Administration Guide 6.5 300 007 198
description
Transcript of Administration Guide 6.5 300 007 198
-
EMC DocumentumContent Server
Version 6.5
Administration GuideP/N 300-007-198-A01
EMC Corporation
Corporate Headquarters:
Hopkinton, MA 01748-9103
1-508-435-1000
www.EMC.com
-
Copyright 1994 - 2008 EMC Corporation. All rights reserved.
Published July 2008
EMC believes the information in this publication is accurate as of its publication date. The information is subject to changewithout notice.
THE INFORMATION IN THIS PUBLICATION IS PROVIDED AS IS. EMC CORPORATION MAKES NO REPRESENTATIONSOR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLYDISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.
For the most up-to-date listing of EMC product names, see EMC Corporation Trademarks on EMC.com.
All other trademarks used herein are the property of their respective owners.
-
Table of Contents
Preface .......................................................................................................................... 25
Chapter 1 Introduction ........................................................................................... 27Essential concepts....................................................................................... 27
Installation components .......................................................................... 28Configuration choices ............................................................................. 28Configuration objects.............................................................................. 29
Administration tasks .................................................................................. 29User privilege requirements for administration tasks .................................... 31Administration interfaces............................................................................ 32
Starting Documentum Administrator....................................................... 32Using the Content Server Manager on Windows....................................... 32Using DQL for administrative tasks ......................................................... 33
Documentum tool suite............................................................................... 33Administration methods ............................................................................. 33The dm_error utility ................................................................................... 34Viewing connected users............................................................................. 34Where to look for more information............................................................. 34
Chapter 2 Content Repositories ............................................................................ 37Essential concepts....................................................................................... 37
Repository and server connections........................................................... 38Repository configuration......................................................................... 38
Adding additional repositories .................................................................... 39Adding a repository................................................................................ 40Configuring the new repository for use with MediaTransformation Services ......................................................................... 40Contents of new repositories ................................................................... 41
Managing cabinets and folders .................................................................... 42Public and private cabinets...................................................................... 43Home cabinets........................................................................................ 43Creating folders and cabinets .................................................................. 43Changing and deleting folders and cabinets ............................................. 43
Setting the dd_locales property ................................................................... 44Manipulating type indexes.......................................................................... 44Alternate locations for object-type tables on Oracle and DB2 ......................... 45Configuring storage and handling of date values .......................................... 45Enabling a repository as a global registry ..................................................... 46Dumping and loading a repository .............................................................. 48
Code page compatibility issues................................................................ 48Supporting object types........................................................................... 48Execution methods ................................................................................. 49
EMC Documentum Content Server Version 6.5 Administration Guide 3
-
Table of Contents
Dumping a repository............................................................................. 50Dumping objects under retention ........................................................ 50Aspects and dump operations ............................................................. 51Dumping an entire repository ............................................................. 51Dumping specific objects .................................................................... 51
Setting the type property................................................................. 52Setting the predicate properties ....................................................... 53
Content files and dumping.................................................................. 54Dumping without content ............................................................... 54Including content ........................................................................... 55Compressing content ...................................................................... 55
Setting the cache size .......................................................................... 55Using non-restartable dump ............................................................... 56Using a script to create a dump file ...................................................... 56
Sample script for a full repository dump with contentincluded ........................................................................................ 57Sample script for a partial repository dump ..................................... 57
If the server crashes during a dump operation ...................................... 59Moving the dump file ............................................................................. 59Loading a repository............................................................................... 59
Refreshing repository objects from a dump file ..................................... 60Loading job objects ............................................................................. 60Loading registered tables .................................................................... 61Turning off save event generation during load operations ..................... 61Loading a new repository ................................................................... 61
The preLoad utility ........................................................................ 62Load procedure for new repositories.................................................... 62DocApps............................................................................................ 64
Generating dump and load trace messages............................................... 64Creating location and mount point objects.................................................... 64
Location objects ...................................................................................... 65Mount point objects ................................................................................ 66
Platform aliases .................................................................................. 66Format objects ............................................................................................ 67
The DOS extension property ................................................................... 68The format_class property....................................................................... 68Listing current format objects .................................................................. 68Adding format objects ............................................................................ 69
Using DQL......................................................................................... 69Rich media formats............................................................................. 69
Modifying formats.................................................................................. 70Using DQL......................................................................................... 70
Deleting formats..................................................................................... 71Using DQL......................................................................................... 71
Alias sets.................................................................................................... 71Creating an alias set ................................................................................ 72Modifying or deleting an alias set ............................................................ 72
Working with object types........................................................................... 72Creating a user-defined type ................................................................... 72
Using DQL......................................................................................... 73Modifying an object type......................................................................... 73
Deleting properties ............................................................................. 74Using DQL......................................................................................... 74
Changing the default permissions or default storage area.................. 74Adding a property.......................................................................... 74Deleting a property......................................................................... 75Lengthening a string property ......................................................... 75
4 EMC Documentum Content Server Version 6.5 Administration Guide
-
Table of Contents
Deleting a type ....................................................................................... 76Cleaning up repositories ............................................................................. 76Maintaining query performance .................................................................. 79
Using Update Statistics ........................................................................... 79Setting the DM_GROUP_LIST_LIMIT environment variable ..................... 79
