Administration Guide 6.5 300 007 198

EMC DocumentumContent Server

Version 6.5

Administration GuideP/N 300-007-198-A01

EMC Corporation

Corporate Headquarters:

Hopkinton, MA 01748-9103

1-508-435-1000

www.EMC.com

Copyright 1994 - 2008 EMC Corporation. All rights reserved.

Published July 2008

EMC believes the information in this publication is accurate as of its publication date. The information is subject to changewithout notice.

THE INFORMATION IN THIS PUBLICATION IS PROVIDED AS IS. EMC CORPORATION MAKES NO REPRESENTATIONSOR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLYDISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.

For the most up-to-date listing of EMC product names, see EMC Corporation Trademarks on EMC.com.

All other trademarks used herein are the property of their respective owners.

Table of Contents

Preface .......................................................................................................................... 25

Chapter 1 Introduction ........................................................................................... 27Essential concepts....................................................................................... 27

Installation components .......................................................................... 28Configuration choices ............................................................................. 28Configuration objects.............................................................................. 29

Administration tasks .................................................................................. 29User privilege requirements for administration tasks .................................... 31Administration interfaces............................................................................ 32

Starting Documentum Administrator....................................................... 32Using the Content Server Manager on Windows....................................... 32Using DQL for administrative tasks ......................................................... 33

Documentum tool suite............................................................................... 33Administration methods ............................................................................. 33The dm_error utility ................................................................................... 34Viewing connected users............................................................................. 34Where to look for more information............................................................. 34

Chapter 2 Content Repositories ............................................................................ 37Essential concepts....................................................................................... 37

Repository and server connections........................................................... 38Repository configuration......................................................................... 38

Adding additional repositories .................................................................... 39Adding a repository................................................................................ 40Configuring the new repository for use with MediaTransformation Services ......................................................................... 40Contents of new repositories ................................................................... 41

Managing cabinets and folders .................................................................... 42Public and private cabinets...................................................................... 43Home cabinets........................................................................................ 43Creating folders and cabinets .................................................................. 43Changing and deleting folders and cabinets ............................................. 43

Setting the dd_locales property ................................................................... 44Manipulating type indexes.......................................................................... 44Alternate locations for object-type tables on Oracle and DB2 ......................... 45Configuring storage and handling of date values .......................................... 45Enabling a repository as a global registry ..................................................... 46Dumping and loading a repository .............................................................. 48

Code page compatibility issues................................................................ 48Supporting object types........................................................................... 48Execution methods ................................................................................. 49

EMC Documentum Content Server Version 6.5 Administration Guide 3

Table of Contents

Dumping a repository............................................................................. 50Dumping objects under retention ........................................................ 50Aspects and dump operations ............................................................. 51Dumping an entire repository ............................................................. 51Dumping specific objects .................................................................... 51

Setting the type property................................................................. 52Setting the predicate properties ....................................................... 53

Content files and dumping.................................................................. 54Dumping without content ............................................................... 54Including content ........................................................................... 55Compressing content ...................................................................... 55

Setting the cache size .......................................................................... 55Using non-restartable dump ............................................................... 56Using a script to create a dump file ...................................................... 56

Sample script for a full repository dump with contentincluded ........................................................................................ 57Sample script for a partial repository dump ..................................... 57

If the server crashes during a dump operation ...................................... 59Moving the dump file ............................................................................. 59Loading a repository............................................................................... 59

Refreshing repository objects from a dump file ..................................... 60Loading job objects ............................................................................. 60Loading registered tables .................................................................... 61Turning off save event generation during load operations ..................... 61Loading a new repository ................................................................... 61

The preLoad utility ........................................................................ 62Load procedure for new repositories.................................................... 62DocApps............................................................................................ 64

Generating dump and load trace messages............................................... 64Creating location and mount point objects.................................................... 64

Location objects ...................................................................................... 65Mount point objects ................................................................................ 66

Platform aliases .................................................................................. 66Format objects ............................................................................................ 67

The DOS extension property ................................................................... 68The format_class property....................................................................... 68Listing current format objects .................................................................. 68Adding format objects ............................................................................ 69

Using DQL......................................................................................... 69Rich media formats............................................................................. 69

Modifying formats.................................................................................. 70Using DQL......................................................................................... 70

Deleting formats..................................................................................... 71Using DQL......................................................................................... 71

Alias sets.................................................................................................... 71Creating an alias set ................................................................................ 72Modifying or deleting an alias set ............................................................ 72

Working with object types........................................................................... 72Creating a user-defined type ................................................................... 72

Using DQL......................................................................................... 73Modifying an object type......................................................................... 73

Deleting properties ............................................................................. 74Using DQL......................................................................................... 74

Changing the default permissions or default storage area.................. 74Adding a property.......................................................................... 74Deleting a property......................................................................... 75Lengthening a string property ......................................................... 75

4 EMC Documentum Content Server Version 6.5 Administration Guide

Table of Contents

Deleting a type ....................................................................................... 76Cleaning up repositories ............................................................................. 76Maintaining query performance .................................................................. 79

