Beruflich Dokumente
Kultur Dokumente
Administration Guide
Release 6.5
UNIX®
© 1997-2004 Interwoven, Inc. All rights reserved.
No part of this publication (hardcopy or electronic form) may be reproduced or transmitted, in any form
or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written
consent of Interwoven. Information in this manual is furnished under license by Interwoven, Inc. and may
only be used in accordance with the terms of the license agreement. If this software or documentation
directs you to copy materials, you must first have permission from the copyright owner of the materials to
avoid violating the law which could result in damages or other remedies.
This Interwoven product utilizes third party components under the following copyrights with all rights
reserved: Copyright 1997 Eric Young; Copyright 2000-2003, Apache Software Foundation
(http://www.apache.org/); Copyright 1999, ExoLab Group; Copyright 1999-2001, Intalio, Inc. If you
are interested in using these components for other purposes, contact the appropriate vendor.
Interwoven, Inc.
803 11th Ave.
Sunnyvale, CA 94089
http://www.interwoven.com
Printed in the United States of America
Release 6.5
Part # 70-11-00-650-300
October 2004
Table of Contents
About This Book 9
Notation Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Default Paths . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Online Documentation Errata . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
What’s in This Manual. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
3
Configuring Server Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Cache Size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
RPC Threadcount. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
File System Threadcount . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Hopi Threads. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Throughput Monitors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Detecting Low Disk Space and Inode Count. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Configuring the TeamSite Server Locale . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Configuring FormsPublisher . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
FormsPublisher Settings in iw.cfg . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
TeamSite Embedded Failsafe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
5
Bringing Down Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Running on Different Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Error Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Chapter 8: Configuring the TeamSite Web Daemon and Proxy Server 123
About the TeamSite Web Daemon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
About the Proxy Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Applying Changes to Proxy Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Configuring TeamSite Web Daemon and Proxy Server Operation. . . . . . . . . . . . . . . . . . . . . 125
Resolving Relative and Absolute Paths. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Document Roots . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Resolving Fully Qualified URLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Redirecting Fully Qualified URLs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Configuring the Proxy Server to Redirect Fully Qualified URLs . . . . . . . . . . . . . . . . 129
Configuring your Web browsers to Use the TeamSite Web Daemon . . . . . . . . . . . . . 129
Redirecting TeamSite Views to Different Areas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Using iwproxy_preconnect_remap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Using iwproxy_preconnect_redirect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Configuring TeamSite to Use Different Web Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Configuring External Remappings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Using iwproxy_preconnect_remap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Using iwproxy_external_remap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Host Header Remappings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Enabling iwproxy Access Control. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Configuring SSI Remapping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Configuring Proxy Failover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Debugging Your Proxy Server Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
7
Appendix D: Internationalization 175
Supported Client and Server Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
Supported Content . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Limitations and Assumptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Content Stores and Character Encoding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
About UTF-8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
URL Commands with Multibyte Characters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
Interfacing with Localized Operating Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
Accessing the Localized Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
Language of the VisualPreview Tool Bar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
Specifying File Encoding of Text Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
Text Editor Encodings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
Usage Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
The TeamSite Administration Guide is a guide for configuring, customizing, and maintaining
TeamSite. It is primarily intended for TeamSite Administrators and Master users, web server
administrators, and system administrators. Users of this manual should be familiar with
basic UNIX commands and be able to use an editor such as emacs or vi.
Many of the operations described in this manual require root access to the TeamSite server,
these operations are listed in Appendix F, “Root Access to TeamSite.” If you do not have
root access to the TeamSite server, consult your UNIX system administrator.
It is also very helpful to be familiar with regular expression syntax. If you are not familiar
with regular expressions, it is recommended that you consult a reference manual such as
Mastering Regular Expressions, by Jeffrey Friedl.
Some TeamSite configuration files make use of XML. For more information about XML,
consult a reference manual or the online specification at
http://www.xml.com/axml/testaxml.htm.
Notation Conventions
This manual uses the following notation conventions:
9
Convention Definition and Usage
Monospaced Monospaced italics are used for command-line variables.The most
italic
common example of this is iw-home, which refers to the directory
where TeamSite is installed. For example:
iw-home\etc\iw.cfg
Default Paths
During installation default paths are used unless the installer specifies otherwise. The default
path for Teamsite is:
Interwoven/TeamSite
Interwoven/Search
The installed paths are referred to in this document as iw-home and iwsearch-home.
11
12 TeamSite Administration Guide
Chapter 1
TeamSite Overview
This chapter introduces the following three major TeamSite concepts and concludes with a
description of the TeamSite system architecture:
" TeamSite Elements
" TeamSite User Roles
" TeamSite Workflow
TeamSite Elements
The following sections describe some common TeamSite concepts that you should be
familiar with before beginning to configure TeamSite.
Content Stores
The Content Store is a large directory created by the TeamSite installation program that
contains TeamSite files and metadata. By default, the Content Store is located in /local/
iw-store.
In releases of TeamSite prior to 5.5, administrators were limited to one Content Store (then
known as the backing store) per TeamSite Content Server. TeamSite now supports as many as
eight Content Stores per TeamSite server (the first is created automatically by the
installation program, and the others are created as needed by the TeamSite administrator).
Branches
TeamSite provides branches for different paths of development for content. Branches can be
related to each other (for example, alternate language versions of the same Web site) or they
may be completely independent. Typically, each branch contains all the content for a Web
site or a major section of it (such as a department), or a collection of related content (such
as the program files for a software application or the image and text files for a book).
Branches can be indexed and searched.
A single branch contains archived copies of its content as editions, a staging area for content
integration, and individual workareas where users may develop content without disturbing
one another. Branches can also contain subbranches, so that teams may keep alternate paths of
development separate from each other. Content can be easily shared and synchronized
13
TeamSite Overview
across branches and subbranches. Users may work on one branch or on several, and the
number of branches on a system is not limited.
Branches facilitate distributed workflow because they allow separate teams to work
independently on different projects. Because all branches are located on the same TeamSite
server, it is easy for one team to incorporate the work of another into their project.
Workareas
Each workarea contains a virtual copy of all related content, which may be modified in any
way without affecting the work of other contributors. Users who have access to a workarea
may modify files within that workarea and view their changes within the context of all
related content before integrating their work with that of other contributors. Users can lock
files in each workarea, eliminating the possibility of conflicting edits.
All changes made to files in a workarea are kept completely separate from other workareas
and the staging area until the user chooses to submit his changes to the staging area. Within
a workarea, users may add, edit, or delete files, or revert to older versions of files without
affecting other users.
Staging Areas
Each branch contains one staging area where contributors incorporate their changes with the
work of others. Users submit files from their workareas to the staging area to integrate their
work with other contributions, and test the integrity of the resulting content. Because the
staging area is an integrated component of the system, conflicts are easily identified and
different versions of the same file can be merged, rather than overwritten.
Editions
Editions are read-only snapshots of a branch, taken at sequential points in its development.
Contributors can create new editions any time they feel their work is well integrated, or any
time they want to create an updated snapshot of all content for reference or deployment to a
production server. For Web site content development, each edition is a fully functional
version of the Web site, so that users can see the development of the Web site over time and
compare it with current work.
The following diagram illustrates the use of TeamSite for Web site development.
Edit
local
computer
Workarea A
Upload
Production Server
TeamSite Branch
TeamSite Branch
Client
Submit
Get Latest
Workarea B Staging Area Edition 3
Publish Deploy
Production
Server
Workarea C Edition 2
Edition 1
Figure 1: TeamSite branches contain private workareas, which contain complete virtual copies of the Web site; staging areas,
where contributors integrate their work; and editions, which are read-only snapshots of the Web site at various points in its
development. Each area contains a virtual copy of the entire Web site. Content is submitted from workareas to the staging
area, and the staging area is then published as an edition. Older editions are available for reference.
15
TeamSite Overview
Authors
Authors are primary content creators. All work done by Authors goes through an explicit
approval step. They can receive assignments from Editors, which are displayed in task lists
when Authors log in to TeamSite. Authors access TeamSite from the browser-based
ContentCenter Standard interface and do not need to be sophisticated computer users.
In order to test their work, Authors have full access to the content in their Editors’
workareas, but do not need to concern themselves with the larger structure and
functionality of TeamSite. The Author role is appropriate for non-technical users or for
more technical contributors who do not need access to extended TeamSite functionality,
such as advanced version management features.
Editors
Editors own workareas. They create and edit content, just as Authors do, but they are
primarily responsible for managing the development taking place within their workareas.
This includes assigning files to Authors and submitting completed content to the staging
area, and it may include creating editions.
Editors have access to specialized TeamSite content and workflow management functions.
Editors are generally “managerial” users, who primarily supervise the work of Authors, or
self-managing “power” users, who need extended TeamSite functionality to manage their
own content.
Administrators
Administrators own branches. They have all the abilities of Editors, but they are primarily
responsible for the content and functioning of their branch. Administrators can manage
project workflow by creating new workareas for Editors and groups and by creating
subbranches of their own branch to explore separate paths of development.
Masters
Master users own the entire TeamSite Content Server. They can create new stores and
perform all the functions of Editors and Administrators on any branch. For each store, the
Master user owns the main branch, from which all subbranches are created. The Master user
is generally involved in the installation of TeamSite and can reconfigure TeamSite on a
system-wide basis.
Other Roles
The TeamSite installation program also creates the following roles and corresponding uid
files:
" content-provider—Provides access to ContentProvider Integration Server
functionality.
" od-admin—Provides access to OpenDeploy administrator functionality.
" od-user—Provides access to OpenDeploy end-user functionality.
These roles are used by other Interwoven products and are described in their corresponding
documentation.
TeamSite Workflow
A workflow model is a general workflow configuration that can be used repeatedly. Each
workflow model describes a process that may include user tasks and a wide variety of
automated tasks. Workflow models are configured by the system administrator or by the
Interwoven Client Services organization.
For more information about configuring different workflow models, consult the TeamSite
Workflow Developer’s Guide.
Task:
Automated
deployment
17
TeamSite Overview
Jobs
A job is a set of interdependent tasks. One example of a TeamSite job would be the set of
tasks needed to prepare a new section in a marketing Web site to support a new product
launch.
Each job is a specific instance of a workflow model. When a job is created, the job creator
must supply all the specific information for that job. For example, the workflow model in
Figure 2 might be used to create the job in Figure 3.
Task:
Andre Task: Pat edits Task:
initiates job Email sent index.html Email sent
to Pat and to Andre
banner.gif
Task:
Automated
deployment
Because jobs follow predefined workflow models, tasks cannot be added to or removed
from individual jobs, although not every possible task may actually take place for a given
job.
Tasks
A task is a unit of work performed by a single user or process. Each task in a job is associated
with a particular TeamSite workarea and carries a set of files with it. The user or process
owning a task can modify, add files to, or remove files from the task.
Tasks have two possible states: active and inactive. A task becomes active when its
predecessor task signals it to do so (predecessor tasks and conditions for activation are all
configured as part of the workflow model). Once the task has been activated, users or
external programs can work on it. For example, once a user task has been activated, the
user can work on the files contained in the task. Once an external task has been activated,
the appropriate external program can run on the files contained in the task. Inactive tasks
are tasks that have been completed or that have not been activated yet.
TeamSite Architecture
The TeamSite Intelligent File System (IFS) is composed of the TeamSite Content Server and
kernel, the TeamSite Content Store of files and metadata, a suite of command-line tools,
TeamSite CGI, proxy servers for access through the TeamSite browser-based user interfaces
(ContentCenter), and file system mounts for access through the file system interface.
The Intelligent File System is the core of the TeamSite system, where detailed information
about the Web site, the Web assets, Web asset metadata, the production process and the
users is stored. The Intelligent File System collects and maintains metadata on TeamSite
files, directories, and areas, and allows TeamSite to process and present information
according to who is asking for the information, and under what conditions. By using an
object-oriented design within a file system architecture, TeamSite combines extensive
metadata tagging with open access and file system performance for Web content.
CSSDK
Soap
Server Browser
TeamSite Web Interfaces
Content RPC Daemon
Server Servlet Local File
(port 80) Manager
(iwserver) Engine
CSSDK
Content Content
Services
Web Applications
/.iwmnt Server iwproxy
Filesystem (port 81)
TeamSite Workarea
mount
kernel NFS Virtualization
(wfs) (port 1080) Local File
/iwmnt Manager
Filesystem
mount
NFS mount
Samba
Figure 4: The client computer connects to the TeamSite server in several ways. Requests from the browser interfaces or Local
File Manager are routed through the TeamSite Web daemon, which allows consistent views of TeamSite areas. The double
proxy server redirects hard-coded links within the Web site. Requests through the file system interface (NFS mount/Samba)
and command-line tools, which do not go through the web server, are not routed through a proxy server.
19
TeamSite Overview
contained in the collection of content. The only physical files contained within TeamSite
areas are the files that have actually been modified in those areas. That is, the only files
actually contained in a workarea are those files that have been modified in that workarea but
not yet submitted to the staging area. The only files contained in the staging area are the files
that have been submitted since it was last published. The only files in an edition are the files
that have changed since the previous edition was published.
default or
store name*
main
admin INITIAL
WORKAREA STAGING EDITION
INITIAL
Legend: andre pat
pat chris
chris
System-created ed_0001
User-created
* Store name is user-assigned in
MultiStore implementations
It may also contain directories that hold subbranches. In the example above, the main
branch (main) contains one workarea (admin), a staging area, an initial edition, and a
subbranch (development). The subbranch contains three user-defined workareas (andre,
pat, and chris), a staging area, and two editions, one of which is user-generated
(ed_0001).
Although many of the files contained within this file system structure are virtual, they can be
treated as if they were real. They appear to exist even when you run link checkers and
scripts against them. However, staging areas, editions, and container directories (for
example, WORKAREA, EDITION, main, or development) are all read-only. Only workareas
can be written to.
Most of the settings for the TeamSite server are configured in the main configuration file,
iw-home/etc/iw.cfg (default location).
TeamSite configuration files are divided into sections that display in square brackets (the
iwwebd section isshown in the following example). The configurable parameter
(http_port) is to the left of the equal sign, and the current setting (80) is to the right, for
example:
[iwwebd]
http_port=80
Changes to most of these configuration settings take effect within a few minutes (although
for options that affect a user interface, users may need to clear their browser cache in order
to see the changes). For these settings to take immediate effect, use the iwreset
command-line tool (CLT). Configuration options that require TeamSite to be restarted in
order to take effect are noted where appropriate.
Note: If section headings are duplicated in the iw.cfg file, some or all of the values given
for the parameters in one copy of the section will be ignored. Verify that a section
heading only appears once in your iw.cfg file.
21
Configuration File Overview
For workflow-related configuration options, see the TeamSite Workflow Developer’s Guide. For
FormsPublisher configuration options, see “Configuring FormsPublisher” on page 39.
Table 1 lists the configurable options, the file where they are located, and the page that
describes the option.
Table 1: Configurable TeamSite Options
Option Configuration file Page
Configuring UI functionality
Enabling/disabling VisualPreview iw.cfg page 25
Configuring email settings iw.cfg page 26
Configuring server functionality
Controlling modification time iw.cfg page 26
Modifying extended attributes iw.cfg page 27
Setting the encoding of iw.cfg iw.cfg page 27
Configuring the Web daemon iw.cfg page 28
Configuring the servlet engine iw.cfg page 28
Locked file submission iw.cfg page 29
Setting the main branch locking model iw.cfg page 28
Specify the number of versions to check for the iw.cfg page 30
common ancestor of compared files
Configuring the events logged in the submit and iw.cfg page 30
update logs
Configuring Autoprivate autoprivate.cfg page 30
Enabling the Event Subsystem iw.cfg page 33
Configuring encoding rules for text files file_encoding.cfg page 161
Configuring server performance
Setting cache size iw.cfg page 35
Setting RPC thread count iw.cfg page 36
Setting file system threadcount iw.cfg page 36
Setting Hopi thread count iw.cfg page 36
Setting Hopi TCP/IP port number iw.cfg page 36
Setting Hopi maximum requests iw.cfg page 36
Setting Hopi thread idle time iw.cfg page 36
Setting throughput monitors iw.cfg page 37
Detecting low disk space and inodes iw.cfg page 38
Configuring the TeamSite server locale iw.cfg page 38
Setting TeamSite file locations iw.cfg page 49
Configuring FormsPublisher
Setting FormsPublisher default directory iw.cfg page 40
Setting number of previews iw.cfg page 40
Specify directory for preview files iw.cfg page 40
23
Configuration File Overview
This chapter contains information on configuring the TeamSite server, including setting
functionality that impacts users and controlling file locking.
[iwproxy_smartcontextedit_allowed]
_default=yes
_regex=(.*)/WORKAREA/andre/.*=yes
_regex=\.cgi(\?.*)?$=no
25
Configuring the TeamSite Server
Optional entry that specifies whether or not to use a mapping file to configure
individual email addresses or aliases.
" email_mapping_file=path_to_file
Optional entry that specifies the location of the mapping file to use (a sample file is
located in iw-home/local/config/wft/email_map.cfg).
" debug_output=path_to_file
An optional entry that specifies that debug output will be sent to the file location
indicated.
By default, old_mod_times is set to true, and the modification time of a file is the time a
user last changed the file's contents. Submitting a file to the staging area or updating it into
your workarea through Get Latest does not affect the modification time; the modification
time will be the same as the modification time of the source file. If old_mod_times=false,
the modification time of a file is the later of the time (1) a user last changed its contents and
(2) the time the file was updated into the workarea (with get-latest, copy-to-area, or
iwupdate operations) or submitted if it is a file in the staging area or an edition).
This distinction is important when you are using TeamSite for SCM. A lot of build tools, like
UNIX make, rely on timestamps to determine whether it needs to regenerate object files.
They typically compare the modification time of the source file with the modification time
of the corresponding object file and decide to rebuild the object file only if the source file
has a later modification date. If you use such a build tool out of a TeamSite workarea with
old_mod_times=yes (the default), you could have problems if your workarea is not updated
before a build.
For example: You run make to recompile file1.c in your workarea. This generates object
file file1.o, with the current time as its modification time. However, yesterday another
user submitted another version of file1.c, but you did not update your workarea before
running make. This newer version of file.c has a modification time from yesterday (when
it was modified before being submitted). If you now update your workarea, you will get the
new version of file1.c, but its modification time would still be the time from yesterday. By
default, with old_mod_times=yes, the modification time of a file has no correlation to the
time you update your workarea. If you run make again, it would fail to recompile the new
version of file1.c, because the modification time of file1.o is later than the modification
time of the newer file1.c. This can be fixed by setting old_mod_times=no. The
modification time of file1.c would then show in your workarea with the time when you
did the get-latest procedure, and make would know to regenerate the object file.
The old_mod_times setting only affects the modification time displayed through the file
system interface and not through ContentCenter. The modification time of a file in a user
interface is always the time the contents changed.
To change the encoding of the iw.cfg file, add the following lines to the beginning of the
file:
[iwcfg]
encoding=encoding_type
27
Configuring the TeamSite Server
" euc-kr
" shift_jis
" utf-8
Note: This must be the first section in the iw.cfg file—no other entry can precede it.
Web Daemon
To set Web daemon defaults, edit the [iwwebd] values in the iw.cfg file:
[iwwebd]
host=hostname.domain
http_port=80
https_port=443
default_protocol=http
The default_protocol setting is used by the following scripts when TeamSite generates
URLs:
For more settings in [iwwebd], refer to Chapter 8, “Configuring the TeamSite Web
Daemon and Proxy Server.”
Servlet Engine
By default, the servlet port is set to 8080. To change this setting, edit the servlet_port
value in the [teamsite_servlet_ui] section of the iw.cfg file.
[teamsite_servlet_ui]
servlet_port=8080
Locking Models
TeamSite supports three types of file locking:
" Submit Locking – Only users within the workarea where the file is locked may submit
the file (default); this is the least restrictive locking model.
" Optional Write Locking – Users choose whether to lock files they edit.
" Mandatory Write Locking – Users cannot edit a file without locking it.
A branch’s locking model is set when it is created. Different branches on one TeamSite
server may use different types of locking. All workareas on a branch use the same type of
locking.
When a file is locked, it is locked for a particular workarea. That is, all users who have
access to that workarea can edit the file. In addition, all users who have previously modified
the file can edit it in their workareas (but not lock it).
Creating a new Content Store also creates a new main branch. You can specify which
locking model to use for the main branch of a new Content Store by completing the
following procedure:
29
Configuring the TeamSite Server
Comparing Files
When TeamSite is comparing two versions of a file, it checks the version history chain to
determine a common ancestor for the two versions. You can specify the number of versions
to check using the compare_search_limit option in iw.cfg, as follows (the default is 20):
[iwserver]
compare_search_limit=20
[iwserver]
event_log_size=64
The [iwserver] section also contains two lines that configure whether or not you want all
the files contained in new or deleted directories to be listed individually in the Submit and
Update logs. The default setting (no) as shown in the following lines only displays the
directory names:
[iwserver]
full_submitlog=no
full_updatelog=no
To show all the files that were contained within the directory that was added or deleted,
edit the appropriate line to specify yes.
Autoprivate Feature
TeamSite’s Autoprivate feature enables you to prevent certain file types (including
temporary files and Macintosh resource forks) and directories, from being submitted to the
staging area or copied during a Copy To operation. File types specified in the Autoprivate
configuration file automatically get marked Private.
Note: Changes to Autoprivate only apply to files or directories that are created or
renamed after the changes are made. Changes do not apply to existing files.
Each section is set off by parentheses on their own lines, and the file begins with a “ ( ”
(open parenthesis) on its own line and ends with a “ ) ” (close parenthesis) on its own line.
((filenamepattern)(#_characters_to_match_at_beginning)
(#_characters to match_at_end))
For example, to have Autoprivate detect any file or directory that ends with .frk, add the
following entry:
((x.frk)(0)(4))
meaning to match zero characters at the beginning of the name and the four characters
(.frk) specified at the end of the name.
To set Autoprivate to detect any filename that ends in .backup.fm, add the following
entry:
((x.backup.fm)(0)(a))
where 0 specifies not to match any characters at the beginning, and a (hexidecimal 10)
specifies to match ten characters at the end of the filename.
