Domino, Proton, IAM, OAuth - Part 1: Preperations

Saturday, February 16, 2019 at 9:27 PM UTC

This is the first part of a multi-part series. Current plans see at least 7 posts, so watch out for them during the upcoming week(s). Part 2 and 3 will touchdown on Monday and Wednesday.

It is a quite complex process but in the end you should be able to follow all the steps in under 4 hours - maybe faster.

First things first: the terms.

  • IAM = Identity Access Management
  • Proton = the gRPC server task running on Domino
  • OAuth = cross-platform authentication mechanism using tokens, not credentials

The key part is to have a Domino 10.0.1 server up and running out of the box. This can either be a VM or a Docker container or a VHost anywhere. As the AppDevPack is Linux only at the moment there are several options for your OS:

  • RedHat Enterprise Linux
  • CentOS 7.4+
  • SLES 12+

Technically you can also use Ubuntu Server 18.04 LTS though it isn’t a supported OS. I did everything on Ubuntu and it worked almost out of the box. For the sake of my personal convenience I will use Ubuntu in this series. Just make sure you run the installation with the locale en_US.UTF-8 (just choose English as your setup language). For the keyboard layout you can set it to your favorite language like German in my case (just to avoid confusion when typing - and you will type alot, I promise!).

Also install the bc package to be sure everything runs smoothly - though I didn’t have to install it at any time. Some reported the bc package is needed to run the installer. Anyway, just do it.

sudo apt-get install bc

CentOS (and maybe the other supported OS) need some additional packages to be installed and some tweaking. Ubuntu does not need any additional packages. And I favor a Debian-based system over anything else. Keep in mind you do not get support for it.

You will also need SSH access to your machine depending on if you run in a VM, on a host or in the cloud. Most of the Linux OS know the concept of SUDOers and do not have a „real“ root user. If you prefer to have a real root user, it’s also fine. On Ubuntu it’s just a

sudo su

away from having access to all areas.

To access your machine via SSH with the root account, you have to modify this line in /etc/ssh/sshd_config:

#PermitRootLogin prohibit-password

to this

PermitRootLogin yes #prohibit-password

and restart the service

service sshd restart

Otherwise you only can login with a normal user an su after login. Some say this is a security risk. After you have done all the steps you may revert the line above.

To access the server I suggest to use a static IP. Ubuntu 18.04 does not use the ifupdown and the traditional network system anymore. Instead the configuration is a bit more complex. A good tutorial can be found here: https://websiteforstudents.com/configure-static-ip-addresses-on-ubuntu-18-04-beta/

The next steps are made as sudo user (sudo su) or just create a real root user (my preference) with sudo passwd.

I always create a directory /install and then copy all the needed packages to this destination. This will be

  • the Domino Server installation tar archive
  • the Domino App Dev Pack tar archive
  • depending on if you are going to create a stand-alone server or an additional server, the cert.id and/or server.id you may have to prepare before

I also set all rights to this folder as the notes user also will use this folder:

mkdir /install

chmod 777 /install

I am using scp from the command line for this task. This allows me to transfer files to and from the machine without having to setup samba as a network filesystem. Depending on your installation this might need either credentials or a key file.

If you are not used to use scp, here is an example

scp DOM_SVR.xxx.tar root@<ipOrHostname>:/install

This will copy a local file from your MacOS terminal or Windows Putty to your server in the /install folder.

Create a notes user for the server:

adduser notes

I won’t go through the installation and configuration process of Domino here. To start the server I suggest you taking a look into Daniel Nashed’s start script. Otherwise you may have to start the server manually every time.

For the server configuration I prefer the remote setup utility. For this start the server with the user „notes“ in the folder /local/notesdata with

cd /local/notesdata

/opt/ibm/domino/bin/server -listen

After you configured Domino stop the listener, grab all the relevant id files for Notes client access etc. You know the steps I assume.

For IAM you also need Node.js to be installed. There are several ways to do so. I would NOT recommend to use the packages of your OS as they might be outdated. For IAM you need Node.js 8+. I prefer to have version 10+. You can install the IAM stuff on the same machine Domino is running on. For the sake of simplicity I assume to have Domino and IAM on the same machine. This is where the official docs are not clear but while reading further they assume a different machine when it comes to ports. Just forget it and keep going. We will adopt the ports later.

My preferred way to install Node.js is to use Node-Source (https://github.com/nodesource/distributions/blob/master/README.md) with these two commands:

curl -sL https://deb.nodesource.com/setup_10.x | sudo -E bash -

sudo apt-get install -y nodejs

Check your Node.js installation afterwards with

node -v

Some extras

I also install additional packages like MC

apt install mc

and also some Node.js packages that help me

npm install -g pm2 nodemon

Next up is part 2: Domino administration

YMMV

 







Leave a comment right here