Configuring repository-level package name control ...................................... 80
Chapter 3 Servers .................................................................................................. 83Overview of servers .................................................................................... 84
Server threads (Windows) ....................................................................... 84Parent servers and session servers (UNIX)................................................ 84Configuration......................................................................................... 84Multiple servers ..................................................................................... 85Servers, connection brokers, and clients ................................................... 85The agent exec process ............................................................................ 85ACS servers ........................................................................................... 86JBoss application server .......................................................................... 86
Internationalization .................................................................................... 87The dm_start_repositoryname script (UNIX)................................................... 88The server.ini file ........................................................................................ 88
SERVER_STARTUP section ..................................................................... 89DOCBROKER_PROJECTION_TARGET sections ...................................... 93FUNCTION_SPECIFIC_STORAGE and TYPE_SPECIFIC_STORAGE sections ................................................................................. 94FUNCTION_EXTENT_SIZE and TYPE_EXTENT_SIZE sections ................ 95Keys set during installation ..................................................................... 96
docbase_id ......................................................................................... 96docbase_name .................................................................................... 96database_owner ................................................................................. 96database_conn.................................................................................... 96
Oracle database_conn value ........................................................... 96Sybase database_conn value ........................................................... 97MS SQLServer database_conn value ................................................ 97DB2 database_conn value................................................................ 97
database_name................................................................................... 97Sybase database_name value ........................................................... 97MS SQL Server database_name value............................................... 97
service ............................................................................................... 98host ................................................................................................... 98
Optional keys ......................................................................................... 98acl_update_threshold.......................................................................... 98check_user_interval ............................................................................ 99commit_read_operations..................................................................... 99data_store and index_store ................................................................. 99gethostbyaddr .................................................................................. 100history_sessions and history_cutoff ................................................... 100max_ftacl_cache_size ........................................................................ 100max_nqa_string................................................................................ 101max_sessions_heap_size ................................................................... 101owner_xpermit_default..................................................................... 101saveasnew_retain_source_group ....................................................... 101umask (UNIX only) .......................................................................... 101upd_last_chg_time_from_db ............................................................. 102use_group_address........................................................................... 102validate_database_user ..................................................................... 102
Default keys ......................................................................................... 103
EMC Documentum Content Server Version 6.5 Administration Guide 5
-
Table of Contents
client_session_timeout ...................................................................... 103concurrent_sessions .......................................................................... 103database_refresh_interval ................................................................. 104distinct_query_results ...................................................................... 104enforce_four_digit_year .................................................................... 104ignore_client_domain (Windows only)............................................... 104mail_notification .............................................................................. 105max_storage_info_count ................................................................... 105method_server_enabled .................................................................... 105method_server_threads..................................................................... 105preserve_existing_types .................................................................... 106rdbms_connect_retry_timeout ........................................................... 106server_config_name.......................................................................... 106server_startup_sleep_time................................................................. 106start_index_agents............................................................................ 107ticket_multiplier ............................................................................... 107deferred_update_queue_size............................................................. 107update_access_date .......................................................................... 107user_auth_case ................................................................................. 108user_auth_target (Windows only) ...................................................... 108use_estimate_search ......................................................................... 108wait_for_connect_timeout ................................................................. 108
Moving the server executable (UNIX only) ................................................. 109Changing default operating system permits on directories andfiles (UNIX only) ...................................................................................... 109Changing a servers configuration.............................................................. 109
Modifying the server.ini file .................................................................. 110Modifying the server config object ......................................................... 110
Setting the secure connection mode ........................................................... 110Restarting a server .................................................................................... 111Starting additional servers......................................................................... 112
Configuration requirements .................................................................. 112Creating a shut-down script (UNIX only) ............................................... 113
Communicating with connection brokers ................................................... 114Defining connection broker projection targets......................................... 114
Definitions in the server config object................................................. 115Definitions in the server.ini file .......................................................... 116
Setting the checkpoint interval............................................................... 116Setting the keep entry interval ............................................................... 116Defining server proximity ..................................................................... 117
Specifying queue size for incoming connection requests(Windows only)........................................................................................ 118Shutting down a server ............................................................................. 118
Using the dm_shutdown_repository script (UNIX only) ........................... 119Using the Documentum Content Server Manager (Windowsonly) .................................................................................................... 119Using the Windows user interface (Windows only)................................. 119Using the shutdown method ................................................................. 120
Stopping a session server .......................................................................... 120Server log files.......................................................................................... 121Server load balancing and failover ............................................................. 121Clearing the server common area............................................................... 122Adding additional servlets to the Java method server.................................. 123
6 EMC Documentum Content Server Version 6.5 Administration Guide
-
Table of Contents
Configuring the workflow agent................................................................ 123Changing the number of worker sessions ............................................... 124Changing the sleep interval ................................................................... 124Disabling the workflow agent................................................................ 124Tracing the workflow agent................................................................... 124
Recovering automatic activity work items on Content Server failure ............ 125Managing the JBoss application server ....................................................... 125
Location of binaries .............................................................................. 126Starting and stopping the JBoss application server .................................. 126
Chapter 4 Methods and Jobs ............................................................................... 129Introducing methods ................................................................................ 129Execution agents ...................................................................................... 130
The dmbasic method server................................................................... 130Java method server ............................................................................... 131Content Server ..................................................................................... 131
Choosing the execution agent .................................................................... 132Performance considerations................................................................... 132Security considerations ......................................................................... 133
Tracing options for methods ...................................................................... 133Defining the java.ini file (UNIX only) ......................................................... 134
java_library_path.................................................................................. 134java_version ......................................................................................... 134java_classpath ...................................................................................... 135java_alias_file ....................................................................................... 135java_disabled ....................................................................................... 135
Enabling the dmbasic method server ......................................................... 135Configuring the worker threads in the dmbasic method server .................... 136Implementing a method............................................................................ 136
Creating a method to be executed by Content Server or thedmbasic method server ......................................................................... 136
Limitation on argument length for Docbasic....................................... 137General guideline for the script or program........................................ 137Script or program return values for workflow methods ....................... 137Calling Java or DFC in a Docbasic script............................................. 137
User account (UNIX only) ............................................................. 137dmbasic executables (UNIX only) .................................................. 138Locating the java.ini file (UNIX only) ............................................. 138Sample code ................................................................................. 138
Recording the output ........................................................................ 140Setting method object properties for Content Server execution............. 140Setting method object properties for dmbasic method serverexecution ......................................................................................... 140
Creating a method to be executed by the Java method server................... 141General guideline for the script or program........................................ 141Guidelines for a Java method to be deployed as a BOF module ............ 141Script or program return values for workflow methods ....................... 141Recording the output ........................................................................ 142Storing Java methods ........................................................................ 143Setting method object properties for Java method serverexecution ......................................................................................... 143
Creating a method object....................................................................... 143Using DQL....................................................................................... 144Defining success return codes and success status ................................ 144
Executing a method on demand ................................................................ 145
EMC Documentum Content Server Version 6.5 Administration Guide 7
-
Table of Contents
Creating jobs and job sequences................................................................. 145Introducing jobs ................................................................................... 146Introducing job sequences ..................................................................... 146
Repository implementation ............................................................... 147Job sequence execution ..................................................................... 147
Determining success for invoked jobs ............................................ 148The repository connection file............................................................ 148
The agent exec process .......................................................................... 148Creating a job ....................................................................................... 149
Using DQL to create a job.................................................................. 149Creating a job sequence......................................................................... 150Scheduling jobs .................................................................................... 150
Defining a job schedule ..................................................................... 151Passing arguments................................................................................ 151The run_now property.......................................................................... 152
Managing jobs.......................................................................................... 153Activating or inactivating a job .............................................................. 153Disabling all jobs .................................................................................. 153Modifying agent exec behavior.............................................................. 154
Setting the polling interval ................................................................ 154Setting the number of jobs in a polling cycle ....................................... 154Turning on tracing for the agent exec process ..................................... 155
Creating and maintaining a repository connection file for jobsequences............................................................................................. 155
Specifying the server connect string ................................................... 155Commas and backslashes in the entries .............................................. 156The dcf_edit utility ........................................................................... 156
Recovering from a job sequence failure .................................................. 158Interpreting a job sequence status report ................................................ 158Executing dm_run_dependent_jobs independently................................. 159
Chapter 5 Managing Repository Sessions ........................................................... 161Terminology............................................................................................. 162The dfc.properties file ............................................................................... 162
Key format ........................................................................................... 162Setting dfc.properties entries ................................................................. 163
Defining connection brokers for connection requests................................... 163Specifying connection brokers ............................................................... 163
Failover and load balancing....................................................................... 164Requesting a specific server connection...................................................... 165
Requesting a server by name ................................................................. 165Requesting a server on a specific host .................................................... 165Requesting a server by name on a specific host ....................................... 165
Turning off trusted login ........................................................................... 166Defining the secure connection default for connection requests.................... 166Configuring the number of connection attempts and the retryinterval .................................................................................................... 167Specifying the maximum number of sessions ............................................. 167Limiting which clients can access a repository ............................................ 168Configuring privileged DFC use ................................................................ 168
Creating client rights objects.................................................................. 168Configuring a repository to accept only authenticated DFCinstances .............................................................................................. 169Enabling privileged DFC....................................................................... 169
8 EMC Documentum Content Server Version 6.5 Administration Guide
-
Table of Contents
Disabling privileged DFC...................................................................... 170Modifying the Java security policy ........................................................ 170Managing the keystore file .................................................................... 171
Changing the location and name of the keystore file ........................... 171Changing the passwords used with keytool........................................ 171Configuring a shared keystore file ..................................................... 172
Configuring connection pooling ................................................................ 172Enabling connection pooling ................................................................. 172
Configuring login tickets........................................................................... 173Setting ticket validity period.................................................................. 173Setting the ticket cache size for Content Server ....................................... 173Configuring login tickets for backwards compatibility ............................ 173
Changing a sessions configuration ............................................................ 174Changing the assigned default operating system permissions(UNIX only) ............................................................................................. 175Defining short date formats....................................................................... 175Changing the client local area directory location ......................................... 176Setting disk space limits for the client local area ......................................... 176Removing content from client local areas ................................................... 176
Manual clean up................................................................................... 177Managing persistent client caches .............................................................. 177
Enabling and disabling persistent client caching ..................................... 178For a repository ............................................................................... 178For client sessions ............................................................................. 178
Creating cache config objects ................................................................. 179Defining the cached data set .............................................................. 179Defining the server check interval ...................................................... 180Defining the client check interval ....................................................... 181
Manually forcing refreshes ................................................................... 181Flushing a persistent cache................................................................ 181Setting the client_pcaching_change property ...................................... 182
Automating cache config data validation ............................................... 182Overriding consistency checking rules ................................................... 183Defining the persistent cache write interval ............................................ 183Troubleshooting persistent caching ........................................................ 184
Chapter 6 Connection Brokers ............................................................................ 187An overview of connection brokers............................................................ 187
How many connection brokers are there?............................................... 188What information does a connection broker have? .................................. 188How does a connection broker get information? ..................................... 188Locating connection brokers.................................................................. 189Connection broker configuration options ............................................... 189
Servers and connection brokers ................................................................. 189Clients and connection brokers.................................................................. 190Failover for connection brokers ................................................................. 191Load balancing for connection brokers....................................................... 191Configuring a connection broker ............................................................... 191
Connection broker initialization file ....................................................... 192Invoking the initialization file ............................................................... 193Configuring shutdown security (UNIX only).......................................... 193Restricting server access........................................................................ 193Translating IP addresses........................................................................ 194
EMC Documentum Content Server Version 6.5 Administration Guide 9
-
Table of Contents
Restarting a connection broker .................................................................. 195Windows platforms .............................................................................. 195UNIX platforms.................................................................................... 195
Starting additional connection brokers ....................................................... 196Shutting down a connection broker ........................................................... 197
Windows platforms .............................................................................. 197UNIX platforms.................................................................................... 198Multiple connection brokers on UNIX.................................................... 199
Obtaining information from a connection broker ........................................ 199The getServerMap method .................................................................... 200The getDocbaseMap method ................................................................. 200
Obtaining information about connection brokers ........................................ 200Using the getDocbrokerMap method ..................................................... 201Querying the client config object............................................................ 201
Deleting server information....................................................................... 201
Chapter 7 Content Management .......................................................................... 203Storage area options ................................................................................. 204
File store storage areas .......................................................................... 205Public and private file store areas ...................................................... 205Content encryption ........................................................................... 206Content compression ........................................................................ 206
Content compression characterization............................................ 207Content duplication checking and prevention..................................... 209
How checking and prevention work .............................................. 209Supporting properties................................................................... 209
content_hash_mode and content_dupl_pref ............................... 210r_content_hash ........................................................................ 210
Tracing duplication checking and prevention ................................. 211Digital shredding ............................................................................. 211
EMC Centera storage ............................................................................ 212Configuration options....................................................................... 212
Default retention values ................................................................ 213Compression ................................................................................ 213Whether to link or embed the content in the C-clip ......................... 214The C-clip buffer size .................................................................... 214Write retries ................................................................................. 214Override of the Centera storage strategy configuration ................... 215Maximum number of socket connections used by theCentera SDK ................................................................................ 215Use of the memory map interface for writes to the storagearea ............................................................................................. 215
NetApp SnapLock storage .................................................................... 215Configuration options....................................................................... 216
Default retention values ................................................................ 216Compression ................................................................................ 217
Blob store storage areas......................................................................... 217Turbo storage ....................................................................................... 218Distributed storage areas....................................................................... 218External storage areas ........................................................................... 219
Use constraints ................................................................................. 219Types of external storage areas .......................................................... 219Plug-in objects for external storage .................................................... 220
Linked store storage areas ..................................................................... 221Summary of storage area configuration options .......................................... 222Content and full-text indexes..................................................................... 223
10 EMC Documentum Content Server Version 6.5 Administration Guide
-
Table of Contents
How objects, contents, and storage are connected ....................................... 223Allocating content to storage areas ............................................................ 224
Using content assignment policies ......................................................... 225What content assignment policies are................................................. 225Creating content assignment policies ................................................. 225Enforcement of assignment policies ................................................... 226Behavior on encountering a rule error ................................................ 227DFC assignment policy information cache.......................................... 227Architectural implementation of assignment policies .......................... 227Algorithm used by the DFC policy engine .......................................... 228Assignment policy administration ..................................................... 229
Using the default storage algorithm ....................................................... 229Primary content algorithm ................................................................ 229Rendition algorithm.......................................................................... 231
Content Retention..................................................................................... 231System-defined storage areas .................................................................... 232File paths and URLs for content files in storage........................................... 233
Path specifications for content in file stores............................................. 233URL specifications for content files ........................................................ 234
Setting up storage..................................................................................... 235Distributed storage setup ...................................................................... 236Setting up blob storage ......................................................................... 236
Using DQL to set up blob storage ...................................................... 236Setting up file store storage areas........................................................... 237
File extensions and the use_extensions property ................................. 237Setting the base URL......................................................................... 238Defining file store storage areas as public (Windows only) ................. 238Using DQL to set up file storage ........................................................ 238Linked store setup ............................................................................ 239
Using DQL to set up linked storage ............................................... 240Setting up external storage .................................................................... 242
An example of importing documents stored on a CD-ROM ................. 242Using the Mount method ............................................................. 243
External URL storage setup ............................................................... 244Setting up external free storage ......................................................... 244Configuring for optimal performance on retrieval............................... 245
Setting up EMC Centera storage areas.................................................... 245Setup procedure ............................................................................... 246Defining storage area retention requirements ..................................... 247Defining the connection string .......................................................... 248
Required privileges for connection strings...................................... 249Defining a connection string supporting EMC Centeraclusters ........................................................................................ 249
Example of use ......................................................................... 250Configuring embedded blob use........................................................ 251Setting the C-clip buffer size.............................................................. 252Configuring write attempts in EMC Centera storage areas .................. 253Overriding the Centera single-instancing configuration ...................... 253Resetting the maximum socket connections allowed ........................... 254Configuring use of a memory map for write operations ...................... 254Setting clocks and time zones for Centera hosts and ContentServer hosts...................................................................................... 255
Setting up NetApp SnapLock storage areas ............................................ 255Setup procedure ............................................................................... 256Enabling content compression ........................................................... 256Defining SnapLock storage area retention requirements ...................... 256
Setting up turbo storage ........................................................................ 257
EMC Documentum Content Server Version 6.5 Administration Guide 11
-
Table of Contents
Providing automatic file extensions ........................................................... 258Moving content files ................................................................................. 259
MIGRATE_CONTENT administration method....................................... 259Content migration policies ................................................................... 260
Configurable arguments ................................................................... 261Generated log files............................................................................ 262
Records migration jobs.......................................................................... 262Auditing content movement.................................................................. 263
Maintenance operations for storage areas ................................................... 263Changing the state of a storage area ....................................................... 263Determining the state of a storage area................................................... 264Moving file store storage areas .............................................................. 264Enabling forced deletion in EMC Centera storage areas........................... 265Removing orphaned content objects and files ......................................... 266
Using dmclean ................................................................................. 267Including content in retention type storage areas ............................ 268Running dmclean using an EXECUTE statement ............................ 268Running dmclean from the operating system prompt ..................... 269Executing the dmclean script......................................................... 269
Using dmfilescan.............................................................................. 270dmfilescan arguments .................................................................. 270Identifying the subdirectories of the scanned storage areas.............. 271Using the -no_index_creation argument ......................................... 272Using the -force_delete argument .................................................. 272Running dmfilescan using an EXECUTE statement......................... 273Running dmfilescan from the operating system prompt .................. 273The generated script ..................................................................... 273Executing the dmfilescan script ..................................................... 274
Replacing a full distributed storage component ...................................... 274Resolving a compromised file store key ................................................. 275
Administering content assignment policies ................................................ 275Logging policy use ............................................................................... 275Enabling and disabling assignment policies............................................ 276Turning off the policy engine................................................................. 276Configuring behavior on encountering a rule error ................................. 276Configuring the update interval for the policy information cache............. 277
Archiving and restoring documents........................................................... 277How the process works ......................................................................... 277
The archive and restore methods ....................................................... 280The Archive tool ............................................................................... 280
Archiving..................................................................................... 280Restoring ..................................................................................... 281
Moving dump files on and off line .................................................... 282Archiving content used in multiple documents....................................... 283Options for archiving ........................................................................... 283
Scheduling archiving ........................................................................ 283Types of requests .............................................................................. 284The repository operator .................................................................... 284Moving the dump file in and out of the archive directory .................... 284
Choosing an archive directory .............................................................. 285Implementing archiving........................................................................ 285
Starting the Archive tool ................................................................... 286Restoring documents ............................................................................ 286
Archiving restored documents .......................................................... 286Custom restoration ........................................................................... 287
Chapter 8 Users and Groups ............................................................................... 289
12 EMC Documentum Content Server Version 6.5 Administration Guide
-
Table of Contents
User names .............................................................................................. 290User privilege levels ................................................................................. 291
Basic user privileges ............................................................................. 291Extended user privileges ....................................................................... 293
Privileged groups ..................................................................................... 294Adding users ........................................................................................... 295
Setting user properties .......................................................................... 296User privileges ................................................................................. 297Defining the default ACL .................................................................. 297Setting user_db_name....................................................................... 298Setting default_folder ....................................................................... 298Setting accessible folders ................................................................... 298Setting client capability ..................................................................... 299
Creating a new user with DQL .............................................................. 299Adding multiple users in a single operation ........................................... 299
LDIF file contents ............................................................................. 300Setting up the file ............................................................................. 300Extended characters in the file ........................................................... 301
Granting and revoking user privileges ....................................................... 301Superuser privileges and the admingroup group .................................... 302Granting and revoking privileges using DQL ......................................... 302Granting and revoking privileges using DFC.......................................... 303
Modifying users ....................................................................................... 303Using DQL........................................................................................... 304
Renaming users........................................................................................ 304Deleting users .......................................................................................... 304
Using DQL........................................................................................... 305Deactivating, locking, and reactivating users .............................................. 305
Deactivating or locking users................................................................. 305Reactivating users................................................................................. 306Using DQL to change a users login state................................................ 306
Adding groups ......................................................................................... 307Using DQL........................................................................................... 308
Modifying groups..................................................................................... 309Using DQL........................................................................................... 309
Deleting groups........................................................................................ 309Using DQL........................................................................................... 310
Changing the membership setting of a dynamic group................................ 310Querying groups ...................................................................................... 311
Obtaining a list of members in a group................................................... 311Obtaining a list of groups with a count of the members in each................ 311
Chapter 9 Managing User Authentication ............................................................ 313Authentication options ............................................................................. 313
Default mechanism............................................................................... 314Custom password checking program ..................................................... 314LDAP directory server .......................................................................... 314Authentication plug-in.......................................................................... 314In-line password................................................................................... 315
The assume user and change password programs....................................... 315Assume user ........................................................................................ 315Change Password ................................................................................. 316
Using the default authentication mechanism .............................................. 316
EMC Documentum Content Server Version 6.5 Administration Guide 13
-
Table of Contents
UNIX platforms.................................................................................... 316Windows platforms .............................................................................. 317Authenticating in domains .................................................................... 317
No-domain required mode................................................................ 318Domain-required mode..................................................................... 318Determining the repositorys authentication mode .............................. 318Converting to domain-required mode................................................ 319
Using a custom external password checking program ................................. 319Basic steps............................................................................................ 319Writing the program ............................................................................. 320
Using Windows domain authentication for UNIX users .............................. 320Modifying the dm_check_password program......................................... 321
Setting auth_protocol........................................................................ 322Setting up the domain controller map ................................................ 322Setting the user_source property ....................................................... 323
Using an LDAP directory server ................................................................ 323Benefits ............................................................................................... 324Constraints .......................................................................................... 324Integrating an LDAP directory server with a repository .......................... 324Using multiple LDAP directory servers.................................................. 325User and group synchronization............................................................ 325
Synchronization and federations ....................................................... 325dm_LDAPSynchronization job .......................................................... 325How the synchronization job determines which LDAPservers to use ................................................................................... 327Attributes set by the dm_LDAPSynchronization job ........................... 327On-demand user synchronization...................................................... 328
User authentication .............................................................................. 328Authentication and federations ......................................................... 328How Content Server determines which server to use forauthentication .................................................................................. 329LDAP authentication options ............................................................ 330Connection retry attempts ................................................................. 330Authentication failover ..................................................................... 330
Failover for extra directory LDAP servers ...................................... 331Tracing failover ............................................................................ 332
Implementing an LDAP directory server ................................................ 332Defining the set-up values................................................................. 333
Distinguished name and bind type ................................................ 334Search bases and filters ................................................................. 334The secure connection properties ................................................... 335
Mapping LDAP attributes to repository user or groupproperties ........................................................................................ 335
Required mappings ...................................................................... 336Defining mapping rules ................................................................ 336Mapping guidelines...................................................................... 337Repository storage of mappings .................................................... 337Mapping examples ....................................................................... 338
Downloading certutil and the certificate authorities ............................ 340Installing the certificate database and CA certificates .......................... 340Activating the dm_LDAPSynchronization job .................................... 341Building and installing an LDAP-enabled passwordchecking program (UNIX only) ......................................................... 341Note on using Active Directory ......................................................... 342Note on using LDAP directory servers with multipleContent Servers ................................................................................ 342
Deleting an LDAP directory server from a repository.............................. 342Setting the retry_interval property for user authentication....................... 343
14 EMC Documentum Content Server Version 6.5 Administration Guide
-
Table of Contents
How the environment variables are used ........................................... 343How to set the environment variables ................................................ 344
Enabling first-time synchronization rules ............................................... 344Binding LDAP users to a different directory server ................................. 344Listing certificates in the certificate database .......................................... 345Troubleshooting the synchronization job ................................................ 345
Using authentication plug-ins.................................................................... 346Plug-in scope ....................................................................................... 346Identifying a plug-in for use .................................................................. 347
Defining a plug-in identifier .............................................................. 347Using the RSA plug-in .......................................................................... 348Using the CA SiteMinder plug-in........................................................... 348Implementing a custom authentication plug-in....................................... 349
Writing the authentication plug-in ..................................................... 350Internationalization ...................................................................... 350
Tracing authentication plug-in operations .............................................. 351Using an in-line password......................................................................... 351Trusted logins .......................................................................................... 351Unified logins .......................................................................................... 351Managing encrypted passwords ................................................................ 352
Using encryptPassword ....................................................................... 353If you do not want to use encrypted passwords ...................................... 353Changing an encrypted password.......................................................... 354
Limiting authentication attempts ............................................................... 356
Chapter 10 Protecting Repository Objects ............................................................ 359Overview of repository security................................................................. 359
ACLs ................................................................................................... 360Additional security options ................................................................... 360
Application-level control of SysObjects ............................................. 361Dynamic groups ............................................................................... 361Folder security ................................................................................. 362User privileges ................................................................................. 362Table permits ................................................................................... 362
Turning repository security on and off ....................................................... 362Turning folder security on and off ............................................................. 363
Changing folder security....................................................................... 364Setting the default permission level for application-level controlof SysObjects ............................................................................................ 364Object-level permissions ........................................................................... 364
Basic permissions ................................................................................ 365Note on the Relate permit level.......................................................... 366
Extended permissions .......................................................................... 366Viewing extended permissions ......................................................... 367
Managing ACLs ....................................................................................... 368The ACL object type ............................................................................. 369
Access control entries........................................................................ 369AccessPermission and ExtendedPermission entries ......................... 370AccessRestriction and ExtendedRestriction entries.......................... 370
AccessRestriction entries ........................................................... 370ExtendedRestriction entries....................................................... 371Storage in the ACL ................................................................... 371
ApplicationPermission entries ....................................................... 371ApplicationRestriction entries ....................................................... 372
EMC Documentum Content Server Version 6.5 Administration Guide 15
-
Table of Contents
RequiredGroup entries ................................................................. 372RequiredGroupSet entries ............................................................. 373
How ACL entries are evaluated ............................................................. 374Evaluation for non-owners and non-superusers ................................. 374How access is evaluated for object owners and Superusers .................. 374
Access evaluation for an objects owner .......................................... 375Evaluating a Superusers permissions ............................................ 376
Resolving multiple entries for a user .................................................. 376Disabling ACL restrictive entries ........................................................... 377External and internal ACLs ................................................................... 378
ACL names ...................................................................................... 379System, public, and private ACLs .......................................................... 379Template ACLs..................................................................................... 379Creating ACLs ..................................................................................... 380How ACLs and objects are connected .................................................... 380The default ACLs ................................................................................. 381
Creating default ACLs ...................................................................... 383Assigning a default ACL to an object ................................................. 383Identifying the default ACL for use ................................................... 383
Modifying an ACL................................................................................ 384Adding entries ................................................................................. 384Removing entries.............................................................................. 384
Destroying an ACL ............................................................................... 385Removing unreferenced external ACLs .............................................. 385Removing unreferenced internal ACLs .............................................. 385
Table permits ........................................................................................... 386Setting table permits ............................................................................. 386Table permits and object-level permissions ............................................. 387Table permits and dump and load operations ......................................... 387
Auditing .................................................................................................. 387What events are auditable ..................................................................... 388Audit trails........................................................................................... 388Auditing properties .............................................................................. 388
If audit_old_values is T ..................................................................... 389If audit_old_values is F ..................................................................... 390
Default auditing .................................................................................. 391Turning off default auditing .............................................................. 392Modifying the default auditing.......................................................... 393
Auditing system events......................................................................... 393Auditing application events .................................................................. 393Signing audit trail entries ...................................................................... 394Conflicting registration resolution ......................................................... 395Stopping auditing................................................................................. 396Viewing audit trails .............................................................................. 396Querying and retrieving audit trail entries ............................................. 397Interpreting audit trails of DFC method, workflow, andlifecycle events ..................................................................................... 397
Audit trail properties with a common purpose ................................... 397Properties available for varied purposes............................................. 397
Use in audit trails for events generated by non-workflowor lifecycle methods ...................................................................... 398Use in lifecycle audit trails ............................................................ 404Use in workflow audit trails .......................................................... 405
Interpreting ACL and group audit trails................................................. 413Verifying signed audit trail entries ......................................................... 415Removing audit trail entries .................................................................. 416Auditing in a distributed environment................................................... 416
Implementing signature support ............................................................... 417
16 EMC Documentum Content Server Version 6.5 Administration Guide
-
Table of Contents
Customizing electronic signatures ......................................................... 417Customizing the default functionality ................................................ 418
Adding or removing properties on the page ................................... 420Changing the property delimiters .................................................. 421Configuring the appearance of the page ......................................... 422Defining separate templates for different document types ............... 423Configuring the number of allowed signatures andsignature positioning .................................................................... 424
Creating custom signature creation methods and associatedsignature page templates .................................................................. 425
Creating custom signature-creation methods.................................. 425Creating custom signature page templates ..................................... 427
Tracing electronic signature operations .............................................. 427Supporting digital signatures ................................................................ 427Customizing simple signoffs ................................................................. 428
Customizing the signature validation program ................................... 428Registering for notification ................................................................ 429Querying the audit trail for signoffs ................................................... 429
Managing the encryption keys................................................................... 429The AEK .............................................................................................. 430
Sharing the AEK or passphrase ......................................................... 430The AEK and distributed sites ........................................................... 431Backing up the AEK.......................................................................... 431
Repository encryption keys ................................................................... 431Encryption utilities ............................................................................... 432Using dm_crypto_boot ......................................................................... 432Troubleshooting with dm_crypto_create ................................................ 433Changing a passphrase ......................................................................... 434
Managing the login ticket key.................................................................... 436Exporting and importing a login ticket key............................................. 436Resetting a login ticket key .................................................................... 436
Configuring a repositorys trusted repositories ........................................... 437Configuring login ticket use ...................................................................... 437
Configuring the default login ticket timeout ........................................... 437Restricting a Superusers use of global tickets ......................................... 438Revoking tickets for a specific repository................................................ 438Troubleshooting a login ticket ............................................................... 438
Configuring application access control token use ........................................ 439Enabling AAC token use by a server ...................................................... 439
Enabling machine-only AAC tokens .................................................. 439Enabling token retrieval by the client library .......................................... 440Generating tokens for storage................................................................ 441
Naming the output file...................................................................... 443Storing tokens generated by dmtkgen .................................................... 443
Troubleshooting an application access control token ................................... 444
Chapter 11 Administration Tools ........................................................................... 445Essential tool concepts .............................................................................. 446
How tools are implemented .................................................................. 449Standard arguments ............................................................................. 449The QUEUEPERSON argument............................................................. 450The window interval............................................................................. 450Reports and trace log files ..................................................................... 451
Reports ............................................................................................ 451Storage ........................................................................................ 451
Trace log files ................................................................................... 452
EMC Documentum Content Server Version 6.5 Administration Guide 17
-
Table of Contents
Storage ........................................................................................ 452Email messages .................................................................................... 452
Activating and scheduling administration tools .......................................... 453Activation ............................................................................................ 453Defining job schedules .......................................................................... 453
Running administration jobs on demand.................................................... 454Archive ................................................................................................... 454Audit Management .................................................................................. 456Consistency Checker................................................................................. 459
Running the job from a command line ................................................... 460Content Replication .................................................................................. 465Content Warning ..................................................................................... 468Create Full-Text Events ............................................................................. 470
Arguments........................................................................................... 471Report sample ...................................................................................... 474
Data Dictionary Publisher ......................................................................... 475Database Space Warning .......................................................................... 476Dm_LDAPSynchronization ....................................................................... 479
Executing dm_LDAPSynchronization manually ..................................... 482Explicitly specifying LDAP servers in -source_directory ......................... 482
Dmclean ................................................................................................. 482Dmfilescan .............................................................................................. 487File Report .............................................................................................. 493Group Rename ......................................................................................... 498Index Agent Startup ................................................................................. 498Log Purge ............................................................................................... 499Queue Management ................................................................................. 503Remove expired retention objects .............................................................. 506Rendition Manager .................................................................................. 509State of the Repository Report .................................................................. 514Swap Info ................................................................................................ 518ToolSetup................................................................................................. 519Update Statistics ...................................................................................... 519User Chg Home Db .................................................................................. 522User Rename............................................................................................ 523Version Management ............................................................................... 525Tool maintenance and troubleshooting....................................................... 529
Changing the default settings ................................................................ 529Using DQL....................................................................................... 529
Using the tool trace log files .................................................................. 530Viewing the tool reports........................................................................ 530
Chapter 12 Logging and Tracing Facilities ............................................................ 531Introduction ............................................................................................. 531Content Server logging and tracing............................................................ 531
Starting and stopping Content Server tracing operations ......................... 532Starting and stopping tracing from the startup command line ............. 532Using setServerTraceLevel ................................................................ 533
18 EMC Documentum Content Server Version 6.5 Administration Guide
-
Table of Contents
Using SET_OPTIONS ....................................................................... 535Examples of server tracing .................................................................... 535Determining which tracing options are turned on ................................... 536
DFC logging............................................................................................. 536DFC tracing.............................................................................................. 536
The logger and logging appender .......................................................... 537Enabling tracing ................................................................................... 537Configuring the logging appender ......................................................... 537Trace file names.................................................................................... 539Defining file creation mode ................................................................... 539Defining the timestamp format.............................................................. 540
Defining a date format ...................................................................... 542Defining what is traced ......................................................................... 542
Configuring method tracing .............................................................. 542Defining maximum stack depth to trace ........................................ 542Specifying method entry and exit tracing ...................................... 543Identifying which packages, classes, and methods to trace .............. 543
Tracing users by name ...................................................................... 544Tracing threads by name ................................................................... 545Including the session ID.................................................................... 545Tracing RPC calls ............................................................................. 546Including stack trace for exceptions ................................................... 546Setting verbosity .............................................................................. 546
Directing categories to the trace file ....................................................... 547Interactions of tracing specifications ...................................................... 548Log file entry format ............................................................................. 548Trace file examples ............................................................................... 549
Appendix A Consistency Checks ............................................................................ 551User and group checks.............................................................................. 552ACL checks .............................................................................................. 553SysObject checks ...................................................................................... 554Folder and cabinet checks ......................................................................... 555Document checks ..................................................................................... 556Content object checks................................................................................ 557Workflow checks ...................................................................................... 557Object type checks .................................................................................... 558Data dictionary checks .............................................................................. 559Lifecycle checks ........................................................................................ 560Object type index checks ........................................................................... 561Method object consistency checks .............................................................. 561
Appendix B IDQL and IAPI ...................................................................................... 563Using IDQL.............................................................................................. 563
Starting IDQL......................................................................................