+

Search Tips   |   Advanced Search

Web content tasks

  1. Use the web content member fixer task
  2. Member fixer with syndication
  3. Use the Update Security task
  4. Use the workflow update tool
  5. Clear item history
  6. Clear version history
  7. Reset the web content event log
  8. Use the export cache settings task
  9. Export and import web content libraries


Use the web content member fixer task

The member fixer task checks all of the items in a specified library for references to users and groups that no longer exist in the current user repository. In report mode, it will report all the references to members. In fix mode, reference are be fixed, either by replacing them with references to members that exist, or by removing the references.

References to members in library items contain the distinguished name of the member as well as a unique internal ID for the member. If a member is deleted and another member is created with the same distinguished name, the two members will have different unique IDs. To update or remove these references from web content items use the mismatchedId parameter.

When a member that has been given permissions on a library is deleted, the member permissions are entirely removed from the library, so that any inherited permissions for items in the library will also be removed. Therefore, the member fixer task can not be used to update these permissions to a different member. However, when an LDAP transfer is carried out, the member permissions on the library are maintained. So, the member fixer task can be run after an LDAP transfer to update or remove these permissions


Enable the member fixer tool

Enable the member fixer by adding the following parameters to the WCM WCMConfigService service...


Custom Mapping

To update a reference to a member that does not exist with a member that does exist, member mappings can be defined in a custom mapping file. Where the member fixer task does not find a mapping in this file for a member, it will search the user repository for members with the same ID as the member that no longer exists. If such a member is found, it will update the reference with this user or group, or remove the reference, as specified by the altDn parameter. If no such member is found, this member is classified as 'invalid' and will be updated or removed as specified by the parameter invalidDn.

If custom mapping is required, before running the member fixer task edit...

...and set...

cn=contentAuthors,dc=lotus,o=ibm->cn=contentEditors,dc=rational,o=ibm Completely replace one distinguished name with another.
cn=[ID],dc=websphere,o=ibm->cn=[ID],dc=tivoli,o=ibm Replace part of a distinguished name. This example changes all of the distinguished name except the common name.

Further examples are listed in the MemberFixerModule.properties file.

You then run the member fixer task using the -DaltDn option as details in the following section.


Running the Member Fixer task:

  1. Open a command prompt.

  2. To create a report of users or groups referenced in Web Content Manager items that need fixing...

    cd WP_PROFILE/ConfigEngine
    ./ConfigEngine.sh run-wcm-admin-task-member-fixer \
                      -DPortalAdminId=username \
                      -DPortalAdminPwd=foo \
                      -DWasUserId=username \
                      -DWasPassword=foo \
                      -Dlibrary="MyLibrary"
    

    If MyLibrary is omitted, the default library configured with the defaultLibrary property in the WCM WCMConfigService service is used. An administrator user name and password is not required if you have already specified the portal administrator username and password using the PortalAdminId and PortalAdminPwd settings in the wkplc.properties file.

    A detailed report containing the updates that will be made for each item will be shown in

      WP_PROFILE/logs/WebSphere_Portal/SystemOut.log

    If the report indicates that the update will not happen as required, change the member fixer task parameters and run the report mode again. Repeat this process until we are satisfied that the fixes will be applied correctly. This is important because the fixes made by the member fixer task when run in fix mode may not be easy to undo if incorrect fixes are applied.

  3. If there have been changes to users and groups, update the items that reference them by running the following command:
    ./ConfigEngine.sh run-wcm-admin-task-member-fixer \
                      -DPortalAdminId=username \
                      -DPortalAdminPwd=foo \
                      -DWasUserId=username \
                      -DWasPassword=foo \
                      -Dlibrary="MyLibrary" \
                      -Dfix=true
    

    An administrator user name and password is not required if you have already specified the portal administrator username and password using the PortalAdminId and PortalAdminPwd settings in the wkplc.properties file. If the member fixer task indicates that certain mismatched member conditions exist, append the specified parameters to the command:

    Condition description Command to correct condition
    Nonexistent users or groups have alternate DNs available.

    • To update references to nonexistent users or groups with the portal administrator user distinguished name, append -DaltDn=update to the command.
    • To remove references to nonexistent users or groups append -DaltDn=remove to the command.
    If users or groups have invalid distinguished names (DNs) the report will list these as "invalid". This means the distinguished name doesn't exist and there is no alternate distinguished name available.
  4. To remove references to users and groups that have invalid distinguished names append -DinvalidDn=remove to the command.
  5. To update references to users and groups that have invalid distinguished names with the portal administrator user distinguished name, append -DinvalidDn=update to the command.
  6. Users or groups have been found with mismatched unique IDs.

    • To fix the mismatched unique IDs append -DmismatchedId=update to the command.
    • To remove references to users and groups with mismatched unique IDs append -DmismatchedId=remove to the command.

  7. After the member fixer task has run, review the SystemOut.log to verify that the member fixer task ran correctly. The member fixer task may not be able to save items that fail validation, such as items containing invalid fields. You must edit these items to make them valid and then run the member fixer task again.


Running the Member Fixer in a federated security environment

In a federated security environment with multiple realms, we can specify the realm to run the member fixer task on by adding -Drealm=realmName to the command. If this parameter is omitted the default realm will be used.

The member fixer task will check whether there are any members and groups referenced in items containing any of the base distinguished names defined for the specified realm and fix these references. References to members can only be updated with references to members in the specified realm.

Additionally, the member fixer task can be used to check whether there are any members and groups referenced in items that are not under any of the base distinguished names defined for any of the realms in the environment and fix these references. To do this, follow the same steps described for a single realm environment and add -DnoRealmDn=true to the command.

In a federated security environment with multiple realms, the member fixer task should be run for each realm in turn to make sure that all of the references are fixed.


Preserve dates

We can preserve the last modified date of items updated by the member fixer task by adding -DpreserveDates=true to the command. Otherwise the last modified date will be updated when the member fixer task is run.


Restricting which items types to fix

We can restrict which objects types are processed by appending -DrestrictOn=ItemType to the command.

For example:

We can restrict multiple object types by separating the types with a comma (,). For example, to restrict workflows and workflow stages, we can specify -DrestrictOn=Workflow,WorkflowStage.

If not specified, all object types will be updated.


Running the task for all libraries

We can run this task for all libraries by replacing the option -Dlibrary=libraryName with the option -DallLibraries=true in the command. If neither option is specified, this task will process the default library that has been configured in the WCM WCMConfigService service.


Running the task on a virtual portal

When running this task on a virtual portal either add -DVirtualPortalHostName=name or -DVirtualPortalContext=context to the command.


Parameters to set for large repositories

To prevent the session timing out before the task has finished, we can append the option -DsessionTimeOut=timeOut to the command. This sets the number of seconds in which the task must complete before its session will timeout. The default session timeout is 14,440 seconds, which is 4 hours. For large repositories you should increase this setting. For example: -DsessionTimeOut=36000, which is 10 hours.


Examples

These options can be combined when the conditions occur at the same time. For example, if alternate DNs are available for nonexistent users and groups and there are mismatched unique IDs, you would use the following command:

./ConfigEngine.sh run-wcm-admin-task-member-fixer \
                  -DPortalAdminId=username \
                  -DPortalAdminPwd=foo \
                  -DWasUserId=username \
                  -DWasPassword=foo\
                  -Dlibrary="MyLibrary" \
                  -Dfix=true
                  -DaltDn=update 
                  -DmismatchedId=update

If there have been changes to users and groups that are within the specified realm or that are not within any realm, update the items that reference them by entering the following command:

 
./ConfigEngine.sh run-wcm-admin-task-member-fixer \
                  -DPortalAdminId=username \
                  -DPortalAdminPwd=foo \
                  -DWasUserId=username \
                  -DWasPassword=foo \
                  -Drealm=MyRealm \
                  -Dlibrary="MyLibrary" \
                  -Dfix=true \
                  -DnoRealmDn=true


Member fixer with syndication

We can configure the system to automatically run the member fixer tool when syndicating. The member fixer is run on the subscriber during syndication. It is run against items that have just been syndicated. Details of the member fixer operations are included in the syndication report.

