The server hosting the Archive Portal solution is made up of 3 distinct zones :

• The folder where the Apache web server is installed (here C:\Apache24\).
• The folder where the Archive Portal server files are installed (here D:\CTArchivePortal\).
• The folder where the extracted Notes databases are installed (here E:\Extract\)

Using the Installation Wizard made it possible to finalize the configuration of the Apache server (identity, authentication, security) and to install the files used by the Archive Portal server. We will present here all the files involved in the Archive Portal solution, whether they are on the Apache side or on the Archive Portal server side. You will probably have to manipulate these files and manually change their configuration if you need to change your needs (change of authentication mode, password update, change of Apache version, update of Portal Archive server's files, modification of the Portal's graphic charter, troubleshooting, etc.). It is possible to manipulate the configuration files by hand (as explained below) or to use the Portal administration interface (recommended).

 

The creation of the folder hosting the extracted Notes databases as well as the addition of new databases remains the responsibility of the Portal administrator.

 

Apache Server Installation Files

The Apache server installation folder (C:\Apache24\) contains a number of sub-directories whose files were impacted by the installation and configuration of the Archive Portal solution :

 

• The bin folder contains Apache executables such as the HTTP server executable (httpd.exe) or the utility for managing logins/passwords (httpasswd.exe).
• The cgi-bin\CTArchivePortal sub-folder contains the executables used by the Archive Portal :
  
  • • CTServer.exe : Archive Portal Server executable.
    • CTGate.exe : CGI script linking Apache to the Archive Portal server.
    • CTServer.ini : Common settings file for CTServer.exe and CTGate.exe. It is this file which indicates to the executables where the various configuration files of the Archive Portal are located (Access.xml, Directory.xml, Site.xml...). You can modify the values of this file by hand or use the archive portal administration interface (recommended).
      
      
• The conf folder contains Apache settings files :
  • • httpd.conf : This is the main settings file for the Apache server. This file is automatically modified by the Archive Portal installation wizard to inject the parameters inherent to the selected options. Each time a line in the file has been modified or added, a comment line has been added upstream to indicate this change with the Tag ## Archive Portal >>>. If the line is linked to an authentication option (LDAP, SSO/NTML) or encryption (SSL), we also add an indicator in the comment line (for example [LDAP] for a parameter linked to authentication with Active Directory):

 

The display of dedicated Login and Logout pages is managed by the /dologin_apache and /logout_apache blocks:

 

The settings block for Simple authentication is at the bottom of the configuration file:

 

The configuration block concerning LDAP / Active Directory authentication is located at the bottom of the configuration file:

 

The configuration block concerning SSO / NTLM authentication is located at the bottom of the configuration file:

In the event of a problem with Apache or if the server configuration changes (change of authentication mode, update of the LDAP password, change of file installation paths, etc.), it is this file that We will have to analyze and modify.

• • • .htpasswd : This is the file containing the login / password pairs for simple authentication.

• The conf\extra sub-folder contains, among other things, the SSL configuration file (httpd-ssl.conf). If the SSL encryption option was selected during installation, this file is modified by the Installation Wizard and the impacted lines are preceded by a comment line containing the Tag ## Archive Portal [SSL ] >>>.

• If the SSL encryption option was selected during installation, the conf\certificates sub-folder contains the copy of the SSL certificate files (.crt and .key).

• The htdocs folder contains public HTML files that the Apache server can deliver without prior user authentication. This is where we will place the HTML files used to display the Login/Logout pages (in the ct-portal-login sub-folder). The index.html file allows you to redirect the opening of the website URL to the Archive Portal interface. The previous index.html file is renamed to index_backup.html:

If you want to update the information displayed on the Login page (Text, Logo), you will have to modify the htdocs\ct-portal-login\login_apache.html and the htdocs\ct-portal-login\logout_apache.html files. Images are stored in the htdocs\ct-portal-login\COMMON\PICTURES\ sub-folder.

• The modules folder contains the Apache server extension files. In the case where SSO / NTLM authentication was selected in the Installation Wizard, the extension file managing the SSO / NTML (mod_authnz_sspi.so) was copied into this folder

Archive Portal installation files

The Archive Portal installation directory (D:\CTArchivePortal\) contains a number of sub-folders whose files are used by the CTGate.exe and CTServer.exe executables to provide users with secure access to file data. Notes databases exported to HTML:

• The _SITE_CONFIG folder contains the most important settings files:
  • • Access.xml : File containing the identities (Active Directory login) of people authorized to connect to the Archive Portal. This file also ensures the correspondence between Active Directory identities (ctadmin) and Domino identities (CN=ctadmin/O=Cooperteam):

• • • Directory.xml : File containing people and groups from the Domino Address Book.

• • • Licence.xml : File containing the Archive Portal user license and the activation key.

• • • Site.xml : File containing the list of all Notes databases exported as HTML files and made available via an access portal. For each exported database, the Site.xml file will contain a <SITE> data block where information is given:

• • • • • NAME : Name that will be displayed in the Notes database access URL, via the Portal. We will avoid using special characters (accents, space, /, \, ?, etc.) which may conflict with the composition of a URL
        • PATH : Path to the folder containing the database data (HTML, XML, Images files, etc.). This path can point anywhere on the disk of the machine hosting the Apache server or be a UNC path (starting with \\) pointing to a network resource.
        • ID : Replica ID of the Notes database (without the :).
        • STATUS : Publication status of the Notes database at the Portal level (ONLINE = online, OFFLINE = not published).

This file can be completed by hand or from the Portal administration interface (preferred solution). New entries will be taken into account after restarting CTServer.exe.

• The _SITE_LOG_CTGATE folder contains the Log files of the CTGate.exe executable. To enable/disable the creation of Log files, simply modify the CTServer.ini file (present in the <Apache>\cgi-bin\CTArchivePortal\ directory) at the CTGateEnableLog line:

You can also manage Log production at the Archive Portal administration interface.

• The _SITE_LOG_CTSERVER folder contains the Log files of the CTServer.exe executable. To enable/disable the creation of Log files, simply modify the CTServer.ini file (present in the <Apache>\cgi-bin\CTArchivePortal\ folder) at the CTServerLogLevel line:

You can also manage Log production in the Archive Portal administration interface. Taking this parameter into account requires restarting CTServer.exe.

• The _SITE_PORTAL folder contains all the HTML / JavaScript / CSS / Images files used for the user part and the administrator part of the Archive Portal.

Folders hosting the extracted Notes databases

The directories containing the Notes databases extracted as HTML / XML files can be located anywhere on the server hosting the Apache server or even on another machine accessible on the network. For example, you can place the most frequently accessed Notes databases on the machine hosting the solution and put the least active databases on a network disk. You can move the databases at any time, you just need to update the path of this directory in the Site.xml file. Likewise, if you want to remove a database from the Archive Portal, you simply need to delete its reference present in the Site.xml file.

 

Client-Server architecture of the solution

At the Archive Portal machine level, we have an Apache web server as well as the Portal Archive server (CTServer.exe). When CTServer.exe starts, it loads all the configuration files (CTServer.ini, Access.xml, Directory.xml, License.xml and Site.xml) into memory.

The user has a workstation equipped with a Web browser. It is authenticated against the company's Active Directory. To connect to the Archive Portal, he enters the URL of the Apache server into his internet browser. The HTTP request is transmitted to the Apache server:

The Archive Server's response to the user's request goes through the following steps:

• Depending on the type of authentication configured at the Apache server level, it will display the Login page to the user (in order to validate the login/password pair with the Active Directory (using LDAP) or with the local file .htpasswd) or will simply use its SSO / NTML module. If authentication fails, the user receives an error message.
• If the authentication succeeds, the URL is passed to CTGate.exe which is started by Apache to handle this request. CTGate.exe will load the CTServer.ini file into memory and will check the format of the request. If the user requested a public resource (HTML / JavaScript / CSS / Portal Image file), CTGate.exe will load the data from the requested file into memory and transmit it to Apache which will send it back to the user.
• If the user requests a protected resource (Notes database document), CTGate.exe will request authorization from CTServer.exe. CTServer.exe will verify the identity of the person and depending on the ACL of the database and the Readers fields of the Notes document will authorize or not the transfer of data to the user.
• For all data that is dynamically generated (view index, database search, document export, etc.), CTGate.exe will ask CTServer.exe to carry out the processing and will transmit the data to Apache.
• Once the request data is returned by CTGate.exe to Apache, the CTGate.exe process will be stopped.

On the server hosting the solution, we therefore have the Apache server and the Archive Portal server (CTServer.exe) which are always started in memory and we have, depending on the requests processed by the Apache server, one or more CTGate.exe processes loaded into memory.

The Apache server does not directly manage the provision of resources requested by the user. It always relies on CTGate.exe which validates access rights with CTServer.exe.

By activating both the CTGate.exe and CTServer.exe Logs you can obtain details of all operations carried out.

In the event of an authentication problem, it is in the Apache Logs (<Apache>\logs\) that you will need to look for information. The CTGate.exe / CTServer.exe pair does not manage user authentication. On the other hand, they manage access rights to the Archive Portal. If a user provides a correct login/password but their login is not present in the Access.xml file, then their request for access to the archive portal will be refused: