QP 7 Adm

Lotus QuickPlace

Version 7.0
for Windows, AIX, Solaris, and i5/OS
Administrator’s Guide
G210-1999-00
Lotus QuickPlace
®

Version 7.0
for Windows, AIX, Solaris, and i5/OS
Administrator’s Guide
G210-1999-00
Note
Before using this information and the product it supports, read the information in “Notices” on page 149.
First Edition (August 2005)

This edition applies to version 7.0 of IBM Lotus QuickPlace (product number L-GHUS-5Z7NQE) and to all
subsequent releases and modifications until otherwise indicated in new editions.
© Copyright International Business Machines Corporation 2005. All rights reserved.
US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract
with IBM Corp.
Contents
Chapter 1 Lotus QuickPlace Customizing the attributes displayed for users
Administration Overview . . . . . . . 1 and groups . . . . . . . . . . . . . 19
Administration overview . . . . . . . . . . 1 Customizing search filters . . . . . . . . 20
What’s new in Lotus QuickPlace 7.0 . . . . . . 1 Customizing the directory lookup interface . . . 23
New for administrators . . . . . . . . . . 1 Configuring non-standard distinguished names 24
New for users . . . . . . . . . . . . . 3 Specifying a search base for group searches. . . 26
New for developers . . . . . . . . . . . 5 Using nested groups . . . . . . . . . . 27
Tools for administering Lotus QuickPlace . . . . . 5 Customizing SSL connections . . . . . . . 27
QPTool commands . . . . . . . . . . . 5 Sample user directory settings for Sun Java
qpconfig.xml file . . . . . . . . . . . . 5 System Directory Server and IBM Directory
Server Settings in the administration place . . . 5 Server . . . . . . . . . . . . . . . 28
NOTES.INI file settings . . . . . . . . . . 6 Switching to a different directory . . . . . . 28
Creating and using the qpconfig.xml file . . . . 6 Supporting accented characters in user names (AIX
Starting Lotus QuickPlace . . . . . . . . . . 6 and Solaris) . . . . . . . . . . . . . . 29
To start Domino and Lotus QuickPlace (Windows) 7 Testing access to the LDAP directory server . . . 29
To start Domino and Lotus QuickPlace (AIX and Access to the Domino Directory through LDAP 29
Solaris) . . . . . . . . . . . . . . . 7 Disconnecting from a user directory . . . . . . 30
To start Domino and Lotus QuickPlace (i5/OS) . . 7 External group membership . . . . . . . . . 30
Stopping Lotus QuickPlace . . . . . . . . . 8 Group membership: security features . . . . . 30
To stop Domino and Lotus QuickPlace (Windows, Group membership: place membership . . . . 31
AIX, Solaris) . . . . . . . . . . . . . 8 Group membership: notifications . . . . . . 33
To stop Domino and Lotus QuickPlace (i5/OS) . . 8 Group membership: LDAP directory . . . . . 33
Signing in as a Lotus QuickPlace administrator . . . 9 Group membership: Sametime and offline use . . 34
Backing up Lotus QuickPlace . . . . . . . . . 9 Group membership: miscellaneous features . . . 34
Lotus QuickPlace for i5/OS and Backup, Special characters supported for user and group
Recovery, and Media Services for iSeries . . . . 9 names . . . . . . . . . . . . . . . . 35
Administration tasks specific to i5/OS . . . . . . 9
Determining Lotus QuickPlace server status on Chapter 3 Setting Up the Place Catalog 37
i5/OS . . . . . . . . . . . . . . . 10 The Place Catalog . . . . . . . . . . . . 37
Changing Lotus QuickPlace server properties on Setting up the Place Catalog . . . . . . . . . 37
i5/OS . . . . . . . . . . . . . . . 10 To set up a remote Place Catalog server shared
Changing Lotus QuickPlace language dictionaries by more than one server . . . . . . . . . 37
on i5/OS . . . . . . . . . . . . . . 10 To configure Place Catalog qpconfig.xml settings 38
Additional documentation . . . . . . . . . 11 To register existing places and servers with the
Additional resources for i5/OS . . . . . . . . 12 Place Catalog . . . . . . . . . . . . . 38
Place Catalog XML . . . . . . . . . . . . 39
Chapter 2 Connecting to a User How the Place Catalog works . . . . . . . . 41
How entries are updated . . . . . . . . . 41
Directory . . . . . . . . . . . . . . 13
Synchronizing Place Catalog data in a cluster . . 43
User directories . . . . . . . . . . . . . 13
Enabling DBCS members to use My Places . . . . 44
User directory configurations . . . . . . . . 13
Recovering if the Place Catalog server goes down 44
Domino management of user directory lookups 13
Lotus QuickPlace management of user directory
lookups. . . . . . . . . . . . . . . 14 Chapter 4 Managing PlaceTypes . . . . 47
LDAP configuration options . . . . . . . . . 14 PlaceTypes. . . . . . . . . . . . . . . 47
Preparing to connect to an LDAP directory . . . . 16 Creating a PlaceType . . . . . . . . . . . 47
Accessing LDAP directory servers from behind a To give users information about the PlaceType . 47
firewall on i5/OS . . . . . . . . . . . . 16 Editing the server’s PlaceType list . . . . . . . 48
Setting up Domino to manage user directory To hide or display PlaceType names in the list . . 48
lookups. . . . . . . . . . . . . . . . 16 Refreshing PlaceTypes and places . . . . . . . 49
Switching to managing user directory lookups Place membership . . . . . . . . . . . 49
through Domino . . . . . . . . . . . . . 17 Levels of refresh . . . . . . . . . . . . 50
Setting up Lotus QuickPlace to manage user How basic refresh affects the elements in places 50
directory lookups . . . . . . . . . . . . 18 How replace affects the elements in places . . . 51
Customizing Lotus QuickPlace management of user Controlling whether the QPTool refresh
directory lookups . . . . . . . . . . . . 19 command refreshes a place . . . . . . . . 53
© Copyright IBM Corp. 2005 iii

Refreshing a PlaceType from the PlaceTypes view Configuring browser caching for tighter security . . 81
in the administration place . . . . . . . . 53 Clearing Lotus QuickPlace files from the Internet
Signing a newly inherited scheduled PlaceBot in a Explorer cache . . . . . . . . . . . . 81
place . . . . . . . . . . . . . . . . 54 Preventing caching of Lotus QuickPlace pages on
Copying a PlaceType . . . . . . . . . . . 54 browsers . . . . . . . . . . . . . . 81
To add copied PlaceTypes to the PlaceType list 55
Deleting a PlaceType . . . . . . . . . . . 55 Chapter 7 Completing Additional
Server Configuration Tasks . . . . . . 83
Chapter 5 Administering Lotus Using the Server Settings - Other Options room in
QuickPlace Servers in a Cluster . . . . 57 the administration place . . . . . . . . . . 83
Lotus QuickPlace servers in a cluster . . . . . . 57 ActiveX controls . . . . . . . . . . . . 84
Planning capacity . . . . . . . . . . . 58 Setting up the Search Places feature . . . . . . 85
Types of clustering solutions . . . . . . . . 58 Configuring Search Places settings . . . . . . 87
Creating a cluster . . . . . . . . . . . . 59 Customizing the My Places feature . . . . . . 88
Adding a Lotus QuickPlace server to a cluster . . . 59 Opening places in a new browser window . . . 88
Adding a Lotus QuickPlace server after a long Using a custom application for My Places . . . 88
down time . . . . . . . . . . . . . . 60 Adding parameters to the My Places URL . . . 88
Configuring clustered servers for the Place Catalog 61 Customizing Web page caching . . . . . . . . 90
Place Catalog entries and clusters . . . . . . 62 Web page cache settings . . . . . . . . . 90
Removing a Lotus QuickPlace server from a cluster 63 To enable the cache . . . . . . . . . . . 90
To set the cache directory . . . . . . . . . 91
Chapter 6 Setting Up Security . . . . . 65 To set the cache size limit. . . . . . . . . 91
Lotus QuickPlace authentication . . . . . . . 65 To set the time interval for cache cleaning . . . 91
Single sign-on authentication . . . . . . . . 65 To set the cache for anonymous users only . . . 91
Creating or editing a Web SSO Configuration To enable logging for the server cache . . . . 91
document . . . . . . . . . . . . . . 66 Hiding the Sign In and Sign Out links . . . . . 91
Completing single sign-on setup . . . . . . 67 Enabling image caching in environments that don’t
Modifying user cache settings . . . . . . . . 68 use single sign-on . . . . . . . . . . . . 92
Specifying the number of user entries allowed in Disabling page compression . . . . . . . . . 92
the cache . . . . . . . . . . . . . . 69 Displaying CGI variables in Lotus QuickPlace
Specifying the length of time user entries remain HTML source pages . . . . . . . . . . . 92
in the cache . . . . . . . . . . . . . 69 Customizing user notifications settings . . . . . 92
Controlling access to the server . . . . . . . . 69 Using qpconfig.xml settings to configure
Specifying administrators of a Lotus QuickPlace notifications . . . . . . . . . . . . . 93
server . . . . . . . . . . . . . . . 69 Configuring where Lotus QuickPlace routes
Changing a local administrator password . . . 71 replies to e-mail from places . . . . . . . . 94
Specifying who can create places on a server . . 71 Specifying a footer that appears on all pages . . . 94
Specifying super user access to a Lotus Enabling and disabling the UTF-8 Domino server
QuickPlace server . . . . . . . . . . . 73 setting . . . . . . . . . . . . . . . . 95
Expanded membership . . . . . . . . . . 74 Tracking the number of active Lotus QuickPlace
Expanded membership groups . . . . . . . 74 users . . . . . . . . . . . . . . . . 95
Examples of expanded membership groups. . . 75 To set up logging of user access . . . . . . 95
Access control in places that use expanded To extract the names of Lotus QuickPlace users
membership . . . . . . . . . . . . . 76 from log files on AIX and Solaris . . . . . . 96
User interface differences in places that use Example of extracting names from one log file. . 96
expanded membership . . . . . . . . . 76 Example of extracting names from multiple log
Important points about expanded membership 76 files . . . . . . . . . . . . . . . . 96
Setting up expanded membership . . . . . . 77 Example of extracting names from log files on
Enabling expanded membership on the server . . 77 multiple servers . . . . . . . . . . . . 96
Configuring the name and password to use for To extract the names of Lotus QuickPlace users
connecting to the LDAP server that stores the from log files on Windows . . . . . . . . 97
expanded membership groups . . . . . . . 78 Example of extracting names from multiple log
Enabling expanded membership in places . . . 79 files on Windows . . . . . . . . . . . 98
Changing the directory server or base Example of extracting names from log files on
distinguished name used for the expanded multiple servers on Windows . . . . . . . 98
membership groups . . . . . . . . . . 79
Using expanded membership logging . . . . 80 Chapter 8 Using QPTool Commands . . 99
Blocking specific protocols referenced in link URLs 80 QPTool . . . . . . . . . . . . . . . . 99
Blocking HTML attachments that contain cross-site Running QPTool . . . . . . . . . . . . 99
scripts . . . . . . . . . . . . . . . . 81 Using the -i argument with QPTool commands 100
iv QuickPlace Administrator’s Guide

Using QPTool commands in a cluster . . . . 100 You cannot add new users with automatic
Adding external members to places . . . . . . 100 lookup if more than one match is found . . . 132
Changing user and group names in places . . . 102 Cannot add two users with the same
Changing the name hierarchy of names in places 104 distinguished name as members . . . . . . 132
Updating external member information in places 105 Cannot create a place that has the same name as
Managing expanded membership . . . . . . 107 a user in the user directory . . . . . . . . 132
Resetting local user passwords . . . . . . . 108 Places do not show changes to user information
Removing members from places . . . . . . . 109 made in user directory . . . . . . . . . 132
Sending newsletters to subscribers . . . . . . 110 ″OK with Anonymous access″ shows rather
Sending mail to managers and members of places 111 than ″OK with credentials″ when saving user
Sample template file . . . . . . . . . . 112 directory settings . . . . . . . . . . . 132
Registering and unregistering places and servers User directory set to localhost or 127.0.0.1
on the server . . . . . . . . . . . . . 112 causes server crash . . . . . . . . . . 133
Automating replica stub creation . . . . . . . 114 What’s New notification doesn’t work for users
Examples of using the replicamaker command 115 who access rooms through group membership . 133
To run replicamaker in verbose mode . . . . 116 Troubleshooting security problems . . . . . . 133
To ensure that new places and PlaceTypes are A second cn component in name is preventing
replicated quickly . . . . . . . . . . . 116 user authentication . . . . . . . . . . 133
Refreshing places and PlaceTypes . . . . . . . 116 A user can’t sign into a place after a
Locking and unlocking places on the server . . . 118 distinguished name change . . . . . . . . 133
Archiving places . . . . . . . . . . . . 119 User can’t sign in after name change in Domino
Restoring an archived place to an active server 119 Directory . . . . . . . . . . . . . . 134
Renaming places . . . . . . . . . . . . 120 In a third-party authentication environment,
Moving places to another server . . . . . . . 120 users with non-standard names are unable to
Moving a place from one Lotus QuickPlace 7.0 authenticate . . . . . . . . . . . . . 134
server to another . . . . . . . . . . . 120 In a third-party authentication environment,
Moving a place from a Lotus QuickPlace 6.5.1 users with multi-character delimiters in their
server to a Lotus QuickPlace 7.0 server . . . . 121 names are unable to authenticate . . . . . . 134
Removing places and PlaceTypes from the server 122 Users are rechallenged for credentials when
Reactivating a place mistakenly removed using publishing and lose their edits. . . . . . . 134
QPTool remove . . . . . . . . . . . . 123 If place member and super user have same
Completing the deletion of a place mistakenly name, the super user gets member access . . . 134
deleted through the file system . . . . . . 124 A user who is a member of a group is not
Updating statistics in the Place Catalog . . . . . 124 getting the expected access . . . . . . . . 134
Updating PlaceLastModified and PlaceSize Troubleshooting QPTool problems . . . . . . 135
statistics . . . . . . . . . . . . . . 124 Changehierarchy command adds entries to the
Synchronizing Place document statistics in a Place Catalog in situations when it shouldn’t . . 135
cluster . . . . . . . . . . . . . . . 124 Addmember command fails when you
Syntax for the placecatalog command . . . . 124 mistakenly use the -g argument to add an
Generating reports about places and servers . . . 125 individual user . . . . . . . . . . . . 135
Before using the report command . . . . . 126 Must unlock archived place before moving it
To use the report command . . . . . . . 126 back and registering . . . . . . . . . . 135
Examples of using the report command . . . 126 QPTool changemember appears to change a
Repairing places on the server . . . . . . . . 127 user to a group . . . . . . . . . . . . 135
Error: Entry not found in index or document QPTool report returns the error ″Database is not
has been deleted . . . . . . . . . . . 127 full-text indexed″ . . . . . . . . . . . 135
Deleting one of multiple images causes image Uppercase place names specified in XML input
corruption . . . . . . . . . . . . . 128 are converted to lowercase . . . . . . . . 136
To use the repair command . . . . . . . . 128 QPTool does not archive a place that already
Cleaning up dead mail . . . . . . . . . . 128 exists in the specified archive directory . . . . 136
Adding and removing graphic text fonts . . . . 128 Can’t use QPTool commands on a place whose
Executing an XML API file . . . . . . . . . 129 name begins with a hyphen . . . . . . . 136
QPTool changemember does not change the
Chapter 9 Troubleshooting . . . . . 131 name in existing page banners . . . . . . 136
Troubleshooting user directory problems . . . . 131 QPTool remove -cleanup after QPTool remove
Can’t add a name from the user directory . . . 131 -p placename not working . . . . . . . . 137
Names of external users and groups are missing Problem using nqptool commands on
or displayed as distinguished names . . . . 131 server/program command line . . . . . . 137
Mapping dn to display_name causes problems 131 Troubleshooting offline problems . . . . . . . 137
Using the type-in method to add users from an New rooms not installing to offline place during
external directory does not always work . . . 131 synchronization . . . . . . . . . . . 137
Contents v
Users are unable to sign in offline . . . . . 137 Offline users can’t send e-mail from a place . . 140
User installing offline using Sun ONE Portal Database authorization failures occur during
Server is prompted to reauthenticate . . . . 138 Domain Catalog indexing when server is set up
Users can’t install places offline in a Netegrity for Search Places and offline use . . . . . . 140
SiteMinder environment . . . . . . . . . 138 Troubleshooting Sametime problems. . . . . . 140
Users see ERROR 500 message when installing Users can’t schedule meetings from a place . . 141
offline . . . . . . . . . . . . . . . 138 Sametime is not working for local users . . . 141
A PlaceBot does not run offline . . . . . . 139 Online awareness not working for users whose
Offline users can’t edit their member profiles names contain accented characters . . . . . 141
when Sametime is enabled and the place name External users with flat names cannot join
begins with ″QuickPlace″ . . . . . . . . 139 online meetings that they publish . . . . . 141
Users with flat names can’t take places offline 139
Users who install offline to Windows 2000 client Appendix A Lotus QuickPlace
are prompted for Web Application password . . 139 notes.ini Settings. . . . . . . . . . 143
Offline not working for external users after
Web page cache settings . . . . . . . . . . 143
changemember or changehierarchy commands
Offline settings . . . . . . . . . . . . . 143
used . . . . . . . . . . . . . . . 139
Server logging settings . . . . . . . . . . 143
Offline is not working for a super user . . . . 139
Client logging settings . . . . . . . . . . 145
Offline users can’t use places and rooms
Attachment and file import logging . . . . . 146
accessed through group membership . . . . 139
Other settings . . . . . . . . . . . . . 146
Offline authors or readers see synchronization
errors . . . . . . . . . . . . . . . 139
Problem installing places offline on Windows 140 Notices . . . . . . . . . . . . . . 149
Cannot install places with the same name from Trademarks . . . . . . . . . . . . . . 150
two different servers . . . . . . . . . . 140
Users who do not fill in offline passwords Index . . . . . . . . . . . . . . . 151
cannot install places offline . . . . . . . . 140
vi QuickPlace Administrator’s Guide

Chapter 1 Lotus QuickPlace Administration Overview
This chapter describes the new features in IBM® Lotus® QuickPlace® 7.0, the tools
you use to administer Lotus QuickPlace, how to stop and start Lotus QuickPlace,
and where to find additional Lotus QuickPlace documentation.
Administration overview
Lotus QuickPlace is a self-service Web tool for team collaboration that you can use
to publish, share, and track all information relevant to a project. Teams can use
Lotus QuickPlace to store resources (such as files, discussions, and schedules)
related to a project in a common place where everyone can access the latest
information.
This guide is intended for Lotus QuickPlace administrators. It describes the

following Lotus QuickPlace administration tasks:
v Connecting to a user directory to simplify the registration and management of
members in places
v Setting up a Place Catalog, a central database that collects information about
places and Lotus QuickPlace servers
v Creating and managing PlaceTypes, places that are used as models for new
places
v Setting up security on the server
v Administering Lotus QuickPlace servers in a cluster
v Configuring a variety of server-wide settings using the administration
(quickplace) place or settings in a qpconfig.xml file
v Completing a variety of tasks using QPTool commands
Note: The e-mail notification features of Lotus QuickPlace rely on the mail routing
configuration of the local IBM® Lotus® Domino® server. For information on
configuring mail routing with Domino, see Domino Administrator Help. For
additional information on customizing Lotus QuickPlace e-mail notifications,
see the chapter ″Completing Additional Server Configuration Tasks.″
What’s new in Lotus QuickPlace 7.0

In Lotus QuickPlace 7.0 the product name reverts to Lotus QuickPlace from Lotus
Team Workplace, the name used in version 6.5.1. This guide uses the name Lotus
QuickPlace when referring to all versions, including version 6.5.1. See the
following topics for descriptions of new features for administrators, users, and
developers in Lotus QuickPlace 7.0.
New for administrators

The following features are new for administrators.
Domino management of user directory lookups

You can optionally set up the Domino server on which Lotus QuickPlace runs to
manage the lookups to a user directory. Using this optional user directory
configuration, you can take advantage of Domino user authentication and directory
© Copyright IBM Corp. 2005 1

features within Lotus QuickPlace, for example, X.509 certificate authentication,
multiple directories accessed through Domino directory assistance, and Internet
Site documents.
If you upgrade from an earlier version of Lotus QuickPlace, the upgrade process
preserves the existing external LDAP directory connection managed by Lotus
QuickPlace. If you want to switch to Domino management of user directory
lookups, you can make this change at any time.
CAUTION:
Once you have switched to Domino management of user directory lookups,
reverting back to the Lotus QuickPlace management of LDAP directory lookups
is not supported.
For more information on this new supported configuration, see the chapter
″Connecting to a User Directory.″
Improved error logging and debugging

Lotus QuickPlace 7.0 provides the following error logging and debugging
enhancements.
v The new server notes.ini file setting $h_Debug=1 enables the browser to display
detailed messages about JavaScript™ errors that occur on the client, rather than
the general Lotus QuickPlace message, ″Unable to process your request at this
time.″
v The new server notes.ini file setting $h_ClientDebugConsole=<level> displays a
console log on all clients that access the server. Use this setting on a temporary
basis to help IBM Support troubleshoot a client-side problem.
v The new server notes.ini file setting QuickPlaceHTTPInterfaceLogging=<level>
logs the interaction between Lotus QuickPlace and the Domino HTTP server
during the processing of a URL. This setting is useful primarily as a first step
toward isolating user authentication problems or problems related to the
interaction between Lotus QuickPlace and Domino.
v The new server notes.ini file setting h_ExceptionDetail=1 adds the source code
name and line number from which errors and warnings are generated to the
error and warning messages that the server sends to the browser. Use this
setting on a temporary basis to help IBM Support troubleshoot a problem.
v Additional messages have been added for a number of existing logging settings.
v Additional logging settings have been documented.
For more information, see the appendix ″Lotus QuickPlace notes.ini Settings.″
Encryption of offline databases

You can use the new encryption setting in the offline section of the qpconfig.xml
file to encrypt all places that are taken offline. Offline place encryption is similar to
IBM® Lotus® Notes® database encryption. If you do not use this setting to enable
encryption of all offline places, managers of places can enable encryption for
specific places.
For more information, see the Lotus QuickPlace Installation and Upgrade Guide.
Use of sign in passwords for offline databases

You can use the new use_login_passwords setting in the offline section of the
qpconfig.xml file to enable offline users to sign into offline places using the same
password they use to sign in to Lotus QuickPlace. If administrators do not enable
this setting, managers of places can enable the feature for specific places.
2 QuickPlace Administrator’s Guide

Improved My Places performance

The performance of the My Places feature has significantly improved. The My
Places filtering settings in the qpconfig.xml file introduced in version 3.0.1 to
improve performance are no longer needed and used in Lotus QuickPlace 7.0.
There is new column sorting capability in the My Places user interface that can
serve as a substitute for some of the filtering settings previously configured
through the qpconfig.xml file. The only My Places settings in the qpconfig.xml file
that remain are place_links, used to open places in a new browser window, and
place_ui, used to use a custom portal application for My Places. Some of the My
Places URL parameters continue to be supported.
For more information on configuring My Places, see the chapter ″Completing

additional server configuration tasks.″
Ability to define additional fonts for graphic text

You can use the new QPTool command addgraphicfont to make additional fonts
available for use in graphic text in pages, logos, and sidebar items. The command
can make any font that is already installed in the server’s operating system fonts
directory available for use in graphic text. You can make a font unavailable by
using the removegraphicfont command.
For more information, see the chapter ″Using QPTool Commands.″
Domino time zone support

Lotus QuickPlace 7.0 uses the underlying time zone configuration of the Domino
server on which it runs.
i5/OS documentation
The Lotus QuickPlace Administrator’s Guide, the Lotus QuickPlace Installation and
Upgrade Guide, the Lotus QuickPlace Developer’s Guide, and the Lotus QuickPlace
Release Notes now incorporate information for IBM® iSeries™ (i5/OS™). The
installing and managing guide and the Readme files specifically for iSeries no
longer exist for Lotus QuickPlace 7.0.
New product ID for i5/OS

The product ID on i5/OS for Lotus QuickPlace 7.0 is 5724J24. For version 6.5.1 it
was 5733LQP.
New for users

The following features are new for users. For more information on these features,
see the Help.
Domino time zone support

Users can set time zone preferences for places on a server using the same cookie
that Domino uses. Earlier versions of Lotus QuickPlace used a different cookie for
storing time zone information.
Access control changes

Earlier versions of Lotus QuickPlace supported manager, author, and reader access.
Lotus QuickPlace 7.0 supports, in addition, editor access. Like an author, an editor
can create, edit, and delete documents. Unlike an author, an editor can also edit
and delete documents created by others, unless the document author has restricted
Chapter 1 Lotus QuickPlace Administration Overview 3

access. Task pages are an exception; an editor may not edit a Task page unless the
editor is specifically granted access by the creator of the page when the page is
published.
Access control in Lotus QuickPlace has been changed in the following ways to be
more like Domino access control:
v Managers can edit and delete all documents in a place, even if access has been
restricted by the document author.
v Default and Anonymous users are now assigned distinct levels of access to a
place. Anonymous users -- users who are not members of a place through
individual or group membership and who access places without authenticating
-- are assigned the Anonymous level of access, instead of the Default level.
Authenticated non-members are assigned the Default access level. You specify
these two access levels by adding Anonymous and Default as place members.
Anonymous can have only reader access, whereas Default can have reader,
author or editor access.
Nested folders
In previous versions of Lotus QuickPlace, folders could contain only documents.
Now folders can contain other folders (subfolders). If you the new themes, you can
access these subfolders through the table of contents. If you use any of the themes
previously available in Lotus QuickPlace, you can access these subfolders through
the folder list.
New themes with expandable table of contents

Lotus QuickPlace includes new themes named ″Organized″ and ″Modern Plus″
that enable users to expand and collapse folders and subfolders in the Lotus
QuickPlace table of contents. These features help you to navigate the hierarchical
structure of folders and documents, as well as view a room’s organization.
Document types in folders

Each document listed in a folder displays an icon in the type column that
represents the document type.
Offline passwords
Users can now use their Lotus QuickPlace sign in passwords for offline places.
Users are no longer required to set or remember a password for each offline place
to which they belong.
Offline encryption
Offline Lotus QuickPlaces can be encrypted whenever an offline place is created or
synchronized. An administrator can set the encryption server-wide, while a place
manager can set the encryption for a specific place.
Improved My Places
In earlier versions of Lotus QuickPlace, when a user displayed the places of which
he or she was a member, the performance was poor if a user belonged to a large
number of places. In Lotus QuickPlace 7.0, the performance has improved. In
addition, a Last Update column has been added, and the places may be sorted by
any of the columns (size, title, last updated date, last modified date, name, or title).
Support for Safari on Mac OS-X

Lotus QuickPlace 7.0 now supports the Safari browser on Mac OS-X.
Support for Mozilla Firefox

Lotus QuickPlace now supports the Mozilla Firefox browser.

New for developers
The following features are new for developers:
v Additional customizable components are available for use in theme layouts.
v The HTML and JavaScript that the server provides to the browser is no longer
encoded, so it is more readable by Lotus QuickPlace developers.
Tools for administering Lotus QuickPlace

You use the following tools to configure and administer a Lotus QuickPlace server:
v QPTool commands
v qpconfig.xml file
v Server Settings in the administration place
v NOTES.INI file settings
In addition to these tools, you can use tools available in Domino, for example,
settings in the Domino Directory or directory assistance database.
QPTool commands
QPTool is a server task that you run with arguments to complete adminstration
tasks. You use QPTool commands to complete many administrative tasks, for
example, locking and unlocking places, changing user names, and registering
places.
qpconfig.xml file
You can specify many Lotus QuickPlace configuration settings by creating a file
called qpconfig.xml and using XML to specify the desired settings in the file. Lotus
QuickPlace comes with a sample template file called qpconfig_sample.xml, which
is installed in the server data directory. The file includes all of the settings you can
specify in the qpconfig.xml file, descriptions of the settings, the default values, and
sample values.
To customize a setting described in qpconfig_sample.xml, create a file called

qpconfig.xml. If you do not create a qpconfig.xml file, Lotus QuickPlace uses all
the default settings indicated in the file. For more information, see the topic
″Creating and using the qpconfig.xml file.″
Server Settings in the administration place

You specify some server settings in the Server Settings room in the administration
place. You use the Server Settings room to specify some server security settings, to
set up the server to connect to a user directory, and to specify other settings. To
use the Server Settings room:
1. Open a browser and enter the server’s host name appended by /QuickPlace.
For example:
http://servername.enterprise.com/QuickPlace
2. Click Sign In.
3. Enter a Lotus QuickPlace server administrator user name and password.
4. Click Server Settings in the table of contents.

NOTES.INI file settings
You use the notes.ini file on the server for some Lotus QuickPlace configuration
tasks. For example, you specify page cache settings and logging settings in the
notes.ini file. For descriptions of each notes.ini setting used by Lotus QuickPlace,
see the appendix ″Lotus QuickPlace notes.ini Settings.″
Creating and using the qpconfig.xml file

To create and use the qpconfig.xml file, perform the following steps:
Note: All Lotus QuickPlace servers in a cluster should use the same qpconfig.xml
settings.
1. Create a file called qpconfig.xml and save it as a text file in the data directory.
2. Open the qpconfig.xml file using a text file editor.
3. Open the qpconfig_sample.xml and copy the following lines to the
qpconfig.xml file.
<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>

<server_settings>
</server_settings>
4. Between the two server_settings statements, copy the sample section from the
qpconfig_sample.xml file that contains the settings you want to modify and
paste the section into the qpconfig.xml file. For example, to modify super_user
settings, copy the text noted in bold below from qpconfig_sample.xml to
qpconfig.xml:
<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>

<server_settings>
<super_user enabled="true">
<dn>cn=QuickPlace Admin,o=ibm</dn>
</super_user>
</server_settings>
Note: To change a child setting under a parent setting, make sure to copy the
parent setting, too.
5. Modify the values for copied settings as desired, for example, the distinguished
name of a super user, and then save the qpconfig.xml file.
6. Type the following command to restart the HTTP task so that Lotus QuickPlace
recognizes the changes:
restart task http
Starting Lotus QuickPlace

You start and stop Lotus QuickPlace by starting and stopping the Domino server
on which it is installed. To start Lotus QuickPlace, follow the procedure
appropriate for your operating system.

To start Domino and Lotus QuickPlace (Windows)
If Lotus QuickPlace runs on Microsoft® Windows®, start Domino and Lotus
QuickPlace as follows:
1. Choose Start - Programs - Lotus Applications - Lotus Domino Server.
To start Domino and Lotus QuickPlace (AIX and Solaris)

If Lotus QuickPlace runs on IBM® AIX® or Solaris, start Domino and Lotus
QuickPlace as follows:
1. Log in as the user specified during the Lotus QuickPlace installation.
2. Navigate to the Domino data directory.
3. Enter one of the following commands to start Domino and Lotus QuickPlace:
v To run the Domino server console in the background enter:
<Domino program directory>/bin/server &
v To run the Domino server console in the foreground enter:
<Domino program directory>/bin/server
For example, if you used the default Domino program directory and want to
run the server console in the background, enter:
/opt/ibm/lotus/bin/server &
To start Domino and Lotus QuickPlace (i5/OS)

If Lotus QuickPlace runs on IBM i5/OS, start Domino and Lotus QuickPlace as
follows. You must have *JOBCTL special authority to perform this task.
Tip: You can also perform this task using iSeries Navigator. For more information,
see Installing and Managing Domino 7 for i5/OS.
1. On any i5/OS command line, type the following command and press Enter:
wrkdomsvr
2. On the Work with Domino Servers display, type a 1 in the Opt column next to
the Lotus QuickPlace server you wish to start and press Enter.
3. If the server is password protected, type 8 next to the Lotus QuickPlace server
to work with the console, and press Enter.
4. Enter the password at the appropriate prompt.
5. Press F3 to exit the console.
Tip: You can also start a Lotus QuickPlace server by entering the following
command:
STRDOMSVR SERVER(servername)
where servername is the name of the Lotus QuickPlace server.
6. Periodically press F5 to refresh your screen and wait for the server status to be
*STARTED.
Note: Starting the Lotus QuickPlace server may take a few minutes. You can
verify that the HTTP task and the Lotus QuickPlace task have started by
displaying the console, which is option 5 from the Work with Domino
Servers display.
7. You can verify that the Lotus QuickPlace server has started by using a Web
browser to access the Lotus QuickPlace home page at the following URL:
http://DominoServerName:port/QuickPlace

where DominoServerName is the fully qualified host name of the Domino server
and port is the TCP/IP port number.
Note: Specifying a port number is only required if the port defined for Lotus
QuickPlace is not the default port 80.
Stopping Lotus QuickPlace

To stop Lotus QuickPlace, follow the appropriate procedure for your operating
system.
To stop Domino and Lotus QuickPlace (Windows, AIX, Solaris)

If Lotus QuickPlace runs on Windows, AIX, or Solaris, stop Lotus QuickPlace as
follows:
1. Enter either of the following commands at the Domino server console:
exit
or
quit
To stop Domino and Lotus QuickPlace (i5/OS)

If Lotus QuickPlace runs on i5/OS, stop Domino and Lotus QuickPlace as follows.
You must have *JOBCTL special authority to perform this task.
WRKDOMSVR
the Lotus QuickPlace server and press Enter.
Note: This will stop the server in a controlled state.

3. Press Enter to confirm your server selection.
Tip: You can also stop a Lotus QuickPlace server by entering the following
command:
ENDDOMSVR SERVER(servername)
where servername is the name of the Lotus QuickPlace server.
4. Periodically press F5 to refresh your screen and wait for the server status to be
*ENDED.
Note: Stopping the Lotus QuickPlace server may take a few minutes. You can
verify that all server jobs have ended by viewing the Work with Active
Jobs display, which is option 9 from the Work with Domino Servers
display.
5. From the Work with Domino Servers display, record the subsystem that is used
by the Lotus QuickPlace server.
6. On the command line, type the following command and press Enter:
WRKSBS
7. In the Opt column next to the subsystem you recorded in step 5, type a 4 and
press Enter to end the subsystem.
8. Press Enter to confirm your subsystem selection.

9. Press Enter again to return to the Work with Domino Servers display.
Signing in as a Lotus QuickPlace administrator

You must sign in as a Lotus QuickPlace administrator to change Server Settings in
the administration place (the quickplace place) on the server.
To sign in as an administrator:
For example:
2. Click Sign In.
3. Enter a Lotus QuickPlace administrator user name and password.
4. Click Server Settings.
For information on assigning administrators to a Lotus QuickPlace server, see the

chapter ″Setting Up Security.″
Backing up Lotus QuickPlace

You should regularly back up your Lotus QuickPlace data to prevent permanent
loss. In particular, back up the Lotus QuickPlace data directory, which contains
user data.
Use the backup and recovery commands and procedures for a Domino server to
back up your Lotus QuickPlace data. For more information, see Domino
Administrator Help.
Lotus QuickPlace also provides an archiving facility to make copies of places

elsewhere in the file system. For more information on the QPTool archive
capability, see the chapter ″Using QPTool Commands.″
Lotus QuickPlace for i5/OS and Backup, Recovery, and Media

Services for iSeries
Lotus QuickPlace for i5/OS supports the online backup capability provided with
Backup, Recovery, and Media Services for iSeries. Online backup means that Lotus
QuickPlace databases on your system can be saved while they are in use. This
support works with a tape device, an automated tape library device, save files, and
an ADSM server. Detailed procedures for Domino and Lotus QuickPlace are
available at http://www.ibm.com/eserver/iseries/service/brms/domino.htm.
Administration tasks specific to i5/OS

Lotus QuickPlace for i5/OS provides additional functions to help you administer
your Lotus QuickPlace environment. Using i5/OS commands, you can:
v Determine Lotus QuickPlace server status
v Change Lotus QuickPlace server properties
v Change Lotus QuickPlace language dictionaries
Note: You can also remove Lotus QuickPlace from a Domino server on i5/OS
using commands. For more information, see the Lotus QuickPlace Installation
and Upgrade Guide.

Determining Lotus QuickPlace server status on i5/OS
To determine the status of a QuickPlace server, follow these steps. You must have
*JOBCTL special authority to perform this task.
wrkdomsvr
2. The Work with Domino Servers display lists all the Domino servers configured
on your system. The Domino Status column indicates the status of the Lotus
QuickPlace server:
Status Meaning
*ENDED All server tasks have ended. The server is not active.
*ENDING The primary server tasks are ending.
*STARTED The server is running.
*STARTING The primary server tasks are starting.
*UNKNOWN The system cannot determine the status of the server.
Note: To confirm that all components have started, type a 5 in the Opt column to
display the Domino console. On the Display Domino Console display, look
for the message, ″QuickPlace Server started″ which indicates that all Lotus
QuickPlace components have started. You may need to press F5 periodically
to refresh the screen.
Changing Lotus QuickPlace server properties on i5/OS

After you create a Lotus QuickPlace server, you can change many of the properties
that you originally specified. To change the properties of a Lotus QuickPlace
server, follow these steps. You must have *JOBCTL special authority to perform
this task.
1. Stop the server that you want to modify.
wrkdomsvr
the server name and press Enter.
4. On the Change Domino Server display, make any necessary changes to the
values and press Enter.
5. Restart the Lotus QuickPlace server to make the changes take effect.
Changing Lotus QuickPlace language dictionaries on i5/OS

Lotus QuickPlace for i5/OS includes several language dictionaries that the spelling
checker can use. The language dictionary is contained in the file wpdic.dic. By
default, the wpdic.dic file contains the US/English dictionary, us.dic. You can
change the language dictionary that the spelling checker uses by making a backup
copy of the existing wpdic.dic file, for example wpdic.bak, and then renaming the
language dictionary file that you want to use to wpdic.dic. For example, after you
create a backup copy of wpdic.dic, rename German.dic to wpdic.dic.
To change the dictionary that the spelling checker program uses, follow these
steps. You must have *JOBCTL special authority to perform this task.

1. From an i5/OS command line, type the following command and press Enter:
wrklnk ’/qibm/proddata/lotus/QuickPlace/shared/*.dic’
2. Press Page Down until you see the object link called wpdic.dic is displayed.
3. Enter option 7 next to the wpdic.dic object link to rename the object.
4. In the New Object field, change the name of the object link to the following
and press Enter:
wpdic.bak
5. Select the language file that you want to use and enter option 7 to rename the
file.
6. In the New Object field change the name of the object link to the following and
press Enter:
wpdic.dic
Additional documentation
Refer to the following documentation in addition to this guide. This
documentation is available on the Web at http://www.lotus.com/ldd/doc. Under
″Documentation Links,″ click ″by product,″ and then click the appropriate product.
IBM Lotus QuickPlace Installation and Upgrade Guide -- Describes how to install
Lotus QuickPlace, how to set up a server so that users can take places offline using
Domino Off-Line Services, how to set up Lotus QuickPlace to work with IBM®
Lotus® Sametime®, and how to upgrade your existing servers.
IBM Lotus QuickPlace Developer’s Guide -- Describes the Lotus QuickPlace design
architecture, and describes how to create and customize place objects, how to
access the Java™ API using XML, how to automate tasks with PlaceBots, and how
to customize the look and layout of a place.
IBM Lotus QuickPlace Release Notes -- Describes system requirements, support for
backward compatibility with earlier versions, new features, workarounds for
known problems, and documentation updates for Lotus QuickPlace.
IBM Lotus Domino Administrator Help -- Describes how to install, configure, and
administer Lotus Domino.
IBM Lotus Notes, Domino, and Domino Designer Release Notes -- Describes software
requirements, new features and enhancements, troubleshooting tips, and
documentation updates for Lotus Notes, Domino Designer®, and Lotus Domino.
IBM Lotus Sametime Installation Guide -- Describes how to install Lotus Sametime on
each supported platform. You must install Lotus Sametime if you want to integrate
Lotus Sametime features with Lotus QuickPlace. For information on integration
Lotus Sametime with Lotus QuickPlace see the Lotus QuickPlace Installation and
Upgrade Guide.
In addition to the documentation listed above, the Help that comes with Lotus
QuickPlace describes end-user features. To access the Help, from any place, click
the Help button.

Additional resources for i5/OS
In addition to the resources listed in the topic ″Additional documentation,″ i5/OS
users may find the following helpful:
v The Lotus QuickPlace for i5/OS Web site at
http://www.ibm.com/eserver/iseries/quickplace
v The Lotus QuickPlace Web site at
http://www.lotus.com/products/qplace.nsf
v The IBM eServer iSeries Information Center has details about installing, setting
up, and using TCP/IP. It also includes an overview of Client Access Express and
iSeries Navigator. The IBM eServer iSeries Information Center is available on the
Web at
http://publib.boulder.ibm.com/pubs/html/as400/infocenter.html
v The Lotus book Installing and Managing Domino for i5/OS has details on setting
up and managing Domino servers. It includes instructions on how to verify that
TCP/IP is set up and running on your server. It also has a basic introduction to
i5/OS for new users. You can view or download this book and the latest release
notes from the Lotus developerWorks Documentation Library at
http://www.ibm.com/lotus/ldd/doc
You can find other Domino for i5/OS information on the IBM Domino for i5/OS
Web site at
http://www.ibm.com/eserver/iseries/domino
v If you plan to also use Lotus Sametime, review the Lotus Sametime for i5/OS
Web site at
http://www.ibm.com/eserver/iseries/sametime

Chapter 2 Connecting to a User Directory
This chapter describes how to connect Lotus QuickPlace to a user directory.
User directories
There are two types of place members: local members and external members. Local
members are registered in the membership database (Contacts1.nsf) of each place
of which they are a member. External members are registered in a user directory
on a server.
There are several advantages to using external members that are registered in a
user directory:
v Authentication information is managed in a central directory rather than in each
place.
v Place managers add members to places by selecting users and groups from the
directory, rather than typing information for each member.
v A user can be a member of many places and use the same user name and
password to access any of the places. Local members of many places might have
different user names and passwords in each place.
v Users can use single sign-on authentication to sign in to one place, and then
access other places they are members of without re-entering their user names
and passwords.
v If a member’s name or other information such as e-mail address changes in the
directory, you can use QPTool commands to automatically update places to
reflect the change. For example, if John Smith’s e-mail address changes in a user
directory, you can use the QPTool updatemember command to update his e-mail
address in all places.
v Lotus Sametime integration features are supported for external members only.
User directory configurations

Lotus QuickPlace provides two user directory options: Lotus QuickPlace
management of user directory lookups or Domino management of user directory
lookups. Both of these options allow the use of local place members in addition to
external place members.
Domino management of user directory lookups

If you set up Domino to manage user directory lookups:
v Lotus QuickPlace users can be authenticated by any authentication method that
is configured on the Domino server, for example X.509 certificate authentication.
v Lotus QuickPlace users can be located in the Domino server’s primary Domino
Directory (names.nsf). Or they can be located in in any secondary directory --
either a Domino Directory or a Lightweight Directory Access Protocol (LDAP)
directory -- to which the Domino server connects using directory assistance.
Lotus QuickPlace users do not have to be located in a single user directory.
v If users are located in a secondary directory that is an LDAP directory,
configuration of the lookups is done through directory assistance. Directory
assistance supports the use of LDAP referrals on the LDAP directory server.
v Domino Internet Site documents configured on the Domino server are used.

v The Lotus QuickPlace expanded membership feature is not supported.
v Integration of Lotus Sametime features with Lotus QuickPlace is not supported.
CAUTION:
Once you set up Domino management of user directory lookups, switching to
Lotus QuickPlace management of user directory lookups is not supported.
Lotus QuickPlace management of user directory lookups

If you set up Lotus QuickPlace to manage the user directory lookups:
v The user directory must be a Lightweight Directory Access Protocol (LDAP)
directory. To configure how Lotus QuickPlace performs the LDAP directory
lookups, you use the Server Settings - User Directory room in the administration
place and the user_directory portion of the qpconfig.xml file on the Lotus
QuickPlace server.
v User authentication methods are limited to Domino basic name-and-password
authentication, or multi-server session-based (single sign-on) authentication.
Other authentication methods used by Domino, for example X.509 certificate
authentication, are not supported.
v Lotus QuickPlace ignores Domino Internet Site Documents configured on the
Domino server.
v Lotus QuickPlace users and groups must be located in a single LDAP directory,
with the exception that the virtual groups used for the expanded membership
feature can be stored in a separate LDAP directory.
v Referrals to another LDAP directory are not supported.
v Lotus QuickPlace expanded membership feature is supported.
v Integration of Lotus Sametime features with Lotus QuickPlace is supported.
LDAP configuration options

LDAP is a protocol that provides a standard way to access and manage directory
information. A set of rules, known as a schema, defines how information is stored
in an LDAP directory. If Lotus QuickPlace manages user directory lookups, the
user directory must be an LDAP directory. If Domino manages user directory
lookups, the use of an LDAP directory is optional. The following table compares
the available LDAP directory configuration options for the two supported user
directory configurations.
LDAP configuration Available when Lotus Available when Domino manages

option QuickPlace manages lookups lookups
LDAP directory Yes (Server Settings - User Yes (Domino Directory and
server port Directory room) Directory Assistance document)
Secure Sockets Layer Yes (Server Settings - User Yes (Domino Directory and
(SSL) connections Directory room) Directory Assistance document)
SSL protocol to use Yes (in qpconfig.xml) Yes (Directory Assistance
document)
Whether expired SSL Yes (in qpconfig.xml) Yes (Directory Assistance
certificates accepted document)
Whether server Yes (in qpconfig.xml) Yes (Directory Assistance
certificate must document)
include host name

Different search Yes (in qpconfig.xml) Yes (Naming rules in Directory
bases for groups and Assistance document)
users
Control of attributes Yes (in qpconfig.xml) No
that display in Lotus
QuickPlace interface
Control of attributes Yes (in qpconfig.xml) No
that display in Lotus
QuickPlace directory
lookup interface
Seaches narrowed to Yes (Server Settings - User No
names that are part Directory room)
of place name
Distinguished names Yes (in qpconfig.xml) Yes (requires all-asterisk naming
that do not conform rule in Directory Assistance
to the Domino document)
naming convention
A notes.ini setting may be required
to convert distinguished names
between LDAP and Notes. For
more information, see the version 7
Lotus Notes, Domino, and Domino
Designer Release Notes on the Web
at http://www.lotus.com/ldd/doc.
Custom search filter Yes (in qpconfig.xml) Yes (Directory Assistance
for user document)
authentication
Custom search filter Yes (in qpconfig.xml) Yes (Directory Assistance
for group document)
authorization
Custom search filter Yes (in qpconfig.xml) No
for adding group
members to places
Custom search filter Yes (in qpconfig.xml) No
for adding user
members to places
Control whether Yes (in notes.ini) Yes (Directory Assistance
nested groups are document)
searched
Control levels of Yes (in notes.ini) No
nested group
searches
Search timeout Yes (Server Settings - User Yes (Directory Assistance
Directory) document)
Maximum entries No Yes (Directory Assistance
returned document)
Attribute to be used No Yes (Directory Assistance
as name in SSO document)
token
Control over alias No Yes (Directory Assistance
dereferencing document)
Chapter 2 Connecting to a User Directory 15

Support of directory No Yes (Directory Assistance
change detection document along with configuration
setting on LDAP directory server)
Preparing to connect to an LDAP directory

If you connect to an LDAP directory, you must provide the following information,
regardless of whether Lotus QuickPlace or Domino manages the user directory
lookups. If you are not sure which options are appropriate, consult the LDAP
directory server administrator. This list is not a comprehensive list of configuration
options.
v Port number. Most LDAP directory servers connect over port 389 for
non-encrypted connections or port 636 for Secure Sockets Layer (SSL) encrypted
connections.
v Search base. LDAP user directories can be divided into different sections as part
of a tree-like hierarchy. The search base determines where in the hierarchy
searches begin. You can specify separate search bases for users and groups.
v SSL connections. If SSL is configured on the Domino server and the LDAP
server, determine whether to initiate all requests to the LDAP directory server as
SSL encrypted requests and to use an X.509 certificate to verify the remote LDAP
directory server’s identity.
v User name and password. LDAP directory servers are often configured to
require a user name and password for connections. In this case, you specify a
name and password of an account in the directory to use.
Accessing LDAP directory servers from behind a firewall on i5/OS

If a Lotus QuickPlace server that runs on i5/OS is behind a firewall and you plan
to do user lookups in an LDAP directory that is outside the firewall, your system
administrator must configure Client Socks support using iSeries Navigator. For
details, see one of the following:
v OS/400 Sockets Programming, SC41-5422-03 or later, which is available from the
iSeries Online Library through the following Web site:
http://www.ibm.com/eserver/iseries/infocenter
v AS/400 Internet Security: IBM Firewall for AS/400, SG24-2162, which is available
from the IBM Redbooks Web site:
http://www.ibm.com/redbooks
Setting up Domino to manage user directory lookups

Perform the following steps to set up Domino to manage user directory lookups.
For additional information on switching from managing lookups through Lotus
QuickPlace to managing lookups through Domino, see the topic ″Switching to
managing user directory lookups through Domino.″
Note: When Domino manages user directory lookups, Lotus QuickPlace expanded
membership is not supported and Lotus Sametime integration with Lotus
QuickPlace is not supported.

CAUTION:
Place members added when Domino manages directory lookups are not
recognized if you switch to managing user directory lookups through Lotus
QuickPlace. Switching from managing lookups through Domino to managing
lookups through Lotus QuickPlace is not supported.
1. If Lotus QuickPlace users are located in a secondary directory rather than the
Domino server’s primary Domino Directory, set up directory assistance for the
directory. For instructions, see the section Directory Services - Directory
Assistance in the Contents view of Domino Administrator Help. Keep the
following points in mind:
v Create a Directory Assistance document for each directory that contains
Lotus QuickPlace users.
v To use groups from a directory as place members, specify ″Group
Authorization″ in the Directory Assistance document. Locate all such groups
in one directory because you can enable this option for one directory only.
v If the secondary directory is an LDAP directory and there are distinguished
names in the directory that don’t conform to the Domino naming convention,
use an all-asterisk naming rule in the Directory Assistance document. You
may also need to enable a notes.ini setting on the Domino server to convert
distinguished names between LDAP and Notes. For more information, see
the version 7 Lotus Notes, Domino, and Domino Designer Release Notes on the
Web at http://www.lotus.com/ldd/doc.
2. Set up client authentication on the Domino server, either certificate
authentication or name-and-password authentication. For information on
setting up multi-server session-based authentication (single sign-on), which is a
type of name-and-password authentication, see the chapter ″Setting up
Security.″ For information on setting up X.509 certificate authentication, see the
Security section in the Contents view of Domino Administrator Help.
3. Set up management of directory lookups through Domino:
a. Sign in to the Lotus QuickPlace server as a Lotus QuickPlace administrator.
b. Click Server Settings - User Directory.
c. Click Change Directory.
d. In the Type field click Domino Server.
e. Click one of the following options
To allow place managers to create local members, click ″Allow managers to
create new users in each place.″
To prevent place managers from creating local members and require them to
select members from a user directory, click ″Disallow new users.″
4. Click Next. Make sure to click Next, or your settings will not take effect.
Switching to managing user directory lookups through Domino

If you manage user directory lookups through Lotus QuickPlace, and you want to
manage lookups through Domino instead, perform the following steps:
CAUTION:
After you make this change, reverting to managing lookups through Lotus
QuickPlace is not supported.
1. Perform all of the steps described in the topic ″Setting up Domino to manage
user directory lookups.″ To use the same LDAP directory, set up directory
assistance for the LDAP directory.

2. Use the qptool changehierarchy command to change the format of external
users’ distinguished names in existing places to use the forward slash (/)
delimiter.
For example, to change the names of users and groups within the hierarchy
ou=boston,o=acme to the Domino counterpart hierarchy, ou=boston/o=acme in
place P1, use the following command:
load qptool changehierarchy -sourceh ou=boston,o=acme -targeth ou=boston/o=acme -p P1
Or to make the same change in all places, use the following command:
load qptool changehierarchy -sourceh ou=boston,o=acme -targeth ou=boston/o=acme -a
3. Restart the server by entering the following command at the server console:
restart server
Setting up Lotus QuickPlace to manage user directory lookups

Perform the steps below to set up Lotus QuickPlace to manage user directory
lookups:
Note: The distinguished names of users and groups should be unique. If there are
two identical distinguished names in the directory, only one of the names
can be added to a place as a member. If two distinguished names are
identical, add a middle initial or other distinguishing character to one of the
names to make each name unique.
1. Make sure the LDAP directory server is running.
For example:
3. Click Sign In.
6. Click User Directory.
7. Click Change Directory.
8. In the Type field, select ″LDAP Server.″
9. In the Name field, type the host name of the directory server. For example,
elvis.acme.com.
10. In the Port number field, type the port number that the LDAP server uses to
communicate with other servers. The default is 389.
11. (Optional) Check ″Check for SSL connection with LDAP user directory.″ If you
select this option and SSL is configured correctly on the Lotus QuickPlace
server and the LDAP server, the Lotus QuickPlace server will initiate all
requests to the LDAP user directory as SSL encrypted requests.
12. (Optional) In the Search base field type a distinguished name that represents
the location at which to begin searches, for example, o=acme,
ou=sales,o=acme, or dc=acme,dc=com.
By default the Search base you specify applies to both user and group
searches. However, you can use the qpconfig.xml file to specify a different
search base for group searches.
For more information, see the topic ″Specifying a search base for group
searches.″
13. (Optional) Click ″Narrow searches to the place name″ to confine searches
launched from a place to user directory names that include the name of that
place.

For example, with this option checked, if a user does a directory search from a
place called ″Sales Support,″ the search looks only for users who have ″Sales
Support″ in their user names.
14. (Optional) If a user name and password are required to access directory
information on the LDAP server, do the following:
a. Click ″Check to use credentials specified below when searching the
directory.″
b. Enter the user name, an LDAP distinguished name, for example
cn=admin,o=acme.
c. Enter the password.
15. (Optional) In the Authentication Timeout and Search Timeout fields, change
the maximum amount of time, in seconds, the Lotus QuickPlace server can
take to authenticate a user from the user directory or to perform a search. The
default value for both time-out settings is 120 seconds and is adequate in most
environments. If connections to the LDAP server are very slow, consider
increasing the time-out values. If connections are very fast, consider reducing
the values. If you leave the fields blank, the default settings are used.
Specifying 0, which allows the Lotus QuickPlace server to take an unlimited
amount of time for user authentication and searches, is not recommended.
Note: The LDAP server might also have time-out limits configured. In this
case, the effective time-out limits are whichever are lowest between the
Lotus QuickPlace server and the LDAP server.
16. Specify whether to allow place managers to add local members:
v To allow managers to register local members who are not listed in the user
directory, click ″Allow managers to create new users in each place.″
v To limit the members of places on the server to users who are listed in the
user directory, click ″Disallow new users.″
17. Click Next. Make sure to click Next, or your settings will not take effect.
Customizing Lotus QuickPlace management of user directory lookups

If Lotus QuickPlace manages the lookups to an LDAP directory, you may need to
perform the following steps to customize the lookups to accommodate your
particular LDAP directory configuration:
v Customize the attributes displayed for users and groups
v Customize search filters
v Customize the directory lookup interface
v Configure non-standard distinguished names
v Specify a search base for group searches
v Configure use of nested groups
v Customize SSL connections
v Switch to a different directory
Customizing the attributes displayed for users and groups

Users, groups, and all other objects in an LDAP directory are described by a
variety of attributes. For example, the value for a user’s first name is often stored
as the givenname attribute and the last name as the sn (surname) attribute. Not all
LDAP directories define attributes for users and groups in the same way. To
display accurate information in the Lotus QuickPlace user interface about users
and groups, such as names, phone numbers, and e-mail addresses when Lotus

QuickPlace manages lookups to the LDAP directory, you might need to change
some of the default attributes that Lotus QuickPlace assumes. For example, by
default the Lotus QuickPlace server assumes an LDAP server uses the sn attribute
to define a user’s last name. However, if the LDAP server uses the lastname
attribute instead, you must change the qpconfig.xml file so Lotus QuickPlace
knows the correct attribute to display for the last name.
To configure which attributes the Lotus QuickPlace server retrieves from the LDAP
directory to display information about users and groups, use the following
qpconfig.xml settings. When you are done making changes to the qpconfig.xml file,
save the file and then restart the HTTP task. The values in bold are ones that you
customize. The LDAP directory server must give the Lotus QuickPlace server
access to the attributes you specify. For information on testing access to attributes,
see the topic ″Access to the LDAP directory server″ later in this chapter.
For information on creating and specifying settings in the qpconfig.xml file, see the
chapter ″Lotus QuickPlace Administration Overview.″
<server_settings>
<user_directory>
<ldap>
<schema>
<object_class>objectClass</object_class>
<user>
<object_class_value>person</object_class_value>
<common_name>cn</common_name>
<display_name>cn</display_name>
<first_name>givenname</first_name>
<last_name>sn</last_name>
<email>mail</email>
<phone>telephone</phone>
</user>
<group>
<object_class_value>groupOfNames</object_class_value>
<common_name>cn</common_name>
<display_name>cn</display_name>
<member>member</member>
</group>
</schema>
</ldap>
</user_directory>
</server_settings>
Note: Information about a member of a place added before a change in the

schema mapping reflects the old mapping. To update the member
information to reflect the new mapping, use the QPTool updatemember
command, or edit the member’s Member Profile in the place.
Note: Mapping dn to the display name is not supported.
Customizing search filters

If Lotus QuickPlace manages lookups to the LDAP directory, you can use the
qpconfig.xml file to customize the LDAP search filters that Lotus QuickPlace uses
to:
v Search for external user names when authenticating users
v Search for external user names to include in places
v Search for external groups to include in places
v Search for the external groups of which an authenticated external user is a
member

To configure search filters, add the following section from the qpconfig_sample.xml
file to the qpconfig.xml file and then customize the settings. You must create
qpconfig.xml, if you haven’t already done so. When you are done editing the file,
save it and then restart the HTTP task.
For more information on creating and using the qpconfig.xml file, see the chapter
″Lotus QuickPlace Administration Overview.″
<server_settings>
<user_directory>
<ldap>
<search_filters>
<authentication>
<![CDATA[(I(cn={0})(uid={0})(shortname={0}))]]>
</authentication>
<user_lookup>
<![CDATA[(&(objectclass=person)(sn={0})(givenname={1}))]]>
</user_lookup>
<group_lookup>
<![CDATA [(&(objectclass=groupOfNames)(cn={0}))]]>
</group_lookup>
<group_membership>
<![CDATA [(&(objectclass=groupOfNames)(member={0}))]]>
</group_membership>
</search_filters>
</ldap>
</user_directory>
</server_settings>
For more information about LDAP search filters, see Domino Administrator Help.
Customizing the search filter to use for authentication

When Lotus QuickPlace cannot find the user name entered at login in the
Contacts1.nsf database, it searches the LDAP user directory to get a distinguished
name for login. Lotus QuickPlace issues the authentication filter shown in bold,
which returns all matches for cn=username, uid=username and
shortname=username.
<authentication><![CDATA[(I(cn={0})(uid={0})(shortname={0}))]]></authentication>
For the matches that result from the search, each distinguished name and
password is passed to the user directory for verification. The first successful
verification sets the current user to that distinguished name.
Edit this line to customize the search filter used for authentication. For example, to
look for the name specified by the user first as a cn attribute value or a mail
attribute value, change the line as follows:
<authentication><![CDATA[(| (cn={0})(mail={0}))] ]></authentication>
Note that the zero (0) indicates that Lotus QuickPlace accepts only one name as
input for authentication. You cannot specify a different value to accept more than
one name for input.
Customizing the search filter used to find users to add to places

The following information in bold shows the default search filter Lotus QuickPlace
uses when place managers search for external user names to add to places:
<user_lookup><![CDATA[(&(objectclass=person)(sn={0})(givenname={1}))]]></user_lookup>
This filter indicates that when a user searches for the name of an external user,
Lotus QuickPlace searches for the objectclass attribute value, person. It also
indicates that it accepts two, comma-separated values from a user who is searching

the directory for an external user. It searches for the first value specified as the
value for the sn attribute, and the second value specified as the value for the
givenname attribute. Edit this line to customize this search filter. For example, to
search for the second specified name as a value for the mail attribute rather than
the givename attribute, change the line as follows:
<![CDATA[(&(objectclass=person)(sn={0})(mail={1}))]]>
If you customize the user search filter, you should also customize the hint the
interface provides for searching and possibly other directory lookup user interface
settings.
For more information, see the topic ″Customizing the directory lookup user
interface″ later in this chapter.
Note that zero (0) and one (1) indicate the first and second, comma-separated input
values, respectively. Lotus QuickPlace does not accept more than two input values
from a user when searching for names to add to places.
Note: When a user adds an external user name to a place, the user can type the
name in the text area directly without clicking the Directory button and
searching for the name. To find the specified name in this case, the user
must specify a unique name in the directory. This unique name can be the
distinguished name or another form of the name, for example, Smith or
Smith, J. If the distinguished name is not specified, then the user lookup
search filter described above is used to search for the name.
Customizing the search filter used to find group names to add to

places
The following information in bold shows the default search filter a Lotus
QuickPlace server uses when users search for external group names to add to
places:
<group_lookup><![CDATA [(&(objectclass=groupOfNames)(cn={0}))]]></group_lookup>
This filter indicates that when a user searches for an external group, the Lotus
QuickPlace server searches for the objectclass attribute value groupOfNames. It also
indicates that the Lotus QuickPlace server accepts one name as input from a user
and that it searches for the group name as the cn attribute value. Edit this line to
customize the search filter. For example, to search for the objectclass value
groupOfUniqueNames and search for the grouptitle attribute, change the line as
follows:
<group_lookup><![CDATA [(&(objectclass=groupOfUniqueNames)(grouptitle={0}))]]></group_lookup>
The zero (0) indicates that Lotus QuickPlace accepts only one name as input for a
group name. You cannot specify another value and accept more than one group
name for input.
Customizing the search filter used to search for members of

groups
After a Lotus QuickPlace server authenticates an external user, the Lotus
QuickPlace server searches for all the external groups of which the user is a
member. Then the Lotus QuickPlace server can determine the access the user has
to places through group membership. The following information in bold shows the
default search filter a Lotus QuickPlace server uses to search for the external
groups of which an authenticated user is a member:
<group_membership><![CDATA[(&(objectclass=groupOfNames)(member={0}))]]></group_membership>

This filter indicates that the Lotus QuickPlace server searches the user directory for
the objectclass attribute value groupofNames and the member attribute value. Edit
this line to customize the search filter. For example, to search for the objectclass
attribute value groupOfUniqueNames and the uniquemember attribute value, change
the line as follows:
<group_membership><![CDATA[(&(objectclass=groupOfUniqueNames)(uniquemember={0}))]]></group_members
The zero (0) indicates that Lotus QuickPlace accepts only one name as input for
the group members. You cannot configure Lotus QuickPlace to accept more than
one.
How the Exact Match search option affects search filters

When a user searches for an external user or group to add to a place, whether or
not the user selects the Exact Match search option has an effect on the search filters
that the Lotus QuickPlace server uses. For example, assume the Lotus QuickPlace
server is configured to use the following search filter when users search for
external users:
<user_lookup><![CDATA[(&(objectclass=person)(sn={0})(mail={1}))]]></user_lookup>
The following table describes the search filter that Lotus QuickPlace uses when a
user searches for one value and for two comma-separated values, depending on
the Exact Match setting.
Search filter used when

user searches for:
Exact Match Search filter used when users searches for:
setting smi smi, @acme
Selected sn=smi sn=smi
mail=* mail=@acme
Not selected sn=smi* sn=smi*
mail=* mail=@acme*
Customizing the directory lookup interface

If Lotus QuickPlace manages lookups to the LDAP directory, use the qpconfig.xml
file to customize the user interface that users see when looking up users in the
directory to add as place members. You can customize the search hint and also
customize how the user interface displays the results of user searches. Add the
following section from the qpconfig_sample.xml file to the qpconfig.xml file and
then customize the values in bold. When you are done editing the file, save it and
then restart the HTTP task.
These settings apply only when you connect to an LDAP directory through Lotus
QuickPlace.
<server_settings>
<user_directory>
<ldap>
<member_lookup_ui>
<column_name>
<person>sn, givenname</person>
</column_name>
<column_disambiguate>
<person>dn</person>
</column_disambiguate>
</member_lookup_ui>
<search_ui_hint>

<![CDATA[( enter <B>last name, first name</B>)]]> </search_ui_hint>
<search_ui_index>sn</search_ui_index>
</ldap>
</user_directory>
</server_settings>
Note: These customizations apply only to user lookups and not to group lookups.
Customizing the hint provided for user searches

To help users search for users in the directory, the search interface provides a hint
indicating how to do the search. By default the hint is ″enter last name, first
name.″ If you have customized the search filter Lotus QuickPlace uses when users
search for external user names to add to a place, customize the search hint too, so
users can search successfully.
For example, if you specify the following in the <search filters> section of
qpconfig.xml:
<user_lookup><![CDATA[(&(objectclass=person)(sn={0})(mail={1}))]]></user_lookup>
you might then specify the following for in the <search_ui_hint> section:
<![CDATA[( enter <B>last name, email</B>)]]>
Note: You can specify a maximum of 250 characters.
Customizing what the user interface shows as the result of user

searches
By default, when a user searches a directory for external users, for the results
Lotus QuickPlace displays values for the sn and givename attributes in the first
column, and the distinguished names in the second column. To display different
attribute values, change the member_lookup_ui section in qpconfig.xml. To change
the attributes in the first column, modify the column_name section. To change the
attributes in the second column, modify the column_disambiguate section.
For example, to display the sn and mail attribute values in the first column, specify:
<person>sn, mail</person>
Any attributes you specify should be valid ones defined in the schema map.
For more information, see the topic ″Mapping to the Lotus QuickPlace schema″
earlier in this chapter.
You can also use the <search_ui_index> section to customize the attribute value
that shows in the range field in the results box. By default the value for the sn
attribute shows in the range.
Configuring non-standard distinguished names

The dn_delimiter, dn_incoming_is_native, and secondary_cn_component settings,
which you specify in the user_directory - ldap - schema section of the qpconfig.xml
file, are useful for resolving user authentication problems that specific
distinguished name formats can cause. These settings apply only when Lotus
QuickPlace manages the LDAP directory lookups. For information on creating and
specifying settings in the qpconfig.xml file, see the chapter ″Lotus QuickPlace
Administration Overview.″

dn_delimiter setting
By default, when Lotus QuickPlace adds an external user name as a member of a
place, if the name contains a multi-character delimiter that includes a comma or
semicolon, it replaces the comma or semicolon with a forward slash (/) and retains
the additional delimiter character(s) in the name. The forward slash is used for
compatibility with Domino name syntax. When some third-party authentication
applications, such as Netegrity SiteMinder, pass these names to Lotus QuickPlace,
they replace the entire multi-character delimiter with a forward slash (/). This
naming inconsistency between the two applications causes authentication failures.
For example, if the name in a user directory is cn=john doe, ou=sales, o=acme
(comma space delimiter), the name becomes cn=john doe/ ou=sales/ o=acme in a
place (slash space delimiter), but Netegrity SiteMinder passes the name cn=john
doe/ou=sales/o=acme to Lotus QuickPlace (slash delimiter).
If you use a third-party authentication application and experience authentication

failures due to this inconsistency in the handling of multi-character delimiters
containing commas or semicolons, use the dn_delimiter setting in qpconfig.xml to
specify that Lotus QuickPlace replace the entire multi-character delimiter with a
forward slash, to be consistent with the authentication application. If the names of
all the users in the directory use the same multi-character delimiter, specify that
delimiter, terminated by the @ symbol. For example, if all names in the user
directory contain the delimiter , (comma space) specify the following:
<server_settings>
<user_directory>
<ldap>
<schema>
<dn_delimiter>, @</dn_delimiter>
</schema>
</ldap>
</user_directory>
</server_settings>
If names in the directory do not use the same delimiter, use the following
dn_delimiter setting instead to enable Lotus QuickPlace to replace any single- or
multi-delimiter character with a forward slash, if the delimiter conforms to LDAP
RFC 3377.
<server_settings>
<user_directory>
<ldap>
<schema>
<dn_delimiter robust_compare="true"/>
</schema>
</ldap>
</user_directory>
</server_settings>
robust_compare and the My Places feature

When a user accesses My Places from a server’s main place
(http://servername/QuickPlace/quickplace), Lotus QuickPlace has access to only
the user’s Domino-formatted name that the authentication application passes to it.
However My Places requires the LDAP version of a user’s name to use the Place
Catalog to build a list of the user’s places.
In an environment with multi-character delimiters, Lotus QuickPlace uses the

dn_delimiter setting to convert the Domino formatted name it receives from the
authentication application to the LDAP formatted name used in the Place Catalog.
If robust_compare is used with the dn_delimiter setting, Lotus QuickPlace

generates LDAP-formatted names that use single-comma (,) delimiters, regardless
of the actual delimiter used in the names in the directory. Adding a new user as
member of a place after you enable the robust_compare setting automatically
creates the user’s LDAP name in the Place Catalog with the single-comma
delimiter. However, if the Place Catalog contains names of members created prior
to use of robust_compare that do not use single-comma delimiters, you must
change these delimiters to the single-comma delimiter. This is a one-time only
change, which you can do using a Lotus Notes® agent.
dn_incoming_is_native setting
When a third-party authentication application such as Netegrity SiteMinder finds a
distinguished name that contains components other than the cn, ou, and o
components familiar to Domino, it sends the name to Lotus QuickPlace without
adding the Domino-style forward slash delimiters. For example, if Netegrity
SiteMinder finds the name uid=sblake,o=acme in the directory, it passes that name
to Lotus QuickPlace rather than uid=sblake/o=acme. Because Lotus QuickPlace
uses the forward slash delimiters in the names in places, the naming inconsistency
causes authentication failures. This problem is indicated if there are authentication
failures and the Netegrity (or other application ) log shows that the names pulled
from the directory are in the same format as the ones sent to Lotus QuickPlace.
To correct the problem, use the following setting to indicate that Lotus QuickPlace
should convert ″native″ names to the Domino format:
<server_settings>
<user_directory>
<ldap>
<schema>
<dn_incoming_is_native enabled="true"/>
</schema>
</ldap>
</user_directory>
</server_settings>
secondary_cn_component setting
When the second component of a distinguished user name in a user directory is
cn, Lotus QuickPlace converts the component to ou by default. For example, if the
distinguished name of a user in an external directory is
uid=abrown,cn=users,dc=acme,dc=com, Lotus QuickPlace uses this name instead:
uid=abrown,ou=users,dc=acme,dc=com (and the Domino-formatted version,
uid=abrown/ou=users/dc=acme/dc=com). If you experience authentication
failures because of this behavior, correct the problem by specifying the following
setting to retain second cn components found in names:
<server_settings>
<user_directory>
<ldap>
<schema>
<secondary_cn_component enabled="true"/>
</schema>
</ldap>
</user_directory>
</server_settings>
Note: The secondary_cn_component setting is useful regardless if you use a

third-party authentication application.
Specifying a search base for group searches

If Lotus QuickPlace manages lookups to the LDAP directory, by default, the search
base you specify when you connect to an LDAP directory server is used for both

user and group searches. You can use the qpconfig.xml file to specify a search base
specifically for group searches. For example, if the names of the groups you want
to search are under ou=groups,o=acme in the directory name hierarchy, you could
specify ou=groups,o=acme as the search base for groups. Then, the search base
specified when you set up the connection to the user directory applies only to
searches of users.
To specify a search base for group searches, use the following setting in
qpconfig.xml, substituting the search base value in bold for the search base
desired. Restart the HTTP task when you are done making changes.
<server_settings>
<user_directory>
<ldap>
<base_dn>
<group>ou=groups,o=acme</group>
</base_dn>
</ldap>
</user_directory>
</server_settings>
Using nested groups

If Lotus QuickPlace manages lookups to the LDAP directory and the directory has
nested groups -- groups within groups -- that contain Lotus QuickPlace users, use
the following NOTES.INI setting on the Lotus QuickPlace server to allow searches
of the nested groups:
1. QuickPlaceNestedGroupLimit=value
where value represents the number of levels of groups the server can search. By
default the level is 1, meaning that the server doesn’t search nested groups.
2. Enter the following command at the server console to restart the server so the
change takes effect:
restart server
Customizing SSL connections

If Lotus QuickPlace manages lookups to the LDAP directory and you selected the
option ″Check for SSL connection with LDAP user directory,″ optionally use the
following settings in the user directory section of the qpconfig.xml file to
customize the Secure Sockets Layer (SSL) connection. The values in bold are
sample values that you can customize to suit your needs, as described in the
following table. Restart the HTTP task after making changes to the qpconfig.xml
file.
<server_settings>
<user_directory>
<ldap>
<ssl protocol="3" accept_expired_certs="true" verify_servername="true"/>
</ldap>
</user_directory>
</server_settings>

Attribute Description
protocol=″number″ Type one of the following numbers to specify the
SSL protocol used for the connection to the LDAP
server:
0 - Negotiated (default)
1- LDAP V2.0 only
2 - LDAP V3.0 handshake
3 - LDAP V3.0 only
4 - LDAP V3.0 with V2.0 handshake

accept_expired_certs=″value″ Type ″false″ to prevent Lotus QuickPlace from
accepting a certificate from the LDAP server if the
certificate has expired. Type ″true″ (the default) to
accept a certificate that has expired.
verify_servername=″value″ Type ″false″ to prevent Lotus QuickPlace from
verifying whether the LDAP server host name
matches the host name in the SSL certificate. Type
″true″ (the default) to require that the host name
matches the host name in the certificate.
Sample user directory settings for Sun Java System Directory

Server and IBM Directory Server
The following qpconfig.xml customizations are examples of ones to use if you use
Sun Java System Directory Server or IBM Directory Server and Lotus QuickPlace
manages lookups to the LDAP directory. However, because each directory can have
a custom configuration, it is important to verify these with the LDAP directory
administrator. The default values are assumed for omitted settings.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<server_settings>
<user_directory>
<ldap>
<schema>
<group>
<object_class_value>groupOfUniqueNames</object_class_value>
<member>uniquemember</member>
</group>
</schema>
<search_filters>
<group_lookup><![CDATA[(&(objectclass=groupOfUniqueNames)(cn={0}))]]>
</group_lookup>
<group_membership>
<![CDATA[(&(objectclass=groupOfUniqueNames)(uniquemember={0}))]]>
</group_membership>
</search_filters>
</ldap>
</user_directory>
</server_settings>
Switching to a different directory

If Lotus QuickPlace manages lookups to the LDAP directory, perform the following
steps if you want to change the LDAP directory that Lotus QuickPlace uses.
Note: To change to managing directory lookups through Domino, instead see the
topic ″Switching to managing user directory lookups through Domino.″

1. Perform the steps in the topic ″Setting up Lotus QuickPlace to manage user
directory lookups″ earlier in the chapter.
2. If there are distinguished names in the new directory that are different from the
names in the original directory, use the QPTool changehierarchy or
changemember command to update the names in places. For more information
on these commands, see the chapter ″Using QPTool Commands.″
Supporting accented characters in user names (AIX and Solaris)

By default user names containing accented characters in an LDAP directory are not
supported on AIX or Solaris. To support names with accented characters on AIX or
Solaris, follow these steps:
1. Add the following setting to the server notes.ini file:
PLATFORM_CSID=20
2. Enter the following command at the server console:
restart server
Testing access to the LDAP directory server

If Lotus QuickPlace manages user directory lookups, the Lotus QuickPlace server
must have access to an LDAP attribute in order to use it. If the connection is done
to the LDAP directory anonymously (that is, without supplying credentials), the
LDAP directory server must allow anonymous access to the attributes used by
Lotus QuickPlace. To test that attributes are accessible to the Lotus QuickPlace
server, use the ldapsearch tool provided with Domino. From the program directory
on the Lotus QuickPlace server, enter a command such as the following one:
ldapsearch -h ldap.acme.com cn=arch*
In this example, ldap.acme.com is the LDAP directory server. The command

returns the list of accessible users with common names that begin with the string
″arch″. If your LDAP directory server is configured to allow access only with
specific credentials, you can use the same search, supplying the credentials on the
command line:
ldapsearch -h ldap.acme.com -D [username] -w [password] cn=arch*
In this case, the Lotus QuickPlace server also must be configured to use these
credentials for LDAP searches in the Server Settings - User Directory room of the
administration place.
Access to the Domino Directory through LDAP

If you use the Domino Directory as your LDAP directory, fields in the Domino
Directory are mapped to LDAP attributes. To view the mapping, open the Domino
LDAP Schema database (schema.nsF) on the server. Lotus QuickPlace and
ldapsearch use the attribute names. For example, the field OfficePhoneNumber in
the Domino Person document is mapped to the LDAP schema attribute
telephonenumber. Telephonenumber is the name used in ldapsearch and in Lotus
QuickPlace.
If Domino is your LDAP directory and Lotus QuickPlace connects to it

anonymously, you can edit the Domain Configuration Settings document in the

Domino Directory to update the list of attributes allowed for anonymous access.
For more information on setting access to a Domino LDAP directory, see Domino
Administrator Help.
Disconnecting from a user directory

If you disconnect from a user directory, place managers can specify only local
members. Any existing external place members no longer have access to the places.
To disconnect from a user directory:
For example:
2. Click Sign In.
5. Click User Directory.
7. Select No Directory.
8. Click Next.
External group membership

The following tables describes the extent to which various Lotus QuickPlace
features support external group membership. The tables are organized by these
feature categories: security, place membership, notifications, LDAP directory (when
Lotus QuickPlace manages lookups), Sametime and Offline use, and miscellaneous.
Note: This information does not apply to groups used for the expanded
membership feature.
Group membership: security features

The following table describes the extent to which security features support external
group membership.
Membership through external

Feature Description of feature group
Who can create Specify which users or groups Yes
places on the server can create places on the server.
Only explicit members or
members of group listed see
the ″Create a Place″ link.
Who can administer Specify which users or groups Yes
the server can administer the server. Only
explicit members or members
of group listed see ″Server
Settings″ and ″PlaceTypes″
links when accessing the server.
Super User Can designate a user or group Yes
from the directory as super
user of all places on the server.
This user is a manager of all
places and can see all restricted
pages.

Sign Out and Sign In Sign out of a place or sign into Yes
a place as the same or another
user. Sign Out also deletes all
temporary files on the hard
drive from the upload control.
Basic authentication For places without Anonymous Yes
access for readers or authors,
all users must sign in with
name and password.
Multi-server session For places without Anonymous Yes
authentication access for readers or authors,
all users must sign in with
name and password on custom
login form found in
domcfg.nsf. After they sign in,
members can access other
places and Domino servers for
which they have access without
re-entering their credentials.
Netegrity SiteMinder Lotus QuickPlace can be Yes
configured to use Netegrity
SiteMinder as the
authentication scheme.
Current user link Link to currently authenticated Yes. See actual member, not group
user in upper left. name. Link takes you to message
saying no profile available.
Group membership: place membership

The following table describes the extent to which place membership features
support external group membership.

Page: restrict readers Restrict readers of a published Yes, group is available as reader,
page. member of group can then read.
Page: add editors Add editors to a published Yes, group is available as editor,
page. member of group can then edit,
but other group members won’t
see checked out status.
Members view List of all members of a place. Yes. Members folder shows group
name.
Member profile Page showing member Yes. Contains common name for
information and preferences for the group. There are no member
members and groups. profiles for members of the group
unless they are also added
explicitly to the place.
Local place groups Aggregate existing members Yes. Can add external groups to
and groups in the place for use local place group. Individual
in room security. members of the group are not
available unless they have also
been added explicitly to the place.

Calendar page Calendar page authors show on Yes. Display_name as set in
authors page and in Calendar view. qpconfig.xml or common name as
default.
Author column in Folder displays author names Shows individual member’s names,
folder for all pages. not group name. Display_name as
set in qpconfig.xml or common
name as default.
Username in page Page displays author name. Shows individual member’s names,
banner not group name. Display_name as
set in qpconfig.xml or common
name as default.
Forms: name pop-up Field on a form to show Yes. Display_name as set in
members in place. qpconfig.xml or common name as
default.
Form: page author Page authors show on page Shows individual member’s names,
and in folder views. not group name.
QPTool Can change a member in a Yes
changemember place 1) from a local user to a
user from the directory, 2) from
one external directory user to
another (name change), 3) from
one external directory group to
another.
QPTool Can change external users and Yes
changehierarchy groups to a different hierarchy.
For example, if your
organization changes from
ou=sales,o=org to
ou=salesandmarketing,o=org,
you can change the
distinguished names for all
members in a place.
QPTool Remove a member or a group Yes
removemember from a place.
PlaceType When a place is created from a Yes
membership PlaceType, you can populate
the new place with the
membership from the
PlaceType. Membership is
never refreshed after the place
is created.
Search by author Search for all pages authored No. Can search by individual
by a member. author name, not by group name
because the individual author
name and not the group name is
saved with the pages.
My Places A list of all places on the server Yes
for which you are a member.
Clicking the place name takes
you to the place.

Group membership: notifications
The following table describes the extent to which notification features support
external group membership.

Place invitations Send e-mail as new members Yes. Explodes the group and sends
with e-mail are added to the invitations to the members of the
place. group telling them group has been
added, sign in with username.
Notify: From field The ″From″ field when Shows individual member’s email
notifying members of a page or address, not email address of
view in a place. group.
Notify: To, CC, BCC When addressing a notification, Yes. Can choose group if has a
lists you can use lists of all valid email address or group can
members in place to fill in To, be exploded to choose individual
CC and BCC fields. members.
QPTool sendmail Administrator of server can Yes. Groups are exploded into mail
send mail to members of for individual members of the
place(s) group.
What’s new email Summary e-mail about what No. Members of a group do not
has changed in the place. have a member profile to set the
Individual preference for preference.
receiving what’s new e-mail set
on member profile. Default is
to receive. Manager of place
sets daily or weekly. QPtool
newsletter command by
administrator of server or
server program document
triggers the newsletter.
Calendar Receive notification of new No. Members of a group do not
subscriptions calendar events. Individual have a member profile to set the
preference for receiving preference.
notification of calendar events
set on member profile. Default
is not to receive.
Form: notification Notify members when a page Yes. Groups are exploded into mail
indicator is published with the form. for individual members of the
group.
Form workflow: Can send published page to an No. Groups not available as
editor-in-chief, approver before making approver for workflow. Also not
approval cycle available to all members. possible if member of a group is
the originator of the workflow
since there is no member profile
and associated information (email).
Group membership: LDAP directory

The following table describes the extent to which LDAP directory features used
when Lotus QuickPlace manages directory lookups support external group
membership.

Schema mapping: By default, the display name Yes
display_name used is cn. You can map this to
another LDAP attribute in
qpconfig.xml.
Schema mapping: By default, the common name Yes
common_name used is cn. You can map this to
another LDAP attribute (such
as UID, for example) in
qpconfig.xml.
DBCS usernames Users and groups in an Yes
external directory can have
names that use a double byte
character set.
Customizing When searching for members No. Once you select the Group
member lookup user from a directory to add to a radio button in the member lookup
interface place, you can customize the dialog, the customizations do not
attributes shown in the results apply.
pages, the search index, and
the search hint.
Search base for Designate a point in the LDAP Yes. Can use search base field on
directory members directory structure under which Server Settings, User Directory
and groups all users and groups are found. page or base_dn tag in
qpconfig.xml if the search base for
groups is different than search base
for users.
Group membership: Sametime and offline use

The following table describes the extent to which Sametime and offline use
features support external group membership.

Sametime awareness Online awareness state icon Yes, for members of the group.
and associated menu for the
current user, author online
awareness state.
Sametime chat People Online window and Yes, for chat. Groups or members
(members online) chat functionality. of groups do not show up in the
People Online window.
Sametime meetings Ability to create and attend Yes
online meetings.
Work offline Install and use place(s) offline. No. Members of a group cannot
Take room(s) offline. install places offline or take rooms
offline.
Group membership: miscellaneous features

The following table describes the extent to which various miscellaneous features
support external group membership.

Place creation Create a place with specified No. Must use explicit member as
creator (initial manager) creator.
Accessibility mode Displays high-contrast theme No. Members of a group do not
and enhances keyboard and have a member profile to set the
screen reader accessibility. preference.
Individual preference for
accessibility mode set in
member profile. Default is
standard experience (no
accessibility features).
Tasks: Assignments Assign tasks to members of the Yes.
place.
Place catalog Collects information about all Yes
places in the service. A
document is created in the
place catalog when a place is
created. Members are added to
readers, authors, and managers
fields. Membership operations
(promote, demote, add, delete,
name change) in the place are
reflected in the place catalog
document.
Special characters supported for user and group names

The following table summarizes the Lotus QuickPlace support for special
characters in user and group names.
Allowed for local Allowed for local Allowed for external

Special character users? groups? users and groups?
@ Yes No No
< No No No
> No No No
& No No No
: No No No
; No No No
^ No No Yes
, (comma) No No Yes
= No No Yes
( No No Yes
) No No Yes
# No No Yes
\ No No Yes
/ No No Yes
| No No No
* No No No

Allowed for local Allowed for local Allowed for external
Special character users? groups? users and groups?
+ No No Yes
″ No No No
’ (apostrophe) Yes Yes Yes

Chapter 3 Setting Up the Place Catalog
This chapter describes the Place Catalog and how to set it up.
The Place Catalog

The Place Catalog is a centralized database in which you collect information about
all your places and Lotus QuickPlace servers.
The Place Catalog has two audiences: administrators and users. Administrators can
use the QPTool report command or an XML interface to the Lotus QuickPlace Java
XML API to access the Place Catalog to query information. Users access the Place
Catalog indirectly, through features such as My Places, which allows them to see
the places they belong to, and Search Places, which allows them to search in places
across the enterprise.
For information on how to access the Place Catalog with the Lotus QuickPlace Java
XML API, see the Lotus QuickPlace Developer’s Guide. For more information on the
QPTool report command, see the chapter ″Using QPTool Commands.″
Setting up the Place Catalog

The Place Catalog feature is automatically enabled on all Lotus QuickPlace server
installations. When you install a Lotus QuickPlace server, a local Place Catalog
database (PlaceCatalog.nsf) is created. If you want to change Place Catalog settings
or disable the Place Catalog, create a file called qpconfig.xml and copy into it the
Place Catalog section from the file qpconfig_sample.xml. Then change settings. For
more information on creating a qpconfig.xml file, see the chapter ″Lotus
QuickPlace Administration Overview.″
For example, if your enterprise has several Lotus QuickPlace servers and you want
more than one to share a Place Catalog on a remote server, each Lotus QuickPlace
server must have its own qpconfig.xml which specifies the server and file name of
the Place Catalog. After you have set qpconfig.xml to point to the correct Place
Catalog server, you can delete the local Place Catalog database on the Lotus
QuickPlace server.
After you set up Place Catalog you must register any previously existing places.
You can set up one Place Catalog to service your enterprise, or set up several Place
Catalogs to service different areas of your enterprise. It is recommended that an
enterprise have a designated Place Catalog server (or servers) whose only purpose
is to contain the Place Catalog. Each Place Catalog server should be part of a
cluster with at least one failover server.
To set up a remote Place Catalog server shared by more than

one server
1. Install Lotus QuickPlace.
2. Make sure the server is accessible to other Lotus QuickPlace servers over Lotus
Notes RPC (TCP/IP port 1352) and the HTTP protocols. This is set up by
default.

3. In the ACL of the Place Catalog database, give access to Lotus QuickPlace
servers and system administrators only. By default, the database has the
following listed as Managers in the ACL: Lotus QuickPlace server, the system
administrator, LocalDomainServers, and QuickPlaceAdministratorsSUGroup.
4. Open the Place Catalog database from the Domino Administrator client and
create a full-text index. The Place Catalog database must be full-text indexed
for the QPTool report command and the My Places feature to work. For more
information on creating and updating full-text indexes, see Domino
Administrator Help.
To configure Place Catalog qpconfig.xml settings

1. On each Lotus QuickPlace server that will communicate with the Place Catalog
server, create a file called qpconfig.xml and save it as a text file.
2. Copy the following content to qpconfig.xml from qpconfig_sample.xml,
replacing sample values with your own values.
For descriptions of each XML tag, see the next topic ″Place Catalog XML.″ For
more information on copying from the sample file, see the chapter ″Lotus
<?xml version="1.0" standalone="yes"?>
<server_settings>
<place_catalog enabled="true" log_level="0">
<connection_pool size="8" />
<place_catalog_servers>
<server>
<domino_server_name>name</domino_server_name>
<nsf_filename>PlaceCatalog.nsf</nsf_filename>
</server>
</place_catalog_servers>
</place_catalog>
</server_settings>
3. If the Lotus QuickPlace server is part of a cluster, set the appropriate values
within the <cluster> node.
For more information on configuring a clustered Lotus QuickPlace server to
work with the Place Catalog, see the chapter ″Administering Lotus QuickPlace
Servers in a Cluster.″
4. Type the following command to restart the HTTP task so that Lotus QuickPlace
recognizes the changes:
restart task http
To register existing places and servers with the Place Catalog

A Lotus QuickPlace server may already contain places that were created prior to
configuring the Place Catalog, or that were added from a different server. In this
case, the Place Catalog must be told of the existence of these places. This is done
by using the QPTool register command.
Note: Because the Place Catalog must uniquely identify a place by its name, two
different places cannot have the same name. When upgrading an existing
QuickPlace installation where two different places might have the same
name on two different servers, the administrator must first resolve the
conflict by unregistering one of the places, renaming its directory, and then
registering the place with the new name. For more information on the
QPTool register command, see the chapter ″Using QPTool Commands.″ For
more information on upgrading to a Lotus QuickPlace 7 enterprise, see the
Lotus QuickPlace Installation and Upgrade Guide.

Lotus QuickPlace servers also must be registered with the Place Catalog. You can
do register servers either by creating a place on the server, which automatically
creates a server entry in the Place Catalog, or by using the QPTool command
″qptool register -server.″
Note: If a server is registered in the Place Catalog and you change the port,
protocol settings, or a URL prefix for the server, use ″qptool unregister
-server″ to unregister the server, then use ″qptool register -server″ to register
the server with the Place Catalog again so that place URLs are constructed
correctly. Or update the appropriate fields in the server’s PlaceServer
document manually in the Place Catalog.
To populate the Catalog with entries for servers, and for places that existed before
the Catalog was enabled, enter the following in the Domino server console:
Server console command Description

load qptool register -server Registers the server with the Place Catalog.
load qptool register -placecatalog -a Registers existing places with the Place
Catalog.
For more information on registering places and servers with QPTool commands,
see the chapter ″Using QPTool commands.″
Place Catalog XML

The following table describes each Place Catalog XML setting in the qpconfig.xml
file.
Element or attribute Description

place_catalog The place_catalog section contains settings to
enable the server to use a Place Catalog. Set
enabled the ″enabled″ attribute to ″true″ to tell the
server to search for an existing Place
Catalog.
The default setting is enabled=″true.″ To

prevent the server from looking for a Place
Catalog, change the enabled attribute to
enabled=″false″ or remove the entire
<place_catalog> section.
Chapter 3 Setting Up the Place Catalog 39

Element or attribute Description
log_level You can log operations related to the Place
Catalog in the Domino server console as
follows:
Level 1 - Logs all Catalog database open and

close operations
Level 2 - Logs all server registration

operations
Level 3 - Logs all place registration

operations
Level 4 - Logs all member registration

operations
Each level also includes the information in

the levels below it.
connection_pool size For efficiency, the Lotus QuickPlace server
creates a pool of connections to the Place
Catalog that can be shared by the different
requests on that Lotus QuickPlace server.
This number should reflect the number of

simultaneous requests that could result in a
query or update to the Place Catalog. These
types of requests include creation of places,
the addition of or changes to place
membership, and administration requests
made by QPTool.
You may want to start with a number

representing a third of the maximum HTTP
threads. For example, if the server uses 90
threads, then set this value to 30.
place_catalog_servers This section lists all Place Catalog servers
the local Lotus QuickPlace server will
communicate with. Lotus QuickPlace
supports only one Place Catalog server.
server This section specifies settings for a particular
Place Catalog server.
domino_server_name Specify in Domino format the name of the
server hosting the Place Catalog, for
example, server/organization.
nsf_filename Specify the name of the Place Catalog
database, for example, PlaceCatalog.nsf.
For information on configuring the Place Catalog to work in a clustered server

environment, see the chapter ″Administering Lotus QuickPlace Servers in a
Cluster.″

How the Place Catalog works
The Place Catalog contains data on the Lotus QuickPlace servers in your service,
the places that live on those servers, and the members of those places. Each server
and each place in your service has a separate entry in the Catalog. A Catalog entry
is implemented as a Lotus Notes® document.
The following figure shows an example of a Catalog entry for a place titled ″Place
One.″
The following figure shows a Catalog entry for a Lotus QuickPlace server called
″server1.acme.com.″
How entries are updated

Some entries are created or updated in the Place Catalog in real time -- the
moment an event happens. Other entries are created or updated manually by a
server task, or on a scheduled basis.
It is essential that certain data be sent in real time to avoid conflicts. For example,
in a Lotus QuickPlace service there cannot be two places with the same name. The
creation of a new place is an event that creates a new Catalog entry in real time.

When a user creates a new place, Lotus QuickPlace first checks the Catalog for that
name before creating a new entry. If it finds an existing place with that name, the
user is prompted to choose a different name. If the creation of a place did not
immediately create an entry, it would be possible for two users to create two places
with the same name, which would cause a conflict when Lotus QuickPlace
attempted to create entries for both in the Catalog. For this reason, a Place Catalog
server that a Lotus QuickPlace server is configured to use must always be
available. To increase availability of the Place Catalog, the Domino clustering
feature can be used to make several Place Catalog servers available.
The following events create or update Place Catalog entries in real time:
Event Description
A Lotus QuickPlace server is registered in, A server becomes part of the service when
or unregistered from, the Lotus QuickPlace qptool register -server command is issued, or
service. when a place is created on the server. When
a place is created, an entry for the server is
immediately created in the Catalog if one
does not already exist. Similarly, when qptool
unregister -server is issued, the entry for the
server is immediately removed from the
Catalog.
Removal of a place from the service by The server’s place entry is removed. If the
qptool unregister. place is part of a Lotus QuickPlace server
cluster with a virtual server, the virtual
server place entry is also removed.
For more information on virtual servers in a

cluster, see the chapter ″Administering Lotus
QuickPlace Servers in a Cluster.″
Creation of a place from a browser or A new entry is created. The Place Catalog
registration of a place by qptool register. server must be running for users to create
new places in the service.
If the place is created on one server in a

cluster, an entry for the virtual server is also
created.
Creation of a place on a cluster server node A place entry for that server cluster node is
by qptool replicamaker. created.
Deletion of a place from a browser or by The place’s entry is deleted. Its name cannot
qptool remove. be used for a new place until the QPTool
remove -- cleanup command has run, either
automatically overnight, or manually by the
administrator. In a cluster environment, this
would have to be done on all cluster nodes.
Deletion of a place in a cluster server node The place’s entry for that server node is
by qptool remove -cleanup. deleted from the catalog.
Creation of a member. The new member is added to the place entry
with the proper access level.
Deletion of a member. The member is removed from the place
entry.
A change in member access. The member moves to the field appropriate
to their new access level.
A place is accessed. The PlaceLastAccessed field is updated,
which can take up to a minute.

Event Description
Locking a place by qptool lock. The PlaceIsLocked field of the Place Catalog
entry is set to 1. If the place is in a cluster
with a virtual server, the PlaceIsLocked field
in the virtual server entry is also set to 1.
Unlocking a place by qptool unlock. The PlaceIsLocked field of the Place Catalog
entry is set to 0. If the place is in a cluster
with a virtual server, the PlaceIsLocked field
in the virtual server entry is also set to 0.
The following data can be updated using the QPTool placecatalog -push command
or on a schedule on the Lotus QuickPlace server.
Event Description
Place size. The PlaceSize field is updated.
Dates and times the place was last modified. The PlaceLastModified field is updated.
To update the PlaceSize and PlaceLastModified data on a particular place, enter the
following commands from the server console:
Server console command Description

load qptool placecatalog -p placename(s) -push Updates size and last modified data for the
place you specify. To specify more than one
place, separate the placenames with spaces.
load qptool placecatalog -a -push Updates size and last modified data for all
places on the server.
load qptool placecatalog -? Ouputs quick help on the syntax of all the
placecatalog arguments.
load qptool placecatalog -i inputfilename -push Takes an XML file specifying the places to
update.
For more information on updating the Place

Catalog with an XML input file, see the
Lotus QuickPlace Developer’s Guide.
load qptool placecatalog -p placename(s) -o Outputs the places that have been updated
outputfilename -push to a non-default output file. (The default file
is qptool.placecatalog.xml in the server’s
program directory.)
Or to update the the PlaceSize and PlaceLastModified fields at 2 AM, add the
appropriate command line entry from the preceding table to the ServerTasksAt2=
line in the server’s NOTES.INI file. Or, if you want multiple servers in the Lotus
QuickPlace/Domino domain to share the schedule, create a server program
document in the Domino Directory of the Lotus QuickPlace domain. For more
information on creating a server program document, see Domino Administrator
Help. For more information on QPTool commands, see the chapter ″Using QPTool
Commands.″
Synchronizing Place Catalog data in a cluster

In an enterprise with a Lotus QuickPlace server cluster, the QPTool placecatalog
-update command can be run on the Place Catalog server to synchronize data
between a place’s entries on each physical server, and the place’s virtual entry. For

example, before QPTool placecatalog -update is run, the place’s virtual entry
contains the membership information, but the place’s physical server entries do
not. After QPTool placecatalog -update, both entries contain the same field values.
For more information on clusters, see the chapter ″Administering Lotus QuickPlace
Servers in a Cluster.″
Enabling DBCS members to use My Places

For double-byte character set (DBCS) users to use My Places:
v The users must be from an external user directory.
For more information on external user directories, see the chapter ″Connecting to
a User Directory.″
v The server must be configured for session-based (single sign-on) authentication.
You configure session-based authentication through Domino.
For more information, see the chapter ″Setting Up Security.″
v You must open the NOTES.INI file on the Place Catalog server and add the
following variable:
Country_Language=xx[-xx]
Use one of the following codes for xx[-xx]:
CollationName Code
Japanese ja
Korean ko
Simplified Chinese zh-cn
Traditional Chinese zh-tw
You must restart the server. Then open the Place Catalog database in Notes and
press CTRL+SHIFT+F9 to re-index the views.
Recovering if the Place Catalog server goes down

If Lotus QuickPlace servers use a remote Place Catalog server and the Place
Catalog server stops, users cannot create new places, but they can continue to
work with existing places. While the users work with these existing places, the
following fields in the Place Catalog change automatically because of the user
activity:
v PlaceSize
v PlaceLastAccessed
v PlaceLastModified
v PlaceReaders
v Place Authors
v PlaceManagers
When the Place Catalog server starts again, use the QPTool placecatalog -push -p
command on the Lotus QuickPlace server to update these fields:
v PlaceSize
v PlaceLastAccessed
v PlaceLastModified

If any place membership changes are made while the Place Catalog server is
stopped, you must use the QPTool unregister -placecatalog and register
-placecatalog commands to unregister and then re-register the place.
Note: It’s important to keep Place Catalog servers highly available. For
information on creating a cluster of Place Catalog servers, see the chapter
″Administering Lotus QuickPlace Servers in a Cluster.″ No places should be
included in a cluster of Place Catalog servers.

Chapter 4 Managing PlaceTypes
This chapter describes how to create PlaceTypes to use as blueprints for creating
places, order PlaceTypes in the list of PlaceTypes, refresh PlaceTypes, and copy and
delete PlaceTypes.
PlaceTypes
As you set up a place to meet the needs of your team or organization, you may
want to preserve your customizations for use in other places. For example, if a
manager has created a theme that gives a particular place the look and feel of your
corporate Web site, you may want to make that design available for the creation of
other places in your organization.
You can preserve the design and content of a place by creating a PlaceType. A
PlaceType is a blueprint from which users can create places. You can take a
snapshot of a place and make it a PlaceType. Also, you can control the design and
content of a child place by refreshing it with updates from the PlaceType.
Creating a PlaceType and making it available to users is a two-step process. First, a

user with Manager access to a place customizes a place, allows it to be a
PlaceType, and specifies which design elements will be preserved in the PlaceType.
For information on completing these steps, see the Help. Second, a server
administrator creates the PlaceType on the server so it is available to users, as
described in this chapter.
Creating a PlaceType
To create a PlaceType:
1. Sign in to the Lotus QuickPlace home page as an administrator.
2. Click PlaceTypes in the table of contents.
3. Click Create PlaceType.
4. Type a name for the PlaceType. The name you type appears in the list of
PlaceTypes a users see when they create places.
5. Select the name of the place you want to use as a PlaceType.
The manager of the place must have allowed the place to be a PlaceType and
specified the design elements that are preserved in the PlaceType. For more
information, see the Help.
6. Click Next.
Note: Users cannot create a PlaceType from a place that uses expanded
membership.
To give users information about the PlaceType

When users create a place, they see a list of the available PlaceTypes on which they
can base their new place. To help them understand the choices, you can include a
short description of the PlaceType, a thumbnail sketch of the PlaceType, and a link
to a Web page with a more detailed description of the PlaceType.
To give users information about a PlaceType:

3. Click the name of the PlaceType.
4. Click Edit.
5. Do one of the following:
v To add the description and other information shown and also to refresh the
PlaceType, click ″Yes (default), copy changes and update the information
below.″
v To update the description and other information shown but not refresh the
PlaceType, click No.
For more information, see the topic ″Refreshing a PlaceType from the
PlaceTypes view in the administration place″ later in this chapter.
6. Do one or all of the following:
v Type a short description for the PlaceType. The description appears next to
the PlaceType in the list.
v Choose an image file that contains a ″thumbnail sketch″ of a page in the
PlaceType. The image file must be a GIF or JPG file, and the image itself
should be no larger than 100 pixels by 80 pixels. The thumbnail sketch
appears next to the PlaceType name in the list.
v Specify the address of a Web page under ″Optionally, you can provide a URL
for users to visit for more information.″ When you specify the address of a
Web page, Lotus QuickPlace displays the link text ″More info″ below the
description of the PlaceType in the list.
7. Click Next.
Note: You cannot edit the description of the default PlaceType.
Editing the server’s PlaceType list

You can change the order of the PlaceType names in the list of PlaceTypes that
users see when they create a place. For example, if your list contains 150
PlaceTypes, but ″MeetingRoom PlaceType″ is the most popular, you can move
″MeetingRoom PlaceType″ to the top of the list. To reorder the PlaceType list:
3. Click Reorder.
4. Click the PlaceType name you want to move.
5. Click the up or down arrow to move the PlaceType.
6. Click Next.
To hide or display PlaceType names in the list

You can hide the name of a PlaceType in the list of PlaceTypes that users see when
they click ″Create a Place.″ For example, if you are experimenting with the
contents of the PlaceType, you can hide the PlaceType while it is in progress. The
word ″hidden″ appears next to the name of the PlaceType in the list of PlaceTypes
you see as the Lotus QuickPlace server administrator.
3. Click Show/Hide.

4. To hide the name of a PlaceType in the list, remove the check mark next to the
name of that PlaceType. To display the name of a PlaceType in the list, check
the box next to the name of that PlaceType.
5. Click Next.
Refreshing PlaceTypes and places

You can create a PlaceType from a place and a place from a PlaceType. When one
is created from the other, the server maintains a ″parent-child″ relationship
between the two. You can refresh a child place or child PlaceType so the child
inherits new and modified elements from its parent.
For example, a Lotus QuickPlace developer creates a new place called ″Sales″ and
gives it the look and feel you want to appear in places created by the Sales team.
The developer allows it to be a PlaceType, and you create a PlaceType from it
called ″Sales PlaceType.″ To test it, you create a place called ″Sales Test″ from
″Sales PlaceType.″ If you want to change some design elements, you can ask the
developer to change the elements in ″Sales,″ then refresh ″Sales PlaceType,″ then
refresh ″Sales Test.″ ″Sales PlaceType″ inherits from ″Sales,″ and ″Sales Test″
inherits from ″Sales PlaceType.″
The QPTool refresh command refreshes places and PlaceTypes. By default, QPTool
refresh runs daily at 4 AM to refresh all child places (not including PlaceTypes) on
the server. The place manager can control whether QPTool refreshes a place. To
refresh a PlaceType, administrators can initiate the refresh command from the
administration PlaceTypes room or use the traditional method for running QPTool
commands.
Note: When you refresh a place or PlaceType in a cluster, do the refresh on one
server only and then let the changes replicate to the other servers.
For more information on the QPTool refresh command, see the chapter ″Using
QPTool Commands.″
Place membership
If the place manager allows it, membership of a place can be passed to a PlaceType
when the PlaceType is created. That membership is then passed to new places
created from the PlaceType. For example, if Annie was a member of ″Sales″ with
Author access, she became an Author in ″Sales PlaceType″ and ″Sales Test″ when
they were created.
However, changes to members and membership are not inherited when you
refresh. For example, if the manager of ″Sales″ changes Annie’s access to Reader in
″Sales,″ when you refresh ″Sales PlaceType″ and ″Sales Test,″ Annie still has Author
access in ″Sales PlaceType″ and ″Sales Test.″
CAUTION:
When a new room is inherited, membership to the room is not inherited, but
instead is determined by the room’s parent room in the place. For example, to
continue the preceding example, assume that the manager of ″Sales″ adds a new
room called ″Finances″ and gives only herself access to read sensitive
information in it. When ″Sales PlaceType″ and then ″Sales Test″ are refreshed,
″Sales Test″ inherits the room ″Finances″ but all ″Sales Test″ members with
Reader access or above can read ″Finances″ unless the ″Sales Test″ manager
changes access.
Chapter 4 Managing PlaceTypes 49

Levels of refresh
There are two levels of refresh available for a place: basic refresh (the default level)
or replace. With basic refresh, elements originating from a PlaceType but modified
directly in a place are not affected by the refresh. For example, basic refresh does
not affect changes a place manager makes to the Welcome page.
A replace occurs only when you use QPTool refresh command with the -r
argument. Use replace with extreme caution because it causes all elements in a
place that originated from a PlaceType to be updated, even elements modified
directly in the place.
Neither basic refresh nor replace modifies elements that were created directly in a
place rather than originating from a PlaceType.
Because changes to a PlaceType are never made directly in a PlaceType but instead
can occur only through a refresh, it makes no difference which level of refresh you
use to refresh PlaceTypes.
How basic refresh affects the elements in places

If you do a basic refresh of a child place with its PlaceType, and there are no
changes in the PlaceType, the refresh causes no change in the child place. If there
are changes in the PlaceType, the child place does not inherit an element change or
deletion from the PlaceType if the element was also changed or deleted directly in
the child place. The following tables describe this behavior in detail.
Elements modified in the PlaceType

The following table describes what happens as the result of a basic refresh of a
place when elements have changed in its PlaceType.
Refresh effect
on element in Refresh effect on
Element place if element element in place if Refresh effect on element
modified in not changed in element changed in in place if element
PlaceType place place deleted in place
Page Updated No change No change
Folder Updated No change No change
Room Updated No change No change
Form Updated No change No change
Field Updated No change No change
Theme Updated No change No change
PlaceBot Updated No change No change
Room Setting Updated No change No change
Aesthetic Settings Updated No change No change
Member No change No change No change
Local group No change No change No change
Elements deleted in the PlaceType

The following table describes what happens as the result of a basic refresh of a
place when elements have been deleted in its PlaceType.

Refresh effect
on element in Refresh effect on
place if element element in place if Refresh effect on element
Element deleted not changed in element changed in in place if element
in PlaceType place place deleted in place
Page Deleted No change No change
Folder Deleted* No change No change
Room Deleted** No change No change
Form Deleted No change No change
Field Deleted No change No change
Theme Deleted No change No change
PlaceBot Deleted No change No change
Room Setting N/A N/A N/A
Aesthetic Settings N/A N/A N/A
**Rooms that contain elements originating from a PlaceType but modified directly
in the place, or that contain elements created in the place rather than originating
from a PlaceType, are not deleted.
A task page in a place derived from a PlaceType lists [h_Managers] as editor
Note: In a place that is derived from a PlaceType, all task pages display
[h_Managers] in ″Who can edit this task″. Since membership is not
refreshed, members removed from the place will not be added back during
refresh. The [h_Managers] entry ensures that managers of the place can edit
the page if all other editors are removed from the place.
How replace affects the elements in places

If you replace a place with its PlaceType -- using qptool refresh -r -- changes made
to elements directly in the place that originated in the PlaceType are lost. For this
reason you should use replace with extreme caution. The following tables describe
the behavior of a replace in detail.
Elements not changed in the PlaceType

The following table describes what happens as the result of a replace of a place
when elements have not changed in its PlaceType.
Replace effect
on element in Replace effect on
Element not place if element element in place if Replace effect on element
changed in not changed in element changed in in place if element
Page No change Replaced Copied back
Folder No change Replaced Copied back
Room No change Replaced Copied back
Form No change Replaced Copied back
Field No change Replaced Copied back

Replace effect
Element not place if element element in place if Replace effect on element
changed in not changed in element changed in in place if element
Theme No change Replaced Copied back
PlaceBot No change Replaced Copied back
Room Setting No change Replaced Copied back
Aesthetic Settings No change Replaced Copied back
Elements modified in the PlaceType

when elements have been modified in its PlaceType.
Replace effect
Element place if element element in place if Replace effect on element
modified in not changed in element changed in in place if element
Page Updated Replaced Copied back
Folder Updated Replaced Copied back
Room Updated Replaced Copied back
Form Updated Replaced Copied back
Field Updated Replaced Copied back
Theme Updated Replaced Copied back
PlaceBot Updated Replaced Copied back
Room Setting Updated Replaced Copied back
Aesthetic Settings Updated Replaced Copied back
Elements deleted in the PlaceType

when elements have been deleted in its PlaceType.
Replace effect
place if element element in place if Replace effect on element
Page Deleted Deleted No change
Folder Deleted* Deleted* No change
Room Deleted** Deleted** No change
Form Deleted Deleted No change
Field Deleted Deleted No change

Replace effect
place if element element in place if Replace effect on element
Theme Deleted Deleted No change
PlaceBot Deleted Deleted No change
Room Setting N/A N/A N/A
Aesthetic Settings N/A N/A N/A
*Folders that contain pages created directly in the place rather than originating
from the PlaceType are not deleted.
**Rooms that contain any element created directly in the place rather than
originating in the PlaceType are not deleted.
Controlling whether the QPTool refresh command refreshes a

place
Place managers control whether the QPTool refresh command refreshes places
created from a PlaceType. By default, the QPTool refresh command refreshes
places. The QPTool refresh command runs on all places created from PlaceTypes
daily at 4 AM, but administrators can also run it on specific places.
To specify whether the QPTool refresh command refreshes a place:

1. Open the place.
2. Click Customize in the table of contents.
3. Click Basic.
4. Click ″Change Basics.″
5. In the Updates section, check ″Receive updates″ (default) to allow QPTool
refresh to refresh the place. Remove the check mark to prevent QPTool refresh
from running on this place.
Refreshing a PlaceType from the PlaceTypes view in the

administration place
If a place used to create a PlaceType is modified, you can use the PlaceTypes room
in the administration place to initiate the QPTool refresh command to do a basic
refresh of the child PlaceType. If you use this method, at the same time you refresh
you can modify the description that users see, the image, and the URL provided to
users for more information.
3. Click the name of the PlaceType you want to refresh.
4. Click Edit.
5. Do one of the following:
v To update the description and other information shown and also to refresh
the PlaceType, click ″Yes (default), copy changes and update the information
below.″

v To update the description and other information shown but not refresh the
PlaceType, click ″No, simply update the information below.″
6. (Optional) Change the description for the PlaceType.
7. (Optional) Change the image selection for the PlaceType.
8. (Optional) Change the URL information shown.
9. Click Next.
Choosing to refresh the PlaceType in Step 5 starts QPTool refresh in the

background. If QPTool refresh is already running when you click Next, the
PlaceType is not refreshed since only one instance of QPTool refresh can run at a
time. Check the server console to determine whether a PlaceType has been
refreshed.
You can also refresh a PlaceType by running the QPTool refresh command from the
server console or command line. For more information, see the chapter ″Using
QPTool Commands.″
Signing a newly inherited scheduled PlaceBot in a place

When a place first inherits a new scheduled PlaceBot (agent), the place manager
must sign the PlaceBot before it runs. This step is necessary only for a newly
inherited scheduled PlaceBot:
1. Open the place.
2. Click Customize in the table of contents.
3. Click PlaceBots.
4. Select the PlaceBot and click Sign PlaceBot.
Copying a PlaceType
You can use operating system commands to copy a PlaceType from one Lotus
QuickPlace server to another.
A PlaceType consists of a set of Notes database files (NSF files) in the AreaTypes
subdirectory on the Lotus QuickPlace server. For example, if you create a
PlaceType called Rapid Response, and your Domino and Lotus QuickPlace servers
are installed in the c://lotus/domino directory, the NSF files for Rapid Response
would be stored in the following location:
c:\Lotus\Domino\data\QuickPlace\AreaTypes\Rapid Response\
To copy a PlaceType from one Lotus QuickPlace server (server A) to another Lotus
QuickPlace server (server B):
1. On server B, create a subdirectory for the PlaceType in
x:\Lotus\Domino\data\QuickPlace\AreaTypes, where x is the drive on which
Domino and Lotus QuickPlace are installed.
2. Copy the PlaceType files from server A to the subdirectory you created on
server B.
3. If the PlaceType has PlaceBots, you must sign the agents in the database using
the server ID of the current server, that is, server B. For more information on
signing a database, see Domino Designer Help.
4. Use the following procedure to add the copied PlaceType to the list of
PlaceTypes on server B.

To add copied PlaceTypes to the PlaceType list
If you copied PlaceType files to the Lotus QuickPlace server, you can add that new
PlaceType to the list of PlaceTypes on the current server. You see the list of
PlaceTypes when you sign in to the current server as the server administrator and
click PlaceTypes in the table of contents. The new PlaceType is also available to
Lotus QuickPlace creators until or unless you hide the name of the PlaceType.
To add a PlaceType copied from another server to the list of PlaceTypes on the
current server, do the following:
3. Click Refresh List.
Deleting a PlaceType
When you follow the steps below or when you use the QPTool remove command
without the -now argument, to mark a PlaceType for deletion on the current server,
it is no longer available to users. However, the file and directory are not actually
deleted until the QPTool remove -cleanup command runs on the server at 2 AM.
You can remove the PlaceType immediately by running the QPTool remove -now
command.
For more information on the remove command, see the chapter ″Using QPTool
Commands.″
Note: You cannot delete the default PlaceType.

3. In the list of PlaceType names on the screen, click the name of the PlaceType
you want to delete.
4. Click Delete.
5. In Lotus QuickPlace server cluster, do the following on each additional server
in the cluster to remove the PlaceType from the PlaceTypes view of the
administration place. This step is necessary because the administration place
does not replicate in a cluster.
a. Sign in to the Lotus QuickPlace home page as an administrator.
b. Click PlaceTypes in the table of contents.
c. Click Refresh List.

Chapter 5 Administering Lotus QuickPlace Servers in a
Cluster
This chapter describes how to set up Lotus QuickPlace servers in a clustered server
environment.
Lotus QuickPlace servers in a cluster

A Domino cluster is a group of two to six servers that provides users with constant
access to data, balances the workload between servers, improves server
performance, and maintains performance when the size of your enterprise
increases. The servers in a cluster contain replicas of databases that you want to be
readily available to users at all times. If a user tries to access a database on a
cluster server that is unavailable, Domino opens a replica of that database on a
different cluster server, if a replica is available. Domino continuously synchronizes
databases so that whichever replica a user opens, the information is always
identical.
Clusters provide high availability of important databases, and clustered servers can
redirect database open requests to other servers in the clusters, allowing users
uninterrupted access to their databases. You can use clustering to provide high
availability of a Lotus QuickPlace service, or group of servers. You can administer
servers in a cluster by adding, removing, or upgrading them.
Using clustering to provide high availability of the Lotus QuickPlace service

consists of setting up:
v Two or more servers to replicate the data.
v A solution to distribute HTTP requests to one or more of the servers in the
cluster.
Domino Enterprise Server software is used to set up and manage the cluster. The
servers in the cluster are sometimes referred to as cluster nodes. Lotus QuickPlace
is installed on each of these nodes.
There are several solutions available for distributing HTTP traffic among a number
of servers. The Lotus QuickPlace application requires that HTTP requests sent to
one node are continuously sent to that node for a predetermined amount of time.
This time period is sometimes known as ″sticky time.″
Upgrading an existing Lotus QuickPlace server to provide high availability

involves:
v Setting up a separate cluster of servers.
v Using QPTool commands to move the places to the newly set up cluster.
For more information on moving places, see the chapter ″Using QPTool
Commands.″
Administering and managing a Lotus QuickPlace server that is in a cluster is the

same as administering and managing a server that is not clustered. With the
exception of adjustments to the load balancing hardware and software, you make

changes individually to each server by addressing the server directly by its
hostname or Domino name when you use any of the following methods or tools:
v Using the browser to sign in to the server and visiting the Server Settings page,
also known as the Lotus QuickPlace Administration Room.
v Using the Domino Administration Client to make changes, usually to the
Domino Name and Address Book.
v Making changes using the file system such as modifying the NOTES.INI file or
inspecting HTTP logs.
For information on upgrading a Lotus QuickPlace server in a cluster, see the book
Lotus QuickPlace Installation and Upgrade Guide.
Planning capacity
Before you set up a Lotus QuickPlace cluster, you must first decide:
v How many concurrent users need to be supported.
v The type of clustering solution to be implemented.
These decisions determine how many servers of a given specification are required
to support the user population for a given rate of Lotus QuickPlace usage.
Types of clustering solutions

The total number of servers required depends on the type of clustering solution.
The simplest clustering solution is failover to a ″hot spare,″ in which a primary

server and a secondary server are clustered. The primary server handles user
requests, and the secondary server is held in reserve in case the primary server
fails or requires a scheduled stoppage. When the primary server is taken offline,
user requests fail over to the hot spare until the primary server comes back online.
In this type of cluster, the resources of the hot spare are not utilized while the
primary server is active: the capacity of the cluster is the capacity of the primary
server. Therefore, if a given server specification supports 1,000 concurrent users,
two such servers are required to support 1,000 users. If the hot spare is identical to
the primary server, the capacity remains the same after the primary server fails
over.
To make full use of all available servers, a load-balancing solution can be

implemented. With load balancing, servers share the user load, and the maximum
capacity of the cluster is approximately the sum of the capacities of the servers in
the cluster. For example, a cluster of three servers that each support 1,000 users has
approximately a maximum capacity of 3,000 concurrent users. However, if one
server goes offline, the capacity of the cluster is reduced correspondingly (to 2,000
users in the example). Therefore, the average capacity of a load-balanced cluster is
less than the maximum possible, and allowance should be made for server
downtime so that response times do not significantly decrease when a single server
becomes unavailable. Having more than two servers in a cluster provides greater
flexibility and reliability because when a server is taken offline for scheduled
maintenance, failover can still occur among the remaining available servers.

Creating a cluster
To create a cluster, you must have at least Author access, Delete Documents rights,
and the ServerModifier and ServerCreator roles in the Domino Directory, and at
least Author access in the Administration Requests database. If possible, use the
administration server when creating a cluster. The administration server does not
have to be part of the cluster.
Note: If a server belongs to a different cluster, you do not have to remove the
server from that cluster before you add it to the new cluster. The Cluster
Administration Process removes the server from the original cluster and
then adds it to the new cluster.
1. From the Domino Administrator, make sure the administration server or
another server is current.
2. Click the Configuration tab.
3. Expand Server, and click All Server Documents.
4. In the Results pane, select the servers that you want to add to the cluster.
5. Click Add to Cluster.
6. When asked to choose the cluster you want to add the servers to, choose
Create New Cluster, and then click OK.
7. Type the name of the new cluster, and click OK.
8. Choose Yes to add the servers to the cluster immediately, or choose No to
submit a request to the administration process to add the servers to the
cluster.
9. (Optional) If you chose No in Step 8 and you did not add the servers on the
administration server, force replication between this server you used and the
administration server so that the administration server receives the requested
changes sooner.
10. (Optional) If you chose No in Step 8, force replication between the
administration server and the cluster servers so the cluster servers receive all
the changes sooner.
11. (Optional) If you chose Yes in Step 8, the cluster information is added
immediately to the Domino Directory of the server you used to create the
cluster. If this server is not part of the new cluster, replicate the changes to one
of the servers you added to the cluster.
Note: For information on managing replication in clusters, refer to the Domino

Administrator Help.
Adding a Lotus QuickPlace server to a cluster

If you want to add a new Lotus QuickPlace server to a cluster, all of the existing
Lotus QuickPlace data first must be copied and replicated to the new server before
it can be available for use. To add a new Lotus QuickPlace server to a cluster:
1. Install the new Lotus QuickPlace server using the installation instructions.
2. Using the browser, sign in to the Lotus QuickPlace server as an administrator
and edit the Server Settings appropriate for this server.
3. Start the server.
4. Shut down the HTTP task by typing the following at the server console:
tell http quit
Chapter 5 Administering Lotus QuickPlace Servers in a Cluster 59

5. To create replica stubs on the new server for all existing places in the cluster,
run the replicamaker command on the new server, using one of the other
servers in the cluster as the source for the place databases. Type the following
at the server console:
load qptool replicamaker -s <remote server name> -a
where <remote server name> is the domino server name.
For more information on the replicamaker command, including running the
command in verbose mode, see the chapter ″Using QPTool Commands.″
6. Wait for the replicamaker command to finish running successfully. This step
may take several minutes.
7. Use the Domino Replicator to replicate all the data and initialize all replica
subs on the local and remote systems. Type the following at the server
console:
replicate <remote server name>, where <remote server name> is the domino
server name, for example, qp1/Company.
8. Wait for the Domino Replicator to finish. This step may take several hours.
9. Start the HTTP task. Type the following in the server console:
load http
10. (Optional) Create all search indexes for all newly replicated places. This task
can take several hours and can be done while the server is running. It is
optional because it runs automatically at 2 AM. Type the following at the
server console:
load updall
Adding a Lotus QuickPlace server after a long down time

If a Lotus QuickPlace server has been removed from a cluster for a period of time,
you can add it to the cluster again. To add a Lotus QuickPlace server after a long
down time:
2. Shut down the HTTP task. Type the following at the server console:
tell http quit
3. To create replica stubs for any new places or rooms that were created in the
cluster since the server was taken out of service, run replicamaker on the
server, using one of the other servers in the cluster as the source for the place
databases. Type the following at the server console:
load qptool replicamaker -a -s <remote server name>
where <remote server name> is the domino server name, for example,
qp1/Acme.
4. Wait for the replicamaker command to finish running successfully.
5. Replicate all the data and initialize all replica subs on the local and remote
systems using the Domino Replicator. Type the following in the server console:
replicate <remote server name>
where <remote server name> is the domino server name, for example qp1/Acme.
6. Wait for the Domino Replicator to finish. This step may take several hours.
7. Start the HTTP task. Type the following at the server console:
load http
Note: Because each server in the cluster has independent server settings, you
must update the settings (for example, User Directory) in the Lotus
QuickPlace Administration room.

8. (Optional) Create all search indexes for all newly replicated places. This task
can take several hours and can be done while the server is running. It is
optional because it runs automatically at 2 AM. Type the following at the server
console:
load updall
Configuring clustered servers for the Place Catalog

Do not replicate the Place Catalog across Lotus QuickPlace servers in a cluster. The
recommended Place Catalog configuration is a dedicated Place Catalog server that
is outside the Lotus QuickPlace cluster. To provide Place Catalog failover, create a
separate cluster of Place Catalogs using the ″hot spare″ clustering solution that
uses a primary server and a secondary server for failover. Load balancing is not
supported for Place Catalogs in a cluster. For instructions on setting up the Place
Catalog, see the chapter ″Setting Up the Place Catalog.″
To ensure that the Place Catalog works properly for Lotus QuickPlace servers in a
cluster, you must configure the Lotus QuickPlace server’s qpconfig.xml file with
details of the cluster environment. All Lotus QuickPlace servers in a cluster should
use the same qpconfig.xml settings.
If the Lotus QuickPlace server is part of a cluster, copy the following XML content
from qpconfig_sample.xml to your qpconfig.xml file. Replace the sample values in
bold with your own values.
<?xml version="1.0" standalone="yes"?>
<server_settings>
<cluster>
<master virtual="true" ssl="false">
<port>80</port>
<hostname>servername.enterprise.com</hostname>
<path_prefix><path_prefix />
</master>
</cluster>
</server_settings>
The following table describes the values you specify for the cluster setting.
virtual=″value″ The master server in a cluster acts as a user’s
entry point to places on other servers in the
cluster.
If you use the failover to a ″hot-spare″

clustering solution in which the master server
is a physical Lotus QuickPlace server, specify
virtual=″false.″
If you use the load balancing clustering

solution, in which the master server is an IP
sprayer such as IBM Network Dispatcher that
acts as a ″virtual″ server, specify
virtual=″true.″
ssl=″value″ If SSL is enabled on the master server, specify
ssl=″true,″ otherwise specify ssl=″false.″

<port>number</port> Specify the TCP port used to access Lotus
QuickPlace requests by browsers, depending
on whether SSL is enabled on the master
server. The default port is 80 for non-SSL
connections and 443 for SSL connections.
<hostname>name</hostname> Specify the DNS hostname of the master
server (for example, tw.acme.com).
<path_prefix>″ prefix″</path_prefix> If the Place Catalog (PlaceCatalog.nsf) is
located in a subdirectory of the Domino data
directory, type the subdirectory as the
path_prefix. This information is used to
create URLs to the master server. For
example, on Windows, if you put the Place
Catalog in the directory
C:\domino\data\catalog, type ″catalog″ as
the path_prefix value. Or if you put the Place
Catalog in the directory
C:\domino\data\other\catalog, type
″other\catalog″.
Place Catalog entries and clusters

There are two Lotus QuickPlace server cluster environment alternatives for storing
Lotus QuickPlace server cluster data in the Place Catalog.
v If the Lotus QuickPlace cluster does not have a virtual server, data is maintained
in separate entries in the Place Catalog for each physical server, and for each
place on a physical server.
v If the Lotus QuickPlace cluster has a virtual server, each physical server and
place has an entry. But there is also an entry for the virtual server that represents
the combination of all physical servers. And there is an entry for each place in
the cluster that represents all the replicas of the place in the cluster.
When the cluster has a virtual server, real-time updates to the Place Catalog (such
as place creation, locking of a place, and place membership changes) are made in
the place entries corresponding to the virtual server. The non-real time updates
(such as place size, time last accessed, and time last modified) are made to the
place entries corresponding to the physical servers in the cluster. This information
allows the administrator to know the differences in access and size for the places
in each of the physical servers in the cluster.
The QPTool placecatalog command with the -update flag synchronizes the place
entries that correspond to the physical servers, and the place entries that
correspond to the virtual server.
For more information on the placecatalog command, see the chapter ″Using
QPTool Commands.″
To set up a virtual server for a Lotus QuickPlace cluster, you must configure a
network dispatcher, such as IBM Network Dispatcher. Then you must configure
the proper settings in the qpconfig.xml file on each server in the cluster. For
information on setting up a network dispatcher, see your server documentation.

Removing a Lotus QuickPlace server from a cluster
When you remove a Lotus QuickPlace server from a cluster, some places and
rooms created and deleted on the server to be removed may not have propagated
around the cluster. You must ensure that all the changes are propagated correctly
before you stop the server; otherwise data may be lost.
To remove a Lotus QuickPlace server from a cluster:

1. Shut down the HTTP task. Type the following in the server console:
tell http quit
2. Run the replicamaker command with one of the other servers in the cluster.
Type the following at the server console:
load qptool replicamaker -a -s <remote server name>
where <remote server name> is the Domino server name, for example,
qp1/Acme.
For more information on the replicamaker command, see the chapter ″Using
QPTool Commands.″
3. Wait for replicamaker to finish running successfully.
4. Replicate all the data and initialize all replica subs on the local and remote
systems using the Domino Replicator. Type the following in the server console:
replicate <remote server name>, where <remote server name> is the domino server
name, for example, qp1/Company.
5. Wait for the Domino Replicator to finish.
6. Run qptool remove -cleanup to remove any places that have been marked for
deletion.
Note: Run the Domino command dbcache flush at the server console before
running the remove command to remove from the database cache any
databases that are marked for deletion.
For more information on the remove command, see the chapter ″Using QPTool
Commands.″
7. Shut down the server.

Chapter 6 Setting Up Security
This chapter describes the following topics related to Lotus QuickPlace security:
v Lotus QuickPlace authentication
v Setting up single sign-on authentication
v Modifying user cache settings
v Controlling access to the server
v Using expanded membership
v Blocking specific protocols referenced in link URLs
v Blocking HTML attachments that contain cross-site scripts
v Configure browser caching for tighter security
Lotus QuickPlace authentication

If Lotus Quickplace manages lookups to the user directory, Lotus QuickPlace
supports only the following types of authentication for Web browsers connecting to
a Lotus QuickPlace server:
v Basic name-and-password authentication
v Multi-server session-based name-and-password authentication (single sign-on)
Basic authentication is implemented by default. You can enable single sign-on

authentication, so that Web users can sign in to a server once and then
automatically access any other server in the DNS domain enabled for single
sign-on.
If Domino manages lookups to the user directory, you can authenticate Lotus
QuickPlace users using any type of client authentication that is set up on the
Domino server, for example, X.509 certificate authentication. For more information,
see the Security section of Domino Administrator Help.
Note: To use SSL to encrypt the data transferred between Web browsers and a
Lotus QuickPlace server, enable SSL on the Domino Web server. For more
information, see Domino Administrator Help.
Lotus QuickPlace supports custom authentication applications through the Domino

Server API (DSAPI). This interface allows some third-party vendors to design a
DLL to support authentication for access to Lotus QuickPlace databases.
Single sign-on authentication

Enable multi-server session-based authentication (single sign-on) so that Web users
can sign in once to a Lotus QuickPlace server and automatically access any other
Lotus QuickPlace servers in the DNS domain that are enabled for single sign-on.
Keep the following points in mind about single sign-on authentication:

v Lotus QuickPlace does not support single-server session-based authentication,
but setting up single sign-on authentication on a single server achieves a similar
result.
v URLs issued to servers configured for single sign-on must specify the full DNS
server name, not the host name or IP address. For browsers to be able to send

cookies to a group of servers, the DNS domain must be included in the cookie,
and the DNS domain in the cookie must match the server URL. This is why
cookies cannot be used across TCP/IP domains.
v Clustered servers must have the full DNS server name in the host name field of
the Web Site or Server document so that the Internet Cluster Manager (ICM) can
redirect to cluster members using SSO. If the DNS server hostname is not there,
ICM redirects URLs to clustered Web servers with only the TCP/IP host name,
by default, and cannot send the cookie because the DNS domain is not included
in the URL.
To set up single sign-on authentication:

1. Create or edit a Web SSO Configuration document for the domain.
2. Complete single sign-on setup by modifying the notes.ini file, enabling
multi-server session authentication, and adding a mapping form to the Domino
Web Server Configuration database.
Follow these steps regardless of whether Lotus QuickPlace or Domino manages

user directory lookups.
Creating or editing a Web SSO Configuration document

The Web SSO configuration document is a domain-wide configuration document
stored in the Domino Directory. This document, which should be replicated to all
servers participating in the single sign-on domain, is encrypted for participating
servers and administrators, and contains a shared secret key used by servers for
authenticating user credentials.
To set up multi-server single sign-on for a Lotus QuickPlace server, first create a
Web SSO Configuration document, if there isn’t one already. If there is already a
Web SSO Configuration document, add the Domino server names of the Lotus
QuickPlace servers to the document.
To create a Web SSO configuration document

1. Open the Domino Directory (names.nsf) of a Lotus QuickPlace server in the
domain.
2. Select the Configuration - Servers - All Server Documents view.
3. Click Web and then select Create Web SSO Configuration.
4. Click Keys at the top of the Web SSO Configuration document.
5. To Initialize the Web SSO Configuration with a Domino shared secret key, select
″Create Domino SSO Key.″ Or, to import an IBM WebSphere® LTPA key, do the
following steps:
a. Select ″Import WebSphere LTPA Keys.″
b. Enter the path to the WebSphere LTPA export file (see WebSphere
documentation for details about generating ltpatoken keys).
c. Enter the password (specified when generating the keys in WebSphere). The
document is updated to reflect the information in the export file.
6. Complete the rest of the document as follows:
Field Action
Configuration Name Accept the default entry, LtpaToken.
Organization Leave this field blank so the document appears in the Web
Configurations view.

Field Action
DNS Domain (Required) Enter the DNS domain (for example, acme.com) for
which the tokens will be generated. The servers enabled for
single sign-on must all belong to the same DNS domain.
Domino Server Names Enter the names of the Domino servers to participate in single
sign-on; for example, server1/acme, server2/acme. This
document is encrypted so that only you, the members of the
Owners and Administrators fields, and the servers specified
have access to it.
Note: Enter only Domino server names in this field; group
names, wild cards, and WebSphere server names are not
allowed.
Expiration (minutes) Specify the time period, in minutes, after which the token will
expire. The default is 30 minutes.
Idle Session Timeout Select Enabled and enter a Minimum Timeout value, in
minutes, to indicate the number of minutes of inactivity after
which the token will expire.
7. Click Save & Close to save the Web SSO Configuration document in the Web -
Web Configurations view. A message on the status bar indicates the number of
servers or people for whom the document is encrypted.
If you receive messages on the client indicating that a particular key was not
found for encrypting the document, you might have to change your client’s
location document to point to a different mail or directory server that has all
the public keys included in Server and Person documents.
8. Follow the steps in the topic, ″Completing single sign-on setup.″
To add names of Lotus QuickPlace servers to an existing Web

SSO Configuration document
A Web SSO Configuration document may already exist for the domain. This might
be the case, for example, if a Sametime server is also installed in the domain. In
this case, follow these steps to add the Domino names of the Lotus QuickPlace
servers to the existing Web SSO Configuration document.
1. Open the Domino Directory (names.nsf) of a Lotus QuickPlace server in the
domain.
2. Select the Web - Web Configurations view.
3. Open the Web SSO Configuration document in edit mode.
4. In the ″Domino Server Names″ field, add the Domino server name of each
Lotus QuickPlace server in the domain that will participate in single sign-on;
for example, server1/acme, server2/acme.
5. Close and save the document.
6. Follow the steps in the next topic, ″Completing single sign-on setup.″
Completing single sign-on setup

After you have created the Web SSO Configuration document for the domain,
follow these steps to complete single sign-on setup for Lotus QuickPlace servers.
1. Add the following setting to the notes.ini file of each Lotus QuickPlace server
that you will enable for single sign-on to prevent anonymous access to files in
the html directory:
NoWebFileSystemACLs=1
2. Enable multi-server session-based authentication in the Server document for
each Lotus QuickPlace server that you want to enable for single-sign on:
Chapter 6 Setting Up Security 67

a. Open the Domino Directory (names.nsf) on the server.
b. Select the view Configuration - Servers - All Server Documents.
c.Select the Server document for the server and click Edit Server.
d. Click Ports - Internet Ports - Web, and enable Name-and-password
authentication for the Web (HTTP or HTTPS) port.
e. Click the Internet Protocols - Domino Web Engine tab.
f. Next to Session authentication, select Multiple Servers (SSO).
g. Next to Web SSO Configuration, select LtpaToken.
h. Click Save & Close.
3. Create the Domino Web Server Configuration database (domcfg.nsf) if it does
not exist:
a. From a Notes client, choose File - Database - New.
b. Next to Server at the top of the dialog box, select the server that runs Lotus
QuickPlace.
c. Next to Title, type a descriptive title, for example, Web Server
Configuration.
d. Next to File name, type domcfg.nsf. You must use this file name.
e. Next to Server in the middle of the dialog box, select any server.
f. Click ″Show advanced templates.″
g. Next to Template, select ″Domino Web Server Configuration (6)″
(domcfg5.ntf).
h. Click OK.
4. Create a mapping form in the Domino Web Server Configuration database to
enable single-sign on to work with Lotus QuickPlace:
a. Open the Web Server Configuration database (domcfg.nsf).
b. Click Add Mapping.
c. Next to Applies To, select ″All Web Sites/Entire Server″ (default) or
″Specific Web Site/Virtual Server. If you select ″Specific Web Site/Virtual
Server,″ a new field displays in which you specify the IP addresses of the
Web Site documents or Virtual Servers.
d. Next to ″Target Database,″ type quickplace/resources.nsf, replacing the
default entry.
e. Next to ″Target Form,″ type QuickPlaceLoginForm.
f. Click Save & Close.
g. Replicate the database to all the Lotus QuickPlace servers that will use
single sign-on.
5. After the Domino Web Server Configuration database has replicated, at the
server console of each server, enter the following command to stop and restart
the server:
restart server
The message ″QuickPlace: Successfully loaded Web SSO Configuration″
confirms single sign-on setup.
Modifying user cache settings

After a Lotus QuickPlace server successfully authenticates a user, it adds the user’s
name, password, and the groups of which the user is a member to its user cache.
The next time the user attempts to authenticate, the server can quickly access the
information in the cache to speed up authentication.

Specifying the number of user entries allowed in the cache
To specify the maximum number of user entries allowed in the cache, use the
following NOTES.INI setting:
QuickPlaceMaxCachedUsers=number
where number is a number of user entries.
When the cache reaches the specified number, older entries are removed to make
room for new ones that are needed. By default, 64 user entries are allowed in the
cache.
Specifying the length of time user entries remain in the cache

To specify the length of time user entries remain in the cache before the server
removes them, use the following notes.ini setting:
QuickPlaceExpireCachedUsers=interval
where interval is the length of time in seconds. By default, the interval is 120
seconds.
Controlling access to the server

As an administrator of a Lotus QuickPlace server, you can do these access control
tasks:
v Specify other users as administrators of the Lotus QuickPlace server.
v Change the password you use when you sign in as a local administrator of the
Lotus QuickPlace server.
v Specify who can create places on a Lotus QuickPlace server.
v Give an external user or group super user access to the Lotus QuickPlace server.
Specifying administrators of a Lotus QuickPlace server

You specify an administrator for a Lotus QuickPlace server when you set up the
server. You can specify additional local users, external users, or external groups as
administrators of a Lotus QuickPlace server. An administrator can do the following
tasks:
v Configure Security settings in the Server Settings room to control who can
administer the server and who can create places.
v Configure User Directory settings in the Server Settings room to set up server
connections to a user directory.
v Configure Other Options in the Server Settings room to configure a variety of
other server options.
v Create and delete places and PlaceTypes on the server.
Specifying local users as administrators

To specify a local user as an administrator:
3. Click Security in the table of contents.
4. If the Lotus QuickPlace server is not connected to a user directory, do the
following:

a. Under ″Who can administer this server,″ click Add.
b. Specify the user name, password, and e-mail address for the administrator.
c. Click Next.
5. If the Lotus QuickPlace server is connected to a user directory, do the
following:
a. Under ″Who can administer this server,″ click Add.
b. Click ″Create new users specially for access to this QuickPlace server.″
c. Type the user name.
d. Click Next.
e. Specify the password and e-mail address.
f. Click Next.
Modifying a local administrator’s information: To modify a local administrator’s

information:
4. Under ″Who can administer this server?″ select the user to modify.
5. Click Modify.
6. Specify a different user name, password, and/or e-mail address.
7. Click Next.
Removing a local administrator from the list of administrators: To remove a

local administrator from the list of administrators, do the following:
4. Under ″Who can administer this server?″ click Remove.
5. Select the name to remove.
6. Click Next.
Specifying external users and groups as administrators

If the Lotus QuickPlace server is connected to a user directory, do the following to
specify an external user or group as an administrator:
4. In the ″Who can administer this server?″ section, click Add.
5. Select ″Add existing network users from the directory.″
6. Type the name of the external user or group. Or do the following to search the
directory for the name:
a. Click Directory.
b. Search for the name.
c. If the results of the search span multiple pages, use the arrow boxes above
the name list to view the next or previous page of results.
d. Check the box next to the name you want to add.
e. Click Add.
f. Click Close.

7. Click Next to add the name to the list of users who can administer the server.
Removing an external user or group from the list of administrators: To remove

an external user or group from the list of administrators:
4. Under ″Who can administer this server?″ click Remove.
6. Click Next to remove the name.
Changing a local administrator password

To change your password if you are an administrator registered in a user directory,
change the password in the a user directory. If you are a local administrator,
perform the following steps to change your password:
1. In the Address or Location box in your browser, enter the address of the Lotus
QuickPlace server.
2. Click SignIn in the left corner of the screen.
3. Enter your local administrator user name and password.
4. Click Change Password.
5. Enter your current password.
6. Enter your new password, and then re-enter it.
7. Click Next.
8. Sign in again and enter the new password.
Specifying who can create places on a server

As administrator, you can decide who can create places on the Lotus QuickPlace
server. You can grant this access to specific local users and to specific external
users and groups. Or you can allow all users who have access to the server to
create places on it. A super user can always create places.
Specifying local users who can create places

To give a local user the access to create places on a Lotus QuickPlace server:
4. Under ″Who can create new places on this server?″ select ″Only specific users
(or groups) who provide a name and password.″
5. If the Lotus QuickPlace server is not connected to a user directory, do the
following:
a. Click Add.
b. Specify the user’s name, password, and (optionally) e-mail address.
c. Click Next to add the local user name to the list of users that can create
places.
6. If the Lotus QuickPlace server is connected to a user directory, do the
following:
a. Click Add.
b. Click ″Create new users specially for access to this QuickPlace server.″
c. Type the user name.

d. Click Next.
e. Specify the password and (optionally) e-mail address.
f. Click Next.
Modifying the information of a local user who can create places: To modify
information for a local user who can create places, do the following:
4. Under ″Who can create new places on this server?″ select ″Only specific users
(or groups) who provide a name and password.″
5. Select the local user whose information you want to modify.
6. Click Modify.
7. Change the user’s name, password, and (optionally) e-mail address as desired.
8. Click Next.
Removing a local user from the list of users who can create places: To remove a
local user from the list of users who can create places, do the following:
4. Under ″Who can create new places on this server?″ click Remove.
5. Select the local user name to remove.
6. Click Next.
Specifying external users who can create places

If the Lotus QuickPlace server is connected to a user directory, do the following to
specify which external users and groups from the directory can create places on
the Lotus QuickPlace server:
4. In the ″Who can create new places on this server?″ section, click Add.
5. Select ″Add existing network users from the directory.″
6. Type the name of the user or group from the directory. Or do the following to
search for the name in the directory:
a. Click Directory.
b. Search for the name.
c. If the results of the search span multiple pages, use the arrow boxes above
the name list to view the next or previous page of results.
d. Check the box next to the name you want to add.
e. Click Add. The name appears in the name list on the ″Server Security: Add
Access″ page.
f. Click Close.
7. Click Next to add the name to the list of users who can create places.
Removing the name of an external user from the list of users who can create
places: To remove the name of an external user or group from the list of users
who can create places:

4. Below ″Who can create new places on this server?″ click Remove.
6. Click Next to remove the user from the list.
Allowing all users who have access to the server to create

places
To allow any user who can access a Lotus QuickPlace server to create places on it:
4. Under ″Who can create new places on this server?,″ select ″Anyone who can
connect to the server.″
Specifying super user access to a Lotus QuickPlace server

Users granted super user access can create places and can enter every place and
every room as managers. Members of places are unaware of super users. A user
with super user access can also use the Server Settings room in the administration
place to administer the server.
By default no super user is defined. You can give super user access to a user or
group in a user directory but not to a local user or group.
Note: Offline functionality is not supported for a super user.
Specifying who has super user access from a browser

To specify who has super user access when accessing the server from a browser,
use the super_user section of the qpconfig.xml file. You can specify only one name
as a super user, either a user name or a group name.
For information on creating and using the qpconfig.xml file, see the chapter ″Lotus
To configure a super user, specify the super_user setting as follows:

<server_settings>
<super_user enabled="true">
<dn>name</dn>
</super_user>
</server_settings>
where name is the distinguished name of a user or group in the external user
directory. The distinguished name must appear exactly as it does in the external
directory. For example, if there are spaces after the component delimiters, there
must be spaces in the super user entry as well.
To disable super user access from a browser, remove or comment out the
super_user setting in qpconfig.xml.
Specifying who has super user access from a Notes client

To specify who has super user access when accessing the server from a Notes
client, do the following:

1. Create a group called QuickPlaceAdministratorsSUGroup in the Domino
Directory used by the Notes client.
2. Add as members the names to which you want to grant super user access.
You can specify two different names for super user access, one name for access
from the browser set in qpconfig.xml, and another name for access from a Notes
user specified using the QuickPlaceAdministratorsSUGroup.
If you want to give the same user or users super user access through the browser
and Notes, and the Notes client Domino Directory is also the Lotus QuickPlace
user directory, you can use the QuickPlaceAdministratorsSUGroup to manage both
types of super user access. Create the QuickPlaceAdministratorsSUGroup as
described above, and also specify cn=QuickPlaceAdministratorsSUGroup as the
distinguished name for the super_user setting.
Super user access combined with explicit membership

If a user is a super user as well as an explicit member of a place, the access level
the user has to the place depends on whether the place uses standard membership
or expanded membership. If the place uses standard membership, the user gets the
access assigned through the explicit membership. If the place uses expanded
membership, the user gets super user access to the place.
For example, if a user with super user access is also a member of a place with
Reader access and the place uses standard membership, the user has Reader access
to the place. However, if the place uses expanded membership, the user has super
user access to the place.
Expanded membership
Lotus QuickPlace by default lists the names of place members in the database
access control lists (ACLs) of the rooms in a place. The combined names in an ACL
cannot exceed 32K in size, which limits a place to approximately 300 to 900
members, depending on the length of the members’ distinguished names.
Expanded membership removes this limitation by generating groups in an LDAP
directory to store the names of individual members, and then uses these groups,
rather than the individual user names, in room ACLs. Currently expanded
membership is certified for a maximum of 4000 external user members in a place.
Expanded membership pertains to individual external user place members and not
to local or to external group place members.
Expanded membership groups

When a place uses expanded membership, Lotus QuickPlace creates room-specific
access control groups in an LDAP directory. The LDAP directory can be one that
Lotus QuickPlace uses generally, or a different directory. Expanded membership
requires configuration of an LDAP directory through Lotus QuickPlace rather than
through Domino.
Lotus QuickPlace creates the following groups in this LDAP directory for the main
room (Main.nsf) of a place and adds them to the main room database ACL:
cn=h_Managers,ou=placename,base_dn
cn=h_Editors,ou=placename,base_dn

cn=h_Authors,ou=placename,base_dn
cn=h_Readers,ou=placename,base_dn
where
placename is the name of the place.
base_dn is a base distinguished name for the expanded membership groups that is
configured through the qpconfig.xml file.
When an external user member is added to the place, Lotus QuickPlace adds the
user’s name to one of these groups, according to the access assigned to the user.
For example, Lotus QuickPlace adds an external user member with Reader access
to the place’s ″cn=h_Readers....″ group.
If someone creates a subroom, Lotus QuickPlace creates the following groups in

the directory, and adds the groups to the subroom ACL:
cn=h_Managers,ou=uniquenumber,ou=placename,base_dn
cn=h_Editors,ou=uniquenumber,ou=placename,base_dn
cn=h_Authors,ou=uniquenumber,ou=placename,base_dn
cn=h_Readers,ou=uniquenumber,ou=placename,base_dn
where
uniquenumber is the unique number XXXXXXXX in the room name

″PageLibraryXXXXXXXX.nsf″ that identifies the room.
placename is the name of the place that contains the room.
base_dn is the base distinguished name configured for the expanded membership
groups.
Removing an external user member from a place removes the user’s name from the
expanded membership groups associated with the place. Removing an external
user member from a subroom, removes the user’s name from the appropriate
Lotus QuickPlace group associated with the subroom. Removing a place or a
subroom removes the expanded membership groups associated with the place or
subroom.
Examples of expanded membership groups

Suppose a place named salestrends uses expanded membership and the base
distinguished name specified in the qpconfig.xml file for the expanded
membership groups is ou=groups,o=teamworkplace. If someone adds an external
user member to salestrends with Author access, Lotus QuickPlace adds the user’s
name to a group created in the LDAP directory called
cn=h_Authors,ou=salestrends,ou=groups,o=teamworkplace. The group is included
in salestrends’ Main.nsf room ACL.
Suppose someone creates a subroom named PageLibrary85256CD200797D7B.nsf

within salestrends and adds an external user member to the subroom with Reader

access. Then Lotus QuickPlace adds the user’s name to a group generated in the
LDAP directory called
cn=h_Readers,ou=85256CD200797D7B,ou=salestrends,ou=groups,o=teamworkplace.
The group is included in the subroom ACL.
Access control in places that use expanded membership

Expanded membership uses group names in room ACLs rather than individual
user names to control the access of individual external user members. As a result,
the access given to an individual external user member no longer takes precedence
over the access assigned to groups the user belongs to, or over super user access.
The access control behavior for expanded membership differs from standard
membership in the following ways:
v With expanded membership, an external user who is an explicit member of a
place and who is also a super user has super user access to the place. With
standard membership, the external user has the access the place assigns the user,
not the super user access.
v With expanded membership, if an external user is an explicit member of a place
(through a Lotus QuickPlace group) and also belongs to another group that is a
member of the place, the user’s access is the higher access of the two groups.
With standard membership, the user has the access assigned to the individual
user member.
User interface differences in places that use expanded

membership
If you enable expanded membership for a place, users see the following changes:
v Adding Members. When users add members, they are no longer presented with
a list of members with check boxes next to the member names. Instead, they
click a Members button to display a Select Members dialog box from which they
can search for the members to add.
v Creating PlaceBots. To create PlaceBots in a place, users must add a local user
as a manager by selecting ″Create new users specially for this place″ in the Add
Managers scene and then sign in as that manager.
v Publishing Pages. When users publish pages, the ″Notify all members″ option is
not available.
v Creating PlaceTypes. Users cannot create a PlaceType from a place that uses
expanded membership.
Important points about expanded membership

Keep these points in mind when using expanded membership:
v After you have set up places to use expanded membership, you cannot revert
the places to standard membership.
v Expanded membership is supported only when Lotus QuickPlace manages
lookups to the LDAP directory, and not when Domino manages lookups.
v You can use expanded membership only if the server is configured to connect to
an LDAP directory through Lotus QuickPlace rather than through Domino.
v Do not disable expanded membership on the server if there are places that use
it.
v If the directory server used for the expanded membership groups is also the
Lotus QuickPlace user directory, specify a base distinguished name for the
expanded membership groups that is outside the scope of the base distinguished
name that Lotus QuickPlace uses for group lookups generally.

v Administrators should not modify the expanded membership groups.
v The LDAP directory that stores the expanded membership groups must allow
write access.
v The user name and password that Lotus QuickPlace uses to manage the
expanded membership groups (configured through Server Settings - User
Directory) must have write access to the base distinguished name configured for
the groups.
v Expanded membership is certified for 4000 external user members in a place.
v LDAP directory servers can limit the number of members allowed in groups.
v Places that use expanded membership cannot be used to create PlaceTypes.
Setting up expanded membership

Complete these steps to set up expanded membership:
1. Enable expanded membership on the server.
2. Configure the user name and password to use for connecting to the LDAP
server that will store the expanded membership groups.
3. Enable places to use expanded membership.
Enabling expanded membership on the server

To enable expanded membership, use the expanded_membership_model settings in
qpconfig.xml. The following sample setting values in bold are ones that you
should customize to suit your needs.
<server_settings>
<expanded_membership_model enabled="true">
<ldap_server ssl="false">
<port>389</port>
<hostname>twgroups.acme.com</hostname>
<base_dn>ou=teamworkplace,o=twgroups</base_dn>
</ldap_server>
</expanded_membership_model>
</server settings>
After you have modified and save the qpconfig.xml file, restart the HTTP task on
the server.
expanded_membership_model setting
To enable expanded membership, specify enabled= ″true.″ Note that after places
are set up to use expanded membership you cannot revert them to the standard
membership model.
To disable expanded membership specify ″false,″ or remove the

expanded_membership_model section from the qpconfig.xml file. However, don’t
disable expanded membership if there are any places that use it.
ldap_server - ssl setting

Specify ″true″ to use SSL encryption when connecting to an LDAP directory server
that will store the expanded membership groups. Otherwise, specify ″false.″

ldap_server - port setting
Specify the port number used by the LDAP directory server that will store the
expanded membership groups. Typically an LDAP server uses port 389 for
unencrypted connections and port 636 for SSL connections.
ldap_server - hostname setting

Specify the host name of the LDAP directory server that will store the expanded
membership groups. The host name can be an LDAP server that Lotus QuickPlace
already uses, or a different one. You must specify a host name, regardless. The
directory must allow write access.
ldap_server - base_dn setting

Specify the base distinguished name (directory node) under which Lotus
QuickPlace will create the groups. The base distinguished name must already exist
in the directory -- Lotus QuickPlace cannot create it. The components of the base
distinguished name do not have to be o and ou.
Note: Do not use ″ou=qp″ as part of the base distinguished name because qp is a
reserved organizational unit in Lotus QuickPlace.
If the directory server that stores the expanded membership groups is the same
one that Lotus QuickPlace uses for other purposes, specify a base distinguished
name for the expanded membership groups that is outside the base specified on
the server for group lookups generally. For example, if the base distinguished
names specified for group lookups generally is ou=groups,o=acme, use a different
base for the expanded membership groups, for example
ou=teamworkplace,o=twgroups or ou=twgroups,o=acme. Using separate base
distinguished names for the two types of groups optimizes performance by
preventing unnecessary searches of all the expanded membership groups during
the process of user authentication.
Configuring the name and password to use for connecting to

the LDAP server that stores the expanded membership groups
If the directory allows anonymous write access to the base distinguished name (not
a typical configuration), this step is unnecessary.
After you’ve enabled expanded membership through the qpconfig.xml file,

configure a user name and password for the Lotus QuickPlace server to provide
when connecting to the directory server that stores the expanded membership
groups. The name and password must correspond to a valid user record in the
directory, and the name must have write access to the base distinguished name in
the directory used for the expanded membership groups.
Perform the following steps to configure the name and password when you
connect to a user directory through Lotus QuickPlace. If you connect to a user
directory through Domino, configure the name and password in a Directory
Assistance document for the LDAP directory instead.
1. Sign in to the Quickplace/quickplace on the server as an administrator.
3. Click User Directory in the table of contents.
5. Under Expanded Membership Model:
v Enter the user name in distinguished name format (for example,
cn=qpadmin,o=acme)

v Enter the password for the name.
6. Click Next.
Note: You see the Expanded Membership Model option only if you’ve enabled
expanded membership on the server through the qpconfig.xml file, and if
you’ve selected LDAP for the Lotus QuickPlace user directory in the Lotus
QuickPlace Server Settings room.
Enabling expanded membership in places

You must enable expanded membership explicitly in the places that you want to
use it. To enable expanded membership in a place or places, use the QPTool
membershipmodel command. To enable expanded membership in one, two, or a
few places, use the following command:
load qptool membershipmodel -toexpanded -p place(s)
where place(s) is the name of a place or places to convert. Separate places with a
space.
To enable expanded membership in all places on a server, use the following

command:
load qptool membershipmodel -toexpanded -a
If there are replicas of a place, run the command on one replica only.
For more information on the QPTool membershipmodel command, see the chapter
″Using QPTool Commands.″
Note: After you’ve set up places to use expanded membership, you cannot revert
them to standard membership.
Changing the directory server or base distinguished name

used for the expanded membership groups
After setting up expanded membership, follow these steps if you want to change
the directory server or the base distinguished name used for the expanded
membership groups.
You must follow these steps in the exact order given.

1. Use the following QPTool command to remove all of the existing expanded
membership groups from the directory server that currently stores them:
load qptool membershipmodel -rmgroups -a
2. Change the host name or base distinguished name specified in the expanded
membership model section of the qpconfig.xml file. You can change one or both
settings.
v To change the directory server in which to store the expanded membership
groups, change the hostname setting, and optionally the ssl and port setting.
v To change the base distinguished name under which to store the expanded
membership groups, change the base _dn setting. Make sure the new
base_dn value exists on the directory server.
3. Quit and then reload the HTTP task on the server.
4. If the user name and password the Lotus QuickPlace server will use to manage
the groups at the new LDAP directory location are not the ones currently
configured, configure the correct user name and password.

For instructions, see the topic ″Configuring the name and password to use for
connecting to the LDAP server that stores the expanded membership groups″
earlier in chapter.
Make sure the name you specify has write access to the base distinguished
name used for the expanded membership groups.
5. If you changed the base_dn setting, use the following QPTool command to
update the names of the groups in the place ACLs of all the places that use
expanded membership:
load qptool membershipmodel -basedn -a
Skip this step if you changed only the directory server and not the base
distinguished name.
6. Use the following QPTool command to generate the groups at the new
directory location for each place that uses expanded membership:
load qptool membershipmodel -addgroups -a
Using expanded membership logging

By default, Lotus QuickPlace logs errors related to the use of expanded
membership to the server console and Notes log. To help troubleshoot a problem
related to expanded membership, use the notes.ini setting
QuickPlaceMembershipModelLogging to increase the level of logging. Specify
QuickPlaceMembershipModelLogging=1 to log slightly more detail than the
default logging level, or specify QuickPlaceMembershipModelLogging=2 to do
verbose logging. Because higher logging levels adversely affect server performance,
specify QuickPlaceMembershipModelLogging=0 or remove the setting to revert to
the default logging level when you are finished using these higher levels.
Blocking specific protocols referenced in link URLs

By default, Lotus QuickPlace publishes pages with links without considering the
protocols specified in the link URLs. For tighter security, use the setting
URLfield_protocol_filter in the <security> section of the qpconfig.xml file to
prevent Lotus QuickPlace from publishing pages with URL links that reference
specific protocols. The following table describes the attributes you can set.
enabled When set to ″true,″ prevents Lotus QuickPlace from publishing
pages with link URLs that reference protocols designated as
blocked.
allowed When enabled is set to ″true,″ specifies the protocols in URL
links to allow.
blocked When enabled is set to ″true,″ specifies the protocols in URL
links to block.
For example:
<server_settings>
<security>
<URLfield_protocol_filter enabled="true">
<allowed>"http:","https:"</allowed>
<blocked>"javascript:","View-source:",
"about:","file:","ftp:","news:",
"mailto:"</blocked>
</URLfield_protocol_filter>
</security>
</server_settings>

Blocking HTML attachments that contain cross-site scripts
By default, Lotus QuickPlace users can import into pages HTML files that contain
cross-site scripts. Cross-site scripts can run on other users’ browsers. For tighter
security, use the following setting in the qpconfig.xml file to prevent users from
attaching HTML files that contain cross-site scripts:
<server_settings>
<security>
<XSS_ImportHTML enabled="false"/>
</security>
</server_settings>
Configuring browser caching for tighter security

To control Lotus QuickPlace caching on browsers, complete either of the following
tasks:
v For additional security, configure the server to clear the Lotus QuickPlace files
from the browser cache on sign-out (Internet Explorer only)
v For additional security, configure the server to prevent caching of Lotus
QuickPlace pages on browsers
Clearing Lotus QuickPlace files from the Internet Explorer

cache
As a security measure, configure the server to clear the Lotus QuickPlace files (files
from any URL that contains ″/quickplace/″) from the browser cache when users
click the Sign Out link from a place. This feature is supported for Internet Explorer
only.
To clear the browser cache when a user signs out, add the following setting to the
qpconfig.xml file, and then restart the HTTP task.
<server settings>
<authentication>
<sign_out enabled="true"/>
<clear_browser_cache enabled="true"/>
</sign_out>
</authentication>
</server settings>
The browser cache is cleared only if the Sign Out link is enabled, ActiveX controls
are enabled in Lotus QuickPlace, and ActiveX is enabled on the browser. Internet
Explorer enables ActiveX by default.
The Sign Out link is never available to anonymous users, and to users who access
places in accessibility mode on a server that is not enabled for single sign-on. The
Sign Out link is unavailable to all users if you configure the server to hide the Sign
Out link as described previously. If the Sign Out link is unavailable for any of
these reasons, you can configure the server to prevent caching of Lotus QuickPlace
pages on browsers.
Preventing caching of Lotus QuickPlace pages on browsers

Lotus QuickPlace caches pages on the browser by default. As a security measure,
add the following setting to the qpconfig.xml file to prevent Lotus QuickPlace from
caching pages that contain data. Restart the HTTP task when you are done making
the changes.

<server settings>
<browser_caches_place_content enabled="false">
</browser_caches_place_content>
</server settings>
Any Lotus QuickPlace pages containing data that users access after you have
added this setting are not cached. Pages that do not contain user data continue to
be cached for better performance. This feature is available for all supported
browsers.

Chapter 7 Completing Additional Server Configuration Tasks
This chapter describes the following Lotus QuickPlace server configuration tasks
not covered in other chapters:
v Using the Server Settings - Other Options room in the administration place
v Setting up the Search Places feature
v Customizing the My Places feature
v Customizing Web page caching
v Hiding the Sign In and Sign Out links
v Enabling image caching in environments that don’t use single sign-on
v Disabling page compression
v Displaying CGI variables in Lotus QuickPlace HTML source pages
v Customizing user notifications settings
v Specifying a footer that appears on all pages
v Enabling and disabling the UTF-8 Domino server setting
v Tracking the number of active Lotus QuickPlace users
Using the Server Settings - Other Options room in the administration

place
Use the Server Settings - Other Options room in the administration place on a
Lotus QuickPlace server to:
v Control whether members can use ActiveX controls and Java applets
v Control whether managers of places on a server can run agents (PlaceBots)
within the places they manage
v Restrict the size of file attachments members can add to pages
v Enable or disable Sametime services
v Enable or disable a Domino Offline Passthru Server
v Enable or disable an Alternate Offline Download URL
v Specify an e-mail URL prefix if users access the Lotus QuickPlace server through
a gateway server
v Control whether members can subscribe to receive e-mails integrated with their
calendars
To use the Server Settings - Other Options to configure the options described
above:
For example:
2. Click Sign In.
3. Enter a Lotus QuickPlace server administrator user name and password.
5. Click Other Options in the table of contents.
6. Click Edit Options.
7. Do any of the following:

v To enable ActiveX controls on the server, select Enable ActiveX. For more
information, see the next topic, ″ActiveX controls.″
v To enable Java applets on the server, select Enable Java Applets. When Java
applets are enabled, users who don’t use Internet Explorer can use rich text
controls (bold, italic, and so forth) when editing. Internet Explorer users do
not require this setting because Internet Explorer has embedded rich text
controls.
v To enable managers of places to use Domino agents -- known as PlaceBots in
Lotus QuickPlace -- in the places they manage, select Enable Form PlaceBots.
Managers can use PlaceBots to execute a Domino or Lotus QuickPlace task
automatically according to a schedule or trigger. For example, a manager
could use a scheduled PlaceBot to copy pages to a folder every morning.
Scheduled PlaceBots run under the Domino server’s ID, and PlaceBots on
forms that are triggered by page creation run under the Notes ID of the user
who created the form. For more information on PlaceBots see the Help. For
more information on agents, see Domino Designer Help.
v To restrict the size of the files members of places can attach to pages, under
Maximum Attachment Size, type the maximum size in K (Kilobtyes). To
allow attachment size to be restricted only by system limitations, for
example, Domino attachment size limits or available disk space, leave the
field blank. Attachment size restrictions don’t apply to attachments added to
a place installed offline.
v To enable Sametime services on a Lotus QuickPlace server, type the name of
the Sametime Community server and the Sametime Meeting server in the
boxes provided. To disable Sametime services, leave the boxes blank.
For complete information on setting up Sametime services on a Lotus
QuickPlace server, see the Lotus QuickPlace Installation and Upgrade Guide.
v To enable a passthru server that can be used when accessing Lotus
QuickPlace offline, type the canonical name of the server and the hostname
of the server in the boxes provided. To disable this feature, leave the boxes
blank.
v To specify a URL from an alternate source to download the Offline installer,
type the offline download URL in the box provided. To disable this feature,
leave the box blank.
For more information on setting up offline use, see the Lotus QuickPlace
Installation and Upgrade Guide.
v To specify an alternate e-mail URL prefix if the Lotus QuickPlace server is
accessed using a gateway server, type the URL prefix in the box provided.
v To enable members of places to subscribe to receive e-mails that are
integrated with their personal calendars, select Enable calendar subscriptions.
8. Click Next.
ActiveX controls
When you enable ActiveX controls in the Server Settings - Other Options room of
the administration place, users with ActiveX-enabled browsers have additional file
attachment and import features available to them. Internet Explorer is the browser
that typically is ActiveX-enabled. When ActiveX controls are disabled through the
Server Settings - Other Options room or are unsupported by browsers, users have
a more limited set of features available to them.
The following table describes the features available when ActiveX is enabled
compared to when it is disabled.

Feature ActiveX enabled ActiveX disabled
Drag-and-drop file import/export operations Yes No
File import operations done through file Yes Yes but limited to
attachment dialog box one file per
publishing cycle
Rendering of imported Microsoft Office files Yes No
(Word, Excel, PowerPoint)
Rendering of imported HTML, JPEG, and GIF Yes Yes
files
Drag-and-drop file attachment operations Yes No
File attachment operations done through the Yes Yes but limited to
attachment dialog box one attachment per
publishing cycle
Remove attachments from a page Yes Yes
Save attachments to the client file system Yes Yes
When opening attachments, load the Yes Yes
attachments within their applications
Do round-trip edits of imported files Yes No
For information on how to enable ActiveX controls, see the previous topic, ″Using
the Server Settings - Other Options room in the administration place.″
Setting up the Search Places feature

A manager of a place enables or disables advanced search within a place. Lotus
QuickPlace has two types of advanced search features: classic search and Search
Places. Classic search is based on Domino search site and allows users to search for
information within specific rooms or folders in a place or to search an entire place.
The Search Places feature is based on Domino Domain Search and allows users to
search all places they are a member of. Unlike classic search, Search Places requires
a Domain Catalog server (a server that has a Domain Catalog and that builds a
domain index), and all search requests are handled by a Lotus QuickPlace server
running on the Domain Catalog server.
For information on enabling advanced search for a place, see the Help.
Before you set up the Search Places feature, note the following points:
v The Search Places feature respects all access permissions on content, and so
users must retain a single identity to be able to search across places. To search
across places, authenticated users must be registered in a user directory. Local
users can search only within a place.
v If room access is controlled by a local group, even if the user has access through
the local group, Search Places won’t be able to find the document from the
room. Restrict room access using groups from an external user directory.
v If the Lotus QuickPlace service consists of more than two Lotus QuickPlace
servers, including the Domain Catalog server, to use the Search Places feature
you must configure multi-server session-based authentication (single sign-on).
For more information, see the chapter ″Setting Up Security.″
v To remove places when the Search Places feature is used, use the QPTool remove
command with the -cleanup argument rather than with the -now argument. The
Chapter 7 Completing Additional Server Configuration Tasks 85

QPTool remove command with -cleanup argument runs nightly and removes
places when place information in the search index is cleared.
For more information, see the chapter ″Using QP Tool Commands.″
v If you use Search Places, using only Lotus QuickPlace servers in a domain is the
recommended configuration. However if a domain does include Domino servers
that do not run Lotus QuickPlace along with Lotus QuickPlace servers, set up
one Domain Catalog server for the Lotus QuickPlace servers and one Domain
Catalog server for the Domino servers that do not run Lotus QuickPlace. Use
this configuration to keep the domain index for Lotus QuickPlace searches
separate from the one used for Notes searches of the domain.
v If you use Search Places on a server that is set up for Domino Off-Line Services,
and the server’s LDAP directory is not a Domino directory or is a Domino
directory in a different domain from the Domain Catalog server, use the notes.ini
setting QuickPlaceExtensionManagerAllowServers=1 on the offline server. This
setting gives the Domain Catalog server access to the Lotus QuickPlace server’s
databases. If you don’t use this setting, database authorization failures occur
during Domain Catalog indexing.
To set up the Search Places feature, complete these steps:

1. Install a Domino server on each computer that will be a Lotus QuickPlace
server.
For information, see Domino Administrator Help.
2. Configure Domain Search by doing the following steps:
a. In the Server document of the server that will index the Domain Catalog,
click the Server Tasks - Domain Catalog tab, and select Enabled in the
Domain Catalog field. This step starts the Catalog task and creates the
Domain Catalog. You run the Catalog task to keep the Database Catalog up
to date. You might do this on a schedule, for example, by including the task
in the notes.ini setting, ServerTasksAt1.
b. Optionally, for better performance, repeat Step 2a on any other Domino
servers in the domain so that each server creates and manages its portion of
the Domain Catalog. If you repeat Step 2a on each server, the Catalog task
on the Domain Catalog server can copy the Catalog entries from each server
into its Domain Catalog database. If you do not repeat Step 2a on each
server, the Domain Catalog server must create or update the entries for the
other servers itself by searching the databases on each server and building
the entries over the network.
c. After the Catalog task stops on the Domain Catalog server, in the Server
document of the Domain Catalog server, click Server Tasks - Domain
Indexer and click Enabled in the Schedule field to enable the Domain
Indexer task. Specify a schedule for running the Domain Indexer.
For more information on setting up Domino Domain Search, see the following
topics in Domino Administrator Help: ″Enabling Domain Search,″ ″The
Database Catalog,″ and ″The Domain Search Index.″
3. Install Lotus QuickPlace:
a. Install Lotus QuickPlace on any Domino server installed in Step 1 that is
not the Domain Catalog server.
b. Install Lotus QuickPlace on the Domino server that is the Domain Catalog
server.
4. Configure Search Places settings in the qpconfig.xml file.
For more information, see the next topic.

Configuring Search Places settings
Use the following settings in the qpconfig.xml file to configure Search Places
settings on each Lotus QuickPlace server. Values in bold are sample values that
you customize. After you configure settings, restart the HTTP task so that Lotus
QuickPlace recognizes the change.
<server_settings>
<search_places enabled="true" anonymous="true">
<domain_catalog_server ssl="false">
<port>80</port>
<domino_server_name>qpdcs/Haiku</domino_server_name>
<path_prefix></path_prefix>
<hostname>qpdcs.ibm.com</hostname>
</domain_catalog_server>
</search_places>
</server_settings>
The following table describes the search_places settings.
Setting Description
enabled When set to true (default):
v Enables users to see and use the All Places advanced search
option on the server.
v Allows users to use Search Places on the Domain Catalog
server.
When set to false:

v Hides the All Places advanced search option on the server.
v Returns an error when Search Places requests are made to the
Domain Catalog server.
anonymous When set to true allows anonymous users to search across
places.
When set to false (default) returns an error when anonymous

users issue Search Places requests to the Domain Catalog server.
If you allow anonymous users to search across places, and the

manager of a particular place does not want to expose the
contents of the place to anonymous users through the Search
Places feature, the manager should make sure that anonymous
access to the place is disabled, and limit the place membership
to specified users and groups in the directory.
If you allow anonymous access, make sure that anonymous

users have the same access as the -Default- access in the ACL
for CATALOG.NSF on the Domain Catalog server.
SSL* When set to true defines that SSL generates the URL for the
domain catalog server (HTTPS). When set to false (default)
defines that HTTP generates the URL.
port* Defines the port used in the URL for the Domain Catalog server.
path_prefix* Defines a path prefix for the URL for the Domain Catalog
server.
hostname* Specifies the hostname of the Domain Catalog server.

Setting Description
domino_server_name* Specifies the Domino server name of the Domain Catalog server
for example, ServerCatalog/Acme. Before removing places from
this server, the server does a lookup to the Domain Catalog
server to verify if the search index is cleared.
*Use these settings on any Lotus QuickPlace server that is not the Domain Catalog
server. Do not use them on the Domain Catalog server.
Customizing the My Places feature

External users use the My Places feature to see a list of links to all the places of
which they are members. When a user signs into a place, the current page displays
the My Places list. You can customize the My Places feature in the following ways:
v Open places in a new browser window
v Use a custom application for My Places
v Add parameters to the My Places URL
Opening places in a new browser window

When a user clicks a place link in the My Places list, by default Lotus QuickPlace
opens the place in the current browser window. Use the following setting in the
qpconfig.xml file to open a place accessed through My Places in a new browser
window instead:
<server_settings>
<my_places>
<place_links open_new_window="true"/>
</my_places>
</server_settings>
Using a custom application for My Places

Use the place_ui setting in the qpconfig.xml file to specify a URL to call a custom
portal application for displaying My Places. For example, specify the following in
the qpconfig.xml file:
<server_settings>
<my_places>
<place_ui enabled="true">
<url>https://portal.abc.com/myplaces</url>
</place_ui>
</my_places>
</server_settings>
Adding parameters to the My Places URL

You can specify settings for a one-time use of My Places by appending one or
more parameters to the Lotus QuickPlace server’s My Places URL. The My Places
URL for a Lotus QuickPlace server is
http://servername/QuickPlace/quickplace/Main.nsf/h_Toc/22049553D70E00EF85256BB60054A7CB
To create and use a modified My Places URL:

1. Click My Places and append one or more of the following case-sensitive
parameters to the My Places URL. Precede each parameter with an ampersand
(&).

URL Parameter Description
Start=place number Specifies the place number in the place index at
which My Places begins displaying places. The
number of the first place in the index is 0. For
example, if you specify 10, the first place listed
in My Places is the 11th place down in the
place index. My Places applies any sort and
exclusion settings before applying the Start
parameter.
Count=number of places Specifies the maximum number of places to
display per page.
Note: To display a list of all places which you
can then, for example, print out, specify a
number of places that you know exceeds the
total number.
StartAtLastPage Displays the last page of My Places.
StartKey=first characters of sort key Displays places beginning with the first place
whose currently-selected sort key starts with
the specified character or characters.
ResortAscending=column number Sorts My Places in ascending order by the
values in the specified column number, starting
at 0 (zero), which is the ″Name″ column.
ResortDescending=column number Sorts My Places in descending order by the
values in the specified column number, starting
at 0 (zero), which is the ″Name″ column.
2. Press Enter to apply the parameters to the My Places list.

3. (Optional) Bookmark the URL.
Example of adding parameters to the My Places URL

The following example displays eight places, starting at the eleventh place (the
first place is numbered ″0″).
http://serverName/QuickPlace/quickplace/Main.nsf/h_Toc/
22049553D70E00EF85256BB60054A7CB/?OpenDocument&Start=10&Count=8
The following example displays the last page of My Places:

22049553D70E00EF85256BB60054A7CB/?OpenDocument&StartAtLastPage
The following example displays the places whose name starts with ″xyz″ when My
Places is sorted by the default sort key, place name:
22049553D70E00EF85256BB60054A7CB/?OpenDocument&StartKey=xyz
The following example sorts My Places in ascending order by title:

22049553D70E00EF85256BB60054A7CB/?OpenDocument&ResortAscending=1
The following example displays the places whose titles start with ″Acme″ when
My Places is sorted by title:
22049553D70E00EF85256BB60054A7CB/?OpenDocument&StartKey=Acme

Customizing Web page caching
Web page caching greatly improves the response time of the Lotus QuickPlace
server. Without a cached copy of a Web page, the HTTP server must access the
database upon every HTTP request, which results in a slower response time for the
Lotus QuickPlace server. If a Web page is cached on the Lotus QuickPlace server,
the server only has to pick up the page from the database one time, and then
create a user-specific, cached copy of the page at that time. Upon subsequent
requests for the page, the server retrieves and provides the cached copy, as long as
it is still valid. If the server is brought down, the existing cache is maintained after
the server is brought back up.
Certain actions cause the cache for a page to become invalid. Once a cached paged
is invalid, the next time the page is accessed it is re-cached. Following are some
examples of how the entire cache or specific pages within the cache can become
invalid:
v A change to the Lotus QuickPlace Server Settings, for example a change to the
default maximum attachment size allowed, invalidates all places on the server
(the entire cache).
v If the Place Catalog is enabled, a change in the Place Catalog database
invalidates the entire cache.
v A change in qpconfig.xml invalidates the entire cache.
v A change to place membership -- a member is added, modified, or deleted --
invalidates the cache for all databases associated with that place -- main.nsf and
all the inner rooms. A change to inner room membership invalidates the cache
for that particular room and its child rooms.
v A change in rooms -- a room is created or deleted -- invalidates the cache for all
databases associated with that place.
v A page published in the Main room (main.nsf) invalidates the cache for all
databases associated with that place.
v A page published in a parent room invalidates the cache for the parent room
and the child rooms below it.
v A page published in a child room invalidates the cache for the child room and
for any rooms below it. The cache for the parent room pages remain valid.
v A customization to a parent room, for example a theme change or a custom
form, invalidates the cache for the parent room and the child rooms below it.
Web page cache settings

Lotus QuickPlace administrators can use notes.ini settings to change the following
preferences for the server cache:
v Enable or disable caching
v Set the cache directory
v Set the cache size limit
v Set the time interval for cache cleaning
v Set the cache for anonymous users only
v Enable or disable logging
To enable the cache

Set ″QuickPlaceWebCacheEnabled=1″ in the notes.ini file.
To disable server caching, set ″QuickPlaceWebCacheEnabled=0″

The server cache is enabled by default.
To set the cache directory

Set ″QuickPlaceWebCacheDir= <full path>″ in the notes.ini file.
If this variable is not set in the notes.ini file, then it is automatically set to the
default directory: (<NOTESPROGRAM>\data\domino\quickplace\cache).
If a specified directory path is invalid, the server cache is disabled.
To set the cache size limit

Set ″QuickPlaceWebCacheLimitInMB = <size in MB>″ in the notes.ini file.
If this variable is not set in the notes.ini file or if the size given is not a positive
number, then the variable is automatically set to the default size of 50MB.
To set the time interval for cache cleaning

Add ″QuickPlaceWebCacheGCIntervalInMIN= <time interval in minutes>″ to the
notes.ini file.
If this variable is not set in the notes.ini file, or if the value given is not a positive
number, then it is automatically set to the default value of 60 minutes.
To set the cache for anonymous users only

Add ″QuickPlaceWebCacheUsers= Anonymous″ to the notes.ini file.
The default value for this setting allows server caching for all users when the
cache is enabled. Changing this setting disables caching for all other users.
To enable logging for the server cache

Set QuickPlaceWebCacheLogging = < log level> in the notes.ini file.
The logging setting has three levels: 1, 2, or 3, where 1 is the least detailed and 3 is
the most detailed. Logging is written to log.nsf.
Hiding the Sign In and Sign Out links

After a user signs in to a place, Lotus QuickPlace displays the Sign In and Sign
Out links in the Lotus QuickPlace user interface by default. You can configure
Lotus QuickPlace to hide the Sign In and Sign Out links after a user signs in. You
might want to hide the links if single sign-on is enabled on the server, or if Lotus
QuickPlace is running on a public pedestal, for example, at a trade show. To hide
the Sign In and Sign Out links, specify the following settings in the qpconfig.xml
file, and then restart the HTTP task.
<server settings>
<authentication>
<sign_out enabled="false"/>
<sign_in enabled="false"/>
</authentication>
</server settings>

Enabling image caching in environments that don’t use single sign-on
A Lotus QuickPlace server stores images from places in the resources.nsf database
and in the Lotus QuickPlace file system. You can set up a server to cache the
images in resources.nsf on the browser when users first access a place. Then when
users access additional places, the cached images are used, which load more
quickly than images loaded from the server. Image caching is supported only in
Lotus QuickPlace environments that do not use single sign-on authentication.
To enable image caching:

1. Add the following notes.ini setting to the Lotus QuickPlace server:
h_ScopeURLinQP=0
2. Enter the following command at the server console:
restart server
Disabling page compression

Lotus QuickPlace compresses the content in HTML pages it transmits to clients if
the browser supports compression. The compression reduces the size of HTML
transmissions to 30% or less of the uncompressed size, with the result that users
can open large pages more quickly. Only HTML and text is compressed, not
images or attachments.
Page compression is enabled by default. If page compression is not supported in

your environment, use the following qpconfig.xml setting to disable page
compression, and then restart the HTTP task:
<server_settings>
<page_compression enabled="false">
</page_compression>
</server_settings>
Displaying CGI variables in Lotus QuickPlace HTML source pages

By default, Lotus QuickPlace HTML source pages viewed through a browser do
not display Common Gateway Interface (CGI) variables. These variables are not
displayed because they contain potentially sensitive information, for example
information about the remote host and its users. However, you can enable the
display of CGI variables, for example if you want to copy the variables from the
source pages for use in custom applications.
To enable the display of CGI variables, use the following setting in the
qpconfig.xml file on the server, and then restart the HTTP task:
<server_settings>
<cgi_variables enabled="true"/>
</server_settings>
For more information on creating and specifying settings in the qpconfig.xml file,
see the chapter ″Lotus QuickPlace Administration Overview.″
Customizing user notifications settings

Use qpconfig.xml settings to configure a variety of settings related to Lotus
QuickPlace user notifications. For example use qpconfig.xml settings to specify the
text displayed in the password prompt of place invitations or to specify whether
notifications sent to groups show the members of the groups.

Use notes.ini settings to configure where Lotus QuickPlace sends replies to e-mail
sent from places.
Note: You configure the underlying Lotus QuickPlace mail routing through
Domino. For more information, see Domino Administrator Help.
Using qpconfig.xml settings to configure notifications

Use the following section in qpconfig.xml file to specify a variety of settings for
user notifications. Copy the following from qpconfig_sample.xml to qpconfig.xml,
and customize the settings to suit your needs. After you have customized settings,
restart the HTTP task so that Lotus QuickPlace recognizes the changes.
For information on creating the qpconfig.xml, see the chapter ″Lotus QuickPlace
Administration Overview.″
<server_settings>
<notifications>
<place_invitation>
<password_message>Your intranet password.</password_message>
</place_invitation>
<calendar>
<client_types>
<notes5 enabled="true"/>
<msoutlook enabled="true"/>
</client_types>
</calendar>
<recipient_rules>
<expand_external_groups enabled="true"/>
<allow_ambiguous_sendto enabled="false"/>
</recipient_rules>
</notifications>
</server_settings>
The following table describes these settings.
Setting Description
password_message Specifies the password prompt that appears in
external users’ invitations to visit places
notes5 enabled When set to true (default), enables Lotus Notes 5
support for calendar notifications. When set to false,
disables this support.
msoutlook enabled When set to true (default), enables Microsoft
Outlook support for calendar notifications using
icalendar standards specified in RFC 2445. When
set to false, disables this support.
expand_external_groups enabled When set to true (default), when mail is addressed
to an external group, the place expands the group
and lists each member’s e-mail address in the
notification.
When set to false, the notifications do not expand

the group members. Instead the mail router is given
the group names to resolve.
allow_ambiguous_sendto enabled When set to true, allows users to send notifications
to ambiguous names from an external directory and
have the mail router resolve the names.
When set to false (default), users can send

notifications only to valid e-mail addresses.

Configuring where Lotus QuickPlace routes replies to e-mail
from places
By default if a user replies to one of the following types of e-mail notifications,
Lotus QuickPlace routes the reply to a database called DeadMailQP.nsf on the
Lotus QuickPlace server:
v Notification sent by a place automatically, such as a ″What’s New″ notification.
v Notification sent from a place by a user who has no specified e-mail address.
By default Lotus QuickPlace also routes all delivery failure notifications to

DeadMailQP.nsf.
To instead route these types of replies as well as delivery failure notifications to the
default mail location of the places from which the e-mails come, delete the
following setting from the notes.ini file on the server:
h_UndelivMail
Or, to send these types of replies as well as delivery failure notifications to the
default mail location of one specified place, modify these notes.ini settings:
h_UndelivMail=placename
$h_MailDomain=domainname
where placename is the name of the place to route the mail, and domainname is the
fully qualified domain name of the server that hosts the place.
For example, specify:

replyplace@qpserver.acme.com
Specifying a footer that appears on all pages

You can specify an HTML footer of up to 255 characters in the server_messages
section of qpconfig.xml to display HTML on the bottom of all pages on the Lotus
QuickPlace server. For example you might specify a corporate logo, administrative
message, or corporate disclaimer.
For more information on creating and specifying settings in the qpconfig.xml file,
see the chapter ″Lotus QuickPlace Administration Overview.″
For example, to display Acme Corporation in bold text in page footers, specify the
following, and then restart the HTTP task:
<server_settings>
<server_messages>
<footer>
<![CDATA[<b>Acme Corporation</b>]]>
</footer>
</server_messages>
</server_settings>
To insert an image in the footer, put the image file in the data\domino\html
directory and reference it in the footer setting as <img src=″/[filename].gif″>. Or
put the image file in the data\domino\icons directory and reference it as <img
src=″/icons/[filename].gif″>.

For example, put the image file logo.gif in the data\domino\html directory and
specify the following in qpconfig.xml:
<server_settings>
<server_messages>
<footer>
<![CDATA[<img src="/[logo].gif">]]>
</footer>
</server_messages>
</server_settings>
Enabling and disabling the UTF-8 Domino server setting

UTF-8 is an encoding format for Unicode. The Domino server document has a
setting, ″Use UTF-8 for Output,″ which changes the default character encoding of
the Domino HTTP server to UTF-8. If the Lotus QuickPlace server is running with
the GB-18030 code page, then this server setting must be set to Yes.
If the UTF-8 setting is not configured appropriately, your Domino server

administrator must change the setting in Domino. For more information on
changing the UTF-8 setting in Domino, see Domino Administrator Help.
Tracking the number of active Lotus QuickPlace users

To track the number of active users of a Lotus QuickPlace server, you use standard
Domino Web server logging to log user access information to text files. Then you
can use available tools to extract the names of each unique user. To retrieve the
total number of active users in the Lotus QuickPlace service, you must set up each
Lotus QuickPlace server in the service to generate log files.
When you set up the HTTP task to log user access information to text files, the
HTTP task creates one log file a day that contains information about each user
session with the Lotus QuickPlace server. The default name format for the log files
is access<date>.log, where <date> is the date the log file is created in the format
MMDDYYYY.
To set up logging of user access

To set up the HTTP task on a Lotus QuickPlace server to log user access
information to text files, do the following:
1. Open the Server document for the Lotus QuickPlace server in the Domino
Directory in edit mode.
2. Click the Internet Protocols - HTTP tab.
3. In the Log files field, selected Enabled.
4. In the ″Directory for log files″ field, specify an existing directory path for the
log files. The HTTP task creates log files only if the specified directory path
exists.
5. In the Access log field, specify the prefix for the log files. The default prefix is:
access.
6. Click Save and Close.
For more information on Web server logging and other log settings in the Server
document, see Domino Administrator Help.

To extract the names of Lotus QuickPlace users from log files
on AIX and Solaris
There are many tools available to extract the names of users from the log files and
to exclude irrelevant information. One of the simpler methods available is using
native operating system commands. Following are some examples of using the tr,
grep, and sort commands on a UNIX system to extract user names from log files.
Example of extracting names from one log file

The following commands translate the contents of the file, access03252002.log, to
uppercase letters, extract only the lines that contain the character string ″ CN=″,
eliminate any duplicate names, and write the resulting list to the file,
uniquename.log.
tr ″[:lower:]″ ″[:upper:]″ < access03252002.log | grep ″ CN=″ | sort -u -k 3,3 >

uniquename.log
Example of extracting names from multiple log files

The following commands process two log files, access03252002.log and
access03262002.log, to produce the unique user list.
tr ″[:lower:]″ ″[:upper:]″ < access03252002.log | grep ″ CN=″ | sort -u -k 3,3 >>

tempname.log
tr ″[:lower:]″ ″[:upper:]″ < access03262002.log | grep ″ CN=″ | sort -u -k 3,3 >>

tempname.log
sort -u -k 3,3 < tempname.log > uniquename.log
The following Korn shell commands process all the log files generated by one
server in the month of May to produce the unique user list.
for %f in (access05*.log) do tr ″[:lower:]″ ″[:upper:]″ < %f | grep ″ CN=″ | sort -u

-k 3,3 >> tempname.log
for f in `ls -1 access05*log`
do
tr ″[:lower:]″ ″[:upper:]″ < %f | grep ″ CN=″ | sort -u -k 3,3 >> tempname.log
done
sort -u -k 3,3 tempname.log > uniquename.log
Example of extracting names from log files on multiple

servers
To extract a list of active user names of a Lotus QuickPlace service that consists of
multiple servers, you run the commands described in the examples above on each
server, putting the output into a single network file that all servers can access. You
then use that network file to generate the final output.

For example, if the Lotus QuickPlace service consists of two Lotus QuickPlace
servers, X and Y, and the network file is n:\log\tempname.log, run Korn shell
commands such as the following ones on each server:
On server X run:
for %f in (access*.log) do tr ″[:lower:]″ ″[:upper:]″ < %f | grep ″ CN=″ | sort -u -k

3,3 >> X_tempname.log
for f in `ls -1 access*.log`
do
tr ″[:lower:]″ ″[:upper:]″ < %f | grep ″ CN=″ | sort -u -k 3,3 >> X_tempname.log
done
sort -u -k 3,3 X_tempname.log > n:log\tempname.log
On server Y run:

3,3 >> Y_tempname.log
for f in `access*.log`
do
tr ″[:lower:]″ ″[:upper:]″ < %f | grep ″ CN=″ | sort -u -k 3,3 >> Y_tempname.log
done
sort -u -k 3,3 Y_tempname.log > n:log\tempname.log
Then use the following command to sort and generate the final list of names:
sort -u -k 3,3 < n:\log\tempname.log > uniquename.log
If there are many servers and log files to process, you can automate the steps by
programming them in a cmd file (Windows) or a script file (UNIX).
To extract the names of Lotus QuickPlace users from log files

on Windows
The tr, grep, and sort commands mentioned in the preceding topic are not
available natively on the Windows operating system. However, you can obtain
software that makes the UNIX functionality available on Windows through the
following sources:
v MKS Toolkits, a commercial software package. For information, see:
http://www.mkssoftware.com/products/.
v The GNU Project, sponsored by the Free Software Foundation. GNU provides
the source form of the commands for Windows. The binary form of the
commands can be obtained from the Internet, one example being
http://gnuwin32.sourceforge.net/. Obtain textutils, grep, and their supporting
libraries, libintl.dll in gettext package libiconv.dll in libiconv package, and
pcre.dll in pcre package. For more information, see http://www.gnu.org/.

If you use either of these packages, the commands to use on Windows then are
ones described below.
Note: Windows has a sort command stored in the \WINNT\System32 directory,

but the command does not work for the purpose described here. Make sure
to use the sort command provided with the software you obtained, rather
than the one provided with Windows.
Example of extracting names from multiple log files on

Windows
The following commands process all the log files generated by one server in the
month of May to produce the unique user list.
for %f in (access05*.log) do tr ″[:lower:]″ ″[:upper:]″ < %f | grep ″ CN=″ | sort -u

-k 3,3 >> tempname.log
tr ″[:lower:]″ ″[:upper:]″ < %f | grep ″ CN=″ | sort -u -k 3,3 >> tempname.log
sort -u -k 3,3 tempname.log > uniquename.log
Example of extracting names from log files on multiple

servers on Windows
For example, if the Lotus QuickPlace service consists of two Lotus QuickPlace
servers, X, and Y, and the network file is n:\log\tempname.log, run commands
such as the following ones on each server:
On server X run:

3,3 >> X_tempname.log
tr ″[:lower:]″ ″[:upper:]″ < %f | grep ″ CN=″ | sort -u -k 3,3 >> X_tempname.log
sort -u -k 3,3 X_tempname.log > n:log\tempname.log
On server Y run:

3,3 >> Y_tempname.log
tr ″[:lower:]″ ″[:upper:]″ < %f | grep ″ CN=″ | sort -u -k 3,3 >> Y_tempname.log
sort -u -k 3,3 Y_tempname.log > n:log\tempname.log
Then use the following command to sort and generate the final list of names:
sort -u -k 3,3 n:\log\tempname.log > uniquename.log

Chapter 8 Using QPTool Commands
This chapter describes how to complete various Lotus QuickPlace administration
tasks using QPTool commands.
QPTool
QPTool is a server task that you run with arguments to do administrative tasks.
You can use the QPTool command to complete the following tasks:
v Add external members to places
v Change user and group names in places
v Change the hierarchy of names in places
v Update external member information in places
v Manage expanded membership
v Reset local user passwords
v Remove members from places
v Send newsletters to subscribers
v Send mail to managers and members of places
v Register and unregister places and servers
v Automate replica stub creation
v Upgrade places and PlaceTypes
For information on upgrading places and PlaceTypes, see the Lotus QuickPlace
Installation and Upgrade Guide.
v Refresh places and PlaceTypes
v Lock and unlock places
v Archive places
v Remove places or PlaceTypes
v Update statistics in the Place Catalog
v Generate reports about places and servers
v Repair places
v Clean up dead mail
v Add and remove graphic text fonts
v Execute an XML API file
Running QPTool
QPTool commands are designed to be used while the Lotus QuickPlace server is
running.
To run QPTool from the Domino server console, enter:

load qptool [command] [arguments]
where [command] is a QPTool command and [arguments] are one or more

supported arguments for the command.
For example, to lock a place called place1 from the Domino server console, enter
the following command:

load qptool lock -p place1
To run QPTool from the command prompt:

1. Navigate to the Domino program directory.
2. Enter one of the following commands:
v On Windows:
nqptool [command] [argument]
v On AIX or Solaris:
qptool [command] [argument]
v On i5/OS:
qptool server [servername][command] [arguments]
where [servername] is the name of the Lotus QuickPlace server.
You can also run QPTool from a batch file or other program.
The Place Catalog reflects changes that result from QPTool commands.
For more information on the Place Catalog, see the chapter ″Setting Up the Place
Catalog.″
Using the -i argument with QPTool commands

Most QPTool commands support the use of the -i argument. The -i argument
enables you to use an XML input file located in the server program directory to
indicate on which place or places a QPTool command runs. Except for QPTool
execute, which is used by programmers to execute XML code, a QPTool command
reads only the list of places(s) in the XML input file.
Typically you specify an XML input file that a previous QPTool command
generated as output. For example, suppose you use the QPTool report command to
report on all places last accessed before a specified date. You could then use the
XML output file generated by the report command as input to a QPTool sendmail
command that notifies place managers of these inactive places.
Using QPTool commands in a cluster

When you run a QPTool command on a server in a cluster, Lotus QuickPlace
applies the command only to the server on which you run it. The results of the
command then replicate to the other servers in the cluster. For example, if you lock
a place on one server in a cluster, the place is locked immediately only on that
server. The place is locked on the other servers after replication replicates the lock
property on the place’s databases to the other servers.
The QPTool report command can gather information from all servers in a cluster.
However, if the results of the report command are supplied as input to another
qptool command, the other qptool command only acts immediately on the places
on the server from which you issue the command.
Adding external members to places

You can use the QPTool addmember command to add a name from a user
directory as a member of a place or places. When you use the addmember
command rather than the Lotus QuickPlace user interface, you can add a member
to multiple places at once. When you use the addmember command, you must use
the -reader, -author, -editor, or -manager argument to specify the access the

member has to the place’s main room. Optionally, you can use the -allrooms
argument to apply the member’s main room access to all subrooms.
If you use the Lotus QuickPlace user interface to change an existing external
member’s access to the main room in a place, subrooms do not inherit the access
change. To change an existing member’s access to all rooms in a place, you can use
the QPTool removemember command to delete the member from the place, and
then use QPTool addmember with the -allrooms argument to add the member
again with the new access.
Note: You can’t use the addmember command to add local members. You can’t
use addmember to add external members to the QuickPlace/quickplace.
The syntax for the addmember command is:

load qptool addmember arguments
The following table describes the supported arguments.
Argument Description
-? Prints help on the command.
-dn name Specifies the name of an external user or group to
add as a member. If the name contains at least one
space, include quotation marks (″ ″) around it.
Specify the name exactly as it is defined in the
directory (including spaces), for example:
″cn=Connor Jones,ou=Sales,o=Acme″
Note: Lotus QuickPlace does not look up the name
in the user directory to verify the name you specify.
Be sure the name you specify is valid.
-g Indicates that a name specified for the -dn
argument is the name of a group.
You must use this argument to add an external

group. If you use qptool addmember without the -g
argument to add an external group as a member of
a place, users who are members of the group can’t
access the place through the group membership,
and the group may not show up in the user
interface in some places.
-reader Adds the specified name as a Reader of a place.
-author Adds the specified name as an Author of a place.
-editor Adds the specified name as an Editor of a place.
-manager Adds the specified name as a Manager of a place.
-allrooms Applies the place access specified for the name to
all rooms in a place. If you omit this argument, the
name’s specified access applies only to a place’s
main room.
-a Adds the specified name as a member of all places
on the server.
-p place(s) Adds the specified name as a member of a specific
place or space-separated list of places.
Chapter 8 Using QPTool Commands 101

-i inputfilename XML input file located in the server program
directory that specifies the places in which to add
an external member.
-o outputfilename XML output file that logs the results of the
command. By default the command logs results to
qptool.addmember.xml in the server program
directory.
The following table provides examples of the qptool addmember command.
Task Command
Add the user cn=Connor load qptool addmember -dn ″cn=Connor
Jones,ou=Sales,o=Acme as an author Jones,ou=Sales,o=Acme″ -author -allrooms -p Place1
of all rooms in Place1
Add the group load qptool addmember -dn cn=Salesgroup,o=Acme
cn=Salesgroup,o=Acme as a reader of -g -reader -a
the main room in all places
Changing user and group names in places

Use the QPTool changemember command to change the name of a local user,
external user, or external group in specified places. The original name is known as
the source name and the name you change to is known as the target name.
Using changemember, you can do the following tasks:

v Change a user or group name to a new name -- for example, change the name of
a user who recently married so the user can continue to access a place using the
new name. In this case, the target name is a new name.
v Change the name of a user or group to the name of another existing user or
group -- for example, change the name of a user who leaves the company to the
name of a remaining user who assumes the original user’s responsibilities. The
access the target name has to places is the higher level of access between the
source and target names. For example, if the source name is a manager of a
place and the target name is a reader of the place, the target name becomes a
manager of the place and has access to all pages previously accessible to the
source and target names. The same access control principle applies to room
access.
v Change the name of a local user to the name of an external user in a user
directory -- for example, to move from a pilot deployment that uses local users
to a production deployment that uses a corporate directory.
You can make these combinations of name changes:

v Local user name to local user name
v Local user name to external user name
v External user name to external user name
v External group name to external group name
Note: If an external user is not listed explicitly as a member of a place, but instead
accesses the place through membership in an external group, the user’s
name is not listed as a member in the place’s Contacts1.nsf database, but is
included in security fields within the place. For example, if the user creates

a page, the user’s name is listed in the page’s h_Authors field. If you use the
changemember command to change the user’s name in a place, the name is
changed in these security fields and the user’s access to the place continues.
You cannot make these combinations of name changes:

v External user name to local user name
v External group name to local user name
v External group name to external user name
v Local user name to external group name
v External user name to external group name
The syntax for the changemember command is:

load qptool changemember arguments
The following table describes the arguments. When a name specified as an

argument contains spaces, include quotation marks (″) around the name.
-sourcedn name Specifies the original distinguished name of an
external user or external group exactly as the name
is defined in the external directory, for example,
″cn=Connor Jones, ou=Sales,o=Acme.″
Include any spaces in the name. Specify the letter

case (uppercase or lowercase) correctly.
-sourceu name Specifies the original name of a local user, for
example, ″Joe Smith.″
-sourceg Indicates that the specified source name is that of an
external group.
-targetdn name Specifies the new distinguished name of an external
user or external group. Specify the name exactly as it
is defined in the external directory, for example:
″cn=Representatives,ou=Sales,o=Acme″

Note: Lotus QuickPlace does not look up the target
name in the user directory to verify the name you
specify. Be sure the name you specify is valid.
-targetu name Specifies the new name of a local user, for example,
″Joe Smith.″
-targetg Indicates that the specified target name is that of an
external group.
-p place(s) Specifies a place or a space-separated list of places in
which to rename the user or group.
directory that specifies the places in which to
rename the user or group.
qptool.changemember.xml in the server program
directory.

The following table provides examples of using the qptool changemember
command.
Task Command
Change the name of local user name >load qptool changemember -p PlaceName -sourceu
to an external user name. localuser -targetdn
″CN=ExternalUser,O=[Organization]″
Change an external user name to an >load qptool changemember -p PlaceName
external user name. -sourcedn ″CN=External User,O=[Organization]″
-targetdn ″CN=New External
User,O=[Organization]″
Change an external group name in >load qptool changemember -p PlaceName1
multiple places. PlaceName2 -sourceg -sourcedn ″CN=External
Group,O=[Organization]″ -targetg -targetdn
″CN=New External Group,O=[Organization]″
Changing the name hierarchy of names in places

You can use the QPTool changehierarchy command to change the hierarchy in the
names of external users and groups in places. For example, if your company name
changes and you change the names of users and groups in a user directory to
reflect the change, you can then use the changehierarchy command to change the
names in places. Or if you create a new group with a new hierarchy in your
external directory to encompass what was previously two groups, you can change
the names of the original groups in places to the name of the new group.
The changehierarchy command does not operate on local users.
The syntax for the changehierarchy command is:

load qptool changehierarchy arguments
The following table describes the arguments you can use with the command.
-sourceh hierarchy Specifies the original name hierarchy to change, for
example, ou=people,o=group. If the hierarchy
includes spaces, place quotation marks around it.
-targeth hierarchy Specifies the new name hierarchy, for example,
ou=people2,o=group. The name hierarchy you
specify should correspond to a valid name
hierarchy in the external directory. If the hierarchy
includes spaces, place quotation marks around it.
-a Changes the names of external users and groups
that use the original name hierarchy to the new
name hierarchy in all places.
-p place(s) Changes the names of external users and groups
name hierarchy in a place or a space-separated list
of places.

-i inputfilename Changes the names of external users and groups
name hierarchy in places specified in an XML input
file located in the server program directory.
qptool.changehierarchy.xml in the server program
directory.
The following table provides examples of using the changehierarchy command.
Note: If an external user is not listed explicitly as a member of a place, but instead
accesses the place through membership in an external group, the user’s
name is not listed as a member in the place’s Contacts1.nsf database, but is
included in security fields within the place. For example, if the user creates
a page, the user’s name is listed in the page’s h_Authors field. If you use the
changehierarchy command and the name hierarchy you are changing
applies to the user’s name in a place, the user’s name is changed in these
security fields and the user’s access to the place continues.
Task Command
Change the names of users and >load qptool changehierarchy -sourceh
groups within the hierarchy ou=boston,o=acme -targeth ou=detroit,o=acme -p
ou=boston,o=acme to the hierarchy P1
ou=detroit,o=acme in the place P1
Changes the names of users and >load qptool changehierarchy -sourceh
groups with the hierarchy ou=boston,o=acme -targeth ou=detroit,o=acme -a
ou=boston,o=acme to the hierarchy
ou=detroit,o=acme in all places
Updating external member information in places

When information about an external member changes in the user directory, use the
QPTool updatemember command to update the information in places. The
updatemember command updates the following information:
v E-mail address (external users)
v First name (external users)
v Last name (external users)
v Phone number (external users)
v Display name (external users)
v Display name (external groups)
QPTool updatemember does not operate on local members.
The syntax for the updatemember command is:

load qptool updatemember arguments
The following table describes the arguments.

-dn name Specifies the name of an external user or group
whose member information has changed in the user
directory. If the name contains at least one space,
include quotation marks (″ ″) around it, for
example:. ″cn=Connor Jones,ou=Sales,o=Acme″
Specify the name exactly as it is defined in the

external directory. Include any spaces in the name.
Specify the letter case (uppercase or lowercase)
correctly.
f you use this argument, do not use -allmembers.

-allmembers Updates all external member information in the
specified place(s). If you use this argument, do not
use -dn name.
-g Indicates that a name specified for the -dn
argument is the name of a group.
-a Updates external member information in all places
-p place(s) Updates external member information in a specific
place or space-separated list of places.
directory that specifies the places in which to
update external member information.
qptool.updatemember.xml in the server program
directory.
You can run qptool updatemember -allmembers -a on a scheduled basis. How

often you should run the command depends on how often the contents of your
user directory changes.
The following table provides examples of the qptool updatemember command.
Task Command
Update the member information for load qptool updatemember -dn ″cn=Connor
the user cn=Connor Jones,ou=Sales,o=Acme″ -a
Jones,ou=Sales,o=Acme in all places
Use the notes.ini file to update all ServerTasksAt3=qptool updatemember -allmembers
member information in all places -a
daily at 3 AM.
Update the member information for load qptool updatemember -dn
the group cn=Adminstrators,o=Acme cn=Administrators,o=Acme -g -a
in all places
Note: The updatemember command does not change an external member’s

distinguished name stored internally in places and used for access control. If
external members’ distinguished names change in the user directory, use the
QPTool changemember command or changehierarchy command to update
the distinguished names in places.

Managing expanded membership
Expanded membership is a feature that allows a place to have up to 4000
individual users as members. Expanded membership generates groups in an LDAP
directory to store the names of external user members, and then uses these groups,
rather than the individual user names, in room ACLs. Use the QPTool
membershipmodel command to do the following tasks related to use of the
expanded membership feature:
v Enable one or more places to use expanded membership.
v Delete and then recreate expanded membership groups, and update room ACLs
after specifying a new directory server or base distinguished name for the
expanded membership groups in the qpconfig.xml file. For complete
instructions, see the chapter ″Setting Up Security.″
v Delete and recreate expanded membership groups if they become corrupt or out
of synchronization with their places. The failure of My Places or cross-place
searches to work can be an indication of these problems.
CAUTION:
Do not use the membershipmodel command until you have read about
expanded membership and how to set it up. For information, see the chapter
″Setting Up Security.″
The syntax for the membershipmodel command is:

load qptool membershipmodel arguments
The following table describes the arguments for the command.
-toexpanded Converts places to expanded membership.
-rmgroups Removes existing expanded membership groups
from the directory server that currently stores them.
-basedn If you’ve changed the base distinguished name
configured in the expanded membership model
section of the qpconfig.xml file, use this command
to change the names of the groups in place ACLs to
reflect the change. For complete instructions, see the
chapter ″Setting Up Security.
-addgroups If you’ve used the -rmgroups argument, use this
argument to re-create the groups.
-a When used with the -toexpanded argument, runs
the command on all places that do not use
expanded membership.
When used with the -rmgroups, -basedn, or

-addgroups arguments, runs the command on all
places that use expanded membership.
-p places Runs the command on a place or a space-separated
list of places.
-i inputfilename Runs on places specified in an XML input file.

qptool.membershipmodel.xml in the server program
directory.
The following table provides examples of using the membershipmodel command.
Task Command
Enable ″placeofmanymembers″ to use >load qptool membershipmodel -toexpanded -p
expanded membership. placeofmanymembers
Enable all places that do not >load qptool membershipmodel -toexpanded -a
currently use expanded membership
to use expanded membership.
The expanded membership groups >load qptool membershipmodel -rmgroups -p
for ″placeofmanymembers″ are not placeofmanymembers
synchronized correctly with the
place. To correct the problem, remove >load qptool membershipmodel -addgroups -p
the groups for placeofmanymembers
″placeofmanymembers″ from the
directory, then re-create them.
Change the directory server or base For information, see the chapter ″Setting Up
distinguished name used for the Security.″
expanded membership groups.
Resetting local user passwords

Use the QPTool password command to reset passwords for a local user.
Note: To change the password for an external user, change the entry for the user
in the external directory.
The syntax for the password command is:

load qptool password arguments
-u name Specifies of the name of the local user whose
password you are changing. If the name has spaces,
include quotations marks around the name, for
example:
″Joe Smith.″
-pw password Specifies the new password.
-p place (s) Specifies a place or a space-separated list of places
on which to change the user’s password.
directory that specifies places on which to change
the user’s password.

qptool.password.xml in the server program
directory.
Task Command
Change the password for a local user >load qptool password -p placename -u joeuser -pw
whose name has no spaces newpassword
Change the password for a local user >load qptool password -p placename -u ″joe user″
whose name includes spaces -pw newpassword
Removing members from places

Use the QPTool removemember command to remove members from a place.
The syntax for the removemember command is:

load qptool removemember arguments
-dn name Name of an external user or group to remove. If the
name contains a space, include quotation marks
around it. Specify the name exactly as it is defined
in the external directory, for example:
″cn=connor jones,ou=sales,o=acme″

-g Indicates that a specified distinguished name is that
of a group.
-u name Name of a local user to remove. If the name
contains a space, include quotation marks around it,
for example:
″Jonathan Carter″
-a Removes the specified name from all places.
-p place(s) Removes the specified name from a place or a
space-separated list of places.
directory that specifies the places from which to
remove the specified name.
qptool.removemember.xml in the server program
directory.

The following table provides examples of using the removemember command.
Task Command
Remove the external user cn=connor >load qptool removemember -dn ″cn=connor
jones,ou=sales,o=acme from the place jones,ou=sales,o=acme″ -p P1
P1
Remove the external group >load qptool removemember -g -dn
cn=managers,ou=groups,o=acme ″cn=managers,ou=groups,o=acme″ -p P1
from the place P1
Remove the local user Jonathan >load qptool removemember -u ″Jonathan Carter″
Carter from the places P1 and P2 -p P1 P2
jones,ou=sales,o=acme from all places jones,ou=sales,o=acme″ -a
Remove the external group >load qptool removemember -i
cn=managers,ou=groups,o=acme qptool.myremmem.xml -g -dn ″cn=managers,ou-
from places specified in the XML groups,o-acme″
input file qptool.myremmem.xml
jones,ou=sales,o=acme from the place jones,ou=sales,o=acme″ -p P1 -o
P1 and log the command output to qptool.myoutfile.xml
the non-default XML output file
qptool.myoutfile.xml
Sending newsletters to subscribers

Use the QPTool newsletter command to send daily and weekly newsletters to
members of places. Members of a place can receive daily newsletters if daily
newsletters are enabled for the place in Customize, Basics, and can receive weekly
newsletters if weekly newsletters are enabled in Customize, Basics. To receive a
newsletter, a member must subscribe to newsletters in the member information
page and must have a valid e-mail address.
Note: Lotus QuickPlace cannot mail newsletters to groups. If you want to mail a
newsletter to a user who is a member of a group, add the user as a member
of the place.
The syntax for the newsletter command is:

load qptool newsletter arguments
-daily Sends newsletters in daily format. By default the
NOTES.INI file includes the setting
ServerTasksAt1=qptool newsletter -daily -a so that
daily newsletters are sent at 1 AM for all places.
You can change the time when daily newsletters are
sent by modifying the NOTES.INI file or scheduling
the command through a Program document.

-weekly Sends newsletters in weekly format. Using a
Program document to schedule the mailing of
weekly newsletters for all places is recommended.
Weekly newsletters typically take longer to process

then daily newsletters, especially if there are many
members and places. Server performance can slow
during processing. Therefore, schedule the
newsletter -weekly command to run during
non-business hours, for example Friday evenings or
Saturdays.
Note: Place members who sign up to receive
weekly newsletters only receive them if you create
a Program document in the Domino Directory with
qptool newsletter -weekly -a and set a time and day
for the server to collect and send weekly
newsletters.
-a Sends newsletters for all places.
-p place(s) Sends newsletters for a place or a space-separated
list of places.
-i inputfile Sends newsletters for places specified in an XML
input file located in the server program directory.
-o outputfile Logs results to a specified XML output file. By
default logs results to qptool.newsletter.xml in the
program directory.
Sending mail to managers and members of places

Use the QPTool sendmail command to broadcast an e-mail message to managers or
to all members of a place. If a group is a manager or a member of a place, the
sendmail command sends mail to each member of the group. The sendmail
command is useful for communicating administration issues to place managers.
For example, you could send a broadcast e-mail to the managers of places if the
places have exceeded a predetermined size limit and will be archived.
The syntax for the sendmail command is:

load qptool sendmail arguments
The following table describes the arguments available for the command.
-template template XSL template file that specifies the message.
-managers Sends mail to managers only. Without this
argument, sends mail to all members, including the
managers.

-i inputfile A required argument that specifies the places and
other data in an XML input file located in the
server program directory. If you are using tags for
title, size, last_accessed or last_modified, values for
those fields must exist in the input file. The qptool
sendmail command only looks to the input file for
its data; it does not query the places for the tag
values.
default logs results to qptool.sendmail.xml in the
program directory.
Sample template file

You can use the following sample template and then customize it for your needs.
<?xml version="1.0"?>
<xsl:stylesheet
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
version="1.0"
xmlns:lsxlt="http://xml.apache.org/xslt"
xmlns:java="http://xml.apache.org/xslt/java">
<xsl:template match="place">
<mail>
<from>E-mail address here</from>
<cc>List of e-mail addresses here</cc>
<bcc>List of e-mail addresses here</bcc>
<subject>Subject string here</subject>
<body>
This mail is sent to members of place ’<xsl:value-of select=″./name″/>’ by qptool

sendmail using xsl as a mail template. Some other fields you might want to use
are:
TITLE: ’<xsl:value-of select="./title"/>’,
SIZE: ’<xsl:value-of select="./size"/>’,
LAST_ACCESSED: ’<xsl:value-of select="./last_accessed"/>’,
LAST_MODIFIED: ’<xsl:value-of select="./last_modified"/>’
</body>
</mail>
</xsl:template>
</xsl:stylesheet>
Note: You can include information about each place in the e-mail to managers or
members of that place. The tags used in the template look like:
’<xsl:value-of select=″./fieldname″/>’
where fieldname is the name of a field in the input XML.
Registering and unregistering places and servers on the server

Use the QPTool register command to do the following:

v Add place documents in the Place Catalog for places created prior to enabling
the Place Catalog or for places added from another server. Places require place
documents for the Lotus QuickPlace service to be aware of them.
v Adjust server-specific information for a place that has been moved from another
server or renamed on the same server.
v Restore a place that was previously archived.
v Register a server in the Place Catalog.
Use the QPTool unregister command to remove a place’s document from the Place
Catalog. For example, if the Place Catalog is down for any period of time,
unregister all places and then use the register command to register the place again
so that the Place Catalog contains up-to-date place information. Note that when
you use the remove command to remove a place, you do not have to use the
unregister command because the remove command automatically removes the
place document.
For more information on the Place Catalog, see the chapter ″Setting Up the Place
Catalog.″
The syntax for the register/unregister command is:

load qptool register[unregister] arguments
-placecatalog Registers/unregisters specified place(s) or server in
the Place Catalog.
-server Registers/unregisters the server on which the
command is run in the Place Catalog. The first time
you create a place on a server, the server is
registered in the Place Catalog automatically if the
Place Catalog is set up.
-install Installs and resets server-specific information for
places that have been:
v Moved to this server from another server
v Renamed on this server
v Restored from archive .
-a Registers/unregisters all places.
-p place(s) Specifies a place or a space-separated list of places
to register/unregister.
directory that specifies the places to
register/unregister.
qptool.register.xml or qptool.unregister.xml in the
server program directory.
Note the following:

v If you change the port or protocol settings for your server, you must run ″qptool
unregister -server″ and then ″qptool register -server″ to reset the information in
the Place Catalog.
v Before you run qptool register -install -a, run qptool remove -cleanup to avoid
creating partial entries in the Place Catalog associated with places marked for
removal.
The following table provides examples of using the qptool register/unregister

command.
Task Command
Register a server with the Place >load qptool register -server
Catalog
Unregister a server with the Place >load qptool unregister -server
Catalog
Register a place that has been moved >load qptool register -p placename -install
from another server, renamed on the
current server, or restored from
archive
Unregister a place >load qptool unregister -p placename
Register a place in the Place Catalog >load qptool register -p placename -placecatalog
only
Register multiple places that have >load qptool register -p place1 place2 place3 -install
been moved from another server
Unregister multiple places >load qptool unregister -p place1 place2 place3
Register all places on the server in >load qptool register -a -placecatalog
the Place Catalog after upgrading to
version 7.0 and enabling the Place
Catalog
Unregister all places on the server >load qptool unregister -a
(that is, remove from place catalog)
Register places specified in an input >load qptool register -i qptool.myinput.xml
file
Unregister places specified in an >load qptool unregister -i qptool.myinput.xml
input file
Register a place and log results in a >load qptool register -p placename -o
non-default output file qptool.myout.xml
Unregister a place and log results in >load qptool unregister -p placename -o
a non-default output file qptool.myout.xml
Automating replica stub creation

After the creation of new places, rooms, and PlaceTypes, use the QPTool
replicamaker command to create replica stubs for the new places, rooms, and
PlaceTypes on other servers in a cluster. Note that after creation of the replica
stubs, cluster replication or standard replication must then replicate the new places,
rooms, and PlaceTypes to populate them initially and then keep them
synchronized.
The replicamaker command does the following:

v Creates replica stubs for MAIN.NSF and CONTACTS1.NSF on the local server or
another server when a place or PlaceType is created.

v Makes a new copy of SEARCH.NSF on the local server or another server when a
place is created.
v Creates replica stubs on the local server or another server for any new rooms.
Note: PlaceTypes replicate and the replicamaker command creates replica stubs for
PlaceTypes the same way it creates replica stubs for places.
For more information on PlaceTypes, see the chapter ″Managing PlaceTypes.″
The syntax for the replicamaker command is:

load qptool replicamaker arguments
-s sourceserver The name of one server involved with the
replication. If not specified, default is the local
server. If you don’t use -s, you must use -t.
-t targetserver The name of another server involved with the
replication. If not specified, default is the local
server. If you don’t use -t, you must use -s.
-a Creates replica stubs for all new places, rooms, and
PlaceTypes.
-p place(s) Creates replica stubs for a specific new place or
stubs for a space-separated list of new places.
-pt placetype(s) Creates replica stubs for a specified PlaceType or
stubs for a space-separated list of PlaceTypes.
Note: You cannot use XML input and output files with this command.
Examples of using the replicamaker command

Task Command
Do either of the following: Either of the following:
v For the new place P1 on the local
>load qptool replicamaker -p P1 -t Server2/Acme
server, create replica stubs on the
server Server2/Acme. >load qptool replicamaker -p P1 -s Server2/Acme
v For the new place P1 on
Server2/Acme, create replica stubs
on the local server.
For all new places, rooms, and Either of the following:
PlaceTypes created on the local
server, create replica stubs on >load qptool replicamaker -t Server2/Acme -a
Server2Acme. And for all new places,
rooms, and PlaceTypes on >load qptool replicamaker -s Server2/Acme -a
Server2/Acme, create replicate stubs
on the local server.