Using Update Statistics ........................................................................... 79Setting the DM_GROUP_LIST_LIMIT environment variable ..................... 79

Configuring repository-level package name control ...................................... 80

Chapter 3 Servers .................................................................................................. 83Overview of servers .................................................................................... 84

Server threads (Windows) ....................................................................... 84Parent servers and session servers (UNIX)................................................ 84Configuration......................................................................................... 84Multiple servers ..................................................................................... 85Servers, connection brokers, and clients ................................................... 85The agent exec process ............................................................................ 85ACS servers ........................................................................................... 86JBoss application server .......................................................................... 86

Internationalization .................................................................................... 87The dm_start_repositoryname script (UNIX)................................................... 88The server.ini file ........................................................................................ 88

SERVER_STARTUP section ..................................................................... 89DOCBROKER_PROJECTION_TARGET sections ...................................... 93FUNCTION_SPECIFIC_STORAGE and TYPE_SPECIFIC_STORAGE sections ................................................................................. 94FUNCTION_EXTENT_SIZE and TYPE_EXTENT_SIZE sections ................ 95Keys set during installation ..................................................................... 96

docbase_id ......................................................................................... 96docbase_name .................................................................................... 96database_owner ................................................................................. 96database_conn.................................................................................... 96

Oracle database_conn value ........................................................... 96Sybase database_conn value ........................................................... 97MS SQLServer database_conn value ................................................ 97DB2 database_conn value................................................................ 97

database_name................................................................................... 97Sybase database_name value ........................................................... 97MS SQL Server database_name value............................................... 97

service ............................................................................................... 98host ................................................................................................... 98

Optional keys ......................................................................................... 98acl_update_threshold.......................................................................... 98check_user_interval ............................................................................ 99commit_read_operations..................................................................... 99data_store and index_store ................................................................. 99gethostbyaddr .................................................................................. 100history_sessions and history_cutoff ................................................... 100max_ftacl_cache_size ........................................................................ 100max_nqa_string................................................................................ 101max_sessions_heap_size ................................................................... 101owner_xpermit_default..................................................................... 101saveasnew_retain_source_group ....................................................... 101umask (UNIX only) .......................................................................... 101upd_last_chg_time_from_db ............................................................. 102use_group_address........................................................................... 102validate_database_user ..................................................................... 102

Default keys ......................................................................................... 103


Table of Contents

client_session_timeout ...................................................................... 103concurrent_sessions .......................................................................... 103database_refresh_interval ................................................................. 104distinct_query_results ...................................................................... 104enforce_four_digit_year .................................................................... 104ignore_client_domain (Windows only)............................................... 104mail_notification .............................................................................. 105max_storage_info_count ................................................................... 105method_server_enabled .................................................................... 105method_server_threads..................................................................... 105preserve_existing_types .................................................................... 106rdbms_connect_retry_timeout ........................................................... 106server_config_name.......................................................................... 106server_startup_sleep_time................................................................. 106start_index_agents............................................................................ 107ticket_multiplier ............................................................................... 107deferred_update_queue_size............................................................. 107update_access_date .......................................................................... 107user_auth_case ................................................................................. 108user_auth_target (Windows only) ...................................................... 108use_estimate_search ......................................................................... 108wait_for_connect_timeout ................................................................. 108

Moving the server executable (UNIX only) ................................................. 109Changing default operating system permits on directories andfiles (UNIX only) ...................................................................................... 109Changing a servers configuration.............................................................. 109

Modifying the server.ini file .................................................................. 110Modifying the server config object ......................................................... 110

Setting the secure connection mode ........................................................... 110Restarting a server .................................................................................... 111Starting additional servers......................................................................... 112

Configuration requirements .................................................................. 112Creating a shut-down script (UNIX only) ............................................... 113

Communicating with connection brokers ................................................... 114Defining connection broker projection targets......................................... 114

Definitions in the server config object................................................. 115Definitions in the server.ini file .......................................................... 116

Setting the checkpoint interval............................................................... 116Setting the keep entry interval ............................................................... 116Defining server proximity ..................................................................... 117

Specifying queue size for incoming connection requests(Windows only)........................................................................................ 118Shutting down a server ............................................................................. 118

Using the dm_shutdown_repository script (UNIX only) ........................... 119Using the Documentum Content Server Manager (Windowsonly) .................................................................................................... 119Using the Windows user interface (Windows only)................................. 119Using the shutdown method ................................................................. 120

Stopping a session server .......................................................................... 120Server log files.......................................................................................... 121Server load balancing and failover ............................................................. 121Clearing the server common area............................................................... 122Adding additional servlets to the Java method server.................................. 123


Table of Contents

Configuring the workflow agent................................................................ 123Changing the number of worker sessions ............................................... 124Changing the sleep interval ................................................................... 124Disabling the workflow agent................................................................ 124Tracing the workflow agent................................................................... 124

Recovering automatic activity work items on Content Server failure ............ 125Managing the JBoss application server ....................................................... 125