To run the member fixer during syndication add or update the following properties in the WCM WCMConfigService service.

Parameter Details
deployment.fixMembers To enable member fixing during syndication, set this parameter to true.
syndication.memberfixer.altDn To update references to nonexistent users or groups with the portal administrator user distinguished name, set this parameter to update. To remove references to nonexistent users or groups, set this parameter to remove.
syndication.memberfixer.invalidDn To update references to users or groups that have invalid distinguished names with the portal administrator user distinguished name, set this parameter to update. To remove references to users or groups that have invalid distinguished names, set this parameter to remove.
syndication.memberfixer.mismatchid To fix references to users and groups with mismatched unique IDs, set this parameter to update. To remove references to users and groups with mismatched unique IDs, set this parameter to remove.
syndication.memberfixer.fixCase This parameter is used to define how to treat case differences when updating or fixing distinguished names. To leave the case unchanged, set this parameter to update. To convert the case to lower-case, set this parameter to lower.
syndication.memberfixer.realm In a federated security environment with multiple realms, specify the name of the realm to run the member fixer against using this parameter.
syndication.memberfixer.norealmdn In a federated security environment with multiple realms, the member fixer task can be used to check whether there are any users and groups referenced in items that are not under any of the base distinguished names defined for the realm and fix these references. To enable this, set this parameter to true.


Use the Update Security task

Use the Update Security task to apply inherited access permissions and remove existing item access permissions for all items or all items of a given type. This task is useful as a post-migration step, or if we are applying major changes to the inheritance settings.


Running the Update Security task

  1. Open a command prompt.

  2. To apply inherited access permissions to all items in a library named "MyLibrary" for all roles, run the following command from the WP_PROFILE/ConfigEngine:

    ./ConfigEngine.sh run-wcm-admin-task-update-security
                      -DWasPassword=foo \
                      -DPortalAdminId=username 
                      -DPortalAdminPwd=foo 
                      -DWasPassword=foo 
                      -Dlibrary=MyLibrary 
                      -DinheritPerms=apply 
                      -DlibSecurity=true
    

    An administrator user name and password is not required if you have already specified the portal administrator user name and password using the PortalAdminId and PortalAdminPwd settings in the wkplc.properties file.

  3. To remove inherited access permissions to all items in a library named "MyLibrary" for all roles, run the following command:

    ./ConfigEngine.sh run-wcm-admin-task-update-security \
                      -DPortalAdminId=username \
                      -DPortalAdminPwd=foo \
                      -DWasPassword=foo \
                      -Dlibrary=MyLibrary \
                      -DinheritPerms=remove 
    

    An administrator user name and password is not required if you have already specified the portal administrator user name and password using the PortalAdminId and PortalAdminPwd settings in the wkplc.properties file.

  4. To remove existing item access permissions for all items in a library named "MyLibrary" for all roles, run the following command:
    ./ConfigEngine.sh run-wcm-admin-task-update-security \
                      -DPortalAdminId=username \
                      -DPortalAdminPwd=foo \
                      -DWasPassword=foo \
                      -Dlibrary=MyLibrary -DremoveExistingPerms=true
    

    An administrator user name and password is not required if you have already specified the portal administrator user name and password using the PortalAdminId and PortalAdminPwd settings in the wkplc.properties file.


Running the Update Security task for all libraries

We can run the Update Security task for all libraries by replacing the option -Dlibrary=libraryName with the option -DallLibraries=true in the command. If neither option is specified, the Update Security task will process the default library.


Restricting the task to only update specified items types

We can restrict which objects types are processed by appending -DrestrictOn=ItemType to the command.

For example:

If not specified, the security of all object types will be updated.


Running the task on a virtual portal

When running this task on a virtual portal either add -DVirtualPortalHostName=name or -DVirtualPortalContext=context to the command.


Preserve dates

We can preserve the last modified date of items updated by the Update Security task by adding -DpreserveDates=true to the command. Otherwise the last modified date will be updated when the Update Security task is run.


Defining the session timeout

To prevent your session timing out before the task has finished, we can append the option -DsessionTimeOut=timeOut to the command. This sets the number of seconds in which the task must complete before its session will timeout. The default session timeout is 14,440 seconds, which is 4 hours. For large repositories you should increase this setting. For example: -DsessionTimeOut=36000, which is 10 hours.


Examples

All of the options can be combined. For instance, to remove existing item access permissions and apply inherited access permissions to Content in the a library called 'MyLibrary', whilst preserving the last modified dates of the items, run the following command:

./ConfigEngine.sh run-wcm-admin-task-update-security
                  -DWasPassword=foo i
                  -Dlibrary=MyLibrary i
                  -DremoveExistingPerms=true
                  -DinheritPerms=apply i
                  -DrestrictOn=Content i
                  -DpreserveDates=true


Use the workflow update tool

Use the workflow update tool to add a workflow to existing items that aren't already workflow enabled.

You must first enable the workflow update tool by adding the following parameters to the WCM WCMConfigService service.

  1. Log in to the portal as an administrator.

  2. Open the following URL in the browser and specify which workflow to apply and the library containing the items to apply the workflow to:

    http://[HOST]:[PORT]/wps/myconnect/?MOD=workflowenablement&library=libraryname&workflow=workflowname&fix=true
    

    If the "library" parameter is omitted, the default library that has been configured in the WCM WCMConfigService service is used.

    If the "&fix=true" parameter is omitted, the tool will run in read-only mode and generate a report.


Running the tool on a virtual portal

There are two methods available when running the tool on a virtual portal:

Set service configuration properties


Clearing item history

Use clear history tool to clear the history of an item.

You must first enable the clear history tool by adding the following parameters to the WCM WCMConfigService service.

  1. Log in to the portal as an administrator.

  2. Open the following URL in the browser and specify details of what history details to clear:

    http://[HOST]:[PORT]/wps/myconnect?MOD=ClearHistory&day=date&month=month&year=year&keep=number_of_entries&restrictOn=item_type&library=library_name&fix=true
    

      day, month and year

      The history details will be cleared prior to the date specified in the day, month and year parameters. If no date is specified, then the date will default to one year before the current date.

      keep

      Specify the minimum number of history entries to keep. For example, if an item has not been updated for over a year, and we specify to clear all history entries more than a year old, but choose to keep the last five entries, all the history will be cleared except for the last five entries even though they are over a year old. If a number is not specified, then the minimum number of history entries to keep will default to 10.

      restrictOn

      Select the item types to run the clear history tool against. If no item types are specified, all item types will be processed. Use the following parameters for each item-type:

      library

      Enter a library name. If the "library" parameter is omitted, the default library that has been configured in the WCM WCMConfigService service is used.

      To run this tool against all libraries you instead use &alllibraries=true. If you have a large number of libraries, this may take a long time to run, so it may be better to run this tool against individual libraries instead of all libraries.

      fix

      If omitted or set to false, a report listing which history items will be cleared is displayed. If set to true, history items will be cleared as specified.

We cannot completely clear item history. One history item will always remain in an item no matter what parameters we select when clearing the item history.


Running the tool on a virtual portal

There are two methods available when running the tool on a virtual portal:


Parent: Maintain web content


Clearing version history

Use clear versions tool to clear the version history of an item.

You must first enable the clear versions tool by adding the following parameters to the WCM WCMConfigService service.

