Working Smarter with

Liferay Social Office

Richard L. Sezov, Jr.

Stephen Kostas
Michelle Hoshi
Working Smarter with Liferay Social Office
Richard L. Sezov, Jr., Stephen Kostas, Michelle Hoshi
Copyright © 2010 by Liferay, Inc.

This work is offered under the Creative Commons Attribution-Share Alike Unported
license.

You are free:

● to share—to copy, distribute, and transmit the work
● to remix—to adapt the work
Under the following conditions:
● Attribution. You must attribute the work in the manner specified by the
author or licensor (but not in any way that suggests that they endorse you
or your use of the work).
● Share Alike. If you alter, transform, or build upon this work, you may
distribute the resulting work only under the same, similar or a compatible
license.
The full version of this license may be viewed here:
http://creativecommons.org/licenses/by-sa/3.0
 Table of Contents
1. Introduction................................................................................................................. 11
What can you do with Social Office?............................................................................................... 11
How is Social Office Different from Liferay Portal?...................................................................... 12
Social Office Concepts........................................................................................................................13
Users............................................................................................................................................. 13
Applications................................................................................................................................. 14
Sites............................................................................................................................................... 14
Navigating Social Office.................................................................................................................... 15
Summary............................................................................................................................................. 16
2. Getting Started............................................................................................................. 17
Installing the software on your platform....................................................................................... 17
Using the Windows Installer..................................................................................................... 18
Using the Cross-Platform Zip File............................................................................................ 19
Installing Social Office for Production Use.................................................................................... 20
Database Setup............................................................................................................................ 20
Social Office Home...................................................................................................................... 21
The portal-ext.properties File.................................................................................................. 21
DB2......................................................................................................................................... 22
Derby..................................................................................................................................... 22
Hypersonic........................................................................................................................... 22
Ingres.................................................................................................................................... 23
MySQL................................................................................................................................... 23
Oracle.................................................................................................................................... 23
PostgreSQL........................................................................................................................... 23
SQL Server............................................................................................................................ 23
Sybase.................................................................................................................................... 23
Signing In............................................................................................................................................ 24
Sign In Options............................................................................................................................ 24
OpenID...................................................................................................................................24
Create An Account...............................................................................................................25
Forgot Password.................................................................................................................. 25
Navigating Social Office ................................................................................................................... 25
Home ............................................................................................................................................ 25
Sites ...................................................................................................................................... 26
Contacts................................................................................................................................ 27
Announcements...................................................................................................................27
Activities............................................................................................................................... 27
Tasks...................................................................................................................................... 28
Today's Events..................................................................................................................... 28
Weather................................................................................................................................ 28
Profile........................................................................................................................................... 28
Activities............................................................................................................................... 29
Mail............................................................................................................................................... 29
My Sites................................................................................................................................................ 30
The Control Panel............................................................................................................................... 30
Navigating the Control Panel.................................................................................................... 30
Using the Control Panel............................................................................................................. 31
Summary............................................................................................................................................. 32
3. Sites..............................................................................................................................33
Adding a Site....................................................................................................................................... 33
Browsing Sites.................................................................................................................................... 33
Managing Permissions for Sites....................................................................................................... 34
Site Roles.............................................................................................................................. 34

iii
 Site Applications................................................................................................................................ 34
Calendar....................................................................................................................................... 34
Importing and Exporting Calendars.................................................................................36
Documents................................................................................................................................... 36
Editing a File ........................................................................................................................38
Blogs.............................................................................................................................................. 40
Forums.......................................................................................................................................... 42
Permissions.......................................................................................................................... 43
Adding Categories and Mailing Lists................................................................................ 43
Using the Forums................................................................................................................ 44
Forums Administrative Functions.................................................................................... 46
Wikis............................................................................................................................................. 47
Navigating in the Wiki application...................................................................................48
Getting Started with the Social Office Wiki.................................................................... 48
Adding and Editing Wiki Pages......................................................................................... 49
Page Details.......................................................................................................................... 50
Members.......................................................................................................................................51
Other Site Options...................................................................................................................... 52
Adding/Removing Applications........................................................................................52
Layouts.................................................................................................................................. 52
Announcements...................................................................................................................53
Chat....................................................................................................................................... 55
Summary............................................................................................................................................. 55
4. Control Panel................................................................................................................57
Navigating the Control Panel........................................................................................................... 57
Social Office Architecture................................................................................................................. 58
Users............................................................................................................................................. 58
Roles.............................................................................................................................................. 58
Sites............................................................................................................................................... 58
User Groups................................................................................................................................. 58
Using the Control Panel.................................................................................................................... 59
Adding Users............................................................................................................................... 59
User Management....................................................................................................................... 60
Roles.............................................................................................................................................. 61
Defining Permissions on a Role......................................................................................... 62
User Groups................................................................................................................................. 63
User Groups and Page Templates..................................................................................... 64
Global Server Settings....................................................................................................................... 68
Password Policies........................................................................................................................ 69
Settings......................................................................................................................................... 69
General......................................................................................................................................... 70
Authentication: General Settings............................................................................................. 70
Authentication: LDAP................................................................................................................. 71
Global Values........................................................................................................................71
Single Sign-On...................................................................................................................... 76
Authentication: Central Authentication Service (CAS)................................................. 77
Authentication: NTLM........................................................................................................ 78
Authentication: OpenID......................................................................................................78
Authentication: OpenSSO................................................................................................... 79
Authentication: SiteMinder............................................................................................... 79
Default User Associations.................................................................................................. 79
Reserved Credentials.......................................................................................................... 80
Mail Host Names.................................................................................................................. 80
Email Notifications..............................................................................................................80
Identification....................................................................................................................... 80
Miscellaneous: Display Settings........................................................................................ 80
Monitoring................................................................................................................................... 81
Server Administration............................................................................................................... 81

iv
 Resources.............................................................................................................................. 81
Log Levels............................................................................................................................. 81
System Properties............................................................................................................... 81
Portal Properties................................................................................................................. 82
Shutdown..............................................................................................................................82
OpenOffice............................................................................................................................ 82
Summary............................................................................................................................................. 82

v
vi
PREFACE

Liferay Social Office is Liferay's brand new social collaboration product for the
enterprise. We are excited to bring both the product and this book to you, in the hope
that you'll be able to use each to enable your teams to work together more efficiently.
Some time ago, we at Liferay were brainstorming some common use cases which
Liferay Portal does a good job solving. One of these is team-based collaboration. Many
of our customers have used Liferay Portal both inside their enterprises and outside on
the Internet to provide a better way of sharing documents and data with the people
with whom they work every day. Liferay Portal provides a very flexible solution
which allows you to do that. But it can also do much, much more. Because Liferay
Portal has that flexibility, the path from the initial install to a robust web site that
could be used for collaboration was not always straightforward to the new user.
Business users wanted a product they could install and use right away.
This was not the only reason for the new product. Internally, we realized that we
needed a product like this ourselves, and that we already had all the features in place
to make it possible. We just needed to assemble them together in a way that most
optimally supported the scenario of social collaboration, and we wanted to make
getting set up as easy as possible for new users.
In this way, Social Office was born. We created the product to provide a simple,
out of the box solution for team collaboration. Using Liferay Portal as a base, Social
Office provides you with a fantastic array of features that you don't have to spend a
lot of time configuring. In fact, you can have a full production environment set up in
less time than it takes to brew a pot of coffee.
Though it sounds like this is a brand new product, it's in many ways an older,
proven solution as well. Since it uses Liferay Portal as a base, it inherits all the
benefits of a mature, stable solution which has been in the marketplace for some

vii
time. In addition to this, we've had an early adopter program, and the product is
already in production use with multiple customers. It has even received industry
recognition: it's in the Gartner magic quadrant for social software, and has been
mentioned as the only open source, Java-based solution for collaboration in a
comparison review of products in this space.
Since our early adopter program was so successful, we're excited to finally
release the product to the general public. Customers who have already started using
it have been exceptionally pleased with the results, and you gain the benefit from our
collaboration with those early adopters. In fact, this is one of the great things about
open source: we've received extensive feedback on the product, including bug fixes
and feature requests. Our customers have told us whether things are intuitive or not,
and we've incorporated that feedback right back into the product.
This book is for those who are setting up and administering an installation of
Liferay Social Office. From installing Social Office to introducing you to its entire
feature set, you'll see all of the things Social Office can do to help your team. We hope
you'll use it as a tool to get Social Office up, running, and integrated into your
enterprise.

Conventions
Sections are broken up into multiple levels of headings, and these are designed
to make it easy to find information.
Source code and configuration file directives are presented like this.
If source code goes multi-line, the lines will be \
separated by a backslash character like this.

Italics are used to represent links or buttons to be clicked on in a user interface

and to indicate a label or a name of a Java class.
Bold is used to describe field labels and portlets.
Page headers denote the chapters, and footers denote the particular section
within the chapter.

Publisher Notes
It's our hope that this book is valuable to you, and that it's an indispensable
resource as you begin to administer a Social Office server. If you need any assistance
beyond what's covered in this book, Liferay, Inc. offers training, consulting, and
support services to fill any need that you might have. Please see http://www.liferay.­
com/services for further information about the services we can provide.
As always, we welcome any feedback. If there is any way you think we could
make this book better, please feel free to mention it on our forums. You can also use
any of the email addresses on our Contact Us page (http://www.lifer­
ay.com/contact_us). We are here to serve you, our users and customers, and to help

viii
make your experience using Social Office the best it can be.

Author Notes
Special thanks are due to my co-authors, Stephen Kostas and Michelle Hoshi,
who turned around their chapter assignments in record time while the product was
changing under them. I also cannot underestimate the help of Ryan Parks in quickly
answering our calls for help and in giving us further explanation of various features.
And I must also make special mention of Stephen Wilburn, who copy edited this
document. I thought the text was pretty clean, but he slogged through our hastily
written prose with an attention to detail that made it look like monkeys had typed
this thing. If you find this book to be readable, it's because of him.
As always, we hope this book is useful to you as you begin your journey with
Liferay Social Office!

Rich Sezov
June, 2010

ix
1. INTRODUCTION

“Help!”
This has been the cry of information workers everywhere who have tried to
manage complex projects through email and shared folders. You've probably had a
similar experience: you're collaborating on a document with a team of people and are
emailing it back and forth. Person A creates the initial document and Person B replies
with some edits. Person C replies with additional edits at the same time Person A
replies with the corrections from Person B. Person D takes this and rewrites a whole
section of the document while Person B and C respond to Person A's update. Pretty
soon, it becomes very difficult to determine which document is the latest document.
The same scenario plays itself out when working in shared folders. Person A
creates a document and puts it in a network share. Person B edits the document and
saves it under a different file name. Person C edits it and re-saves the original. Person
A tries to reconcile the two, while Person D opens Person B's document and saves yet
another version. Before you know it, you have the same problem you had with email:
you can't tell which document is the latest document. Additionally, you have a worse
problem: you don't have a clear history of how the document got to where it is in the
first place.
“Help!”
Liferay Social Office is a collaboration tool that is designed to answer that call for
help by meeting the needs of teams who work together on projects. It is an
easy-to-install web application that facilitates collaboration for large and small
businesses alike. With Liferay Social Office, you'll have the system and your
workgroups up and running in no time, with all the tools necessary for them to work
more efficiently and more easily than before.

What can you do with Social Office?

Social Office gives you the social collaboration features you need to do virtual
Introduction

teamwork. You can coordinate calendars and schedules, write shared blog entries,
work together on documents, discuss issues in forums, document everything in a
wiki, and more. The underlying theme is that all discussion and collaboration is kept with
the asset. What does this mean? It means that the asset, whether that be a document, a
thread, a blog entry, or a wiki article is the star around which all of the discussion and
collaboration orbits.
Trying to collaborate on assets through email or server shares works up to a
certain point—but then it fails because it's a backwards way of doing the work. The
asset in that scenario becomes secondary, and the “wrapper”—email or the
share—becomes the primary target of the work. So instead of concentrating on the
asset which the team is trying to produce, the focus turns to the wrapper. In the case
of a shared folder, you might manually rename documents according to a numbering
scheme so everyone can tell which is the latest—that is, until someone forgets to do
so, or until someone accidentally overwrites the latest document. In the case of email,
users try to navigate huge threads while passing an asset back and forth—until
someone forgets to “reply all” or until someone starts a new thread (and maybe
forgets to put the whole list on the thread). Working in the mediums of shared folders
or email puts the focus on working with the wrapper, not the asset. And so what
happens is the asset gets lost because they're forced to focus on the wrapper instead
of the asset. With Social Office, you will be free to concentrate on their assets—the
system gets out of your way so that it's a simple matter for your team to work
together.

How is Social Office Different from Liferay Portal?

Social Office benefits from its core, which is based on Liferay Portal. Users of
both will find a comfortable, familiar interface, because many of the applications in
Social Office come from Liferay Portal. However, while the core software is similar,
the two are tooled for different purposes.

of built-in applications and tools. It's highly customizable and businesses use it to run
major web sites all over the world. We've optimized Liferay Portal for creating
state-of-the art, robust web sites that serve millions of users every day.
Social Office has a more focused purpose. We've designed it for work groups

12
How is Social Office Different from Liferay
 Introduction

needing to collaborate on documents and data in the office. The included tools and
defaults were carefully chosen to provide users working within a group the ability to
easily communicate, collaborate, and coordinate their tasks. Additional applications
were added to the product to support these goals.
If you're creating a public web site and need the full features of an unparalleled,
industry-leading engine to power that site, Liferay Portal is the ideal solution for you.
If, however, you're creating a site that's designed to help people within specific
groups communicate and accomplish tasks on a corporate Intranet, Social Office will
help you accomplish that with minimal set up and administration.

Social Office Concepts

Liferay Social Office is designed around the concept of users and their work. For
this reason, everything in Social Office is centered around keeping you up to date on
the activities of your teammates. This works not only within individual teams, but
also across all the teams of which you're a member. To do this, Liferay Social Office
gives each user his or her own personal space, and each team has its own site where
its work is stored. Using the power of Liferay's social API, users' activities are tracked
and reported to the rest of the team.

For example, if a user on Team A shares a document, that activity is displayed

not only in Team A's activities, but also in each team member's activities. This
provides the ability for the rest of the team to know what work is being done as soon
as possible, and then they can respond by making their own contributions.
There are really only three concepts which Liferay Social Office uses to
accomplish all of this: Users, Applications, and Sites. Let's take a closer look at each to
see how you can use Social Office to help your teams work better.

Users
Users are at the core of Social Office. In order to interact with and use Social
Office, you must have a user account. Users can register themselves or the system can

Social Office Concepts 13

Introduction

be set up so that your account is created by an administrator. Administrators have

full control over the entire site, can create and delete other users and sites, and can
take care of the initial configuration. Administrators can also create additional users
with administrative capabilities.
Power Users are advanced users who can create Sites, but have no access to the
Control Panel, and therefore cannot create users or set permissions. Power users take
care of the day-to-day operations of their Sites.
Other users are the regular members of your team who use the system to get
their day-to-day work done. They can view the Sites they to which they have
membership and they can interact with files and documents on those Sites.

Applications
Users make use of applications every day in Social Office to get their work done.
Each page on every site in Social Office is only as useful as the applications installed
on it. The available applications range from utilities for online information such as
weather forecasts or RSS feeds, to blog and wiki tools, and more.
By default, each user has a number of applications installed on his or her home
page. Users have full control over their personal pages: they can add or remove
applications from their pages and adjust the settings for available applications. This
ability can be modified or removed altogether by administrators.
When a new site is created, it's pre-populated with pages and applications on
those pages. In many cases, each application gets a page of its own; in other cases,
applications are aggregated together on a single page to provide a unified place where
users can see all the new information that their teammates have posted.
Owners of sites are free to add or remove applications from pages on their sites.
Regular users will not have the ability to do so. In this way, site owners can maintain
the most optimal working environments for their users.

Sites
Sites are the structure that holds everything else in Social Office together. Every
page contained in Social Office is part of a Site—including users' personal pages,
which are just personal Sites. Sites are, at first glance, a collection of pages with
specific functions, but they are also the basis of a sort of user “community.” Users can
be members of certain Sites either by assignment or by invitation, and once they are
members they can use the full capabilities of the Site, as well as receive notification of
various activities.
Sites ultimately become the key to good collaboration in Social Office, because
each Site contains its own Calendar and set of events, as well as its own Document
Library, Wiki, Blog, and Announcements. These tools enable members of a Site to
communicate effectively with each other. Personal Sites help individual users as they
log in to see an aggregated list of activities. This list comes from the activities of all
the teams with whom they are collaborating. This way, users can see at a glance
everything that's happening with their work, and they can respond very easily to

14 Social Office Concepts

 Introduction

anything that needs attention across all of the Sites of which they are members.
Here's an example of how it all comes together:
Ryan, Jim, and Michael are all members of the Sales Site. Ryan schedules a
meeting for the whole Sales team about a new product launch and puts it on the
Calendar. When Jim and Michael log in, they both receive a notification of the
meeting. Jim can't make the meeting, but he's been maintaining the Sales Wiki for
new products, so he asks Michael to update it for him after the meeting.
Michael updates the Wiki with the new information after the meeting, and Ryan
posts a summary of what happened in the meeting in the Sales Blog. When Jim logs in
the next day, he'll receive a notification of the new Blog post with the information he
missed, as well as a notification about the updated Wiki. Additionally, he can easily
access those pages to catch up on what he missed. This works because Social Office
automatically keeps everyone up to date on the activities of the teams they work with
every day.

Navigating Social Office

Liferay Social Office has two primary areas of navigation: the global navigation
area and the Site navigation area. These are detailed in two toolbars at the top of the
screen. The global navigation also includes a persistent search option as well as the
ability to click on the company logo in the top left corner to return to the logged-in
user's home page.

Beneath the global navigation is the site navigation. Beneath this is the
application area, where one or more applications can reside. Users will primarily use
the application area in their day-to-day work.
Social Office dynamically shows or hides links in the navigation based on the
permissions of the logged-in user. For example, administrators will see links to the

Navigating Social Office 15

Introduction

Control Panel, Applications, and the Layout templates, while regular users will not.

Summary
As you can see, Liferay Social Office provides you with an unbeatable, web-based
solution for team collaboration. It allows your team to work unhindered, getting out
of their way so that they can put their focus on their work instead of worrying about
how the system works. And it gives you peace of mind in knowing that all assets are in
one place and protected by a system that supports proper document versioning so
that you can see the full progression of how your assets got to their final form. W e've
worked hard to make Social Office a pleasure to work with, and we think you'll agree
that it helps your teams work better.

16 Summary
2. GETTING STARTED

Liferay Social Office is designed to be quick and easy to set up and get running
for your enterprise. We've endeavored to make the set up process as simple and
straightforward as possible. Whether you're installing Liferay Social Office on your
own machine for testing purposes or installing it for production use, set up time is
measured in minutes, not hours.
This chapter will describe the procedure for installing Liferay Social Office and
connecting it to an enterprise database so that it can be used in production
environments. While this should be sufficient for everyone who uses Social Office,
note that since Social Office is based on Liferay Portal technology, its performance can
be optimized in similar ways as Liferay Portal. If you decide that you need an
advanced configuration of Social Office (such as a cluster), please see the Liferay Portal
Administrator's Guide, specifically Chapter 6: Enterprise Configuration for more
information.
Once Social Office is installed, you'll want to become familiar with the user
interface. For this reason, we'll go over some of the first steps you'll take as a Social
Office administrator.. Before you know it, you'll be up and running—ready to
streamline your work and facilitating collaboration between team members!

Installing the software on your platform

The initial release of Social Office is available as a bundle from Liferay. You
should have received either a cross-platform .zip file or a Windows executable file. In
either case, you'll find that installing Social Office is simple and straightforward.
Getting Started

Using the Windows Installer

Illustration 4: The Social Office Windows installer

Simply double-click on the installer you have received and the installation will
begin. A standard installer will appear and ask you where you want to install the
software. The default is C:\Liferay, but you can change this to whatever path you
wish. Once the installer is finished, Social Office is immediately available—there's no
need to reboot. After the installation, you'll find a new group in your Windows Start
Menu for Social Office. To start Social Office, simply click on Start. That's it! To stop
Social Office, click on Stop. (see illustration 5). Note that this particular default install
is useful only for demo and evaluation purposes: it uses an embedded database which
is great for getting up and running quickly. If you want to configure Social Office for
production use, please see the section below on connecting it to an enterprise
database.

Illustration 5: Starting and Stopping Social Office

Because Social Office is a browser-based application, it starts up as a web server
process on your machine. For this reason, you'll see a window pop up and display
some messages before your browser launches to view Social Office. This is normal and
to be expected. Please do not close this box! When it has finished starting, your
browser will launch automatically so that you can log into Social Office.

18 Installing the software on your platform

 Getting Started

Using the Cross-Platform Zip File

If you're running an operating system other than Windows, you can use the
cross-platform .zip file to install Social Office. The one prerequisite is that Java is
installed properly. Install Java and make sure that your JAVA_HOME environment
variable is pointing to the location of your JDK. Once this is done, simply extract
the .zip file to the location of your choice, and then Social Office can be launched via
scripts from the command line.
The same caveats apply to the .zip distribution as apply to the Windows installer:
the default install is useful only for demo and evaluation purposes because it uses an
embedded database. While this database is great for getting up and running quickly, it
doesn't perform well in production environments where many users access the
system. For this reason, when you're ready to configure Social Office for production
use, please see the section below on connecting it to an enterprise database.
To start Social Office, launch the script that's found in the [Social Office
Folder]/tomcat-[version]/bin folder, where [Social Office Folder] is the top level folder
extracted from the .zip file.
You can use the following command on Linux / Mac / Unix to start Social Office:
./startup.sh

Social Office will then launch.

Similarly, to stop Social Office use this command:
./shutdown.sh

Windows systems also have the same start and stop scripts, found in the same
folder. To start Social Office on Windows, use this command:
startup

And to stop it, use this command:

shutdown

If you're on Linux, Unix, or Mac, you can see the Tomcat console by issuing the
following command:
tail -f ../logs/catalina.out

Once Social Office has completed its startup, it will automatically launch a web
browser so you can see the home page. If this doesn't happen, launch your web
browser and then go to the following address: http://localhost:8080. The default
Social Office login page will appear in your web browser. Now you're ready to explore
the various features of Social Office!

Installing the software on your platform 19

Getting Started

Installing Social Office for Production Use

Eventually, you'll want to install Social Office onto a production server. Unlike
Liferay Portal, which can be downloaded both as a standalone .war file or as a bundle,
Social Office has been simplified by distributing it as a bundle with an application
server. This greatly simplifies the setup and configuration for Social Office, as there's
significantly fewer steps to get a bundle up and running.
Unzip the bundle or install it to the location from which you're going to run it
using the instructions above. For example, you might use D:\apps in Windows or /opt
in Linux or UNIX variants. As we mentioned before, the default bundle installation of
Social Office uses an embedded database. While this works great for rapid evaluation
or development, it has several drawbacks:
• Only one user can access it at a time since the data is stored on a file on disk
and HSQL locks it when doing changes.
• The data is stored inside the bundle and might be lost on redeployment.
• This configuration doesn't scale well and will perform poorly once multiple
users access the system.
For these reasons, you don't want to run Social Office against the embedded
database. Fortunately, Social Office has great support for most production-ready
databases, and it's easy to configure Social Office to use them. The exact instructions
will depend on the database, but here's a summary:
1. Create the database in your DBMS of choice (see the section below labeled
Database Setup for further information).
2. Create a portal-ext.properties file in the Social Office Home folder which
points to the database and mail session.
3. Start Social Office. Social Office will create the tables automatically and
start.
As you can see, this is a simple, three step process. Using MySQL as an example,
we'll go over the exact settings in portal-ext.properties below.

Database Setup
First things first, let's get that database set up. Using your database vendor's
tools, create your database and grant a user ID full access to it. You'll eventually
configure Social Office to connect to the database using this user ID. Once this is
completed, the first time Social Office starts it'll create the indexes and tables
automatically.

Social Office Home

In Social Office, there's a folder named Home. This folder is the top level folder
that was extracted from the .zip file or the location you installed Social Office via the
installer.
Social Office Home is primarily used for storing special configuration files, like

20 Installing Social Office for Production Use

 Getting Started

portal-ext.properties. Please take a moment to find this folder on your system. We'll be
creating a configuration file there.

