D2-Config without ActiveX

If somehow you find yourself working for a customer with very strict security policies that don’t allow ActiveX components, you can still work with D2-Config even if you cannot install the activex component.

You can access /D2-Config/ConnectDialog.html, ignore the popups and login as usual, then you’ll be redirected to /D2-Config/interface.html?interfaceId=null# which is the page with D2-Config matrix.

Every time you click somewhere you’ll get a popup stating the C6 ActiveX is not loaded but you can simply ignore it, as most of the application will work.

If you need to perform a full import of a configuration, you can do so with the following code (note that this will reset D2-Config configurations):

getSManager();
session=sm.getSession("repository");

D2Session.initTBOEx(session,false);
D2Config config=new D2Config(session);

config.importZip(new File("full path to Zip file with configuration"),
true, null, null, true, true, null);

Map arguments = new HashMap();
arguments.put("-callerUrl", "http://server/D2/");
arguments.put("-all", Boolean.TRUE);
D2Method.start(session, D2RefreshCacheMethod.class, arguments);

sm.release(session);

You’ll need to add to your project d2-api.jar and c6-common.jar, mark as approved the dfc instance used by the program’s dfc, and set the java.security parameter as explained in D2 4.7/16.4 configuration in eclipse

D2 4.7/16.4 configuration in eclipse

This post is quite similar to the Debugging D2 4.5/4.6 previously posted, explaining how to set up D2 without lockbox, but much more simple due to the missing lockbox.

Extract all files from D2/D2-Config to a local folder in your computer, configure a new (tomcat) server in Eclipse, and configure the following parameters:

  • JVM arguments:
    • -Djava.io.tmpdir=”<absolute path to some temp folder>\d2″ (make sure this folder exists)
    • -Djava.security.policy=file:///<absolute path to java.policy file> (the documentation states to change java.policy in your JRE, but I rather use this cleaner solution: create a local java.policy file with a single line:

      grant { permission com.documentum.fc.client.impl.bof.security.RolePermission “*”, “propagate”;}; and reference it with the java.security.policy parameter)

    • Additional memory/custom parameters

Now, start the server, take note of the dfc.keystore id, mark it as approved privilege client in DA and you are good to go.

OTEW 2018 fun

I’m not attending the event being held in Toronto, but I found through twitter this nice url:

http://hol-host05.eastus.cloudapp.azure.com:81/d2-unity-web/ui/app.html -> This is the new D2 UI (and yes, you can use the you-know-which-default-user(s) to log in and check it by yourself) deployed on Azure (which is weird, considering Opentext has its own cloud…)

But, the really funny thing here, are these urls:

http://hol-host05.eastus.cloudapp.azure.com:81/da -> da 7.3 (but with CS 16.4/SQL Server)

http://hol-host05.eastus.cloudapp.azure.com:81/D2 -> hello old D2 vulnerabilities 🙂

http://hol-host05.eastus.cloudapp.azure.com:81/d2-unity-web/repositories -> and you can log in with you-know-which-default-user(s), and you have a nice DQL tool provided by REST services 🙂

Documentum D2 Cache

Usually when working with D2 one common problem is the cache and how/when to refresh it in order to see changes (attribute labels, dictionary values, etc.).

The common solution for every problem suggested by support is usually to delete “Tomcat’s temp folder”, where you’ll find the following files:

  • c2file-cache.data
  • folder-cache.data
  • o2attrconfig-cache.data
  • taxonomy_level-cache.data
  • skin-cache.data
  • dictionary_dql-cache.data
  • xml-cache.index
  • xml-cache.data
  • D2FileCleaningTracker_D2.ser
  • X3Image<random numbers>.png (multiple files)

This is most often a workaround for “refresh cache” option from D2-Config, which most of the times won’t work because it works by appending a /Servlet/refreshCache to the URL configured in the setting. Why does this not work? Well, it (mostly) does if you run a single server, however, if you’re running a cluster of multiple application server, which one is receiving the call and cleaning its cache? well, good luck guessing 😀

Besides, JMS also has these cached files (well, not all those files), and this cache is placed on /tmp. Is this a problem? No if you have a single Content Server on your server or if you are not running an application server (not Tomcat) with the different credentials from Documentum.

But, what happens if you happen to run, let’s say, several Content Servers on the same host, with different D2 versions in each one, and you run different application servers on your server, with different D2 versions? Well, what happens is havoc.

You’ll found the cache files on /tmp, but those will be “locked” by the user that created those files on the first place. Why this behaviour? Well, if we check support page, we’ll find KB6269196:

Summary
Because D2 does not contain any ehcache.xml configuration files, the default behavior of the ehcache library is to store the cache data files in the path specified by java.io.tmpdir.