To run replicamaker in verbose mode
You can run the replicamaker command in verbose mode. Verbose mode logs all
activity and errors to the server console and helps identify any problems as they
arise.
To turn on verbose logging for replicamaker on a server:

1. Shut down the server.
2. Edit the notes.ini file in the program directory and add the following:
QuickPlaceStubMakerLogging=3
To ensure that new places and PlaceTypes are replicated

quickly
To ensure that replica stubs of new places, rooms and PlaceTypes are created
quickly and that replication then populates the places, rooms, and PlaceTypes
quickly, do the following:
v Create Program documents in the Domino Directory that runs the QPTool
replicamaker command with the -a argument between the servers in a cluster
every 10 minutes. If there are more than two servers in the cluster, you must use
more than one Program document to run the replicamaker command to ensure
that replica stubs are created on all servers in the cluster.
v Schedule non-cluster replication between all servers in the cluster to occur at
least every 20 minutes, to compensate for any lags in cluster replication.
For more information on Program documents and on scheduling replication, see

Domino Administrator Help.
Refreshing places and PlaceTypes

Use the QPTool refresh command to refresh places and PlaceTypes on the Lotus
QuickPlace server. The syntax for the refresh command is:
load qptool refresh arguments
You can also refresh PlaceTypes using the PlaceTypes view in the administration
place.
For more detailed information on PlaceTypes and refreshing with them, see the
chapter ″Managing PlaceTypes.″

-r Replaces the elements of a place with the elements
in its parent PlaceType. Use this argument with
caution because with the exception of elements
created in a place that do not originate from the
PlaceType, use of the argument removes all changes
to elements made directly in the place.
If you do not use this argument, the command

refreshes a place with elements from its parent
PlaceType, but retains changes to elements made in
the place.
-a Refreshes the elements of all places on the server
created from PlaceTypes with the parent
PlaceTypes.
-p place(s) Refreshes the elements of a specified place or
space-separated list of places with the elements of
its parent PlaceType(s).
-pt placetype(s) Refreshes the elements of a specified PlaceType or
space-separated list of PlaceTypes with design of
the parent PlaceType(s).
-d placetypes(s) Refreshes the elements of all places (not PlaceTypes)
created from the specified PlaceType or
space-separated list of PlaceTypes.
-i XML input file located in the server program
directory that specifies places and/or PlaceTypes to
be refreshed.
-o XML output file that logs the results of the
qptool.refresh.xml in the server program directory.
For information on the two levels of refresh, see the chapter ″Managing Place
Types.″
The following table provides examples of the refresh command.
Task Command
Refresh the elements of child >load qptool refresh -pt PT1 PT2
PlaceTypes PT1 and PT2 with the
design of their parent PlaceTypes
Refresh the elements of child places >load qptool refresh -p P1 P2
P1 and P2 with the design of their
parent PlaceTypes
Refresh the elements of all places on >load qptool refresh -a
the server created from PlaceTypes
Replace the elements of child place >load qptool refresh -p P1 -r
P1 with the design of its parent
PlaceType and delete any design
changes made directly to P1

Locking and unlocking places on the server
Use the QPTool lock/unlock command to take places in and out of service without
stopping the server. Use the lock command to put places temporarily out of service
during maintenance operations and then use the unlock command when the
maintenance operations are complete. When you have locked a place, an end user
trying to access that place receives a message that you specify, explaining that the
place is temporarily out of service.
Other QPTool commands lock places specified in the command automatically

before running and then unlock the places when the operations are complete.
However, you might want to lock a place before running multiple QPTool
commands to prevent users from accessing the place until you have finished
running the commands. For example, you might want to lock a place while using
the changemember command to change several member names within the place to
prevent members from accessing the place until all the name changes are complete.
When a place is locked, the only QPTool command you can run on it is unlock.
The syntax for the lock/unlock command is:

load qptool lock[unlock] arguments
-a Locks/unlocks all places.
to lock/unlock.
-message message Specifies a message to display to users who visit a
locked place. Use quotes if the message contains
spaces.
-i inputfile XML input file located in the server program
directory that specifies the places to lock/unlock.
-o outputfile XML output file that logs the results of the
qptool.lock.xml or qptool.unlock.xml in the server
program directory.
Note: To receive even more information during the
lock/unlock process, you can set
QuickPlaceLockLogging=1 in the NOTES.INI file.
The following table provides examples of using the QPTool lock/unlock command.
Task Command
Lock a place. > load qptool lock -p placename -message ″Place is
undergoing membership changes. Please try back
after 4 pm.″ (where placename is the name of the
place being locked).
Unlock a place. > load qptool unlock -p placename

Archiving places
Use the QPTool archive command to copy places to a specified directory. Use the
archive command when you want to:
v Back up active places by archiving them to a target directory without deleting
them from their Lotus QuickPlace server.
v Back up active places before moving them to another Lotus QuickPlace server.
v Back up inactive places before removing them from the Lotus QuickPlace server.
The syntax for the Archive command is:

load qptool archive arguments
-dir path directory Directory in which to archive places. If you specify
an archive directory without an explicit path, the
specified archive directory is put in the server data
directory. If the specified directory does not already
exist, it is created.
Note: The archive command does not archive a
place that already exists in the archive directory.
-a Archive all places.
to archive.
directory that specifies the places to archive.
qptool.archive.xml in the server program directory.
The following table provides examples of using the archive command.
Task Command
Back up all places on the server >load qptool archive -dir x:\qpbackup -a
Archive more than one place to a >load qptool archive -dir c:\threeplaces -p placeone
target directory below c:\ placetwo placethree
Archive places specified in an XML >load qptool archive -i qptool.archive.xml -dir
input file to a directory below c:\ c:\threeplaces
Archive a place to a directory below >load qptool archive -p placename -dir
c:\ and log output to a non-default c:\placenameback -o c:\qptool.archive.xml
XML file location.
Restoring an archived place to an active server

If you archive a place and delete it from the Lotus QuickPlace server, and then
later want to use the archived version of the place, use the QPTool unlock
command and then the QPTool register command to restore the place.
For example, suppose you use these QPTool commands to archive a place and then
remove it from the data directory:

1. >load qptool archive -p placename -dir d:\archivedir
2. >load qptool remove -p placename -now
To later restore the archived place so that users can access it again from a browser,
you would do the following:
1. Copy d:\archivedir\placename back to the program\data\QuickPlace directory.
2. Specify these QPTool commands:
>load qptool unlock -p placename
>load qptool register -p placename -install
Renaming places
To rename a place:
1. Run the following QPTool command:
load qptool unregister -p placename
Where placename is the current name of the place to be renamed.
2. Type the following command to shut down the Domino server:
exit
3. Through the file system, rename the place’s folder in the ...\Data\QuickPlace
directory.
4. Type the following command to restart the server:
restart server
5. Run the following QPTool command:
load qptool register -p placename -install
where placename is the new name of the place.
For more information on the QPTool register command, see the topic ″Registering
and unregistering places and servers on the server″ earlier in the chapter.
Moving places to another server

To move a place from one server to another server, you use a file system command
to copy the place to the other server. You also use QPTool commands -- for
example, you use the QPTool register command to adjust a place’s information in
the place and in the Place Catalog after you move it.
The following steps describe how to move one place, but you can also move
multiple places at the same time.
Moving a place from one Lotus QuickPlace 7.0 server to

another
Follow these steps to move a place from one Lotus QuickPlace 7 server to another
Lotus QuickPlace 7 server.
1. Enter the following command to make an archive copy of the place before you
move it:
load qptool archive -p placename -dir directory
For more information on this command, see the topic ″Archiving Places.″
2. Enter the following command to unregister the place from the Place Catalog:

3. Enter a file system command to copy the place’s folder and subfolders and
their contents from the ...Data\QuickPlace folder on the original server to the
same location on the target server.
4. Enter the following command to unlock the place on the target server:
load qptool unlock -p placename
For more information on this command, see the topic ″Locking and unlocking
places″ earlier in the chapter.
5. Enter the following command on the target server to update the place’s
information in the place and in the Place Catalog:
For more information on the qptool register command, see the topic
″Registering and unregistering places on the server″ earlier in the chapter.
6. Enter the following command to delete the place from the original server:
load qptool remove -p placename
For more information, see the topic ″Removing places and PlaceTypes from the
server″ later in this chapter.
7. If the original and target servers use different user directories, and the external
members of a place have different distinguished names in each directory, use
the QPTool changemember or changehierarchy command to change the names
in the place so these users can continue to access it.
For more information, see the topics ″Changing user and group names in
places″ and ″Changing the name hierarchy of names in places.″
Moving a place from a Lotus QuickPlace 6.5.1 server to a

Lotus QuickPlace 7.0 server
Follow these steps to move a place from a Lotus QuickPlace 6.5.1 server to a Lotus
QuickPlace 7.0 server.
1. Enter the following command to make an archive copy of the place before you
move it:
load qptool archive -p placename -dir directory
2. Enter a file system command to copy the place’s folder and subfolders and
their contents from the ...Data\QuickPlace folder on the 6.5.1 server to the same
location on the Lotus QuickPlace 7.0 server.
3. Enter the following command on the Lotus QuickPlace 7.0 server to upgrade
the place:
load qptool upgrade -p placename
For more information on this command, see the Lotus QuickPlace Installation and
Upgrade Guide.
4. Enter the following command on the Lotus QuickPlace 7.0 server to update the
place’s information in the place and in the Place Catalog:
For more information on this command, see the topic ″Registering and
unregistering places on the server″ earlier in the chapter.
5. Enter the following command to delete the place from the original server:
load qptool remove -p placename
For more information, see the topic ″Removing places and PlaceTypes from the
server″ later in this chapter.

6. Run the Domino server compact task on the place’s databases on the Lotus
QuickPlace 7.0 server. This step upgrades the database format and results in
improved performance. For more information on upgrading databases, see
Domino Administrator Help.
7. If the original and target servers use different user directories, and the external
members of a place have different distinguished names in each directory, use
the QPTool changemember or changehierarchy command to change the names
in the place so these users can continue to access it.
For more information, see the topics ″Changing user and group names in
places″ and ″Changing the name hierarchy of names in places.″
Removing places and PlaceTypes from the server

Use the QPTool remove command to remove places or PlaceTypes from the Lotus
QuickPlace server. You might want to remove a place or PlaceType that is no
longer used or that hasn’t been used for a long time.
For additional information on removing PlaceTypes, see the chapter ″Managing

PlaceTypes.″
The syntax for the remove command is:

load qptool remove arguments
-now Deletes places or PlaceTypes immediately. If you do
not use this argument, places or PlaceTypes are
only marked for removal. A place or PlaceType that
is marked for removal is inaccessible from a
browser but still exists in the file system.
-cleanup Deletes places or PlaceTypes that were previously
marked for removal through the remove command
or that were deleted through the Lotus QuickPlace
user interface. The ServerTasksAt2 NOTES.INI
setting includes qptool remove -cleanup, so that the
command runs by default at 2 AM.
Note that the -cleanup argument does not work on

places that are in the database cache. Since QPTool
-cleanup typically runs off-hours, places are not in
the database cache when the command is run. If
you run qptool remove -cleanup at other times, use
the dbcache flush command to flush databases from
the cache before using -cleanup. For more
information on the database cache, see Domino
Administrator Help.
-a Marks for removal or deletes all places on the
server. This argument does not run on PlaceTypes.
to mark for removal or to delete.
-pt PlaceTypes Specifies a PlaceType or a space-separated list of
PlaceTypes to mark for removal or to delete.

directory that specifies places or PlaceTypes to mark
for removal or to delete.
qptool.remove.xml in the server program directory.
Note: If you use Search Places on the server, do not use the -now argument to
remove places. Instead use the remove command without the -now
argument and mark the places for removal. After you mark the places for
removal, run the Catalog and Domidx tasks on the Domain Catalog server.
After the Domidx task has completed, use the remove command with the
-cleanup argument to remove the places. Follow this removal procedure to
ensure that information in documents from the deleted places is also
removed from the search index.
For more information on Search Places, see the chapter ″Completing Additional
Server Configuration Tasks.″
The following table provides examples of using the remove command.
Task Command
Mark the place P1 for removal >load qptool remove -p P1
Mark all places on the server for >load qptool remove -a
removal
Mark PlaceType PT1 for removal >load qptool remove -pt PT1
Mark places P1, P2, and P3 for >load qptool remove -p P1 P2 P3
removal
Mark places for removal that are >load qptool remove -i qptool.removeinput.xml
specified in the XML input file
qptool.removeinput.xml
Mark the place P1 for removal and >load qptool remove -p P1 -o
log output to the non-default XML qptool.removeoutput.xml
file qptool.removeoutput.xml
Remove the place P1 immediately >load qptool remove -p P1 -now
Remove all PlaceTypes on the server >load qptool remove -pt PT1 PT2 PT3 PT4 PT5
immediately. Note that you cannot -now
use the -a argument to remove all
PlaceTypes.
Reactivating a place mistakenly removed using QPTool

remove
If you remove a place using QPTool remove by mistake, (without the -now
argument), you can reinstate the place. To do so, from Notes, edit the database
titles of Main.nsf, Contacts1.nsf, and any PageLibraryxxx.nsf files for the place and
change them from [delete pending] to the name of the place. You must also use
qptool register -p placename to re-create the place document in the Place Catalog.

Completing the deletion of a place mistakenly deleted through
the file system
If you mistakenly use a file system command to delete a place, rather than the
QPTool remove command or the Lotus QuickPlace user interface, the place still has
a Place document in the Place Catalog and is still listed in My Places, although
users can’t access the place. To remove these references to the place, from Notes,
delete the place’s document from the Place Catalog, and delete the place’s mail-in
database entry from the Domino Directory.
Updating statistics in the Place Catalog

Use the QPTool placecatalog command to update statistics in the Place Catalog.
Use the placecatalog command for two purposes: to update PlaceLastModified and
the PlaceSize statistics, and to synchronize statistics in Place documents between a
master server and the other servers in a cluster.
Updating PlaceLastModified and PlaceSize statistics

Generally when a statistic for a place changes the Place document in the Place
Catalog is automatically updated to reflect the change. This automatic update
occurs immediately, or in the case of the PlaceLastAccessed statistic, within a
minute of the change.
Changes to the PlaceLastModified or the PlaceSize statistic are not updated in the
Place Catalog automatically however. To update these statistics in the Place Catalog
you use the placecatalog command with the -push argument on the place server.
By default the NOTES.INI file on a Lotus QuickPlace server includes the following
setting so that this command runs nightly at 3 AM to update the Place Catalog
with these two statistics for all places:
ServerTasksAt3=qptool placecatalog -push -a
Run the command manually, for example, before using the report command so that
you report up-to-date statistics.
Synchronizing Place document statistics in a cluster

Within a cluster, a place’s Place document for the master server might contain
different statistics than place documents for the other servers. Use the placecatalog
command with the -update argument on the Place Catalog server to synchronize a
place’s statistics across all Place documents. Use placecatalog -update, for example,
before using the report command in a cluster environment to ensure that the report
contains up-to-date statistics. For more information, see the chapter ″Administering
Lotus QuickPlace Servers in a Cluster.″
Syntax for the placecatalog command

The syntax for the placecatalog command is:
load qptool placecatalog arguments

-update Synchronizes statistics between the Place document
for the master server and the Place documents for
other servers. Run this command only on a Place
Catalog server.
-push Pushes PlaceLastModified and PlaceSize statistics
from this server to the Place Catalog. Run this
command only on a place server.
-a Updates statistics for all places on the server.
-p place(s) Updates statistics on a specified place or
-i inputfile Updates statistics on places specified in an XML
input file located in the server program directory.
default logs results to qptool.placecatalog.xml.
For more information on registering a server with the Place Catalog, see the topic
″Registering and unregistering places and servers on the server″ earlier in this
chapter, and the chapter ″Setting Up the Place Catalog.″
Generating reports about places and servers

Use the QPTool report command to pull information from the Place Catalog to
generate reports about places in the Lotus QuickPlace service and about servers
that use the service. You can use the report command on a place created prior to
version 7.0 only if you first use the qptool upgrade command to upgrade the place.
Using the report command, you can retrieve the following information from the
Place Catalog about places:
v Name
v Title
v Server name
v Size
v Date last accessed
v Date last modified
v Locked state
Note that although the Place Catalog lists the Readers, Authors, and Managers of
places you cannot use the report command to generate this information in a report.
Using the report command, you can retrieve the following information from the
Place Catalog about servers that use the Lotus QuickPlace service:
v Name
v Access Protocol
v Access TCP Port
v Access URL Prefix
If more than one server shares a Place Catalog, a report specifies data for all
servers in the service.

Before using the report command
Before you use the report command, do the following:
1. Make sure the Place Catalog is installed, populated, and full-text indexed.
2. Use the QPTool placecatalog command to update the statistics in the
PlaceCatalog.
For more information, see the topic ″Updating statistics in the Place Catalog″
earlier in this chapter.
3. Make sure the Place Catalog full-text index is up-to-date.
For information, see the chapter ″Setting Up the Place Catalog.″
To use the report command

The syntax for the report command is:
load qptool report arguments
The following table describes the arguments for this command.
-a Generates a report for all places.
-q query Generates a report on places that match the criteria
specified in a full-text query. In a query, you refine
a search by using operators in conjunction with any
of the following fields:
v PlaceName
v PlaceTitle
v PlaceServerName
v PlaceSize
v PlaceLastAccessed
v PlaceLastModified
For example, you can generate a report on all

places last accessed before a specified date.
Enclose a field specified in a query within brackets

[ ]. For information on using operators to refine a
search, see Notes Help.
-p place(s) Generates a report for a specified place or a
-s Generates a report using information in the
PlaceServers view for all servers listed in the Place
Catalog.
qptool.report.xml in the server program directory.
Examples of using the report command

The following table provides examples of using the report command.
Task Command
Report on a specific place >load qptool report -p placename

Task Command
Report on all places in the Place >load qptool report -a
Catalog
Report on all places whose size is >load qptool report -q [PlaceSize]>1000.
greater than 1000 kilobytes
Report on all places last accessed >load qptool report -q
before 5/30/2002 [PlaceLastAccessed]<5/30/2002
Report on all places last modified >load qptool report -q
after 5/30/2002 [PlaceLastModified]>5/30/2002
Report on all servers in the Place >load qptool report -s
Catalog using information from
PlaceServers view
Report on all places and log results >load qptool report -a -o qptool.myout.xml
to a non-default XML output file
qptool.myout.xml
Repairing places on the server

You can run the QPTool repair command to fix broken places on the Lotus
QuickPlace server. The repair command fixes very specific problems that are
described below. When the repair command fixes a problem on the server, record
as much information as possible about the original problem and then report this
information to a Lotus QuickPlace support technician, so that the technician can
reproduce the error and address the source of the problem.
The repair command is intended to get place up and running as soon as possible,
but it does not necessarily fix the source of the problem; rather, it renormalizes
data that is no longer synchronized. That is, until the source of the problem is
addressed, or until Lotus QuickPlace source code is fixed, the repair command will
work as a temporary solution. Use the Repair command for the following
problems.
Note: The Lotus QuickPlace Release Notes may describe additional situtations in
which to use QPTool repair.
Error: Entry not found in index or document has been deleted

When a document page is opened, Lotus QuickPlace checks if there is a draft
document associated with it, and if there is one, it shows two versions of that
page: the published version and the draft version. To do this, Lotus QuickPlace
checks a field in the published document called DraftVersionUNID. If a draft
document exists for this document page, the field contains the UNID of the draft
document.
The problem occurs either when 1) the field contains a UNID but the draft
document itself does not exist, which generates the ″Document has been deleted″
error, or 2) when the field contains a wrong UNID, which generates the ″Entry not
found in index″ error. This problem could be caused by abruptly ending a server
or client process (that is, if there is no transaction rollback).

Deleting one of multiple images causes image corruption
If there are multiple images on a page and one of the images is deleted, the
remaining images can become corrupted. Use the repair command to restore the
remaining images.
To use the repair command

The syntax for the repair command is:
load qptool repair arguments
-a Repairs all places on the server.
-p place(s) Repairs the specified place or space-separated list of
places.
-i inputfile Repairs places specified in an XML input file
located in the server program directory.
default logs results to QPTOOL.REPAIR.XML.
Cleaning up dead mail

Use the QPTool deadmail command to clean up Lotus QuickPlace dead mail.
The syntax for the deadmail command is:

load qptool deadmail arguments
-cleanup Cleans up Lotus QuickPlace dead mail.
-o outputfile Logs results to the qptool.deadmail.xml file by
default, or to an XML file that you specify.
Adding and removing graphic text fonts

Use the qptool commands addgraphicfont and removegraphicfont to make fonts
available or unavailable for use as graphic text in pages, logos, and sidebar items.
The addgraphicfont command can make any font that is already installed in the
server’s operating system fonts directory available for use in graphic text. The
removegraphicfont command makes a font unavailable. These commands affect
only the availability of fonts in graphic text, not font availability in other text.
Note: For offline places to display graphic fonts added to the server, the fonts
must already be installed in the fonts directory of the client machine.
The following table shows the default location of the fonts directory for each
operating system Lotus QuickPlace supports.

Operating system Fonts directory location
Windows C:/WINNT/Fonts
Solaris /usr/openwin/lib/X11/fonts/
AIX /usr/lpp/fonts/
i5/OS /QIBM/ProdData/Lotus/QuickPlace/TTFONTS/GRAPHICFONTS
The syntax for the command is:

load qptool addgraphicfont[removegraphicfont] arguments
-name typefacename Specifies a typeface name to add or remove, or a
space-separated list of typeface names to add or
remove. If a typeface name contains spaces, enclose
the name in quotation marks (″″).
-i inputfile Adds or removes typeface names specified in an
XML input file located in the server program
directory.
default logs results to the file
qptool.addgraphicfront[removegraphicfont].xml.
The following table provides examples of using the QPTool addgraphicfont

command.
Task Command
Add the Comic Sans MS typeface. > load qptool addgraphicfront -name ″Comic Sans
MS″
Add the Comic Sans MS typeface > load qptool addgraphicfront -name ″Comic Sans
and the BordeauxLight typeface. MS″ BordeauxLight
Executing an XML API file

Use the QPTool execute command to execute an XML API file. The syntax for the
execute command is:
load qptool execute arguments
-i inputfile Specifies the XML API file to execute. If you do not
specify a path, the default location is the Domino
program directory.
default logs results to qptool.execute.xml in the
Domino program directory.

For more information on using XML to access the Lotus QuickPlace API, see the
Lotus QuickPlace Developer’s Guide.

Chapter 9 Troubleshooting
This chapter describes how to troubleshoot problems you may encounter with
Lotus QuickPlace administration.
Troubleshooting user directory problems

This section describes and suggests solutions to problems related to the user
directory. For more information on the user directory, see the chapter ″Connecting
to a User Directory.″
Can’t add a name from the user directory

If Lotus QuickPlace manages the lookups to a user directory and a user entry in
the directory does not include an attribute configured for the Lotus QuickPlace
member lookup user interface, the Add Members window does not display the
user entry. For example, the default qpconfig.xml member_lookup_ui setting is
<column_name> <person>sn, givenname</person></column_name>. If the user
entry is missing the givenname attribute, the user’s name won’t display in the Add
Members window.
Make sure the attributes you configure for the qpconfig.xml member_lookup_ui
setting exist in the schema of the external user directory.
For more information, see the chapter ″Connecting to a User Directory.″
Names of external users and groups are missing or displayed

as distinguished names
If Lotus QuickPlace manages lookups to the user directory, this problem can occur
if an attribute mapped to common_name or display_name in qpconfig.xml is not a
valid attribute in users’ directory entries. For example, if display_name is mapped
to cn but user entries do not use the cn attribute, the users’ names display
incorrectly in places. Map common_name and display_name to valid attributes.
Mapping dn to display_name causes problems

If Lotus QuickPlace manages lookups to the LDAP directory, specifying
<display_name>dn</display_name> in the <user directory> <ldap> <schema>
section of qpconfig.xml causes problems with workflow, notifications, calendar
subscriptions, and access control. Mapping dn to the display name is not
supported. Map another attribute in the schema to display name instead.
Using the type-in method to add users from an external

directory does not always work
If Lotus QuickPlace manages lookups to the user directory and you use the type-in
method to add users from the directory, you can’t add users by
″lastname,firstname″ even though the user_lookup filter is sn,givenname.
Currently when you use the type-in method to search for a name to add, you can
specify only the first attribute of the user_lookup filter but not the second attribute.

If just lastname finds a unique entry in the directory, the user will be added to the
place correctly. (You can also add members by typing the fully distinguished name
(cn=joe smith,ou=orgunit,o=org or joe smith/orgunit/org). If your user_lookup
filter is uid={0} and you want to add users in the text area by uid, you must also
change the search_ui_index value in qpconfig.xml to be uid.
You cannot add new users with automatic lookup if more than
one match is found
The automatic lookup feature in Lotus QuickPlace takes the input string entered
and does a wildcard search for all matches in the directory. For example, a search
on Joan Smith finds Joan Smith and Joan Smithe. If more than one match is found,
the name is not added because Lotus QuickPlace doesn’t know which name is the
correct one to add. In this situation, use the directory lookup interface to find the
name to add.
Cannot add two users with the same distinguished name as

members
If Lotus QuickPlace manages lookups to the directory and two users in the user
directory have identical distinguished names, you can add only one of the names
as a member of a place, even though the users may differ in other attributes, such
as uid and password. Since the two users share one distinguished name, both can
sign in and are considered the same user by Lotus QuickPlace. To resolve the
problem, add a middle initial or other distinguishing character to one of the
distinguished names so they are no longer identical.
Cannot create a place that has the same name as a user in

the user directory
You see an error if you attempt to create a place that has the same name as a user
in the user directory. When creating a place, use a place name that is not also an
external user name.
Places do not show changes to user information made in user

directory
When you change user information in the user directory other than user
passwords, places do not automatically reflect the changes. For example, if you
change a user’s email address in the external directory, the QPTool sendmail
command continues to send mail to the old address. Use the QPTool
updatemember command to update the user information in places, or open the
member pages in edit mode and then save them.
The updatemember command does not change an external member’s distinguished

name that is used for access control and stored internally in places. If external
members’ distinguished names change in the user directory, use the QPTool
changemember command or changehierarchy command to update the
distinguished names in places.
″OK with Anonymous access″ shows rather than ″OK with

credentials″ when saving user directory settings
If Lotus QuickPlace manages user directory lookups and you configure Lotus
QuickPlace to present a name and password when connecting, you notice the

message ″OK with Anonymous access″ instead of ″OK with credentials.″ Ignore
this message. Lotus QuickPlace will access the directory using the credentials you
provided.
User directory set to localhost or 127.0.0.1 causes server

crash
If Lotus QuickPlace manages user directory lookups and you set the user directory
for the Lotus QuickPlace server to an LDAP directory using localhost or 127.0.0.1
as the server name, you get random crashes of the server. To correct the problem,
set the LDAP directory to the DNS name of the server. Using the string ″localhost″
or the address 127.0.0.1 for a directory on the same machine as the Lotus
QuickPlace server is not supported.
What’s New notification doesn’t work for users who access

rooms through group membership
Users who access rooms through group membership cannot not receive what’s
new email notifications. This restriction occurs because members of a group do not
have a member profile that allows them to set the preference to receive the
notifications.
Troubleshooting security problems

This section describes and suggests solutions to problems related to security.
A second cn component in name is preventing user

authentication
If Lotus QuickPlace manages user directory lookups and the second component of
a user name in an external directory is cn, by default Lotus QuickPlace converts
the cn component to ou in the ACLs of places. For example, if the distinguished
name of a user in an external directory is uid=abrown,cn=users,dc=acme,dc=com,
by default Lotus QuickPlace instead uses this name in place ACLs:
uid=abrown,ou=users,dc=acme,dc=com. This conversion can prevent a user from
signing in to the place using the name with the cn component from the external
directory.
To resolve this problem, use the qpconfig.xml user directory setting

secondary_cn_component.
A user can’t sign into a place after a distinguished name

change
If you change the distinguished names of external user members in the user
directory, Lotus QuickPlace does not automatically update the distinguished names
in places and users will be unable to sign into places using the new names. If
external user members’ distinguished names change in the user directory, use the
QPTool changemember command or changehierarchy command to update the
distinguished names in places.
Chapter 9 Troubleshooting 133

User can’t sign in after name change in Domino Directory
If your LDAP directory is Domino Directory and use the Domino Administrator
client to change the last name of a user, the user can no longer log into places
using the short name. Use the Notes client rather than the Domino Administrator
client to change user names in a Domino Directory.
In a third-party authentication environment, users with

non-standard names are unable to authenticate
If you Lotus QuickPlace manages lookups to the user directory and a third-party
authentication application such as Netegrity SiteMinder finds distinguished names
that contain components other than the cn, ou, and o components familiar to
Domino, users can experience authentication failures. To workaround this problem,
use the user directory setting dn_incoming_is_native setting in the qpconfig.xml
file.
In a third-party authentication environment, users with

multi-character delimiters in their names are unable to
authenticate
If Lotus QuickPlace manages lookups to the user directory and you use a
third-party authentication product such as Netegrity SiteMinder, users with
distinguished names that contain multi-character delimiters that include a comma
or semicolon can experience user authentication failures. Use the dn_delimiter
setting in the user directory section of the qpconfig.xml file to workaround this
problem. For more information, see the chapter ″Connecting to a User Directory.″
Users are rechallenged for credentials when publishing and

lose their edits
When a user publishes a document after a long editing session, the user can be
rechallenged for credentials and lose the edits. When multi-server session
authentication (single sign-on) is used, there is a set time at which the LTPA
cookies expires, by default 30 minutes. To workaround this, set the timeout period
to a higher value, for example 10 hours. Or use a different authentication
mechanism that is based on user activity rather than absolute time.
If place member and super user have same name, the super
user gets member access
When you create a super user, they have manager access to places on the server.
But if you then open a place and add the super user (or someone with the same
name) as a place member with reader access, the Super User will only have Reader
access to the place.
Conversely, if a place has a member with reader access, and you then make the
member (or someone with the same name) a Super User, the Super User will only
have Reader access to that place.
A user who is a member of a group is not getting the

expected access
If you use the standard membership model and add a user name as a member of a
place or a room in a place and also add a group the user belongs to as a member,

the user’s access is determined by the access set for the user name rather than the
access set for the group name. This is the same security model used in Domino. If
you use expanded membership, the user’s access is determined by the access set
for the group name.
Troubleshooting QPTool problems

This section describes and suggests solutions to problems that can occur when
using QPTool commands. For more information on QPTool commands, see the
chapter ″Using QPTool Commands.″
Changehierarchy command adds entries to the Place Catalog

in situations when it shouldn’t
If the changehierarchy command puts an entry in the Place Catalog even when the
Place Catalog is disabled or when it is run on the quickplace place, enter the
following QPTool command to correct the problem:
Addmember command fails when you mistakenly use the -g

argument to add an individual user
If you use the addmember to add an individual user as a member of a place, and
you use the -g argument by mistake, the user is partially added as a group and the
addmember command fails. To correct the problem, use qptool unlock -p placename
to unlock the place, then delete the partial entry from the Members view. Add the
name back correctly using addmember without the -g argument.
Must unlock archived place before moving it back and

registering
When you use the QPTool archive command to archive a place, and then use
QPTool remove or QPTool remove -now to remove the place, an error is displayed
if you copy the place back from the archive directory and then try to use QPTool
register to register it. To correct the problem, use the QPTool unlock command to
unlock the place, and then register it.
QPTool changemember appears to change a user to a group

Changing a user into a group using the QPTool changemember command is not
allowed. However, the change will appear to have worked if you omit the -targetg
flag required for specifying the target group.
QPTool report returns the error ″Database is not full-text

indexed″
If you run the QPTool report command and the server console displays the error
″Database is not full-text indexed,″ the server is using a default local Place Catalog
that is not yet populated. To correct the problem, take one of the following steps:
v Populate the local Place Catalog and update its full-text index.
v Remove the local Place Catalog, specify the name of the local Place Catalog in
the qpconfig.xml file, and restart the server.
v In the qpconfig.xml file specify a Place Catalog on another server and restart the
server.

Uppercase place names specified in XML input are converted
to lowercase
If you use XML as input to a QPTool command, any uppercase characters in place
names are converted to lower case. This is equivalent to the behavior when
creating a place through the user interface. For example, if the following XML is
used as input to the QPTool execute command, the resulting place name will be
″createplace1_3″.
<service>
<servers>
<server local="true">
<places>
<place action="create">
<name>CreatePlace1_3</name>
<title>John Lennon’s Create Test Place # 3</title>
<members>
<person>
<dn>cn=John Lennon,ou=People1,o=haiku</dn>
</person>
</members>
</place>
</places>
</server>
</servers>
</service>
QPTool does not archive a place that already exists in the

specified archive directory
If you run QPTool archive on a place that already exists in the target archive
directory, the archived place is not updated. No error message occurs in this
situation. Delete the existing archive or rename the existing archive before running
QPTool archive, or archive to a different directory.
Can’t use QPTool commands on a place whose name begins

with a hyphen
If you are unable to use QPTool commands on a place whose name begins with a
hyphen, use an input XML file instead of -p (or -pt) to work around the problem.
For example, if you want to archive a place whose name begins with a hyphen,
perform the following steps:
1. Enter the following command:
load qptool unlock -p anotherplacewithoutthisproblem
2. Open the qptool.unlock.xml file, and change anotherplacewithoutthisproblem to
-placenamethat beginswithhyphen.
3. Save the file.
4. Enter the following command:
load qptool archive -i qptool.unlock.xml -dir d:\archivedirectory
QPTool changemember does not change the name in existing

page banners
When you use the QPTool changemember command to change the name of a user
in places, the original user name continues to show in the page banners of pages
the user created under the original name. The h_AlternateName field shows the
original author’s display name. Edit the page and save it to display the new name
instead.

QPTool remove -cleanup after QPTool remove -p placename
not working
If using QPTool remove -cleanup after QPTool remove -p placename does not
remove the place from the file system, perform the following steps to correct the
problem:
1. From the server console, enter the following command after entering QPTool
remove -p placename to clear any connections to the databases that you want
to remove:
dbcache flush
2. Run the following command:
load qptool remove -cleanup
In most instances, forcing a flush of the cache is not needed since QPTool remove
-cleanup runs off hours after the cache has already been cleared.
Problem using nqptool commands on server/program

command line
The server/program command line has an 80-character limit. If you are entering an
nqptool command longer than 80 characters, it will not execute. Use either the
Domino server console or the command prompt, or use an input file and run
nqptool execute -i <inputfilename>.
Troubleshooting offline problems

This section describes and suggests solutions to problems that can occur when a
server is set up to allow users take places offline with Domino Off-Line Services
(DOLS.) For information on setting up Lotus QuickPlace for users to take places
offline, see the Lotus QuickPlace Installation and Upgrade Guide.
New rooms not installing to offline place during

synchronization
When users install places offline, DOLS installs any rooms that are part of the
place. However, if new rooms are added to the online place, those rooms do not
get downloaded offline during subsequent synchronizations.
Users should do the following to download the new rooms to the offline place:
1. Open the place offline.
2. Click ″Work Offline″ in the table of contents.
3. Click ″Offline Options.″
4. Select the rooms you want to synchronize offline.
5. Re-run synchronization to replicate the rooms offline.
Users are unable to sign in offline

If users are unable to sign in offline, make sure that users have added offline
passwords to their Member Profiles or that all places on the server or this
particular place are configured to use the Lotus QuickPlace sign-in passwords for
offline use. Also make sure that the setting EXTMGR_ADDINS=value exists in the
Lotus QuickPlace server’s notes.ini file, where value is one of the following
v nqpextmgr.dll (Windows)
v libqpextmgr_r.a (AIX)

v libqpextmgr.so (Solaris)
v qpexmgr (i5/OS)
Note: Make sure there is a blank line at the end of the notes.ini file.
User installing offline using Sun ONE Portal Server is

prompted to reauthenticate
Make sure that the Lotus QuickPlace server has the following notes.ini setting:
NoWebFileSystemACLS=1
Users can’t install places offline in a Netegrity SiteMinder

environment
Make sure the ″DSAPI filter file names″ field in the Server document lists the
DOLS DSAPI filter first.
1. Open the Server document in the Domino Directory,
3. Make sure one of the following values is the first one in the ″DSAPI filter file
names″ field:
4. On Windows: ndolextn
5. On AIX or Solaris: libdolextn
6. If you make a change to the field, enter the following command at the server
console:
restart server
Note: The recommended order of the three DSAPI filters (DOLS, Netegrity
SiteMinder, and QuickPlace) in the ″DSAPI filter file names″ field is:
1. DOLS DSAPI filter
2. Netegrity Siteminder DSAPI filter
3. QuickPlace DSAPI filter
Users see ERROR 500 message when installing offline

If users have problems installing offline and see ERROR 500 messages indicating
problems downloading offline configuration data, make sure the value in the
″DSAPI filter file names″ field in the Server document is correct.
1. Open the Server document in the Domino Directory.
3. Make sure the ″DSAPI filter file names″ field includes one of the following
values:
v On Windows: ndolextn
v On AIX or Solaris: libdolextn
4. If you make a change to the field, enter the following command at the server
console:
restart server

A PlaceBot does not run offline
Make sure the PlaceBot is not a scheduled agent. DOLS does not support
scheduled agents. Check that the groups DOLS_Restricted_Agents and
DOLS_Unrestricted_Agents exist and that their security settings are correct. For
more information on these groups, see Domino Administrator Help.
Offline users can’t edit their member profiles when Sametime

is enabled and the place name begins with ″QuickPlace″
If you’ve enabled Sametime integration with Lotus QuickPlace, users cannot see
the View Profile link in the Members view needed to set their offline passwords in
member profiles if the name of the place begins with the string ″QuickPlace.″
To work around this problem, temporarily disable the chat functionality and use
the qptool register -install command to rename the place to begin with something
other than ″QuickPlace.″ Or, leave chat active and add the offline password by
clicking on the author link of a page and then clicking the View Profile menu link
to bring up the member profile.
Users with flat names can’t take places offline

Users with flat names can’t take places offline. Flat names are names without
distinguishing components, for example, cn=Ellen Brown. To correct the problem,
add distinguishing components to flat names. For example, change ″cn=Ellen
Brown″ to ″cn=Ellen Brown,o=acme.″
Users who install offline to Windows 2000 client are prompted

for Web Application password
Users should enter their offline passwords and confirm them and Offline install
will complete. This is the correct behavior if you are running multi-server single
sign-on authentication, client certificate SSL, or any other Internet authentication
security where the Internet password is not available to the DOLS download
control when users go offline.
Offline not working for external users after changemember or

changehierarchy commands used
Before using the changemember command to change a user or the changehierarchy
to change several users, instruct the affected offline external users to synchronize
data. After you run changemember or changehierarchy, tell the users to reinstall
the offline places.
Offline is not working for a super user

Offline functionality is not supported for a super user.
Offline users can’t use places and rooms accessed through

group membership
To use a place offline, users must be individual members (external or local) of the
place and any rooms. A user who has access to a place or rooms through a group
membership (external or local), cannot use the place or rooms offline.
Offline authors or readers see synchronization errors

Offline authors or readers see the following errors when they synchronize with
online places:

Author sees this error: Last sync status: Sections:2 - Errors:1 - Docs Received:0 -
Docs Sent:0
Reader sees this error: Last sync status: Sections:2 - Errors:2 - Docs Received:0 -
Docs Sent:0
These errors are expected behavior and are due to the fact that authors and readers
have limited write access or no write access to the server. Managers of places do
not see these errors because they have full access.
Problem installing places offline on Windows

To install places offline on Windows 2000 Professional or Windows XP
Professional, a user must have administrative rights to the workstation. Once the
place is installed, a user with limited rights or guest rights can use the place.
Cannot install places with the same name from two different
servers
If a user installs two offline places from two different servers and the places have
the same name, only the most recently installed place will open offline; the other
offline place is unusable. This is a known DOLS limitation.
Users who do not fill in offline passwords cannot install

places offline
Users who forget to fill in their offline passwords in their Member Records cannot
install offline and they see an Error 500 message. Make sure that users who plan to
go offline add Offline Passwords to their Members Records.
Offline users can’t send e-mail from a place

If you use the name_translation setting in qpconfig.xml, offline users whose names
are translated cannot send e-mail from a place.
For more information on the name_translation setting, see the chapter ″Connecting
to a User Directory.″
Database authorization failures occur during Domain Catalog

indexing when server is set up for Search Places and offline
use
If you use Search Places on a server that is set up for DOLS, and the server’s
LDAP directory is not a Domino directory or is a Domino directory in a different
domain than the Domain Catalog server, use the notes.ini setting
QuickPlaceExtensionManagerAllowServers=1 on the offline server. This setting
gives the Domain Catalog server access to the Lotus QuickPlace server’s databases.
If you don’t use this setting, database authorization failures occur during Domain
Catalog indexing.
Troubleshooting Sametime problems

This section describes and suggests solutions to problems that can occur when
Lotus QuickPlace is set up to use Sametime. For information on setting up Lotus
QuickPlace to work with Sametime, see the Lotus QuickPlace Installation and
Upgrade Guide.

Users can’t schedule meetings from a place
If users can schedule meetings directly from Sametime but not from a place, the
following situations can be the cause:
v The name used for integration with Sametime and Lotus QuickPlace in
stconfig.nsf is not in the [SametimeAdmin] role. Add the user name to the role.
v The password for the user name is mistyped in qpconfig.xml. Correct the
password in qpconfig.xml.
v Sametime uses the Domino Directory over NRPC but Lotus QuickPlace uses an
LDAP directory. Correct by using the LDAP directory for both products.
v You’ve restarted the Sametime server but haven’t restarted the Lotus QuickPlace
server. Restart the Lotus QuickPlace server after restarting the Sametime server.
v The ″Members can schedule online meetings″ feature is disabled in the place. To
correct the problem, sign into the place, click Customize, click Basics, and click
Change Basics. Under the Real-time collaboration heading, check the box next to
″Members can schedule online meetings.″
Sametime is not working for local users

Only users registered in an LDAP directory can use Sametime features. Lotus
QuickPlace, rather than Domino, must manage the lookups to the LDAP directory.
Online awareness not working for users whose names contain

accented characters
Users should sign in with names that do not contain accented characters.
External users with flat names cannot join online meetings

that they publish
External users that have flat names, for example cn=Jack Black, cannot join online
meetings that they publish. Users who publish online meetings in a place should
have names with distinguishing components rather than flat names.

Appendix A Lotus QuickPlace notes.ini Settings
This appendix summarizes the notes.ini settings used in Lotus QuickPlace. When
you edit the notes.ini file, make sure to leave a blank line at the end of the file.
Press Enter to create a blank line, if necessary.
Web page cache settings

Setting Description
QuickPlaceWebCacheDir Sets the cache directory
QuickPlaceWebCacheEnabled Disables or enables the cache
QuickPlaceWebCacheGCIntervalInMIN Sets the time interval for cache cleaning
QuickPlaceWebCacheLimitInMB Sets the cache size limit
QuickPlaceWebCacheLogging Enables Web page cache logging
QuickPlaceWebCacheUsers Sets the cache for anonymous users only
For more information on these settings, see the chapter ″Completing Additional
Server Configuration Tasks.″
Offline settings
The following table lists and briefly describes notes.ini settings used to set up
Lotus QuickPlace for users to take places offline.
For more information on these settings, see the Lotus QuickPlace Installation and
Upgrade Guide.
Setting Description
$DOLS_TCPIPAddress Used to configure a Lotus QuickPlace server
cluster that uses the IBM Network Dispatcher
to work with Domino Off-Line Services.
CheckCacheBeforeDSAPI Enables authentication to work for offline
users.
EXTMGR_ADDINS Enables Domino Off-Line Services to work
with Lotus QuickPlace.
NoWebFileSystemACLS Used to configure a Lotus QuickPlace server
and Sun ONE Portal Server to work with
Domino Off-Line Services.
Server logging settings

You can use notes.ini settings to log a variety of Lotus QuickPlace server activities.
Output is logged to the server console and to the log file (log.nsf). Logging can be
useful for troubleshooting problems. Since logging degrades server performance,
enable it on a temporary basis only.
To enable a specific type of logging, add the following line to the notes.ini file on
the Lotus QuickPlace server:

setting=level
where setting is a logging setting listed in the following table and level is the
desired level of logging.
For example:
QuickPlaceAuthenticationLogging=5
The following table describes the logging settings and the highest level of logging
available for each. The higher the level of logging you specify, the more verbose
the output. The default and lowest logging level, 0, logs only errors.
Logging setting Levels Description

QuickPlaceArchiveLogging 1 Archive tool logging.
QuickPlaceAuthenticationLogging 5 Authentication logging for authentication
events, failures, successes, group expansion,
and names list generation.
QuickPlaceCalendarSubscriptionLogging
0 Calendar event logging; 0 indicates this is
always on.
QuickPlaceCompressionLogging 1 Page compression logging.
QuickPlaceDbCommandPerformanceLogging
3 Server command performance logging.
QuickPlaceDOLSLogging 2 Domino Off-Line Services logging.
QuickPlaceDSAPILogging 5 DSAPI interface logging.
QuickPlaceExtensionManagerIfLogging
2 Offline place installation logging.
QuickPlaceHTTPInterfaceLogging 2 Lotus QuickPlace and Domino HTTP
interaction logging. It is useful primarily as
a first step toward isolating user
authentication problems or problems related
to the interaction between Lotus QuickPlace
and Domino. Use with other logging
settings, for example,
QuickPlaceAuthenticationLogging, it
provides a clearer picture of URL
processing.
QuickPlaceJavaLogging 5 Java Debug logging.
QuickPlaceJavaServerLogging 3 Java Server logging.
QuickPlaceJniLogging 1 Java Native Interface (JNI) to C++ layer
logging.
QuickPlaceJvmLogging 1 Java Virtual Machine logging.
QuickPlaceLargePOSTLogging 1 Large uploads logging.
QuickPlaceLockLogging 1 Place Lock tool logging.
QuickpPlaceLtpaLogging 1 LTPA logging when Domino manages
directory lookups.
QuickPlaceMailLogging 4 Lotus QuickPlace e-mail process logging.
QuickPlaceMembershipModelLogging
2 Expanded membership logging.
QuickPlaceMyPlacesLogging 3 My Places logging.
QuickPlaceQOMLogging 4 Object model logging.
QuickPlaceObjectPoolLogging 2 ObjectPool Memory management for
PlaceCatalog logging.

QuickPlacePerformanceLogging 1 Performance data collector logging.
QuickPlacePlaceCatalogLogging 4 Place Catalog logging.
QuickPlacePlaceCatalogQueryLogging
4 Queries into Place Catalog logging; use
level 4 to include more details on My Places
queries and QPTool report command
queries.
QuickPlacePlaceTypeCentralRefreshLogging
4 Place type refresh logging.
QuickPlaceSearchPlacesLogging 2 Search across places logging.
QuickPlaceSpellCheckEngineLogging
1 Spell checker engine logging.
QuickPlaceStyleSheetAttributeCmdLogging
2 Style sheet processing logging.
QuickPlaceStubMakerLogging 3 Stub creator logging for Lotus QuickPlace
cluster support.
QuickPlaceToolLogging 1 QPTool logging.
QuickPlaceUpgradeLogging 4 Upgrade logging (upgrade places).
QuickPlaceUserCacheLogging 1 User cache parameter logging.
QuickPlaceUserDirectoryLogging 1 User directory logging (applicable only
when Lotus QuickPlace manages lookups to
an LDAP directory) .
QuickPlaceWebCacheLogging 3 Web caching logging (caches pages sent to
browser).
Client logging settings

Use the following notes.ini settings on the Lotus QuickPlace server to enable client
logging. To use a specific setting, add the following line to the notes.ini file:
Setting=level
The table shows the highest level of logging available for each setting. The higher
the level of logging you specify, the more verbose the output. The default and
lowest logging level, 0, logs only errors.

$h_Debug 1 Enables the browser to display detailed
messages about JavaScript™ errors that
occur on the client, rather than the general
Lotus QuickPlace message, ″Unable to
process your request at this time.″
$h_ClientDebugConsole 5 Displays a console log on all clients that
access the Lotus QuickPlace server. For
Internet Explorer, the console log is an
additional browser window, and for other
browsers the console log is the JRE Java log
console. Use this setting on a temporary
basis to help IBM Support troubleshoot
specific client-side problems.
Appendix A Lotus QuickPlace notes.ini Settings 145

h_ExceptionDetail=1 1 Adds the source code name and line
number from which errors and warnings
are generated to the error and warning
messages that the server sends to the
browser. Use this setting on a temporary
basis to help IBM Support troubleshoot a
problem.
Logging degrades performance, so enable it on a temporary basis only.
Attachment and file import logging

If you encounter attachment or file import problems from the client, you can
enable upload control logging on the client to help troubleshoot the problem.
Create an environment variable called QPCTRLLOG whose value is the path and
filename of the log file to use. Whenever the browser engages the upload control,
the upload control appends a log sequence to the log file. Do not leave logging
enabled because the log file will continue to grow and can cause the client to run
out of disk space.
Other settings
The following table lists and briefly describes a variety of notes.ini settings not
included in the previous tables.
Setting Description
$h_MailDomain Specifies the domain of the server that hosts
the place to which Lotus QuickPlace routes
replies to e-mail generated from places. For
more information, see the chapter ″Completing
Additional Server Configuration Tasks.″
h_ScopeURLinQP Enables image caching in environments that do
not use single sign-on authentication. For more
information, see the chapter ″Completing
Additional Server Configuration Tasks.″
h_UndelivMail Specifies the place to which Lotus QuickPlace
routes replies to e-mail generated from places.
For more information, see the chapter
″Completing Additional Server Configuration
Tasks.″
NoWebFileSystemACLs Prevents anonymous access to files in the html
directory and is part of setting up single
sign-on authentication. For more information
see the chapter ″Setting Up Security.″
PLATFORM_CSID Required on UNIX servers to support names in
a user directory that contain accented
characters. For more information, see the
chapter ″Connecting to a User Directory.″
QuickPlaceExpireCachedUsers Specifies the length of time user entries remain
in the user cache. For more information, see the
chapter ″Setting Up Security.″

Setting Description
QuickPlaceExtensionManagerAllowServers Gives a Domain Catalog server the access to
index the places on a Lotus QuickPlace server
that uses the Search Places feature and Off-Line
Services. For more information, see the chapter
″Completing Additional Server Configuration
Tasks.″
QuickPlaceMaxCachedUsers Specifies the maximum number of users
allowed in the user cache. For more
information, see the chapter ″Setting Up
Security.″
QuickPlaceNestedGroupLimit Allows searches of nested groups in the user
directory. For more information, see the chapter
″Connecting to a User Directory.″
QuickPlaceUpgradeServerOnStartup Controls whether a server is upgraded on
startup. For more information, see the Lotus
QuickPlace Installation and Upgrade Guide.
ServerTasksAt Used to schedule qptool commands -- such as
refresh, deadmail, placecatalog, and newsletter
-- to run daily. For more information, see the
chapter ″Using QPTool Commands.″
Appendix A Lotus QuickPlace notes.ini Settings 147

Notices
This information was developed for products and services offered in the U.S.A.
IBM may not offer the products, services, or features discussed in this document in
other countries. Consult your local IBM representative for information on the
products and services currently available in your area. Any reference to an IBM
product, program, or service is not intended to state or imply that only that IBM
product, program, or service may be used. Any functionally equivalent product,
program, or service that does not infringe any IBM intellectual property right may
be used instead. However, it is the user’s responsibility to evaluate and verify the
operation of any non-IBM product, program, or service.
IBM may have patents or pending patent applications covering subject matter
described in this document. The furnishing of this document does not grant you
any license to these patents. You can send license inquiries, in writing, to:
IBM Director of Licensing
IBM Corporation
North Castle Drive
Armonk, NY 10504-1785
U.S.A.
The following paragraph does not apply to the United Kingdom or any other
country where such provisions are inconsistent with local law:
INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS
PUBLICATION “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER
EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS
FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or
implied warranties in certain transactions, therefore, this statement may not apply
to you.
This information could include technical inaccuracies or typographical errors.

Changes are periodically made to the information herein; these changes will be
incorporated in new editions of the publication. IBM may make improvements
and/or changes in the product(s) and/or the program(s) described in this
publication at any time without notice.
Any references in this information to non-IBM Web sites are provided for
convenience only and do not in any manner serve as an endorsement of those Web
sites. The materials at those Web sites are not part of the materials for this IBM
product and use of those Web sites is at your own risk.
IBM may use or distribute any of the information you supply in any way it
believes appropriate without incurring any obligation to you.
Licensees of this program who wish to have information about it for the purpose
of enabling: (i) the exchange of information between independently created
programs and other programs (including this one) and (ii) the mutual use of the
information which has been exchanged, should contact:
IBM Corporation
Office 4360

One Rogers Street
Cambridge, MA 02142
U.S.A.
Such information may be available, subject to appropriate terms and conditions,

including in some cases, payment of a fee.
The licensed program described in this information and all licensed material
available for it are provided by IBM under terms of the IBM Customer Agreement,
IBM International Program License Agreement, or any equivalent agreement
between us.
Information concerning non-IBM products was obtained from the suppliers of

those products, their published announcements or other publicly available sources.
IBM has not tested those products and cannot confirm the accuracy of
performance, compatibility or any other claims related to non-IBM products.
Questions on the capabilities of non-IBM products should be addressed to the
suppliers of those products.
This information contains examples of data and reports used in daily business
operations. To illustrate them as completely as possible, the examples include the
names of individuals, companies, brands, and products. All of these names are
fictitious and any similarity to the names and addresses used by an actual business
enterprise is entirely coincidental.
Trademarks
The following terms are trademarks of International Business Machines
Corporation in the United States, other countries, or both:
AIX
Domino
Domino Designer
IBM
i5/OS
iSeries
Lotus
Lotus Notes
Notes
OS/400
QuickPlace
Sametime
Secure-Way
WebSphere
Microsoft and Windows are trademarks of Microsoft Corporation in the United

States, other countries, or both.
Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the
United States, other countries, or both.
UNIX is a registered trademark of The Open Group in the United States and other
countries.
Other company, product, or service names may be trademarks or service marks of

others.

Index
Special characters B D
-i argument Backing up DBCS (double-byte character set)
QPTool 99 Lotus QuickPlace 9 settings for 44
$h_MailDomain setting base_dn setting Dead mail
described 94 described 26 cleaning up 128
Basic refresh DeadMailQP.nsf
described 50 described 94
A browser_caches_place_content enabled
setting
Design
PlaceTypes and 47
Access
described 81 Display names
administrator 69, 70
Browsers updating in places 105
controlling for server 69
authentication and 65 display_name setting
creating places 71, 72, 73
cache settings 81 described 19
super user 73
clearing cache 81 Distinguished names
ACLs
troubleshooting 24
expanded membership and 74
dn_delimiter setting
ActiveX
enabling 83, 84 C described 24
dn_incoming_is_native setting
Administration place Cache
described 24
server settings 83 clearing browser 81
Documentation
Administration PlaceTypes room enabling logging 90, 143
additional for i5/OS 12
deleting PlaceTypes from 55 images 92
overview of 11
refreshing PlaceTypes from 53 Cache settings
DOLS
Administration settings browser 81
logging 143
specifying 5 page 90
troubleshooting 137
Administration tools user 68
Domain Catalog
described 5 Calendar events
authorization errors 85
Administrators logging 143
configuring 85
changing passwords for 71 Calendars
Domain Catalog server
modifying information for 69 integrating e-mail with 83
described 85
removing 69, 70 Microsoft Outlook 93
Domain Search
signing in as 9 Notes 5 93
enabling 85
specifying 69, 70 CGI variables
domcfg.nsf
Advanced Search displaying in source pages 92
creating 67
described 85 cgi_variables setting
Domino Off-Line Services
Agents. See PlaceBots 83 described 92
Search Places feature with 85
Anonymous access clear_browser_cache setting
Domino Web Server Configuration
user directory and 29 described 81
database
API file, XML Client
creating 67
executing 129 logging 145
domino_server_name setting
Archived places Clusters
described 39
restoring 119 adding servers 59
Double-byte character set (DBCS)
Archiving overview 57
settings for 44
places 119 Place Catalog entries for 61
DSAPI
Attachments QPTool commands in 99
authentication and 65
blocking HTML scripts in 81 removing servers 63
interface logging 143
client logging 145 replica stub creation 114
restricting size 83 replica stub creation logging 143
Authentication setting up 59
browsers and 65 settings for Place Catalog 61 E
cache settings and 68 synchronizing statistics 124 email setting
logging 143 types of 57 described 19
search filters 20 common_name setting Errors
single sign-on 65, 66, 67 described 19 troubleshooting 127
time-out settings 18 Compression Exact match option
troubleshooting 24 disabling 92 in search filters 20
Authorization logging 143 Examples
errors with Domain Catalog 85 connection_pool setting expanded membership 74
described 39 Exiting
Lotus QuickPlace 8

Expanded membership h_UndelivMail setting LDAP directories (continued)
access control differences 74 described 94 testing access 29
changing directory configuration 79 Hierarchy, name LDAP RFC 3377
described 74 changing 104 dn_delimiter setting and 24
disabling 77 HTML scripts LDAP servers
examples 74 blocking in attachments 81 expanded membership and 74, 77,
groups 74, 79 HTTP 78, 79
important points 74 logging 143 Links
logging 80 blocking protocols in 80
setting up 77, 78, 79 Locking places
troubleshooting 107
user interface differences 74
I commands for 118
Log files
i5/OS
expanded_membership_model setting extracting information from 95
administration tasks 9
described 77 log_level setting
IBM Directory Server
External users described 39
directory settings for 28
search filters for 20 Logging
Images
notes.ini settings for 90, 114, 143, 145
caching 92
user activity 95
in footers 94
F Inheritance
Lotus QuickPlace schema
mapping to 19
File import folders 51
LTPA
client logging 145 folders and 50
logging 143
Firewalls membership in PlaceTypes 49
LDAP directories and i5/OS 16 PlaceBots 54
first_name setting refresh and 50
described 19 rooms and 50, 51 M
Folders Invitations Mail
refreshing 50 password prompt in 93 ambiguous names and 93
replacing 51 iPlanet. See Sun Java System Directory configuring replies to 94
Fonts Server 28 expanding groups 93
adding and removing 128 gateway server URL for 83
footer setting integrating with calendars 83
described 94
Footers
J logging 143
notification settings 93
Java
specifying 94 routing 1
logging 143
sending to place members 111
Java applets
Mail addresses
enabling 83
G JavaScript
updating in places 105
Mail template
Gateway server client logging 145
sample file 111
URL for 83
Mail, dead
Graphic fonts
cleaning up 128
adding and removing 128
Group names
L Master server
Language dictionaries described 61
adding 100
i5/OS 10 master setting
changing 102
last_name setting described 61
changing hierarchy 104
described 19 member setting
removing 109
LDAP directories described 19
special characters in 35
accented characters 29 member_lookup_ui setting
Group searches
and SSL connections 27 described 23
specifying a search base for 26
anonymous access 29 Members
group_lookup setting
comparison of options for 14 adding 74, 100
described 20
connecting to 16 changing hierarchy 104
group_membership setting
customizing lookup interface 23 changing names 102
described 20
customizing searches of 20 expanded membership 74
Groups
disconnecting from 30 removing 109
behavior of 30
expanded membership and 74, 77, updating information 105
expanded membership 74, 79
78, 79 Membership
expanding in e-mail 93
firewalls and i5/OS 16 inheriting in PlaceType 49
nested 27
Lotus QuickPlace schema and 19 through groups 30
search filters for 20
nested groups 27 Microsoft Outlook
search base for groups 26 calendar notifications 93
setting up Domino management MSSO
H of 16 configuring 66, 67
h_Managers setting up QuickPlace management My Places
in task pages 50 of 18, 19 custom applications for 88
h_ScopeURLinQP setting special characters in names 35 logging 143
described 92 switching 28 open_new_window setting 88

My Places (continued) Password message Places, archived
place_ui setting 88 invitations and 93 restoring 119
password_message setting PlaceSize statistics
described 93 updating 124
N Passwords
changing for administrators 71
PlaceTypes
copying 54
Names
expanded membership 78 creating 47
accented characters in 29
resetting 108 creating descriptions of 47
adding 100
Performance deleting 55
changing 102
image caching and 92 described 47
logging 143 expanded membership and 74
PlaceTypes, reordering 48
page caching and 81 hiding from list 48
removing 109
Web page caching and 90 inheritance and 49
Phone numbers ordering list of 48
updating in places 105
updating in places 105 PlaceBots and 54
Netegrity SiteMinder
phone setting refreshing 49, 116
troubleshooting 24
described 19 refreshing with 50, 53
New features
Place Catalog removing 122
described 1, 3, 5
cluster information in 61 replacing with 51
Newsletters
described 37, 41 replication 114
sending 110
logging 143 updating 49
notes.ini settings
registering places and servers 37 Port settings
cache 68, 90, 92
reports 125 changing 112
client logging 145
setting up 37 Protocol settings
double-byte character set 44
settings 37 changing 112
logging 114
statistics 124 Protocols
mail 94, 128
updating 41 blocking in link URLs 80
newsletter 110
Place Catalog servers
offline setup 143
recovering 44
Place Catalog 124
places and PlaceTypes 122
Place documents
updating statistics 124
Q
server logging 143 qpconfig_sample.xml
Place Lock
single sign-on 67 described 5
logging 143
Notification settings qpconfig.xml
place_catalog setting
described 93, 94 browser cache settings 81
described 39
NoWebFileSystemACLs setting CGI variable setting 92
place_catalog_servers setting
described 67 cluster settings 61
described 39
nsf_filename setting configuring for Place Catalog 37
place_ui setting
described 39 creating 6
My Places 88
described 5
PlaceBots
expanded membership settings 77
enabling 83
O expanded membership and 74
footer setting 94
LDAP directory settings 19
Object model signing 54
LDAP settings 26
logging 143 PlaceLastModified statistics
notification settings 93
object_class setting updating 124
search places settings 87
described 19 Places
security settings 80, 81
object_class_value setting access to create 71, 72, 73
Sign In and Sign Out settings 91
described 19 adding members 100
super user setting 73
Offline access archiving 119
user directory settings 20, 24
download URL 83 changing member names 102, 104
QPTool
notes.ini settings for 143 expanded membership in 79
-i argument with 99
passthru servers and 83 inheritance and 49
clusters and 99
troubleshooting 137, 143 invitations to 93
described 99
open_new_window setting locking and unlocking 118
logging 143
My Places 88 moving 120
troubleshooting 135
PlaceTypes and 47
QPTool achive command
refreshing 50, 53, 116
logging 143
P registering 112
removing 122
QPTool addgraphicfont command
Page compression described 128
removing members 109
disabling 92 QPTool addmember command
renaming 120
Pages adding place members 100
repairing 127
CGI variables in 92 QPTool archive command
replacing 51
specifying footer for 94 archiving places 119
replication 114
Parameters QPTool changehierarchy command
reports on 125
My Places URL 88 changing hierarchy 104
updating member information 105
Passthru servers QPTool changemember command
enabling 83 changing names 102
Index 153
QPTool deadmail command Refresh levels Servers, virtual
cleaning up dead mail 128 inheritance and 50 setting up 61
QPTool execute command Registration Set QuickPlaceWebCacheLogging setting
XML API file 129 changing port/protocol settings 112 described 90
QPTool lock/unlock command places 37, 112 Sign In link
Place Catalog and 41 servers 37, 112 hiding 91
places 118 Replica stubs Sign Out link
QPTool membershipmodel command 79 automating 114 hiding 91
using expanded membership 107 Replication sign_in setting
QPTool newsletter command scheduling 114 described 91
sending newsletters 110 Reports sign_out setting
QPTool password command Place Catalog 125 described 81, 91
resetting passwords 108 Rooms Single sign-on
QPTool placecatalog command inheritance and 51 logging 143
updating statistics 41, 124 refreshing 50 setting up 65, 66, 67
QPTool refresh command replacing 51 support for 65
-r (replace) argument 50, 51 Spelling checker
controlling 53 i5/OS 10
logging 143
places and PlaceTypes 49, 50, 116
S SSL
logging 143
Sametime
replication and 49 LDAP directories and 27
enabling 83
QPTool register command 41 setting up 65
troubleshooting 140
QPTool register/unregister Starting
Search
command 112 Lotus QuickPlace 6
Advanced Search feature 85
QPTool remove command Statistics
Search base
Place Catalog and 41 Place Catalog 124
LDAP directories and 26
places and PlaceTypes 122 Stopping
LDAP servers and 16
QPTool removegraphicfont command Lotus QuickPlace 8
Search filters
described 128 Style sheet
customizing 20
QPTool removemember command logging 143
exact match option 20
removing place members 109 Sun Java System Directory Server
Search hint
QPTool repair command directory settings for 28
customizing 23
places 127 Super users
Search Places
QPTool replicamaker command described 73
logging 143
Place Catalog and 41 super_user setting
Off-Line Services 85
replica stubs 114 described 73
removing places 122
verbose mode 114
setting up 85, 87
QPTool report command
Search results
Place Catalog reports 125
QPTool sendmail command
customizing 23 T
search_places setting Time-out settings
mail 111
described 87 for authentication 18
QPTool update member command
search_ui_hint setting Tools
schema mapping changes 19
described 23 administration 5
QPTool updatemember command
search_ui_index setting Troubleshooting
updating member information 105
described 23 authentication 143
QPTool upgrade command 99
secondary_cn_component setting calendar events 143
QuickPlaceAdministratorsSUGroup group
described 24 DOLS 143
described 73
SecureWay. See IBM Directory Server 28 DSAPI 143
QuickPlaceExpireCachedUsers setting
Security expanded membership 107
described 68, 146
blocking HTML scripts 81 Java 143
QuickPlaceWebCacheDir setting
blocking protocols in link URLs 80 large uploads 143
described 90
clearing browser cache 81 locked places 143
QuickPlaceWebCacheEnabled setting
controlling server access 69 logging activity 114
described 90
hidden CGI variables 92 mail 143
QuickPlaceWebCacheGCIntervalInMIN
page caching and 81 My Places 143
setting
Server commands offline access 137
described 90
performance logging 143 offline installs 143
QuickPlaceWebCacheLimitInMB setting
Server Settings room page cache 143
described 90
described 5 page compression 143
QuickPlaceWebCacheUsers setting
expanded membership 78 performance 143
described 90
specifying settings 83 place archiving 143
Servers Place Catalog 143
changing properties on i5/OS 10 place upgrades 143
R clustering 57 QPTool 143
Refresh command registration 112 QPTool commands 135
places and PlaceTypes 50, 53, 116 reports on 125 refreshing PlaceTypes 143
replication and 49 status on i5/OS 10 repairing places 127

Troubleshooting (continued)
replica stub creation 143
V
Sametime 140 Virtual servers
Search Places 143 setting up 61
server command performance 143
URL processing 143
user cache 143 W
user directories 24, 131, 143 Web page caching
settings for 90
Web Server Configuration database
U creating 67
UNIX Web server logging
accented characters in names 29 setting up 95
UNIX commands Web SSO Configuration document
Windows and 95 creating 66
Unlocking places Windows
commands for 118 UNIX commands and 95
Upgrade
logging 143
places and PlaceTypes 99 X
Upload control XML API file
client logging 145 executing 129
URLs
blocking protocols in 80
gateway server 83
My Places 88
offline access 83
User directories
advantages of 13
anonymous access to 29
comparison of LDAP options 14
customizing lookup interface 23
customizing searches of 20
disconnecting from 30
distinguished names and 24
expanded membership 74, 77, 78, 79
logging 143
nested groups 27
setting up Domino management
of 16, 17
setting up QuickPlace management
of 18
special characters in names 35
supported configurations 13
testing access 29
troubleshooting 131
User names
accented characters 29
adding 100
ambiguous 93
changing 102
distinguished name format 24
expanded membership 74, 78
LDAP directories and 19
removing 109
user_lookup setting
described 20
Users
tracking 95
UTF-8 setting
enabling and disabling 95
Index 155

Part Number: AD0EQNA

Program Number: 5724-J24
Printed in USA
(1P) P/N: AD0EQNA
G210-1999-00

QP 7 Adm

Загружено:

Сведения о документе

Исходное описание:

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

QP 7 Adm

Загружено:

Авторское право:

Доступные форматы

Lotus QuickPlace

First Edition (August 2005)

© Copyright IBM Corp. 2005 iii

iv QuickPlace Administrator’s Guide

vi QuickPlace Administrator’s Guide

This guide is intended for Lotus QuickPlace administrators. It describes the

What’s new in Lotus QuickPlace 7.0

New for administrators

Domino management of user directory lookups

© Copyright IBM Corp. 2005 1

Improved error logging and debugging

Encryption of offline databases

Use of sign in passwords for offline databases

2 QuickPlace Administrator’s Guide

Improved My Places performance

For more information on configuring My Places, see the chapter ″Completing

Ability to define additional fonts for graphic text

For more information, see the chapter ″Using QPTool Commands.″

Domino time zone support

New product ID for i5/OS

New for users

Domino time zone support

Access control changes

Chapter 1 Lotus QuickPlace Administration Overview 3

New themes with expandable table of contents

Document types in folders

Support for Safari on Mac OS-X

Support for Mozilla Firefox

4 QuickPlace Administrator’s Guide

Tools for administering Lotus QuickPlace

For more information, see the chapter ″Using QPTool Commands.″

To customize a setting described in qpconfig_sample.xml, create a file called

Server Settings in the administration place

Chapter 1 Lotus QuickPlace Administration Overview 5

Creating and using the qpconfig.xml file

Starting Lotus QuickPlace

6 QuickPlace Administrator’s Guide

To start Domino and Lotus QuickPlace (AIX and Solaris)

To start Domino and Lotus QuickPlace (i5/OS)

Chapter 1 Lotus QuickPlace Administration Overview 7

Stopping Lotus QuickPlace

To stop Domino and Lotus QuickPlace (Windows, AIX, Solaris)

To stop Domino and Lotus QuickPlace (i5/OS)

Note: This will stop the server in a controlled state.

8 QuickPlace Administrator’s Guide

Signing in as a Lotus QuickPlace administrator

For information on assigning administrators to a Lotus QuickPlace server, see the

Backing up Lotus QuickPlace

Lotus QuickPlace also provides an archiving facility to make copies of places

Lotus QuickPlace for i5/OS and Backup, Recovery, and Media

Administration tasks specific to i5/OS

Chapter 1 Lotus QuickPlace Administration Overview 9

Changing Lotus QuickPlace server properties on i5/OS

Changing Lotus QuickPlace language dictionaries on i5/OS

10 QuickPlace Administrator’s Guide

Chapter 1 Lotus QuickPlace Administration Overview 11

12 QuickPlace Administrator’s Guide

User directory configurations

Domino management of user directory lookups

© Copyright IBM Corp. 2005 13

Lotus QuickPlace management of user directory lookups

LDAP configuration options