The portal-ext.properties File

Liferay Social Office, like Liferay Portal, makes use of a configuration file to store
its settings. These properties files differ from the configuration files of most other
products in that changing the default configuration file is discouraged. In fact, the file
that contains all of the defaults is stored inside of a .jar file, making it more difficult
to customize. Why is Social Office set up this way? Because Liferay's products use the
concept of overriding the defaults in a separate file rather than going in and
customizing the default configuration file. You only change the settings you want to
customize in your own configuration file, and then the configuration file for your
software remains uncluttered and contains only the settings you need. This makes it
far easier to determine whether a particular setting has been customized— and it
makes the settings more portable across different installations of Liferay Portal and
Liferay Social Office.
The default configuration file is named portal.properties, and the default version
resides inside the core of Social Office. To override the settings in this file we use
another, similarly named file called portal-ext.properties. This file is stored in your
Social Office Home folder. By default, the file doesn't exist at all, so you'll need to
create it to get Social Office connected to your database.
So let's get started pointing your Social Office bundle to your database. Create a
file called portal-ext.properties in your Social Office Home folder. Since this file
overrides default properties that come with Social Office, you're going to override the
default configuration which points Social Office to the embedded HSQL database.
Using the built in connection pool, you can easily connect Social Office to most
popular database servers. The template for MySQL is provided as an example below.
#
# MySQL
#
jdbc.default.driverClassName=com.mysql.jdbc.Driver
jdbc.default.url=jdbc:mysql://localhost/lportal?useUnicode=true&characterEn-
coding=UTF-8&useFastDateParsing=false
jdbc.default.username=mommy
jdbc.default.password=daddy

In the configuration above, we're assuming the user name is mommy and the
password is daddy. Obviously, you would instead use the user ID and password you
configured earlier in your database. You would also point the JDBC URL to your
database server, unless you're running the database on the same machine as Social
Office.
For email there's a similar procedure using the built-in mail session. The mail
session is a resource which enables communication between Social Office and your
mail server. Please note: configuring the mail session properly is very important!
Since several of Social Office's applications rely heavily email notifications, the ability
to communicate with your mail server is essential. To configure the mail session,
please add the following directives to your portal-ext.properties file (substituting your

Installing Social Office for Production Use 21

Getting Started

mail server information):

mail.session.mail.pop3.host=localhost
mail.session.mail.pop3.password=
mail.session.mail.pop3.port=110
mail.session.mail.pop3.user=
mail.session.mail.smtp.auth=false
mail.session.mail.smtp.host=localhost
mail.session.mail.smtp.password=
mail.session.mail.smtp.port=25
mail.session.mail.smtp.user=
mail.session.mail.store.protocol=pop3
mail.session.mail.transport.protocol=smtp

Save the file. You're all done! The next time you start Social Office, it'll connect
to your database server and create the tables it needs to function.
We used MySQL above, just as an example, but of course Social Office supports
most common databases. Below we've provided the templates for all of the supported
databases. Use the template that corresponds to the one you're using.

DB2
jdbc.default.driverClassName=com.ibm.db2.jcc.DB2Driver
jdbc.default.url=jdbc:db2://localhost:50000/lportal:deferPrepares=false;full
yMaterializeInputStreams=true;fullyMaterializeLobData=true;progresssiveLocat
ors=2;progressiveStreaming=2;
jdbc.default.username=db2admin
jdbc.default.password=lportal

Derby
Derby is an embedded database and is not recommended for production
environments.
jdbc.default.driverClassName=org.apache.derby.jdbc.EmbeddedDriver
jdbc.default.url=jdbc:derby:lportal
jdbc.default.username=
jdbc.default.password=

Hypersonic
Hypersonic is an embedded database and is not recommended for production
environments.
jdbc.default.driverClassName=org.hsqldb.jdbcDriver
jdbc.default.url=jdbc:hsqldb:${liferay.home}/data/hsql/lportal
jdbc.default.username=sa
jdbc.default.password=

Ingres

22 Installing Social Office for Production Use

 Getting Started

jdbc.default.driverClassName=com.ingres.jdbc.IngresDriver
jdbc.default.url=jdbc:ingres://localhost:II7/lportal
jdbc.default.username=
jdbc.default.password=

MySQL
jdbc.default.driverClassName=com.mysql.jdbc.Driver
jdbc.default.url=jdbc:mysql://localhost/lportal?
useUnicode=true&characterEncoding=UTF-8&useFastDateParsing=false
jdbc.default.username=
jdbc.default.password=

Oracle
jdbc.default.driverClassName=oracle.jdbc.driver.OracleDriver
jdbc.default.url=jdbc:oracle:thin:@localhost:1521:xe
jdbc.default.username=lportal
jdbc.default.password=lportal

PostgreSQL
jdbc.default.driverClassName=org.postgresql.Driver
jdbc.default.url=jdbc:postgresql://localhost:5432/lportal
jdbc.default.username=sa
jdbc.default.password=

SQL Server
jdbc.default.driverClassName=net.sourceforge.jtds.jdbc.Driver
jdbc.default.url=jdbc:jtds:sqlserver://localhost/lportal
jdbc.default.username=sa
jdbc.default.password=

Sybase
jdbc.default.driverClassName=net.sourceforge.jtds.jdbc.Driver
jdbc.default.url=jdbc:jtds:sybase://localhost:5000/lportal
jdbc.default.username=sa
jdbc.default.password=

As you can see, Social Office supports a number of the leading databases in the
industry today.
Social Office will take about a minute to launch while it creates the tables.. Once
this is completed, a new browser window automatically opens and you'rre presented
with the Sign In screen.

Installing Social Office for Production Use 23

Getting Started

Signing In
When prompted, sign in using the default user id and password.
Screen Name: admin
Password: admin
Go ahead and sign in using these credentials. If this is the first time you're
logging in, you'll be prompted to choose a password reminder. Once you've chosen a
question and filled out the answer, click Save.

Illustration 1: Sign In Portlet

Sign In Options
The Sign In screen has a three options at the bottom of it. These are options
you've probably seen on other web sites.

OpenID
OpenID is a new single sign-on standard which is implemented by multiple
vendors. The idea is that multiple vendors can implement the standard, and then
users can register for an ID with the vendor they trust. The credential issued by that
vendor can be used by all the web sites that support OpenID. Some high profile
OpenID vendors are AOL (http://openid.aol.com/screenname), LiveDoor (http://pro­
file.livedoor.com/username), and LiveJournal (http://username.livejournal.com).
Please see the OpenID site (http://www.openid.net) for a more complete list.
The obvious benefit of OpenID for the user is that he or she no longer has to
register for a new account on every site in which he or she wants to participate. Users
can register on one site (the OpenID provider's site) and then use those credentials to
authenticate to anyOpenID-supported web site. Many web site owners struggle to
build communities because end users are reluctant to register for so many different
accounts. Supporting OpenID makes it easier for site owners to build their
communities because the barriers to participating (i.e., the effort it takes to register
for and keep track of many accounts) are removed. All of the account information is
kept with the OpenID provider, making it much easier to manage this information and
keep it up to date.

24 Signing In
 Getting Started

The OpenID link is the first of three links available directly under the Sign In
button. Social Office's integration with OpenID allows users to log in using their
OpenID identifier from their preferred OpenID provider instead of having to create a
brand new login for Social Office.

Create An Account
The second link is for account creation. If a new user wants to log in and doesn't
already have login credentials, he or she would use this link.. Note that
administrators can disable this function, thus requiring administrators to create all
accounts.

Forgot Password
The last is the Forgot Password link. This one does pretty much what it says: if a
user has login credentials but can't remember his or her password, the user clicks
this link to submit his or her user name and password reminder and a new password
is sent to their email address on file. This is just one of the many email notifications
that Social Office sends to users, and is one of the reasons that setting up the mail
server properly is so important.

Navigating Social Office

Upon first logging in to Social Office, you'll notice that you're directed to your
Home Page. Under your name at the top of the page you'll see three options, Home,
Profile, and Mail.

Home
This is the user's home page. This is where users are directed each time they log
in to Social Office. It's here that users can find relevant information on what's going
on each day as well as track announcements, activities, and tasks.

Navigating Social Office 25

Getting Started

Illustration 2: Personal Home Page of the Admin user

The left column contains the Sites portlet as well as the Contacts portlet. The
center column contains three aggregation portlets: Announcements, Activities, and
Tasks. The right column shows Today's Events and Weather. You can remove each of
these applications from your home page by clicking the x in the upper right hand
corner of the application. To add an application back (or add a new application)
simply click the Applications tab at the top of the page. This is located between Control
Panel and Layout. You can also move the applications to different locations on the page
by selecting the title of the application and dragging and dropping them onto a
column of the page.
You can also change the layout of the page if you don't like the default
three-column layout. To do this, click the Layout button at the top of the page. Don't
worry, we'll give you full details on layouts in the next chapter.
That's the overall view of a user's personal home page. Let's dive deeper and take
a look at the functions of each application on this page.

Sites
In Social Office, Sites are collections of Users who have a common interest. Each
Site is pre-populated with collaboration pages allowing you to quickly start
collaborating with others. You can create a site for any project or department that
requires collaboration between users. For example, a company could create a site
specifically for the marketing team, research team, or HR department. To drill down
even further, the marketing team could create sites for projects A, B, and C. The great
thing about Social Office is that as soon as a site is no longer needed (say project A has
been successfully launched) that site can easily be deleted and a new site created for
the next project.
This portlet is an aggregation of all of the sites to which a user belongs. Initially,

26 Navigating Social Office

 Getting Started

you willy ou'll want to click Add site. If you know a site has already been added, you
can click Open Sites to see a list of sites that are available for you to join. To go back to
our example, If a user creates content in the site for project A, and is then re-assigned
to project B, the user simply leaves the project A site and joins the project B site. All
the content that this user created for project A will remain in the project A site—and
the user will now have access to everything in project B. This allows him or her to
immediately start learning and contributing to the team.

Contacts
Here you'll find a list of all of your contacts within Social Office. Contacts are
people you added to your network within Social Office. To add a contact, simply click
the Add Contact button at the top right corner of the portlet.

Announcements
The Announcements portlet lists all the announcements that are relevant to you.
An announcement is any message that a user wishes to share with others in Social
Office. Anyone can create an announcement. When creating an announcement, you
choose the scope, display, and expiration dates. The scope is used to define who
within social office receives the announcement. This can be everyone, All Site
Owners, or all users within a specific site. As an example, this is great for project
managers who wish to share a message with every user within a specific site or for
Admins who have an important announcement for all users within Social Office.

Activities
The Activities portlet aggregates all the recent activities that are relevant to you.
An activity is any change or update that a user made while logged into Social Office.
For example, if the admin of the marketing site creates a wiki on how to interact with
advertisers and you're part of the Marketing site, then an activity is displayed
indicating that an event took place. In this application, activities are scoped in three
ways: by sites you belong to, by the activities of your friends within Social Office, and
by your own activities. The advantage of this is that users can quickly see what's
happened since they last logged in to Social Office.

Navigating Social Office 27

Getting Started

Illustration 3: Activities Feed

Tasks
Tasks are assignments that are in various stages of completion. They can be
assigned to specific people within Social Office. The Tasks portlet allows you to view
all of the tasks that others assigned to you, as well as all the tasks that you assigned to
others.

Today's Events
Today's Events will give you a quick overview of all of the public events for each
site that you belong to. These events are pulled from the calendars of those sites. See
the Calendar section in the Sites chapter to learn about creating new events.

Weather
This lists the weather for cities that you choose. By default it lists 90210, Chicago,
Frankfurt, and Rome. To change the default cities, simply click the Configuration
button and select Preferences. To search for a city, type the desired city name or zip
code into the search box at the bottom of the portlet. Doing this will open up a new
window that displays the current weather for the city or zip code you're searching.

Profile
Clicking Profile will take you to your profile page. Your profile page is basically a
resume that lets other users in Social Office know your contact information as well as
different projects that you have worked on. To edit this click Edit Profile and Edit
Projects in the lower left hand corner under your picture.

28 Navigating Social Office

 Getting Started

Illustration 3: Profile

Activities
This is the same as the Activities portlet on your home page. It aggregates all of
the recent activities for your sites, your friends, and you. The benefit of having an
activities feed on your profile page is that when other users in Social Office navigate
to your profile page, they can see what you and your friends have been up to recently.

Mail
Social Office offers a mail client. This is great because it means you have the
convenience of not having to log in to another server or use another application to
check and send your email. Currently, Social Office can integrate with any mail server
that uses the IMAP protocol, as well as Google's GMail service.

Illustration 6: Default view of Social Office's email client.

In order to check and receive email in Social Office you'll need to configure the
mail portlet settings. This is where you'll configure your email accounts. To start click
Configure email accounts. Next choose Add a Mail Account or Add a Gmail Account and
follow the directions. After you have successfully added an email account, when navi­

Navigating Social Office 29

Getting Started

gating to the mail page, you'll be presented with the option to Check your email or con­
figure email accounts.
Social Office also provides a global navigation area at the top right of the screen.
This is one way to navigate away from your personal page to other areas of Social
Office.

My Sites
This shows you a list of all of the Sites which you're currently a member of.
Should you click on one of the sites you'll be redirected to the home page for that
particular site. This is a quick way to navigate to any site of which you're a member.

The Control Panel

The Control Panel takes you to the administrative functions of Social Office. Only
Administrators will have access to the Control Panel.

Navigating the Control Panel

The Control Panel is very easy to navigate. On the left side is a list of headings
with functions underneath them. The headings are in alphabetical order, but the
functions are in a logical order.
User Name: The first section is always the logged in user's personal space. Here,
you can change your account information.
Portal: The Portal section allows portal administrators to set up and maintain
the portal. This is where you can add and edit users, roles, and configure the settings
of the portal.
Server: The Server section contains administrative functions for configuring
portal instances and more.
All of the functions that you'll need to maintain social office can be found in the
control panel.

30 The Control Panel

Illustration 5: Control Panel

 Getting Started

Using the Control Panel

The Portal section of the Control Panel is used for most administrative tasks.
This is where you'll find the interface for the creation and maintenance of
• Users: These are individuals in Social Office who are representative of
actual people. They are assigned a screen name and a password in order to
login to Social Office.
• Roles: Roles are groupings of users that share a particular function within
Social Office according to a particular scope. In Social Office there are two
scopes that roles can take. The first is a site role. This is a role that has
permissions that are applicable only within the site that it's assigned to,
such as the Marketing Site. The second is a regular role. The permissions
associated with this role are effective throughout social office and not just
within one particular site.
Additionally, it allows you to configure many server settings, including:
• Password Policies: If you (as an admin) have certain password
requirements, a password policy is where you would enforce this. Some
examples of password policy settings are allowing a user to change his own
password, preventing reuse of old passwords, enabling password expiration
after a specified time, and enabling account lockout after a certain number
of failed logins. These are just some of the settings that can be set and
managed with a password policy.
• Authentication options, including Single Sign-On and LDAP integration.
Social Office currently supports several single sign-on solutions including,
LDAP, CAS, NTLM, OpenID, Open SSO, and SiteMinder. Social Office also
supports any LDAP directory including but not limited to Apache Directory,
Fedora Directory, Microsoft Active Directory, Novell eDirectory and
OpenLDAP.
• Default User Associations: There are two types of default user associations
in Social Office: sites and roles. If you want every newly created user
associated with a particular site you would list the name of that site under
Sites. If you want every newly created user associated with a particular role
you would list the name of that role under Roles.
• Reserved Screen names: Allows Social Office admins to set aside certain
screen names that they don't want users to use. This is beneficial if you
want to restrict users from creating screen names that contain bad words
for example.
• Mail Host Names: You have already configured one mail host for sending
notifications. You can optionally specify other mail hosts for sending mail in
case the main one you configured becomes unavailable.
• Email Notifications: There are two types of email notifications that you can
configure. Account Created Notification will alert a user that an account was
created in Social Office using their email address. You can customize the
message that's sent to the newly created user. The Password Changed
Notification lets a Social Office user know when their password is changed

The Control Panel 31

Getting Started

and what it's changed to. Just as with the Account Created Notification, you
can customize the message that's sent to the user.
You'll use the Portal section of the Control Panel to create your structure,
implement security, and administer your users. Please see Chapter 4 for an
exhaustive view of the Control Panel.

Summary
Liferay Social Office provides an easy to install platform that gets you up and running
very quickly. It requires minimal configuration, and in fact needs only a connection to
a database and a mail server to become fully operational. Once you have it installed, it
presents to the user a very clear and consistent interface which is intuitive. Using this
interface, you can navigate to any area in Social Office you need to set up the Sites
and enable your users to get their work done.

32 Summary
3. SITES

Sites are the core of Social Office—they are both the organization of people and the
collection of pages that hold the tools for team collaboration. Sites are the structure
Social Office uses to bring together the various groups within your organization and
enable them to work together.
In this chapter we'll discuss the basics of creating and configuring Sites, and take
a look at the pieces the hold a Site together. We'll also take a look at each application
and how they all fit together to break down the barriers between team members and
enable them to work together.

Adding a Site
Any user with sufficient permissions can add a site via the Sites application or
the Control Panel. From the Sites application, a user simply needs to click on Add a
Site and set the name and permissions for the site. From the Control Panel, a user
would go to Sites on the left side and then click Add a Site. Each site is not only a
collection of pages, but also a community of which users can become members.

Browsing Sites
Each user by default should be equipped with a Sites application on his or her
home page with which he or she can navigate to the various sites in Social Office.
From other pages in Social Office, users can navigate via the My Sites link in the global
navigation at the top right corner of the screen.
Each Site is composed of several pages which are accessible by tabs. The home
page for each site is a hub containing applications which aggregate data from the
primary applications on the site. The other pages contain one application
each—Calendar, Blog, Wiki, Forums, Documents, and Members. We'll go over these
later in the chapter.
Sites

Managing Permissions for Sites

Sites can be Open or Private. Anyone can view the content of an Open site and
anyone can join. For Private sites, nonmembers cannot access the Site directly and
must be invited to become a member.
The person who creates a site is the Owner of the site. That person has full
control over permissions, applications settings, and layout throughout the site. Social
Office Administrators also have this ability (For more information on Administrators
and other user roles, see Chapter 4: The Control Panel).
In addition to the overarching site permissions, individual applications and
entities within those applications have configurable permissions. For example, the
Blogs application could be setup so that anyone can create an entry, so that only
members can create a blog entry, or so that only specific users can create an entry. On
top of that, individual entries within the blog could also be set so that anyone can
view or comment on them, or so that only members of the Site can view or comment,
even if the blog itself is public.

Site Roles
In order to maintain a proper site, certain users are assigned as administrators.
The Control Panel chapter covers the creation and assignment of User Roles. In
general, you'll create the roles in the Control Panel and set the abilities of that role
within the specific applications in the Site.

Site Applications
In your initial Social Office Setup, each site will contain six core applications on
separate pages, accessible via the top tab navigation: Calendar, Documents, Forums,
Blogs, Wiki, and Members. Most of these applications also work with the smaller
applications which are displayed on the Site's home page. More details on these
interactions are discussed below.

Calendar
Social Office's Calendar application is a complete calendaring solution. You can
schedule any number of events of different types, receive alarms via email or text
message, import and export your calendar, and much more. Additionally, you can
import and export the calendar to the popular iCalendar format for use in other
applications.
On the home page for a site, there is by default an application called Today's
Events. This application will display any events currently scheduled on that site's
Calendar to occur on the current date. The events are displayed based on the event's
permissions—so a guest user viewing the page will only see public events, and only
the creator of the event will see private events.

34 Site Applications
 Sites

Illustration 7: Main Calendar View.

On the Calendar page, the default view is to see the entire month of events, but
you can change that to show a week or a day at a time. Arrows will appear to the left
and right of the current span of time that you're viewing—you can use these to view
the next day, week, or month as needed.

To create an event, go to the Calendar application page and click Add Event. From
here, you'll be given the following options for setting up the event:
Start Date/Time: The date and time the event starts.
Duration: How long the event will last.
All Day Event: Check this box to disassociate time from the event and make it
last all day.
Time Zone Sensitive: Leave this box checked to make sure that the portal keeps
track of the event regardless of time zone.
Title: The title of the event.
Description: A description of the event.
Type: Select from a number of pre-configured event types. You can change these
in the portal-ext.properties file.
Permissions: This field contains a check box that enables you to toggle whether
the event is public or private, and the ability to configure more specific options.
Clicking configure will allow you to choose in more detail what guests or members of

Site Applications 35
Sites

the community are allowed to see and edit.

Repeat: If the event repeats on a schedule, select the schedule.
End Date: If the event repeats on a schedule but there is an end to the set of
meetings, enter the end date.
Reminders: Select whether to send a reminder, how long before the event to
send it, and through what medium (email, text message, or instant message) to send
it. Note that this feature is integrated with your profile on the portal, so you'll need to
fill out your mobile phone number and / or instant messenger IDs in order to use
those features.
Click Save to add the event to the Calendar.

Importing and Exporting Calendars

If you're migrating to Social Office from an existing platform, there's a good
chance that you already have significant amount of Calendar data that you don't want
to lose. To help make your life easier, Social Office supports importing calendar data
in .ics format.
• To import an existing Calendar, go to the Calendar application page
• Scroll down to the bottom and click Import
• On the Import screen you can click Choose File and select the .ics file to
import to the Calendar.
• You can also Export the Social Office calendar to .ics if necessary.

Documents
One of the keys to collaborating in a workplace is good handling of various
documents which multiple members of a team might be working on simultaneously.
Social Office contains a Document Library application which can help streamline this.

36 Site Applications
 Sites

Let's say you're a graphic designer for the marketing department and you've just
finished up an advertisement for several magazines. Before you can move on to the
next steps, you'll need your team and a handful of executives to review and sign off
on the content.

Illustration 9: Adding a Folder.

Because your company has only recently adopted Social Office, the first thing
you'll need to do is create the appropriate folders. Using the above scenario, begin by
creating a Print Advertisements folder. Because you might want people from other
departments to review documents posted here, click Configure to open up additional
permission options and check the box for View under the Guest field. Let's say that you
also want to create a subfolder of Print Advertisements called Source Files to use for the
original working files so that members of your team can make edits directly to the
file. Even though anyone can view the root folder, you may not want everyone to have
access to the source files, so when you create this one, you would make sure that the
View option under Guest is unchecked.

Illustration 10: Example of Deeply Nested Folders.

You can continue to nest folders as deeply as necessary to keep things orga­

Site Applications 37
Sites

nized. In larger departments running multiple projects at once, having deep folder
structures is a necessity to keep out of each others' way. Above is an example of how
the folders might look in using our scenario.
To add a new document, click Add Document. After you're brought to the next
screen, click on Browse. Your browser will open a dialog box that you can use to select
one or more files to upload; once the transfer is complete, you can set any details of
the document from the folder in which it was placed. If you click Classic Uploader,
you'll be presented with a web page that allows you to set the name, description, and
permissions, as well as select a single file to upload.
A very useful feature of the Documents application is that it keeps track of past
versions of a file after it's been updated. That way, if any information is overwritten
or removed, you can easily access an older version of the file. It also features a simple
locking mechanism, whereby a user can “lock” the file to make some changes and
unlock it once he or she is finished. Use this feature to prevent duplicate work or
important changes from being lost in the shuffle of multiple updates.
There are two places where you can lock a file. While viewing the list of files in a
folder, you can simply click on the lock icon, or while on the Edit screen, you can click
Lock.

Illustration 11: This file is currently not locked; clicking on the lock icon will lock it.

To access more options for a file or a folder, click on the icon that looks like a
wrench. you'll be presented with a menu containing the following items:
Edit: Change the details of the file or folder. Clicking on this for a file will enable
you to upload a new version as well as leave comments or ratings. This way,
discussions about a document are kept with the document itself.
Permissions: You can define who can view or edit a file or folder.
Delete: Remove the file or directory. Removing a directory will also remove any
subdirectories and files contained in that directory.
View (Files only): Clicking on view will allow you to download a file, leave
comments, or rate the file. You're also provided with the WebDAV URLs if you wish to
access this file through your operating system. All of this page's functionally is
duplicated on the Edit page.

Editing a File
The Edit screen is where most of the action is going to happen. There are a large
number of fields on this page, and it can be confusing at first. Let's take a moment to
go over the purpose and function of each field:
Name: This is the name of the file that is always displayed. You can upload a file

38 Site Applications
 Sites

with a different name, but this will remain the same.

Version: This displays the current version of the file. Each time the file is
updated, Social Office will increment the version number.
Size: The size of the file on disk.
Number of Downloads: The number of times a user has downloaded the file.
Download: A link to download the file.
URL: This is a URL that you can provide to users who may need access to a file
hosted on the Site, but aren't members of that Site. Please note that in order for this
to work, the file permissions must be set so that a guest can view it..
WebDAV URL: Fills the same purpose as the URL, but with the WebDAV protocol.
Folder: Displays the folder where the file currently resides. You can click the Se­
lect button, to move the file to a different folder.
File: By clicking Choose File, you can select a new version of the current file to
upload. The location of the file you choose is displayed here.
Title: You can change the displayed name of the file here. As noted above, simply
uploading a file with a different name will not change the name of the file in Social
Office.

Illustration 12: The screen for editing or updating existing files.

Description: You can fill in any notes or details about the file that other users
will need to know here.

Site Applications 39
Sites

Tags: Tags are used throughout the site to enable users to search properly cate­
gorized data more quickly. For more information on tagging, see Chapter 5: The
Control Panel.
Save, Lock, Cancel: You can save any changes you've made, cancel those
changes, or lock the file for editing as described above.
Ratings: Each user can rate a file, by giving it anywhere from 1 to 5 stars. This
could be useful for peer or executive review of files.
Comments: Along with rating a file, users can also leave comments. This is
useful for discussion about the file.
Version History: You can view past versions of a file; this can be useful for
tracking down specific changes to a file or to recover information that was
accidentally removed in a newer version.

Blogs
Social Office has a Blogs application which allows you to provide a blogging
service to your users. Each site will have its own unique blog, and by default, all
members of the site can post blog entries. Let's go over how to use the Blogs
application to create an optimal blogging system.

On the Blogs page, you'll see three main options: Subscribe to this Blog, Add Blog
Entry, and Permissions. Clicking on Subscribe to this Blog will bring you to the RSS feed
for this blog. This enables you to publish your blog as a feed to various feed readers
that your users might be using.
Click on Permissions and you'll be presented with a screen where you can set
which users have to ability to blog. If you want to limit this to specific users, you can
create a User Role for bloggers in the Control Panel and give that role permissions to
add entries here.
The core functionally of this application is of course, writing blog entries. Click
the Add Blog Entry button to get started.
Title: This is the title of the blog entry. It is displayed at the top of the post.
Display Date: You don't have to make the blog entry appear immediately. If you
prefer to have it display later in the day or a few days later, you can set the display

40 Site Applications
 Sites

date here.
Content: The content entry area consists of two parts: the text entry field and
the toolbar. The text entry field is where you do your typing, and the toolbar controls
text formatting as well as embedding images, videos, or even adding various
emoticons to the post. You also have the option to use either the default WYSIWYG
text editor or enter your own HTML.
Tags: The tags field give you the option to add tags to your entries to make them
easier to find with Social Office's search feature. You can find more information about
tagging and categories in Chapter 5: The Control Panel. Clicking Suggestions will
automatically generate possible tags from your entry based on looking for keywords
in your text.
Save Draft, Publish, Cancel: Clicking on Save Draft will save your work. Note
also that as you type, the entry is automatically saved as a draft at periodic intervals.
This gives you peace of mind in using the application from within your browser, as
you won't lose your entry in the event of a browser crash or network interruption.
Publish will save and post your entry on the Blogs page, and Cancel will discard all of
your work and send you back to Blogs page.
Permissions: Like almost anything else in Social Office, you have the ability to
restrict what users can view or comment on your entry. You can also allow other
users to edit it (in the case of a team blog).
Allow Incoming Trackbacks: If you're running Social Office on the Internet and
not an Intranet, you might want to enable trackbacks to make it easier to track when
other bloggers link to your blog. This could also potentially be useful on larger
Intranets to reference other blogs that are part of other Social Office or Liferay Portal
installations.

Site Applications 41
Sites

Trackbacks to Send: If you're referencing another blog that supports

trackbacks in your post, you'll want to make sure that they receive the proper credit.
Entering trackback URLs in his field will notify the owners of the other blogs that you
referenced them in your post. Once you have finished your blog entry, click Publish.
You'll go back to the list of entries, and you'll see your entry.

Forums
Social Office's Forums are one of the most widely used collaboration features
provided by the product. The application is a state of the art forum application similar
to many forums in which you may have participated. There are countless web sites
out there where it's clearly evident that there is no link whatsoever between the main
site and the message boards. In some cases, users are even required to register twice:
once for the main site and once for the message boards. By providing a message
boards application along with all of the other applications, Social Office can provide a
unique, integrated approach, which is essential when creating an environment for
people to work together and collaborate. We've already taken care of the integration
of applications, so you can concentrate on using the tools we provide to streamline
your workflow and improve the efficiency of business processes.
The Forums application is very straightforward to set up. To start, you'll want to
configure who has access to the Moderator functions of the Forums, so click on Per­
missions.

42 Site Applications
 Sites

Permissions
This page allows you to define which roles have the ability to add a category of
threads or to ban abusive users from the forums. Select the roles and permissions you
want to configure and then click Submit. You may want to set up a specific User Role
for this. User Roles are covered in Chapter 5: The Control Panel.

Adding Categories and Mailing Lists

You're now ready to add categories to your forums. Click the Add Category button.
Enter a name for the category and a description of the category. At the bottom of the
form is a check box which allows you to enable the mailing list function.
The mailing list function works in concert with the message notification emails.
If a user subscribes to a message board category, he or she will get emails when
someone posts messages to that category. Enabling the mailing list function allows
those users to simply reply to the notification messages in their email clients, and
those replies are posted to the thread automatically.
To enable this functionality, you'll need a mail account for the category. Once
you click the check box, a number of other options will appear.
Email Address: Enter the email address of the account that will receive the
messages.
Next, there are two tabs: Incoming and Outgoing. These define the mail settings for
receiving mail and for sending mail. The Incoming tab has the following options:
Protocol: Select POP or IMAP.
Server Name: Enter the host name of the mail server you're using.
Server Port: Enter the port on which your mail service is running.
Use a Secure Network Connection: Check this box to use an encrypted
connection if your server supports it.

Site Applications 43
Sites

User Name: The login name on the mail server.

Password: The password for the account on the server.
Read Interval (Minutes): Social Office will poll the server at this interval
looking for new messages to post.
The Outgoing tab has the following options:
Email Address: Enter the email address that messages from this category should
come from. If you want your users to reply to the categories using email, this should
be the same address configured on the Incoming tab.
Use Custom Outgoing Server: If you need to use a different mail server than the
one that's configured for the portal, check this box. If you check the box, a number of
other options will appear.
Server Name: Enter the host name of the SMTP mail server you're using.
Server Port: Enter the port on which your mail service is running.
Use a Secure Network Connection: Check this box to use an encrypted
connection if your server supports it.
User Name: Enter the login name on the mail server.
Password: Enter the password for the account on the mail server.
When finished adding your category, click Save. Add as many categories to your
forums as you wish. Note that categories can have subcategories. You can add a
number of top-level categories and then click on each one to add categories under
that (to an unlimited level). For usability reasons, you don't want to nest your
categories too deep, or your users will have trouble finding them. You can always add
more categories as your forums grow.

Using the Forums

Upon seeing Social Office's Forums application, your users will immediately
recognize that the interface is similar to many other implementations they've seen
before. Forums are nothing new to the Internet, and many people have been using
them for quite a long time. For that reason, Social Office's forums will seem very
familiar to your users.
Threads can be viewed in many ways. At the left of the page is a set of quick
links: Categories, My Posts, My Subscriptions, Recent Posts, and for administrative users,
Statistics and Banned Users. The Categories tab allows users to browse the categories
for an appropriate place to post a thread. The My Posts link shows all of the posts for
the user who's currently logged in. This is a convenient way to get back to a
conversation you had once in order to retrieve some pertinent information. The My
Subscriptions link allows a user to manage thread subscriptions. If you lose interest in
a particular topic, you may want to visit this tab and unsubscribe from a thread. The
Recent Posts tab shows all posts from all categories by date, so you can keep up on all
the most recent discussions in the forums.
For administrators, the Statistics link shows the number of categories, the

44 Site Applications
 Sites

number of posts, and the number of participants in your forums. It also has a list of
who the top posters to your forums are. The Banned Users tab shows all of the users
who have been banned from posting on the forums.
To post a new message thread, go to the Categories link, click on a category, and
then click on the Post New Thread button. You'll see a message editing form. The
body field on this form is different from that of the other applications in Social Office.
The reason for this is to support BBCode, which is a standard form of markup used in
many message board products. Users who have Moderator access to the board can
modify the priority of messages. You can also use the editor to quote from messages
that you're replying to.

Messages that are posted to the forums are shown by default in a threaded view,
so that replies are attached to the proper parent message. This makes it easy to follow
along with conversations.
When viewing a message board thread, users are given several options. At the
top right of the thread are three icons, allowing users to view threads in a flat view, in
a tree view, or in a combination view. A flat view shows all of the messages in the
order in which they are posted. A tree view shows all of the messages in a threaded
view, so that replies are next to the messages they are replying to. A combination
view shows the threads at the top as subjects only, with the flat view underneath.
When viewing a thread, users can click links allowing them to post a new thread,
subscribe to the thread they are viewing, or if they have administrative access, move
a thread to another category. Subscribing to a thread causes Social Office to send the
user an email whenever a new message is posted to the thread. If you have enabled

Site Applications 45
Sites

the mailing list feature for the category in which the thread resides, users can simply
reply to these messages in order to post back to the thread, without having to visit
your site.
The Forums application is also highly integrated with Social Office's user
management features. Posts on the message board show users' profile pictures if they
have uploaded one for themselves, as well as the dates that users created an ID on
your site.

Forums Administrative Functions

The Forums application provides for the day-to-day administration of the
message threads. You may wish to separate this function out by a role, and then
delegate that role to one or more of your users. That would free you up to concentrate
on other areas of your web site. To do this, you can create a role called Message Board
Administrator.
This role can be scoped by Social Office or a Site. If you have a Social Office
scoped role, members of this role can administer any Message Boards in any Site to
which they have access. If it's a Site scoped role, members of this role can administer
a Message Boards portlet in only the Site in which they have the role.
Go to the Control Panel and create this role. Once it's created, click Actions → De­
fine Permissions. Click the Portlet Permissions button. Browse the list until you find the
Message Boards portlet and then click on it. You'll then see a screen which allows you
to configure the various permissions on the portlet.
Grant the permissions you wish message board administrators to have and then
click Save. You can then add users to this role and they will inherit the permissions.
Message Board administrators can perform all of the functions you have already
seen, including creating and deleting categories and posting threads. In addition to
these, a number of other functions are available.

Moving Threads
Many times a user will post a thread in the wrong category. Administrators may
in this case want to move a thread to the proper category. This is very easy to do. First
click on the thread. If you have administrative access, there is a link at the top of the
thread labeled Move Thread. Click this link. You'll be presented with a simple form
which allows you to select a category to which to move the thread and a check box
which allows you to post a message explaining why the thread was moved. This
message is posted as a reply to the thread you're moving. When finished, click the
Move Thread button and the thread is moved.

Deleting Threads
Users with administrative access to the forums can delete threads. Sometimes
users begin discussing topics that are inappropriate or which reveal information
which should not be revealed. In this case, you can simply delete the thread from the
forums . This is easy to do. First, view the list of threads. Next to every thread is an
Actions button. Click Actions → Delete to delete the thread. This doesn't prevent users

46 Site Applications
 Sites

from re-posting the information, so you'll need to be vigilant in deleting threads or

consider the next option.

Banning Users
Unfortunately, sometimes certain users can become abusive. If you wind up with
a user like this, you can certainly make attempts to warn him or her that the behavior
he or she is displaying is unacceptable. If this doesn't work, you can ban the user from
posting on the forums.
Again, this is very easy to do. Find any post which was written by the abusive
user. Underneath the user's name / profile picture is a link called Ban this User. Click
this link to ban the user from the forums.
If after taking this action the user apologizes and agrees to stop his or her
abusive behavior, you can choose to reinstate the user. To do this, click the Banned
Users tab at the top of the Forums application. This will show a list of all banned
users. Find the user in the list and click the Unban this User link.

Splitting Threads
Sometimes a thread will go on for a while and the discussion completely changes
into something else. In this case, you can split the thread where the discussion
diverges and create a whole new thread for the new topic. Administrative users will
see a Split Thread link on each post. To split the thread, click the link. You'll be
brought to a form which allows you to add an explanation post to the split thread.
Click Ok to split the thread.

Editing Posts
Administrative users can edit not only their own posts, but also all others.
Sometimes users will post links to copyrighted material or unsuitable pictures. You
can edit these posts, which allows you to redact information that should not be posted
or to censor profanity that's not allowed on your forums.

Permissions
Permissions can be set not only on threads, but also on individual posts. You can
choose to limit a particular conversation or a post to only a select group of people. To
do this, click the Permissions link on the post and then select among the Delete,
Permissions, Subscribe, Update, and View permissions for the particular role to which
you want to grant particular access. This function can be used to make it so some
privileged users can post on a certain thread, but others are only allowed to view it,
or any combination of the above permissions.

Wikis
Social Office's Wiki application, like the Forums application, is a full-featured
wiki application which has all of the features you would expect of a state of the art
wiki. Again, though, it has the benefit of all of the features of the Social Office
platform. As such, it's completely integrated with Social Office's user management,

Site Applications 47
Sites

tagging, and security features.

So what is a wiki? Put simply, a wiki is an application which allows users to
collaborate on information. This, of course, has many applications—the most famous
of which is Wikipedia, which is a full encyclopedia developed collaboratively by users
from all over the world, using a wiki. Another example would be Liferay's wiki, which
is used for collaborative documentation for the Community Edition of the product.
A wiki application allows users to create and edit documents and then link them
to each other. To accomplish this, a special form of markup is used which is
sometimes called wikitext. Unfortunately, the proliferation of many different wiki
applications resulted in slightly different syntax for wikitext in the various products,
as each new wiki tried to focus on new features that other wikis didn't have. For that
reason, a project called WikiCreole was started. This project resulted in the release of
WikiCreole 1.0 in 2007, which is an attempt to define a standard wiki markup that all
wikis can support.
Rather than define another wikitext syntax, Social Office's Wiki application
supports WikiCreole as its syntax. This syntax is a best-of-breed wiki syntax and
should be familiar for users of other wikis. The application provides a handy cheat
sheet for the syntax on the page editing form, with a link to the full documentation if
you wish to use some of WikiCreole's advanced features.

Navigating in the Wiki application

You'll start on the default page, which is called FrontPage. Initially, of course, it's
blank—you'll have to fill it with your own wiki content. On the left are the Quick Links,
which contain a set of navigational links:
Manage Wikis: This link takes you to a list of available wikis, with options to
make administrative changes.
FrontPage: Takes you to the main page of the main wiki.
Recent Changes: Takes you to a page which shows all of the recently updated
pages.
All Pages: Takes you to a flat, alphabetical list of all pages currently stored in the
wiki.
Orphan Pages: This link takes you to a list of pages that have no links to them.
This can happen if you take a link out of a wiki page in an edit without realizing it's
the only link to a certain page. This area allows you to review wiki pages that are
orphaned in this way so that you can re-link to them or delete them from the wiki if
they are no longer relevant.
Search: Enter a term here and click the Search button to search for items in the
wiki. If the search term is not found, a link is displayed which allows you to create a
new wiki page on the topic for which you searched.

Getting Started with the Social Office Wiki

The Wiki application can contain many wikis. By default, it contains only one,
called Main. If you wish to add, modify, or delete wikis, click on the Manage Wikis link

48 Site Applications
 Sites

in the quick links. You'll see that the Main wiki has already been added for you.
Clicking the Add Wiki button brings you to a screen which allows you to give the
wiki a name and a description. You can also set up some default permissions. When
you create a new wiki, it'll appear in a list at the top of the main page of the
application.
Next to each wiki in the list of wiki nodes is an Actions button. This button
contains several options:
Edit: Lets you edit the name and description of the wiki.
Permissions: Lets you define what roles can add attachments to wiki pages, add
pages to the wiki, delete pages, import pages to the wiki, set permissions on the wiki,
subscribe to the wiki, update existing pages, and view the wiki.
Import Pages: You can import your data from other wikis. This allows you to
migrate off of another wiki which you may be using and use the Social Office wiki
instead. You may wish to do this if you're migrating your site from a set of disparate
applications (i.e., a separate forum or a separate wiki) to Social Office, which provides
all of these features. Currently, MediaWiki is the only wiki that's supported, but
others will likely be supported in the future.
RSS: This will bring you to an RSS feed of updates to the wiki.
Subscribe: A user can subscribe to a wiki node and any time a page is added or
updated, Social Office will send an email to the user informing him or her what
happened.
Delete: Deletes the wiki node. To go back to your wiki, click on its name in the
list of wikis.

Adding and Editing Wiki Pages

By default, there is one page added to your wiki, called FrontPage. To get started
adding data to your wiki, click the Edit link at the top right of the application. You'll
be brought to a blank editing page.
You can now begin to add content to the page. Notice that there is a very
convenient “cheat sheet” which can help with the wiki syntax. You can use this
syntax to format your wiki pages. Consider for example the following wiki document:
== Welcome to Our Wiki! ==
This is our new wiki, which should allow us to collaborate on documentation.
Feel free to add pages showing people how to do stuff. Below are links to
some sections that have already been added.
[[Introduction ]]
[[Getting Started]]
[[Configuration]]
[[Development]]
[[Support]]
[[Community]]

This would produce the following wiki page:

Site Applications 49
Sites

Illustration 17: Adding a wiki page

This adds a simple heading, a paragraph of text, and several links to the page. Notice
that the links are red, instead of the normal blue color. This indicates that the page
behind that link doesn't yet exist, and therefore needs to be created. If you click one
of those links, you'll be brought immediately to the editing screen you were on
previously when you edited the front page, except this time you'll be creating the
page behind the link you just clicked. Social Office will display a notice at the top of
the page stating that the page doesn't exist yet, and that you're creating it right now.
As you can see, it's very easy to create wiki pages. All you have to do is create a link
from an existing page.
Note that at the top of the screen you can select from the Creole wiki format and
the HTML editor that comes with Social Office. We generally recommend that you
stick with the Creole format, as it allows for a much cleaner separation of content and
code. If you want all of your users to use the Creole format, you can disable the HTML
format using the portal-ext.properties file. See the Liferay Portal Administrator's Guide for
further information on this configuration file.
At the bottom of the page editing screen, you can select categories or tags for the
article. Categories are a hierarchical list of headings under which you can create wiki
pages, and tags are lists of topics covered by your articles. Both allow you to organize
your content for searching. Tags can be created inline; categories can be created
using the Control Panel in the Tags and Categories section.

Page Details
When viewing a page, you can view its details by clicking the Details link which
appears in the top right of the page. This allows you to view many properties of the
page. There are several tabs which organize all of the details into convenient
categories.

Details
The Details tab shows various statistics about the page and also contains a few
actions that you can perform on the page.

50 Site Applications
 Sites

Title: Displays the title of the page.

Format: Displays the format for the page—either Creole or HTML.
Latest Version: Displays the latest version of the page. The wiki application
automatically keeps track of page versions whenever a page has been edited.
Created By: Displays the user who created the page.
Last Changed By: Displays the user who last modified the page.
Attachments: Displays the number of attachments to the page.
RSS Subscription: Displays links which allow you to subscribe to the page as an
RSS feed in three formats: RSS 1.0, RSS 2.0, and Atom 1.0.
Email Subscription: Contains links allowing you to subscribe to the entire wiki
or just to this page.
Advanced Actions: Contains links allowing you to modify the permissions on the
page, make a copy of the page, move (rename) the page, or delete the page.

History
This tab shows a list of all of the versions of the wiki page since it was created.
You can revert a page back to a previous state and you can also compare the
differences between versions by selecting the versions and then clicking the Compare
Versions button.

Incoming / Outgoing Links

The next two tabs are for incoming and outgoing links. These are wiki links to
and from the page. You can use this tab to examine how this page links to other pages
and how other pages link back to this page.

Attachments
The last tab is for attachments. You can attach any file to the wiki. This is mostly
used to attach images to wiki articles which can then be referenced in the text.
Referencing them using the proper WikiCreole syntax renders the image inline, which
is a nice way to include illustrations in your wiki documents.

Members
In order for a site to function properly, it must have members. Site owners have
the ability to allow anyone to join or to restrict membership to invitation only. They
also have the option to allow anyone to view the site or to restrict site viewing to
members only. Individual applications within each site also have configurable
permissions as to whether they can be viewed or edited by anyone or only by
members of the site. In most cases you'll want to restrict membership of a site, but
allow everyone to view certain sections of the site.
As an example, a company's Marketing Site might have, among other things, a
Brand Style Guide and a Marketing Events Calendar. These are things that they would

Site Applications 51
Sites

want accessible to various people in the company, such as web developers or retail
associates. They would not, however, want everyone to view specifics on upcoming
promotions still in development—or the time and locations of meetings with vendors.
Using Social Office, you can easily separate items like this—with some documents and
items on a Calendar being viewable to everyone, while others would be invisible to
everyone who wasn't a member of the site.
The standard permissions available to users are Add Discussion, Delete, Delete
Discussion, Permissions, Update, Update Discussion, and View. These are very granular
throughout the various applications, so you have a lot of flexibility in determining
who can do what, not just for the application itself, but for specific files, events,
discussions, or just about anything else.

Other Site Options

While the applications we've been describing above are included by default in
Social Office's Sites and are where users are going to spend the majority of their time,
there are a few other tools and configuration options that you'll want to know about
when you're setting up Sites.

Adding/Removing Applications
By default, there is a fairly large number of
applications on users' personal home pages and the Site
home pages. In some cases, you may want exactly what's
there by default, but in others, you may want less or
more.
If a user has permission to remove a particular
application, an X will appear in the top right corner of
the application box; clicking the X will remove the
application. If a user has permission to add an
application to a page, they will see an Applications button
at the top of the screen. Clicking on it will display a
menu on the left side of the screen with a list of
applications that they can add to a page. The
applications are organized by category.
Users own their personal home pages and are free to make changes to them. Any
changes made by one user affects only his or her personal home page. Site home
pages, on the other hand, belong to the Site, so changes made by one user will affect
all users of that Site. This is why only the Site Owner, Social Office Administrator, or
someone given increased permissions via User Roles in the Control Panel can modify
the Site home page.

Layouts

52 Site Applications
 Sites

Along with adding or removing applications, pages have customizable layouts.

Each page has a selectable Layout template (accessed through the Layout button at the
top of the screen). Simply choose the best layout for your page. You can also drag and
drop individual applications anywhere on the page; however, the layout template will
determine the size and shape of the Application box, as well as details of its exact
placement on the screen.

You can also apply layouts to Site and personal home pages. We suggest
experimenting with a variety of layouts to determine what works best for your site
and your users.

Announcements
The Announcements application is Social Office's main method of conveying
information to larger groups of users at once. You can make announcements to all
other users or only to members of a specific site.
The Announcements application is displayed in two places: the user's home page
and the site home page. The Announcements application displays different
information for each user based on the user's site membership. For example, if a user
is a member of the Sales site, but is browsing the home page of the Marketing site, he
will see announcements from Sales in the Announcements application, not
announcements from Marketing.
By default, only Administrators or site owners can post announcements. They
can also create a User Role (via the Control Panel) with the ability to post
announcements. See Chapter 5: The Control Panel, for more information about
creating User Roles.

Site Applications 53
Sites

Illustration 20: The Add Announcements Screen.

To create an announcement, a user with sufficient permissions simply needs to

click the Add Announcement button and fill in the necessary fields:
To: This is the Site where the announcement is posted. If a user is accessing this
application through a Site home page, or if he or she can only make announcements
for one Site, this will only display one value. However, if a user with announcement
privileges on multiple Sites accesses the application from his or her personal home
page, he or she will see a selection box with all of the available Sites.
Title: You can enter a title here that serves as the headline for the
announcement.
URL: This field enables you to set a URL for the announcement. This is useful if
you want to link directly to the announcement from somewhere else.
Content: This is where you enter the main content for the announcement.
Unlike some of the more advanced text entry fields in other applications, this field
only accepts plain text characters.
Type: You can set the type as General, News, or Test, depending on what type of
announcement you're making.
Priority: Mark this as Important or Normal. Marking an item Important will make
it stay persistently above all Normal entries until you edit the entry and change its
priority, delete it, or the item expires.
Display Date / Expiration Date: You can set a date range for when the item will
first appear and when it will stop displaying. You can use this feature to have an­

54 Site Applications
 Sites

nouncements post or expire off the list when you're unavailable to manually make
changes. By default, all announcements expire one month after they are first posted,
but you can increase or decrease the amount of time each item is displayed.
Clicking the Manage Entries button will bring you to a screen displaying all
announcements and allow you to edit or delete them. You can use this to fix any
errors in existing entries or to remove unwanted entries. You can also add entries
from this page.

Illustration 21: Manage Entries Screen.

Chat
The Chat application is integrated throughout the whole of Social Office. It's a
convenient way of allowing your users to IM each other when they're logged into
your web site at the same time. It appears as a bar at the bottom of every
page—displaying who's logged on, whether they're available, and any chats the
logged-in user has open.
The Chat application is very simple to use. To change the settings, click Settings.
Here you can set your status (online/offline) or have the application play a sound if
someone sends you a message when the window or tab is in the background.
Additionally, the application shows the number of your friends online. To chat
with one of them, click the Online Friends link, click the friend's name, and then begin
chatting. That's it! You can have multiple chats open at a time, and even have one or
more of them minimized. Your friends are anyone that shares membership of a Site
with you.

