Tag: LAPI

HTTPS with Webservices in Livelink

Contrary to stuff that I do this post is basically something I hacked together to make it work.I must have received at least 50 emails for several web services questions.In the absence of OT providing good easy to understand hand holding examples I offer these.If OT ‘s thinking is basically to code a web service a developer needs to take paid training all those things have come to pass.Almost every programming language snippets are available and so there is an expectation that the Vendor provides proper code samples.What I think they should start putting quality samples like what Jason is attempting &  conducting webinars .They could do several official things such as how to code when RCS is present, what is the difference between Enterprise Library Services & Livelink web services,How does the new OTDS come into authenticationg into livelink,What one should do and not do,many things the livelink programming community needs help on.This in my mind will ensure a good talent pool of programmers out there who would do things as OT intends to.

I naturally like to understand what I am doing unfortunately in this installment I have resorted to mostly ‘trial & error’

HTTPS and Livelink Web Services code

As we learned on our SSO attempt and livelink web services this time we start with this

Part 1

  1. Make VM IPv4 and disable IPv6 it should work for IPv6 provided you do the stuff in my previous blog.
  2. Make sure the IIS7 livelink webserver is functioning fine
  3. Make sure anonymous(livelink) authentication is fine  i.e.’ we can login as the powerful ‘Admin’ and the right password.
  4. Now with our baseline favorite Kyle Swidrowich’s piece of code start making it work without https
  5. We then make IIS HTTPS. Note you cannot make a webserver https commercially without shelling some money.HTTPS needs a certifying authority. For purposes of demonstration I will be using Microsoft’s self-signing certificate. Self-signing certificates are the same secure protocol other than the fact that a commercial company will not stand by it. Products such as archive server uses self-signing certs and OT bundles a signer program so I have used it many times to create closed loops between SAP ,livelink and archive server. For the completely uninitiated a secure transmission means only with the private key can you decipher the communication between the browser and the application so snooping with fiddler/wire shark etc. will give you a lot of garbled messages.
  6. So we manage to login as HTTP on that livelink

Again VC#, At this point this looks promising, Now add quickly DocumentManagemnt.svc and ContentService.svc as well Try Kyle’s code and make it work for HTTPS .Perfect everything works we added the document

Part 2

Making IIS HTTPS

I used this site and followed that

see how simple it was for me a non MS/IIS person to figure this out that is what we sadly lack with OT.

BTW word press cannot do embedded images from my word document.I have the word document replete with screen caps in communities.

And this Now for good measure we need to remove http

If you remember a posting I made and Guy Pomerleaux commented if you have http and https running and OT web services code  is accessed you don’t really know you are talking https unless you do this. To keep it simple my livelink is now HTTPs Web GUI or web services. Perhaps if you leave a http listening port this would make your coding easier, but since I am doubtful which protocol will be used I resort to this.My builder program reports HTTPS=on that tells me everything is SSL.

We say yes to the IE warning and proceed to our newly created Livelink website which is now on HTTPS

We have cert errors even after we import the cert to keep IE happy

But I guess it will complain until I paid VeriSign or Thawte some money Perhaps readers can pool some money and buy me a certificate J for all practical purposes I am https

When I try to change my web service references we get this

I say yes

I got this and plenty of yellow looking errors at the livelink web services server when I tried to call the web service. Too many to list and too unknowing to comment on the mumbo jumbo.Essentially at this point I am trying on the server to get this service created.

https://appuw2k8vm/les-services/Authentication.svc

Several errors ensued which I basically got around by removing all traces of places I thought was written for HTTP stuff.

So I remembered form my 9.7.1 that there is some SSL binding stuff we have to do on the web services on the server. So we make a copy of the Web.Config and try it.

Mostly if you remove everything that did not contain SSL and enable the SSL stuff it should work.

Also could not establish trust relationship means you have to install the certificate into the trusted certificate store

A working Web.Config you can find a working app.config you can also find. I am not able to explain the mumbo jumbo as it is mostly trial and error. I hope if any OT knowledgeable people read this they would conduct a webinar on how to do this.

Link 1 The above article replete with screen caps as a word doc

Link 2 The Web.Config that goes on the web services install that works for me 

Link 3 The App.Config from my C# application

Advertisement

Single Sign On and Content Web Services for a livelink server

04/28/2016 Why am I keeping this ?This is obsolete like hell

04/17/2013 APPU—–NOTE THIS IS OUTDATED INFORMATION BUT SETUP WISE IT WILL HELP.

IF YOU ARE ON A UPDATE LEVEL 9 AND UP YOUR EXPERIENCES WILL GREATLY BE IMPRESSED

IF YOU ARE A NOVICE TO INTEGRATED WINDOWS AUTHENTICATION (IF YOU RUN LIVELINK IN WINDOWS IIS AND USE AD FOR THAT)LEARN THAT FROM THE WEB AND UNDERSTAND THAT LIVELINK USES THAT UNDER THE COVERS(OSCRIPT CODE IN DIRECTORY SERVICES MODULE) TO GRANT YOU SINGLE SIGN ON.I AM YET TO TRY MY HANDS ON JAVA BASED OTDS(RCS) BASED DIRECTORY SERVICES

Many users who know me from my contributions ask me to write code that helps with their livelink problems.In many cases it is very new programmers who get assigned to write these.They expect almost without success to find snippets of livelink webservice code thru google etc.I have not frankly understood programmer hurry like this but when you program it does not hurt to put a rational outline on what you are trying to do.In any case OT official dom is very notorious for non hand holding.In fact when I first started writing Dr Lapi I seriously doubt if there was a working sample of lapi code you could find in the web.Now that they have started to tell people not to use LAPI they need to put a lot of working examples as a livelink implementation can become very complicated over years of use and maturity.Also customization can alter ways of its working.

SSO or single sign on is not impersonation in livelink.If you have a ID in livelink with System Admin privileges it is very easy to gain access to livelink and do things as another user.While that sounds very insecure the actions are all audited.It is available in Unix,MS and many other applications hence impersonation is nothing to be considered as lowly.However I take exception when you advertise impersonation as SSO.

SSO is mostly applied to a company Intranet.When people and computers need to be managed they would employ a directory server which usually understands the LDAP protocol.In MS centred organization you would hear as Active Directory,in novell it is NDS,in IBM it may be a Domino or is it Tivoli? server,in SUN /ORACLE places it could be their ldap server.When you sign into a domain held computer unbeknownst to you you have established a trust between your device and the company network.So any other application need to trust you for what you are.that is proper SSO.In web application when you hit a IWA enabled website your browser exchanges a 401 challenge which when successful will populate certain environment variables the famous one REMOTE_USER.In a proper livelink SSO exchange we take that env variable and sign you in.In the livelink database such a user would be called a ‘Externally Authenticated’ user.

Well here’s how I got my CS10 Update 6 VM working with SSO code.I write a long word document detailing my challenges but this is the best short way I can give to the community.My research material is uploaded in the communities web site.In retrospect OT is expecting you to use the OTDS java web server maybe to get applications to integrate.That is when you hear terms such as RCS etc.

LIVELINK SETUP

  1. I configured otdsintegration to use webserver authentication.Meaning otdsintegration oscript module allows you a radio button to do web server authentication.I did not configure OTDS(RCS) as I do not have a domain and AD in my VM.
  2. I made the IIS VD for livelink IWA
  3. I checked whether I could login as my domain user in my case my user called ‘Administrator’ I verified what admin.testargs passed in to me
  4. I downloaded old directory services code and installed it luckily there was aversion for CS10.I had to because the otdsintegration module gets you web authentication but not web services authentication.
  5. I put my computer on IPv4 to first test it
  6. I made these changes to my opentext.ini
  7. [Security]
  8. #REM when you install directory services module you can get this ospace
  9. Authentication=NTLM
    #REM when IPV6 is installed the crazy looking things is a oscript bug and its defeat by me found thru builder
    CGIHosts=::ffff:127.0.0.1,fe80::2d54:a6cb:b5d2:b145%11 I think the code is looking for socket.pPeeraddress
  10. which is the address of the client in fact they should not do that but in IPv4 it is all OK
    #REM127.0.0.1 is added by livelink code but the computers IPv4 address
    #CGIHosts=
  11. the Web.Config changed for NTLM for the livelink webservices  application

CLIENT CODE C# SETUP

  1. App.Config reflected to the same NTLM auth as in Web.Config
  2. Added System.IO
  3. That is about it.

Client stack traces are almost impossible to understand unless you understood livelink code.Since I understood it and was able to understand what they were doing I am providing this.Your setup could vary I have no clue.

Link 1-Interested programmers could see my setup for CS10U6 here—

Link2-The C# solution containing a basic piece of code Kyle Swidrowich Created which I repurposed 🙂

Link3-Livelink Web.Config tthat you have to do for webservices

Link4-My experience when Livelink was 9.7.1wanted to write SSO code

Categories and Applying It explained

****************************************** ***START UPDATE 10/3/2016*****************

LAPI and its client installer has become very hard to find. Moreover clients written in LAPI  in say Java/.NET will only work if your Livelink a.k.a Content Server is of version less than CS16.Readers who are new to LL programming is encouraged to read this to the approach and not to the exact lines of the code.What I mean is when you used to program in LAPI you were basically passing parameters to discrete calls by modelling it based on the webgui of livelink .SOAP based webservices called CWS is also the same,so if you do not try to do the task in the webgui and try to understand the business rules you will almost have no success in CWS too. OT is notorious for not putting fully functioning use cases and a walk through,so whenever possible I write code assuming the user has not worked in Livelink for X number of years and try to educate you all. Livelink,Content Server,Enterprise Server all of this has been Livelink’s marketing brand name changes over the years.CS i sused in many of the integrations like AGA, XECM, RMLINK  and you know you are programming against livelink if you see a link that looks like this  http(s)://somefriendlyURL/livelink.exe|cs.exe|llisapi.dll|cs.dll|livelink.In many places SAP/ SP /Exchange will be configured to talk to Archive Server and then they will use Livelink to read into archive server and turn that into LL objects for better presentment/RM and other aspects. The AGA product is moving away from LAPI(not sure totally or not) to REST API in LL.

**********************************************END UPDATE****************************

Recently a friend started doing some stuff in lapi and got extremely confused. So I wrote this to alleviate the confusion and some common business rules people forget when they are programming in Livelink albeit oscript, lapi or web services.
Category-A template object of subtype 131 which again is a versioned object. If you find one and open up it with ascii editor like textpad you will see a lot of Livelink geek speak which we call assocs (asosh…)
Why does Livelink need it? So that people can create easy to understand metadata templates and search on them without resorting to developers or sql based reporting. It is so easy to create re-usable search templates in Livelink.
If I change the category definition from a version that is 8 and added a new field that is mandatory can I work it in
it really depends on your prowess. The minute the category was changed and the person submitted the change a new version of the category was added, all your objects that were “TAGGED” with that metadata template has become obsolete. This is when you see the “UPGRADABLE” icon. You can do it form the folder or form the category object. It will take some time. There are some best practice documents in the KB.
Common problem is if the container has the old category and if you or a program tries to add a new document with that category. Regardless of version you want to use Livelink is adamant it will want to use the new version. So you could run into 2 major problems, you cannot put that document unless you upgrade the category on the folder, or even after upgrading you are not supplying the mandatory value. Folders newly created will not want to insist on the mandatoriness although it is something you can change.
I have written lapi and oscript routines to handle all these situations.
Can you create a Category Subtype with lapi- sure but most of the time administrators do the category creation/updation etc, most of the time programmers are entrusted with the data part or “APPLYING THE NEW VERSION OF THE CATEGORY TO EXISTING OBJECTS”
I cut and pasted this from the code I put there
/*
HUGE DISCLAIMER
THIS DOCUMENT IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS “AS IS”
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANT ABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SAMPLE CODE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE. BY USING THIS CODE YOU AGREE TO THE ABOVE TERMS.
*/
/* Appu Nair 10/16/2012
* Tested on Visual C# express on 64 bit Windows 7 against a Livelink 9.7.1 VM
* My project has been downgraded to .NET2.0 and I copied lapi dlls form another place
* I also added vjslib wjhich i found that I had installed here C:\Windows\Microsoft.NET\Framework\v2.0.50727\vjslib.dll
* Written to illustrate the user who was on this https://knowledge.opentext.com/knowledge/cs.dll/open/30474852
User wants to create a document and add 2 categories to it
Starting user’s please understand this a category object is a subtype=131 object which is a versioned object in Livelink
So when you look at a category in your system Assume the definition now contains something like ths.So in Livelink if you look at this category
*asuume it has a defid(dataid,objid) of 123456 and is version 210.Yes they took 209 attempts to come up with this category
*THIS PROGRAM DOES NOT CREATE THE CATEGORY OBJECT I DID THAT USING THE LIVELINK GUI.THIS IS ABOUT APPLYING A METADATA TEMPLATE TO OBJECTS
*IN LIVELINK SO PEOPLE CAN SEARCH ON IT LATER.
* My SAPCategory
* Name TEXT 32 CHARS
* AGE NUMBER
* GENDER TEXTPOPUP VALIDVALS={‘Male’,’FEMALE’}
*
* Assume your manager has asked you to
* make the category with a new TEXT field called ‘SAPCOSTCENTER’ and asked to make it manadatory.You did that and magically the new category version is
* now at 123456 version 215.
* My SAPCategory
* Name TEXT 32 CHARS
* AGE NUMBER
* GENDER TEXTPOPUP VALIDVALS={‘Male’,’FEMALE’}
* SAPCOSTCENTER TEXT mandatory 32 CHARS
*
* Now let’s look at it on run time. Livelink could care less if defaults were used when it encounters mandatoriness
* on folders or containers. The behaviour can be altered but no sane company does it.But Livelink will cry foul when this happens either from
* the gui or a program.
* Assume folder id called 109876 has the category version applied 123456:210 that is not upgraded. You say in your program to add a document with category
* 123456.Livelink once a category has been upgrded will force you to use the most current version. In this case your attempt will fail because it does not want
* you to create a document here with 123456:215 applied to a folder that has 123456:210.Moral of the story is if a category was upgraded it is the
* Livelink administrations job to make sure to pass it down to where it is used. Going by the same token if the sapcostcenter was mandatory and you
* did not supply an initial value you cannot get it to stick on the object. So more programming and intelligence need to be applied in your design
* In this e.g I will have another category with this characters
* MY IXOSCategory
* ArchiveID TEXT 6 CHARS
* DOcID NUMBER 64 chars
*
*/

If anybody was interested in the code that I developed for my friend it is here
“GOOD LAPI SNIPPETS FREE FOR REGISTERED USERS”

and under the link that says “How to Add more than One Category to a Object with LAPI”

Agents Agents Everywhere

Agents standing for Scheduled agents are the most commonly misunderstood things in livelink .I have senior livlink people, friends,who think that the Admin Service is responsible for running schedulers.In any case since I started early in version 8.1.5 there was a 3rd service called ‘Change Agents’. I digress but here’s what I wanted to write.

If you see in your opentext.ini a line called loader=sockserv;agents;notify     these are insructions to the LLserver to run those as “threads” in the LL System.For almost all livelink history agents and notify are run in separate threads.Notify runs in the notify thread for the list it controls and agents in its list.

Main tables involved are LLNOTIFY,LLEVENTQUEUE,AGENTSCHEDULE

See official OT Links

https://knowledge.opentext.com/go/15080520

The above link was published by OT when I as a junior admin(2003/2004 period) tried to debug the extreme load on our system my senior colleague John Simon and Mark Simm were on email and phone and both were very good on oscript.I slowly learned oscript to kind of become good at it.Right now very few companies split notifications and the current OT code has bugs which I have reported.But it will affect companies who are doing split notifications as nobody usually does it.

https://knowledge.opentext.com/knowledge/cs.dll?func=ll&objId=3499001&objAction=ArticleView&viewType=1

I have a problematic agent.It is common knowledge or with a little bit of research one can figure out how agents are run.For the record here’s what it would take to make an agent id 0f 222378 I made that number up run in a LIVELINK server.

  1. Create module and write the agent code.Put 222378 as its id.Register the agent with the livelink tables either using SQL or a weblingo file.If everything goes well you can now run a query like this to find it select * from agentschedule where agentid=222378
  2. It is quite possible that in your opentext.ini it will put under this area something like this
  3. [scheduleactivity]
    1000=1
    222378=1 //this means run THIS agentid on THIS SERVER
  4. 222379=0 //this means run DO NOT RUN THIS agentid on THIS SERVER
  5. And this line should allow agent threads to run
  6. [loader] //this is the magic line for making a livelink server a agent/notify server
    #load=sockserv;javaserver;agents;notify;wfagent
    load=sockserv;javaserver;agents
    #load=sockserv;javaserver;agents;notify;notify_9001;notify_9201;notify_9999
    #load=sockserv;javaserver;agents;notify;notify_9001;notify_9999
    #load=sockserv;javaserver
    load_relagent=relagent //Notice there are so many ways to split agents
  7. In small livelink organizations the Admin server is used to run notifications,agents and wfagents that is the reason why everybody thinks admin service is responsible for something.It is not faintly connected to scheduling.Usually that is the only server that would have that line like this

load=sockserv;javaserver;agents;notify;wfagent                               most front end servers will say load=sockserv;javaserver;

This is needed because otherwise all the agents will start at the same time.You can avoid it by putting the agentid=0 in other servers.

Here’s what will happen at about 5 minutes since a livelinkserver is started not based on the computer clock,this agent thread starts up as agents101.out.The first thing it will do is run this oscript line $LLAgent.AgentController.New().Execute( .fPrgCtx, args.Agent_list, args.ExcludeAgent_list ) which means run one of those controller lines with this parameters.So to run it for debugging you can do something like

?func=agent.runagent&agent_list={‘222378’} so almost like saying hey livelink can you run the code in agentid 222378.

Here’s where I went wrong.say for e.g 222378 was not registered in the DB then this call translates to while I have very intention of running your agent I am not getting a hit for 222378 so the net effect is livelink will run all outstanding agents which you are trying not to do.Since agents are serial it will be sometime for the real interested agent to get that call.

To do manual running you usually do this

To test with builder…

DO NOT DO THIS IN A PRODUCTION SERVER THIS IS ONLY FOR DEVELOPERS WHO WANT TO RUN CODE

– In opentext.ini set/add the following:
[options]
RunWithoutLogin=TRUE

– In the browser type the following URL:
http://……./livelink.exe?func=agent.runagent
http://localhost/livelink/livelink.exe?func=agent.runagent&agent_list=’XXXX’

When this call hits livelink that thread finds out from the agentschedule table all agents who has the lastruntime in the past.Then it verifies who all are qualified (0 or 1 or no info is regarded as enabled agent ) to run then it prunes the excluded_agent_list and tries to run the agent_list

If one of those agents in the list do not come out clean as in a bug /exception/trace then it will error out and the nexttime is not updated.So it will start a vicious cycle that is when you see like why is my DirSvcs agent who is supposed to run once every day run every five minutes

This is a very common occurence of low agentid’s DirSvcs,OI etc who are in the 2000 range

To jQuery or Not to Jquery

(ODD results is SAP ,EVEN is CS)

Recently a poster facing problems with how xECM and Livelink manages content posed this question.He basically wants some results excluded when a search is performed.The correct implementation of this is by permissions.The poster wants to use appearances and cheap gimmicks like that .I also do not really know a lot of advanced html so when I hear people rave about jQuery and its infinite possibilities I am  usually thinking wow I could never understand those.Note any self respecting programmer will be able to trace the weblingo of my implementation to a file in the livelink directory  Here’s the question posed by the poster in KB RE How to restrict Function Menu in search result?

Now a fair amount of warning as advertisers put in Advertisements .Professional do not attempt this at a live livelink installation. You need to really use htmlmap, overrideutils or customizations_RT before attempting this.But here’s the  jist of what I am doing

For some context I am considering every odd row of my results to be coming from SAP and evens to be “showable with the function menu”. So if we look at the source of the document of the  searchresults in a 9.7.1 livelink I see this the ‘x5’ is the dead giveaway in this case.Since I mess with oScript all the time I can see that count going x1,x3,x5,x7 etc…..

<A HREF=”javascript:(0)” ONCLICK=”javascript:setSectionName(”);showFunctionMenu2(‘nextURL=%2Flivelink%2Fllisapi%2Edll%3Ffunc%3Dsrch%2ESearchCache%26cacheId%3D1125829432’, 5, event, ”, ‘?func=SearchResultsFunctionMenu&amp;hitID=5&amp;searchCacheID=1125829432&amp;version=0&amp;dataID=62740&amp;HH=false&amp;subtype=264’ );setSectionName(”);return false”><IMG SRC=”/img/actions.gif” ID=”x5″ BORDER=”0″ ALT=”Functions” ></A>

Now that we have done our research we need to see if we have JQuery in livelink. In short of time and doing this not for money and interest only in this I googled and downloaded

jquery-1.8.2.min.js and then I found this file called resultlist2.html. It is my livelink on a VM and I have a snapshot thing so I am doing in place editing(Tsk Tsk Do Not Ever Do It)

Now I put where OT has a js file .My oscript tells me that that is the webnode support directory

<SCRIPT TYPE=”text/javascript” SRC=”`webNodeImgPrefix`browsecorermenu.js” LANGUAGE=”javascript”></SCRIPT>
<SCRIPT TYPE=”text/javascript” SRC=”`webNodeImgPrefix`jquery-1.8.2.min.js” LANGUAGE=”javascript”></SCRIPT>

Now to see if everything works we need some tests

so from the web lots of excellent samples I put these together

<script>
$(document).ready(function(){
$(“p”).click(function(){
$(this).hide();
});
});
</script>

<script>
$(document).ready(function(){
$(“TR”).click(function()
{
$(“#x1”).hide();
$(“#x3”).hide();
$(“#x5”).hide();
$(“#x7”).hide();
}

);
});
</script>

<script>
$(document).ready(function(){
$(“a”).click(function(){
$(this).hide();
});
});
</script>

This is like a recipe in a cookery show.I must have spent close to 3 hrs twiddling with what I am doing.Note I would have been able to do this in oscript much faster but that was not my intention.I wanted to learn Jquery so that is why this looks weird if there are a some oscripters going  “that appu he is really going down the edge….”

Now when I restart my livelink and conduct a search all my ODD results don’t have any function menu.Here’s when the page loads first

Full Results

Now when I click that is I have a event that says when the <TR> area is clicked that is when my event fires

What remains maybe do it for real when it is called for remove the hard code and put a real counter,maybe make it work without the <TR> click event….

I am sure the poster gets some kind of header variable like MYSAPSSO2 in livelink so some keying off that and implementing the business rules could be thought off

This is great Long Live JQuery….