Notes/Domino Pre-Release 2 - server
15.05.2002 - Emil Čelustka
I zde je mnoho zajívavých informací, které ocení mnozí z nás...
Lotus Domino 6 now includes a brand new Web Administration Client which closely resembles the W32 Administrator Client.
The Administrator Client now has the ability to register new users as roaming users. Administrators can specify a roaming server and user subdirectory, as well as create roaming databases on the roaming server. The Administrator Client also has the ability to modify an existing user's roaming options by either upgrading or downgrading an existing user. Note: At this time, this modification feature is not fully implemented.
Administrators can now create and deploy customized Welcome pages to their Notes users.
Administrators are no longer limited to 2 characters for middle name/initial information during person management operations (registration, rename, etc.). A full middle name may now be used.
Server activity logging has been enhanced to capture detailed information about Notes sessions, databases, passthrus, and scheduled agent activities, as well as information about POP3, SMTP, HTTP, IMAP, NNTP, and LDAP activity.
The Domino Administrator Log Analysis Tool has been extended to capture enhanced server activity logging data
ADSync extends and expands the functionality of Notes User Manager Extension for the Microsoft Active Directory in Windows 2000. ADSync enables you to register, synchronize properties and passwords, and rename and delete users and groups in the Domino Directory when such actions are performed in the Active Directory. Features include container and property mappings between two directories, and the use of policies for registering users
Archiving/documentation retention has been enhanced to give the Notes Administrator the ability to set and manage all archive settings for users through policy-based management. In addition to the administrator having the ability to set the archive settings, they can also allow/disallow the end user to create "private" archive settings which apply only to their own database. The new archiving functionality also allows more than one set of archive criteria and archive destinations. Finally, the archive log has been updated to the Pre-release 2 look and feel.
Some of the features performed via the Domino Administrator are now executed in the background. In previous releases, these features prevented the execution of any other features until processing was complete.
Database management has been enhanced in Pre-release 2 by using server clusters to manage some tasks, including: dragging & dropping databases to a cluster, specifying which cluster members get a replica, and allowing users to select cluster mates as targets when using File->Database->New, New Replica, and New Copy dialogs.
The user registration UI and registration preferences in the Administration Preferences dialog now allow the administrator to select Certificate Authority (CA) configured certifiers to register users. The administrator must first set up the CA process on a domain server, and must select a certifier from the UI list that is configured to use the CA process. This feature allows administrators to register users without having to provide a physical certifier ID and certifier password before or during registration.
Servers now support the ability to save a copy of all messages, including text, for long term archiving.
The user interface for managing server task scheduling has been improved to include scheduled tasks such as mail routing, agents, program docs, etc.
Administrators now have the ability to monitor the performance of their Domino Server Statistics in real-time, historical or by trend, through a graphical interface. Administrators can specify sets of statistics, and select any server.
The server console now has the ability to log a text file. This allows the STDOUT to go to a file which does not tie up the machine, and which can be looked at off-line.
The RegisterNewUser method has been updated for Pre-release 2. The new RegisterNewUserWithPolicy method allows administrators to supply name, password and policy name to register a new user.
Administrators can now create multiple, different default settings for user registration through the creation of policies and registration sub-policies. If an policy is selected in the user registration menu -- either by selecting an explicit policy from the list, or by using or changing to a certifier name with which a "namespace" policy is associated, the registration settings contained in the policy will be applied to the user(s) selected.
The Windows 2000 Event Viewer can now display error messages related to generating Domino statistics within the Performance Monitor.
Pre-release 2 contains several new rules for agent security; the fields controlling new security functionality are in the server record of the Name and Address Book.
Pre-release 2 supports two modes of enabling agents - one mode enables an agent to run, as well as signing it (the same as in R5); the second mode only enables the agent to run without changing the signature (we sometimes refer to this mode of enabling as 'activation'). The mode of the agent is controlled by the "Activatable by user" setting on the second tab of the agent builder info box. The agent can be enabled (activated) by Editor level users when the agent is in the "Activatable by user" mode.
Directory - General
You can choose an alternative centralized directory setup consisting of a full Domino directory holding enterprise user, group and mail-in database records hosted in a central location combined with small configuration directories holding Domino configuration information hosted on individual servers.
You can use Extended ACLs, implemented in the Domino Directory, Extended Directory Catalog, and Administration Requests databases, to refine the database ACL and set access for authenticated users at the document and field level.
Users are now able to select whether a directory should be served up by LDAP, NAMELookup, or both.
A Multiple Organization Domino Directory allows a Service Provider to store directory information for multiple organizations within a single Domino Directory. Through the use of Extended ACLs, users of a Multiple Organization Domino Directory have access only to their organization's information.
Directory assistance can now use cluster failover to fail over to an alternate replica of a Domino Directory.
The ability to authenticate Internet clients in a secondary directory (Domino or 3rd party LDAP) has been extended to include IMAP, POP3, LDAP and NNTP clients. Previously this capability was available only for clients connecting over HTTP.
You can put groups used for database authorization in one secondary Domino Directory or in one external LDAP directory, in addition to the primary Domino Directory; previously you could put authorization groups only in one external LDAP directory in addition to the primary Domino Directory . Note that you can't put authorization groups in both of these directory locations.
Pre-release 2 provides the ability to define a custom filter for groups and users, and a timeout limit.
These new statistics related to directory lookups are available: Database.NAMELookupTotal; Database.NAMELookupTotalLookupTime; Database.LDAP.NAMELookupTotal; Database.LDAP.NAMELookupTotalLookupTime; LDAP.Total LDAPSearchTime.
These new statistics related to Directory Assistance are available: Database.DAReloadCount, Database.DARefreshServerInfoCount, Database.DAFailoverCount
Directory - LDAP
The LDAP service schema improvements include: complete support for LDAP RFCs 2252, 2256, 2798, 2247, 2739, 2079, 1274; new Domino LDAP Schema database(SCHEMA.NSF) used as a tool for maintaining and extending the schema; an automatic schema maintenance process, true object class inheritance; faster schema loading; and support for the namingContext operational attribute defined in LDAP standard RFC 2251.
xACLs are now integrated with the LDAP Search.
The LDAP service now supports arbitrary distinguished names.
You can now configure some LDAP settings in the Domain Configuration record instead of placing them in Notes.ini. These LDAP configuration settings can now be set/modified dynamically.
The LDAP service now returns appropriate results when an LDAP client searches for vendor information attributes.
Activity logging for the LDAP service provides the ability to more easily determine who is reading/writing objects in the directory.
The average time to complete an LDAP search transaction and the amount of CPU time used in completing a search transaction have been reduced.
You can now override the built-in search filters used by Directory Assistance when searching an LDAP directory by specifying custom LDAP filters for mail address lookups, client authentication credentials lookups, and group authorization lookups (i.e. expanding groups on ACLs).
You can include more than one value in the Hostname field in an LDAP Directory Assistance document, so that if the first server specified is unavailable, Directory Assistance can fail over to another LDAP server.
The LDAP address picker will chase references to other LDAP servers.
There is a new migration tool that enables you to migrate person and group entries directly from an LDAP directory server into the Domino Directory.
Domino Hosting Environment
The Lotus Domino Pre-release 2 server includes new hosting features that allow multiple organizations to be transparently hosted by a single Domino server. Clients from different hosted companies access their data from the same logical server, securely, using standard internet protocols. Internet protocols supported for the current Pre-release 2 include: IMAP, POP3, LDAP, SMTP, SSL and DOLS access. In subsequent releases, it will be possible for Service Providers) to provide HTTP and IIOP services.
The Domino Hosting Environment simplifies server administration and application support. The administrator works with only one server, yet each organization on that server can function as if it is hosted by its own unique server. For example, each organization has its own HTTP application and file location, with organization-specific authentication controls. The Domino Directory template and associated server tasks have been modified to allow granular configuration control for each hosted organization.
The string resources used in the Domino servers are switched to the proper language. The language is selected based on the Web browser's accept language setting, so one Domino server is able to serve multiple language clients at once.
Web access users can configure their preferences, and keep that configuration over their sessions. The configurable preferences are: 1) timezone, 2) date/time format, and 3) number format. The information is stored on the Web browser using cookies.
The IMAP server now supports the NAMESPACE extension, which allows an IMAP client to view folders in another user's mail file, or view public folders in a shared database.
Mail file quota processing has been enhanced, allowing administrator control over message disposition and notification to the owner of a mail file.
The IMAP server has been rearchitected for performance, scalability and robustness.
Support for Realtime Blackhole Lists (RBLs). RBLs are databases used to track SMTP servers that permit third-party relay.
System-level mail rules allow administrators to specify message criteria, and actions to be taken, for all messages processed on a server.
Support for Vines and Appletalk as a network protocol has been removed from all platforms. The support for SPX has been removed from UNIX and OS/2 platforms. Note that it is still possible to manage servers installed prior to Pre-release 2 that use these protocols from Pre-release 2 servers.
A MAPI Service Provider, that has been shipped with Notes since Release 5.05, has been extended to include C&S and Task support. This allows Outlook users to fully participate in Mail and C&S functions using a Domino back-end, while fully interworking with Notes users. Additionally, this service may be installed using a Web Browser (using DOLS technology) and may be used without installing a Notes Client.
To assist users who travel frequently to many locations, and who need to dial their ISP from those locations using the proper local phone numbers, a new phonebook database has been introduced. This phonebook is populated with ISP phone numbers for various locations by either the site administrator or the end user, and is accessed by the phonebook dialog when connecting to a server.
A network compression setting for each enabled network port can speed up data transmission between a Notes Client and Domino server, or between two Domino servers.
You can view OS platform statistics from the Domino console along with your Domino server statistics. This provides for easier Domino server monitoring and tuning.
Domino platform statistics displays operating system level statistics like CPU, Memory and Disk I/O.
Via the Domino console or Administrative Panel remote console you can determine system resource consumption of the Domino server.
To view platform statistics, issue the Domino console command "show stat platform".
Platform statistics can be viewed on NT, OS/400, Solaris, Win2K, and AIX 4.3.3.
Individual network names are shown in platform statistics, and all network adapter names are supported.
Domino platform statistics are now enabled by default on the Domino server.
Health Monitoring/RedZone extracts the Domino name lookup stats, and determines whether the lookup time is Normal, Significant, or Critical. Health Monitoring/RedZone now supports analysis of the health of Windows 2000 servers, and of the newly-provided Domino Network Platform statistics on Win32 and Solaris platforms. This feature's UI will be part of a separately marketed product. Also, this facility is integrated within the Administrator Client Server Monitoring pane.
Domino Administrators can create policies, and then using an established hierarchy, automatically distribute those policies across a group, a department, or an entire organization. The use of policies makes it easy for administrators to establish and maintain standard settings and configurations, and automates redundant administrative tasks.
NotesUIDocument.Reload method now supports the reloading of RichText items with the new optional parameter IncludeRichTextItems.
A Notes DateTime object can now be created from a Java Calendar object.
There is now support for DIIOP in an Service Provider environment.
The ACL activity log is now available programmatically.
Rich Text enhancements to back-end classes include: the ability to specify colors and styles for tables; the ability to search for strings to begin inserts or set range boundaries, and the ability to Replace one string with another in RichTextItem; the ability to enumerate and access embedded objects from within RichText editing framework; a Navigator property on the RichTextRange object (to do bounded navigation within a specified range); and the ability to begin an insert operation in a RichTextItem at a specific text offset, or after searching for a string;
A NotesStream class has been provided, to input/output MIME content as a byte stream.
Programmatic access to MIME via Backend Classes using Java interfaces are now available.
Beginning with Pre-release 2, users have the ability to log in to Notes using a Smartcard. The user's ID file must be enabled for Smartcard use, where the password that unlocks the ID file is stored on the Smartcard. The advantage of this feature is that it provides two-factor authentication: it requires the use of the Smartcard, and the PIN to unlock the card. Enable and disable Smartcard login through the User Security Panel.
HTTP password management allows administrators to set password restrictions on users configured in the Domino Directory. Restrictions include: the ability to set an expiration period on an Internet password; a grace period for re-setting Internet passwords; the requirement to change an Internet password immediately; and lockout internet access for users, requring password. Administrators can also set internet password quality and length.
SSL session resumption allows for the cryptographic work of authenticating over SSL to occur only on the first connection, with all subsequent connections re-using the existing keying information.
When a Site document is created for a given Internet protocol, a server will use that site document to obtain SSL security settings for that protocol, rather than from the Server document. New settings have been added to the Site document security settings to control the use of Certificate Revocation Lists (CRLs). These settings do not appear in the server document. The security settings are passed into trust policy code for use during certificate chain evaluation.
Administrators can now synchronize users' Notes password with the Internet password stored in the person record in the Domino Directory. To do this, the administrator can set the 'Allow synchronization flag' in the Person record; the next time the user authenticates to the mail server, an adminp request is created, which changes the Internet password in the Domino Directory to the password used to unlock the Notes ID file.
Administrators now have the ability to create Certificate Revocation Lists (CRLs), as part of the new Pre-release 2 CA. CRLs can be configured to be published on a regularly scheduled basis, and posted in the CA's certifier document in the Domino Directory. This will allow the revocation status of a certificate to be verified before trusting it.
Administrators can push Admin ECLs to their clients dynamically, as needed. This solves the issue of those instances when clients get the default ECL (rather than the Admin ECL) during setup because they are disconnected from the directory, and provides for a more timely delivery of updates.
Domino supports WebDAV for remote editing of resources in a Domino database.
Web Server search results can now be in the same order as View, when "Keep current order" is selected for sort options.
Search result template forms no longer require author access.
An additional field has been added to HTTP logging (supported for logging to text files and to domlog.nsf). This field records the full pathname of the file-system resource (database, text file, or cgi program) accessed by the request. For example, if the request was "http://server/sales.nsf", the field would record "c:/lotus/domino/data/sales.nsf".
No nevím jak vy, ale já už se upřímně těším na ostrou verzi. A co vy? --> zůčastněte se naší diskuse.