Resolution
Append the -Djava.io.tmpdir option
Modify and change to default run time JAVA_OPTS
usage: -Djava.io.tmpdir=/home/dmadmin/temp”

So, we can get some conclusions from this support note:

1. D2 cache is stored in java.io.tmpdir, which in Tomcat is its temp folder, and in Linux is /tmp.

2. Support likes using sledgehammers to crack nuts (changing the default temporary folder of the application server for a couple of files???, really???)

3. Support/engineering/talented team just don’t bother or they can’t read

Why do I say that? Because D2 has indeed a configuration file (actually has three configuration files in JMS and two in D2/D2-Config) and the default behaviour of ehcache is not storing cache on java.io.tmpdir. Let’s take a look to the documentation of the (obsolete, as usual) version bundled in D2:

<!–
DiskStore configuration
=======================
The diskStore element is optional. To turn off disk store path creation, comment out the diskStore element below.
Configure it if you have overflowToDisk or diskPersistent enabled for any cache.
If it is not configured, and a cache is created which requires a disk store, a warning will be issued and java.io.tmpdir will automatically be used.
diskStore has only one attribute – “path”. It is the path to the directory where.data and .index files will be created.
If the path is one of the following Java System Property it is replaced by its value in the running VM. For backward compatibility these are not specified without being enclosed in the ${token} replacement syntax.

The following properties are translated:
* user.home – User’s home directory
* user.dir – User’s current working directory
* java.io.tmpdir – Default temp file path
* ehcache.disk.store.dir – A system property you would normally specify on the command line e.g. java -Dehcache.disk.store.dir=/u01/myapp/diskdir …

Subdirectories can be specified below the property e.g. java.io.tmpdir/one
–>

<diskStore path=”java.io.tmpdir”/>

So, if “nothing” is specified, ehcache will fallback to java.io.tmpdir or the value specified in the ecache-failsafe.xml (located in ehcache.jar), which happens to be pointing to java.io.tmpdir too.

So we’ve already found one configuration file in ehcache.jar, where’s the second one? Well, look into WEB-INF/lib/C6-Common.jar/com/emc/common/java/cache/d2-cache.xml in D2.war/D2-Config.war or in $JMS_DEPLOYMENT_DIR/ServerApps.ear/lib/C6-Common.jar/com/emc/common/java/cache/d2-cache.xml:

<diskStore path=”java.io.tmpdir”/>

Second configuration file (and the one actually being picked up, you can check the D2/D2-Config/JMS logs on DEBUG for confirmation) which contains a value… Actually you can change this to a hardcoded value or to a more suitable solution by setting ehcache.disk.store.dir as value and changing JAVA_OPTS in order to include -Dehcache.disk.store.dir=<your temp path for ehcache files>, which is way less aggresive than changing java.io.tmpdir.

And the third one? Take a look to your JMS ServerApps.ear/APP-INF/classes/d2-ehcache.xml, but note that this file is useless as it not picked by the classpath.

Opentext iHub integration with Documentum

One of the new features of Documentum 16.4 is the integration with Opentext’s iHub analytics software. If you don’t know what iHub is, it’s something like a preconfigured set of reports (if you’ve used Jasper Reports, it’s quite similar) which now comes with a bundled OOTB reports for Documentum.

I’ve been trying to set it up in a test environment just to check it out but I’ve been having some problems.

Even though the installation is quite straightforward for some reason it refused to work, and it was impossible to login into the application. After discarding me as the problem, I pinpoint the error to the login info sent to Documentum.  This information is configured in the dctm_ihub_user_map.json file, which the documentation states, has the following format:

If you want to have a separate user mapping between Documentum and iHub user, then add a new entry (in bold) as in the following example:
{
“DEFAULT VOLUME”: {
“name”: “Default Volume”,
“users”: {
“DEFAULT_USER”: {
“name”: “Administrator”,
“password”: “”
381
Documentum Administrator
},
“dmadmin”: {
“name”: “dmadmin”,
“password”: “”
},
“dctm_testuser”: {
“name”: “ihub_testuser”,
“password”: “testpassword”
}
}
}
}

I was sure something was wrong there, so I decompiled the classes that read that file and, oh surprise:

DvrIPSE.IPSEUser localIPSEUser = (DvrIPSE.IPSEUser)localMap.get(paramString2.toUpperCase());

I guess I’ll be filling a “documentation bug”…

Opentext Documentum 16.4 PostgreSQL Developer Edition

This is a step-by-step guide to install Documentum 16.4 in a Linux environment with PostgreSQL 9.6 (as we don’t have/I haven’t found the compatibility matrix, I’ve used the same version bundled in the docker image).

Environment

Host:
Windows 10 x64 8GB RAM
VMware Workstation Player 12

Guest:
CentOS 7 x64 25GB HD 4GB RAM 2 cores
PostgreSQL 9.6
Documentum 16.4

VM Creation

Mount the CentOS 7 DVD image, boot the machine and follow the steps. You can choose to let EasyInstall do the work for you. I used minimal package install to save resources, named the machine vm-dctm16.4, configured the network and set the root password as well as a “dmadmin” user.

OS Configuration

  • Install required packages:

[dmadmin@vm-dctm164 ~]$ sudo yum install bash-completion kernel-devel rng-tools.x86_64
[dmadmin@vm-dctm164 ~]$ sudo yum install bash-completion kernel-devel rng-tools.x86_64 policycoreutils policycoreutils-python selinux-policy selinux-policy-targeted libselinux-utils setroubleshoot-server setools setools-console mcstrans expect tcl
[dmadmin@vm-dctm164 ~]$ sudo yum group install X\ Window\ System “Development Tools”
[root@vm-dctm164 vmtools]# yum install open-vm-tools.x86_64

  • Stop and disable the firewalld service:

[dmadmin@vm-dctm164 ~]$ sudo systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[dmadmin@vm-dctm164 ~]$ sudo systemctl stop firewalld

  • Configure the entropy and allow http connections through selinux:

[dmadmin@vm-dctm164 ~]$ sudo /sbin/rngd -b -r /dev/urandom -p /dev/random
[dmadmin@vm-dctm164 ~]$ sudo setsebool -P httpd_can_network_connect_db 1

PostgreSQL Configuration

  • Install required packages:

[dmadmin@vm-dctm164 ~]$ sudo yum install https://download.postgresql.org/pub/repos/yum/9.6/redhat/rhel-7.4-x86_64/pgdg-centos96-9.6-3.noarch.rpm
[dmadmin@vm-dctm164 ~]$ sudo yum install postgresql96-server postgresql96-contrib

  • Init the DB:

[dmadmin@vm-dctm164 ~]$ sudo /usr/pgsql-9.6/bin/postgresql96-setup initdb

  • Enable and start the PostgreSQL service:

[dmadmin@vm-dctm164 ~]$ sudo systemctl enable postgresql-9.6
Created symlink from /etc/systemd/system/multi-user.target.wants/postgresql-9.6.service to /usr/lib/systemd/system/postgresql-9.6.service.
[dmadmin@vm-dctm164 ~]$ sudo systemctl start postgresql-9.6

  • Configure the postgres user:

[dmadmin@vm-dctm164 ~]$ su – root
[root@vm-dctm164 ~]# su – postgres
-bash-4.2$ psql
postgres=# \password postgres
postgres=# \q
-bash-4.2$ exit
logout

  • Configure PostgreSQL:

[root@vm-dctm164 ~]# vi /var/lib/pgsql/9.6/data/postgresql.conf
listen_addresses = ‘*’
port = 5432

[root@vm-dctm164 ~]# vi /var/lib/pgsql/9.6/data/pg_hba.conf
host    all             all             127.0.0.1/32            md5
host all all ::/128 md5
host    all             all             vm-dctm164              md5

  • Restart PostgreSQL service to apply the changes:

[dmadmin@vm-dctm164 /]$ sudo systemctl restart postgresql-9.6

phpPgAdmin Configuration

  • Install required packages:

[dmadmin@vm-dctm164 /]$ sudo yum install phpPgAdmin httpd

  • Configure phpPgAdmin:

[dmadmin@vm-dctm164 /]$ sudo vi /etc/httpd/conf.d/phpPgAdmin.conf

# Apache 2.4
Require all granted
#Require host example.com

# Apache 2.2
Order deny,allow
 Allow from all
# Allow from 127.0.0.1
# Allow from ::1
# Allow from .example.com

[dmadmin@vm-dctm164 /]$ sudo vi /etc/phpPgAdmin/config.inc.php
$conf[‘servers’][0][‘host’] = ‘’;
$conf[‘extra_login_security’] = false;
$conf[‘owned_only’] = true;

  • Restart httpd service to apply the changes:

[dmadmin@vm-dctm164 /]$ sudo systemctl restart httpd

Now you should be able to login to the console from http://vm-dctm164/phpPgAdmin/

ODBC Configuration

  • Install required packages:

sudo yum install postgresql96-odbc.x86_64 unixODBC.x86_64

  • Configure .ini files:

[dmadmin@vm-dctm164 /]$ sudo vi /etc/odbcinst.ini
[PostgreSQL]
Description     = ODBC for PostgreSQL
#Driver         = /usr/lib/psqlodbcw.so
#Setup          = /usr/lib/libodbcpsqlS.so
#Driver64       = /usr/lib64/psqlodbcw.so
#Setup64                = /usr/lib64/libodbcpsqlS.so
Driver = /usr/pgsql-9.6/lib/psqlodbcw.so
Driver64 = /usr/pgsql-9.6/lib/psqlodbcw.so
Setup64 = /usr/lib64/libodbcpsqlS.so
FileUsage       = 1

[dmadmin@vm-dctm164 /]$ sudo vi /etc/odbc.ini
[MyPostgres]
Description=PostgreSQL
Driver=PostgreSQL
Database=postgres
Servername=vm-dctm164
UserName=postgres
Password=dmadmin
Port=5432
Protocol=7.4
ReadOnly=No
RowVersioning=No
ShowSystemTables=No
ShowOidColumn=No
FakeOidIndex=No
UpdateableCursors=Yes
DEBUG=Yes

  • Test the connection:

[dmadmin@vm-dctm164 /]$ isql -v MyPostgres
+—————————————+
| Connected!                            |
|                                       |
| sql-statement                         |
| help [tablename]                      |
| quit                                  |
|                                       |
+—————————————+
SQL> quit

Documentum server

  • Create folders:

[dmadmin@vm-dctm164 opt]$ sudo mkdir documentum
[dmadmin@vm-dctm164 opt]$ sudo chown dmadmin.dmadmin documentum
[dmadmin@vm-dctm164 opt]$ mkdir documentum/product
[dmadmin@vm-dctm164 opt]$ mkdir documentum/product/16.4
[dmadmin@vm-dctm164 opt]$ mkdir documentum/shared

  • Set up environment variables:

[dmadmin@vm-dctm164 ~]$ vi ~/.bash_profile
DOCUMENTUM=/opt/documentum
export DOCUMENTUM

DM_HOME=$DOCUMENTUM/product/16.4
export DM_HOME

POSTGRESQL_HOME=/usr/pgsql-9.6
export POSTGRESQL_HOME

PATH=$PATH:$DM_HOME/bin:$POSTGRESQL_HOME/bin:$HOME/.local/bin:$HOME/bin
export PATH

LC_ALL=C
export LC_ALL

LD_LIBRARY_PATH=$POSTGRESQL_HOME/lib:$DM_HOME/bin:$DOCUMENTUM/java64/JAVA_LINK/jre/lib/amd64/server:$LD_LIBRARY_PATH
export LD_LIBRARY_PATH

  • Reserve ports for services:

[dmadmin@vm-dctm164 opt]$ sudo vi /etc/services
dctm164         50000/tcp               # dctm 16.4 repo
dctm164_s       50001/tcp               # dctm 16.4 repo

  • Create symbolic link for later (configuration program):

[dmadmin@vm-dctm164 opt]$ sudo ln -s /usr/lib64/libsasl2.so.3.0.0 /usr/lib64/libsasl2.so.2

  • Configure limits.conf:

[dmadmin@vm-dctm164 opt]$ sudo vi /etc/security/limits.conf
dmadmin – core -1

  • Run the installer:

[dmadmin@vm-dctm164 cs]$ tar xvf content_server_16.4_linux64_postgres.tar
[dmadmin@vm-dctm164 cs]$ chmod 777 serverSetup.bin
[dmadmin@vm-dctm164 cs]$ ./serverSetup.bin

image7

image2

image3

image4

image5image6

Docbroker and repository

At this point, you can choose to run dmdbtest to make sure everything works. This versions seems to work with the OOTB libs from postgres and you don’t have to get the unstripped libs from the docker release.

  • Create the tablespace file for the repository (dctm164):

[dmadmin@vm-dctm164 cs]$ su –
[root@vm-dctm164 ~]# su – postgres
-bash-4.2$ mkdir /var/lib/pgsql/9.6/data/db_dctm164_dat.dat

image7

image8image9image10image11image12image13image14image15image16image17image18image19image20image21image22image23image24image25image26image27image28

Documentum Administrator

Nothing special about this, same procedure as always. I’ve used the latest tomcat 8 to deploy, as there are no requirements/supported versions matrix:

image29

 

Some notes:

  • Documentation seems more “precise”, specially regarding the Linux install. However, there are still copy/paste sections from previous releases.
  • Only new (visible) feature in DA is the integration with iHub
  • Firefox extension doesn’t work in Firefox 60