Turning The Optimism Up To 11

After last week’s great MWLUG conference (thank you Richard Moy, Lisa Duke & all the sponsors ) I realised how much I miss my community now there are fewer chances to meet in real life. I’m reminded it’s far too easy to think what’s the focus in my little personal bubble matches what everyone else is doing. My friends are not just my friends, they are the people who nudge me off track and kick my brain into thinking about new things it wants to learn and do.

The biggest gathering of all is always January in Orlando and although I had resigned myself earlier this year into saying goodbye for the last time (and literally did that) I realised I’m not ready to walk away whilst there’s still a strong community of people just as vocal and excited by technology (albeit very different technology) as when I first went in 1995. I saw it in Belgium in March, in Norway in May, in Atlanta last week and will see it again in London in a few weeks. So. Orlando.

I have no idea what the conference will be

I have no idea if my friends will be there

I have no idea if I’ll be speaking

But today I booked my flight, put a deposit on accommodation and sent in 4 abstracts which I’m excited about. I briefly went through the panic of “but how do I word this so IBM will pick it” before giving myself a slap to remember it’s not about what I’m meant to talk about, it’s about what I know, want to share and what I think people want to hear.

I may not be on stage – I don’t know if my subjects or even me are what are wanted this year – but I’ll be there, ready to hug my friends, share ideas, talk and laugh. I hope you will be too.

IBM Connections Mobile – Issues On Android

This is one of those posts that scare me – I’m fairly sure someone else must have seen and blogged this but since I can’t find anything I am writing this up.

I recently did a Connections 5 install for a customer, it was a clean install on clean hardware.  We did migrate the data but not the artifacts (the lc-export function) because we wanted to have clean XML and configuration files. Once installed the mobile application worked perfectly on iOS but on Android there were no applications listed when you logged into the mobile application.  Since the configuration for mobile isn’t OS specific (or isn’t documented as being so) I assumed the mobile-config.xml was correct as it worked for iOS.  So the customer went ahead an opened a PMR, the response from IBM was

“Your Connections engineer missed a step in migrating the mobile application”

Well that’s strange because this wasn’t a migration and if I look at the migration documentation in the IBM Knowledge Centre there’s no mention of any tasks related to mobile-config.xml.  A follow up IBM email said we had a missing “NavigationGroups” section so I check the mobile-config.xml.  The section is there but with no real entries in the default version

<NavigationGroup name=”Favorites”>
<NavigationGroup name=”Updates”>
<NavigationGroup name=”Applications”>

The only document on the knowledge base that has the words “NavigationGroups” in it is the one that talks about extensibility of the Mobile app – here.  So OK, I take the example from there and attempt to modify my mobile-config.xml but on checking it back in using MobileConfigService.checkInConfig it returns an invalid XML error.  Looking at the IBM example it seems their XML structure is wrong.  If you are going to have an ApplicationList node entry then it MUST come after the Expanded and HideNavGroup entries.

The IBM suggested content is below – this fails

The ApplicationList node entry before the Expanded node entry is invalid XML structure

The ApplicationList node entry before the Expanded node entry is invalid XML structure

The final correct format I used is

<NavigationGroup name =”Favorites”>
<NavigationGroup name = “Updates”>
<NavigationGroup name = “Applications”>

I am still awaiting more testing but it does seem from IBM’s response that the Android OS requires this section to be completed in a way that the iOS OS doesn’t.  It’s not part of the migration documentation though

All Change On IBM Connected Abstract Submission

A couple of weeks ago I blogged about the Connected Abstract submission process and the topics available to choose from

.. that was then.  This is now  All change.  Gone are the topics of

Digital Experience, Email, Meetings and Chat, Social Collaboration, Social Content

To be replaced by more familiar “topics” that look more like the tracks we are used to.  As I discovered when I went to submit the ones I had written in draft .. time for a bit of a rework.  You still have until September 4th to submit yours

Abstract Topics

Submitting Abstracts For Connect 2016 And Some Interesting Discoveries

Yesterday the IBM Connect 2016 site updated with the call for abstracts, so today I’m submitting sessions because I don’t know 100% what form the conference will take but I want to contribute as best I can to deliver the kind of event we all want to be at.  They may not pick my session (alright sessions – I’m submitting a few choices) but I have topics I’m excited about and that I think people want to learn about so I went to submit.

First thing’s first, as with last year you have to create a speaker profile before you start with your background and a small bio but what I really found interesting was the submission form. There are no mentions of any specific tracks so when you submit a session you only get to choose from “Technical Breakout” or “Business Strategy Breakout”.  What’s really exciting is the list of topics to choose from which I assume are alphabetical rather than importance order

Digital Experience
Meetings and Chat
Social Collaboration
Social Content

Look at that! Those topics may be broad but they are exactly the things I want to hear about (Email, Chat, Social Collaboration) and talk about.  In previous years we’ve had a lot of other topics listed that I would say fell outside the core interest of people that attended Lotusphere of old.  I’m not saying that’s bad but it’s certainly good news that this conference is embracing the topics and technologies we’re all working with today and not just those IBM hope we will be working with tomorrow.

The categories that your session can fall into are short and sweet as well – personally I”m excited to see sessions that fall under these headings


There are only a few weeks to submit as it closes on September 4th and I’ve heard noises about the short notice but I’m honestly not sure why.  It’s not a surprise to anyone that Connect is running in January, that was announced months ago. It’s not surprise content, we are all working with these technologies.  Submitting an abstract is simply a case of finding a topic that interests you, that you have a unique slant on and sending it in.  My plan as always – be enthusiastic, write a good abstract and hope for the best.

I’m not involved in any way with the content this year but I’ve seen enough abstracts over the years to offer some advice I think – YMMV but here is last year’s posting on how to write an abstract 🙂

Good luck and click here to get started..

Domino LDAP And A Failure To Authenticate

Bear with me and try not to shout at the screen “we all know that” – this blog is about the 10 hrs I lost yesterday troubleshooting a problem I distinctly remembering seeing before and realising, once I solved it, that last time it had also taken me hours and ended up being the same issue.  In my defence the last time I had this problem it was with Quickr so that’s a throwback and even if this blog isn’t news to you, it will hopefully be there for me in another 5 years…

I was using Domino as a LDAP source for Connections.  I don’t manage the Domino side of things for this customer so I had just asked them to add a secondary directory (in this case for External users) to Directory Assistance on their LDAP servers. I wanted the DA document set to be LDAP only rather than LDAP & Notes / Internet Authentication**. They did that and I tried to login from Connections to discover that I could login as a user in names.nsf but not as a user in the secondary directory. Time to look at the configuration.  Here’s what I did

1. Confirmed the DA document looked OK.  It actually wasn’t set to trust for credentials so I enabled that.
No luck.

2. Tried “sh xdir” to verify the directory was listed. It was, as Directory #4 out of 6.  Tried sh xdir reload to refresh Directory Assistance and then tried restarting the server
No luck but at least I knew DA was configured correctly

3. Turned on LDAPDebug=3 so I could see the debug information. At this point I could see the failing accounts (any in the secondary directory) were coming up with “authentication failure using internet password” in Domino and in the SystemOut.log of the WAS server that hosts the homepage application I saw references to PasswordFailedCheckException behind CWWIM4529E and SECJ0369E errors. Password failed? That made no sense at all.   One thing that was an issue was that the server I was working on was being probed every few seconds by a remote machine for availability on LDAP so with debug turned on the screen was filling up with thousands of lines of content making it difficult to see and track my own issues.  In retrospect if I’d asked for that to be disabled it would have saved me hours.

4. I then took a step back and installed Softerra’s LDAP Browser so I could test things outside of Connections.  I could bind using any credential in names.nsf but when trying to bind using a credential in the secondary directory I got “invalid credentials” and LDAP wouldn’t bind.

5. I then cut and paste a person document from the secondary directory to names.nsf to verify if the issue was the directory itself or the format of the person documents. I knew those documents worked fine on another server where they were in the names.nsf.  Turns out that if I moved them to names.nsf they worked fine.  I could bind with Softerra and I could login with Connections.


6. I go back and check the ACLs of both names.nsf and the secondary directory.  I may even have bumped up default to something stupidly high *cough*Editor*cough* for 30 seconds to rule that out.
No luck

7. I paste the person document back into names.nsf again and bind with Softerra. This time I try and search for a name I know is in both the names.nsf and secondary directory (not the same name, just the same lastname).  Interestingly I get access denied / unauthorised – it finds the two entries but doesn’t let me see the content of them.  The fact that it found the entries meant that it could search LDAP but it can’t display them?  Surely that’s ACL issues.  So back I go to check the -default- rights on both directories and even test effective access for the specific account i’m using.  Nothing.

Then I see it.  As I try searching and searching and trying to catch errors on the server logs amongst the mass of LDAP debug information.. I see
searching directory names.nsf for sn=davis
searching directory directories\custnames.nsf for sn=davis
search directory directories\morenames.nsf for sn=davis unauthorised, skipping
search directory directories\externalnames.nsf for sn=davis
search directory directories\suppliers.nsf for sn=davis

Right there – in the middle. A directory I don’t care about, that has two dummy documents in it but happens to be part of Directory Assistance.  I go look at yes – -Default- is set to No Access. I change that to “Reader” and ta-da! suddenly I can both bind and login.  Then I remember I had this exact problem before at another customer with many directories that I didn’t set up or configure and it took me forever to find because I simply don’t touch what I’m not meant to be managing. In this case a directory that’s nothing to do with me and isn’t being used by my application on a server I don’t manage.

So what happened? It appears that Domino LDAP will search multiple directories but once it comes across one it can’t access with those bind credentials it doesn’t skip over it.. it stops.  The “skipping” isn’t strictly true.  So when the credentials were in directories one or two they worked. in directories four or five they failed because it stopped at directory three.

My lessons are
1. Remove as much extraneous activity as you can or you won’t be able to debug quickly enough
2. Always check everything (or in my case ask permission to check everything) even if it looks unrelated and especially if you didn’t set it up yourself 🙂

You’re welcome Gab of the future….

**Added on this morning.  Using LDAP only for authentication doesn’t work because a Directory Assistance document set to LDAP only doesn’t actually work for anything but LDAP searching. Not for authentication at all.  Foolish me for trying to be logical.  Here’s what the pop up help says – and they’re right. I tested it :-)]