  1. Log in to the portal as an administrator.

  2. Open the following URL in the browser and specify details of what history details to clear:

    http://[HOST]:[PORT]/wps/myconnect?MOD=ClearVersions&day=date&month=month&year=year&keep=number_of_entries&restrictOn=item_type&library=library_name&fix=true
    

      day, month and year

      The version history will be cleared prior to the date specified in the day, month and year parameters. If no date is specified, then the date will default to one year before the current date.

      keep

      Specify the minimum number of history versions to keep. For example, if a version has not been created for over a year, and we specify to clear all versions more than a year old, but choose to keep the last five versions, all versions will be cleared except for the last five versions even though they are over a year old. If a number is not specified, then the minimum number of versions to keep will default to 10.

      restrictOn

      Select the item types to run the clear versions tool against. If no item types are specified, all item types will be processed. Use the following parameters for each item-type:

      library

      Enter a library name. If the library parameter is omitted, the default library that has been configured in the WCM WCMConfigService service.

      To run this tool against all libraries you instead use &alllibraries=true. If you have a large number of libraries, this may take a long time to run, so it may be better to run this tool against individual libraries instead of all libraries.

      fix

      If omitted or set to false, a report listing which versions will be cleared is displayed. If set to true, versions will be cleared as specified.

We cannot completely clear all versions. One version of an item will always remain no matter what parameters we select when clearing the version history.


Running the tool on a virtual portal

There are two methods available when running the tool on a virtual portal:


Reset the web content event log


Overview

From time to time you may need to reset the web content event log. The event log can be reset only on a syndicator server. Any changes made by resetting the event log are then syndicated to its corresponding subscribers. In most cases you reset the event log on the server you have imported or migrated data onto, or on a syndicator to troubleshoot syndication problems in a syndication relationship.

You must first enable the reset event log module by adding the following parameters to the WCM WCMConfigService service.

You should reset the web content event log under these circumstances:

To run...

If -Dfix=true is omitted, then the task will run in report-mode only.

When running this task on a virtual portal either add -DVirtualPortalHostName=name or -DVirtualPortalContext=context to the command.


Use the export cache settings task


Overview

Use the export cache settings task to display a summary of the current cache settings of the system.

When you run the export cache settings task, a summary of your cache settings is generated and set to the SystemOut.log. This includes the type of cache being used, and how it is being applied. For example, basic caching per session, or data caching per site.


Running the export cache settings task

  1. Open a command prompt.

  2. Run the following command from the WP_PROFILE/ConfigEngine:
    ./ConfigEngine.sh run-wcm-admin-task-export-cache-settings \
                      -DWasPassword=foo \
                      -DPortalAdminId=username \
                      -DPortalAdminPwd=foo \
                      -Dlibrary=MyLibrary 
                      -DinheritPerms=apply \
                      -DlibSecurity=true
    

    An administrator user name and password is not required if you have already specified the portal administrator user name and password using the PortalAdminId and PortalAdminPwd settings in the wkplc.properties file.


Displaying cache settings in a browser

We can also display the cache settings in a browser using the following URL:

http://hostname:port/wps/connect?MOD=ExportCacheSettings&processLibraries=false


Export and import web content libraries

WCM provides two methods for exporting and importing web content libraries: an export or import that operates on one library, and an export or import that enables you to work with a separate copy of a library. With either method, we can export the contents of a web content library to disk and import this data into another web content server. If you're working with a copy of a library, we can also import that library into the same web content server multiple times, resulting in a new library after each import without affecting previous copies. Exporting and importing libraries enables you to make a backup copy of a web content library and can also be used to move data between servers. However, this function cannot be used to send updates, deletes and moves. It is only suitable for populating new items.

Before beginning, create an empty shared directory to hold the exported web content library. If moving data between servers, both systems must have write access to this directory. In addition, review the following considerations before exporting or importing web content libraries:

Syndicating items from one server to another, either after migration or to roll out a new server, can take a long time. Your database backup and restore features can be used to clone data from one repository to another, making the system ready for syndication to be used from then on for incremental updates.

There are two basic cloning scenarios:

These procedures only describe how to clone a web content repository. To clone a Portal environment, XMLaccess export and import should be used to transfer the Portal data to the target environment


Parent: Maintain web content


See also: