Quickly make a LL System without all the document data

Today I wanted to learn the new Distributed Agent framework in Oscript. To do that I quickly rigged up a VM and had a  oracle export done and imported so it looked like something  with some structure.I looked at the EFS attached it was our DEV machines and it had gigs and gigs worth of data.How do I get categories form this system without copying all that trash so I wrote a query to find all files in the category

.2016-12-06_13-40-50

Notice if I could get just those files needed into my VM it would work so after I put them in Excel and derived a formula I put them in Notepad++.The xCopy with the * creates the hierarchy so that I could copy the small category version files all in all about 1.76 MB very easily.

2016-12-06_13-44-46

so it created the necessary structure (So I don’t have to mess with the table entries)

2016-12-06_13-49-21

after I put them under my new VM’s  file path I can see my categories fine

2016-12-06_13-50-53

I am pretty sure I can do this for WF maps,form templates and such like but have to learn DA

Advertisements

OH MY SAP

Between 2009-2012 I was instrumental in architecting a very large RMlink implementation.I was mainly hired for setting up livelink.livelink RM,archive server.My peripheral duties included acting as SME to the RM link implementation.Further the customer decided they would make use of two OT products one livelink and the other Artesia(DAM) both  would sit in the SAP netweaver and be visible based on the employees roles.I know nothing about all that.Slowly but surly I began to understand that livelink a.k.a Content Server is going to be the brains and Archive Server was going to be the brawn in this implementation.The RCS tomcat stack at best could be described a nuisance or so I thought because once it started misbehaving there was nothing you could do other than uninstall.On top of it we were forced to work on a AIX(Unix) archive server implementation.We had specific archive server things that we had to maintian for that to work and with every patch RCS it overwrote everything we had configured.I figured out that RCS was basically using servlet/java code to call livelink that is pretty much it.It would be called “Enterprise library”,ELItem,ELVariant what not but the real fact remains that it is in dtree with a subtype that is known to most livelink people.At a pre -go live meeting a bombshell appeared in the form of a SAP consultant(big manager kind of guy)  who said how are you going to handle the authentication ticket from SAP for livelink & Artesia? Upto that time we had created a IWA implementation of livelink replete with LDAP(AD) SSO and we thought that would be it ,the SAP netweaver user and the livelink user is using the same AD and hence would basically be in the same env not challenged by AD.No the manager insisted that livelink and artesia need to work based on the ticket given to you from SAP.It looked like either the manager knew what he was talking about or he just wanted to show off stuff.Everybody started looking at me and I really had nowhere else to look.Luckily a very experienced  person came to the rescue and said to me that SAP produces mechanisms for all commercial webservers including IIS & Java stacks.  

Now we started in earnest burning the midnight oil and I had a very great apprentice  at that time.I would say he is very good

He started getting the IIS web server loaded with the SAP filter it is like the llisapi.dll that we use in livelink and when it works it needs a certificate form the sap instance that is going to decrypt the cookie.Then we tried writing it to REMOTE_USER which it wrote as http_remote_user.I think REMOTE_USER is a variable that you cannot rewrite.In any case we change the livelink to look for that environment variable voila we had SSO based on MYSAPSSO2 in place.Phew.Firefox plugins,Fiddler,Wireshark and a general understanding of what goes and comes where is what on would need to crack things of this nature.BTW I saved all my work in a drive which I have since lost so some of this is from memory.My knowledge of how livelink handles authentication really helped in making this solution.thanks you builder for that.

I later customized the livelink look and feel and removed most unwanted stuff so the real estate was there for people to work

For artesia we had to take the java class file and retrofit the login again this java file would not work in a regular package declaration like one would do.It was not common knowledge and I basically resorted to Reflections code and got it to work.I got in touch with a SAP SDN member who actually said I should use a particular package that SAP produces or not use a package declaration at all.So go figure.Nothing that SAP gives you in documentation says that.So go figure .You could say OT & SAP are birds of the same feather when it comes to hand holding examples.

In the current setting the OTDS conundrum that you load in RCS will handle the SAP logon ticket.I have not yet had the need to make OTDS work in my job so I hope it is easy and past the buggy stage that I have known to associate RCS with .Our OT ECMLink/RM link people always thought livelink impersonation was SSO which again I fought with them telling no they are actually different.In any case the customer did not do ECMlink when I was there other than trial runs.I am sure the java code stack is much better nowadays.

I hope reading this will help somebody in my same shoes

Single Sign On and Content Web Services for a livelink server

04/28/2016 Why am I keeping this ?This is obsolete like hell

04/17/2013 APPU—–NOTE THIS IS OUTDATED INFORMATION BUT SETUP WISE IT WILL HELP.

IF YOU ARE ON A UPDATE LEVEL 9 AND UP YOUR EXPERIENCES WILL GREATLY BE IMPRESSED

IF YOU ARE A NOVICE TO INTEGRATED WINDOWS AUTHENTICATION (IF YOU RUN LIVELINK IN WINDOWS IIS AND USE AD FOR THAT)LEARN THAT FROM THE WEB AND UNDERSTAND THAT LIVELINK USES THAT UNDER THE COVERS(OSCRIPT CODE IN DIRECTORY SERVICES MODULE) TO GRANT YOU SINGLE SIGN ON.I AM YET TO TRY MY HANDS ON JAVA BASED OTDS(RCS) BASED DIRECTORY SERVICES

Many users who know me from my contributions ask me to write code that helps with their livelink problems.In many cases it is very new programmers who get assigned to write these.They expect almost without success to find snippets of livelink webservice code thru google etc.I have not frankly understood programmer hurry like this but when you program it does not hurt to put a rational outline on what you are trying to do.In any case OT official dom is very notorious for non hand holding.In fact when I first started writing Dr Lapi I seriously doubt if there was a working sample of lapi code you could find in the web.Now that they have started to tell people not to use LAPI they need to put a lot of working examples as a livelink implementation can become very complicated over years of use and maturity.Also customization can alter ways of its working.

SSO or single sign on is not impersonation in livelink.If you have a ID in livelink with System Admin privileges it is very easy to gain access to livelink and do things as another user.While that sounds very insecure the actions are all audited.It is available in Unix,MS and many other applications hence impersonation is nothing to be considered as lowly.However I take exception when you advertise impersonation as SSO.

SSO is mostly applied to a company Intranet.When people and computers need to be managed they would employ a directory server which usually understands the LDAP protocol.In MS centred organization you would hear as Active Directory,in novell it is NDS,in IBM it may be a Domino or is it Tivoli? server,in SUN /ORACLE places it could be their ldap server.When you sign into a domain held computer unbeknownst to you you have established a trust between your device and the company network.So any other application need to trust you for what you are.that is proper SSO.In web application when you hit a IWA enabled website your browser exchanges a 401 challenge which when successful will populate certain environment variables the famous one REMOTE_USER.In a proper livelink SSO exchange we take that env variable and sign you in.In the livelink database such a user would be called a ‘Externally Authenticated’ user.

Well here’s how I got my CS10 Update 6 VM working with SSO code.I write a long word document detailing my challenges but this is the best short way I can give to the community.My research material is uploaded in the communities web site.In retrospect OT is expecting you to use the OTDS java web server maybe to get applications to integrate.That is when you hear terms such as RCS etc.

LIVELINK SETUP

  1. I configured otdsintegration to use webserver authentication.Meaning otdsintegration oscript module allows you a radio button to do web server authentication.I did not configure OTDS(RCS) as I do not have a domain and AD in my VM.
  2. I made the IIS VD for livelink IWA
  3. I checked whether I could login as my domain user in my case my user called ‘Administrator’ I verified what admin.testargs passed in to me
  4. I downloaded old directory services code and installed it luckily there was aversion for CS10.I had to because the otdsintegration module gets you web authentication but not web services authentication.
  5. I put my computer on IPv4 to first test it
  6. I made these changes to my opentext.ini
  7. [Security]
  8. #REM when you install directory services module you can get this ospace
  9. Authentication=NTLM
    #REM when IPV6 is installed the crazy looking things is a oscript bug and its defeat by me found thru builder
    CGIHosts=::ffff:127.0.0.1,fe80::2d54:a6cb:b5d2:b145%11 I think the code is looking for socket.pPeeraddress
  10. which is the address of the client in fact they should not do that but in IPv4 it is all OK
    #REM127.0.0.1 is added by livelink code but the computers IPv4 address
    #CGIHosts=
  11. the Web.Config changed for NTLM for the livelink webservices  application

CLIENT CODE C# SETUP

  1. App.Config reflected to the same NTLM auth as in Web.Config
  2. Added System.IO
  3. That is about it.

Client stack traces are almost impossible to understand unless you understood livelink code.Since I understood it and was able to understand what they were doing I am providing this.Your setup could vary I have no clue.

Link 1-Interested programmers could see my setup for CS10U6 here—

Link2-The C# solution containing a basic piece of code Kyle Swidrowich Created which I repurposed 🙂

Link3-Livelink Web.Config tthat you have to do for webservices

Link4-My experience when Livelink was 9.7.1wanted to write SSO code