Location of binaries .............................................................................. 126Starting and stopping the JBoss application server .................................. 126

Chapter 4 Methods and Jobs ............................................................................... 129Introducing methods ................................................................................ 129Execution agents ...................................................................................... 130

The dmbasic method server................................................................... 130Java method server ............................................................................... 131Content Server ..................................................................................... 131

Choosing the execution agent .................................................................... 132Performance considerations................................................................... 132Security considerations ......................................................................... 133

Tracing options for methods ...................................................................... 133Defining the java.ini file (UNIX only) ......................................................... 134

java_library_path.................................................................................. 134java_version ......................................................................................... 134java_classpath ...................................................................................... 135java_alias_file ....................................................................................... 135java_disabled ....................................................................................... 135

Enabling the dmbasic method server ......................................................... 135Configuring the worker threads in the dmbasic method server .................... 136Implementing a method............................................................................ 136

Creating a method to be executed by Content Server or thedmbasic method server ......................................................................... 136

Limitation on argument length for Docbasic....................................... 137General guideline for the script or program........................................ 137Script or program return values for workflow methods ....................... 137Calling Java or DFC in a Docbasic script............................................. 137

User account (UNIX only) ............................................................. 137dmbasic executables (UNIX only) .................................................. 138Locating the java.ini file (UNIX only) ............................................. 138Sample code ................................................................................. 138

Recording the output ........................................................................ 140Setting method object properties for Content Server execution............. 140Setting method object properties for dmbasic method serverexecution ......................................................................................... 140

Creating a method to be executed by the Java method server................... 141General guideline for the script or program........................................ 141Guidelines for a Java method to be deployed as a BOF module ............ 141Script or program return values for workflow methods ....................... 141Recording the output ........................................................................ 142Storing Java methods ........................................................................ 143Setting method object properties for Java method serverexecution ......................................................................................... 143

Creating a method object....................................................................... 143Using DQL....................................................................................... 144Defining success return codes and success status ................................ 144

Executing a method on demand ................................................................ 145


Table of Contents

Creating jobs and job sequences................................................................. 145Introducing jobs ................................................................................... 146Introducing job sequences ..................................................................... 146

Repository implementation ............................................................... 147Job sequence execution ..................................................................... 147

Determining success for invoked jobs ............................................ 148The repository connection file............................................................ 148

The agent exec process .......................................................................... 148Creating a job ....................................................................................... 149

Using DQL to create a job.................................................................. 149Creating a job sequence......................................................................... 150Scheduling jobs .................................................................................... 150

Defining a job schedule ..................................................................... 151Passing arguments................................................................................ 151The run_now property.......................................................................... 152

Managing jobs.......................................................................................... 153Activating or inactivating a job .............................................................. 153Disabling all jobs .................................................................................. 153Modifying agent exec behavior.............................................................. 154

Setting the polling interval ................................................................ 154Setting the number of jobs in a polling cycle ....................................... 154Turning on tracing for the agent exec process ..................................... 155

Creating and maintaining a repository connection file for jobsequences............................................................................................. 155

Specifying the server connect string ................................................... 155Commas and backslashes in the entries .............................................. 156The dcf_edit utility ........................................................................... 156

Recovering from a job sequence failure .................................................. 158Interpreting a job sequence status report ................................................ 158Executing dm_run_dependent_jobs independently................................. 159

Chapter 5 Managing Repository Sessions ........................................................... 161Terminology............................................................................................. 162The dfc.properties file ............................................................................... 162

Key format ........................................................................................... 162Setting dfc.properties entries ................................................................. 163

Defining connection brokers for connection requests................................... 163Specifying connection brokers ............................................................... 163

Failover and load balancing....................................................................... 164Requesting a specific server connection...................................................... 165

Requesting a server by name ................................................................. 165Requesting a server on a specific host .................................................... 165Requesting a server by name on a specific host ....................................... 165

Turning off trusted login ........................................................................... 166Defining the secure connection default for connection requests.................... 166Configuring the number of connection attempts and the retryinterval .................................................................................................... 167Specifying the maximum number of sessions ............................................. 167Limiting which clients can access a repository ............................................ 168Configuring privileged DFC use ................................................................ 168

Creating client rights objects.................................................................. 168Configuring a repository to accept only authenticated DFCinstances .............................................................................................. 169Enabling privileged DFC....................................................................... 169


Table of Contents

Disabling privileged DFC...................................................................... 170Modifying the Java security policy ........................................................ 170Managing the keystore file .................................................................... 171

Changing the location and name of the keystore file ........................... 171Changing the passwords used with keytool........................................ 171Configuring a shared keystore file ..................................................... 172

Configuring connection pooling ................................................................ 172Enabling connection pooling ................................................................. 172

Configuring login tickets........................................................................... 173Setting ticket validity period.................................................................. 173Setting the ticket cache size for Content Server ....................................... 173Configuring login tickets for backwards compatibility ............................ 173

Changing a sessions configuration ............................................................ 174Changing the assigned default operating system permissions(UNIX only) ............................................................................................. 175Defining short date formats....................................................................... 175Changing the client local area directory location ......................................... 176Setting disk space limits for the client local area ......................................... 176Removing content from client local areas ................................................... 176

Manual clean up................................................................................... 177Managing persistent client caches .............................................................. 177

Enabling and disabling persistent client caching ..................................... 178For a repository ............................................................................... 178For client sessions ............................................................................. 178

Creating cache config objects ................................................................. 179Defining the cached data set .............................................................. 179Defining the server check interval ...................................................... 180Defining the client check interval ....................................................... 181

Manually forcing refreshes ................................................................... 181Flushing a persistent cache................................................................ 181Setting the client_pcaching_change property ...................................... 182

Automating cache config data validation ............................................... 182Overriding consistency checking rules ................................................... 183Defining the persistent cache write interval ............................................ 183Troubleshooting persistent caching ........................................................ 184

Chapter 6 Connection Brokers ............................................................................ 187An overview of connection brokers............................................................ 187

How many connection brokers are there?............................................... 188What information does a connection broker have? .................................. 188How does a connection broker get information? ..................................... 188Locating connection brokers.................................................................. 189Connection broker configuration options ............................................... 189

Servers and connection brokers ................................................................. 189Clients and connection brokers.................................................................. 190Failover for connection brokers ................................................................. 191Load balancing for connection brokers....................................................... 191Configuring a connection broker ............................................................... 191

Connection broker initialization file ....................................................... 192Invoking the initialization file ............................................................... 193Configuring shutdown security (UNIX only).......................................... 193Restricting server access........................................................................ 193Translating IP addresses........................................................................ 194


Table of Contents

Restarting a connection broker .................................................................. 195Windows platforms .............................................................................. 195UNIX platforms.................................................................................... 195

Starting additional connection brokers ....................................................... 196Shutting down a connection broker ........................................................... 197

Windows platforms .............................................................................. 197UNIX platforms.................................................................................... 198Multiple connection brokers on UNIX.................................................... 199

Obtaining information from a connection broker ........................................ 199The getServerMap method .................................................................... 200The getDocbaseMap method ................................................................. 200

Obtaining information about connection brokers ........................................ 200Using the getDocbrokerMap method ..................................................... 201Querying the client config object............................................................ 201

Deleting server information....................................................................... 201

Chapter 7 Content Management .......................................................................... 203Storage area options ................................................................................. 204

File store storage areas .......................................................................... 205Public and private file store areas ...................................................... 205Content encryption ........................................................................... 206Content compression ........................................................................ 206

Content compression characterization............................................ 207Content duplication checking and prevention..................................... 209

How checking and prevention work .............................................. 209Supporting properties................................................................... 209

content_hash_mode and content_dupl_pref ............................... 210r_content_hash ........................................................................ 210

Tracing duplication checking and prevention ................................. 211Digital shredding ............................................................................. 211

EMC Centera storage ............................................................................ 212Configuration options....................................................................... 212

Default retention values ................................................................ 213Compression ................................................................................ 213Whether to link or embed the content in the C-clip ......................... 214The C-clip buffer size .................................................................... 214Write retries ................................................................................. 214Override of the Centera storage strategy configuration ................... 215Maximum number of socket connections used by theCentera SDK ................................................................................ 215Use of the memory map interface for writes to the storagearea ............................................................................................. 215

NetApp SnapLock storage .................................................................... 215Configuration options....................................................................... 216

Default retention values ................................................................ 216Compression ................................................................................ 217

Blob store storage areas......................................................................... 217Turbo storage ....................................................................................... 218Distributed storage areas....................................................................... 218External storage areas ........................................................................... 219

Use constraints ................................................................................. 219Types of external storage areas .......................................................... 219Plug-in objects for external storage .................................................... 220

Linked store storage areas ..................................................................... 221Summary of storage area configuration options .......................................... 222Content and full-text indexes..................................................................... 223


Table of Contents

How objects, contents, and storage are connected ....................................... 223Allocating content to storage areas ............................................................ 224

Using content assignment policies ......................................................... 225What content assignment policies are................................................. 225Creating content assignment policies ................................................. 225Enforcement of assignment policies ................................................... 226Behavior on encountering a rule error ................................................ 227DFC assignment policy information cache.......................................... 227Architectural implementation of assignment policies .......................... 227Algorithm used by the DFC policy engine .......................................... 228Assignment policy administration ..................................................... 229

Using the default storage algorithm ....................................................... 229Primary content algorithm ................................................................ 229Rendition algorithm.......................................................................... 231

Content Retention..................................................................................... 231System-defined storage areas .................................................................... 232File paths and URLs for content files in storage........................................... 233

Path specifications for content in file stores............................................. 233URL specifications for content files ........................................................ 234

Setting up storage..................................................................................... 235Distributed storage setup ...................................................................... 236Setting up blob storage ......................................................................... 236

Using DQL to set up blob storage ...................................................... 236Setting up file store storage areas........................................................... 237

File extensions and the use_extensions property ................................. 237Setting the base URL......................................................................... 238Defining file store storage areas as public (Windows only) ................. 238Using DQL to set up file storage ........................................................ 238Linked store setup ............................................................................ 239

Using DQL to set up linked storage ............................................... 240Setting up external storage .................................................................... 242

An example of importing documents stored on a CD-ROM ................. 242Using the Mount method ............................................................. 243

External URL storage setup ............................................................... 244Setting up external free storage ......................................................... 244Configuring for optimal performance on retrieval............................... 245

Setting up EMC Centera storage areas.................................................... 245Setup procedure ............................................................................... 246Defining storage area retention requirements ..................................... 247Defining the connection string .......................................................... 248

Required privileges for connection strings...................................... 249Defining a connection string supporting EMC Centeraclusters ........................................................................................ 249

Example of use ......................................................................... 250Configuring embedded blob use........................................................ 251Setting the C-clip buffer size.............................................................. 252Configuring write attempts in EMC Centera storage areas .................. 253Overriding the Centera single-instancing configuration ...................... 253Resetting the maximum socket connections allowed ........................... 254Configuring use of a memory map for write operations ...................... 254Setting clocks and time zones for Centera hosts and ContentServer hosts...................................................................................... 255

Setting up NetApp SnapLock storage areas ............................................ 255Setup procedure ............................................................................... 256Enabling content compression ........................................................... 256Defining SnapLock storage area retention requirements ...................... 256

Setting up turbo storage ........................................................................ 257


Table of Contents

Providing automatic file extensions ........................................................... 258Moving content files ................................................................................. 259

MIGRATE_CONTENT administration method....................................... 259Content migration policies ................................................................... 260

Configurable arguments ................................................................... 261Generated log files............................................................................ 262

Records migration jobs.......................................................................... 262Auditing content movement.................................................................. 263

Maintenance operations for storage areas ................................................... 263Changing the state of a storage area ....................................................... 263Determining the state of a storage area................................................... 264Moving file store storage areas .............................................................. 264Enabling forced deletion in EMC Centera storage areas........................... 265Removing orphaned content objects and files ......................................... 266

Using dmclean ................................................................................. 267Including content in retention type storage areas ............................ 268Running dmclean using an EXECUTE statement ............................ 268Running dmclean from the operating system prompt ..................... 269Executing the dmclean script......................................................... 269

Using dmfilescan.............................................................................. 270dmfilescan arguments .................................................................. 270Identifying the subdirectories of the scanned storage areas.............. 271Using the -no_index_creation argument ......................................... 272Using the -force_delete argument .................................................. 272Running dmfilescan using an EXECUTE statement......................... 273Running dmfilescan from the operating system prompt .................. 273The generated script ..................................................................... 273Executing the dmfilescan script ..................................................... 274

Replacing a full distributed storage component ...................................... 274Resolving a compromised file store key ................................................. 275

Administering content assignment policies ................................................ 275Logging policy use ............................................................................... 275Enabling and disabling assignment policies............................................ 276Turning off the policy engine................................................................. 276Configuring behavior on encountering a rule error ................................. 276Configuring the update interval for the policy information cache............. 277

Archiving and restoring documents........................................................... 277How the process works ......................................................................... 277

The archive and restore methods ....................................................... 280The Archive tool ............................................................................... 280

Archiving..................................................................................... 280Restoring ..................................................................................... 281

Moving dump files on and off line .................................................... 282Archiving content used in multiple documents....................................... 283Options for archiving ........................................................................... 283

Scheduling archiving ........................................................................ 283Types of requests .............................................................................. 284The repository operator .................................................................... 284Moving the dump file in and out of the archive directory .................... 284

Choosing an archive directory .............................................................. 285Implementing archiving........................................................................ 285

Starting the Archive tool ................................................................... 286Restoring documents ............................................................................ 286

Archiving restored documents .......................................................... 286Custom restoration ........................................................................... 287

Chapter 8 Users and Groups ............................................................................... 289


Table of Contents

User names .............................................................................................. 290User privilege levels ................................................................................. 291

Basic user privileges ............................................................................. 291Extended user privileges ....................................................................... 293

Privileged groups ..................................................................................... 294Adding users ........................................................................................... 295

Setting user properties .......................................................................... 296User privileges ................................................................................. 297Defining the default ACL .................................................................. 297Setting user_db_name....................................................................... 298Setting default_folder ....................................................................... 298Setting accessible folders ................................................................... 298Setting client capability ..................................................................... 299

Creating a new user with DQL .............................................................. 299Adding multiple users in a single operation ........................................... 299

LDIF file contents ............................................................................. 300Setting up the file ............................................................................. 300Extended characters in the file ........................................................... 301

Granting and revoking user privileges ....................................................... 301Superuser privileges and the admingroup group .................................... 302Granting and revoking privileges using DQL ......................................... 302Granting and revoking privileges using DFC.......................................... 303

Modifying users ....................................................................................... 303Using DQL........................................................................................... 304

Renaming users........................................................................................ 304Deleting users .......................................................................................... 304

Using DQL........................................................................................... 305Deactivating, locking, and reactivating users .............................................. 305

Deactivating or locking users................................................................. 305Reactivating users................................................................................. 306Using DQL to change a users login state................................................ 306

Adding groups ......................................................................................... 307Using DQL........................................................................................... 308

Modifying groups..................................................................................... 309Using DQL........................................................................................... 309

Deleting groups........................................................................................ 309Using DQL........................................................................................... 310

Changing the membership setting of a dynamic group................................ 310Querying groups ...................................................................................... 311

Obtaining a list of members in a group................................................... 311Obtaining a list of groups with a count of the members in each................ 311

Chapter 9 Managing User Authentication ............................................................ 313Authentication options ............................................................................. 313

Default mechanism............................................................................... 314Custom password checking program ..................................................... 314LDAP directory server .......................................................................... 314Authentication plug-in.......................................................................... 314In-line password................................................................................... 315

The assume user and change password programs....................................... 315Assume user ........................................................................................ 315Change Password ................................................................................. 316

Using the default authentication mechanism .............................................. 316


Table of Contents

UNIX platforms.................................................................................... 316Windows platforms .............................................................................. 317Authenticating in domains .................................................................... 317

No-domain required mode................................................................ 318Domain-required mode..................................................................... 318Determining the repositorys authentication mode .............................. 318Converting to domain-required mode................................................ 319

Using a custom external password checking program ................................. 319Basic steps............................................................................................ 319Writing the program ............................................................................. 320

Using Windows domain authentication for UNIX users .............................. 320Modifying the dm_check_password program......................................... 321

Setting auth_protocol........................................................................ 322Setting up the domain controller map ................................................ 322Setting the user_source property ....................................................... 323

Using an LDAP directory server ................................................................ 323Benefits ............................................................................................... 324Constraints .......................................................................................... 324Integrating an LDAP directory server with a repository .......................... 324Using multiple LDAP directory servers.................................................. 325User and group synchronization............................................................ 325

Synchronization and federations ....................................................... 325dm_LDAPSynchronization job .......................................................... 325How the synchronization job determines which LDAPservers to use ................................................................................... 327Attributes set by the dm_LDAPSynchronization job ........................... 327On-demand user synchronization...................................................... 328

User authentication .............................................................................. 328Authentication and federations ......................................................... 328How Content Server determines which server to use forauthentication .................................................................................. 329LDAP authentication options ............................................................ 330Connection retry attempts ................................................................. 330Authentication failover ..................................................................... 330

Failover for extra directory LDAP servers ...................................... 331Tracing failover ............................................................................ 332

Implementing an LDAP directory server ................................................ 332Defining the set-up values................................................................. 333

Distinguished name and bind type ................................................ 334Search bases and filters ................................................................. 334The secure connection properties ................................................... 335

Mapping LDAP attributes to repository user or groupproperties ........................................................................................ 335

Required mappings ...................................................................... 336Defining mapping rules ................................................................ 336Mapping guidelines...................................................................... 337Repository storage of mappings .................................................... 337Mapping examples ....................................................................... 338

Downloading certutil and the certificate authorities ............................ 340Installing the certificate database and CA certificates .......................... 340Activating the dm_LDAPSynchronization job .................................... 341Building and installing an LDAP-enabled passwordchecking program (UNIX only) ......................................................... 341Note on using Active Directory ......................................................... 342Note on using LDAP directory servers with multipleContent Servers ................................................................................ 342

Deleting an LDAP directory server from a repository.............................. 342Setting the retry_interval property for user authentication....................... 343


Table of Contents

How the environment variables are used ........................................... 343How to set the environment variables ................................................ 344

Enabling first-time synchronization rules ............................................... 344Binding LDAP users to a different directory server ................................. 344Listing certificates in the certificate database .......................................... 345Troubleshooting the synchronization job ................................................ 345

Using authentication plug-ins.................................................................... 346Plug-in scope ....................................................................................... 346Identifying a plug-in for use .................................................................. 347

Defining a plug-in identifier .............................................................. 347Using the RSA plug-in .......................................................................... 348Using the CA SiteMinder plug-in........................................................... 348Implementing a custom authentication plug-in....................................... 349

Writing the authentication plug-in ..................................................... 350Internationalization ...................................................................... 350

Tracing authentication plug-in operations .............................................. 351Using an in-line password......................................................................... 351Trusted logins .......................................................................................... 351Unified logins .......................................................................................... 351Managing encrypted passwords ................................................................ 352

Using encryptPassword ....................................................................... 353If you do not want to use encrypted passwords ...................................... 353Changing an encrypted password.......................................................... 354

Limiting authentication attempts ............................................................... 356

Chapter 10 Protecting Repository Objects ............................................................ 359Overview of repository security................................................................. 359

ACLs ................................................................................................... 360Additional security options ................................................................... 360

