The company I work for wants to host documents on Lotus Quickr for external vendors to view. The way it currently works is as follows: A project manager needs to retrieve the non-employee's information (name, contact info, job title, etc.), which is sent to the Lotus manager. The Lotus manager then needs to add the non-employee as a new member to the Domino server. Then the Lotus manager needs to send the login credentials to the non-employee. Lastly, the project manager needs to give the non-employee access to the relevant Quickr place.
Because this process is very slow, my manager wants to automate a portion of the process. Our ideal solution would be to build a webpage where the non-employee could fill out their information. The project manager could then look over the the non-employee's information and choose to approve, deny, or send back the information. If the information is approved, the user will automatically be added to the Domino server. Then, the project manager would add them to the Quickr place as usual. This alternative method would eliminate a few steps, a lot of time, and the non-employee's login credentials would only be known to the non-employee.
The problem is that we're not sure how to tackle this. Would it be possible to build an XPage that could be sent out publicly that could handle this? Or is there a similar solution that we could use? I am very new to Domino and Lotus, but I would be comfortable with learning any necessary APIs once I know where to begin. For reference, we are using IBM Notes and Domino Designer 9 Social Edition.
This is indeed possible. Take a look at the User Group application on OpenNTF. It includes functionality for users to register themself so that they can login afterwards.
Good luck with your project.
in addition to #stwissel's and #Thierry's answers:
you of course can build an Xpages based application through which an anonymous user could ask to be granted access to some quickr place. You'll have to keep in mind that most visitors aren't registered users for you Domino server so you need to treat them as anonymous. This could mean that for example resources like company logos or stylesheets used in you "anonymous" application forms need to be marked as available for public access users.
Then you'll have to decide how the application forms are passed on to the project manager; you could send the data using mail, which however might open up an unwanted gateway for spammers. Preferably you would store the applicants' data in a small database from which you project managers then pull all open applications.
The rest is simple and has already been layed out by #stwissel und #Thierry: use quickr's ability to maintain its own set of place-based "local" directories (btw. one of the real cool features of this otherwise dead product).
Speaking about the product: as #stwissel already pointed out this product is no longer maintained by IBM; looking at the long record of known problems quickr had with various browser updates (esp. MSIE), not to speak of future Domino server support allow me to recommend looking for an entirely different solution
http://www-10.lotus.com/ldd/lqwiki.nsf/m_Home.xsp?documentId=F26B114598D21516852577FB005171F4#mobileViewer
QuickR on Domino can allow member not in directory if option is enabled by admin. So no need to ask to lotus manager, project manager can create local member
Related
We have a (super)user who has been using VBA in an Excel spreadsheet to create and manipulate documents in a Domino database application.
The user has 'Editor' access to the application, and should normally be able to create/edit the document contents.
They have been, however, creating documents using VBA. That logic doesn't consider such important document fields as Readers, Authors, etc. .
We would like to restrict access to all Domino data so that it can only be created/modified using an IBM Notes client.
I have tried looking through the ECL, but that only restricts what 'others' do.
Since he has his Notes client available, the external logic is using his normal Notes credentials.
I have tried setting a hidden field with the Notes client and looking for that in the QuerySave event of the form design.
Unfortunately, the external code pays no attention to the form events and the save is executed despite the missing field.
Similarly, the Database Script has no bearing on the execution of external logic.
I was going to inspect the client version upon database open and restrict activity based on a variance in the version (I was hoping!).
I have de-selected the 'Don't prompt for a password...' option in the user security preferences, but that has no effect at all (suspected as much!).
The ONLY thing I have been able to suggest is to hide the database design... That's really only designed to thwart a user's efforts to understand the underlying design.
It won't prevent them from creating hundreds of thousands of documents with a fictitious form and throwing the app into disarray.
I'm hoping that there is a solution out there that I'm missing.
The user has been instructed not to undertake such activity in the future.
We were lucky that there really wasn't any malicious intent - "Just trying to be more efficient" we're told.
The effects of the activity have been remedied, and the user has been warned.
What I want to know is... how can I prevent this from ever happening again?
The circumstances are rare I know, but I would've thought there'd be a means of restricting the platforms used to manage Notes/Domino data.
Is there a way to ensure no external applications are able to access, create or modify Notes database documents?
I am currently focussing on access to Notes via COM.
I thought that, if I unregistered 'nlsxbe.dll' from the registry, that would prevent such activity - It has not.
I also tried removing the .TLB files from the Notes executable folder - removal of 'notes32.tlb' and 'domobj.tlb' have no effect at all. Removal of 'ltsci3.tlb' screws everything up (as expected!).
I'm really having no luck at all - Any/all suggestions would be most appreciated!
I'm not aware of any way to detect that a connection has been made by standalone code instead of by the Notes client, but you do have two paths available to you:
A Domino server add-in that prevents documents from being saved in that particular database if certain criteria aren't met.
An agent that is triggered to run shortly after documents are saved or modified in that particular database. The agent code can delete (or modify, if you prefer) the documents that don't conform to the required criteria.
The server add-in route would normally require coding in C, but thanks to the Open NTF Trigger Happy project, the hard part is done for you, and the rest can be filled in with either LotusScript or Java agent code that is "triggered" by the pre-written C code. You will need to have some basic knowledge of how the Notes Extension Manager interface works, but once you get past that and write your agent code to enforce your data consistency/integrity requirements, the only real hurdle is your willingness to host open source code on your server.
There may be two other possibilities, but I can't say if either will solve or deal with the issue...
In the ECL you can disable 'COM' access for the user (also known as OLE or ActiveX) automation since VBA access is usually via COM. This has stopped Notes using external COM access for me, but I don't know if also prevents VBA using Notes. Additional steps may be needed to enforce the ECL and apply to the specific users.
There is an (old) notes.ini 'DisableExternalApps' (or something similar) that disables some external access. This can affect many things (DDE/Prompts/#dblookups) but again I don't know if this will disable VBA/COM and its not user specific, but server wide.
I would have thought that removing the nlsxbe.dll or restricting access to execute it might work, but the ECL may be the best bet.
Alternatively, rather than add hidden flags to your design (and the documents), and then delete the offending documents, your agent could apply the correct author/reader fields to the documents instead.
Very tricky. Did you find a better solution?
Is it possible to convert a .nsf Domino Web Application to HTML? I need the application making available offline without the use of a Domino server. To elaborate on this, we have an external company that host a domino application for us, a document management system. They are soon going to pull the plug on the server and have sent us a .nsf file. If we had a domino server it would be great, we could just place the file on the server. But the problem is that we don't. That is why I was hoping if there was a way to extract all the content so that it could run without a domino server, just as a bunch of HTML files, we don't need the functionality of the DMS, we just need to be able to view the content.
Thanks
If it is an application with logic and actions built on Domino's programming framework, and not just a set of static pages, then the answer is no. First of all, because HTML is just a markup language, not a programming language or framework. And secondly, because the various attempts that have been made to build tools to migrate Domino applications to other frameworks have generally not been very successful. GBS has tools to migrate traditional Domino applications to XPages, but that's probably not what you want.
If the site is static you could copy it using a web site copy tool like HTTrack: http://www.httrack.com/
The tool crawls the entire site and generates HTML pages.
Using the Notes client, create a local replica of the database. With that database open in Notes, click on Actions in the top-line menu, then Preview in Web Browser, and choose Internet Explorer. You may need to change the ACL to allow Anonymous to have Reader access. If the data needs to be secure, create a local copy instead so that you can modify the ACL without putting the production copy at risk.
You can download the Notes designer client from IBM with no restrictions as well as the Notes and administrator clients with a 90-day evaluation period.
We have a legacy Lotus Notes application that we want to see if we can make an improvement, first by making a test environment for this application. Currently the application is located on the main server and being replicated every 15 minutes to the web server. The replica on the web server has different forms and views since they are adjusted to display the information on the web browser (in my understanding)
I have made a new copy of the application that is on the main server without any problem. I had some problem replicating it to the web server since I do not understand what will happen to those element design that are not being used in the application on the web server. So what I did was replicating the application from the main server to the web server, then deleted all the design elements on the web test then copy all the design elements from the production environment to the web test.
By doing that I was able to get into the login page then log in. After I login, the frameset that suppose to display the default view giving this error message 'HTTP Web Server: Couldn't find design note'. First of all, I thought this is normal since I could not find the view in the database and that confused me since the live system works without that view present on the database BUT when I tried to access a view that I know present on the database, I still get the same error.
So after all that I opened the web test application on a Lotus Notes client. I can open the views that are exist. Now at this point there are 2 things that I am very frustrated about:
The live system works even when the code specifically mentions views that I cannot find from the Domino Designer. It just does not make any sense
As a test I created a 'Test' view on the web test application. Basically I just told it to fetch one of the form called 'WORec' that contains Work Order information. Into my surprise, the view opens up on the web browser but shows no result, which frustrates me even more since the view 'WOByName' gets all the Work Orders just fine. These 2 views have the same selection formula, so I really do not understand why 1 view is able to show data where the other does not. Moreover if I tell the test view to fetch all the documents in the database it only fetch those documents that are not 'WORec' form
I know this is long but if I can get some pointers on what I am doing wrong here. I am just trying to create a test environment. Unfortunately I never dealt with Domino web application or a replication that completely has different element design.
Let's start with the test view.
When you created the view, you need to first verify it is a Public view. Private views or Shared Private on First Use (SPOFU) views are not what you want here.
also, verify the name and alias of the view is unique to your database.
Next, verify your selection formula is correct.
use formula, instead of simple so you can actually see the formula. e.g.
SELECT #UpperCase(Form) = "WOREC"
Refresh your view designer (F9) - do you see your records coming through?
also, make sure the view is not hidden from Web clients... you will see this in the designer client, when looking at a list of views - a column indicating whether or not it is hidden from web clients, note clients, mobile clients, etc.
if not, open one of the documents up. Show properties, verify the form property in the box (2nd tab), matches the value "WORec". If not, correct your view selection with the correct form name spelling.
Next, you need to make sure you are allowed to view this from the web.
Open the Access Control List (ACL) and add "anonymous" as reader or above.
Open the view in Designer, and Preview it in web browser.
As for the "Couldn't find design note" message - that's not good. You definitely are missing design elements. Whether this is due to a selective replication formula issue, or acl issue, or whatever, is hard to tell. But if you have a Notes thick client and a separate web version, I would recommend different databases (or master templates) and not trying to use selective replication to handle that sort of thing.
As I understand it, you replicated the database then deleted all design elements and manually replaced them by copying from the production web replica. Instead, you should have made a template from the production web database (by doing a design-only copy), and then you should have used the 'Replace Design' feature to update the test web database from that template.
As an aside: an application built the way you describe (two replicas on separate servers, each with a different set of design elements) is a pretty bad implementation. It may have been done in the very early days of Domino, before the "Hide from Notes client" and "Hide from Web" properties were available at the design element level. Or it may have been done deliberately for "security purposes" (which I put in quotes because relying on Domino design element to enforce security on a Domino web application doesn't really make the application any more secure). You may be stuck with this... but you may not be. So before you try to improve or enhance this application, I think you should look into using the "Hide from... " properties on the design elements.
On the other hand, if you stick with the current design, I do want to mention that you're going to need to make sure the ACL settings and selective replication settings on your main and web test replicas match the ACL selective replications settings on the corresponding production replicas. Otherwise, you'll end up with a jumble of design elements when the test databases replicate across servers.
I suggest you to make a new copy of the Notes Database that is on your web server to your test server.
try to open in with your browser and check that all is OK.
open this copy in designer and check that it contains the views that you didn't see previously on test.
I'm not sure that you have really 2 different designs (one for webser different from the one of your main server) so:
- on the main server: open the File/Replication/Option for this application. In advanced, check When web server receives from .... if the design elements is checked.
if not it makes sense that there are TWO different design versions.
Maybe the view you didn't find (on the web server) restricts use? to check this:
- In the view (on the main server) check in the properties of the view the tab with a key "all readers and above". If it's uncheck THIS is the reason why they don't exist on the web server AND that you don't see them in the designer:
If your don't have the role or are not the person which can "who may use this view" you don't see the view and can't copy it.
To correct this simply enter the ACL (file/Application/Access Control) and grant you the corresponding role.
I hope I helped
Is there a utility, plugin, application that can help an admin of a Lotus Notes(v6.5 Client)/Domino (v5) server to trim the fat from the database? But it needs to skip certain Users. I found the following tool: http://www.virtualobjectives.com.au/notesdomino/mailboxcleaner6.htm
I really do not know anything about administrating the backend of lotus notes. And I am not sure if the above utility will allow me filter the users.
This would've been better served in ServerFault.
You don't need a 3rd party tool, Notes already comes with archiving.
You can enable scheduled archiving. Bring up the Archive Settings in database properties. Enable and customise an archive profile i.e. archive messages old than N days. And finally make sure you select "Just clean up this database without archiving".
For more details check out Lotus Notes help pages.
We're planning to use Sharepoint 2010 as a CMS for a website we're building. This site will also have login functionality; and my boss suggested we use Sharepoint's user profile features to store user info (username, password, contact info, etc.) for the site. How is this better then say using a standard list or a database table somewhere? I'm looking into how this could possibly work; but has anyone here tried something similar? Any anecdotes about it you could share? Any constructive input is greatly appreciated.
Thanks,
Frank
You asked for anecdotes. I have an anecdote.
A while back, I was trying to set up a Sharepoint server that exposed users' personal pages to the Internet at large. We wanted to allow authenticated access, but not to require it; that is to say, normal users would have read-only access and additionally the ability to submit InfoPath form data to Sharepoint libraries created to receive the results. The users could thus post public information and create public surveys using Infopath web forms.
When I went to make access public, I ran into a few problems. The "unauthenticated users" option on the preferences page of the document library was greyed out, even when I was logged in with a super-admin account.
In the end, I had to do a little bit of URL hacking to make this work. I had to change "DOC" to "DOCLIST" in the URL I used to access the preferences page (not that exactly, but something like that) and then the "everyone" option became available. In other words, there was actually no official way to do what I was trying to do.
The whole thing left a really sour taste in my mouth about Sharepoint for Internet-facing sites. See also things like this. Sharepoint is really designed for Intranet use only. As an additional downside, it is much more resource-hungry than normal CMSen. A full Sharepoint install can, without a single user, choke a pretty powerful virtual machine. I can't comment on its scalability as I've never done a really large rollout, but I can say that the indexing service is pretty heavy on the CPU.
Seems to me that LDAP would be a better way to store information on users; if you're using Sharepoint, you've probably already got an AD infrastructure. AD stores user profile info in LDAP anyhow - what you see in "Active Directory Users and Computers" is just a glorified LDAP browser.
Here is my initial toughts:
PRO: It's "easy" to merge infomation from outer sources like your AD, to be stored with the "other" user information in order to be displayed using the same means.
CON: I haven't come across a FBA Membership provider for User Profile Store.