharePoint Central Administration. Figure 2, page 16illustrates an installation scenario in which DFS resides on the Content Server host; other configurations are possible.

(16)

Figure 2. Typical installation scenario

In distributed environments, content transfer performance can be improved for remote users by configuring a Documentum Branch Office Caching Services (BOCS) server for MDSP. SeeUsing a BOCS server, page 83for details.

My Documentum for Microsoft SharePoint

prerequisites

Successful MDSP installation requires these prerequisite applications:

• Microsoft Office SharePoint Server (MOSS) or Windows SharePoint Server (WSS) • EMC Documentum Content Server

The My Documentum for Microsoft SharePoint Release Notes specifies the certified versions of these prerequisites and provides more detailed requirements information.

A specific build of Documentum Foundation Services (DFS) is required for My Documentum for Microsoft SharePoint. If you have previously deployed DFS, you will overwrite its files with the DFS EAR file supplied with MDSP. You do not need to uninstall an existing DFS application before deploying MDSP.

If you plan to use BOCS in your MDSP deployment, BOCS and Documentum Administrator (DA) are additional prerequisites.

(17)

Obtaining the installer files

The MDSP installer files are packaged in three ZIP files on the EMC Documentum Download Center site. Before proceeding with installation or SSO preparation (where applicable), you should obtain the installer packages as FTP downloads from the Powerlink website (http://powerlink.EMC.com) and save the packages to the hosts listed below.

Table 1. MDSP installer packages and host locations

Name of installer package Contents Deployed to...

setup.exe Each WFE in the SharePoint

farm My Documentum for Microsoft

SharePoint

SSO folder containing:

• handler folder (contains SSO handler JAR files)

• sampleFiles folder (contains authorized-service-handler-chain.xml, krb5.conf, local-dfs-runtime.properties, login-config.xml (for JBoss application servers only), login.config)

• tool folder (contains the trustpassword tool)

DFS server host machine

My Documentum for Microsoft SharePoint Services

emc-spa.ear DFS server host machine

Documentum Foundation Services Hot Fix Build 230

emc-dfs.ear DFS server host machine

Preparing for SSO

My Documentum for Microsoft SharePoint includes Kerberos Single sign-on (SSO) functionality. The procedures inCompleting SSO configuration, page 38cover the configuration tasks that are performed on the DFS server side to enable SSO. Administrators must also configure the SharePoint server to enable Kerberos authentication and impersonation. For example, you must deploy Windows Active Directory service and create a DFS service principal account (with the recommended name of dfsservice@DOMAIN) in the Kerberos domain. It is also important to ensure that the application pool user is a member of the WSS_WPG and IIS_WPG groups. Consult Microsoft documentation for instructions on configuring Kerberos authentication on MOSS or WSS.

If the SharePoint server is not explicitly configured to support Kerberos SSO, My Documentum for Microsoft SharePoint will use session-based SSO.

(18)

It is recommended that you complete the following Kerberos SSO procedures before proceeding with MDSP installation:

• Preparing the Active Directory service, page 18

• Creating the keytab file, page 19

• Encrypting the super user password, page 20

If you do not wish to configure SSO, skip toPreinstallation checklist, page 22.

Preparing the Active Directory service

As part of SSO preinstallation, you need to configure some settings in Windows Active Directory (AD). The following procedure is performed on the Active Directory server and pertains to the domain functional levels outlined inTable 2, page 18.

Table 2. Windows domain functional levels for SSO

Domain controller operating system Domain functional level

Windows Server 2003 Windows Server 2008

Windows 2000 mixed √

Windows 2000 native √ √

Windows Server 2003 interim √

Windows Server 2003 √ √

Windows Server 2008 √

Windows Server 2008 R2 √

To prepare Windows Active Directory for SSO:

1. If you have not already done so, create a DFS service principal account in Active Directory Server. This account will be used for creating a keytab file on the DFS server later on. For example, create an account named dfsservice. The principal account name will be dfsservice@<your domain

name>. Note that the domain name should be in all uppercase letters.

2. On Windows Server 2003 only, modify the registry to allow the session key in TGT (ticket granting

ticket):

a. Go to Start > Run; enter regedit and click OK. b. Under HKEY_LOCAL_MACHINE, navigate to

System\CurrentControlSet\Control\Lsa\Kerberos\Parameters. c. Ensure that the registry setting for allowtgtsessionkey is:

Value Type: REG_DWORD Value: (1)

(19)

3. On the domain controller, open a command prompt. Run the setspn command to add the service principal name (<service name>/<fully qualified host name>) to the domain controller. In the following example, the service name (DFS) and host name of DFS server (dfsserver.spa.bj.local) is registered:

setspn –A DFS/dfsserver.spa.bj.local dfsservice

Creating the keytab file

Before a server can be configured to use the Kerberos protocol, a Kerberos keytab file must be created for the DFS server. This keytab file stores the DFS Service Principal’s service key.

Note: Creation of the DFS Service Principal account is a preinstallation task described earlier in this section.

You use the kinit and ktab command tools provided by Java Development Kit (JDK) 1.5 to create the keytab file and manage the principal names and service keys stored in a local key table. Consult the JDK documentation for more information about these command tools.

To create the keytab file:

1. Locate the krb5.conf file located in the SSO\sampleFiles folder of the My Documentum for Microsoft SharePoint installer package. Open the file in a text editor and configure the attributes in bold text with the appropriate values for your environment:

[libdefaults]

default_realm = MOSSTEST.LOC

default_tkt_enctypes = des–cbc–md5 rc4–hmac aes128–cts default_tgs_enctypes = des–cbc–md5 rc4–hmac aes128–cts noaddresses = true [realms] MOSSTEST.LOC = { kdc = 192.168.20.90 default_domain = MOSSTEST.LOC } where:

• MOSSTEST.LOC is your domain name. Be sure to use all uppercase letters. • 192.168.20.90 is your Active Directory server IP address.

Note: Java supports more encryption types than are configured by default in the MDSP krb5.conf sample file. If you are using a different encryption type in your Active Directory environment, consult the JDK 1.5 documentation to ensure that your encryption type is supported for Kerberos SSO. Additional supported encryption types can then be added to the krb5.conf file. Ensure that des–cbc–md5 encryption remains in this file, because the super user password tool uses the DES key for encryption.

(20)

3. For verification purposes, run the kinit tool to obtain and cache the Kerberos ticket for the DFS Service Principal:

kinit <your DFS service account> Here is an example:

C:\Documents and Settings\dmadmin>kinit dfsservice

You will be prompted to enter the password for this account and then you should get this message: New ticket is stored in cache file

C:\Documents and Settings\dmadmin\krb5cc_dmadmin

4. Run the ktab tool to create a keytab file for the DFS service principal: ktab –a <principal_name> –k <keytab_name>

where:

• The principal_name is the DFS account you created in Active Directory Server.

• The keytab_name is your keytab file name. You can name it anything and the file will be created at your current location.

Here is an example:

C:\Documents and Settings\dmadmin>ktab –a dfsservice –k dfsservice.ktab Note that after you enter <principal_name>, you will be prompted for your password. For security reasons, the password should never be specified on the command line or in a script.

Caution: The generated keytab file is critical for the SSO solution to authenticate itself to a Kerberos domain. It must be protected by the highest security level. The keytab file should always be stored on a local disk; ensure it is always readable only by the DFS running account.

Encrypting the super user password

The super user account for Content Server authentication does not need to be an Active Directory domain account. The super user account, user name, and password must be the same across multiple repositories if all of these repositories are to be accessed via SSO.

(21)

To encrypt the super user password for Content Server authentication:

1. Configure a standard JAAS login configuration file that defines the same JAAS login as the DFS server login:

• Locate the login.config file (not the login-config.xml file) located in the SSO\sampleFiles folder of the My Documentum for Microsoft SharePoint installer package. Open the file in a text editor such as WordPad.

• Change the value for the principal attribute so that it matches the DFS service principal account (such as [email protected]) created inPreparing the Active Directory service, page 18.

• Save the modified login.config file in another location:

— On WebLogic, the recommended location is the %USER_DOMAIN%\security folder. — On all other application servers, save the file anywhere on the DFS host.

2. Locate the local-dfs-runtime.properties file located in the SSO\sampleFiles folder of the My Documentum for Microsoft SharePoint installer package. Open the file in a text editor. Configure the following five values for your environment:

• dfs.kerberos.realm

This is the Kerberos domain name; for example, SPA.BJ.LOCAL. This value should be in all capital letters.

• dfs.kerberos.kdc

This is the Kerberos domain controller’s IP address or host name. • dfs.kerberos.dfc.trustedprincipal

This is the super user name for Content Server; for example, suser. This user may be the Content Server installation owner.

• dfs.kerberos.dfc.trustedcred.file

This is the path to the encrypted password file; for example, C:\\contentservertrust.password. • dfs.kerberos.signature.verify

This value specifies whether the Kerberos signature should be verified. By default, this value is false.

Save the modified local-dfs-runtime.properties file to a temporary location. Later on, you will copy this file to the DFS EAR extraction folder.

3. Run the trustpassword tool:

a. Copy the SSO\tool folder (along with its lib subfolder) from the My Documentum for Microsoft SharePoint installer package to your DFS host.

b. Run trustpassword.bat in a DOS command prompt window using the following command: trustpassword –l <JAAS LOGIN FILE> –p <LOCAL DFS RUNTIME PROPERTIES FILE> where:

• JAAS LOGIN FILE is the login.config file configured inStep 1

(22)

For example, if the login.config and local-dfs-runtime.properties files are in the current directory, the command would be:

trustpassword –l login.config –p local–dfs–runtime.properties

The program first logs itself in Kerberos domain according to configurations in the <JAAS

LOGIN FILE>.

c. When prompted to do so, enter the password of the super user (dfs.kerberos.dfc. trustedprincipal) added to the local-dfs-runtime.properties file inStep 2.

You will receive confirmation that the super user’s password was successfully encrypted and saved. The password is encrypted with the DFS Service Principal’s secret key at the location specified in local-dfs-runtime.properties with the following parameter: dfs.kerberos.dfc.trustedcred.file.

Preinstallation checklist

Before you install MDSP, complete the following tasks:

Table 3. Preinstallation checklist

Requirement For more information

Review the system requirements documented in the

My Documentum for Microsoft SharePoint Release Notes.

Refer to the My Documentum for Microsoft

SharePoint Release Notes for the version you

are installing. Ensure that the prerequisite applications are installed

and configured.

SeeMy Documentum for Microsoft SharePoint prerequisites, page 16. Obtain installers and save them to the appropriate

hosts.

Refer toObtaining the installer files, page 17.

Ensure that the SharePoint server SSO requirements have been met if you wish to enable Kerberos functionality. Complete the Kerberos SSO preinstallation procedures listed inPreparing for SSO, page 17.

SeePreparing for SSO, page 17.

If MDSP was previously installed on this host, be sure to remove it before reinstalling.

Follow the procedures inChapter 6, Removing My Documentum for Microsoft SharePoint.

(23)

Installing and Configuring My

Documentum for Microsoft SharePoint

My Documentum for Microsoft SharePoint installation requires you to perform a number of installation tasks on Documentum Foundation Services (DFS) host machines in addition to configuration tasks in SharePoint Central Administration and SharePoint sites. Also, configuration files must be modified to enable successful integration between MDSP and the DFS server, and various authentication configuration tasks are required if you are using Kerberos SSO in your environment. The only Documentum Foundation Services (DFS) version that can be used with MDSP is provided in the Documentum Foundation Services Hot Fix Build 230 installer package. Before proceeding with installation, you should determine which host machine will serve as the DFS server. If you already have deployed DFS, either on the Content Server host or a separate host, you can overwrite its files with the DFS EAR file supplied with MDSP. You do not need to uninstall an existing DFS application before deploying MDSP.

Consult the DFS documentation for additional information about DFS requirements and deployment scenarios.

This chapter outlines the installation and configuration tasks required to install My Documentum for Microsoft SharePoint:

• Deploying the EAR files, page 24

• Installing My Documentum for Microsoft SharePoint, page 34

• Deploying the solution in Central Administration, page 34

• Modifying the web.config file, page 35

• Activating the feature in SharePoint, page 36

• Completing the solution configuration, page 36

• Setting the Java memory allocation, page 37

• Setting logging permissions for the Application Pool account, page 38

(24)

Deploying the EAR files

This section provides procedures for deploying the two MDSP EAR files on the DFS host on the following application servers:

• JBoss

• BEA WebLogic

• Oracle Application Server

• WebSphere

Some SSO configuration steps are also included in these deployment procedures. Completing SSO configuration, page 38outlines the remaining SSO steps that are performed after installation is complete.

Tip: At certain times during EAR file deployment, you are asked to restart the application server. To ensure that configuration changes take effect and to avoid having multiple DFS instances running, you should delete temporary working folders on the application server before performing the restart.

Deploying the EAR files on JBoss

This section includes procedures for DFS hosts residing on JBoss application servers, in addition to SSO configuration:

• Deploying the emc-dfs.ear file, page 24

• Deploying the emc-spa.ear file, page 25

• Copying the MDSP JAR files to DFS, page 26(for SSO only) • Referencing the JAAS login module, page 27(for SSO only) • Setting up the DFS handler chain, page 28(for SSO only)

• Copying the runtime properties file to the EAR extraction folder, page 28(for SSO only)

Deploying the emc-dfs.ear file

The first installation step involves deploying the DFS EAR file, which is packaged in the DFS Hot Fix installer for MDSP. This EAR file comprises a DFS build that includes a number of MDSP–specific patches that are essential for this application. Follow the procedure that is appropriate for your deployment scenario.

To deploy the DFS hot fix on the Content Server host:

1. Locate the EMC DFS 6.5 SP2 Hot Fix Build 230 installer ZIP file that was downloaded during preinstallation (seeObtaining the installer files, page 17). Extract the emc-dfs.ear file to the emc-dfs folder, and then change the folder name to dfs.ear.

2. Go to the APP-INF\classes directory and update the dfc.properties file by copying the settings from your Content Server installation. On a Windows installation, the dfc.properties file you can

(25)

copy is usually located at C:\Documentum\config; use this file to overwrite the dfc.properties file located in the APP-INF\classes\ directory.

3. From Windows Start > Run, open services.msc. Stop the Documentum Java Method Server service.

4. Go to C:\Documentum\jboss4.2.0\server\DctmServer_MethodServer\deploy. Delete the old dfs.ear folder, and then copy the new dfs.ear folder that was created inStep 1.

5. From Windows Start > Run, open services.msc. Start the Documentum Java Method Server service.

To deploy the DFS hot fix on a separate host from Content Server:

1. Locate the EMC DFS 6.5 SP2 Hot Fix Build 230 installer ZIP file that was downloaded during preinstallation (seeObtaining the installer files, page 17). Extract the emc-dfs.ear file to the emc-dfs folder, and then change the folder name to dfs.ear.

2. Go to the APP-INF\classes directory and update the dfc.properties file by copying the settings from your Content Server installation. On a Windows installation, the dfc.properties file you can copy is usually located at C:\Documentum\config; use this file to overwrite the dfc.properties file located in the \APP-INF\classes\ directory.

3. From Windows Start > Run, open services.msc. Stop the EMC Documentum Foundation Services service.

4. Go to C:\Documentum\jboss4.2.0\server\DctmServer_DFS\deploy. Delete the old dfs.ear folder, and then copy the new dfs.ear folder that was created inStep 1.

5. From Windows Start > Run, open services.msc. Start the EMC Documentum Foundation Services service.

The next procedure isDeploying the emc-spa.ear file, page 25.

Deploying the emc-spa.ear file

The emc-spa.ear file includes DFS web service extensions that are required by MDSP. Follow the procedure that is appropriate for your deployment scenario.

To deploy the emc-spa.ear file with DFS on Content Server:

1. Locate the EMC My Documentum for Microsoft SharePoint Services file that was downloaded during preinstallation (seeObtaining the installer files, page 17).

2. Extract the emc-spa.ear file to the emc-spa folder, and then change the folder name to spa.ear. 3. Go to the APP-INF\classes directory and update the dfc.properties file by copying the settings

from your Content Server installation. On a Windows installation, the dfc.properties file you can copy is usually located at C:\Documentum\config; use this file to overwrite the dfc.properties file located in the APP-INF\classes\ directory.

4. From Windows Start > Run, open services.msc. Stop the Documentum Java Method Server service.

5. Copy the spa.ear folder to C:\Documentum\jboss4.2.0\server\DctmServer_ MethodServer\deploy.

(26)

6. From Windows Start > Run, open services.msc. Start the Documentum Java Method Server service.

7. Test to ensure that it deployed correctly by verifying that WSDL can be viewed for one of the services. This can be done from a Web browser by navigating to: http://[DFSServer]:Port/services/spa/AlertMeService?wsdl.

For DFS 6.5, the default port is 9080.

To deploy the emc-spa.ear file with DFS on a separate host from Content Server:

1. Locate the EMC My Documentum for Microsoft SharePoint Services file that was downloaded

during preinstallation (seeObtaining the installer files, page 17).