Application-level control of SysObjects ............................................. 361Dynamic groups ............................................................................... 361Folder security ................................................................................. 362User privileges ................................................................................. 362Table permits ................................................................................... 362

Turning repository security on and off ....................................................... 362Turning folder security on and off ............................................................. 363

Changing folder security....................................................................... 364Setting the default permission level for application-level controlof SysObjects ............................................................................................ 364Object-level permissions ........................................................................... 364

Basic permissions ................................................................................ 365Note on the Relate permit level.......................................................... 366

Extended permissions .......................................................................... 366Viewing extended permissions ......................................................... 367

Managing ACLs ....................................................................................... 368The ACL object type ............................................................................. 369

Access control entries........................................................................ 369AccessPermission and ExtendedPermission entries ......................... 370AccessRestriction and ExtendedRestriction entries.......................... 370

AccessRestriction entries ........................................................... 370ExtendedRestriction entries....................................................... 371Storage in the ACL ................................................................... 371

ApplicationPermission entries ....................................................... 371ApplicationRestriction entries ....................................................... 372


Table of Contents

RequiredGroup entries ................................................................. 372RequiredGroupSet entries ............................................................. 373

How ACL entries are evaluated ............................................................. 374Evaluation for non-owners and non-superusers ................................. 374How access is evaluated for object owners and Superusers .................. 374

Access evaluation for an objects owner .......................................... 375Evaluating a Superusers permissions ............................................ 376

Resolving multiple entries for a user .................................................. 376Disabling ACL restrictive entries ........................................................... 377External and internal ACLs ................................................................... 378

ACL names ...................................................................................... 379System, public, and private ACLs .......................................................... 379Template ACLs..................................................................................... 379Creating ACLs ..................................................................................... 380How ACLs and objects are connected .................................................... 380The default ACLs ................................................................................. 381

Creating default ACLs ...................................................................... 383Assigning a default ACL to an object ................................................. 383Identifying the default ACL for use ................................................... 383

Modifying an ACL................................................................................ 384Adding entries ................................................................................. 384Removing entries.............................................................................. 384

Destroying an ACL ............................................................................... 385Removing unreferenced external ACLs .............................................. 385Removing unreferenced internal ACLs .............................................. 385

Table permits ........................................................................................... 386Setting table permits ............................................................................. 386Table permits and object-level permissions ............................................. 387Table permits and dump and load operations ......................................... 387

Auditing .................................................................................................. 387What events are auditable ..................................................................... 388Audit trails........................................................................................... 388Auditing properties .............................................................................. 388

If audit_old_values is T ..................................................................... 389If audit_old_values is F ..................................................................... 390

Default auditing .................................................................................. 391Turning off default auditing .............................................................. 392Modifying the default auditing.......................................................... 393

Auditing system events......................................................................... 393Auditing application events .................................................................. 393Signing audit trail entries ...................................................................... 394Conflicting registration resolution ......................................................... 395Stopping auditing................................................................................. 396Viewing audit trails .............................................................................. 396Querying and retrieving audit trail entries ............................................. 397Interpreting audit trails of DFC method, workflow, andlifecycle events ..................................................................................... 397

Audit trail properties with a common purpose ................................... 397Properties available for varied purposes............................................. 397

Use in audit trails for events generated by non-workflowor lifecycle methods ...................................................................... 398Use in lifecycle audit trails ............................................................ 404Use in workflow audit trails .......................................................... 405

Interpreting ACL and group audit trails................................................. 413Verifying signed audit trail entries ......................................................... 415Removing audit trail entries .................................................................. 416Auditing in a distributed environment................................................... 416

Implementing signature support ............................................................... 417


Table of Contents

Customizing electronic signatures ......................................................... 417Customizing the default functionality ................................................ 418

Adding or removing properties on the page ................................... 420Changing the property delimiters .................................................. 421Configuring the appearance of the page ......................................... 422Defining separate templates for different document types ............... 423Configuring the number of allowed signatures andsignature positioning .................................................................... 424

Creating custom signature creation methods and associatedsignature page templates .................................................................. 425

Creating custom signature-creation methods.................................. 425Creating custom signature page templates ..................................... 427

Tracing electronic signature operations .............................................. 427Supporting digital signatures ................................................................ 427Customizing simple signoffs ................................................................. 428

Customizing the signature validation program ................................... 428Registering for notification ................................................................ 429Querying the audit trail for signoffs ................................................... 429

Managing the encryption keys................................................................... 429The AEK .............................................................................................. 430

Sharing the AEK or passphrase ......................................................... 430The AEK and distributed sites ........................................................... 431Backing up the AEK.......................................................................... 431

Repository encryption keys ................................................................... 431Encryption utilities ............................................................................... 432Using dm_crypto_boot ......................................................................... 432Troubleshooting with dm_crypto_create ................................................ 433Changing a passphrase ......................................................................... 434

Managing the login ticket key.................................................................... 436Exporting and importing a login ticket key............................................. 436Resetting a login ticket key .................................................................... 436

Configuring a repositorys trusted repositories ........................................... 437Configuring login ticket use ...................................................................... 437

Configuring the default login ticket timeout ........................................... 437Restricting a Superusers use of global tickets ......................................... 438Revoking tickets for a specific repository................................................ 438Troubleshooting a login ticket ............................................................... 438

Configuring application access control token use ........................................ 439Enabling AAC token use by a server ...................................................... 439

Enabling machine-only AAC tokens .................................................. 439Enabling token retrieval by the client library .......................................... 440Generating tokens for storage................................................................ 441

Naming the output file...................................................................... 443Storing tokens generated by dmtkgen .................................................... 443

Troubleshooting an application access control token ................................... 444

Chapter 11 Administration Tools ........................................................................... 445Essential tool concepts .............................................................................. 446

How tools are implemented .................................................................. 449Standard arguments ............................................................................. 449The QUEUEPERSON argument............................................................. 450The window interval............................................................................. 450Reports and trace log files ..................................................................... 451

Reports ............................................................................................ 451Storage ........................................................................................ 451

Trace log files ................................................................................... 452


Table of Contents

Storage ........................................................................................ 452Email messages .................................................................................... 452

Activating and scheduling administration tools .......................................... 453Activation ............................................................................................ 453Defining job schedules .......................................................................... 453

Running administration jobs on demand.................................................... 454Archive ................................................................................................... 454Audit Management .................................................................................. 456Consistency Checker................................................................................. 459

Running the job from a command line ................................................... 460Content Replication .................................................................................. 465Content Warning ..................................................................................... 468Create Full-Text Events ............................................................................. 470

Arguments........................................................................................... 471Report sample ...................................................................................... 474

Data Dictionary Publisher ......................................................................... 475Database Space Warning .......................................................................... 476Dm_LDAPSynchronization ....................................................................... 479

Executing dm_LDAPSynchronization manually ..................................... 482Explicitly specifying LDAP servers in -source_directory ......................... 482

Dmclean ................................................................................................. 482Dmfilescan .............................................................................................. 487File Report .............................................................................................. 493Group Rename ......................................................................................... 498Index Agent Startup ................................................................................. 498Log Purge ............................................................................................... 499Queue Management ................................................................................. 503Remove expired retention objects .............................................................. 506Rendition Manager .................................................................................. 509State of the Repository Report .................................................................. 514Swap Info ................................................................................................ 518ToolSetup................................................................................................. 519Update Statistics ...................................................................................... 519User Chg Home Db .................................................................................. 522User Rename............................................................................................ 523Version Management ............................................................................... 525Tool maintenance and troubleshooting....................................................... 529

Changing the default settings ................................................................ 529Using DQL....................................................................................... 529

Using the tool trace log files .................................................................. 530Viewing the tool reports........................................................................ 530

Chapter 12 Logging and Tracing Facilities ............................................................ 531Introduction ............................................................................................. 531Content Server logging and tracing............................................................ 531

Starting and stopping Content Server tracing operations ......................... 532Starting and stopping tracing from the startup command line ............. 532Using setServerTraceLevel ................................................................ 533


Table of Contents

Using SET_OPTIONS ....................................................................... 535Examples of server tracing .................................................................... 535Determining which tracing options are turned on ................................... 536

DFC logging............................................................................................. 536DFC tracing.............................................................................................. 536

The logger and logging appender .......................................................... 537Enabling tracing ................................................................................... 537Configuring the logging appender ......................................................... 537Trace file names.................................................................................... 539Defining file creation mode ................................................................... 539Defining the timestamp format.............................................................. 540

Defining a date format ...................................................................... 542Defining what is traced ......................................................................... 542

Configuring method tracing .............................................................. 542Defining maximum stack depth to trace ........................................ 542Specifying method entry and exit tracing ...................................... 543Identifying which packages, classes, and methods to trace .............. 543

Tracing users by name ...................................................................... 544Tracing threads by name ................................................................... 545Including the session ID.................................................................... 545Tracing RPC calls ............................................................................. 546Including stack trace for exceptions ................................................... 546Setting verbosity .............................................................................. 546

Directing categories to the trace file ....................................................... 547Interactions of tracing specifications ...................................................... 548Log file entry format ............................................................................. 548Trace file examples ............................................................................... 549

Appendix A Consistency Checks ............................................................................ 551User and group checks.............................................................................. 552ACL checks .............................................................................................. 553SysObject checks ...................................................................................... 554Folder and cabinet checks ......................................................................... 555Document checks ..................................................................................... 556Content object checks................................................................................ 557Workflow checks ...................................................................................... 557Object type checks .................................................................................... 558Data dictionary checks .............................................................................. 559Lifecycle checks ........................................................................................ 560Object type index checks ........................................................................... 561Method object consistency checks .............................................................. 561

Appendix B IDQL and IAPI ...................................................................................... 563Using IDQL.............................................................................................. 563

Starting IDQL......................................................................................

Administration Guide 6.5 300 007 198

Documents

Transcript of Administration Guide 6.5 300 007 198