Domino 运行在 AIX5.2上 and Batch file writing

8月 30, 2007

Domino 运行在 AIX5.2上
我建立一个java的agent,设定成’on schedule’ 和 ‘run on server’
Attempting session creation…

Session Creation Successful…

Accessing database : sample.nsf

Accessing database Successful..
This process “java” is unable to map the required amount of shared memory – mm=-1879048192, at=268435456  . Please refer to the documentation on how to fix this.

阅读更多 »


quote: Anders Hejlsberg, Herb Sutter, Erik Meijer, Brian Beckman: Software Composability and the Future of Languages [video]

8月 7, 2007

How will imperative programming languages evolve to suit the needs of developers in the age of Concurrency and Composability? What role can programming languages play in enabling true composability? What are the implications of LINQ on the furture of managed (CLS-based) and unmanaged(C++) languages? How will our imperative languages (static) become more functional (dynamic) in nature while preserving their static “experience” for developers? 
Answers to these questions and much more are to be found in this interview with some of Microsoft’s leading language designers and programming thought leaders: Anders Hejlsberg, Technical Fellow and Chief Architect of C#, Herb Sutter, Architect in the C++ language design group, Erik Meijer, Architect in both VB.Net and C# language design and programming language guru, and Brian Beckman, physicist and programming language architect working on VB.Net.
This is a great conversation with some of the industry’s most influential programming language designers. Tune in. You may be surprised by what you learn…

English version:

Chinese version:

a reason for why the access was denied

8月 7, 2007

After I enabled the SSL for diiop, I could not create session using java code. The code I wrote is as below:

String[] arg2 = new String[1];
arg2[0] = “-ORBEnableSSLSecurity”;
Session s = NotesFactory.createSession(hostName, arg2, userName, password);

and I caught the exception below:

NotesException: Server access denied
    at Source)
    at lotus.domino.NotesExceptionHolder._read(Unknown Source)
    at lotus.priv.CORBA.iiop.RepImpl.invoke(Unknown Source)
    at lotus.priv.CORBA.portable.ObjectImpl._invoke(Unknown Source)
    at lotus.domino.corba._IObjectServerStub.createSession(Unknown Source)
    at lotus.domino.cso.Session.initSession(Unknown Source)
    at lotus.domino.cso.Session.<init>(Unknown Source)
    at lotus.domino.cso.Session.createSession(Unknown Source)
    at lotus.domino.NotesFactory.createSessionUP(Unknown Source)
    at lotus.domino.NotesFactory.createSession(Unknown Source)
    at TesterGetSession.doGetSession_2(
    at TesterGetSession.main(

The reason for this, is because, I set the ‘Name & password’ of the ‘Authentication options’ to ‘No’. And in the code, you could see that, I pass the username and the password to the method. So the access was denied.

The resolution is to set the ‘Name & password’ to ‘Yes’ under ‘Configuration’ ->’Ports’ -> ‘Internet Ports…’ -> ‘DIIOP’.

Though it is a tiny configuration issue, it is really annoying a lot if you do not know what is going on.

The below are discussions I referred to:

notice about enable SSL on Domino

8月 6, 2007

quote from Lotus Designer document:

key words: createSessionWithIOR, DIIOP_DUP_KEYRING=filename

To enable SSL (Secure Sockets Layer), use the String args[] parameter and specify “-ORBEnableSSLSecurity” as an element of the args array. For remote (IIOP) applications, the client must have access to the server’s trusted root certificate, stored in TrustedCerts.class in domino/java in the server’s data directory. This file is generated by the DIIOP task when it starts and is enabled to listen on the SSL port specified in the server document. The HTTP task delivers TrustedCerts.class to applets. For other applications, ensure that TrustedCerts.class is on the classpath.
The methods named createSessionWithIOR get an Internet session through explicit specification of the IOR. Typically this is not necessary. The createSession methods that specify a host call getIOR, which gets the IOR by querying the HTTP or DIIOP task listening on hostname:port for a file named diiop_ior.txt. Use the createSessionWithIOR methods if you have another mechanism for getting the IOR.
If only the HTTPS port can deliver the IOR, call getIOR with the String args[] parameter and specify “-createSessionWithIOR ” as an element of the args array. Then use the returned IOR in a createSessionWithIOR call.
If a file other than TrustedCerts.class contains the server’s trusted root certificate, specify “-ORBSSLCertificates=filename” as an element of the args array. The DIIOP task generates TrustedCerts.class and a duplicate file if “DIIOP_DUP_KEYRING=filename” is present as a notes.ini variable. This is useful to access two servers with different trusted root certificates.
A getIOR operation is not authenticated even with SSL.
Use a getIOR method with user and passwd parameters if anonymous access is not allowed on the HTTP or HTTPS port being accessed.
Note  The getIOR methods that take args[], user, and passwd parameters are new with Release 6.5.
The createSession methods that include an org.omg.CORBA.ORB parameter create a session using an existing ORB, which you first create with one of the createORB methods. Using one ORB for multiple sessions (connection pooling) saves network overhead. However, make sure the connection can handle all the sessions you create, and be sure to recycle when you terminate a session.
For applets, use AppletBase.openSession. For agents, use AgentBase.getSession.

this is a test 这是一个测试

8月 6, 2007

this is a test



java class file are all the same on all platforms

8月 6, 2007

stupid… java class file are all the same on all platforms

configure SSL on Domino

8月 2, 2007

we could follow the instruction illustrated in the link below:

SSL encryption

The previous article in this series discussed running a Java application locally or remotely. Remote calls require HTTP and DIIOP access. You can encrypt transmissions over the DIIOP port using SSL (Secure Sockets Layer). See the previous article for instructions on how to set up DIIOP. The client code signals the desire to encrypt by specifying a new second parameter in the createSession call. This parameter is a String array whose first element has -ORBEnableSSLSecurity as its value, for example:

String args[] = new String[1];args[0] = “-ORBEnableSSLSecurity”; Session s = NotesFactory.createSession(“”, args, “Jane Smith/East/Acme”, “topS3cr3t”);

You still use a non-SSL port (63148 in the above example) to get the IOR. The actual service requests take place over the DIIOP SSL port, which is 63149 by default.

Before running the code, you must set up the server and client with a common trusted root certificate from a certificate authority. This process is best covered as a series of steps.

Step 1

Create a key ring. Open the Server Certificate Admin (certsrv.nsf) database on a Domino server and use its forms to create and populate a key ring. See Administering the Domino System, Volume 2 or the Domino Administrator Help for detailed information. For testing purposes, you can use the CertAdminCreateKeyringWithSelfCert form to create a key ring with a self-certified certificate.

Step 2

Move the keyring to the server. The keyring consists of a keyring file (KYR file) and stash file (STH file). These files are generated on the computer from which you’re accessing the Server Certificate Admin database. Move or copy the two keyring files to the computer containing the Domino server. Place them in the server’s data directory. For example, if you create a keyring with a self-certified certificate using default names and copy the files to a computer with a server whose data files are installed at C:\Lotus\Domino\Data, the server files would be:

C:\Lotus\Domino\Data\selfcert.kyr C:\Lotus\Domino\Data\selfcert.sth.

Step 3

Copy TrustedCerts.class to the client and put it in the classpath. Once the keyring files are on the server, starting or restarting the DIIOP task generates a file named TrustedCerts.class in the Domino data directory. Distribute this file to any computer from which you are going to access the server using CORBA with SSL, and put the directory containing the file in the classpath. For example, if you copy the file to C:\Lotus\TrustedCerts.class on a client, set the classpath as follows:

set classpath := %classpath%;c:\lotus

Step 4

Enable the server for SSL. In the Server document in the server’s Domino Directory, go to the Ports tab, then the Internet Ports tab. Under SSL settings, specify the SSL key file name (for example, selfcert.kyr). Go to the DIIOP tab. Ensure that the SSL port number is correct-it defaults to 63149. Enable the SSL port. Set Name & password and Anonymous authentication as desired.

The instruction above is good enough to perform a SSL test. But here is a problem I have met and fixed:Set the TrustedCerts.class to your classpath, and make your application code read this path is a really important part! I set the proper classpath there, but, my java application could not get that classpath when running in Eclipse. I didn’t realize this at first time, and wasted a lot of time on it. Finally, I call my java class using the command line. Then it works.

阅读更多 »

Setting up SSL on a Domino server

7月 27, 2007

This page is important for creating a SSL Domino

quote from somewhere…


Setting up SSL on a Domino server
Set up SSL on a Domino server so that clients and servers that connect to the server use SSL to ensure privacy and authentication on the network. You set up SSL on a protocol-by-protocol basis. For example, you can enable SSL for mail protocols — such as IMAP, POP3, and SMTP — and not for other protocols.

To set up SSL on your server, you need a key ring containing a server certificate from an Internet certificate authority. You can request and obtain a server certificate from either a Domino or third-party certificate authority (CA) and then install it in a key ring. A server certificate is a binary file that uniquely identifies the server. The server certificate is stored on the server’s hard drive and contains a public key, a name, an expiration date, and a digital signature. The key ring also contains root certificates used by the server to make trust decisions.

This describes the process to follow if you need to set up SSL on a Domino server that is not already a Domino certificate authority server. You complete the setup process regardless of whether you request a server certificate from a Domino or third-party CA.

Note You can set enable SSL on a server when you register the server if you have already have a Domino server-based certification authority running in the Domino domain.

For more information about enabling SSL on a server at server registration, see the topic Registering a server.

To set up SSL on a Domino server

1. Set up the Server Certificate Admin application (CERTSRV.NSF), which Domino creates automatically during server setup.

2. Create a server key ring file to store the server certificate.

3. Request an SSL server certificate from the CA.

4. Merge the CA certificate as a trusted root into the server key ring file.

5. The CA approves the request for a server certificate and sends notification that you can pick up the certificate.

6. Merge the approved server certificate into the key ring file.

7. Configure the port for SSL.

8. If you are using client authentication, add the client’s name to database ACLs and access lists for design elements.

See Also

quote: Registering a server

7月 27, 2007

Registering a server
For background information on registering a server, see the topic Server registration.

Note If you have not specified a registration server in Administration Preferences, this server is by default:

  • The server specified in the NewUserServer setting in the NOTES.INI file
  • The Administration server

1. If you are supplying the certifier ID, make sure that you have access to it and that you know its password.

2. If you are using the Domino Administrator and would like the new server to support SSL, make sure that you have an Internet CA configured.

3. From the Domino Administrator or Web Administrator, click the Configuration tab.

4. From the Tools pane, click Registration – Server.

5. If you are using the Domino Administrator, do the following:

    1. If you are using the CA process, click Server and select a server that includes the Domino Directory that contains the Certificate Authority records, and the copy of the Administration Requests database (ADMIN4.NSF) that will be updated with the request for the new certificate. Then click “Use the CA Process,” select a CA-configured certifier from the list, and click OK.
    2. If you are supplying the certifier ID, select the registration server. Then click “Certifier ID” and locate the certifier ID file. Click OK, enter the password for the certifier ID, and click OK.
    3. In the Register Servers dialog box, click Continue if you want to apply the current settings to all servers registered in this registration session; otherwise, complete these fields:


      Registration Server
      Click Registration to specify the registration server.

      If the certifier ID displayed is NOT the one you want to use for all servers registered in this session, or if you want to use the Domino server-based CA instead of a certifier ID, click Certifier and you return to Step 4.

      Internet Certificate Authority
      If you want the server to support SSL, select an Internet CA from the list.

      Security type
      Choose either North American (default) or International. In practice, there is no difference between a North American and an International ID type.

      Certificate expiration date
      (Optional) To change the expiration date of the Server Certificate, enter the date in mmddyyyy format in the Certificate Expiration Date box. The default date is 100 years from the current date, minus allowances for leap years.

    4. Click Continue.

6. If you are using the Web Administrator, do the following:

    1. Select a registration server that includes the Domino Directory that contains the Certificate Authority records, and the copy of the Administration Requests database (ADMIN4.NSF) that will be updated with the request for the new certificate.
    2. Select a CA-configured certifier from the list, and click OK.

7. In the Register New Server(s) dialog box, complete these fields for each server that you want to register:

阅读更多 »

Domino Java Code for Creating Session

7月 27, 2007


Examples: Running a Java program
The following examples demonstrate the minimal code needed for a Java program that uses the Domino classes. The examples instantiate a Session object and print the String output of its getPlatform method (Platform property).

1. This is an application that makes local calls and extends the NotesThread class:

    import lotus.domino.*;
    public class platform1 extends NotesThread
     public static void main(String argv[])
           platform1 t = new platform1();
     public void runNotes()
           Session s = NotesFactory.createSession();
           // To bypass Readers fields restrictions
           // Session s = NotesFactory.createSessionWithFullAccess();
           String p = s.getPlatform();
           System.out.println("Platform = " + p);
       catch (Exception e)

阅读更多 »