2. Extract the emc-spa.ear file to the emc-spa folder, and then change the folder name to spa.ear. 3. Go to the APP-INF\classes directory and update the dfc.properties file by copying the settings

from your Content Server installation. On a Windows installation, the dfc.properties file you can copy is usually located at C:\Documentum\config; use this file to overwrite the dfc.properties file located in the \APP-INF\classes\ directory.

4. From Windows Start > Run, open services.msc. Stop the EMC Documentum Foundation Services service.

5. Copy the spa.ear folder to C:\Documentum\jboss4.2.0\server\DctmServer_DFS\deploy. 6. From Windows Start > Run, open services.msc. Start the EMC Documentum Foundation Services

service.

7. Test to ensure that it deployed correctly by verifying that WSDL can be viewed for one of the services. This can be done from a Web browser by navigating to: http://[DFSServer]:Port/services/spa/AlertMeService?wsdl.

For DFS 6.5, the default port is 9080.

If you are enabling Kerberos SSO, proceed toCopying the MDSP JAR files to DFS, page 26. Otherwise, the next step is torun the MDSP installer.

Copying the MDSP JAR files to DFS

Several MDSP JAR files need to be copied to the DFS host to enable the SSO solution. Note: This procedure is required only for Kerberos SSO.

To copy the SSO JAR files to the DFS host:

1. Stop the Documentum Java Method Server service.

2. Locate the following JAR files in the SSO\handler folder within the My Documentum for Microsoft SharePoint installer package:

• bcprov-jdk14–140.jar • commons-logging-1.1.jar • krbhandler.jar

(27)

• serializer.jar • wss4j-1.5.4.jar • xalan-2.7.1.jar • xmlsec-1.4.2.jar

3. Copy these JAR files to the following locations on the DFS host:

• C:\Documentum\jboss4.2.0\server\DctmServer_MethodServer\deploy\dfs.ear\APP-INF\lib

• C:\Documentum\jboss4.2.0\server\DctmServer_MethodServer\deploy\spa.ear\APP-INF\lib

4. Start the Documentum Java Method Server service.

The next SSO procedure isReferencing the JAAS login module, page 27.

Referencing the JAAS login module

The login-config.xml file that resides on the DFS host requires an additional node for the DFSServer policy. You will copy this node from the login-config.xml sample file provided and then configure certain values in this node. The DFSServer <application-policy> node references the Java

Authentication and Authorization Service (JAAS) login module, which represents a JDK 1.5 built-in Kerberos login module that will be used to authenticate DFS to the Kerberos domain.

Note: This procedure is required only for Kerberos SSO.

To configure the login-config.xml file for JAAS:

1. On the DFS host, locate the following login-config.xml files:

• The login-config.xml file located in the SSO\sampleFiles folder of the My Documentum for Microsoft SharePoint installer package.

• The login-config.xml file located at:

— C:\Documentum\jboss4.2.0\server\DctmServer_MethodServer\conf (if DFS resides on the Content Server host)

— C:\Documentum\jboss4.2.0\server\DctmServer_DFS\conf (if DFS resides on a separate host from Content Server)

2. Open both files for editing.

3. Copy the DFSServer <application-policy> node from the sample file into the login-config.xml file in the JBoss folder.

(28)

5. Configure the following attributes in the DFSServer <application-policy> node: • <login-module code>

This attribute represents the Kerberos login module that will be used to authenticate DFS to the Kerberos domain.

• useKeyTab

The value used in this option indicates the Keytab file that was created inCreating the keytab file, page 19.

• principal

This is the DFS service principal account (such as [email protected]) created in

Preparing the Active Directory service, page 18.

Note: The value of <application-policy name> must be “DFSServer”.

Consult the JDK 1.5 documentation for details about the other module options. 6. Save the login-config.xml file in the JBoss folder.

Now proceed toSetting up the DFS handler chain, page 28.

Setting up the DFS handler chain

Note: This procedure is required only for Kerberos SSO.

To enable the Kerberos handler in the DFS handler chain:

1. Locate the authorized-service-handler-chain.xml file located in the SSO\sampleFiles folder of the My Documentum for Microsoft SharePoint installer package. Open the file in a text editor and uncomment the Kerberos Handler tag; save this file to the directory in which you saved the emc-dfs.ear file from the DFS Patch for My Documentum for SharePoint installer package. You will be replacing the existing authorized-service-handler-chain.xml at this location with the modified version from the sampleFiles folder.

2. Save the modified version of the authorized-service-handler-chain.xml fromStep 1to spa.ear\APP-INF\classes.

3. Restart the DFS server so that it will be ready to receive the WSS-Kerberos message. Now proceed toCopying the runtime properties file to the EAR extraction folder, page 28.

Copying the runtime properties file to the EAR extraction folder

Locate the local-dfs-runtime.properties file that you modified inStep 2ofEncrypting the super user password, page 20. Copy the local-dfs-runtime.properties file to the dfs.ear\APP-INF\classes and spa.ear\APP-INF\classes folders.

(29)

Deploying the EAR files on BEA WebLogic

The first installation step involves deploying the:

• DFS EAR file (emc-dfs.ear), which is packaged in the DFS Hot Fix installer. This EAR file comprises a DFS build that includes a number of MDSP–specific patches that are essential for this application.

• SPA EAR file (emc-spa.ear), which is packaged in the MDSP Services download. This file includes DFS web service extensions that are required by MDSP.

The following procedure describes how to deploy both EAR files to the DFS host on WebLogic. If you are using SSO in your deployment, it is necessary to perform some SSO configuration during this process so that this configuration is reflected in the EAR folders that are deployed using the WebLogic administration console.

To deploy the MDSP EAR files on WebLogic application servers:

1. Locate the EMC DFS 6.5 SP2 Hot Fix Build 230 and EMC My Documentum for Microsoft SharePoint Services files that were downloaded during preinstallation (seeObtaining the installer files, page 17).

2. Extract the emc-dfs.ear and emc-spa.ear files to separate folders (such as dfs/ and spa/).

3. Go to the APP-INF\classes directory of each folder created inStep 2and update the dfc.properties file by copying the settings from your Content Server installation. On a Windows installation, the dfc.properties file you can copy is usually located at C:\Documentum\config; use this file to overwrite the dfc.properties file located in the \APP-INF\classes\ directory.

4. For SSO only:

a. Locate the following JAR files in the SSO\handler folder within the My Documentum for Microsoft SharePoint installer package:

• bcprov-jdk14–140.jar • commons-logging-1.1.jar • krbhandler.jar • opensaml-1.1.jar • serializer.jar • wss4j-1.5.4.jar • xalan-2.7.1.jar • xmlsec-1.4.2.jar

b. Copy these JAR files to the APP-INF\lib directory of each folder created inStep 2. c. Locate the authorized-service-handler-chain.xml file located in the SSO\sampleFiles

folder of the My Documentum for Microsoft SharePoint installer package. Open the file in a text editor and uncomment the Kerberos Handler tag; save this file to the

APP-INF\classes directory of each folder created inStep 2. You will be replacing the existing authorized-service-handler-chain.xml at these locations with the modified version from the sampleFiles folder.

(30)

d. Locate the local-dfs-runtime.properties file that you modified inStep 2ofEncrypting the super user password, page 20. Copy the local-dfs-runtime.properties file to the dfs.ear\APP-INF\classes and spa.ear\APP-INF\classes folders.

5. Deploy the two EAR folders in the WebLogic administration console.

6. For SSO only, navigate to %DOMAIN_HOME%\bin and update the startWebLogic.cmd file by

adding the following line:

set JAVA_OPTIONS=%JAVA_OPTIONS% -Djava.security.auth.login.config= <pathto>login.config

where <pathto> references the login.config file created inEncrypting the super user password, page 20.

7. Restart the WebLogic application server. The next step is torun the MDSP installer.

Deploying the EAR files on Oracle AS

• DFS EAR file (emc-dfs.ear), which is packaged in the DFS Patch download. This EAR file comprises a DFS build that includes a number of MDSP–specific patches that are essential for this application.

The following procedure describes how to deploy both EAR files to the DFS host on Oracle Application Server. If you are using SSO in your deployment, it is necessary to perform some SSO configuration during this process so that this configuration is reflected in the EAR files that are deployed using the Oracle Enterprise Manager Application Server Control console.

To deploy the MDSP EAR files on Oracle Application Server:

4. For SSO only:

a. Locate the following JAR files in the SSO\handler folder within the My Documentum for Microsoft SharePoint installer package:

• bcprov-jdk14–140.jar • commons-logging-1.1.jar • krbhandler.jar

(31)

• opensaml-1.1.jar • serializer.jar • wss4j-1.5.4.jar • xalan-2.7.1.jar • xmlsec-1.4.2.jar

b. Copy these JAR files to the APP-INF\lib directory of each folder created inStep 2. c. Locate the authorized-service-handler-chain.xml file located in the SSO\sampleFiles

folder of the My Documentum for Microsoft SharePoint installer package. Open the file in a text editor and uncomment the Kerberos Handler tag; save this file to the

d. Locate the local-dfs-runtime.properties file that you modified inStep 2ofEncrypting the super user password, page 20. Copy the local-dfs-runtime.properties file to the dfs.ear\APP-INF\classes and spa.ear\APP-INF\classes folders.

e. Update the classpath by adding the following lines: APP-INF/lib/bcprov–jdk14–140.jar APP-INF/lib/commons–logging–1.1.jar APP-INF/lib/krbhandler.jar APP-INF/lib/opensaml-1.1.jar APP-INF/lib/serializer.jar APP-INF/lib/wss4j–1.5.4.jar APP-INF/lib/xalan–2.7.1.jar APP-INF/lib/xmlsec–1.4.2.jar

to the end of these manifest files located in the EAR folders created inStep 2: • \services-bpm.war\META-INF\MANIFEST.MF

• \services-ci.war\META-INF\MANIFEST.MF

• \services-collaboration.war\META-INF\MANIFEST.MF • \services-core.war\META-INF\MANIFEST.MF

• \services-search.war\META-INF\MANIFEST.MF

f. Open the system-jazn-data.xml file (located at $ORACLE_HOME$/j2ee/$OC4J_Instance_ Home$/config/) for editing and add:

<application> <name>DFSServer</name> <login–modules> <login–module> <class>com.sun.security.auth.module.Krb5LoginModule</class> <control–flag>required</control–flag> <options> <option> <name>keyTab</name> <value>c:\dfsservice.ktab</value> </option> <option> <name>useKeyTab</name> <value>true</value> </option>

(32)

<option> <name>principal</name> <value>[email protected]</value> </option> <option> <name>storeKey</name> <value>true</value> </option> <option> <name>debug</name> <value>false</value> </option> </options> </login–module> </login–modules> </application>

5. Restart Oracle Application Server.

6. Package the EAR folders back to EAR files.

7. Open the Oracle Enterprise Manager Application Server Control console. Deploy emc-dfs.ear and emc-spa.ear. Ensure that the Search Local Classes First option is selected for the Web Module Class Loaders. Refer to Oracle documentation for details.

8. Complete the deployment using the Oracle Enterprise Manager Application Server Control console.

The next step is torun the MDSP installer.

Deploying the EAR files on IBM WebSphere

• DFS EAR file (emc-dfs.ear), which is packaged in the DFS Patch download. This EAR file comprises a DFS build that includes a number of MDSP–specific patches that are essential for this application.

The following procedure describes how to deploy both EAR files to the DFS host on a WebSphere application server. If you are using SSO in your deployment, it is necessary to perform some SSO configuration during this process so that this configuration is reflected in the EAR files that are deployed using the IBM Integrated Solutions Console.

To deploy the MDSP EAR files on IBM WebSphere:

(33)

4. Complete the procedure in the “Deploying on IBM WebSphere” section of the EMC Documentum

Foundation Services 6.5 Deployment Guide to copy the required JAR files, create a shared library,

and configure the class loader. 5. For SSO only:

a. Locate the following JAR files in the SSO folder within the My Documentum for Microsoft SharePoint installer package:

• bcprov-jdk14–140.jar • commons-logging-1.1.jar • krbhandler.jar • opensaml-1.1.jar • serializer.jar • wss4j-1.5.4.jar • xalan-2.7.1.jar • xmlsec-1.4.2.jar

b. Create a new shared library for the SSO JAR files. Copy the JAR files listed inStep ato this shared library.

c. Create a JAAS login module using the Websphere console. In the console, navigate to Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > Application logins. Set the following parameters:

• Name: DFSServer

• Module name class: com.ibm.security.auth.module.Krb5LoginModule; Authentication strategy: required • Custom Properties: — credsType = both — debug = false — principal = [email protected] — useKeytab = file:///C:/dfs.keytab

Note: The value shown here for “principal” is an example.

d. Locate the authorized-service-handler-chain.xml file located in the SSO\sampleFiles folder of the My Documentum for Microsoft SharePoint installer package. Open the file in a text editor and uncomment the Kerberos Handler tag; save this file to the

e. Locate the local-dfs-runtime.properties file that you modified inStep 2ofEncrypting the super user password, page 20. Copy the local-dfs-runtime.properties file to the dfs.ear\APP-INF\classes and spa.ear\APP-INF\classes folders.

6. Package the EAR folders back to EAR files. If the folders reside on the DFS server, the folders can be deployed using the console without being packaged back to EAR files.

(34)

7. Deploy the EAR files by using the Integrated Solutions Console with the default values. Ensure that the deployed applications have references to the shared libraries.

8. Restart the WebSphere application server. The next step is torun the MDSP installer.

Installing My Documentum for Microsoft

SharePoint

My Documentum for Microsoft SharePoint must be installed on each WFE in the SharePoint farm.

To install My Documentum for Microsoft SharePoint on host machines:

1. Locate the EMC My Documentum for Microsoft SharePoint file that was downloaded during preinstallation (seeObtaining the installer files, page 17). Extract the file.

2. Launch the installer executable (setup.exe).

3. A Welcome message is displayed, listing the software that will be installed. Click Next.

4. The system detection screen lists the prerequisites for the MDSP host machine. Before proceeding with installation, you must verify that the host meets these requirements by clicking Test.

• If all prerequisites are present, click Next to proceed with installation.

• If you need to install some prerequisite applications before proceeding with MDSP

installation, click Cancel. Confirm that you wish to abort installation, and click Finish to exit. • If you receive Failed or Unchecked test results, click Cancel. Confirm that you wish to abort

installation, and click Finish to exit. Install the necessary prerequisites and then return toStep 2.

ConsultYour system fails the test for installation prerequisites, page 90for guidance relating to installation issues.

5. Click Install to begin installation.

6. You will receive confirmation when installation is complete. Click Finish to exit the wizard. Now proceed toDeploying the solution in Central Administration, page 34.

Deploying the solution in Central

Administration

After the MDSP application is installed, it must be deployed to the farm or to specific web applications in the farm. This is an asynchronous process that can be scheduled at a specific time in order to reduce the load on the target servers. You must have Site Collection Administrator and SharePoint server host Administrator privileges in order to perform this procedure.

(35)

To deploy the solution to the farm:

1. Log in to Central Administration on SharePoint.

2. From the Operations tab, select Solution Management under Global Configuration. The Solution Management page appears, listing all of the solutions in the farm. 3. Select the My Documentum for Microsoft SharePoint solution by clicking on

emc.sharepoint.mydocumentum.wsp. The Solution Properties page appears.

4. Click Deploy Solution to globally deploy this solution to the farm. The Deploy Solution page appears.

5. Choose when to deploy the solution. By default, the solution will be deployed immediately, but you can defer the deployment to a certain date and time if the load on the target servers is a concern.

6. Select either the entire farm (by selecting All content web applications) or a specific web application and port number to which to deploy the solution.

7. Click OK.

The status of the solution changes to Deployed. The next step isModifying the web.config file, page 35.

Modifying the web.config file

To configure the web.config file for MDSP:

1. Navigate to C:\Inetpub\wwwroot\wss\VirtualDirectories\<port number>. The default port number is 80.

2. Open the web.config XML configuration file for editing. 3. Uncomment the “Session” entry in <httpModules>:

<httpModules> ...

4. Change enableSessionState from “false” to “true” as follows: <pages enableSessionState="true" enableViewState="true"

enableViewStateMac="true" validateRequest="false"

pageParserFilterType="Microsoft.SharePoint.ApplicationRuntime.SPPageParserFilter, Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral,

PublicKeyToken=71e9bce111e9429c" asyncTimeout="7"> 5. Save and close the file.

After completing this task, perform an IIS reset. Then proceed toActivating the feature in SharePoint, page 36.

(36)

Activating the feature in SharePoint

After the solution is deployed, perform the following two tasks in SharePoint: • Activate the My Documentum for Microsoft SharePoint feature on each WFE.

You must have Site Collection Administrator and WFE Local Administrator privileges in order to perform this task.

• Populate the MDSP Web Parts to the site(s).

You require Full Control permission on the site(s) to which MDSP is populated.

To activate the My Documentum for Microsoft SharePoint feature:

1. Launch SharePoint.

2. From the root site of the site collection, open Site Actions (from the top right-hand corner of the screen). Choose Site Settings > Modify All Site Settings.

The Site Settings page appears.

3. Select Site collection features under Site Collection Administration.

The Site Collection Features page appears with a listing of all features currently deployed to this web application.

4. Locate the My Documentum for SharePoint feature and click Activate.

The feature’s status changes to Active. The My Documentum for SharePoint menu now appears on the Site Settings page.

Note: In a multi-WFE environment, activating this feature on the first WFE may appear to activate it on all WFEs in the farm. If this occurs, you must first deactivate the feature on subsequent WFEs and then activate it to ensure that the resource file on the local server is updated properly. Proceed toCompleting the solution configuration, page 36.

Completing the solution configuration

After activating the My Documentum for Microsoft SharePoint feature, perform the following configuration tasks:

• Identify the DFS server

• Assign libraries to the Web Parts

To configure MDSP for DFS:

2. From the root site of the site collection, open Site Actions (from the top right-hand corner of the screen). Choose Site Settings > Modify All Site Settings.

(37)

4. Input the URL for the DFS host. The default URL for DFS is http://<DFS host>:9080/services, where <DFS host> is the server name or IP address.

Note: For SSL connections, be sure to use an HTTPS URL for the DFS path rather than an HTTP URL.

Click Test to verify that the path is valid. 5. Click OK.

Now follow the procedure below to choose the Documentum libraries that will be accessed by the MDSP Web Parts.

To assign libraries to the Web Parts:

2. From the root site of the site collection, open Site Actions. Choose Site Settings > Modify All Site Settings.

3. Choose Library manager under My Documentum for SharePoint.

4. Select the libraries in Documentum Content Server that the MDSP Web Parts will access. 5. Click OK.

The next mandatory procedure isSetting the Java memory allocation, page 37.

Setting the Java memory allocation

Application servers can slow down, throw exceptions, or crash with an application that has a large number of Java Server Pages. Thus, to avoid memory and performance issues, EMC Documentum recommends that you set the Java heap size on the application server hosting DFS to 1024 MB. The following procedure pertains to default DFS installations, wherein DFS is automatically deployed to the Content Server host on JBoss. Revise this procedure accordingly if you have installed DFS on a separate host and/or deployed it on a different application server.

To modify the Java heap size on JBoss:

1. On Windows, open %DCTM_HOME%\jboss4.2.0\server\startMethodServer.cmd. 2. Change the following:

set USER_MEM_ARGS=-Xms256m –Xmx256m –XX:PermSize=64m –XX:MaxPermSize=

256m –Xss256k –XX:+DisableExplicitGC –Xrs to:

set USER_MEM_ARGS=-Xms1024m –Xmx1024m –XX:PermSize=64m –XX:MaxPermSize=

256m –Xss256k –XX:+DisableExplicitGC –Xrs 3. Restart the Documentum Java Method Server service.

(38)

Setting logging permissions for the Application

Pool account

To ensure that the MDSP Web Parts can be successfully added to a site, logging permissions need to be set. You have three options available; choose the option that satisfies your organization’s security requirements:

• Add the Application Pool account user to the local administrators group.

• Create the MDSPLog folder at C:\inetpub\wwwroot\wss\VirtualDirectories\<port number>\ and give the Application Pool account user Write permission to this folder.

• Give the Application Pool account user Write permission to

C:\inetpub\wwwroot\wss\VirtualDirectories\<port number>\. MDSP will automatically create the MDSPLog folder at this location.

If you are not using Kerberos SSO in your environment, this concludes the configuration procedures that are required as part of MDSP installation. You should now restart the DFS server. Then proceed toChapter 4, Configuring Documentum Web Parts.

If you are using Kerberos SSO, proceed toCompleting SSO configuration, page 38.

Completing SSO configuration

While some SSO configuration was performed during EAR file deployment, the following procedures are required to complete SSO configuration and ensure that this functionality operates successfully: • Setting up LDAP authentication in Content Server, page 38

• Enabling SSO in the cssp.config file, page 42

The following procedures assume that you have deployed DFS in the default manner. That is, DFS is deployed automatically by the Content Server installer and it resides on the Content Server host. JBoss is the default application server in this scenario. If DFS is deployed on a separate host from Content Server, the paths referenced in this section will change accordingly. The Documentum

Foundation Services Deployment Guide provides details about the different deployment scenarios

available with DFS.

For a default DFS deployment, the DFS application resides in this root folder:

C:\Documentum\jboss4.2.0\server\DctmServer_MethodServer\deploy\dfs.ear\. The deployable package, dfs.ear file, is unpacked into the dfs.ear folder.

Setting up LDAP authentication in Content Server

Lightweight Directory Access Protocol (LDAP) authentication is used to bind the Content Server to the Active Directory and synchronize user accounts from Active Directory to Content Server. You use Documentum Administrator (DA) to perform this procedure. Consult the Documentum Administrator

User Guide or online Help for information about adding or modifying an LDAP server configuration

for this purpose. The following procedure outlines the specific details relating to SSO and is intended to augment, not replace, the DA documentation.

(39)

To configure the LDAP server for SSO:

1. On the Info tab of the LDAP server configuration, follow these guidelines: • Assign a Name that identifies this as an Active Directory configuration. • Select Enable this LDAP Configuration.

• For Directory Type, select Microsoft Active Directory from the list box.

Complete this tab according to the Documentum Administrator documentation. Here is an example of an appropriately completed Info tab:

(40)

2. On the Sync & Authentication tab, select Use DN stored with user record in repository from the Bind to User DN list box.

(41)

3. On the Mapping tab, configure the LDAP server so that Content Server can synchronize the user accounts with the Active Directory service.

Complete this tab according to the Documentum Administrator documentation. Here is an example of user and group mapping that illustrates how all accounts with company=myCompany are synchronized to Content Server:

(42)

4. Under property mapping, map the following properties:

• user_os_domain: This is the Active Directory’s domain name. It must be in lowercase letters. • user_os_name: This is the logon name in Active Directory, which is represented in the

sAMAccountName attribute in LDAP.

• user_login_name: Documentum users use this property when logging in to Documentum applications. While user_login_name can be any valid value, it is recommended that you map sAMAccountName as user_login_name. With this setting, Documentum users can use the Active Directory’s logon name to log on to Documentum applications, such as Webtop. Note: Ensure that user_login_name is in Kerberos principal format: primary@REALM, where REALM is in upper case letters.

5. Click OK when you have completed configuration of the new LDAP server.

6. Enable the dm_LDAPSynchronization job. By default, this job is installed in inactive state; you should verify that its property settings are suitable and then activate the job. Consult the

Documentum Administrator User Guide or online Help for more information.

Content Server uses the dm_LDAPSynchronization job to synchronize the entries in the directory server and the repository.

Enabling SSO in the cssp.config file

SSO must be enabled in the cssp.config file, and the DFS Service Principal account needs to be specified.

To configure SSO in the cssp.config file on the MDSP server host:

1. Navigate to C:\Program Files\Common Files\microsoft shared\Web Server

Extensions\12\TEMPLATE\LAYOUTS\CSSP\Config. 2. Open the cssp.config file for editing.

(43)

3. Enable SSO by changing:

<add key="EnableSSO" value="false" /> to:

4. Add the DFS Service Principal account to the following entry:

<add key="KerberosServiceAccount" value="[email protected]" />

Ensure that this account name matches the principal name configured inStep 1ofEncrypting the super user password, page 20. The value “[email protected]” above is an example. 5. If desired, you can modify the default value of <SessionTimeout>. This setting sets the session

time-out value for SSO; the default value is 1440. 6. Save and close the file.

(44)

(45)

Configuring Documentum Web Parts

This chapter contains the following sections: • Overview, page 45

• Add a Web Part, page 46

• Remove a Web Part, page 48

• Modifying Web Parts, page 49

— Modify Web Parts overview, page 49

— Modify a shared Web Part, page 51

— Modify my Web Part, page 61

• EMC My Documentum for Microsoft SharePoint, page 66

• My Documentum for SharePoint Site Settings, page 67

— DFS path configuration, page 68

— Library manager, page 68

— Advanced features configuration, page 70

— Property display options, page 72

— Column header settings, page 74

— Display options, page 75

• Documentum Library, page 77

• Documentum Search, page 79

Overview

Only the administrator of a SharePoint site can add My Documentum for Microsoft SharePoint to a SharePoint site. Web Parts you add to a site inherit common property settings (Appearance, Layout, and Advanced properties) at the site collection level and impose the same view against all end users accessing the site. Only administrators can modify the shared view. End-users can modify the personal view to suit their individual viewing preferences. Common property settings inherited by Web Parts on all sites are configured from Documentum Content Services. For further details regarding each service, refer toMy Documentum for SharePoint Site Settings, page 67.

(46)

The shared view or the individual view for a Web Part added to a site can be modified anytime. Although you can override site collection settings in an individual Web Part, you cannot specify separate settings at the site collection level.

DFS must be configured for My Documentum for Microsoft SharePoint to connect to the Documentum Content Server and to configure correctly each Web Part. Contact your system administrator to configure DFS if it is not already configured.

All Web Parts can be connected to one or more libraries and Documentum Search can be used to search multiple libraries.

This chapter describes how to: • Add and remove Web Parts.

• How to configure site collection settings of common properties inherited by Web Parts on all sites. • How to modify common properties as shared/viewed by all end users.

• How an end user can modify shared site settings, of common properties made at the site collection level, to suit their viewing preferences.

Subsequent chapters describe the various Documentum Web Parts.

Add a Web Part

You can customize the page layout when you add a Web Part to a site. The desired Web Parts can be added for example to the left zone/side or to the right zone/side of the page. Web Parts added to the left or right galleries can be dragged and dropped between the two galleries as necessary. Drag and drop can also be used to reorganize quickly the order of the Web Parts in either gallery.

To add a Web Part without opening the tool pane:

1. Navigate to the site to which you want to add one or more Web Parts and select Site Actions > Edit Page.

Figure 3. Example of selected site

The screen refreshes displaying a Left and a Right gallery with the option to Add a Web Part at the top of each gallery.

(47)

Figure 4. Edit page for selected site

2. Click Add a Web Part on the Left or on the Right gallery depending on which side of the page you want the Web Parts displayed.

The respective Add Web Parts to Left or Add Web Parts to Right dialog box is displayed. 3. Select the checkbox for those items that you would like displayed on the page and click Add

to accept.

4. Optionally, you can move Web Parts between the Left and Right galleries using drag and drop. Web Parts in either gallery can also be reorganized using drag and drop.

Click the name bar of the Web Part to drag and drop. 5. Click Exit Edit Mode to see the results or new layout.

Options in the edit menu, for each Web Part added, include the following actions in the shared view or in the personalized view. The edit menu in the personalized view when you select Show Personal View does not allow users to Delete a Web Part. The option to Delete is however available to administrators only in the shared view.

(48)

Figure 6. Changing the shared view to the personal view

Figure 7. Web Parts personal view edit options

Remove a Web Part

Any Web Part, you do not want to display, can be removed from the page by closing it. There are two ways you can close a Web Part, by selecting the Edit Page option or by selecting Close from the listbox next to the Web Part name.

Note: A closed Web Part is hidden from the site. Closed Web Parts can be added back to the site at a later time. The EMC™ My Documentum™ for Microsoft SharePoint Installation and Configuration Guide explains how to delete a Web Part permanently from SharePoint.