Page tree
Skip to end of metadata
Go to start of metadata

Administration manual

Stand: 03.12.2014
Version: 3.2

Content

1. Administration

1.1 Access and Interface

In order to access the administration area, your account has to be equipped with the corresponding rights. In this case the menu bar shows the additional field "Administration".

Figure 1 1: Expanded Menu Bar

After selecting "Administration", you will see the following interface:

Figure 1 2: Administration Area

The administration area is subdivided into the areas general settings, user management, integration and security. If you use your own installation you also find application, communication, logging, contents and extensions.

 

Additionally, Communote administrators are able to add themselves as a topic manager. That way, topics in which the topic manager is not available can still be managed by the admin, for example:

  • If the only topic manager has left the company
  • If the only topic manager is ill and/or not available

Notice: In order to avoid misuse, there will be an activity stream in the topic that shows the new topic manager - and that cannot be erased aftewards. That way all users of the topic can see the change in user's rights. Additionally, all topic managers receive an E-Mail notification about the changes.

1.2 General Settings

Here you will find the contact data that you have entered at the beginning of the Communote installation. It only serves the Communote team of a contact person is needed. Fields marked with an asterisk (*) have to be filled. The time zone is adjusted to the system time by default.

Figure 1 3: Contact Data

You have the possibility to insert your own logo in Communote which will be visible in the upper left corner of the Communote interface. The logo should not be bigger than 320px in width and 40px in height. Select "Browse" and choose the correct file. Finish the process by selecting "Upload Logo".

Figure 1 4: Change Logo

In the mailing properties you can define an e-mail address and a corresponding name to which the e-mails will be sent if a user does, for example, respond to an invitation or registration mail. E-mails that notify due to a creation or a change of a note are excluded from this rule. These e-mails use a topic-specific e-mail address. In addition you can define a support adress and a signature that will appear in every e-mail that is sent by Communote by default.

Figure 1 5: Mailing Properties

Figure 1 6: E-Mail notification settings

Here you can decide whether notifications via email or xmpp include a permalink to the note and whether a hyperlink to an attachment will be added.

In case you decided to quit working with Communote, you also have the possibility to delete your Communote Business Account completely, by selecting this option.

1.3 User Management

The user management consists of two parts that are each organized in a tab: An overview of all users, as well as an area for the invitation of new users. In the overview you can see all users that are registered in Communote in any kind of way. The name, the alias, the status and the role are displayed. The status of a user can be:

  • Invited: The user received an invitation.
  • Registered: The user responded to the invitation and registered.
  • Confirmed: If a user was invited by a topic manager, and the user finished his registration, it still requires activation by an administrator. The activation is not always necessary.
  • Activated: The user is activated and can work in Communote.
  • Deactivated: The user cannot log in anymore; his profile information and messages are still visible for other users though. An administrator can reactivate the user.
  • Deleted: The user cannot log in anymore and cannot be reactivated. His profile information and messages are still visible for other users.

Users can have the role "Member" or "Administrator". In the user management overview, filters can be set for names, statuses and roles. In addition, the number of displayed search results per page can be defined.

Figure 1 7: User Management – Overview

Select an user to display and edit his information. Additional to the information that every user can access the administrator will see the user status, the role and the groups that the user belongs to.

Figure 1 8: User Management – User Information

As an administrator you can invite new users to Communote. Depending on whether you set a connection to LDAP/ SharePoint/ Confluence in the integration settings and you marked this integration as primary authentication, you will see different input fields. In case of such an integration with activated primary authentication users can be invited by simply naming the alias and the e-mail address of the person. More for connecting to LDAP/ SharePoint/ Confluence, see chapter 1.44. The invited person will receive an e-mail with these data and can edit it if necessary. The difference to an invitation as a normal user is, that the invited users are activated right after their registration and do not have to wait for a further activation by the administrator. The user group management is also subdivided into two tabs. One tab gives an overview over the existing user groups and the other tab allows you to create new user groups. User groups provide the possibility of summarizing a certain group of people that belong to a certain department or project. These groups can be used for specifying topic access rights.

Figure 1 9: User Group Management – Overview

In the tab "New Group" a new group can be created. You can define the name of the group, an alias and a description. You can add members to this group or include other groups in that group. Type the name the name or the alias of a user or the name of a different group in the search input field "Add member to group". Select one of the proposals and click "Add" to add the selected user or group to the group. In the lower part of the field you can see the users and groups that are already part of the group. These can be deleted by selecting "Delete" that appears when rolling over a user or a group with the mouse. A group can be edited after, by selecting the desired group from the list and by editing the corresponding information. The window is thereby the same like the one used for the creation of a group.

 . Figure 1 10: User Group Management – Edit Group

the settings are splitted into two parts. users and groups. In the users - settings you can configure general settings, as well as settings concerning the deletion of users. In the general settings you can activate a feature that new users will be activated automatically. If this feature is not active, administrators will have to confirm every user. The second feature concerns the notification with an active integration. Check this one and the users will receive a notification when being activated on Communote, if they are being imported from another database. The third option is the creation of a  user, which isn't yet present in communote, but,in an external system, for example LDAP, exist. When enabled, the user profile  is automatically  created. Communote relates the necessary data (name, first name and log in)  from the external system. You also have the option of specifying a default language for new users. English is selected as the default language.

In the settings concerning the deletion of users you can define, whether a user is allowed to delete his account or not. You can allow a deletion with keeping his data or without. Data therefore means all notes and profile information of the user. If none of the fields is active, the user is not able to delete his profile at all. If both are active, the user can choose which option to take. If a user chooses to delete his account and to keep his data, his status will be set to deleted.

You can also configure the layoutsettings. Here you can configure how users will see the newsstream. You have the following settings for the default tab: "all notes", following, @[user] or bookmarks. "All notes" is the default setting after installation.

Figure 1 11 Layoutsettings

In the groups-settings you can configure general settings for groups. With the functions " User Group Registration" is looked up, starting from the user in an externally connected system in which groups the user is located. If a group is found in which the user is located, this group is created when the function is active in Communote and the users assigned to this group. If the group already exists in Communote, the user of this group is added.  

Figure 1 11 general group settings

With the polling interval you configure the interval in which Communote searchs  for changes of the included user directory, eg Active Directory and these optionally synchronized. You can also start a full synchronization by clicking on the appropriate button

1.4 Integration

Overview

On this site you can configure the way users are authenticated against Communote. Attention should be paid to:

  • It only possible to activate one external authentication. If no external authentication is activated, all users will be authenticated against the internal database.
  • The authentication against the internal database can only be deactivated, when there is at least one administration within the foreign system.
  • After switching back to the internal database users from foreign systems won't have passwords within the internal database and will not able to login. These users can create a new password using the "Forgot Password" functionality.

Figure 1 12: Integration - Overview

To remove the tick at "allow authentication against internal database", you have to define a primary authentication and an administrator, for this.

With the option "requests to the external user directory" you can configure the mode to  synchronize user information. Is the "Strict" mode activated,    Communote will be  synchronized with the primary directory you have defined.  If you select the "flexible" mode, Communote searchs   the user in the directory from which the request is made and synchronizes user information with this directory.

SharePoint and Confluence Configuration

Further information about the integration of Microsoft Sharepoint and Atlassian Conflunece can be found in our Supportportal Section "Integrations".

LDAP Configuration

Figure 1 13: LDAP Integration

You can choose between direct or dynamic connection to user directory. If you choose direct connection the LDAP server URL, the administrator login and the authentication mode are required for the LDAP integration. Provide the LDAP Server URL in the following format: ldap://your.ldap.server:389 Default ist the port 389, in case the LDAP Server you want to use runs on a different port you have to provide it.

When you choose the dynamic connection the query prefix and the domain are extra required. The query prefix is the attribute name of the SRV record that will be used in determining the LDAP server. With the advanced settings you can configure the paged results function. The directory must support this feature. Is this function activated, you can define the number of results per page.

Furthermore, a Bind User and password must be provided. As syntax for the bind user the full DN name must be used. This user is used for authentication for all LDAP requests.

The LDAP search base and the LDAP search filter are required for the User Synchronization. You can furthermore define if you want to search in sub trees.The LDAP Search Base defines which part of the LDAP will be considered by Communote for finding and authenticating users.. If the field "search subtrees" is activated also user will be found which are contained in sub nodes of the LDAP Search Base:

  • CN=Users,dc=company,DC=com

The LDAP Search Filter constraints the result set independent from the LDAP Search Base:

  • (objectClass=*)

In case you do not know the configuration of your LDAP Server you may use tools such as "jexplorer" for exploring your LDAP. Such tools will help you to figure out the correct configuration. You have also the chance to activate the incremental synchronisation. The activation of the incremental synchronisation ensures that only changes since the last synchronisation will be requested.

In the following you have to name the attributes that are supposed to be synchronized with the Communote attributes. The synchronisation attributes are uid, alias, email, firstname, and lastname. Activate the field "isBinary" for "uid" if this attribute is a binary one.

For final storing of the configuration provide your login for a LDAP account. This is used for validation of the configuration. Before activation the LDAP integration Communote tries to login with the login data you provide. Only if Communote is able to retrieve a valid authentication with the current settings from the LDAP the integration will be activated.

Besides the support for authentication Communote also support the synchronisation of user groups using LDAP. Those groups can than be used for topic rights. The LDAP group synchronization can be activated by the field "User groups synchronisation". Here you have to define similar to the LDAP user authentication the LDAP Search Base and the search filter. You may also define several independent search bases. You also have to provide the LDAP attributes which will be used for creating a user group. Thos attributes are: the uid, the name of the group a short alias and an optional description of the group. Activate the field "isBinary" for "uid" in case the attribute is a binary one in the LDAP. You can also activate the incremental synchronisation for the group synchronistation. Remark: All groups found will be created within Communote. Only users know to Communote will be assign to the groups. The user group synchronisation will not create new users. If a new users is activated by the administrator the synchronisation must run again before the groups are assigned for the new user. The synchronization of the groups based on DNs. With changes to the DN group, these Group are created new, which may lead to conflicts. In this case, the database must be adjusted manually.

Figure 1 14: LDAP Group Synchronization

To use a secured LDAP connection using SSL (LDAPS) simple use the correct url and port as value for the LDAP server url, i.e. ldaps://myDirectory.com:10636. It might be necessary to make the servers certificate known to Communote, especially if your LDAPS server is using a self-signed certificate. This can be done via uploading the certificate at "Certificates" within the administration area (see chapter 2.1).

1.5 Security

On this page, you can choose how Communote should behave, if user logon attempt failed. Here you can specify the failed logon attempts to a temporary or permanent ban.
In the security settings you can specify whether users can define global read and write rights to their topics, meaning that they could all read the topic and create notes. You can also remove the previously set permissions for "All Users". This option is useful especially for users of older  Communote versions.

Figure 1 15 Users and Topics

The "Anonymous access" allows the activation of the anonymous read access to a topic. This means that users can read messages without them being registered in Communote. This setting is suitable for the use of plug-ins, especially in an intranet. In the administration area, this option will be capitalized on or off. If this option is enabled, which allows each business area managers to grant his subjects anonymous access. this is useful especially when sharing with external parties. Thus multiple authentications are possible. this means that no more external users in LDAP must register his, but can be registered only in Communote.

 

Figure 1 16: Anonymus Access

Furthermore you can define whether you want to have a public topic that is open to everybody and that does not have a specific topic.

Figure 1 17 Default Topic

The settings for the IP range filter consist of two tabs: The overview of the already created filters and a tab for the creation of new filters. Define the name of the filter, decide whether it should be activated and for which sectors (API, RSS, WEB, and XMPP) it should be enabled. Afterwards type in an IP address or different ranges of IP addresses. If a user requests content from Communote the IP address of the user will be checked against the filter. Only if the IP address is not excluded or is in at least one include (if one is defined) the user can access Communote.

Figure 1 18: IP Range Filter

SSL (Secure Sockets Layer) will be used automatically at login and registration processes for a secure transfer of data. You can furthermore define here, for which channel SSL should be forced. You have the choice between WEB, API and RSS. If the user requests content unsecure but the channel requires secure access a redirect will be send.

Figure 1 19: SSL

1.6 License

Types of Licenses

For the non-restricted use of your application, it is necessary to purchase a valid license. Without this license, you can use Communote three months free with an unlimited number of users. Alternatively, you can use Communote for free for an undefined period of time, as long as the number of users does not exceed ten. There are two types of licenses: If you use Communote as an online service via www.communote.com, you have to buy Credits. Per month one Credit will be deducted for each activated user. The Credits will be charged at the beginning of each month or when the user is activated for the first time. If you operate Communote as a separate installation, you need a software license to use Communote with full functionality. Software licenses include a certain number of users who can work with Communote. The Small Business License allows, for example, a maximum number of 50 users.

Communote as Online Service

In this area of the administration you can manage your Credit account. Credits are required to activate users. For every activated user you need one Credit per month. In the tab "Overview" you can see import information about the used and remaining Credits (see Figure 1 22).

Figure 1 22: Overview of the Credit Account

New Credits can be obtained by using the tab "Purchase Credits"(Figure 1 23). The form for the purchase is prefilled with your user data. Please add the missing information. When you submit this form, you will be redirected to your partner Share-IT. The licenses selected before will be in the cart already (Figure 1 24). Please check your data again and go to the next step. Before your finish the order process within Share-IT, you have to add your Communote ID in the field „Additional Order Information". Your Communote ID can be found in the overview of the Credit management in the administration area (Figure 1 22). After the successful completion of your order, the Credits will be transferred to your communote account. This might take some minutes. The license key for the Credits will also be sent to your e-mail account as a file. Alternatively, you can add the license directly in the tab "Add License" (Figure 129).

Figure 1 23: Obtaining Credits for the User Activation

Figure 1 24: Cart in Share-IT

Figure 1 25: Field for the Communote ID

Communote as a separate Installation

In the administration in the menu license you can manage your licenses for Communote. You will find the current state of your software license in the tab "Overview" (see Figure 1 26). You will also find information how long your license and your support are valid as well as your Server ID for your installation. The server ID is necessary for purchasing a license. Support is needed for installing new versions of Communote. For obtaining a Communote license you have to purchase a license through our partner share-it. You can access Share IT and choose one of our products of the catalogue. As another option you go to the Communote Administration into the menu license and click the tab "Purchase license". Here you can prefill and check your data and submitting the form you will be directed to Share-IT with the data and license prefilled. Before completing the order process you have to provide your Server ID into the field "Additional order information" (see Figure 1 29). After completion of the order you will receive a license as file by email. For installing the license in your Communote installation you must copy the content of this file unchanged into the form of the tab "Add license" (Figure 1 29).

Figure 1 26: Overview of the License Management

Figure 1 27: Purchase a License

Figure 1 28: Add Server ID in the Order Process Figure 1 29: Add License

2. System Administration

The options mentioned in this section are visible only to administrators who use their own installation.

2.1 Application

Define the address at which your server is reachable. It will be used to display links in e-mails or other notifications correctly. This is necessary if for example your server is not reachable directly and requests have to be redirected to another server e.g. a firewall. Note: Please check the box "server supports HTTPS" only if this is the case, as otherwise it may happen that your server is no longer available. Try it simply by replacing "http" with "https" in the address bar of your browser.

Figure 2 1: Server Setup

To run Communote in another context you have to add the contexts name as value for the field "context".

Communote offers the possibility to check all file uploads for viruses and to discard infected files if necessary, to prevent that computer viruses are spread via the microblogging system. The configuration area "Virus Scanner" provides the possibility to set up Communote for the use of an external anti-virus scanner. There are two options for the configuration. You can connect to an externally installed Clam Antivirus Service (Figure 2 2) or use a command-line virus scanner (Figure 2 3) alternatively. Clam AV is a free virus scanner, which can be obtained at the following URL: http://www.clamav.net.

Figure 2 2: Claim Antivirus Service

Figure 2 3: Command Line Virus Scanner

After enabling the virus scanner, check whether the file upload still works. If the virus scanner is configured incorrectly, no files can be uploaded! Check also whether the virus scanner detects a test virus properly. This is possible with the test virus eicar: http://www.eicar.org/anti_virus_test_file.htm This list contains certificates that are used to build trusted connections to other systems, e.g. to connect to the mail server for outgoing e-mails. At the beginning the list includes all certificates of your installed version of Java. More certificates can be uploaded via the tab "Upload Certificate". These must be of the format X.509 version 3. Valid certificates are marked with and expired with . Certificates whose validity starts in the future are marked with .

To delete certificates move the mouse over the certificate and press the red icon that appears at the end of the line. Note: Changes to certificates require a restart of the application.

Figure 2 4: Certificates - Overview

2.2 Communication

In this section you can configure Communote for receiving e-mails (see Figure 2 5). You have to specify the credentials of the IMAP server and the e-mail address. When Mail-In is configured and activated, Communote will check for incoming mails and post the content of the mail to the associated topic. The mail itself will be marked as deleted on the mail server, as soon as Communote created a post in the topic successfully. In case the content of the mail contained a notification defined by the "@" syntax and the users that should be notified do not have the right to read the topic, the message will be created in Communote but the user will only receive an info email. The same happens in case that the message contained a cross topic reference denoted by "&" and the sender of the email does not have write right on those topics. In the following cases no message will be created in Communote, but the message will be marked as deleted on the mail server. However the user will receive an info message, if:

  • The creation of the note failed (for example the topic alias does not exist),
  • The email contained no content,
  • The email has been sent by an unknown user. (A user is unknown if there is no user within Communote with this e-mail address).

The Mail-In of Communote offers two options to assign e-mails to a specific topic: the "Single Address Mode" and the "Multi Address Mode". In the "Single Address Mode" there is only a single recipient address that the user can use to send e-mails to Communote (Figure 2 5). The assignment to a topic will be defined by the subject of the e-mail. The subject must contain the alias of the topic within squared brackets (e.g. "[topic]"). The sender of the email will be the author of the note to be created. As a basic principle: E-mails of users that are unknown in Communote and that have an incorrect topic alias, will be marked for deletion on the mail server without any notice to the user. In the "Multi Address Mode" every topic will be associated with an own e-mail address that is predefined by a certain pattern (Figure 2 6). The content of the subject line of the e-mail will be ignored and not included in the note in this mode. Again, the sender will be used as author for the note. E-mails that do not match the e-mail pattern will be ignored on the mail server.

Figure 2 5: "Single Address Mode"

Figure 2 6: "Multi Address Mode"

In this part you specify the settings for outgoing e-mails and configure a server (Figure 2 7). These settings are important so Communote can send e-mails, for example to users during the registration process, to confirm the e-mail address of an user or to send system messages to the administrator.

Figure 2 7: Mail Out Settings

Communote supports the delivery (currently only notifications) and receiving of messages via XMPP. Note: For using the XMPP feature an additional XMPP server is necessary. At the moment only Openfire is supported by Communote. Plug-in are available for these servers, but must be installed before. You will find a detailed installation and configuration instruction of Openfire in section 2 in the installation manual. Under the menu item "Openfire", as well as in the installation manual, you will find instructions how to configure a xmpp-server to communicate with communote. Under the „Client Configuration" tab (figure 2 8) you must specify the login credentials of the bots. The credentials you should get from your XMPP server operator. Note: when configuring the access it is important to note that the login is not specified by the full Jabber ID (JID) , but only the part before the @ symbol. For example: the full JID of the bot is „CommunoteBot@myJabberServer.com", then the login is „CommunoteBot".

figure 2 8: Client Configuration

In the second tab "Advanced Settings" (figure 2 9), you need adjustments to make needed by the bot, so he can properly send and receive messages. These settings are used in similar form by the XMPP server. The value "Suffix for Users" generally consists of the @-Symbol and the Address of the Server with the Communote instance and is used to cut the communote username from the jabber id of the user in the xmpp- server. Is your Communote instance under the address "http://www.mycommunote.com_"_ available, the value for "suffix for user" likely "@mycommunote.com". The "Suffix for Topics" is needed to separate the Jabber ID of the topic of the actual alias of the topic in Communote. The first character must include the @ symbol. After the first character comes a selectable word and the address of your communote server. The word must be selectable in the Openfire server for the subdomain using the alias (see tab "Open Fire").With the „Posting Interval in ms" you can set how long users must wait between sending two messages over XMPP.

figure 2 9: Advanced Settings

2.3 Logging

In the logging section you have direct access to the log files of communote. Also you can download them. For instructions on configuring logging, see the Installation manual on chapter "3.1. Logsfiles ".

Contents

Here you specify where Communote stores uploaded attachments. Communote must have write permission for this directory ( Figure 2 10). Note: If you change the directory you have to copy the contents of the original directory manually to the new directory, because otherwise existing attachments are no longer available.

Figure 2 10: File Storage

On this page you can set the limits for user pictures (including logos) and attachments. To prohibit the uploading generally you can enter a value of 0 (zero). The values are in KB (kilo bytes). Figure 2 11 shows an example in which the maximum attachment size is 10 MB and user pictures and logos are limited to 1 MB.

Figure 2 11: File Upload

2.4 Extensions

On this page you can find an overview about all installed plugins and there version and there status.

Figure 2 12: Extensions Overview
Also  you can find the configuration options for the activities, and other plugins. Activities of a user (if a system user) triggered events to be displayed in Communote by a system message. The system message describes the action that the person has performed with or on an object. A user activity, for example, changes to access rights have to be a topic. Communote stores always themed activities, as well as user-specific. This means that an activity message is assigned to the user who triggered the event and the activity message in the message flow of the associated topic. The activities are subdivided into  Communote and external activities which eg be triggered by SharePoint.

Figure 2 13: Activities
For each available activity, you can define whether a message is created or not. You can also specify whether and how many days after, the messages are deleted from your Commuote.
If this option of activating, is turned off, is an activity that is controlled by an integration system. In external activities, the setting of the integration of these systems are activated.

  • No labels