Entries in the second section specify exact filename matches, set off by double parentheses.
These filename matches apply across all directories in all workareas on the TeamSite server.
For example, if autoprivate.cfg includes:
((test))
then all files and directories named test that are created after this line is added, in all
directories in all workareas in TeamSite, will be marked private.
The autoprivate.cfg file recognizes the following six special characters: ( ) [ ] # and
a space (spacebar). If your file names contain any of these characters, you must encode
these values when specifying them as a pattern. For example, to have Autoprivate detect a
file name that includes spaces, encode the spaces with a \20, for example, to match
“Network Trash Folder” include:
((Network\20Trash\20Folder))
31
Configuring the TeamSite Server
Encodings are represented as \xx where xx is the hex value of the corresponding ASCII
character. The following table shows the mappings for the six special characters.
Encoding examples:
For changes to autoprivate.cfg to take effect, restart the TeamSite server or use the
iwreset command-line tool.
The Event Subsystem uses a JMS (Java Message Service)-compliant model of message
delivery, which is based on three concepts:
" Events – Synonymous with message. Events are the result of changes, end-user actions, or
occurrences in a Publisher program. For example, TeamSite server events include (but
are not limited to):
! CreateBranch
! Submit
! TaskActivate
Events have names and properties, such as user, role, and timestamp, that are
represented in the Event Subsystem as attribute/value pairs.
A subscriber can be set up to perform functions after a TeamSite event occurs. For
example, an index can be updated after files are submitted.
" Publishers – Applications that send events to the Event Subsystem. The Event Subsystem
then passes the events to Subscribers that have registered to receive them.
" Subscribers – Applications that register with the Event Subsystem to receive events.
Subscribers can filter events so that they receive only the ones they need.
TeamSite Search
Server Proxy Servlet
Reporting
Message Service
Implementation
The Event Subsystem is configured by the TeamSite installer. Refer to the TeamSite
Installation Guide for information.
33
Configuring the TeamSite Server
If the line is not included, add it to the iw.cfg file. Save and close the file; issue the
iwreset CLT.
Note: The iw.cfg file may contain other commented-out settings in the
[event_subsystem] section; ignore these settings.
When you installed TeamSite, you were asked for information about your database system.
If that process was successful and no warning messages were issued, your database system is
active. If that information was not provided or if the database system was not configured
properly, perform the following steps to set up RDBMS-based event persistence:
1. Make a copy of the following file:
iw-home/eventsubsystem/conf/jmsconfignew_rdbms.xml.example
MsSQL mssqlserver.jar
msbase.jar
msutil.jar
5. Create and register database tables before you start the Event Subsystem. A number of
SQL scripts that let you create and register the tables are included with TeamSite and
reside in the following location:
iw-home/eventsubsystem/conf/ddl/create_dbvendor.sql
Run the script that corresponds with the database to use. You can execute the SQL
script using a client utility supplied by the database vendor. For example, if you are
using an Oracle database, use SQL*Plus. If you are using Microsoft SQL Server, use
Query Analyzer.
If you are running this script for the first time, the Event Subsystem tables may not be
present and you will receive an error message. Ignore the error message and continue
executing the script.
6. Configure Event Subsystem logging by editing the log4j.xml file in
iw-home/eventsubsystem/conf. Only the location and name of the configuration file
need to be specified. The Event Subsystem uses log4j for logging. More information
about this can be found at www.apache.org/log4j.
7. Start the Event Subsystem byrunning the iw-home/private/bin/iweventsubd script.
8. Restart JmsProxyServlet to ensure that the servlet engine starts publishing to the
Event Subsystem by entering the following commands at the prompt.
iwreset
iwreset -ui
Cache Size
To set the TeamSite cache size, edit the cachesize line in the [iwserver] section of
iw.cfg. If a comment symbol (#) begins the line, remove it. If this line does not appear in
your iw.cfg file, add it as shown below. The initial cache size setting should be
approximately three times the number of files and directories on the largest branch.
For example, if the largest branch contains 15,000 files and directories, you should set cache
size to 45000 as follows:
[iwserver]
cachesize=45000
Minimum cache size is 1000; maximum is 400,000 entries. Each cache line takes a
maximum of 1KB of physical memory. Recommended physical memory is cache size times
1KB plus an additional 25% as a safety margin. In the example shown below, physical
memory would be (45,000 * 1KB) + 11MB = 56MB. If you encounter a great deal of
memory swapping, you should either reduce the cache size or install more memory.
35
Configuring the TeamSite Server
Note: The value of cachesize is not the amount of memory that is used, but the number
of objects kept in the cache.
You must restart the TeamSite server for this change to take effect.
RPC Threadcount
The RPC threadcount setting determines how many simultaneous requests TeamSite can
handle from RPC clients. These requests are very short-lived, so that threads are quickly
freed for other users. If all threads are currently being used, TeamSite starts to serialize
requests.
[iwserver]
rpc_threadcount=64
You must restart the TeamSite server for this change to take effect.
Hopi Threads
Hopi is a file transport mechanism for making remote procedure calls between client and
server programs. It has several configuration settings; however, you most likely will not
need to modify these settings.
To control the number of threads that the server creates for handling client requests, set
hopi_threads:
[iwserver]
hopi_threads=256
The default value is 256. Increase this value if the system starts to refuse connections under
heavy loading, indicating it is out of threads). A guideline is to set this to four times the
maximum number of concurrent users, up to a maximum of 1024.
To set the TCP/IP port on which requests are received, set hopi_port:
[iwserver]
hopi_port=8898
The default setting is 8898. You need to change this value if the default setting conflicts with
another application on the same system. The port number can be between 1 and 65535.
To set the maximum number of requests that can be sent to iwserver over the same TCP/IP
connection, use hopi_max_requests_per_connection:
[iwserver]
hopi_max_requests_per_connection=500
The default setting is 500. If a system has a large number of concurrent users and is running
out of threads or connections, it may help to reduce this value so that threads/connections
become available for new clients more quickly. On the other hand, if an application
legitimately and routinely makes more than 500 requests in a short period of time, it may
help to increase this value in order to reduce the overhead of having to reconnect each time
the limit is reached.
To set the maximum amount of time a request thread can be idle waiting for a new request
before it closes the connection, use hopi_idle_session_timeout:
[iwserver]
hopi_idle_session_timeout=5
The time is specified in seconds and the default is 5. Systems with a large number of
concurrent users may need to reduce this value if they find they are running out of threads
or TCP/IP connections frequently.
Throughput Monitors
Throughput monitors can be used in conjunction with the iwstat CLT to monitor system
status and performance. By default, the throughput monitoring is set to off. To turn on
throughput monitoring edit the thruputmonitoring line in the [iwserver] section of
iw.cfg as follows:
[iwserver]
thruputmonitoring=on
After turning monitoring on, the five default throughput monitors are activated. They
return system statistics over the previous minute, 15 minutes, hour, eight hours, 24 hours,
and for the entire time that the system has been running.
You can deactivate any of the default monitors by adding a comment mark (#) to the
beginning of the line. The last two throughput monitors can be configured with custom
time intervals.
37
Configuring the TeamSite Server
[iwserver]
thruputmonitoring=on
thruputmonitor1=1 # 1 minute
thruputmonitor2=15 # 15 minutes
thruputmonitor3=60 # 1 hour
thruputmonitor4=480 # 8 hours
thruputmonitor5=1440 # 24 hours
thruputmonitor6=-1 # forever
thruputmonitor7
thruputmonitor8
The three disklow lines in the [iwserver] section of iw.cfg control the behavior of
disk/inode low detection. They are shown here with their default settings:
[iwserver]
disklow_mbytes=50
disklowpercent=10
disklow_knodes=50
" disklow_mbytes—Defines the freeze threshold in MB for the TeamSite server. The
TeamSite server does not allow any write operations if the disk space falls below this
setting.
" disklowpercent—Defines the percentage of free disk space that is considered low. If
the server detects a low-disk state based on the threshold set in iw.cfg, it does not
allow you to manually unfreeze the Content Store with the iwfreeze command. The
TeamSite server does not allow disklowpercent to go below 2 percent.
" disklow_knodes—Defines a freeze threshold in thousands of inodes for the TeamSite
server.
This setting is automatically created in the iw.cfg file when iwserver is started. The native
locale is determined by reading the LANG environment variable. Once the server_locale
setting exists in the iw.cfg file, it is used to determine the TeamSite server’s native locale
at every invocation of iwserver. If this setting is not present, iwserver determines its locale
from the LANG environment variable.
Note: While this setting can be user-modified, it is designed to serve as reference as to the
locale in which iwserver is currently running. If you have a situation where you
want to force iwserver to run in a particular locale (independent of the LANG
environment variable) you can stop the TeamSite server, manually edit the
server_locale line, then restart the TeamSite server.
The locale in which the server operates (as defined by the server_locale entry),
effectively determines the locale of the TeamSite IFS. For example, if iwserver runs under
the Japanese_Japan.Shift_JIS@Binary locale, all file and directory names are encoded
in Shift_JIS encoding.
The server_locale setting in the iw.cfg file can contain any of the locales listed in the
following table (note that these settings are Interwoven naming conventions—the operating
system locales to which they map are also contained in the table):
Configuring FormsPublisher
The following sections describe how to configure TeamSite FormsPublisher to provide an
example templating environment. After the initial setup is complete, you can:
" Use the example templating environment to become familiar with the TeamSite
FormsPublisher end-user features.
" Customize the example environment to create your site-specific configuration.
Perform the following steps to set up the example FormsPublisher environment. You must
copy these files and directories to locations that are specific to your site.
1. Decide which workarea you will use for the initial TeamSite FormsPublisher setup.
39
Configuring the TeamSite Server
Ideally, this workarea should be on a temporary test branch where you can submit and
publish without affecting the rest of your TeamSite installation. After TeamSite
FormsPublisher is configured in a workarea on this test branch, you can copy the
workarea to a permanent branch. You can then submit the workarea to the staging area
and use Get Latest to propagate the setup to other workareas on the branch.
2. Read the iw-home/examples/Templating/README file (and README files in the each
subdirectory) for details about directory contents and last-minute information that
might not be documented elsewhere.
3. Copy the contents of iw-home/examples/Templating/templatedata (including the
templatedata directory itself) to the workarea determined in step 1.
Note:
! Ensure all users have read and write permission for each file.
! Do not change any directory or file names.
! The end result should be workarea_name/templatedata/...
4. Edit the templating.cfg file to specify the branches where FormsPublisher is used.
5. Optionally, edit the available_templates.cfg file as described in the Workflow
Developer’s Guide.
[teamsite_templating]
data_root=directory
the corresponding preview files. These files are marked private so they will not be
submitted to the staging area or shown in a TeamSite directory listing.
[teamsite_templating]
preview_history_limit=value
The preview_system_directory parameter in the iw.cfg file puts preview system files,
such as manifest files, in a directory other than data_root (templatedata).
[teamsite_templating]
preview_system_directory=directory
Embedded Failsafe improves reliability by automatically flushing the cache at clean flush
points, thereby reducing the possibility of on-disc metadata inconsistencies caused by
abnormal server termination.
41
Configuring the TeamSite Server
This chapter describes configuration settings and procedures that can be used to manage and
enhance your server performance. While there are many variables that contribute to your
TeamSite server performance, the information contained in this section should prove useful
to most TeamSite administrators.
If the iwserver process (that is, the TeamSite server) is running, you will see a response
similar to this:
root 18309 18304 1 08:03:10 ? 2:56 /usr/iw-home/bin/iwserver
local/iw-store
If you do not see a similar response, iwserver is not running. To troubleshoot your
installation:
! Solaris—Check the iwtrace.log file to see if TeamSite stopped abnormally
producing an EXITED: message.
2. If you determine that the TeamSite server stopped abnormally, stop the Teamsite ser-
vices with the following command:
% /etc/init.d/iw.server stop
% /etc/init.d/iw.server start
43
Managing the TeamSite Server
Note: If you stop the TeamSite server while there are open handles (for example,
someone has a file from the Content Store open, or is exploring it, or it is remotely
mounted), either of the following entries may be written to iwtrace.log:
ERROR: DrvUnMountDevice - Lock volume failed Access Denied
or:
Trying to delete non-existent vnode 0xXXXXXXXX
To reset the server to ensure that only one server process is running:
2. Verify that all server processes have stopped. If not, manually kill any remaining pro-
cesses. For more information on the kill command, consult a UNIX reference manual.
3. Restart the server with the following command:
% /etc/init.d/iw.server start
If the TeamSite server is responding, you will see a response similar to this:
iwserver: 6.5.0 Build 35489 Interwoven 20040930
If the server does not respond or stops, then the server is not handling requests correctly.
Restart the server as described in “Checking for Multiple Servers” on page 44.
If the server does not respond properly, stop and restart it with:
/etc/init.d/iw.server stop then /etc/init.d/iw.server start.
For detailed information about iwgethome and all TeamSite CLTs, refer to the TeamSite
Command-Line Tools manual for your platform.
WWFS Log
On system startup, the TeamSite kernal device driver (iwovwfs) is installed. This occurs
before most other services are up. Messages from this installation are logged into
/var/adm/iwwfs.log, and an error message is printed to the console instructing you to
look at this log file. The location of this file cannot be changed.
Installation Log
The TeamSite installation log records the prompts and your replies to them during the
execution of the TeamSite installation program. The file is called iwinstall.log and by
default, is located in iw-home/install/.
45
Managing the TeamSite Server
ConfigurationServer Log
The server log records the state of TeamSite over time—including, but not limited to—
when the TeamSite server is started, stopped, and mounted. The file is called
iwserver.log and by default, is located in iw-home\local\logs. If the file is not in the
default location, you can locate it by checking the /etc/defaultiwtrace file.
You can also find this file using the CLT iwgetlog.
Trace Log
The trace log records any irregularities on the TeamSite server. It is primarily used by
Interwoven Consulting Services to diagnose system performance issues. The file is called
iwtrace.log and by default, is located in iw-home\local\logs. If the file is not in the
default location, you can locate it by checking the /etc/defaultiwtrace file.
You can also find this file using the CLT iwgettrace.
Events Log
The iwevents.log records TeamSite activities—including, but not limited to—file
submits, edition, branch and workarea creation, and DiskLow, Freeze, ShutDown, StartUp
and Thaw events. It is used with TeamSite triggering scripts. By default, the file is located in
iw-home\local\logs.If the file is not in the default location, you can locate it by checking
the /etc/defaultiwelog file. You can also find this file using the CLT iwgetelog. The
entries in your iwevents.log file will be similar to these:
event-specific
timestamp user role event information
event-specific information
(the example line wrapped)
The last sample line states that on Friday August 22, 2004, the user tom, who is logged in
with the role of editor, took ownership of task 0x3ffd8 (or 262104). The task is labeled
Editor Review in job 262095 and is part of a workflow named CPE Workflow. The user
tom assigned ownership to the task to tom (himself).
Workflow Log
The workflow log records the output from workflow runtime diagnostics. It is located in
iw-home\local\logs\iwjoberrors.log. The log file contains entries when the following
events occur:
" When the TeamSite server encounters an error compiling a workflow, including:
! a task’s named owner has insufficient privileges to its areavpath
! an areavpath does not exist
This does not include every workflow specification that has errors—some errors occur
on the client.
" When the workflow engine has problems while running tasks in a job, including:
! attempting to create a task variable that already exists.
! attempting to add a file to a task that is already in its file list.
A new log file, iwprocoutput.log, contains the standard output and standard error from
processes spawned from iwprocessd. This data was formerly logged to iwtrace.log.
See TeamSite Command-Line Tools for details about iwstat usage and output.
47
Managing the TeamSite Server
# iwopenapiboot start
You can also stop and restart the OpenAPI daemon with the following commands:
" iwopenapiboot stop
" iwopenapiboot restart
For more information about OpenAPI, consult the administration chapter of the OpenAPI
Developer’s Guide, available online as part of the OpenAPI SDK.
File Locations
The [locations] section of iw.cfg must be updated if you change the locations of certain
TeamSite files and directories from their default locations. To change the location of one of
the following files, remove the comment (#) marks from its line and edit the line to point to
the new location (ensure that the [locations] line is not also commented out). After
restarting, TeamSite looks for the specified file or directory in the new location.
[locations]
iwbin=/usr/iw-home/bin
iwmount=/iwmnt
iwcgimount=/.iwmnt
iwroles=/usr/iw-home/local/config/roles
iwstore=/local/iw-store
iwsubmitconfig=/usr/iw-home/local/config/submit.cfg
iwautoprivate=/usr/iw-home/local/config/autoprivate.cfg
iwlogs=/usr/iw-home/local/logs
iwconfigs=/usr/iw-home/local/config
iweventlog=/var/adm/iwevents.log
iwtracelog=/var/adm/iwtrace.log
iwserverlog=/var/adm/iwserver.log
iwdeploylog=/usr/iw-home/local/logs/iwdeploy.log
where:
iwbin Specifies the location of TeamSite binaries (by default
/Interwoven/TeamSite/bin).
iwmount Specifies the location of the TeamSite mount point.
iwcgimount Specifies the location of the TeamSite mount point.
iwroles Specifies the directory containing the TeamSite roles files.
iwstore Specifies the location of the TeamSite Content Store.
iwsubmitconfig Specifies the location of the Submit Filtering configuration file.
iwautoprivate Specifies the location of the Autoprivate configuration file.
iwlogs Specifies the directory containing TeamSite logs.
iwconfigs Specifies the default configuration file directory.
iweventlog Specifies the location of the TeamSite event log.
iwtracelog Specifies the location of the TeamSite trace log.
iwserverlog Specifies the location of the TeamSite server log.
iwdeploylog Specifies the location of the deployment log.
49
Managing the TeamSite Server
Note:
" If you change the location of iwmount, you must edit its webserver alias to point to the
new location. In addition, any existing files in /etc/defaultiw* take precedence over
these settings.
" If you change the location of one of the logs and no file with the specified name is
present in the new location, a new file is created.
To check the amount of disk space used by files managed by TeamSite, issue the following
command:
% df -k `cat /etc/defaultiwstore`
Although the mount point contains many virtual copies of files in workareas, staging areas,
and editions, df -k only checks the actual disk space used.
Deleting Editions
To reclaim some disk space, you can delete old editions, which also deletes all files
contained in that edition and all intermediate submissions between publication of editions.
You should be aware that if a file is contained in more than one edition and not all of these
editions are deleted, the file is not deleted; only the pointer to the file in the deleted edition
is deleted. Therefore, you may not save as much space as you anticipate.
The edition and all versions of the files contained within that edition are deleted.
Additionally, all Submit Log entries are transferred to the next most recent edition. If
the edition you have deleted is the newest one, the Submit Log entries are transferred to
the Staging area.
Note: You can also delete editions using the iwrmed CLT as described in the Command-Line
Tools manual.
Metadata Forking
Metadata forking conserves disk space by reducing the number of files whose content is
duplicated throughout the TeamSite Content Store. That is, if you have an old version of a
file in one branch, and an identical version on another branch, the same data may appear
twice in the Content Store. Metadata forking is accomplished by running the iwfsshrink
CLT and results in no user-visible changes to the TeamSite virtual file system (for example,
file histories are not changed).
The iwfsshrink utility must be run while the TeamSite server is running; however,
TeamSite may experience some performance degradation while it is running. Also,
iwfsshrink may not remove all duplicates (for example, it does not remove any duplicates
created by TeamSite users while the utility is running). The iwfsshrink utility should be
run every few months.
3. Optionally, you can pause the operation with the pause option, then restart it with the
run option.
For more details about the iwfsshrink utility, see the Command-Line Tools manual.
51
Managing the TeamSite Server
Alternatively, if you have unused branches in TeamSite, you can delete these branches to
recover disk space. Over time, individual branches take up an increasing amount disk space,
as the number of versions and files on the branch grows. If you do not need any of your old
version history, you can create a new (empty) branch, create a workarea, copy all the old
content into the workarea, then delete the old branch. Exercise extreme caution when
doing this, as all version and metadata information will be irrevocably lost.
This chapter discusses various procedures for managing access to TeamSite, including
assigning user roles, user authentication, and filtering user submissions.
Access Considerations
Access to TeamSite is governed by the following two factors:
" UNIX-related permissions
" TeamSite access privileges
UNIX file permissions control who has access to individual files and directories. UNIX
password authentication is used when logging in to TeamSite. However, TeamSite access
privileges govern who can log in under various roles, and who has access to branches and
workareas. For example, to edit a file in a workarea, a user must both be able to access that
workarea (through TeamSite access privileges), and have permissions for that file and its
parent directory (through UNIX permissions). For a complete list of the TeamSite and
UNIX permissions needed to perform any action in TeamSite, see page 58.
When adding a new user, you need to consider the following three factors:
" Whether the user will have access to the server.
" The role the user will play in your TeamSite operations.
" The content the user will be editing.
If the user does not have access to the TeamSite server, he or she needs to be added as
described on page 55. To decide what TeamSite role best corresponds to the new user’s
role in your organization’s operations, see page 54.
To decide what groups the new users need to belong to and which workareas they need to
access, consider your existing groups and which content and which workareas they can
access. Add new users to the groups that work on the same content that they will be editing,
and they will automatically have access to their workareas and to their content files. If the
new users need their own workarea, create a private or shared workarea, but make sure that
they own or have group-level access to the files that they will be editing. To change
ownership or group access of files, see page 57.
53
Managing TeamSite Access
Set permissions on your files according to the latter consideration. Remember that
permissions cannot be set differently for different workareas. If the permissions for
corresponding files are set differently in different workareas, you will encounter conflicts
when you submit files to the staging area. It is often useful to keep a chart that shows what
users and groups have access to content. This is particularly useful when managing a
complex Web site.
Note: The TeamSite log-in screen accepts passwords up to 14 characters, but other
underlying authentication operating system mechanisms (including /etc/passwd,
PAM, LDAP, and SecureID) may have different policies. The UNIX default password
is a maximum of eight characters.
User Roles
To facilitate workflow and security, TeamSite defines the following four user roles, each
with varying levels of access to TeamSite:
" Master
" Administrator
" Editor
" Author
To determine which role a user should have, consult the following table and find the role
that best fits the user’s work.
Table 2: Roles and Associated Tasks
Author Editor Administrator Master
Owns content Owns workareas Owns branches Owns main branch
Edits and creates files Edits and creates files Edits and creates files Edits and creates files
Receives assignments Assigns files Assigns files Assigns files
Work is approved by Approves and rejects Approves and rejects Approves and rejects
workarea owner work of Authors work of Authors work of Authors
Uses advanced Uses advanced Uses advanced
version management version management version management
features features features
Maintains content of Manages branch Manages entire
workarea content area
Submits files to the Submits files to the Submits files to the
staging area staging area staging area
In addition, Administrators can perform all the functions that Editors can. Master users can
perform all the functions that Administrators and Editors can.
Complete the following procedure to add a user to TeamSite (this procedure will vary if
you store user information in LDAP):
4. Ensure the user has a UNIX username and password. Add the user’s UNIX login name
to the appropriate TeamSite role files.
The following four TeamSite role files are located in the iw-home/conf/roles
directory (this directory may also contain role files for other Interwoven products):
master.uid
admin.uid
editor.uid
author.uid
Each file contains a list of the users who have privileges for that role, one user to a line.
Users can be added to multiple role files, for example, an Editor may also need to log in
as an Author. Master users should be able to log in with any role, therefore, include the
name of each Master user in each .uid file.
TeamSite users’ passwords are the same as their UNIX password.
5. Save and close the modified TeamSite role files.
6. Use the following CLT to ensure TeamSite is reading the modified role files:
% iwreset
The new user can now log in to TeamSite but does not have access to any branches or
workareas.
7. Optionally, add the user to the appropriate UNIX group files or TeamSite group if you
want the user to have access to a shared workarea (see “Group Membership” on
page 64).
55
Managing TeamSite Access
8. Optionally, create a workarea for the user on the subbranch where he or she will be
working (see the ContentCenter Professional online help).
3. Use the following CLT to remove the user from the TeamSite entity database:
% iwuser -d username
To remove the user’s UNIX user account for the TeamSite server:
1. Delete the username from any group to which the user belongs.
2. Remove the user from the /etc/passwd file.
Always consult your system administrator before altering the /etc/passwd file.
Example
% iwckrole admin andre
returns:
YES
To change this setting on an existing main branch, you must use the chown and chgrp
commands to change the ownership of the root directory of the main branch. However, if
you edit the main_owner and main_group lines and then create a new Content Store, the
new settings take effect on the new Content Store. For information about creating a new
Content Store, see the TeamSite Installation Guide.
You can also use a submit filter to automatically change and enforce permissions on files or
directories (see “Configuring Submit Filtering” on page 72).
Note that chmod, chown, and chgrp commands, when used recursively, affect every file in
the directory, whether they need to or not. This may generate excess TeamSite versions.
Instead, target the command using find:
This affects only the necessary files and does not generate unnecessary versions.
57
Managing TeamSite Access
TeamSite Groups
TeamSite also provides managed groups and group membership (referred to as TeamSite
groups) to complement the OS groups that TeamSite uses as groups for sharing branches and
workareas. This feature allows groups other than the OS groups to be specified for sharing.
When a branch is created, the TeamSite group can be entered in the Add Group field. When
a workarea is created and Group is selected for the Sharing field, the TeamSite group can be
entered.
NFS has the limitation of not being able to enumerate more than 16 groups for a user. If
such a group is used for branch or workarea sharing, it gives incorrect permissions.
TeamSite groups can be used in this case.
Refer to the Command-Line Tools Reference for usage information on the iwgroup CLT.
" Branch permissions—A user has branch permissions if he is either the primary owner
of the branch or a parent branch, or if he belongs to the group that owns the branch or a
parent branch. Master users automatically have branch permissions for all branches.
Only Administrators and Master users can have branch permissions.
" Workarea permissions—A user has workarea permissions if he is either the primary
owner of a workarea, or if he belongs to the group that has access to the workarea.
Workarea permissions are usually synonymous with read-write-access to the root
directory of the workarea—the default setting for workarea permissions is 775. If
different permissions are specified for the owner and group, some sections of Table 3
will not apply. If “world” is given read-write-execute permissions, then all users are
considered members of the workarea for those conditions indicated with asterisks (*).
" File permissions—File permissions are UNIX read-write-execute permissions (unless
otherwise specified) to a file.
" Directory permissions—Directory permissions are UNIX read-write permissions
(unless otherwise specified) to a directory.
Not all of these factors apply to every action. TeamSite checks only the factors that apply to
the action being attempted.
Table 3 lists which privileges a user must have in order to perform an action in TeamSite.
To find out whether a user is able to perform a specific action, check the entry for that
action under the user’s role and determine whether or not the specified conditions apply.
All conditions listed in each box below must apply in order for a user to perform an action,
unless otherwise specified.
Note: TeamSite workflow tasks may require users to perform actions such as editing a
file, submitting it to the staging area, or taking ownership of a group task. To
perform the task, the user must have the ability to perform the action as specified in
the following table. For example, if you assign a task that requires an Author to edit
a file, the Author must have workarea permissions, parent directory permissions,
and file permissions for that file as specified in the table.
59
Managing TeamSite Access
61
Managing TeamSite Access
63
Managing TeamSite Access
3. The ability to rename or move a file only applies to files that are not already write-locked. If the file is write-locked,
then only the lock owner can rename it. A file cannot be renamed with the name of a file that is locked. If an Author
renames or moves a file, the renamed or moved version of the file are assigned to him.
4. For Authors and Editors, the ability to delete a file only applies to files that are not already write-locked. If the file is
write-locked, then only the lock owner can delete it.
5. Authors can delete files through ContentCenter only.
6. If an Author copies a file, the copied version of the file will be assigned to him.
7. The ability to lock a file only applies to files that are not already locked.
8. Authors can lock files through ContentCenter only.
9. Authors cannot submit files directly. All work done by Authors must go through an approval process prior to
submission. The approver must have the ability to submit files.
Group Membership
Many workareas are shared by groups. For users to have access to a particular workarea,
they must either be the owner of the workarea or a member of the workarea’s group.
TeamSite uses UNIX groups for access control; it also uses TeamSite groups as described on
page 58. The UNIX groups can be managed with standard UNIX commands.
To create a group:
1. Open the /etc/group file in a text editor.
2. Add a new line to the file using the following format:
groupname:*:gid:username1,username2,username3
For example, the entry for the group allauthors might look like this:
allauthors:*:2000:pat,andre,chris
Example
In this example, user Chris changes the group for one of the workareas on the sales
subbranch. First, he navigates into the directory containing the workareas. Then, he looks at
the existing workareas and learns that Andre has two workareas, one private (andre1) and
one shared with the group demoauthor (andre2). Chris has one private workarea (wa1). He
uses the chgrp command to change the group on his workarea, then checks the results.
After this change, all members of the group demoauthor can access all files and directories
in the andre2 and wa1 workareas.
% cd /.iwmnt/default/main/sales/WORKAREA
% ls -la
total 3
drwxrwxr-x 27 andre nobody 512 Apr 23 17:07 andre1
drwxrwxr-x 3 andre demoauthor 512 Apr 17 11:52 andre2
drwxrwxr-x 2 chris nobody 512 Apr 17 11:37 wa1
Webserver UID
The webserver uid setting should be set to any uid that allows the web server to see the web
content as an outside viewer would see it, in order for users to be able to preview the Web
site like any external user would.Specify a single user ID. Because many external browsers
access the web server as nobody, this is used as the default.To improve security, you are
encouraged to change your web server to another user other than nobody and change the
value of webserver_uid. To change the web server uid setting, edit the webserver_uid line
in the [iwserver] section of iw.cfg. If iw.cfg does not contain this line, add it as shown
below:
[iwserver]
webserver_uid=nobody
Group Remapping
This option provides a workaround for a limitation of NFS. When NFS checks the group
that can access a file against the groups that a user belongs to, it only checks the first sixteen
groups that the user belongs to. Therefore, if the group on the file is the seventeenth (or
higher) group that the user belongs to, NFS will incorrectly deny the user access to the file
(this applies only to operations performed through the file system).
65
Managing TeamSite Access
the file. To find the file’s true gid, use the File > File Properties menu item in TeamSite or
the iwattrib CLT.
[iwserver]
map_secondary_to_primary_gid=yes
Workarea Access
By default, the workarea root file system permissions override any subdirectory permissions
(mask_workarea_access=yes). To set different permissions on subdirectories within your
workarea and disable access to the workarea root directory, set this option to no.
[iwserver]
mask_workarea_access=no
Permissions on the workarea root directory affect only this directory rather than the entire
tree.
You can configure TeamSite to not display the names of branches and workareas in the
TeamSite GUIs if the user does not have read permissions by editing the branch_security
and workarea_security lines in the section of iw.cfg as follows:
[iwserver]
branch_security=on
workarea_security=on
When editor_publish=no, the New Edition link does not display in the ContentCenter
Professional branches view for users logged in as Editors.
Default Permissions
You can configure the default permissions for branches, workareas, directories, and files
created using ContentCenter. Permissions on files created through the file system interface
are determined by your file system interface configuration (for example, the Samba
configuration).
To change the permissions, edit any or all of the four permission lines in the [iwserver]
section of iw.cfg to specify the octal values of the default permission bits for newly created
branches, workareas, directories, and files. The default settings are as follows:
[iwserver]
branch_default_perm=775
workarea_default_perm=775
file_default_perm=664
directory_default_perm=775
The new settings only apply to branches, workareas, directories, and files created after you
have edited these lines and run iwreset.
Authentication
Authentication involves determining whether users can access TeamSite resources. Methods
for doing this are described in this section.
User Authentication
TeamSite can be configured to authenticate users by the following methods:
" LDAP—Users’ credentials are passed to an LDAP server for verification. This requires
an external LDAP server which can also be used for TeamSite role authentication.
" External file—Users’ credentials are checked against a customer-specified file that is in
the same format as /etc/passwd or a shadow password file. The file name is specified in
the [authentication] section of iw.cfg using the password_file=fileName
parameter.
" Local—Users’ credentials are passed to the Solaris user authentication. If there is a
shadow password file, it is used to verify the credentials. If no shadow password file is
available, use the /etc/passwd file (this is the default method).
" Pluggable authentication modules (PAM)—Users’ credentials are passed to a PAM for
verification (Solaris 2.7 or later).
Complete the following procedure to specify the type of authentication used by TeamSite:
1. Add the following line to the [authentication] section of iw.cfg:
authenticate_by=mode
67
Managing TeamSite Access
You can separate multiple entries by commas or spaces, and you can specify precedence.
For example, if you specify authenticate_by = file pam, the file is checked first.
If this check fails, pam is checked next.
When TeamSite roles are stored in LDAP, it is not possible to use multiple
authentication methods: the authenticate_by parameter must be set to only ldap.
2. If ldap is specified in step 1, add the following lines to the [authentication] section
of iw.cfg:
ldap_server=ldap-server
ldap_port=ldap-port
ldap_dnbase=search-base-location
ldap_key=key
ldap_ssl_port=ssl-port
ldap_cafile=cafile-location
where:
! ldap_server is the name or IP address of the LDAP server
! ldap_port is the port for the LDAP server (optional; the default value is 389)
! search-base-location is the specification of DN base location according to
LDAP search syntax (for example, ldap_dnbase=ou=people,o=example.com)
! key is the name of the LDAP attribute that holds the user account names (optional;
the default value is uid).
Note: When user authentication is done using LDAP, the communication between
TeamSite and the LDAP server may optionally use SSL. This requires setting the
last two parameters.
! ssl-port is the port that the LDAP server uses to communicate when SSL is in use.
This is assumed to be port 636.
! cafile-location specifies the location of your CA certificate database file. This
file is expected to be in Netscape “cert7” format. A default “cert7.db file” that
contains the certifications for a variety of Certification Authorities is found in the
TeamSite installation in the directory iw-home\tools\db\netscape\cert7.db.
Note: If you are using LDAP, you must reset the TeamSite server with the iwreset
command after you make changes to the LDAP database. This command causes the
TeamSite server to replace existing user information in its local cache with new
data from the LDAP server.
Every LDAP directory has a schema that describes the objects and attributes that are found
in the directory. For example, you could have an object called user and an attribute
postaladdress. To configure TeamSite to perform user and role authentication, you can
either modify an existing attribute to represent TeamSite roles or create a new one.
Complete the following procedure to use your LDAP database to authenticate TeamSite
roles:
1. Add the following line to the [authentication] section:
ldap_roles=role-attribute-name
where role-attribute-name is the attribute name from the LDAP schema that stores
TeamSite roles.
2. If file is specified as one of the possible authentication modes (that is the
[authentication] section contains the line authenticate_by=file), add the
following line:
password_file=absolute-path-to-file
4. Your LDAP administrator can now assign TeamSite roles to users configured in your
LDAP server using the server’s administration tools.
69
Managing TeamSite Access
Complete the following procedure to generate a new encryption key for user
authentication information.
1. Log in to TeamSite as root.
2. Have all end users log out of TeamSite.
TeamSite does not allow users to easily resume interrupted sessions. Therefore, you
should not run iwsessionkeygen while end users are working. If you do run
iwsessionkeygen while end users are working, these users may experience a variety of
errors (for example, failure to connect to the TeamSite server or invalid session
strings).
3. Run the iwsessionkeygen CLT.
All users will need to log in again to continue working in any TeamSite interface.
For example, to specify that TeamSite instead use the lines in /etc/pam.conf that also
control the telnet program, edit the pam_service line in iw.cfg so that it reads as
follows:
[authentication]
pam_service=telnet
The format of /etc/pam.conf is described in detail in the pam.conf(4) man page. You
should configure TeamSite with its own entries in /etc/pam.conf using the service name
teamsite (or whatever service name you specify for pam_service in iw.cfg). Only the
auth and account modules in /etc/pam.conf are used for TeamSite authentication. If no
entries are present for TeamSite in /etc/pam.conf, PAM uses whatever settings are
specified for the other service. Note that this scenario is not recommended.
On Solaris 2.7 or later, the following lines in /etc/pam.conf produce behavior equivalent
to the traditional TeamSite authentication method:
teamsite auth required /usr/lib/security/pam_unix.so.1
teamsite account required /usr/lib/security/pam_unix.so.1
Note: TeamSite is tested with the pam_ldap and pam_unix modules that ship with Solaris
8. No other testing or certification of any vendor's PAM modules is performed. If
you want to use PAM with TeamSite, you should do a proof-of-concept to verify
that the particular PAM module will work satisfactorily with TeamSite in your
environment.
where:
" DistinguishedName specifies the Distinguished Name of the LDAP user account to be
used for LDAP searches. Note that this is not a simple account name, but a complete
Distinguished Name (DN) for a user. For example:
ldap_account=cn=TeamSite,cn=Users,ou=myCompany,c=us.
71
Managing TeamSite Access
" password specifies the clear text password of the LDAP user account that matches
ldap_account.
Note: The user name and password are in clear text, so it is important to limit who has
read permission for iw.cfg. You can change the account name and password at any
time. The changes take effect the next time the server is restarted or reset.
You can explicitly specify domain controller that should be used for a particular domain.
[iwserver]
domain_list=domain1, domain2:domain_controllerA, domain3
In this example, the primary domain controller would be used for first and third domains,
while domain_controllerA would be used for the second domain.
case-sensitive = [yes|no]
rules
{
workarea1_pattern
{
file_pattern1 { action1 action2 ... }
file_pattern2 { action3 action4 ...
...
}
workarea2_pattern
{
file_pattern3 { action5 action6 ... }
file_pattern4 { action7 action8 ... }
...
}
...
}
where:
" The case-sensitive statement specifies whether or not the rules matching should
ignore the case of the path names. If case-sensitive is not specified, the value is assumed
to be yes, so that rules matching does not ignore the case of the path names.
" workarea#_pattern is used to match a workarea to the set of file rules to apply when a
submit is done from that workarea. Each pattern can only be specified once, and the
first match is used. For Solaris, the syntax of the pattern is regex(5) (extended syntax).
For AIX, use the POSIX 1003.2 extended regular expression syntax. For more
information on regular expressions, consult a reference manual such as Mastering Regular
Expressions, by Jeffrey Friedl, or read the man page (Solaris only):
% man -s 5 regex
The match is done against the path name of the workarea, starting with /default/
main.
" file_pattern# is used to match a file or directory to the set of actions to perform on it
when it is submitted. Each file or directory pattern can only be specified once, and the
first match is used. The syntax of the pattern is regex(5) (extended syntax) for Solaris,
or the POSIX 1003.2 extended regular expression syntax for AIX.
The match is done against the path name of the file or directory relative to the
workarea.
" action# is one of:
uid=name
gid=name
perm=octal number
amask=octal number
omask=octal number
expand_rcs_macros=[yes|no] (see page 77)
and specifies the operation to perform on the file or directory being submitted. uid=,
gid=, and perm= specify new values for these attributes. amask= specifies a bit mask to
“and” to the existing mode of the file or directory. omask= specifies a bit mask to “or”
with the existing mode of the file or directory.
73
Managing TeamSite Access
4. If a match is found, the server performs the specified set of actions (defined in
submit.cfg) to the file or directory in the workarea.
5. The server submits the transformed files and directories to the staging area.
Note:
" Only the first match is applied. That is, the first match is used if multiple rules match
the file or directory. The submit.cfg file should be ordered so that the most specific
workarea patterns are closer to the top and the most specific file patterns are earlier in
each section. You may need to duplicate some actions for them to apply to multiple
rules.
" For purposes of matching, the path name of a directory must end in a slash (/).
" Single or double quotes around patterns are optional, but they must be used around
workarea and file patterns that contain spaces or the following special characters:
#, {, }, =, or ,.
Backslashes (\) are special characters when used within patterns surrounded by quotes;
a backslash followed by any character is replaced by the single character. For example,
to embed a single quote, double quote, or backslash in a pattern, precede the character
with a backslash (\', \", or \\). Backslashes are not special characters in patterns that
are not quoted.
" Do not specify duplicate workarea patterns multiple times, duplicate file patterns
multiple times within a workarea section, or the same action multiple times within a file
rule.
" Because of client-side attribute caching, the modes, uid, and gid may not reflect the
changes in the workarea immediately after a submit. The correct attributes are displayed
after a sufficient time-out interval (usually about 30 seconds).
" You cannot change the permissions for a symbolic link. The perm, amask, and omask
actions are not performed on a submitted symbolic link. The uid and gid actions are
performed on a submitted link, not on the actual file.
" The permission values must be specified as an octal number (starting with a 0), between
0 and 0777.
" Changes to submit.cfg do not take effect until the server is restarted or until you use
iwreset.
would return:
Matched area pattern "^/default/main/WORKAREA/.*$"
Matched file pattern ".*\.sh$"
Actions to do are:
omask=0111
Matched area pattern and Matched file pattern are the case-insensitive regular
expressions found in submit.cfg that match the workarea and file. Actions to do are the
actions (specified in submit.cfg) that will be applied to the file.
Refer to the TeamSite Command-Line Tools manual for more information about this CLT.
You can also get debugging information on the submit handling configuration printed to
iwtrace.log by adding the following line to the [server] section of iw.cfg:
[server]
debug_event_handler=yes
75
Managing TeamSite Access
To use the macro facility, you must add new rules to the submit.cfg configuration file (see
page 74), then manually insert the macros into files in your workarea. When the files are
submitted, the TeamSite server replaces the macros with the appropriate information, and
rewrites the file in your workarea and the staging area.
Available Macros
The macros are a subset of those used in RCS (called keywords in the RCS documentation).
The following description is taken from the UNIX co(1) man page, modified for TeamSite
semantics.
Strings of the form $keyword$ and $keyword:...$ embedded in the text are replaced with
strings of the form $keyword:value$ where keyword and value are pairs listed below.
Keywords can be embedded in literal strings or comments to identify a revision.
Initially, the user enters strings of the form $keyword$. On submit, the server replaces
these strings with strings of the form $keyword:value$. On subsequent submits, the value
fields will be replaced automatically with updated values.
The following keywords (macros) and their corresponding values are recognized by
TeamSite:
" $Author$—The login name of the user who last modified the file. This is a standard
RCS keyword and does not refer to the TeamSite Author role.
" $Date$—The date and time the file was last modified.
" $Header$—A standard header containing the path name of the file, the revision string,
the date and time, the author. The path is relative to the area root.
" $Id$—Same as $Header$, except that the filename does not include the path.
" $Log$—The comment supplied during submit, preceded by a header containing the
filename, the revision string, the date and time when the file was last modified, and the
author. The comment is either the submit comment supplied for the individual file or, if
this is empty, the comment supplied for the all the files associated with the submit.
Existing log messages are not replaced. Instead, the new log message is inserted after
$Log:...$. This is useful for accumulating a complete change log in a file.
Each inserted line is prefixed by the string that prefixes the $Log$ line. For example, if
the $Log$ line is // $Log:tan.cc $, RCS prefixes each line of the log with //. This is
useful for languages with comments that go to the end of the line. The convention for
other languages is to use a * prefix inside a multiline comment. For example, the initial
log comment of a C program is conventionally of the following form:
/*
* $Log$
*/
" $Revision$—The
revision string.
" $Source$—The pathname of the file, relative to the root directory of the area.
" $Locker$
" $Name$
" $RCSfile$
" $State$
$ \044
\ \\
CASE-SENSITIVE = YES
RULES
{
"." # any workarea
{
".*\.[ch]$" { gid=iw, expand_rcs_macros=yes }
# files ending in .c or .h
".*" { gid=iw } # all other files/directories
}
}
77
Managing TeamSite Access
The Interwoven Search function allows users to search common document types and data
records from TeamSite. Users can search for text within a file or for values specified by
metadata. Users enter search criteria using the search user interface from ContentCenter;
refer to the online help for details. CLTs are also available for system administrators to
perform queries and to set up index and search functionality; refer to the Command-Line Tools
Reference.
Search Overview
The primary uses for Interwove search are to:
" Find files for viewing, editing, copying, and tagging.
" Find outdated files for removal.
" Find files for reuse.
" Find files for reporting purposes (regulation and auditing compliance).
" Find files for recovery purposes (restore older versions of deleted files).
The Interwoven Search function is made up of two parts—the index manager and the search
manager. The index manager controls the indexing of content. The search manager
performs queries on indices and returns the results to the user. Both the index manager and
the search manager use agents, which are processes that access the search engine for either
indexing or querying documents. The index manager also uses a document cracker that
cracks a file or a data record and provides metadata and full-search content on the
document. TeamSite CLTs are used to issue commands to either the index manager and the
search manager. The ContentCenter interfaces communicate with the search manager to
request searches and to view the search results.
Note: Within files, you may find references to index server or search service or search
server. These terms are used interchangeably with index manager and search
manager.
79
Configuring Interwoven Search
TeamSite
Search Index
Manager Manager
Indexing Branches
When a new TeamSite branch is to be indexed, the branch can be indexed in two ways.
" The branch may be specified in the iwsearch_home/etc/branches.cfg file and then
the index manager may be started. The index manager picks up the branch name during
startup time and indexes the branch.
" The branch can be specified in a CLT that specifies to the index manager that the
relevant branch that is to be indexed.
Whenever a branch that is specified to the index manager to be indexed has been
successfully indexed, the index manager creates a collection of data and indices about the
documents in the branch that is optimized for subsequent searching.
In addition to indexing an entire branch, the index manager also has a listener that listens to
any submit event on a previously indexed branch. When a user submits a set of files through
TeamSite, the index manager recognizes that a submission has occurred and instructs the
indexing to occur on that set of files. Indexing can be tuned based on a set of parameters in
the iwsearch_home/etc/search.properties file.
When an index manager is shut down, relevant information about all the branches that it has
indexed is stored in a file. When the index manager subsequently comes back up, it sets the
appropriate context by reading the information from this file.
Searching Branches
A ContentCenter user issues a search query. This query is sent to the search server. Results
are returned to the ContentCenter screen, arranged in relevancy order determined by the
search engine.
A CLT can also be used to issue a query. Queries are written in XML format and may be
saved in a file. The name of the file is provided with a CLT flag. Refer to the Command-Line
Tool Reference for details on using CLTs for queries.
Deleting Branches
When a TeamSite branch has to be deleted, you need to issue the appropriate index server
CLTs so that the collections maintained by the index server for that branch are handled
correctly.
To purge the branch’s collection from the index manager and from the disk, issue the
iwndxpurgebr CLT for that branch. Otherwise, issue the iwndxrmbr CLT to remove the
collection from the index manager. Refer to the Command-Line Tools Reference for an
explanation of the differences between the two CLTs.
After issuing one of these CLTs, you can delete the branch from TeamSite. Refer to page 99
for troubleshooting information if collections or branches are not deleted correctly.
This section shows the configuration parameters in each area and describes the information
that can be modified.
Generic Configuration
This section identifies the TeamSite server. It is normally set by the installation program.
However, if your TeamSite server changes, you need to modify this section.
81
Configuring Interwoven Search
######################################################################
# Generic configuration items (common for index server and search)
######################################################################
# TeamSite host
iw.teamsite.server.host=_IW_TS_HOST_NAME_
When an agent fails to respond to a command from its server, the server automatically
restarts it. However, if the agent has a persistent problem, it can go through rapid restarts,
which can slow the system down. To limit this behavior, you can specify the number of
times the server is allowed to restart its agent within a specific time period. If the restart
limit is exceeded, the server takes the agent out of operation, which is called taking the
agent offline. Once an agent has been taken offline, the only way to start it is to restart the
server.
####################################
# Generic agent configuration items
####################################
iw.agent.windows.systemroot=c:\\winnt
# The agent log files are in agentlogs subdir of the log directory and are
# named agent_<agent_pid>.log.
iw.agent.logs.agentlogs.enable=false
Change the value for iw.index.server.port to reflect your actual TCP port. This is the
TCP port that the index manager monitors for API requests, such as requests from CLTs
and the user interface.
The three threadpool settings are used to tune the index manager behavior in terms of
processing API requests. You probably do not need to change these values.
You need to specify the value for java.naming.provider.url. Do not change the other
values in the JMS producer details section.
The session pooling parameters control the number of connections open to TeamSite. The
iw.index.scipool.max parameter specifies the maximum number of connections that can
be opened. The iw.index.scipool.warm parameter specifies the number of connections
that are always open, whether or not they are used. The other two parameters are
placeholders and should not be adjusted.
The iw.index.binaryextension parameter is used to indicate types of files that will not
have the content indexed. For example, graphics files do not have content that can be
indexed. Any metadata set for these files will, however, be indexed. See page 97 for more
details.
You can control the number of times the index manager attempts to listen to the TeamSite
Event Subsystem before giving up using the iw.index.events.listen.attempts
83
Configuring Interwoven Search
parameter. You can also specify the number of seconds the index manager waits between
attempts to listen to the TeamSite Event Subsystem using the
iw.index.events.listen.wait parameter.
######################################################################
# Index server configuration
######################################################################
# Server configuration
iw.index.server.port=_IW_INDEX_PORT_
iw.index.server.threadpool.maxthreads=50
iw.index.server.threadpool.warmthreads=10
iw.index.server.threadpool.keepalivetime=60000
TopicConnectionFactory=JmsTopicConnectionFactory
iw.index.topic.1=Interwoven
#iw.index.topic.2=TeamSite_System
iw.index.events.listen.attempts=10
# Optimal wait time before received events are processed (in minutes)
iw.index.optimalWaitMins=1
The iw.index.agent.mainport parameter specifies the TCP port number on which the
index manager listens to its agent. This connection is used by the index manager to dispatch
commands to its agents. The iw.index.agent.callbackport parameter specifies the TCP
port on which the index manager listens to its agents for a callback connection. The callback
connection is used by the agents to send their log messages to the server.
The iw.index.agent.idxdir parameter sets the directory on the index manager server
that holds the indexes for all branches.
######################################################################
# Index agent configuration
######################################################################
# Port number on which index server listens for connections from its
agents
iw.index.agent.mainport=_IW_INDEX_AGENT_MAIN_PORT_
# Port number on which index server listens for callbacks from its agents
iw.index.agent.callbackport=_IW_INDEX_AGENT_CALLBACK_PORT_
85
Configuring Interwoven Search
Change the value for iw.search.server.port to reflect your actual TCP port. This is the
TCP port that the search manager monitors for API requests, such as requests from CLTs
and the user interface.
The search manager uses a pool of worker threads for servicing client requests. Each client
connection, whether from a CLT or the user interface, is served by its own worker thread.
When the search manager starts, it creates threads specified by the value of the
iw.search.server.threadpool.warmthreads parameter. If a new client connection is
made and none of these threads is available to service the connection, a new thread is
created, thus growing the thread pool.
When a thread has been idle for longer than the millisecond time out specified by the value
of the iw.search.server.threadpool.keepalivetime parameter, it is terminated by
the server to conserve resources. If iw.search.server.threadpool.keepalivetime is set
to a value of -1, the threads are never reclaimed.
When a user issues a query, it is valid for the number of minutes specified by the
iw.search.query.validity.mins parameter. This means the user can use the query ID
issued with each query to scan the results of the query. After the time specified, the query
must be reissued. This parameter is reserved for future enhancements and does not
currently impact queries.
Change the value for the iw.index.server.host parameter if the index manager is on a
different host computer than the search manager.
You can modify the cache configuration. The raw cache contains the results of a query as
they are retrieved. Post-processing filters the results from the raw cache and writes the
results to the processed cache until enough results are found to return the first page of
results. The value for iw.search.cache.raw.validity.mins should be the same as the
value for iw.search.query.validity.mins. The values for
iw.search.cache.raw.entries.capacity and iw.search.cache.raw.entries.grace
are used to control the total number of queries kept in the system and the extra capacity that
can be used when managing the number of queries. For example, the default settings
indicate 100 queries are kept in the system, but that number can go to 110 (10 grace
queries) and then 10 queries would be deleted at one time to return to the 100-query
capacity. This is more efficient than deleting one extra query at a time. The
iw.search.cache.processed.size parameter specifies the size of the processed cache.
The session pooling parameters control the number of connections open to TeamSite. The
iw.search.scipool.max parameter specifies the maximum number of connections that
can be opened. The iw.search.scipool.warm parameter specifies the number of
connections that are open, whether they are used or not. The other two parameters are
placeholders and should not be adjusted. The value for iw.search.scipool.max should be
less than half the value of iw.search.server.threadpool.maxthreads, but should not
generally exceed 25 for the best performance.
######################################################################
# Search server configuration
######################################################################
iw.search.server.port=_IW_SEARCH_PORT_
iw.search.server.threadpool.maxthreads=50
iw.search.server.threadpool.warmthreads=10
iw.search.server.threadpool.keepalivetime=60000
iw.search.query.validity.mins=240
iw.search.query.maxOpenQueriesPerUser=2
# tweaks how long requests wait for an agent before failing due to
# high system load.
iw.search.query.maxAgentTries=5
iw.search.query.agentRetryTimeoutMillis=2000
#Cache configuration
#Raw cache
iw.search.cache.raw.entries.capacity=100
iw.search.cache.raw.entries.grace=10
iw.search.cache.raw.validity.mins=240
#Processed cache
iw.search.cache.processed.size=100
87
Configuring Interwoven Search
The iw.search.agent.mainport parameter specifies the TCP port on which the search
manager listens to its agents. This connection is used by the search manager to dispatch
commands to its agents. The iw.search.agent.callbackport parameter specifies the
TCP port on which the search manager listens to its agents for a callback connection. The
callback connection is used by the agents to send their log messages to the server.
The iw.search.agent.idxdir parameter sets the directory on the search manager that
holds the indexes for all branches.
######################################################################
# Search Agent configuration
######################################################################
iw.search.agent.count=10
# Port number on which search server listens for connections from its
# agents
iw.search.agent.mainport=_IW_SEARCH_AGENT_MAIN_PORT_
# Port number on which search server listens for callbacks from its agents
iw.search.agent.callbackport=_IW_SEARCH_AGENT_CALLBACK_PORT_
Logging Configuration
The logging configuration refers to both the index manager and the search manager. The
first part of the value for the log4j.logger.com.interwoven parameter specifies the log
level for the server. The set of possible log levels are in increasing order of verbosity are
FATAL, ERROR, WARN, INFO, and DEBUG. Normally, the server should be run with the log
level of INFO. You can control the maximum log file size using
log4j.appender.mainLogger.MaxFileSize and specify the number of archived or
backup log files using log4j.appender.mainLogger.MaxBackupIndex. The other logging
configuration settings should normally not be modified.
#######################################################
# Logging configuration
#######################################################
log4j.rootLogger=WARN, stdout
log4j.logger.com.interwoven=INFO, mainLogger
log4j.additivity.com.interwoven=false
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=%5p [%t] (%F:%L) - %m%n
# Logger configuration
log4j.appender.mainLogger=org.apache.log4j.RollingFileAppender
log4j.appender.mainLogger.MaxFileSize=1000KB
log4j.appender.mainLogger.MaxBackupIndex=1
log4j.appender.mainLogger.layout=org.apache.log4j.PatternLayout
log4j.appender.mainLogger.layout.ConversionPattern=[%d{DATE}] %p %c (%t)
- %m%n
In addition to these extended and templating attributes that are defined in the field mapping
configuration file, there are a set of attributes and file properties that will always be
indexed. These are defined in an internal standard field mapping configuration file. The
StandardFields schema (http://www.interwoven.com/products/teamsite/search/
config/StandardFields.xsd) defines these fields and they cannot be changed.
The templates element contains a template element for each FormsPublisher template
used. The template element includes a templateType element that identifies the
FormsPublisher template (or form). The fields within the form that will be indexed are
identified in the templatingFields element, which contains one or more
templatingField elements. Each templatingField element contains a xpath element
and a fieldSpecification element. The templatingField element defines a mapping
from the xpath of a templating entry to the field definition that is used to store it.
89
Configuring Interwoven Search
The value for a zone name must be a valid XML name; it cannot have spaces. Names are
character insensitive. They can consist of all alphabetic characters (upper and lower case),
numeric characters, the dash (-), the underscore character (_), or the number sign (#).
<fieldSpecification>
<fieldName>TeamSite/Metadata/Launch Date</fieldName>
<fieldType>date</fieldType>
<formatString>yyyy-MM-dd</formatString>
<fieldStorage>CustomDate1</fieldStorage>
</fieldSpecification>
y year
M Month (in numeric form)
d Day in month
a|p AM or PM marker
h Hour
m Minute
The following examples show how Index Manager interprets the date and time patterns.
91
Configuring Interwoven Search
<templates>
<!-- Examples of configuring 'iwov' style templates -->
<template>
The templates section <templateType>intranet/weather</templateType>
begins by defining
intranet/weather.
<templatingFields>
<templatingField>
<xpath>/Announcement</xpath>
<fieldSpecification>
<fieldName>Announcement</fieldName>
<fieldType>string</fieldType>
<fieldStorage>zone:WeatherAnnouncement</fieldStorage>
</fieldSpecification>
</templatingField>
</templatingFields>
</template>
<template>
This section defines <templateType>internet/yacht</templateType>
internet/yacht. <templatingFields>
<!-- An Example of configuring int fields -->
<templatingField>
<xpath>/General Info/Length</xpath>
<fieldSpecification>
<fieldName>YachtLength</fieldName>
<fieldType>int</fieldType>
<fieldStorage>CustomInt1</fieldStorage>
</fieldSpecification>
</templatingField>
</templatingFields>
</template>
<template>
Another template <templateType>internet/auction</templateType>
category and type.
It defines
<templatingFields>
internet/auction. <!-- An Example of configuring float fields -->
<templatingField>
<xpath>/Minimum Bid Amount</xpath>
<fieldSpecification>
<fieldName>MinBidAmount</fieldName>
<fieldType>float</fieldType>
<fieldStorage>CustomFloat1</fieldStorage>
</fieldSpecification>
</templatingField>
</templatingFields>
</template>
<template>
<!-- An example of configuring all instances of replicants -->
This element defines <templateType>internet/careers</templateType>
internet/careers. <templatingFields>
<templatingField>
<xpath>/Responsibilities List</xpath>
<fieldSpecification>
<fieldName>Responsibilities</fieldName>
<fieldType>string</fieldType>
<fieldStorage>zone:Responsibilities</fieldStorage>
</fieldSpecification>
</templatingField>
</templatingFields>
</template>
93
Configuring Interwoven Search
<template>
<!-- An example of configuring a particular replicant instance -->
This section defines
internet/pr. <templateType>internet/pr</templateType>
<templatingFields>
<templatingField>
<xpath>/Story[1]/Section Paragraphs[1]/Paragraphs</xpath>
<fieldSpecification>
<fieldName>FirstStoryParagraph</fieldName>
<fieldType>string</fieldType>
<fieldStorage>zone:FirstStoryParagraph</fieldStorage>
</fieldSpecification>
</templatingField>
</templatingFields>
</template>
95
Configuring Interwoven Search
<field>
<fieldName>BranchId</fieldName>
<fieldType>long</fieldType>
<fieldStorage>BranchId</fieldStorage>
</field>
<field>
<fieldName>OwningAreaId</fieldName>
<fieldType>long</fieldType>
<fieldStorage>OwningAreaId</fieldStorage>
</field>
<field>
<fieldName>LastModifier</fieldName>
<fieldType>string</fieldType>
<fieldStorage>zone:LastModifier</fieldStorage>
</field>
<field>
<fieldName>LastModifiedDate</fieldName>
<fieldType>date</fieldType>
<fieldStorage>LastModifiedDate</fieldStorage>
</field>
<field>
<fieldName>Indexed</fieldName>
<fieldType>int</fieldType>
<fieldStorage>Indexed</fieldStorage>
</field>
<field>
<fieldName>IndexedDate</fieldName>
<fieldType>date</fieldType>
<fieldStorage>IndexedDate</fieldStorage>
</field>
<field>
<fieldName>Size</fieldName>
<fieldType>int</fieldType>
<fieldStorage>FileSize</fieldStorage>
</field>
<!-- Fields returned by Verity -->
<field>
<fieldName>Title</fieldName>
<fieldType>string</fieldType>
<fieldStorage>zone:DocMetadataTitle</fieldStorage>
</field>
<field>
<fieldName>Author</fieldName>
<fieldType>string</fieldType>
<fieldStorage>zone:DocMetadataAuthor</fieldStorage>
</field>
<field>
<fieldName>Keywords</fieldName>
<fieldType>string</fieldType>
<fieldStorage>zone:DocMetadataKeywords</fieldStorage>
</field>
</fileAttributes>
</standardFields>
Only TeamSite EAs (if there are any) and file properties are extracted from most other
types of documents, such as:
" Raster image documents
" Vector graphic documents
" Executable files
" Encapsulation formats
" Sound file formats
" Planning/outline formats
" Scheduling/planning formats
" Movie files
" Animation files
You can specify other types of files for which content is not extracted using the
iw.index.binaryextensions parameter in the search.properties file (see page 83).
97
Configuring Interwoven Search
Using CLTs
CLTs have been created to manage the index and search servers. Refer to the Command-Line
Tools Reference for details on usage.
CLT Description
iwsrchgethome Displays the location of the TeamSite Search home directory.
iwndxmgrfreeze Freezes and unfreezes the index manager.
iwndxmgrstatus Determines the current status of the index manager (active or
frozen).
iwndxmgrstop Shuts down the index manager.
iwndxstatus Displays the index status for branches.
iwndxlistbr Lists all the indexed branches.
iwdxpurgebr Removes the index collection associated with the branch.
iwndxaddbr Adds a branch to be indexed by the index manager.
iwndxrmbr Removes a branch so it is no longer indexed by the index manager.
iwndxfreezebr Freezes or unfreezes a branch that is being indexed by the index
manager.
iwndxrefreshbr Reindex the branch using either the bulk or incremental queue.
iwndxregsrchsvr Register a search server with the index manager.
iwsrchndxstatus Displays the index status for branches from the search server.
iwsrchquery Returns the first page of the query output in XML format.
iwsrchgetpage Displays a page of results from a previously performed query.
iwsrchmgrstop Shuts down the search server.
iwsrchmgrping Pings the search server.
iwsrchndxstatuschg Notifies the search server of changes in the index manager status.
iwsrchattrib Displays a list of field specifications for indexed attributes.
Troubleshooting
The following topics provide additional information you may need regarding index and
search functionality.
Deleted Edition
If you delete the initial edition of a branch or the last indexed edition of a branch, indexing
of further assets on the branch cannot be done. You may obtain the last indexed edition of a
branch by using one of the Index Manager CLTs that provides the detailed branch status.
If you delete the last edition of a branch before the index server has started indexing it, you
need to create a new edition; doing so ensures that the indexing of assets on the branch
work when the index server starts indexing it.
Deleted Branches
If a TeamSite branch was deleted without issuing the iwndxpurgebr CLT or the iwndxrmbr
CLT on that branch (see page 81), perform the following steps to clean the state of the
index server and search server for that branch:
1. Issue the iwndxstatus -a CLT to list information about all the branches the index
server knows about, including the deleted branch. From this list find the vpath of the
deleted branch exactly as it appears.
2. To purge the collection for the deleted branch from disk, issue the iwndxpurgebr CLT
and provide the branch vpath exactly as it appeared in the iwndxstatus output. Alter-
nately, issue the iwndxrmbr CLT and provide the branch vpath exactly as it appeared in
the iwndxstatus output.
These CLTs may issue an error message indicating that the specified branch does not
exist in TeamSite, but they will clean the state of the index server.
99
Configuring Interwoven Search
Error Messages
This section provides index manager and server manager error codes.
101
Configuring Interwoven Search
TeamSite metadata capture enables TeamSite users to add metadata information to files.
Metadata is a structured way to describe data in your files allowing you to organize and
manage it.
103
Configuring Metadata Capture
End users can access information describing a field by clicking on the question mark next to
the field name.
In addition to the convenience of having a default metadata capture form, the form is easy to
modify to reflect the categorization of metadata in your organization.
The following diagram shows how these components work together. Sections following the
diagram explain each diagram step and component in detail.
105
Configuring Metadata Capture
metadata-rules.cfg datacapture.cfg
References Defines rule sets for
datacapture.cfg capturing data
Maps vpaths to rule sets
(Server Side) (Server Side)
2 2
5 5
Browser iwmetadata.cgi
1 (1)
Job Specification
" Reads configuration File
Displays Tagger files
GUI metadata " Generates forms Can run metadata
entry form 3 " Checks validity of end- capture using
user data via rule sets <cgitask> element
" Follows rules to add
metadata to specific files
(Client Side) 4 " Signals successor
tasks (WF only)
(7) (Server Side)
iw-store
Diagram Key
1. The metadata CGI receives a list containing the names of the files that can have metadata
added to them. The list can come from an instantiated job (if metadata capture is
initiated from a job) or from the browser (if initiated from a TeamSite user interface).
2. The metadata CGI reads both configuration files (metadata-rules.cfg and
datacapture.cfg) to determine what information it should display in the Tagger GUI.
It makes this determination on a per-file basis, so that the entry form can contain
different prompts and actions for different files.
3. The metadata CGI displays the Tagger GUI on the client system.
4. An end-user enters and submits the data using the metadata entry form and the
metadata CGI.
5. The metadata CGI consults the rules in both configuration files to verify the validity of
the data entered by the user. If the data does not meet all necessary criteria, notification
is sent to the user so that data can be re-entered.
6. If the data meets all necessary criteria, the metadata CGI adds the new metadata (in the
form of TeamSite extended attributes) to the specified files. The metadata CGI
interfaces directly with the Content Store to update the files with the new metadata.
7. If metadata capture was initiated from a job, the metadata CGI notifies the workflow
subsystem, which starts successor task 0 (zero) as defined in the job specification file.
The metadata that has been set for a file populates the same fields in the Tagger GUI in
which it was originally entered.
" Using the iwextattr CLT as described in the TeamSite Command-Line Tools manual. You
can use this CLT to get a specific value, or all a list of all the attributes for the file.
You can deploy these extended attributes to a database using Interwoven DataDeploy. The
deployment can be manual, or automatic using Database Auto-Synchronization (DAS). See
the DataDeploy Administration Guide for more information.
