In my previous post here I described how to set up a Jitsi server using the Domino directory as LDAP. That setup required all the users to authenticate before joining a room.
A customer of mine wanted a different thing, he wants to do video meetings with people external to his organization, that obviously are not listed in the Domino directory. I did some research and in the Jitsi forums I saw some other people have done something on that topic, so in the end I came up with a solution.
The idea is this, an user need to log in to create a new room while a guest has only to click on the room link to access it without any authentication.
NOTE: to make this work you should do a apt update and apt upgrade to receive the latest version of the packages used. At first for me this was not working but after the upgrade it did.
1) Go in /etc/prosody/conf.avail, you will see a file with your hostname and the extension.lua. In my case the server is named meeting.eld.it Edit it and at the end of the file add this
3) Add this line in the /etc/jitsi/jicofo/sip-communicator.properties file
org.jitsi.jicofo.auth.URL=XMPP:meeting.eld.it
Now when a user access the server and create a room he is asked for credentials
All the other users can then join without being asked for credentials once the room is created.
If you set up two Jitsi servers, you can easily use both the solutions I described if you want to have internal users to authenticate and at the same time allow guest access. Use a server for internal meetings and the other for external ones. The Sametime web client can be configured with more than one external service provider. Unfortunately the Sametime connect client can not, you can define only one provider.
I have worked with my friend and fellow HCL Master Detlev Poettgen in setting up a solution to allow customers to use video-conferencing now, while we wait for Sametime Meetings to ship.
We have used Jitsi, the same technology used by Sametime meeting, and set up a raw integration. Is obviously not a fully integrated solution, but it works pretty well.
This is something useful for those customers who don’t want to use cloud services like Zoom or Webex or others, but prefer to have a completely on-premise solution, and I have more than one of this kind of customers.
To use this integration, change the preferences in the Sametime client and define an external meeting provider, using a room on the Jitsi server
The same for the web client
Installation and configuration of Jitsi
The first thing to do is to install Jitsi on Ubuntu server 18.04. You can find the instructions here
By default Jitsi does not use authentication, when you set up a Jitsi server, everyone who can access it can create a room or join an existing room.
There is the option to use LDAP for authentication, and I successfully set it up using Domino 11 as LDAP server.
I used the LDAP authentication for jitsi-meet via cyrus/saslauthd
At first, you need to install the following packages:
Sametime 11 FP1 has shipped, so me and my fellow Master and friend Matteo Bisi started upgrading our test servers immediately. We found a couple of thing you may want to be aware of in order to upgrade successfully.
Upgrading the Community server on Linux Matteo did a upgrade of ST to FP1, but for whatever reson it failed. He had 23 file starting with st* in the data direcory instead of 40. So he did a uninstall of Domino and installed it again. When trying the upgrade of Sametime he got this error
The problem is due to the fact that in the directory /var, there is a hidden file named .com.zerog.registry.xml. I looked into that file and found that it contained the information about Sametime 11 FP1
I told Matteo to remove all the lines relative to Sametime in the file so that it looked like this After that, the installation of FP1 was successful
Upgrading Sametime Proxy on Windows When you unzip the Sametime_11.0_FP1_ProxyServer_Win64.zip file you will see that it contains a directory “sametimeproxy”. Do not extract it where you already have your SametimeProxy overwriting the content. Extract it in another temporary directory. From that directory launch install.bat; accept the license and in the following screen you will see this The installer will recognize there is already a ST Proxy installed and ask you if you want to upgrade. If you select to do it, you will be asked where is it installed Specify the directory where is your existing ST Proxy This will upgrade your proxy server keeping the existing configuration.
I wrote a post explaining what to do to have user pictures show in the Sametime classic client and in the Sametime web client, here .
In a case, I found that the pictures did not show in the web client, so I opened a case with HCL Support. After debugging the problem, the great Trevor Tallackson found that my browser was trying to open a file that had a _tmp in the name while on his server it was requesting the correct file with a .jpg extension
The solution is to delete the content of the temporary directory that the Sametime Proxy uses to store people pictures. c:/sametimeproxy/temp/userphotos After doing that, I logged in again from the web client and the pictures were shown correctly.
If you want to enable photos in the Sametime client, there is documentation available, unfortunately it all refers to versions 9 or 10, where it was told to use the Sametime Console. Now in version 11 the Sametime Console does not exist, so how do you do that ? The Sametime Console wrote the settings selected in a series of XML configuration files, so the only way now to work is manually edit those files, see for example my previous post on enabling file transfer. With the help (again) of the excellent Trevor Tallackson from HCL I was able to set up the pictures in Sametime, here is how to do it
First add the picture URL in the person document in the Domino directory
Now edit the file UserInfoConfig.xml located in the Domino program directory and add those lines <Detail FieldName="PhotoURL" Id="PhotoURL" Type="text/plain"/> <Detail FieldName="PhotoURL" Id="ImagePath" Type="text/plain" /> in the section <Details> Add these two Detail Ids to the <ParamsSets> section <Set SetId="0" params="MailAddress,Name,Title,Location,Telephone,PhotoURL,ImagePath,Company"/> <Set SetId="1" params="MailAddress,Name,Title,Location,Telephone,PhotoURL,ImagePath,Company"/> These are needed because in the UserInfoConfig.xml file on the Sametime Community server, the Standalone Connect client and Embedded require ImagePath string detail, Mobile and Web clients require the PhotoURL detail
Note: do not copy/paste from above. I had reports it does not work well. Just add PhotoURL and ImagePath to the params= line.
For me it was not working initially, then Trevor wrote me this: Looks like the stconfig.nsf “UserInfo” document is getting in the way here. Add the following to your UserInfoConfig.xml file between <UserInformation> and <Resources> <ReadStConfigUpdates value= “false”/> This tells the UserInfoServlet to only use the UserInfoConfig.xml configuration.
Restart the server and now you have pictures in Sametime client
I stumbled into a problem at one of my customers. In the client, the icon for file transfer was greyed out and the one for sending a screenshot was missing,
I opened a case with HCL and the suggestion was to enable the setting im.3000 in the file policies.user.xml. to do so you have to edit the line <p:policy-attribute id=“im.3000” type=“boolean” current-value=“1” default-value=“1" master-attribute-link=“null” possibl ..... By default the current-value is 0, you have to set it to 1 I did that but the file transfer was not available the same.
After checking the file I found that there were 2 occurrences of im.3000, one for the im.default.policy and the other for the im.anonymous.policy, the problem is that this setting is written only in the section “imserver.policygroup.chat”. I copied the lines from that section and added them in the “imserver.policygroup.filetransfer” section. <p:policy-attribute id="im.3000" type="boolean" current-value="1" default-value="1" master-attribute-link="null" possible-value-labels="null" possible-values="null" label="im.3000.label" description="im.3000.desc" visible="true"/>
Restarted the server and now in the client I had this
Update
I checked with HCL, file transfer and screen capture are not allowed with Sametime limited use license. You should use the content of this blog post only to fix issues if you have a standard license and file transfer is not working. If you enable file transfer, you should upgrade your license to be compliant.
I installed a Sametime 11 server for a customer, everything was working, but the mobile clients could not access the server. Upon trying to login they saw this on their phones
I was not the only one with this problem, other 2 persons I know had the same issue with their installation.
I talked to my friend Andreas Ponte, from Belsoft who told me that they could use mobile clients, so we crosschecked our configurations. and it turned out that my customer sametime.ini had this line ST_BRANDING_INFO=entry while his had ST_BRANDING_INFO=standard As soon as I changed the sametime.ini and restarted, the access from mobile devices was working.
I had installed Sametime withe the option “limited” because this is the license my customer has
So, the solution is simple but I have asked HCL to clarify. As far as I know since V10 the limited license allows the use of mobile clients, and I do not think this has changed in V11
UPDATE
I received a mail from HCL stating this: For now, the workaround is to add the stanza to the stproxyconfig.xml and NOT change the ST_BRANDING_INFO in sametime.ini, since that setting controls other features/UI of the clients if you are only licensed for ENTRY.
I struggled a bit in setting up integration of Sametime 11 with Domino web mail, both iNotes and VoP, but eventually with the help from the great Trevor Tallackson of HCL Sametime Support I succeeded.
There are some things not obvious to do to set this up, and the one for VoP made me almost drop my jaw when Trevor suggested it 🙂
iNotes Web Access I have installed both Community Server and Proxy Server on the same machine, so in the Domino Configuration document for my server, in the tab iNotes, in the Sametime section I have put the hostname of my server as “Location of the Sametime proxy server to use when using https:” which is https://domino.eld.it:8443
The solution was to create an entry in the hosts file with the same IP address but a different name, I used proxy.eld.it, then used this in the configuration document
It seems that the iNotes and Proxy servers need to have different hostnames
We could not understand why though in the notes.ini of the server the parameters were correct, the server tried to access domino.eld.it and not proxy.eld.it In my notes.in i I had this iNotes_WA_SametimeProxy=1 iNotes_WA_SametimeProxyServer=http://proxy.eld.it:8080 iNotes_WA_SametimeProxyServerSSL=https://proxy.eld.it:8443 VOP_GK_sametime=1 VOP_GK_sametime_rich_client=0
Trevor checked his notes.ini on the server where the integration was working and saw that those lines were all caps and wrote me:
This may seem silly, but try the notes.ini parameters all in caps. Here is our production server’s notes.ini (that is working fine). INOTES_WA_SAMETIMEPROXYSERVERSSL=https://<Our_hostname>; VOP_GK_SAMETIME=1 VOP_GK_SAMETIME_RICH_CLIENT=1
I tried his suggestion and guess what ? It worked! Honestly I have no idea why with V11 the lines have to be all caps, I told Trevor that I leave up to him to find the reason, but as silly as it may seem this is the solution. I would never have guessed it in a million years…..
I will be speaking with my friend from HCL, Giancarlo Giannini. Our session is: What is HCL Digital Experience and will be on Tuesday March 4th at 11.30
We will explain what is a digital-first strategy and why HCL Digital Experience can help you in achieving this.
I have been working with a customer to set up Notes autoupdate. He had all the clients at 10.0.1 FP2 and wanted to update to FP3. After working with Support in order to make it work, we found out that the English Notes clients were updated, while the Italian clients were not. Support investigated with Development and the answer was ” As the product development team\L3 team confirmed me that AUT upgrade from 10.0.1 to 10.0.1.X is something which will only work for the English Notes Client currently. If we have Notes client with Italian language version or with any other language other than English, then the AUT upgrade feature is not something going to work . As the fix packs available doesn’t include any language strings for which AUT feature will not be able to identify it and would fail. “
We put forward an idea on the Domino Ideas website, you can vote for it if you think it would be useful to have autoupdate work with every localized version of Notes https://domino-ideas.hcltechsw.com/ideas/DOMINO-I-1072
Another thing we found is that the update is not silent, though in theory it should be. The user is presented with the Notes install UI and has to click on Next in the screens that are presented to proceed. Development said ” Currently there is an option for silent install in AUT which we see from the action part in the manifest XML file itself. But as of now Notes needs to be closed manually as mentioned in message that is shown. Post which the installation page comes up and user would need to click on Next button to finish the installation. And this is also something already considered for future releases for further enhancement on how to do the similar way how it happens for other software’s in current market without any need of user intervention. “