107
Configuring Metadata Capture
<metadata-rules>
<cond vpath-regex="."> Vpath Identifier
<rule name="Default Rule" /> Rule Identifier
</cond>
</metadata-rules>
Notes:
<metadata-rules>
<cond vpath-regex="^/default/main/syndication"> Vpath Identifier1
<rule name="Default" /> Rule Identifiers2
<rule name="Syndication" />
<cond vpath-regex="\.pdf$"> Vpath Identifier3
<rule name="PDF Files" /> Rule Identifier4
</cond>
<cond vpath-regex="\.doc$"> Vpath Identifier5
<rule name="MS Word Files" /> Rule Identifier6
</cond>
</cond>
Notes:
" Vpath Identifier1—Files on the/syndication branch always receive the rules named in
the following subelements.
" Rule Identifier2—The Default and Syndication rules defined in datacapture.cfg
always apply to the /main/syndication branch.
" Vpath Identifier3—Files ending in .pdf on the /main/syndication branch receive
rules in addition to those defined by Default and Syndication.
" Rule Identifier4—The PDF Files rule defined in datacapture.cfg applies to files
ending in .pdf on the /main/syndication branch.
" Vpath Identifier5—Files ending in .doc on the /main/syndication branch receive
rules in addition to those defined by Default and Syndication.
" Rule Identifier6—The MS Word Files rule defined in datacapture.cfg applies to
files ending in .doc on the /main/syndication branch.
" Vpath Identifier7—The /main/www branch always receives the rules named in the
following subelements.
" Rule Identifier8—The Default and Web Content rules defined in datacapture.cfg
apply to the /main/www branch.
109
Configuring Metadata Capture
" Vpath Identifier9—Files ending in .html on the /main/www branch receive rules in
addition to those defined by Default and Web Content.
" Rule Identifies10—The HTML Files rule defined in datacapture.cfg apply to files
ending in .html on the /main/www branch.
" Vpath Identifier11—Files ending in .html in the pr directory on the /main/www branch
receive rules in addition to those defined by Default and Web Content.
" Rule Identifies12—The PR rule defined in datacapture.cfg applies to files ending in
.html in the pr directory on the /main/www branch.
" Vpath Identifier13—Files ending in .html in the corp directory on the /main/www
branch receive rules in addition to those defined by Default and Web Content.
" Rule Identifiers14—The Corporate rule defined in datacapture.cfg applies to files
ending in .html in the corp directory on the /main/www branch.
Rules contain items, where each item is a single set of data that is to be captured from the
end-user. An item consists of one or more instances. Each instance encapsulates how to
capture the data for the item, and each instance defines an ACL that determines which (if
any) instance a particular user is allowed to use to enter the data.
The metadata capture form is a data capture template (DCT) that is configured specifically
for metadata capture. The data capture subsystem that generates the metadata capture form
is the same subsystem that generates data capture templates for FormsPublisher. A major
difference between the two implementations is the location of the datacapture.cfg file.
FormsPublisher relies on multiple datacapture.cfg files (one for each data type), while
metadata capture relies on a single datacapture.cfg file (in iw-home/local/config).
See “Setting Up Data Capture Templates” in the FormsPublisher Developer’s Guide for a
complete explanation of datacapture.cfg files, including annotated examples and
explanations of elements and attributes. Even though the examples in the
FormsPublisher Developer’s Guide are specific to FormsPublisher, they are a useful reference for
configuring datacapture.cfg for metadata capture.
The datacapture.cfg file uses the following DTD (it is also installed by the TeamSite
installation program in iw-home/local/config/). The datacapture.cfg files must have
been created using metadatacapture6.0.dtd.
111
Configuring Metadata Capture
<!--The form of this element is exactly the same as that for the callout
element in datacapture.4.0.dtd. -->
<!ELEMENT cgi-callout EMPTY>
<!ATTLIST cgi-callout
label CDATA #REQUIRED
url CDATA #REQUIRED
window-features CDATA #IMPLIED
>
<select>
<inline command="command name" />
</select>
runs the "blah" callout program, and that program returns this text:
<substitution>
<option label="ABC" />
<option label="123" />
<option label="Jackson 5" />
</substitution>
then the DCT snippet will, after callout execution and inline
substitution, look like:
<select>
<option label="ABC" />
<option label="123" />
<option label="Jackson 5" />
</select>
-->
<!ELEMENT inline EMPTY>
<!ATTLIST inline
command CDATA #REQUIRED
>
113
Configuring Metadata Capture
International Encoding
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE data-capture-requirements SYSTEM "metadatacapture6.0.dtd">
Rules contain "items"; one item is a single (set of) data that is
to be captured from the end user. An item consists of one or more
"instances". Each instance encapsulates how to capture the data
for the item, and each instance defines an ACL that determines which
(if any) instance a particular user is allowed to use to enter the
data. Instances are text, textarea, radio, checkbox, select, and
replicant.
<item name="Keywords">
<description>
Keywords can include terms that are not in the asset itself.
</description>
<database data-type="VARCHAR(100)" />
<text required="f" size="32" maxlength="60" />
</item>
<item name="Description">
<description> Description Element
A brief summary of 250 characters or less.
</description>
<database data-type="VARCHAR(100)" />
<textarea required="f" rows="5" cols="72" wrap="virtual"
maxlength="250" />
</item>
</view>
115
Configuring Metadata Capture
Notes:
! data-format describes the format if date or time is specified for the data-type
attribute (see the DATE datatype description that follows). If a value for data-
format is specified, the instance should contain a validation regex to force a valid
entry in the field (see the validation-regex description that follows).
In this example, deploy-column would be the first attribute if it were set. Seeing as it is
not, all input for this item is deployed to a database column. Next, the searchable
attribute is specified as "t"; however, because this is the default value for the
attribute, searchable does not need to be included. Following searchable is
data-type, here specifying the input to be stored as a string. If date or time is set as the
value for the data-type, a data-format attribute should end the element.
" Instance (text)—The optional <text> element controls the length of text entry fields in
metadata capture and search forms. It also controls whether an end-user is required to
enter text in a field. If the datatype is date or time and a format has been specified, it is
best to include a validation-regex to force users to input data in the correct format
(see the validation-regex description that follows). In this example the user is
required enter a string between one and 60 characters in the text field. The data entered
for this item is stored in the database as VARCHAR and is searchable.
" Description—The <description> element is used to provide the information that
displays when a user clicks on the question mark next to a field on a form.
" DATE datatype—If the datatype is set to date or time, you should specify a
data-format and include a validation. Because there are many formats for date and
time, specifying a format forces the user to enter data in that format and reduces the
chance of user error. The value for data-format can be any valid Java format for a date
or time.
" validation-regex—The user can be forced to enter a date or time in the format you
specify by including a validation regex. The value for the validation-regex attribute
must match the format specified in for data-format. The regex in this example
specifies the range of digits that can be entered for yyyy-mm-dd and that dashes must
separate year, month and day. The following table shows validation regex examples for
several supported datatypes.
117
Configuring Metadata Capture
The <database> and <text> elements shown in the table are subelements of the
<item> element. Some regex lines are wrapped due to page constraints. You should
enter them all on one line in your configuration file.
INT Allows any integer up to 7 digits. This example assumes that you want to
store data as integers, not dollars and cents.
<database data-type="INT" />
<text maxlength="7"
validation-regex="^[0-9]\{0,\}$" />
REAL Allows any decimal up to 8 digits (including decimal). The regex allows 0
or more digits, followed by a decimal point, followed by zero or more
digits.
<database data-type="REAL" />
<text required="t" maxlength="8"
validation-regex="^[0-9]\{0,\}\.[0-9]\{0,\}$" />
If users encounter an error with the Tagger GUI, an error message tells them to contact
their system administrator. The system administrator should check the servletd log file for
more information on the configuration problem.
<item name">
<description>Unit that is responsible for the asset.</description>
<database data-type="VARCHAR(100)" />
<select>
<option label="Administration" value="Admin" />
<option label="Facilities" value="Facilities" />
<option label="Finance" value="Finance" />
<option label="Human Resources" value="HR" />
<option label="Legal" value="Marketing" />
<option label="Marketing" value="Legal" />
<option label="Sales" value="Sales" />
<option label="Systems" value="Systems" />
</select>
</item>
You could also modify the item names or view names to modify these forms for your use.
For more extensive form design, refer to the FormsPublisher Developer’s Guide for guidance.
119
Configuring Metadata Capture
121
Configuring Metadata Capture
The following sections describe the configuration settings for the TeamSite web daemon and
the TeamSite proxy server. They begin with an overview of each of these features, and then
are followed by sections on specific configuration settings.
Each time a request is made through the TeamSite proxy server, the following sections of
iw.cfg are processed as shown in the following graphic. More than one rule may be applied
to a request. As a URL gets rewritten by a rule, the rewritten URL is passed to the next
123
Configuring the TeamSite Web Daemon and Proxy Server
section. The first rule that matches in any section prevails; no other rules in that section are
applied.
iwproxy_hostheader_remap
See Host Header Remappings.
No
Can the rewritten path iwproxy_failover_remap
be found? See Configuring Proxy Failover.
Yes Sends the rewritten path to be
reprocessed.
where:
" customer_webserver_host is the host name of the content Web server. The value
must be set to the host name of the Web server that serves the content of your Web
sites.
" iwproxy_host specifies the host where the TeamSite proxy daemon runs. Usually this is
the TeamSite server.
" iwproxy_port is the port on which the TeamSite proxy server operates. It should be set
to an open port value.
" customer_webserver_port is the port through which the TeamSite proxy server
communicates with the Web server. It must be set to the value of the port used by the
Web server.
The settings in the [iwproxy] section are set during the TeamSite installation. They can be
manually edited if necessary.
Note: The proxy server does not allow you to remap the document root directory for
Content Store branches other than the default Content Store.
Links in HTML documents are often specified with relative or absolute path names. For
example, in a link to an image, the file name might appear as:
/images/miles.gif
125
Configuring the TeamSite Web Daemon and Proxy Server
On a typical Web server, this link reference would be mapped by the Web server to its
document root, for example:
/images/miles.gif /usr/httpd/images/miles.gif
All users that attempt to access the file using the absolute path name are mapped to the same
file location on the Web server.
However, TeamSite supports a system of private workareas, giving each user access to the
Web site’s files from within their own personal, virtual version of the Web site. TeamSite
uses a proxy server to manage mapping of files to workareas with relative and absolute path
references. Using the previous example, the TeamSite proxy server enables all users
attempting to access /images/miles.gif from within TeamSite to be mapped to the copy
of miles.gif in their own workareas. The redirected mapping would look like:
/images/pic.gif /iw-mount/default/main/branchpath/WORKAREA/workarea
name/images/miles.gif
Document Roots
TeamSite maps the initial Web server directory structure (the document root) of workareas to
the top level of the workarea directory by default. You may, however, want to move the
document root, or group types of files together for improved clarity, convenience, or
efficiency. On a branch-by-branch basis, the TeamSite proxy server allows you to remap the
document root anywhere within the workarea directory. It also allows you to define
mappings directly to subdirectories within workareas.
Note: The proxy server does not allow you to remap the document root directory for
Content Store branches other than the default Content Store.
Document roots are defined in the [iwproxy_remap] section of iw.cfg. The default
setting is as follows:
[iwproxy_remap]
global_default_map=/
Note that iw.cfg also contains a section called [global_default_map]. There must be a
corresponding section for each parameter defined in the [iwproxy_remap] section.
1. For each branch that you want to configure, add a line to the [iwproxy_remap] section
of iw.cfg as follows:
[iwproxy_remap]
configSectionName=vpath
where configSectionName is the name of the section of the configuration file that
defines the branch remappings, and vpath is the vpath to the branch you are
configuring.
2. For each line that you added to [iwproxy_remap] section, create a section in iw.cfg
named [configSectionName].
3. Add a line to this new section that defines the document root:
_docroot=dirpath
[iwproxy_remap]
branchrewrite_1=/main
branchrewrite_2=/main/training
The first line of tells TeamSite to use the section [branchrewrite_1] to set the document
root configuration for the /main branch. The second line tells TeamSite to use the
[branchrewrite_2] section to set the document root configuration for the
/main/training branch.
You would then create two new sections in iw.cfg corresponding to the lines in
[iwproxy_remap]:
[branchrewrite_1]
_docroot=/htdocs
/pictures/=/pictures/
/html/=/html/
[branchrewrite_2]
_docroot=/htdocs
/images/=/images/
Note that the first line of both the new sections contains _docroot=/htdocs. This defines a
special directive that sets the mapping of the document root. Any requests from workareas
on the main branch or the main/training branch to the root level directory (/) now start
at:
.../workareaname/htdocs/
Thus, the request for file /miles.gif will now be mapped to:
.../workareaname/htdocs/miles.gif
The two docroot configuration sections also contain lines similar to the following:
/pictures/=/pictures/
127
Configuring the TeamSite Web Daemon and Proxy Server
This line maps file requests directly to the listed directory /pictures/, bypassing the
document root defined in the first line. Thus, a request for the file /pictures/mingus.gif
gets mapped to:
.../workareaname/pictures/mingus.gif
not:
.../workareaname/htdocs/pictures/mingus.gif
The TeamSite proxy server operates using literal string matches and substitutions in path
names. To avoid inadvertently rewriting names, always use trailing slashes in your remap
definitions.
Note: Do not use trailing slashes in your remap definitions for _docroot directories.
Therefore, if you use fully qualified URLs to reference pages within your own Web site,
clicking on these links will take you out of the in-context view of the current workarea,
staging area, or edition and into your own currently deployed Web site. To solve this
problem, TeamSite enables you to configure your proxy server to redirect fully qualified
links within your Web site, then pass them to the regular proxy server to ensure the
integrity of the in-context view in a workarea, staging area, or edition.
Note: Only configure this setting if your Web site uses fully qualified URLs that you need
to view in-context. This setting requires you to manually configure your browser,
so that you cannot view the actual Web site without reconfiguring your browser.
This also slows the TeamSite server by sending every request through iwwebd and
iwproxy.
_regex=source_regex=dest_ex
[iwproxy_fullproxy_redirect]
enabled=yes
_regex=http://www(\.example\.com)?/(.*)=/$2
enables the feature and redirects links that specify http://www.example.com in the URL
and sends them to the corresponding location in the current TeamSite area.
Note: If your iw.cfg file’s [iwwebd] section defines the host as host=hostname.domain,
and your browser's proxy server is set to hostname.domain:port, when you start
TeamSite, you must enter http://hostname.domain/iw/ in your browser rather
than http://hostname/iw/.
Continue the configuration by completing the procedures described in the next sections.
The TeamSite web daemon can be used as a proxy server to connect to any outside address
and access content. You can create a regex in the [iwproxy_fullproxy_redirect]
section of iw.cfg to disable this functionality. Refer to the
[iwproxy_fullproxy_redirect] section of iw.cfg.example for details.
Internet Explorer
129
Configuring the TeamSite Web Daemon and Proxy Server
6. Type the http-port specified in the [iwwebd] section of iw.cfg (for example, 80) in
the Port section.
7. Click OK.
5. In the Exceptions field, enter the URLs that you want to access without using the proxy
server.
6. Click OK.
Using iwproxy_preconnect_remap
To configure TeamSite to redirect workarea views and retain your original area as the
current working area (as described in the first bullet), edit the
[iwproxy_preconnect_remap] section of iw.cfg as follows:
[iwproxy_preconnect_remap]
_regex=source_regex=dest_ex
For example:
_regex=(.*)/branch1/WORKAREA/[^/]+/products/(.*)=$1/branch2/
STAGING/products/$2
tells the proxy server to remap the products directory of any workarea on any branch
named branch1 to the products directory of the staging area on its sister branch, branch2.
In the source regular expression, (.*) is used to specify an arbitrary path, and $1 in the
destination expression means that it must follow the same path (and therefore branch1 can
be anywhere in the branch structure, but branch2 is a sister branch of branch1). Also in the
source regular expression, [^/]+ is used to specify a single directory level, of any name
(which in this case would be the workarea name, and therefore all workareas on branch1
are specified). Finally, the source regular expression uses (.*) to specify another arbitrary
path, and $2 in the destination expression tells it to follow the same path.
131
Configuring the TeamSite Web Daemon and Proxy Server
You can also specify the exact location of the areas you want to remap:
_regex=^/
iw-mount/default/main/branch1/WORKAREA/[^/]+/products/(.*)=/
iw-mount/default/main/branch2/STAGING/products/$1
_regex=^/
iw-mount/default/main/dev/branch1/WORKAREA/andre/coolstuff/(.*)=/
iw-mount/default/main/branch2/STAGING/coolstuff/$1
The TeamSite proxy server applies the first match it finds, so you can exclude a particular
area from a more general rule by creating a separate rule for that area and placing it before
the more general rule. For example:
_regex=(.*)/branch1/WORKAREA/chris/products/(.*)=$1/branch1/
STAGING/products/$2
_regex=(.*)/branch1/WORKAREA/[^/]+/products/(.*)=$1/branch2/
STAGING/products/$2
remaps the products directory in all workareas on branch1 except for Chris’s to the
staging area of branch2.
See “Configuring Proxy Failover” on page 136 for more details about configuration rule
precedence.
Using iwproxy_preconnect_redirect
To configure TeamSite to redirect workarea views and cause the area you redirect into to
become the current working area (as described in the second bullet on page 131), edit the
[iwproxy_preconnect_redirect] section of iw.cfg:
[iwproxy_preconnect_redirect]
_regex=source_regex=dest_ex
[iwproxy_preconnect_remap]
_regex=source_regex=dest_ex
where source_regex is a case-insensitive regular expression describing the area and files to
be served by the other Web server, and dest_ex is an expression describing the area and
files on the other Web server. This expression must include the port number.
For this to work properly, the other Web server must have the appropriate NFS TeamSite
directory mounts and privileges. The Web server alias used by httpd on port 1234 of
test1.example.com must be configured with the TeamSite alias as well (/iw-mount/).
The following example would allow Andre to test all CGIs in his workarea on
test1.example.com, as previously described:
[iwproxy_preconnect_remap]
_regex=^/iw-mount/default/main/branch1/WORKAREA/andre/(.*)\.cgi
(\?.*)?$=http://test1.example.com:1234/iw-mount/default/main/branch1/
WORKAREA/andre/$1.cgi$2
133
Configuring the TeamSite Web Daemon and Proxy Server
Using iwproxy_preconnect_remap
To configure TeamSite to redirect workarea views to external Web servers, edit the
[iwproxy_preconnect_remap] section of iw.cfg as follows:
[iwproxy_preconnect_remap]
_regex=source_regex=dest_ex
sends all requests for files in the /logos directory in all workareas on branch1 to another
server, corporateidserver.example.com.
Using iwproxy_external_remap
You can also use [iwproxy_external_remap] rules for external remappings, although
[iwproxy_preconnect_remap] is the preferred methodology.
For example, if all your corporate logo files reside on a separate server, you can use
[iwproxy_external_remap] to create a mapping to the directory where they reside:
[iwproxy_external_remap]
/logos/=http://corporateidserver.example.com/logos/
This remapping sends all requests for /logos/ to a directory on another server,
corporateidserver.example.com/logos/. You can also create associations using
case-insensitive regular expression mapping.
_regex=^/iw-mount/default/main/branch1/WORKAREA/.*=example.com:1234
will change the Host: header that the source server gets from the TeamSite proxy server to
read:
Host: example.com:1234
" All users should be able to read any document on the intranet, except for files in the
/hr/ directory, which require specific read access.
" All users should be able to read any document on the internet site.
" For all other branches, iwproxy should check to ensure the current user has read access.
[iwproxy_access_control_enabled]
_default=yes
_regex=^/iw-mount/dc/main/intranet/(((WORKAREA|EDITION)/[^/)]+)|STAGING)/hr/=yes
_regex=^/iw-mount/dc/main/intranet/(((WORKAREA|EDITION)/[^/]+)|STAGING)/=no
_regex=^/iw-mount/dc/main/www%20external/(((WORKAREA|EDITION)/[^/]+)|STAGING)/=no
135
Configuring the TeamSite Web Daemon and Proxy Server
After installing the necessary redirector module as described on as described in the TeamSite
Installation Guide, you can configure TeamSite to remap SSI requests by adding or modifying
the [iwproxy_plugin_remap] section of iw.cfg. In the following example, any SSI
request containing the string /forms/ is mapped to
/iw-mount/default/main/Branch2/STAGING/forms instead of being referred to the root
of the user’s workarea:
[iwproxy_plugin_remap]
_regex=(.*)/forms/(.*)=/iw-mount/default/main/Branch2/STAGING/forms/$2
If you want to debug regular expressions, set the value for _debug in the
[iwproxy_plugin_remap] section to true. On NES and Apache, debugging information is
stored in the Web server error log file. This log file can grow extremely large over time.
No
iwproxy_preconnect_remap
iwproxy_hostheader_remap
iwproxy_smartcontextedit_allowed
Yes
[iwproxy_failover_remap]
_maxfail=#
_regex=source_regex=dest_ex
_regex=source_regex=dest_ex
To specify the number of times to try to remap a URL, edit the _maxfail line of the
[iwproxy_failover_remap] section of iw.cfg. The default value of this line is
_maxfail=0, which turns off proxy failover. Note that proxy failover is seldom needed
because files are almost always in locations that can be specified using static, case-insensitive
regular expressions during configuration. If you need to enable proxy failover, it is
137
Configuring the TeamSite Web Daemon and Proxy Server
recommended that you do not set _maxfail to more than 1 or 2 due to the impact on
system performance.
_regex lines in the [iwproxy_failover_remap] section follow the same syntax as _regex
lines specified in the [iwproxy_preconnect_remap] section of iw.cfg, where
source_regex is a case-insensitive regular expression describing the area to be mapped
from, and dest_ex is an expression describing the area to be mapped to. For examples of
_regex syntax, see “Resolving Relative and Absolute Paths” on page 125.
iwproxy returns debug output which you can redirect to a file. Note that the iwproxy
debug mode is single-threaded; it therefore slows the TeamSite server down significantly.
Use the debug mode for diagnostic purposes only.
One common source of proxy configuration problems is the inclusion of any character or
blank space past the end of a branch name in any line in any [iwproxy*] section in iw.cfg.
For example, the following line in the [iwproxy_remap] section is illegal because it
contains blank spaces and characters after the branch name:
[iwproxy-remap]
tag_engspecs=/main/engspecs #This is the engineering spec site
Backing Up TeamSite
Your TeamSite Content Stores represent a tremendous investment in resources and are a
valuable corporate asset. As such, they should be backed up daily, or even more frequently,
to minimize the possibility of damaged or lost data. Any third-party backup solution that can
guarantee exact time and state directory content recovery can be used.
If the available backup method is efficient and inexpensive (compared to the value of the
data being protected), the TeamSite workareas can also be backed up to allow users to
139
Backing Up TeamSite
recover individual files or directories from their workareas, rather than having to recover
the entire Content Store. This is a very convenient feature for users, but can come at a
relatively high price in terms of extra time and space needed for these redundant backups.
Although the virtual files which comprise much of TeamSite’s file system mount (/iwmnt)
take up no extra space on the TeamSite server, if the actual TeamSite workareas are backed
up, the virtual files in the workareas will be treated as actual files and will take up space in
the backup media.
You must freeze the TeamSite Content Store (with the iwfreeze command) while you are
backing up your Content Stores or workareas. Failure to freeze the Content Store while you
are backing up can result in possible data loss and corruption. For details about the
iwfreeze CLT, refer to the Command-Line Tools manual for your platform.
Note: If you are using multiple Content Stores, you can back up each store independently.
The iw-store directory should be backed up if you have in-progress workflows or
batch jobs that you do not want to lose. You can freeze and unfreeze the workflow
store just like any other store, but you cannot move it outside of iw-store.
Backing up workareas alone is not a substitute for backing up the TeamSite Content Store. If
you only back up the files that appear in the TeamSite file system mount, you will lose
important metadata such as version histories and file status. Always back up the actual
TeamSite Content Store whether or not you back up individual workareas.
To determine your optimal backup strategy, you must analyze the trade-offs of convenience
and speed in backing up versus simplicity and speed of restoration, and decide what best
suits your needs. A strategy using a single full backup and an indefinite string of
incrementals is optimized for backup speed, but the amount of time required to perform a
full recover of the Content Store grows with each passing day as a new incremental is added
to the list. Every backup must be preserved to be able to recover the Content Store. One
benefit of this method is that a complete daily record of the Content Store will be
preserved.
The opposite extreme is to perform a full backup every day. Each backup will take the
maximum amount of time to perform, but only one recover needs to be done to completely
recreate the Content Store. If you only preserve the previous day’s backup, no history of the
Content Store will be retained, but the amount of storage space used by the backups is
minimized.
141
Backing Up TeamSite
The following files contain information about your TeamSite server configuration:
Table 4: Functions of Configuration Files
Configuration File Function
/etc/defaultiwhome Describes the location of the TeamSite
application software. The default
location is /usr/iw-home.
/etc/defaultiwstore Describes the location of the TeamSite
Content Store directory. The default
location is /usr/iw-store.
/etc/defaultiwmount Describes the location of the TeamSite
virtual mount point. The default
location is /iwmnt.
/etc/defaultiwlog Describes the location of the
iwserver.log file. The default
location is /var/adm/iwserver.log.
/etc/defaultiwelog Describes the location of the
iwevents.log file. The default
location is /var/adm/iwevents.log.
/etc/defaultiwtrace Describes the location of the
iwtrace.log file. The default
location is /var/adm/iwtrace.log.
iw-home/etc/iw.cfg (default location—see Contains various parameters necessary
“Location of iw.cfg” on page 144 for more for the operation of TeamSite, as
information) described in the Chapter 3,
“Configuring the TeamSite Server.”
iw-home/iw-samba/lib/iw.smb.conf Contains Samba configuration.
iw-home/local/config/submit.cfg Specifies all file permissions that are
automatically changed at submit time.
iw-home/local/config/autoprivate.cfg Specifies what types of files are
automatically marked private.
143
TeamSite Configuration File Reference
The locations of many of these files can be changed (see See “File Locations” on page 49).
Location of iw.cfg
If iw.cfg does not exist in the default location, TeamSite looks for it in the following
locations, in the following order:
" /etc/iw.cfg
" iw-home/config/iw.cfg
" iw-home/local/etc/iw.cfg
" iw-home/etc/iw.cfg
If iw.cfg is not found in any of these places, TeamSite assumes the default values for
iw.cfg settings.
145
TeamSite Configuration File Reference
Configuring Reporting
TeamSite Reporting integrates with Crystal Enterprises to allow you to run standard
reports and to create additional reports. When TeamSite Reporting is installed, users of
ContentCenter Professional have a Reporting tab that provides access to available reports
and displays the results of requested reports.
Refer to the TeamSite Installation Guide for details on installing TeamSite Reporting.
Reporting Overview
TeamSite Reporting obtains information from the Event Subsystem (page 33). Information
is stored in a relational database and can be read by Crystal Enterprises software to obtain
reporting information.
147
Configuring Reporting
Event
subsystem
TeamSite
Report
Module
RDBMS TSReport
or
flat file
Reporting
Messaging RDBMS
UI
library
Event
Proxy Crystal
Enterprises
The new messaging library provides TeamSite with a reliable method of publishing events.
This library exports a write/read interface, which can be used by event publishers and
subscribers. The TeamSite server uses the message library to write events and the new
proxy service reads such events and propagates them to the Interwoven Event Subsystem.
The Teamsite report server subscribes to events published by the TeamSite core server
engine, the workflow engine, and the templating engine. On receiving events from the
Interwoven Event Subsystem, the report server archives these events into the reporting
database. In some cases, the report server will query the engine that generated the event
for additional information. Some examples of this are:
" Query the core server for all files submitted as part of a submit event.
" Query the workflow engine for all files associated with a task.
To query on workflow events, modify the iw.cfg file so jobs are not deleted from the
content store when they complete, as follows:
[workflow]
delete_jobs_on_complete=false
The Teamsite report server archives the event-related information into a relational database
provided by the customer. The report server adheres to the JDBC standard while accessing
and modifying a database. The reporting service supports the following databases:
Oracle 8i, Oracle 9i, MS SQL Server 2000 and IBM DB2 8.1. The database schema should
be created prior to starting the TeamSite report server. The necessary DDL scripts will be
provided with the reporting server package.
This section shows complete file and then describes the configuration parameters in each
area and specifies the information to be modified. Most of the information in this file is
entered during the installation. You should make generally make changes to this file using
the iwconfigtsreport CLT.
<?xml version="1.0" encoding="UTF-8" ?>
<configuration>
<License key="_LICENSE_KEY_"/>
<!-- ********************** Logging ******************************** -->
<Logging>
<!-- See org.apache.log4j.xml.DOMConfigurator for more details -->
<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/" >
<appender name="tsreport" class="org.apache.log4j.FileAppender">
<param name="File" value="_IWLOGDIR_/tsreport.log" />
<layout class="org.apache.log4j.PatternLayout">
<param name="ConversionPattern"
value="%d{HH:mm:ss.SSS} %-5p [%t] - %m\n"/>
</layout>
</appender>
<root>
<priority value="ERROR"/>
<appender-ref ref="tsreport"/>
</root>
<category name="com.interwoven">
<priority value="INFO"/>
<appender-ref ref="tsreport"/>
</category>
</log4j:configuration>
</Logging>
149
Configuring Reporting
Product>
<param name="type" value="teamsite" />
<param name="name" value="Product : TeamSite" />
<param name="ref-id" value="1" />
<param name="database-id" value="42" />
<!-- I picked 42 as an arbitrary number -->
</Product>
License key
The license key is added to this file during installation. If you do not have the license key
when you install TeamSite, rerun the reporting installation module.
Logging
The <param> element describes where the log file is written; the directory where the file is
located may be changed during installation.
The <priority> element within the <category> element can be changed to reflect the
level of debugging. The levels of debugging are ERROR, WARN, INFO, and DEBUG. Refer to
http://logging.apache.org/log4j/docs/ for details.
Database
The installation software enters this information into this file.
" The <poolsize> element describes the number of threads to connect to the database;
leave this at one.
" The <driver> element refers to the database driver required.
" The <URL> element is the URL connect string.
" The <user> element refers to the database user. During installation, you are also asked
for this user’s password; it is stored in a different file.
CSSDK
If the report server is being run under an account other than root, you must also add the
user and role. The user account under which the reporting server is running must be in the
TeamSite roles file with sufficient privileges.
" The <poolsize> element describes the number of threads to connect to the database;
leave this at one.
" The <server> element identifies the server where TeamSite is running.
" The <configfile> element provides the location of the configuration file.
" The <locale> element identifies the language of the server.
Product
This section is currently a placeholder for future release; you do not need to make changes.
Receiver
This section should be manually edited. You need to specify values for the <param> element
named Reportable Extended Attributes at the end of the file. Replace key, key1, and
key2 with the names of extended attributes to be reported on. Add additional value
elements as needed. If the EAs in metadata.cfg are to be reported on, the full name
should be specified, such as TeamSite/Metadata/EAName. Restart the report server.
151
Configuring Reporting
Archived Events
The following server events are archived in the reporting database.
The following user events are archived in the reporting database. The events SetEA through
DestroyFSE are only available when turned on by iwat scripts as described in the TeamSite
Command-Line Reference.
153
Configuring Reporting
Database Schema
The iw-home/tsreport/conf/ddl/tables.xml schema lists the available tables in
reporting.
<?xml version="1.0"?>
<!--A reference xml file listing all tables involved in the reporting
module -->
<database>
<schema name="teamsite_report_schema">
<table name="EventsSummary"/>
<table name="WFEventsSummary"/>
<table name="Files"/>
<table name="FileVersions"/>
<table name="WFTaskEventComments"/>
<table name="ExtendedAttributes"/>
<table name="VersionedFileEAs"/>
<table name="DataCaptureTemplates"/>
<table name="report5_view"/>
<table name="report6_view"/>
</schema>
</database>
Every table has a schema that describes the columns. Most of the columns are self-
explanatory and use basic data types as described in the schema. All tables in the reporting
database schema have an ID column. This column is used to uniquely identify a row in each
table. This ID is globally unique across the entire schema. The ID column is also the primary
key in each case.
For example, the following code from a schema describes the FileVersions table. Each row
in this table represents a particular version of a file or directory in Teamsite. Each time a
submit event is generated, each file associated with the submit is entered as one row in this
table.
- <table name="FileVersions">
<attribute name="ID" type="char(40)" not_null="true" />
<attribute name="EventID" type="char(40)" not_null="true" />
<attribute name="SubmitType" type="varchar(32)" not_null="true" />
<attribute name="FileID" type="char(40)" not_null="true" />
<attribute name="FileType" type="varchar(32)" not_null="true" />
<attribute name="LastModifier" type="varchar(32)" not_null="true" />
<attribute name="ContentModificationTime" type="datetime"
not_null="true" />
<attribute name="AttributeModificationTime" type="datetime"
not_null="true" />
<attribute name="Comments" type="blob" not_null="false" />
<attribute name="Version" type="varchar(255)" not_null="true" />
<attribute name="DctId" type="char(40)" not_null="false" />
<attribute name="DcrId" type="char(40)" not_null="false" />
</table>
This table has four columns that serve as foreign keys indexing into the other reporting
tables (as illustrated in Figure 14):
Each database type has its own schema. The schemas are located in the iw-home/tsreport/
conf/ddl directory and are named: db2_schema, mssql.xml, mysql_schema.xml, and
oracle_schema.xml. Except for the attributes and values for the <jdbc> element, the files
are identical.
The other reports defined in the tables.xml schema are described here and the mapping
relationships are illustrated in Figure 14:
155
Configuring Reporting
Events_Summary
Data Capture Templates
PK ID
PK ID
Event_Name
Event_Type Category
Time Stamp Type
UserID
Role FileVersions
Server
Backing Store PK ID
Store
Branch Time stamp Files
Area Submit Type
Freeze Duration FK1 File ID PK ID
File Path 1 Version
File Path 2 File Type Directory Path
Owner FK2 Dct ID Name
Comments FK4 Dcr ID Server
Edition FK3,FK5 Event ID Store
Object ID Last Modifier Branch
FseType Content Change Time
RevertType Attribute Change Time
Versioned File EAs
WFEvents_Summary PK ID
157
Configuring Reporting
Database Drivers
The Crystal Enterprise server must have the appropriate database client drivers installed and
configured. Because Crystal Enterprise accesses the TeamSite Events database when
rendering the TeamSite reports, the Crystal Enterprise server must be configured
appropriately to have access to this database. For example, it may be required to have an
ODBC System DSN entry referring to the TeamSite events database on a Crystal Enterprise
server. In the case of Oracle, it may be required to install an Oracle client with the
appropriate TNS setup on the Crystal Enterprise server. Please refer to the Crystal Enterprise
Administrative Guide and the appropriate database manuals for details.
Reports on Crystal Enterprise have Crystal-proprietary ACLs associated with them. For a
user to view a TeamSite report, the users should have “View on Demand” rights granted to
them on the reports (or the folder that contains these reports).
Clicking the ContentCenter Logout link will also log the user out of Crystal Enterprise if
the user has logged into reporting during the TeamSite session. Only the session created
within ContentCenter is logged out. Crystal Enterprise sessions in other windows,
including those pointed to the Crystal Enterprise user interface, are not affected.
Troubleshooting
This section contains troubleshooting issues related to reporting.
159
Configuring Reporting
Restarting Reporting
If the server containing the reporting database files goes down or is rebooted, the link
between Reporting and the database file is broken. Check the log files to determine whether
the link is broken. If it is, you must restart TeamSite Reporting after bringing the server
back up.
TeamSite now includes a configuration file called file_encoding.cfg that enables you to
create rules to determine the character encoding of the contents of files that do not specify
their encoding. The file_encoding.cfg file (located by default in iw-home/local/
config) uses an XML-based language called regex_map. The regex_map format is designed
to be structured enough for maintainability, and extensible so that the same format may be
used in future configuration files. This file contains a <regex_map> element, which contains
rules to map vpaths (directory paths) to the character encoding specification of file
contents.
For TeamSite to correctly interpret a text document, it is necessary to know the character
encoding in which its contents are represented. Unlike an HTML document that can declare
the encoding of its contents using an <HTTP META="Content-Type" CONTENT="text/
html; charset=charsetname"> tag, a plain text file has no mechanism for storing this
information. The encoding is required for certain TeamSite functionality including
VisualPreview and the Source Differencing and Interwoven Merge tools.
In previous releases, VisualPreview relied on the Content-Type header from the content
Web server to specify the encoding of plain text files. This required you to configure the
encoding at your content Web server which may limit flexibility and scalability. By default,
the Source Differencing and Interwoven Merge tools assumed that text files are encoded in
ISO-8859-1, which is not suitable for content in eastern Asian languages.
The sections that follow describe the regex_map language, and how it is used to specify the
character encodings of text files used by TeamSite.
regex_map Defined
A regex_map is a filter that transforms a set of input variable values into a set of output
variable values through a set of rules written in XML using the following form:
161
Specifying Content Encoding
Input Variables
var1 = "original value1"
var2 = "original value2"
regex_map
<regex_map>
<match .../>
<subst .../>
<subst .../>
<match .../>
</regex_map>
Output Variables
The following regex_map determines the character encoding of TeamSite files. Each
reg_vpath means that a match is to be performed on the vpath variable, and each
val_encoding assigns a result if the match succeeded.
Input Variable
regex_map
<regex_map>
<match reg_vpath= "/web/techsupport/jp/" val_encoding= "Shift_JIS"/>
<match reg_vpath= "\.txt$" val_encoding= "8859_1"/>
<match reg_vpath= ".*" val_encoding= "UTF8"/>
</regex_map>
Output Variable
" All files in the /web/techsupport/jp branch are encoded in Shift-JIS, because their
vpath begins with "/web/techsupport/jp/".
" If the input vpath variable does not contain "/web/techsupport/jp/", the output
encoding variable is set to "UTF8" because ".*" matches any string.
Note that each rule within <regex_map> is evaluated in order, and that the first <match> tag
with a regular expression that matches the input variable vpath is used and subsequent rules
are ignored. Therefore, it is important for the <match reg_vpath= ".*" val_encoding=
"UTF8"/> rule to appear last.
Rule Syntax
Every <subst> or <match> rule expresses the following logical operation:
" If all the regular expressions within this rule match, then perform all of this rule’s
variable assignments; otherwise, ignore this rule and consult the next rule.
Execution terminates when the first <match> rule has been applied, or when there are no
more rules. A <subst> rule that has been satisfied does not terminate execution (unless it is
the last rule).
" The encoding of all files named index_zh_TW.html anywhere in the /web branch is
Big5. There are no exceptions to this rule, so stop processing if it applies.
163
Specifying Content Encoding
When there are no reg_ conditions, the assignment always executes if the rule is
encountered. Any rules that occur after this statement are unused.
The regex_map interpreter uses Perl-Compatible Regular Expressions (PCRE) as its regular
expression engine. The PCRE is similar to the Perl regular expression engine and includes
advanced features such as “lookahead” assertions.
For example, because filenames and URLs are case-insensitive on Microsoft Windows, the
following declaration would be recommended when writing a regex_map for a TeamSite
server on Microsoft Windows:
Variables
Variable names are case-sensitive and must begin with a letter and may contain any sequence
of alphanumeric characters and the underscore character (“_” ). References to any variable
whose value is not set by the application or by rules in the regex_map evaluates to an empty
string.
Application Variables
Any application that uses a regex_map gives it a set of inputs before execution and inspects a
set of output variables when the regex_map processing completes. These input and output
variables are known as application variables.
Intermediate Variables
You may find it helpful to assign intermediate results to your variables in regex_map rules
before arriving at final output values. These intermediate variables can help make a complex
set of rules more manageable by factoring out several separate conditions into one
condensed case. You can then write one rule to act on the condensed case, instead of
repetitively writing the same actions for the individual initial conditions. “Strategies for
Effective regex_maps” on page 169 contains an example of factoring.
Intermediate variables should have names that begin with x_ to avoid conflicts with
application variables that Interwoven may create in the future.
Input Variables
good = "Bon"
my = "mon"
friend = "ami"
regex_map
<regex_map>
<subst val_french="${good}jour"/>
<match val_friend="copain"
val_french="$french, $my $friend!"/>
</regex_map>
Output Variables
good = "Bon"
my = "mon"
friend = "copain"
french = "Bonjour, mon ami"
165
Specifying Content Encoding
" In the second rule, the values of friend and french are taken from the time at which
the rule was encountered. All assignments in a rule appear to occur simultaneously and
do not affect each other.
It is also possible to include just portions of variables. Placing parentheses around portions
of a regular expression applied to varname creates a captured subexpression variable that
can be used when assigning values. The longhand form of a captured subexpression variable
is ${varname:n}, which refers to the string captured by the nth pair of parentheses in
reg_varname.
Note: Pairs of parentheses are numbered according to the order in which their left
parenthesis occurs within the regular expression. Parentheses of the form
(?:some_expression) are used solely for grouping characters in the regular
expression, not for capturing text during matching, and are excluded from the
count.
The shorthand version of a captured subexpression variables is $n. Note that the shorthand
notation can only be used when the variable being modified is the same as the variable from
which the subexpression was captured.
Unlike application and intermediate variables, captured subexpression variables are scoped
to the <subst> or <match> rule that created them. If a captured subexpression variable
needs to be used in a subsequent rule, it should be stored in an intermediate variable.
For example, the pair of rules in the following regex_map makes the assignment
message="regex_maps are awesome maps!" in an inefficient way:
Input Variables
regex_map
<regex_map>
<subst reg_text="This regular expression match fails"
reg_message="some (m[aeiou]ps)"
val_text="so this assignment never occurs..."
val_message="... and the $1 capture is wasted."/>
<subst reg_text="(?:(bloop)|([a-z]+)(!))"
reg_message="(...)ards ((.{4}) (.{4})) with (.*)"
val_message="$1ex_${4} ${text:2} ${message:5}$2${text:3}"/>
</regex_map>
Output Variables
" The second rule does apply, since both of the reg_text and reg_message matches
succeed. The parentheses also capture the text in the strings, resulting in the following
temporary bindings:
${text:1} = empty string
${text:2} = are
${text:3} = !
${message:1} = reg
${message:2} = some maps
${message:3} = some
${message:4} = maps
${message:5} = awe
" Finally, variable interpolation occurs for the val_message assignment. Since the $1,
${4}, and $2 occur in a val_message context, they are treated as shorthand for
${message:1}, ${message:4}, and ${message:2}, respectively. The curly braces for
${4} are optional in this case, and could be used in other situations to clarify where the
variable name ends and literal text begins.
167
Specifying Content Encoding
Quoting
Inside a val_ attribute, dollar signs ($) have special meaning—they mark the start of
captured subexpression names. To force a dollar sign to lose this special meaning (and be
treated as a literal dollar sign), it must be escaped by preceding it with a backslash. Similarly,
a backslash is treated as a special quoting character unless it is escaped by a preceding
backslash.
Input Variable
hello = "Hi"
regex_map
<regex_map>
<subst reg_hello="(.*)"
val_hello="$1! Parking costs \$1\\hr."
</regex_map>
Output Variable
In the preceding example, hello is assigned the value "Hi! Parking costs $1\hr."
(with the deliberately “wrong” backslash used instead of a forward slash for demonstration
purposes).
Also, because regex_map is written in XML, characters with special meaning in XML need
to be represented using XML entities. These special characters are described in the
following table.
Apostrophe ’ '
For example,
<subst val_statement="Programmers think "1 & 1 is 1.quot;"/>
By taking advantage of these features, you can write configuration files that are compact and
manageable.
The following example demonstrates how factoring and intermediate variables can make a
regex_map configuration scale to handle complex situations. Suppose that a system-wide
reorganization forced you to rename all files named README to README.TXT and relocate all
files under the /a/b branch to the /c/d branch. You could list all of the possibilities as
follows:
<regex_map>
<!- Handle both branch move and file extension addition ->
<match reg_vpath= "/a/b/((WORKAREA|EDITION|STAGING).*)README$"
val_vpath= "/c/d/$1README.TXT"/>
But this strategy could become extremely complicated if there were more combinations. A
factored set of rules can handle each change independently:
<regex_map>
<!- Handle a possible branch move ->
<subst reg_vpath= "/a/b/((WORKAREA|EDITION|STAGING).*)"
val_vpath= "/c/d/$1"/>
169
Specifying Content Encoding
A complicated set of rules could be clarified with intermediate variables, for example:
<regex_map>
<!-- Decompose vpath into branch, area, directory, filename -->
<!-- Decomposition could be done in just one rule, -->
<!-- but we choose to break it up with the help of x_rest. -->
<subst reg_vpath="^(.*?)/((?:WORKAREA|EDITION|STAGING).*)"
val_x_branch="${vpath:1}"
val_x_rest="${vpath:2}"/>
<subst reg_x_rest="((?:WORKAREA|EDITION)/[^/]+|STAGING)(.*)"
val_x_area="${x_rest:1}"
val_x_rest="${x_rest:2}/>
<subst reg_x_rest="(.*)(/.*)"
val_x_dir="${x_rest:1}"
val_x_file="${x_rest:2}"/>
<!-- End decomposition -->
<subst reg_x_file="^/README$"
val_x_file="/README.TXT"/>
<!-- End transformations -->
In the preceding example, factoring out the vpath decomposition logic simplifies the actual
transformation rules. In a complex situation with many transformation rules, adding a few
standardized rules at the beginning and end of the regex_map is worthwhile.
The following list of encodings are the IANA preferred charset names (http://
www.iana.org/assignments/character-sets) and are valid entries for the
file_encoding.cfg file:
English, German:
" ISO-8859-1
" ISO-8859-15
" windows-1252
Japanese:
" Shift_JIS
" EUC-JP
Korean:
" EUC-KR
Simplified Chinese:
" EUC-CN
" GB2312
Unicode:
" UTF-8
171
Specifying Content Encoding
Note: file_encoding.cfg has no effect on the file encoding seen in visual differencing.
This is so that what is seen in the visual differencing tool most closely approximates
what will be seen in the production environment.
Sample file_encoding.cfg
<!-- Otherwise, the directory name at the top of the area is the
result. -->
<subst reg_vpath="(?:(?:WORKAREA|EDITION)/[^/]+|STAGING)/([^/]+)/"
val_encoding="${vpath:1}"/>
Input Variable
num = "XLIX"
regex_map
<regex_map>
<!- Add one the "dirty" way: Append "I" ->
<subst reg_num="(.*)" val_num="$1I"/>
Output Variable
num = "L"
The regex_map language works well with Roman numerals because it is designed for string
manipulation. It would be much more difficult to write a regex_map that increments Arabic
numerals, due to the larger set of rules needed to increment a single digit and the lack of
looping capability to perform the carrying operation.
173
Specifying Content Encoding
Internationalization
TeamSite is engineered with your global enterprise in mind. This includes internationalizing
the TeamSite server to support multibyte languages and locales at the operating system, and
localizing the ContentCenter user interface and documentation. Internationalized TeamSite
supports the following needs:
" International user data—Enables users to enter data, content, and field values in
English, Korean, Traditional Chinese, Simplified Chinese, French, German, and
Japanese.
" Localized operating system—The TeamSite server runs on any one of the following
localized operating systems: English, German, Korean, Simplified Chinese, and
Japanese (one locale per instance of iwserver).
" Localized user interfaces—The ContentCenter Professional and ContentCenter
Standard interfaces have been localized into French, German, Japanese, Korean, and
Simplified Chinese.
" Localized file names—You are no longer restricted to having file and directory names in
ASCII character encoding. File, directory, branch, workarea, and edition names can
have Japanese names on Japanese servers, German names on German servers,
Simplified Chinese names on Simplified Chinese servers, and Korean names on Korean
servers.
" Continued support for processing of non-English metadata and FormsPublisher content
(available since TeamSite 4.2.1 and 4.5.1).
Note: Information on localized servers contained in this chapter is only valid with
localized TeamSite versions. Check the Release Notes to determine whether
localized servers are supported in your TeamSite version.
175
Internationalization
containing German High ASCII characters, those files would not be supported by the
TeamSite server due to limitations with the native file system and handling of characters
outside of its code pages.
Supported Content
TeamSite supports non-ASCII characters in branch, area, directory, vpath, and file names
in addition to the contents of a file.
This scenario is supported for Metadata because Metadata entered using the
ContentCenter does not interact with server operating system. Any data that is
interchanged with the server operating system (including VPATHs) are only meaningful if
they are within the server locale’s encoding.
" If TeamSite Intelligent File System is functioning as a networked file server, it is
expected that all other networked file system clients (for example, NFS clients) are
operating in the same locale as the TeamSite Intelligent File System file server.
Currently, NFS does not enforce this restriction and therefore enables NFS clients to be
in a different locale than the NFS server. However, NFS protocol does not do encoding
conversion. Therefore, file and directory attributes (including names) are passed
through in binary format. This would not work for TeamSite IFS functioning as file
server because it does encoding conversion from and into UTF-8 based on the server
file system’s locale.
About UTF-8
UTF-8 is the 8-bit encoding format for Unicode. Unicode is a system for exchanging,
processing, and displaying diverse written languages. Unicode supports the principal
written languages of the world as well as many classical languages.
would be:
/iw/iw-cc/edit?vpath=/archive/main/WORKAREA/area/%e5%ba%9c.html
since the Japanese character is Unicode character U+30D5, which is encoded as the
bytes 0xe5 0xba 0x9c in the UTF-8 format.
177
Internationalization
To achieve this, TeamSite system calls to the operating system are converted from UTF-8
encoded textual data (for example, VPATH information) into the locale of iwserver (as
defined by the server_locale setting in iw.cfg). In most cases, this is the same as the
operating system’s native locale. The conversion is also required when operating system
information is returned to TeamSite.
Note: If the TeamSite server is run in a different locale than the host operating system’s
locale, the TeamSite virtual file system would use a different encoding locale
compared to the rest of host server’s file systems. By default, the TeamSite server
locale uses the native locale of the host operating system.
To display the localized (French, German, Japanese, Korean, or Simplified Chinese) Local
File Manager interface, your client operating system must be in the same language as the
interface you want to display.
For example, an HTML document being worked on through VisualPreview has a specified
charset of “Shift_JIS”, but the chosen user interface language is “German”. In this case, the
VisualPreview tool bar cannot appear in German. Instead, the tool bar appears in English. If
the document being worked on through VisualPreview is in ISO-8859-1 encoding, then the
Visual Preview tool bar appears in German. Whenever there is a conflict, the tool bar
appears in English. The following table lists the encodings that are allowed for specific
browser's language settings.
Note: To solve the issue of text files that do not specify their encoding, TeamSite 5.5.2
has introduced a new configuration file called file_encoding.cfg. Please refer to
Appendix C, “Specifying Content Encoding” for detailed information about creating
configuring settings in file_encoding.cfg.
179
Internationalization
Usage Scenarios
The following examples illustrate some of the advantages of using TeamSite in a global
enterprise. Note that a branch scenario could also apply to a workarea, directory, or file
operation (for example, New Branch, New Workarea, and Import File). Scenarios can also
be applied to other locales.
Scenario 1
Scenario 2
Scenario 3
1. You install and run TeamSite on a Japanese Solaris system in the ja_JP.PCK locale. The
file server for this system operates in the Shift-JIS locale (ja_JP.PCK locale on
Solaris 2.8 is a Shift-JIS locale.
2. You create a branch with a Japanese name using ContentCenter.
This branch displays in /iwmnt as a directory with a Shift-JIS encoded directory name
and displays in all typical file system operations with a Shift-JIS encoded directory
name just like the other files and directories in the file system.
Scenario 4
1. You install and run TeamSite on a Japanese Solaris system in a ja_JP.PCK locale. The
file server for this system operates in the Shift-JIS locale.
2. You copy an existing hierarchy of files and directory structures into a workarea called
isuzuki within /iwmnt.
Scenario 5
1. You install and run TeamSite on a Japanese Solaris system in a ja_JP.PCK locale.
2. Using ContentCenter, you submit a file and comments in Japanese.
3. You use the iwsubmit CLT to view the extended attributes of the file.
The Japanese submit comments are displayed correctly on the command-line. After
executing the submit, the same submit comments are displayed correctly in history log
of the file submitted.
181
Internationalization
This appendix describes the procedure for configuring TeamSite to integrate with the
Netegrity SiteMinder Policy Server. The integration enables:
" The TeamSite server to act as another web server in a portal environment controlled by
SiteMinder.
" A single sign-on where TeamSite users log in once against SiteMinder and are authorized
to access all of its resources (TeamSite and the other web servers in the portal) without
having to log in to TeamSite explicitly.
Note: TeamSite for AIX does not support SiteMinder Policy Server integration.
Requirements
" TeamSite 6.1 or above installed and configured.
" Netegrity SiteMinder Policy Server 5.5 installed and configured.
" Netegrity Web Agent 5.0 QMR5 or above installed.
" TeamSite and SiteMinder must share the same user database.
" Some familiarity with TeamSite and Netegrity SiteMinder Policy Server and Web Agent
products.
Authentication Overview
After completing the integration described in this appendix, SiteMinder controls access to
TeamSite by authenticating the user against its user database and placing an Interwoven
IWAUTH cookie in the browser. The typical sequence of data and operation flow is depicted
in the graphic and described in the legend that follows.
183
Integrating with SiteMinder
4
1
2 iw-webd with SiteMinder web agent
3
Browser
9 6
10 10
TeamSite servletd
(Content Services)
11 11
1. TeamSite users access the TeamSite server as usual (by entering hostname/iw-cc/ in
their browser).
2. The web agent intercepts the request and prompts for users for a user name and
password.
3. Users enter their user name and password.
4. The Netegrity Web agent passes the login information to the SiteMinder Policy Server,
which authenticates the user. The Policy Server then calls the Interwoven Active
Response function in the iwtssmar.so file.
5. The Interwoven Active Response module makes an SSL connection to the TeamSite
Access Service and sends the user’s login credentials in a SOAP message using HTTP.
6. The TeamSite Access Service authenticates the user and returns a session string that the
Active Response module uses to create an IWAUTH cookie.
7. The Active Response module then writes the IWAUTH persistent cookie to the user’s
browser, which is checked each time the user visits a page served by TeamSite.
The detailed procedures associated with these steps are described in the sections that follow.
Perform this procedure on the system where the SiteMinder Policy Server is running.
This environment variable provides the name of the TeamSite server and optional port.
If no port number is specified, the default port number 443 is used.
4. Create an environment variable called INTERWOVEN_RAND_FILE. This variable
specifies the complete path of a file containing random text. For example:
export INTERWOVEN_RAND_File=/var/adm/random.txt
185
Integrating with SiteMinder
For example:
%cp iw-home/lib/iwtssmar.so /var/siteminder/bin/
Configuring SiteMinder
1. Open the SiteMinder Policy Server user interface where you will create Realms and
Rules to protect TeamSite resources.
2. Create the following Netegrity Realms:
Realm Realm Type Resource Filter
protect_iw Protected /iw
Troubleshooting
Normally, if SiteMinder successfully authenticates a user, the Interwoven Active Response
module will also authenticate the user successfully. If SiteMinder successfully authenticates
a user and the Interwoven authentication fails, one of the following messages will be logged
to the SiteMinder access log file:
This message is written to the log file if the SiteMinder computer is unable to open
a TCP/IP socket connection to the TeamSite server. A possible reason for this
might be that the TeamSite server is unreachable or that the
INTERWOVEN_AUTH_HOST environment variable contains an incorrect host name or
port number. This message will also be seen if the Interwoven Access Service on
the TeamSite server is not configured with a valid SOAP license key.
This message is written to the log file if SiteMinder is able to open a socket
connection to the TeamSite server but is unable to establish an SSL session over the
channel. Possible reasons include a misconfigured TeamSite server whose X.509
certificate is missing or corrupt.
Interwoven: Failed to send query to server.
This message is written to the log file if the SSL channel to the TeamSite server fails.
This message appears if the supplied username and password are valid, but no
TeamSite role is associated with the user. This message does not necessarily denote
an error if there are some SiteMinder users that are intentionally not given access to
TeamSite.
187
Integrating with SiteMinder
TeamSite is system-level software that is tightly integrated with the operating system. There
are four main reasons why TeamSite runs as root:
" To be able to read configuration files that may be owned by other users.
" To be able to impersonate users to perform operations on their behalf.
" To access the TeamSite content stores that are normally set to read only
" To run critical helper programs to provide the TeamSite file system interface.
The following tables describe the TeamSite files that need to be owned by, executed by, or
setuid root:
189
Root Access to TeamSite
Other Comments
iw-home/httpd/iw-bin/iwbs.cgi These Content Store tools are not shipped
iw-home/httpd/iw-bin/iwbsdiff
iw-home/httpd/iw-bin/iwbsdir with setuid turned on. However, these tools
iw-home/httpd/iw-bin/iwbsls do need to be setuid root to operate
iw-home/httpd/iw-bin/iwbspeek properly.
These tools are intended for use only on the
advice of Interwoven Support or CSO staff.
These tools are not part of the day-to-day
operation of TeamSite.
Though most of the CGIs are installed by default with the read and write bits on, these CGIs
do not necessarily need to be world-readable. Though some of these CGI programs are
setuid root, they perform specific and limited functions. The CGIs contain no embedded
shell interpreters or similar software that allows general operations.
This appendix describes the TeamSite Service Monitor. The TeamSite Service Monitor is
comprised of a “watchdog” daemon that monitors the TeamSite server (iwserver). You
must purchase TeamSite Service Monitor in addition to the base version of TeamSite to use
the features described in this appendix.
You can configure the Service Monitor in several ways. For example, you can instruct it to:
" Shut down the TeamSite server and notify a specified system user that a power or
process failure was detected.
" Stop the TeamSite server after detecting a failure even if all post-failure system checks
are normal.
" Perform a different action depending on whether a power failure or a process failure
was detected.
" Perform any other Perl script-defined action automatically upon failure detection.
For any failure, you must execute a file system check (use the iwfsck CLT described in the
TeamSite Command-Line Tools Reference) to ensure that data inconsistencies have not been
introduced.
You can also turn off the Service Monitor completely, in which case the base version of
TeamSite continues to run.
191
TeamSite Service Monitor
Start
iwtock
Previous
No Run Diagnostics No Stop
shutdown
iw.powerfail OK? iwtock
normal?
Yes Yes
Start iwserver
Yes (Solaris)
The main TeamSite Service Monitor component is the iwtock watchdog daemon, which
starts the iwserver process and tracks iwserver execution for as long as the TeamSite
server is running. When iwtock first starts, it determines whether the previous TeamSite
shutdown was abnormal or normal. If it detects an abnormal shutdown, iwtock runs the
iw-home/ha/conf/iw.powerfail script, which can be configured either to stop iwtock or
to perform a variety of system checks or other actions as described in “Configuring
TeamSite Service Monitor” on page 193. If the system meets the passing criteria defined in
iw.powerfail, iwtock starts iwserver. If the system does not meet the passing criteria,
iwtock stops and iwserver is not started. All output from iw.powerfail is logged in
iwserver.log.
If iwtock determines that the previous TeamSite shutdown was normal, it starts iwserver.
From this point on, iwtock continues to monitor iwserver. If at any time iwtock detects
that iwserver is not running and there is no evidence of an explicit shutdown, it assumes
that an unexpected shutdown or system interruption has occurred. In this situation, iwtock
runs the iw-home/ha/conf/iw.processfail script, which can be configured either to stop
iwtock or to perform a variety of system checks or other actions as described in
“Configuring TeamSite Service Monitor” on page 193. If the system meets the passing
criteria defined in iw.processfail, iwtock starts iwserver. If the system does not meet
one or more passing criteria, iwtock stops and iwserver is not restarted.
Note: If iwserver attempts to spawn more than once within 30 seconds of initial startup
or a restart, iwtock will exit.
6. Restart iwserver:
% /etc/init.d/iw.server start
193
TeamSite Service Monitor
iw.powerfail
The default iw.powerfail script shown here is shipped with TeamSite. In its current form,
it only logs its own name (iw.powerfail) when executed. It also contains a commented
example of how you could configure the script to run the iwsi program to send email to a
system administrator when the script executes. You can configure this script to perform any
action upon execution; the only requirement is that you use Perl syntax compatible with
Perl Release 5.00503. All results returned by iw.powerfail are logged in iwserver.log.
Note: Review the current best practices related to recovering from a failure that posted at
https://support.interwoven.com. For any failure, you must execute a file
system check (use the iwfsck CLT described in the TeamSite Command-Line Tools
Reference) to ensure that data inconsistencies have not been introduced.To force
iwtock to exit rather than start the TeamSite server after iw.powerfail executes,
specify an iw.powerfail exit value of 127. This feature is included for scenarios in
which TeamSite should not restart automatically following a power failure.
use File::Basename;
print( basename( $0 ) . "\n" );
#
# Use this script to execute processes that can clean up after a powerfail
# crash.
#
# This script is executed when the Watchdog daemon determines that the
# system was not taken down cleanly, and the daemon is itself beginning
# execution.
# Some of the things that might be tried:
# Run the iwfsck CLT
#
# You may also want to mail your system administrator at this point:
#
#use Mail::Send;
#$msg = new Mail::Send Subject=>'TeamSite problem', To=>'admin,root';
#$mfh = $msg->open;
#print $mfh "Please address TeamSite issues at your earliest convenience";
#$mfh->close;
#
# If you do not wish to continue bringing up the system, then exit this
# script with a 127.
# 127 indicates to the daemon that it is not to continue with the bringup.
#
#exit 127
iw.processfail
The default iw.processfail script shown here is shipped with TeamSite. In its current
form, it only logs its own name (iw.processfail) when executed. It also contains a
commented example of how you could configure the script to run the iwsi program to send
email to a system administrator when the script executes. You can configure this script to
perform any action upon execution; the only requirement is that you use Perl syntax
compatible with Perl Release 5.00503. All results returned by iw.processfail are logged
in iwserver.log.
Note: To force iwtock to exit rather than restart the TeamSite server after
iw.processfail executes, specify an iw.processfail exit value of 127. This
feature is included for scenarios in which TeamSite should not restart automatically
following a process failure.
use File::Basename;
print( basename( $0 ) . "\n" );
#
# Use this script to execute processes that can clean up after a TeamSite
# crash after the system has begun processing data.
#
# This script is executed when the Service Monitor daemon determines that
# the system was not taken down cleanly, and the daemon has already begun
# observing the execution of TeamSite. Some of the things that might be
# tried:
#
#
# You may also want to mail your system administrator at this point:
#
#use Mail::Send;
#$msg = new Mail::Send Subject=>'TeamSite problem', To=>'admin,root';
#$mfh = $msg->open;
#print $mfh "Please address TeamSite issues at your earliest convenience";
#$mfh->close;
#
# If you do not wish to restart the system, then exit this script
# with a 127. 127 indicates to the daemon that it is not to restart
# the server. The server will not restart at all.
#
#exit 127
195
TeamSite Service Monitor
You will be prompted to confirm that you want to uninstall TeamSite Service Monitor.
Answer yes to continue uninstalling.
4. Restart iwserver after iwuninstallha finishes executing:
% /etc/init.d/iw.server start
Related Documentation
See the iwsi documentation in TeamSite Command-Line Tools for more information about the
TeamSite Service Monitor.
Troubleshooting
Note: Reporting and Search both have troubleshooting sections in the chapters describing
those features.
197
Troubleshooting
You may see submit.cfg errors in iwconvert output. These errors are
harmless. In the output of iwconvert, you may see errors such as:
ERROR:no valid submit config file found in the current
configuration
(/data/iw-home/conf/events/submit.conf,
/data/iw-home/local/config/submit.cfg,/data/iw-home/config/
submit.cfg,
/data/iw-home/local/config/submit.cfg)(2)
ERROR:no valid autoprivate file found in the current
configuration
(/data/iw-home/conf/events/autoprv.txt,
/data/iw-home/local/config/autoprivate.cfg,
/data/iw-home/config/autoprivate.cfg,
/data/iw-home/local/config/autoprivate.cfg)(2)
Installing/Removing Programs
VisualFormat may not appear in the Add/Remove Programs on Windows.
(You should be aware that it may be listed as eWebEditPro.) If you install
VisualFormat on a Windows computer by running visualformatclient.exe,
you can uninstall the product from the Add/Remove Programs window in the
Control Panel. However, if you installed it from a Web page, no listing for
VisualFormat will be present in the Add/Remove Programs window.
Instructions on how to uninstall the software under these conditions can be
found at the following Web site: www.ektron.com//support/
ewebeditprokb.cfm?doc_id=1628.
199
Troubleshooting
Administrator
The owner of a branch, responsible for the project being developed on it. An Administrator can
perform all the functions that an Author or an Editor can, and can also create and delete new
subbranches and workareas on his branch. Administrators exercise control over workflow by giving
workareas to editors and subbranches to other administrators.
approve
When an Editor approves a file returned by an Author, the file is submitted to the staging area.
Approving a file automatically unlocks it and removes it from the Author’s Task list.
assign
To lock a file for the use of a specific Author and attach comments. A list of assigned files displays in
the Author’s Task list. Editors can also view a list of files that they have assigned.
Attribute Search
A basic parametric search that involves single-level value-pairs AND/OR search criteria. The
supported operators for parametric search are: equal (=), less than (<), less than or equal (<=),
greater than (>), greater than or equal (>=), not equal (<>).
Author
A primary web content contributor with limited access to the TeamSite system, usually using
ContentCenter Standard. Authors can access, create, and modify web content through their
Editors’ workareas. An Editor can assign specific files to an Author, which will appear in the
Author’s Task list.
Autoprivate
The Autoprivate feature helps minimize clutter on the development server. Autoprivate
automatically identifies file types that should not be submitted to the staging area and marks them as
Private. These files typically include Microsoft temporary files (.TMP), various backup files
(.BAK), and Macintosh resource forks (.FRK).
201
branch
A path of development for a body of content developed and maintained by a team. Each branch
contains one or more workareas, a staging area, and a published edition and may contain
subbranches and previous editions.
casual contributor
A person who modifies or creates content using TeamSite, usually on an infrequent or sporadic basis.
“Contributor” is a generic term that does not designate any specific TeamSite role such as Author,
Editor, Administrator, or Master.
category
In TeamSite FormsPublisher, a category is a grouping of types of templates. Category directories are
the first division of the templatedata directory. Each category has its own directory, which
contains subdirectories for each type within it. An example of a category would be beverages,
which may contain tea, coffee, milk, and soda types.
collection
The metadata for a set of documents with optimized architecture for searching.
command trigger
A type of command-line tool that can trigger scripts when specific TeamSite events occur. An
example is the use the iwatsub command trigger to trigger an event when files are submitted.
comment
A note attached to a file, directory, workarea, branch, edition, job, or task. Comments can be
attached to workareas, branches and editions when they are created. Comments can be attached to
files and directories when they are assigned, returned, rejected, locked or submitted. Global
comments can be set when these functions involve multiple files.
Compare
A function that displays a list of the differences between any two TeamSite objects. Objects that can
be compared include workareas, staging areas, or editions.
Composite search
An advanced search feature that allows multiple search criteria to be specified. These criteria can be
a mixture of full text, form entry, and metadata parameters.
conflict
Occurs when multiple users make changes to the same file in multiple locations, for example, when
a file has been changed in two different workareas.
content
A set of information contained within a text document, vocabulary, file, or database record. See also
data record.
ContentCenter Professional
A user interface for experienced TeamSite users, technical users, or users who have some
familiarity with content management systems. It is intended for “power users,” and users who must
administer content development projects. It includes integrated administrative functions for easy,
contextual TeamSite administration and fully customizable menus, tabs, and more.
ContentCenter Standard
A user interface for business users—that is, non-technical subject matter experts and infrequent
users of a content management system. It includes an initial customizable “home page” containing
module UI components displaying areas for a user's tasks, favorites, work in progress, and forms,
wizards for common functions, and out-of-box email messages for workflow task notification.
contributor
A person who modifies or creates content using TeamSite. “Contributor” is a generic term that does
not designate any specific TeamSite role such as Author, Editor, Administrator, or Master.
data record
An XML file containing formatting information interspersed with data captured from a contributor or
through other means. A data record is named when a content contributor saves the record. Content
contributors can edit a data record by reopening it in the form that created it. Several different data
records can also be matched to a single presentation template to create one or many output files. Data
records can also be deployed to a database by Interwoven DataDeploy.
edition
A frozen, read-only snapshot of a branch of development. An edition contains a copy of all the files
in the staging area at the time it was published. New editions can be released to production servers
as complete, functional Web sites. Editions also serve as rollback points for projects in
development, and they provide permanent archives of the Web site for Site Rollback.
203
Editor
The owner of a workarea or workareas. Editors assign files to Authors, manage files, and edit and
create files, submit content to the staging area, and may create editions. Editors may have access to
workareas that they do not own, but they cannot assign files in these workareas.
form
The form generated by a data capture template. A contributor fills out a form to create a data record. A
form displays in the FormsPublisher window so that a user can enter and format data, select options,
and access menu items.
Form Entry
The information a user enters in a blank form. Form entry files are stored in locations selected
within the templatedata/form_category/form_type/data folder in the user’s workarea, and
are available to recall and use as necessary.
form item
An element in a data capture template that defines a form field, such as a text field, text area, check
box, combo box, or option button.
FormsPublisher
A TeamSite module that allows you to configure the look and feel of your web pages. Use it to
generate forms used within ContentCenter for capturing data. For more information, consult
TeamSite FormsPublisher Developer’s Guide.
Full-text search
Ability to search by entering one or more keywords from any document and applying AND/OR
operators on the keywords.
Get Latest
A command that brings staging area content that is different from the workarea content into the
workarea.
history
A complete record of all changes that have been made to a file through time. A user can see the
complete history of a file by selecting it and selecting History from the View menu.
initial edition
The first edition on a newly created branch. The initial edition serves as the original source of
content for all workareas on a new branch. This edition may be empty, or it may be a copy of an
edition from another branch.
job
A set of interdependent tasks assigned to one or more people. All jobs are based on predefined
workflows, and each job is a specific instance of a workflow model. When a user starts a job based on
locking
Restricting file access within a branch. Locking a file reduces the possibility of conflicting edits but
also reduces the team’s ability to work on files simultaneously. Every time a file is locked, the
version in the workarea is compared with the version in the staging area and the latest is taken
(although this behavior can be overridden). TeamSite supports three types of locking, or locking
models: Submit Locking, Optional Write Locking, and Mandatory Write locking. The locking
model is defined at the branch level by the Administrator.
main branch
The first branch created when TeamSite is installed. The Main Branch is owned by the Master user.
All branches in the TeamSite system are subordinate to the main branch.
Master
The owner of the main branch. The Master user is responsible for the entire Web site. The Master
organizes the structure of the TeamSite system and coordinates the activities of all users, and can
also perform all functions on all branches.
merge
The process of reconciling conflicts between versions of a file that have been edited by two people.
The two versions can be merged in the staging area to produce a new version of the file,
incorporating changes made by both users. Merging can be automated with TeamSite’s Advanced
File Merging.
Metadata
There are 4 types of metadata: file properties, user-specified metadata, system-provided metadata
(such as FormsPublisher extended attributes), and derived metadata from Metatagger operations.
Navigation Window
The left-hand side of the TeamSite window, which allows you to navigate through TeamSite by
clicking on the underlined names of branches, workareas, staging areas, editions, or directories.
205
Under the Optional Write Lock model, locking files ensures serial development of those files and
reduces the risk of conflicting edits.
Output File
A file that a user generates by combining form entries with a presentation template. The output file is
typically in HTML format for use as a Web page, although it can be other file types. The user can
generate output pages using any combination of form entries and presentation templates that the
ContentCenter developer has made available. Multiple output files can optionally be generated
using different presentation templates.
presentation template
A template that defines how form entries will appear when displayed. For example, a presentation
template could specify the size, color, and layout of a Web page.
A presentation template is populated with data from one or more of the following sources:
FormsPublisher can be configured to populate any presentation template with any data record plus
additional information as required from a relational database.
A contributor can match a single data record with several presentation templates to create multiple
output files containing the same or similar information, each suitable for a different Web site, each
with a different look and feel.
Preview
Viewing content prior to submitting, deploying, or generating an output file from it. Previewing
typically pertains to Web sites that being working on. For example, before beginning work on a
Web site, a user may preview it to assess its current look and feel. Previewing is also useful after
you have finished working on a Web site to ensure that your changes appear as you intended prior
to making the Web site publicly available. Previewing within FormsPublisher is limited to
displaying the output of the form being worked on using a specific presentation template.
Private
Within a workarea, a user can mark a file as Private, which prevents the file from being submitted to
the staging area if the file is a part of a workarea or directory that is submitted. It also prevents the
file from being copied to another workarea during a Copy To operation.
Public
The opposite of Private, the Public function removes the private marking on a file. All files are public
by default.
publisher
An application that sends events to the Event subsystem.
Search index
Search is enabled by building an index of searchable content and metadata.
Search Results
The returned set of assets that adhere to the specified criteria.
Site Rollback
The process of deploying a previous edition in place of the current Web site. Because TeamSite
editions are complete copies of the entire Web site at the time of publication, they can be
referenced to revert to prior versions of files, directories, or the entire Web site.
staging area
The area where users integrate the contents of their workareas. Users submit read-only copies of
files from their workareas to the staging area to integrate with other contributions, and test the
integrity of the resulting Web site.
subbranch
A branch subordinate to a major branch. To separate development efforts among teams or team
members, an Administrator can create subbranches. The subbranch receives its own unique staging
area and workareas and generates its own editions. Editions published on a subbranch can be
integrated back into work on the higher branch, or released as stand-alone Web sites.
submit
The act of transferring Web site content from a workarea to the staging area. After a user performs
an action on a file, the user must submit the file so that it can be approved and integrated into the
staging area. For example, if a user edits a file in a workarea, the file must be submitted so that the
changes can be reviewed and promoted to the staging area when approved. When a user’s work
reaches the staging area it is integrated with the work of other contributors into publishable,
deployable content.
Submit Locking
A type of locking in which users can choose to lock a file to insure that their changes are submitted
to the staging area. While a file is locked, other users can edit their own version of the locked file
207
within their workarea, but they cannot submit to the staging area. Once the lock holder has
released the file lock, other users can merge their modifications with the new file version.
subscriber
An application that registers with the Event Subsystem to receive events.
tag
When users tag a file, they specify additional descriptive information that remains with the file
indefinitely (this information is also called metadata). For example, a user could tag a press release
file by adding a title such as “Press Release,” key words such as “July” and “Acquisition,” a region
such as “California,” and so on. These tags do not appear in the text of the file, so they are not
displayed when the file is viewed through a browser or editing application. Instead, they appear
when you view the file’s tags, use search functionality, or use a product such as Interwoven
MetaTagger.
task
A unit of work performed by a single user or process that is part of a job. Each task in a job is
associated with a particular TeamSite workarea and carries a set of files with it. There are two types
of tasks: individual and group.
" Individual tasks are assigned to a specific person. When an individual task is assigned to
a user, it appears under Tasks > My Tasks view in the Workflow tab. From there the
user can take whatever action is necessary to complete the task.
" Group tasks are assigned to a group of people, any one of whom can perform the task.
(Groups are defined and maintained by ContentCenter administrators and other
maintainers of your ContentCenter system.) If a group task is assigned to your group, it
appears under the Workflow tab > Tasks > Unassigned Group Tasks view. From there a
user can take ownership of the task and complete it.
After you perform a task, the job proceeds to the next task in its predefined sequence. When all of
the tasks in a job are done, the job is complete.
Task list
The Task list shows the user which tasks and jobs he is responsible for and allows the user to do the
necessary work to complete the tasks.
task transition
Selecting a task transition moves the job along the workflow process by activating successor task(s).
template
A file that specifies attributes of another file, such as look and feel. When you create a file, you can
choose to base that file on a template.
templating.cfg
A configuration file that controls what presentation templates are available to TeamSite users, and in
what category they appear. It is located in the <iw-home>/local/config/ directory.
unlock
To remove a lock from a file. If an Editor has locked a file, the branch Administrator or Master user
can also remove the lock. The Master user can remove any lock from any file.
user
A TeamSite Author, Editor, Administrator, or Master.
Version
A numbered iteration of a content file. Whenever users submit a file and it is approved,
ContentCenter saves the new version of the file containing the changes and retains the original, pre-
edited version. Because previous versions are not deleted, users can view all previous versions of
the file, see when and by whom each version was modified, and if necessary revert the current file
back to an earlier version. Note that versioning only occurs when a file is submitted to the staging
area. If a user just edits a file and saves the changes, a new version is not created until the file enters
the staging area.
VisualPreview
A tab that displays on an output page that allows you to perform various TeamSite functions.
Web site
A generic term, meaning a set of interrelated files viewed through a browser. In TeamSite, the
term “Web site” generally refers to all the contents on a branch of development, though these may
be a superset or a subset of an organization’s actual Web site.
workarea
A virtual copy of a Web site, which may be worked on independently without affecting the actual
site or the work of other contributors. A workarea can be owned by a single user or a number of
users together. Editors and Administrators can own workareas, but Authors cannot.
workflow
A sequence of tasks that can be assigned to one or more people. For example, a workflow could
define three tasks: to edit some text, to add an image, and to review the work. Whenever users
start a job, it must be based on a predefined workflow. Workflows are defined by ContentCenter
administrators and other maintainers of the ContentCenter system. See also “workflow model,”
“job,” and “task.”
workflow model
A general workflow configuration that can be used repeatedly. Each workflow model describes a
process which may include user tasks and a wide variety of automated tasks.
209
210 TeamSite Administration Guide
Index
Symbols autoprivate.cfg
.uid files, location of 55 about 21, 143
encoding 32
A format 30
absolute paths 125 location 30, 143
access sample 32
files read by iwserver 190 special characters 31
privileges, to TeamSite 53 available_templates.cfg 40
required for root 189
to files 53 B
ACLs backup Content Stores 139
reporting 159 backups
adding multiple stores 140
users to TeamSite 53, 55 of workareas 139
Administrators strategies 141
abilities 60 branch_default_perm 67
about 54 branch_security 66
defined 16, 201 branches
anonymous binds 71 defined 13, 202
application variables 164 indexing 80
assigning files 16 locking models on 28
attributes permissions 59
filtering 72 read access 66
in LDAP schemas 69 remappings, configuring 126
authentication searching 81
external file 67 security 66
LDAP 67 structure 20
local 67 browsers
PAMs 67 clearing cache 21
password 53
roles 67 C
setting type 67 cache size 35
users 67 caching 199
Authors captured subexpression 166
abilities 60 changing
about 54 file attributes, on submission 72
defined 16, 201 group ownership of workareas 64
Autoprivate TeamSite file locations 49
defined 30, 201 charset parameter, content encoding 179
matching
filenames 31
patterns 31
211
checking PAMs 69, 70
disk space usage 50 proxy server 125
for multiple servers 44 reporting 149
request handling 44 restarting after changes 21
server status 43 RPC threadcount 36
chgrp command 64 rule sets for metadata capture 110
CLT search 81
iwconvert output 198 Submit and Update logs 30
CLTs submit filtering 72
index and search 98 throughput monitors 37
iwgetelog 46 user authentication 67
iwgetlog 46 user interface 25
iwgettrace 46 web server uid 65
iwgroup 58 conflicting edits
comments defined 203
defined 202 conflicts
compare_search_limit 30 defined 202
comparing conserving disk space 51
defined 202 Consulting Services 197
configuration files Content Store 13
available_templates.cfg 40 backing up 139, 140
iw.cfg 21 deactivated 197
list of 143 freezing 38
locations 49 ContentCenter
configuring localized interface 178
Autoprivate 30 ContentCenter Reporting error messages 159
branch and workarea security 66 content-provider user role 17
branch remappings 126 conventions
cache size 35 notation 9
Content Store freezes 38 creating
Crystal Reports 158 workareas 54
default permissions creating editions 16, 66
on files 67 customer_webserver_host 125
different web servers 133 customer_webserver_port 125
disabling Editor edition creation 66
encoding of text files 179 D
external remappings 133 data record
field mapping 89 defined 203
file locations 49 printing 41
file system threadcount 36 data_root 40
group remapping 65 database schema 154
Hopi 36 database, LDAP 69
IP addresses 48 datacapture.cfg
iw.cfg 21 about 105
LDAP 69 annotated example
lock behavior 29 database element 116
main branch 29 DATE datatype 117
metadata capture 107 instance 117
options in iw.cfg 21 metadata identifier 116
213
environment variables, LANG 39 datacapture.cfg.example 110, 114
errata 10 db2_schema 155
error messages default permissions 67
reporting 159 editing 199
event subsystem 33 encoding 21, 161
configuring 34 FieldMapping.xml 89
events 33 file_encoding.cfg 21, 161, 172, 179
publishers 33 histories
subscribers 33 defined 204
event_log_size 30 iw.cfg 40
events log iwevents.log 46
locating 46 iwinstall.log 45
example templating environment 39 iwjoberrors.log 47
copying 40 iwmetadata.cgi 105
extended attributes 107 iwprocessd.log 47
modifying 27 iwprocoutput.log 47
search 99 iwserver.log 46
external remappings, configuring 133 iwtrace.log 44, 46, 47
log 45, 47
F mdc_dd.cfg 116
failover see proxy server metadata-rules.cfg 105, 107, 108
FieldMapping.xml file 89 modification time 26
file OpenAPI configuration 48
timestamp 27 openapi.cfg 48
file system pam.conf 70
mount 19 permissions 59
threadcount 36 private 30
file system threadcount sample metadata-rules.cfg 108
configuring 36 sample submit.cfg 77
file_default_perm 67 search.properties 81
file_encoding.cfg setting permissions on 54
content encoding 179 standardFields.xml 95
default location of 21 submit.cfg 72
defined 161 submitting locked 29
Merge tool 171 tables.xml 154
sample file 172 tsgroups.xml 58
Source Differencing tool 171 tsreport.xml 149
UTF-8 170 virtual 20
valid encodings 171 workflow log 47
visual differencing 172 filtering, on file submission 72
VisualPreview 171 finding the installation directory 45
files font message 198
access to 53 force_EA_mod_times 27
assigning 16 freezing the Content Store 38
available_templates.cfg 40 fs_threadcount 36
changing attributes of 72 full_submitlog 30
comparing 30 full_updatelog 30
configuration 21, 161 fully qualified paths
datacapture.cfg 105, 110 see proxy server
215
rpc_threadcount 36 J
server_locale 38 Java servlet engine 28
servlet_port 28 jobs
setting ports 28 defined 18, 204
show_user_list 75
specifying preview directory 41 K
thruputmonitoring 37 kernal device driver 45
use_mapping_file 26
webserver_uid 65 L
workarea_default_perm 67 LANG environment variable 39
workarea_security 66 languages, browser behavior 180
iw.openapi 48 LDAP 70
iwckrole 56 68
iwevents.log 46 and operating system authentication 70
iwfsshrink anonymous binds 71
running 51 authentication 67
iwgetelog 46 configuring 69
iwgetlog 46 database 69
iwgettrace 46 modifying schemas 69
iwgroup 58 OpenAPI 70
iwinstall.log 45 schemas 69
iwjoberrors.log 47 servers 67
iwmetadata.cgi 105 TeamSite role authentication 67
iwprocessd 47 user authentication 67
iwprocessd.log 47 ldap_account 71
iwprocoutput.log 47 ldap_cafile 68
iwproxy ldap_dnbase 68
configuring 125 ldap_key 68
debug option 138 ldap_port 68
iwwebd 123 ldap_pwd 71
performance considerations 128 ldap_roles 69
SSL support 123 ldap_server 68
iwproxy_host 125 ldap_ssl_port 68
iwproxy_port 125 listener 80
iwserver Local File Manager
checking 43 localized GUI 178
locating 45 locales
log file 46 native 38
monitoring 191 TeamSite server setting 38
starting 43 locations
iwserver.log 46 installation directory 45
iwsessionkeygen 70 iw.cfg 144
iwstat 47 roles files 145
iwtrace.log 44, 46, 47 TeamSite files
iwwebd 123, 128 changing 49
iwwfs.log 45
217
mssql.xml 155 paths
multibyte characters absolute 125
browser behavior when interpreting encoding 180 relative 125
multiple servers 44 resolving see also proxy server
MultiStore performance monitoring 37
backing up 140 permissions
mysql_schema.xml 155 branch 53, 59
directory 59
N file 53, 54, 59
Navigation Window required for actions 58
defined 205 types of 58
new users, adding 53 workarea 53, 59
NFS, group limitations 65 port number
notation conventions 9 proxy server 125
servlet 28
O web server 125
od-admin user role 17 pretty_print_dcrs 41
od-user user role 17 preview
old_mod_times 26 maintaining files 40
only_lock_owner_creator_submits 29 specifying directory for 41
OpenAPI preview_history_limit 41
configuration file 48 preview_system_directory 41
documentation 48 private
LDAP 70 defined 206
manually starting and stopping 48 private files 30
obsolete startup script 48 proxy server
server about 123
about 48 configuring
servlet engine 48 applying changes 124, 125
starting and stopping 48 basic operation 125
verifying 48 overview 123
Optional Write locking to use different webservers 133
defined 205 debugging 138
oracle_schema.xml 155 document roots 128
ownership of workareas, changing 64 external remappings 133
failover 136
P fully qualified paths
PAM Internet Explorer 129
account management 69 resolving 128
and TeamSite 69 server configuration 129
host header remappings 135
configuring 69, 70
host name 125
defined 67
port number 125
third-party modules 71
redirecting TeamSite views 131, 132
pam.conf 70
relative and absolute paths 125
pam_do_acct_mgmt 69
remapping document roots
pam_service 71
passwords 53 rules of precedence 123
SSI remapping 136
limitations 54
setting 55
219
server_locale setting 38 submit.cfg
Service Monitor about 21, 72
about 191 format of 72
components 192 location 72
configuring 191, 193 sample 74, 77
installing 193 submitting
iw.powerfail 192, 194 defined 207
iw.processfail 193, 195 system information
iwtock 192 monitoring 37
logging 194, 195
starting and stopping the server 196 T
uninstalling 196 tables.xml 154
servlet Tagger GUI 103
engine 28 localizing 119
port 28 tasks
servlet_port 28 defined 18, 208
settings email 26
email, for workflow 26 ownership 59
encoding 27 states 18
server_locale 38 transitions
shared defined 208
workareas 55 TeamSite
Site Rollback architecture 19
defined 207 configuration files 143
Source Differencing tool 161, 171 file locations, changing 49
SSIs, remapping see proxy server groups 58
SSL support 123 proxy server
staging area iwwebd 123
defined 14, 207 overview 123
standardFields.xml file 95 see also proxy server
starting TeamSite server 43 roles 53
stopping TeamSite server 43 server
subbranches answering requests 44
defined 207 mounting 45
submit process 44
starting 43
changing file attributes 72 stopping 43
filtering Service Monitor 191
debugging 75 UNIX permissions 59
introduced 72 user roles 54
RCS macro expansion 76, 77
sequence of events 73 web daemon 123
locked files 29 TeamSite server
log file 30, 51 resetting 44
monitoring for indexing 80 restarting 43
Submit locking stopping 43
defined 207 TeamSite Templating, defined
see also Using and Configuring TeamSite Templating
221
W workflow models
watchdog 191 defined 209
web browsers, interpreting encoding 180 Write locking
web content, specifying encoding 179 see also Optional Write locking, Mandatory Write
web daemon locking
about 123
configuring 123, 125 X
setting defaults 28 XML
web servers about 9
configuring 133 datacapture.cfg 110
host name 125 metadata-rules.cfg 107
plugins 124 regex_map language 161
port number 125 special characters 168
starting and stopping 124
uid 65
Web site development 14
webserver_uid 65
workarea_default_perm 67
workarea_security 66
workareas
changing group ownership 64
creating 54
defined 14, 209
locking files in 29
permissions 59
read access 66
security 66
shared 55
workflow
defined 209
jobs
defined 18
log file 47
metadata capture 120
models
and jobs 18
assign-edit-approve 17
defined 17
query events 149
tasks
defined 18
specifying files in 120
workflow events 153
workflow log
locating 47