Summary
Social Office provides an environment for easy collaboration with one another.
All of the applications are geared toward working together and informing the team
about everyone's activities. This environment facilitates the easy sharing of data and
seamless communication among teammates. You'll find that it's much easier to work
together on common tasks when using Social Office.

Summary 55
4. CONTROL PANEL

Once Liferay Social Office is successfully installed, you can begin configuring it to
fit it to your environment and your particular collaboration needs. You can perform
many of these configuration tasks through Social Office's control panel.
You'll want to customize Social Office by configuring various settings such as
email notifications, integration with services such as LDAP, creating users, user
groups, and roles, and readying your installation to have its content and applications
loaded by users. This chapter covers the following activities:
• Social Office's User Interface: How to navigate around Social Office and make
use of the Control Panel.
• Social Office Administration: How to administer a Social Office install.
• Global Settings: Password policies, Settings, Monitoring, and more.

Navigating the Control Panel

The control panel is very easy to navigate. On the left side is a list of headings
with functions underneath them. The headings are in alphabetical order, but the
functions are in a logical order.
User Name: The first section is always the logged in user's personal space. Here,
you can change your account information.
Portal: The Portal section allows administrators to set up and maintain Social
Office. This is where you can add and edit users, sites, roles, and configure the server
settings.
Server: The Server section contains administrative functions for configuring
portal instances, runtime settings, connect Social Office to OpenOffice.org for
document conversion, and more.
Control Panel

All of the functions that you'll need to maintain Social Office or its content is
found in the Control Panel.

Social Office Architecture

Before we dive into the user interface for adding and maintaining various
resources, it's best to go over the concepts Social Office uses to organize itself.

Users
Users are accounts on the system which are accessed by real people. Users can be
collected in multiple ways. They can be members of sites which draw together
common interests. They can have roles which describe their functions in the system,
and these roles can be scoped by Portal or Site. They can also be collected into User
Groups.

Roles
There are two kinds of roles:
● Portal Roles
● Site Roles
These are called role scopes. Roles are used to define permissions across their
scope: across the portal or across a site. For example, consider a role which grants
access to create a Message Board category. A Portal role would grant that access
across the portal, wherever there was a Message Board portlet. A Site role would
grant that access only within a single site.
Because Roles are used strictly for security, they also don't have pages, like Sites.
Users or Sites can be members of a role.

Sites
Sites are collections of Users who have a common interest. There are two types
of Sites:
• Open
• Private
An Open Site (the default) allows Social Office users to join and leave the Site
whenever they want to, using the Control Panel or a Sites portlet added to a page to
which they have access. A Private site requires that users be added to the Site by a site
administrator and doesn't show up at all in the Sites portlet or the Control Panel.

User Groups
User Groups are simple, arbitrary collections of users, created by administrators.
They can be members of sites or roles. Permissions cannot be assigned to User
Groups. Though User Groups don't have pages sites, they do have page templates

58 Social Office Architecture

 Control Panel

which can be used to customize users' personal sets of pages. This is fully described
below.

Using the Control Panel

The Portal section of the Control Panel is used for most administrative tasks.
You'll find there an interface for the creation and maintenance of
• Users
• Roles
Additionally, it allows you to configure many server settings, including:
• Password Policies
• Authentication options, including Single Sign-On and LDAP integration
• Default User Associations
• Reserved Screen Names
• Mail Host Names
• Email Notifications
You'll use the Portal section of the Control Panel to create your portal structure,
implement security, and administer your users. Note that only users with the Admin­
istrator role—a portal scoped role—have permission to view this section of the Con­
trol Panel.

Adding Users
Let's begin by adding a user account for yourself. We will then configure this
account so that it has the same administrative access as the default administrator
account. Go up to the global navigation area and click the Control Panel link, if you
aren't there already. Then under the Portal category, click Users. Click the Add button.
You'll then be presented with the Add User form. Fill out the form using your
name and email address. When you're finished, click Save.
The page will then reappear with a message saying that the save was successful,
and there will now be an expanded form which allows you to fill out a lot more
information about the user. You don't have to fill anything else out right now, but one
thing is important to note: when the user ID was created, a password was
automatically generated and, if Social Office has been correctly installed (see Chapter
2), an email message with the password in it was sent to the user. This of course
requires that Social Office can properly communicate with your SMTP mail server in
your organization.
If you have not yet set up your mail server, you'll need to use this screen to
change the default password for the user ID to something you can remember. You can
do this by clicking on the Password link in the box on the right, entering the new
password in the two fields, and clicking Save.

Using the Control Panel 59

Control Panel

Illustration 22: The Add User screen.

Next, you'll want to give your user account the same administrative rights as the
default administrator's account. This will allow you to perform administrative tasks
with your own ID instead of having to use the default ID. And this allows you to make
your portal more secure by deleting or disabling the default ID.
Click the Roles link. You'll then be taken to a screen which shows the roles to
which your ID is currently assigned. By default, you should have one role: Power User.
By default, all users are also assigned the Power User role. You can give this role
certain permissions if you wish or disable it altogether. You can also define the
default roles a new user receives; we will go over this later.
To make yourself an Administrator, click the Select link. A window will pop up
with a list of all the roles in the system. Select the Administrator role from the list and
the window will disappear and you'll see that the role has been added to the list of
roles to which you're assigned. Next, click the Save button, which is at the bottom of
the blue bar of links on the right. You're now an administrator of the portal. Log out
of the portal and then log back in with your own user ID.

User Management
If you click the Users link on the left of the Control Panel, you'll see that there are
now two users in the list of users. If you wanted to change something about a
particular user, you can click the Actions button next to that user.

60 Using the Control Panel

 Control Panel

Edit User: This takes you back to the Edit User page, where you can modify
anything about the user.
Permissions: This allows you to define which Roles have permissions to edit the
user.
Impersonate User: This opens another browser window which allows you to
browse the site as though you were the user.
Deactivate: Clicking this will deactivate the user's account.
Note that most users can't perform most of the above (in fact, they won't even
have access to this section of the Control Panel). Because you have administrative
access, you can perform all of the above functions.

Roles
Roles are groupings of users that share a particular function within Social Office,
according to a particular scope. Roles can be granted permissions to various functions
within portlet applications. Think of a role as a description of a function, such as
Message Board Administrators. A role with that name is likely to have permissions to
functions of the Message Board portlet delegated to it. Users who are placed in this
role then inherit those permissions.
Roles are scoped by Portal or Site. The Control Panel makes it easy for you to
assign users to Roles and to assign permissions to Roles. You only have to go to one
place: the Roles link. From there, you can add roles scoped by Portal or Site from one
interface.

Illustration 23: Defining Permissions on a Role.

To create a Role, click the Roles link, and then click the Add button. Type a name
for your role and an optional description. The drop down box at the bottom of the
form lets you choose whether this is a Regular or Site role. When you have finished,
click Save.
You'll be back at the list of roles. To see what functions you can perform on your
new role, click the Actions button.
Edit: Click this action to edit the role. You can change its name or description.
Permissions: This allows you to define which Users, User Groups, or Roles have
permissions to edit the Role.

Using the Control Panel 61

Control Panel

Define Permissions: Click this to define what permissions this role has. This is
outlined in the next section.
Assign Members: Takes you to a
screen where you can search and
select users in the portal to be assigned
to this role. These users will inherit
any permissions given to the role.
View Users: Lets you view the
users who are in the Role.
Delete: Deletes the Role.

Defining Permissions on a
Role
Roles exist as a bucket for
granting permissions to the users who
are members of them. So one of the
main tasks you'll be doing with a role
is granting it the permissions that you
want members of the role to have.
When you click the Define Permis­
sions action on a Portal scoped Role,
you're given a choice of two kinds of
permissions that can be defined for
this role: Portal Permissions and Portlet
Permissions. For other Roles, you only
see the portlet permissions.
Portal permissions cover
portal-wide activities that are in
several categories, such as Site,
Location, Password Policy, etc. This
allows you to create a Role that, for
example, can create new Sites in the
portal. This would allow you to grant
users that particular permission
without making them overall portal
administrators.
Portlet permissions cover permis­
sions that are defined within various
portlets. Since Social Office inherits
from the design of Liferay Portal, its
applications are referred to in the
Control Panel as portlets. If you're
familiar, therefore, with Liferay Portal, Illustration 24: Message Boards permissions.
administering Social Office is the same exact experience. Clicking the Portlet Permis­
sions button brings you to a page where you can browse the names of the portlets that

62 Using the Control Panel

 Control Panel

are currently installed in your portal. Once you choose a portlet, you can then define
the actions within this portlet that the role will have permission to perform.
If we stick with our example of a Message Boards Admin role, we would then find
the Message Boards portlet in the list and click on it. A new page with configurable
permissions would then be displayed (see above).
Each possible action to which permissions can be granted is listed. To grant a
permission, choose the scope of the permission. You have two choices: Portal and
Communities. These labels are inherited from Liferay Portal, but they correspond to
global Social Office permissions and Site permissions. Granting Portal permissions
means that permission to the action is granted across Social Office, in any site where
there is a Message Boards portlet.
If you choose Communities, a button appears next to the permission allowing
you to choose one or more sites in which the permission is invalid. This lets you pick
and choose specific sites (for a portal scoped role) in which these permissions are
valid for users in this role.
Once you have chosen the permissions granted to this role, click Save. For a Mes­
sage Boards Admin role, you would likely grant Portal permissions to every action
listed. After you click Save, you'll see a list of all permissions that are currently
granted to this role. From here, you can add more permissions (by clicking Add Portlet
Permissions or Add Portal Permissions), or go back by clicking a link in the breadcrumb
list or the Return to Full Page link.
Roles are very powerful, and allow portal administrators to define various per­
missions in whatever combinations they like.

User Groups
User Groups are arbitrary groupings of users. These groups are created by portal
administrators to group users together who don't have an obvious aspect which
brings them together. Groups cannot have permissions like roles, but User Groups can
be added to Roles. Why would you use User Groups, then? They come into play when
you have complex security requirements and for page templates, which we will
discuss below.
Creating a User Group is easy. Click the User Groups link and then click the Add
button. There are only two fields to fill out: Name (the name of the User Group) and
Description (an optional description of what the group is for). Click Save and you'll
then be back to the list of groups.
As with the other resources in the portal, you can click the Actions button to
perform various operations on User Groups.
Edit: Allows you to modify the name or description of the User Group.
Permissions: This allows you to define which Users, User Groups, or Roles have
permissions to edit the User Group.
Manage Pages: Though User Groups don't have pages of their own, you can cre­
ate page templates for a group. When a User Group has page templates, any users
added to the group will have the group's pages copied to their personal pages. This al­

Using the Control Panel 63

Control Panel

lows you to do things like create a Bloggers user group with a page template that has
the Blogs and Recent Bloggers portlets on it. The first time users who are added to
this group log in to the portal, this page will get copied to their personal pages. They
will then automatically have a blog page that they can use.
Assign Members: Takes you to a screen where you can search for and select
users in the portal to be assigned to this User Group.
View Users: Lets you view the users who are in the User Group.
Delete: Deletes the User Group.

User Groups and Page Templates

Social Office allows users to have a personal set of pages that each user can
optionally customize at will. The default configuration of those pages can be
determined by the portal administrator through the portal-ext.properties file and
optionally by providing the configuration in a LAR file. Though this has been a
long-time feature of Liferay (which Social Office inherits), it was not very flexible or
easy to use.
We now have the concept of page templates which are tied to User Groups. This
enables administrators to provide the same configuration for the personal pages of all
(or just a subset of) users, using the GUI instead of the properties file. In some cases
you may want to provide a different configuration for each user depending on his or
her profile. For example, in a configuration for University students, staff and
undergraduates would get different default pages and portlets in their personal space.
You can also set it up so that different groups are combined together to create the
desired default configuration. When a user is assigned to a user group, the configured
page templates are copied directly to the user's personal pages.

User Group Page Templates: Defining page templates for a user group
The a User Group's page templates can be administered using the Control Panel.
The User Groups link lists all the existing user groups and allows you to perform
several actions on each of them.

64 Using the Control Panel

 Control Panel

Illustration 25: Manage Pages action on a User Group.

By selecting the Manage Pages action the administrator will access the common
Liferay UI for creating pages and organizing them in a hierarchy.
Note that it's possible to create both public and private pages. Each set is used as
templates and copied to the user's personal public or private page sets respectively
when the user becomes a member of the user group.

Using the Control Panel 65

Control Panel

Illustration 26: Adding a Page Template

In the screen shot above, the administrator has created a new private page called
You are a student within the Students user group. Since the page created is a portlet
page, the administrator can now click the View Pages button to open the page and add
as many portlets as desired to that page and configure them as needed. Let's assume
for this example that the Currency Converter and Calendar portlets are selected.

Applying the page templates by assigning members to the user group

The next step is to assign an existing user to that group to verify that the page
template is copied as a user's private page. To do this, click Actions → Assign Members
action in the list of available user groups.

66 Using the Control Panel

 Control Panel

Illustration 27: Assigning Members to a User Group

By clicking the Available tab in the next screen, a list of all available users is
shown. From that list, one or more users can be selected to make them members of
the user group. When the Update Associations button is clicked, the users become
members of the group and copies of any public or private page templates which are
configured for the user group are copied to their page sets.
In the previous example, a user that already had an existing page called Welcome
will now have a new page called You Are A Student the next time she accesses her
personal space. That page will contain two portlets: Currency Converter and Calendar as
configured by the User Group administrator.

Additional details
Because the pages are copied to a user's set of pages, those pages are now owned
by the user and they can be changed at any time if Social Office is set up to allow users
to edit their personal pages. When a user is removed from a user group the associated
pages won't be removed: they have become that user's pages. The system is smart
enough, however, to detect when a user is added again to a group of which he or she
was already a part, and the pages are not added again.
If an administrator modifies page templates for a User group after users have
already been added to the group, those changes are reused when new users are
assigned to the user group. Since the pages are templates, however, the changes
won't be applied to users that were already members of the user group.

Composing A Page Out of Several User Groups

Users can belong to many user groups. If you have templates defined for a
number of groups, this may result having many page templates copied to users'
pages. To prevent this, you can combine pages from different user groups into a
single page.
Let's expand our previous example by dividing the Students into First Year
Students, Second Year Students, Third Year Students, International Students, and Prospec­

Using the Control Panel 67

Control Panel

tive Students. For each of these types of students we want them to have a page with the
Currency Converter and Calendar, but depending on which type we also want other
different portlets on that page too.
This can be achieved by using a naming convention for the pages. If two or more
pages of different user groups have the same name, they are recombined into a single
page when they are copied to a user's personal pages set.
In the example above, a User was added to a Students group which had a page
called You are a Student. If the administrator creates a page template with the same
name (You are a Student) in the First Year Students group and puts in it an RSS portlet
pointing to information interesting for them, that page would be combined with the
You are a Student page that's in the Students group, and the resulting page would
contain the portlets configured for both User Groups.

Page Combination Rules

The following rules are used when composing a page by combining pages from
different user groups:
• If a user becomes a member of a User Group that has a page template with
the same name in the same set (public or private) as a page that the user
already has, those pages are combined.
• If any of the pages has the name translated to several languages, only the
default language is considered in the comparison.
• The portlets on the new page are copied to the bottom of the equivalent
columns of the existing page.
• If the existing and the new pages have different layout templates, the
existing one is preserved.
• If the new layout template has portlets in columns that don't exist in the
existing page, those portlets are automatically copied to the first column of
the existing layout template.
As you can see, it's possible to have a very flexible configuration for the default
pages of portal users. Furthermore, that configuration can be changed at any time
using the UI administrators are used to and then assigning users to new user groups.
While these examples are somewhat simple, the system allows for as many user
groups as desired. By using the convention of matching the page names it's possible
to build any default page composition that you want for your users.

Global Server Settings

Now that you've navigated in the Control Panel, you should be pretty familiar
with how it works, and hopefully now you're comfortable exploring around the
various options on the left. We've focused so far on the maintenance of users and
portal security. The remaining links in the Portal category focus on various portal
settings which cover how Social Office operates and integrates with other systems
you may have.

68 Global Server Settings

 Control Panel

Password Policies
Password policies can help to enhance the security of Social Office. Using
password policies, you can set password rules such as password strength, frequency
of password expiration, and more. Additionally, you can apply different rule sets to
different sets of portal users.
In the Control Panel, click on the Password Policies link on the left side of the
screen in the Portal category. You'll see that there is already a default password policy
in the system. You can edit this in the same manner as you edit other resources in the
portal: click Actions and then click Edit.
You'll then see the Password Policy settings form:
Changeable: Selects whether a user can change his or her password.
Change Required: Selects whether a user must change his or her password upon
first log in.
Minimum Age: You can choose how long a password must remain in effect
before it can be changed.
Syntax Checking: Allows you to choose whether dictionary words can be in
passwords as well as the minimum password length.
Password History: Keeps a history (with a defined length) of passwords and
won't allow users to change their passwords to one that was previously used.
Password Expiration: Lets you choose an interval where passwords can be
active before they expire. You can select the age, the warning time, and a grace limit.
Lockout: Allows you to set the number of failed log in attempts before a user's
account becomes locked. You can choose whether an administrator needs to unlock
the account or if it becomes unlocked after a specific duration.
From the list of password policies, you can perform several other actions.
Edit: Brings you to the form above and allows you to modify the password policy.
Permissions: This allows you to define which Users, User Groups, or Roles have
permissions to edit the Password Policy.
Assign Members: Takes you to a screen where you can search and select users
to be assigned to this password policy. The password policy is enforced for any users
who are added here.
Delete: This shows up for any password policies that you add beyond the default
policy. You cannot delete the default policy.

Settings
The Settings link is where most of the global settings are:
General: This lets you configure global settings, such as the company name,
domain, the virtual host, a global portal logo, and more.
Authentication: Allows you to configure login IDs, connection to LDAP, and Sin­

Global Server Settings 69

Control Panel

gle Sign-On.
Default User Associations: Lets you configure default membership to Roles,
User Groups, and Sites for new users.
Reserved Credentials: Lets you reserve screen names and email addresses so
that users cannot register using them. You might use this to prevent users from
registering on the portal with user names that contain profanity or that sound
official, such as admin or president.
Mail Host Names: You can add a list of other mail servers besides your main one
here.
Email Notifications: Social Office sends email notifications for certain events,
such as user registrations, password changes, etc. You can customize those messages
here.
We will go over these settings in detail below.

General
The General link allows you to set the name of the company / site which is
running the portal.

Authentication: General Settings

The Authentication link has several tabs under it. All of these are used for
configuring how users will authenticate to Social Office. Because Social Office
supports a number of authentication methods, there are settings for each.
The general settings affect only Social Office functionality, and don't have
anything to do with any of the integration options on the other tabs. This tab allows
you to customize Social Office's out-of-box behavior regarding authentication.
Specifically, the General tab allows you to select from several global authentication
settings:
• Authenticate via email address (default), screen name, or user ID (a
numerical ID auto-generated in the database—not recommended).
• Enable / Disable automatic login. If enabled, Social Office allows users to
check a box which will cause the site to “remember” the user's log in by
placing a cookie on his or her browser. If disabled, users will have to log in
manually.
• Enable / Disable Forgot Password functionality.
• Enable / Disable account creation by strangers. If you're running an
Internet site, you'll probably want to leave this on so that visitors can create
accounts on your site. For internal sites, you may want to turn this off so
that accounts will have to be created by administrators.
• Enable / Disable account creation by those using an email address in the
domain of the company running the site (which you just set on the General
tab).

70 Global Server Settings

 Control Panel

• Enable / Disable email address verification. If you enable this, Social Office,
will send users a verification email with a link back to the portal to verify
the email address they entered is a valid one they can access.
By default, all settings except for the last are enabled by default. One default
that's important is that users will authenticate by their email address. Social Office
defaults to this for several reasons:
1. An email address is, by definition, unique to the user who owns it.
2. People can generally remember their email addresses. If you have a user
who hasn't logged into the portal for a while, it's possible that he or she will
forget his or her screen name, especially if the user was not allowed to use
his or her screen name of choice (because somebody else already used it).
3. If a user changes his or her email address, if it's not used to authenticate, it's
more likely that the user will forget to update his or her email address in his
or her profile. If the user's email address is not updated, all notifications
sent by the portal will fail to reach the user. So it's important to keep the
email address at the forefront of a user's mind when he or she logs in to
help the user keep it up to date.
For these reasons, Social Office defaults to using the email address as a user
name.

Authentication: LDAP
Connecting Social Office to an LDAP directory is a straightforward process
through the Control Panel. Configuring LDAP in the control panel will allow you to
setup multiple LDAP servers.
The LDAP settings screen is very detailed, so we will look at it in chunks.

Global Values
There are two global LDAP settings.
Enabled: Check this box to enable LDAP Authentication.
Required: Check this box if LDAP authentication is required. Social Office will
then not allow a user to log in unless he or she can successfully bind to the LDAP
directory first. Uncheck this box if you want to allow users that have Social Office
accounts but no LDAP accounts to log in to the portal.
Managing LDAP servers in Social Office is done by adding LDAP server
configurations. To add an LDAP server for Social Office to use, click on the Add button.
Here you’ll be presented with configuration options that will allow Social Office to
communicate with your LDAP server—these are described in detail below. After you
have configured some LDAP servers for Social Office to use, you’ll notice that you can
also edit, delete and order your servers in the list. Be mindful of how you order them
because Social Office will attempt to authenticate to LDAP from your list of servers in
order from top to bottom.
Furthermore, the first LDAP server is considered your default LDAP server; any

Global Server Settings 71

Control Panel

interactions where a user cannot be matched to one of the servers in the list—such as
exporting a new user—will occur on the first LDAP server.

Default Values
Several leading directory servers are listed here. If you're using one of these,
select it and the rest of the form is populated with the proper default values for that
directory.

Connection
These settings cover the basic connection to LDAP.
Base Provider URL: This tells the portal where the LDAP server is located. Make
sure that the machine on which Social Office is installed can communicate with the
LDAP server. If there is a firewall between the two systems, check to make sure that
the appropriate ports are opened.
Base DN: This is the Base Distinguished Name for your LDAP directory. It's
usually modeled after your organization. For a commercial organization, it may look
something like: dc=companynamehere,dc=com.
Principal: By default, the administrator ID is populated here. If you have
removed the default LDAP administrator, you'll need to use the fully qualified name
of the administrative credential you do use. You need an administrative credential
because Social Office is using this ID to synchronize user accounts to and from LDAP.
Credentials: This is the password for the administrative user.
This is all you need in order to make a regular connection to an LDAP directory.
The rest of the configuration is optional: generally, the default attribute mappings are
sufficient data to synchronize back to the Social Office database when a user attempts
to log in. To test the connection to your LDAP server, click the Test LDAP Connection
button.
If you're running your LDAP directory in SSL mode to prevent credential
information from passing through the network unencrypted, you'll have to perform
extra steps to share the encryption key and certificate between the two systems.
For example, assuming your LDAP directory is Microsoft Active Directory on
Windows Server 2003, you would take the following steps to share the certificate:
On the Windows 2003 Domain Controller, open the Certificates MMC snapin.
Export the Root Certificate Authority certificate by selecting Certificates (Local
Computer) mmc snapin -> Trusted Root Certification Authorities ->
MyRootCACertificateName. Right click this certificate and select All Tasks -> export -> se­
lect DER encoded binary X.509 .CER. Copy the exported .cer file to your Social Office
server.
As with the CAS install (see the below section entitled Single Sign-On), you'll
need to import the certificate into the cacerts keystore. The import is handled by a
command like the following:
keytool -import -trustcacerts -keystore

72 Global Server Settings

 Control Panel

/some/path/jdk1.5.0_11/jre/lib/security/cacerts -storepass changeit

-noprompt
-alias MyRootCA -file /some/path/MyRootCA.cer

The keytool utility ships as part of the Java SDK.

Once this is done, go back to the LDAP page in the Control Panel. Modify the
LDAP URL in the Base DN field to the secure version by changing the protocol to https
and the port to 636 like the following:
ldaps://myLdapServerHostname:636

Save the changes. Your Social Office server will now use LDAP in secure mode for
authentication.

Users
This section contains settings for finding users in your LDAP directory.
Authentication Search Filter: The search filter box can be used to determine
the search criteria for user logins. By default, Social Office uses the email address as a
user login name. If you have changed this setting—which can be done on the General
tab that's next to the LDAP tab in the Settings->Authentication section of the Control
Panel—you'll need to modify the search filter here, which has by default been
configured to use the email address attribute from LDAP as search criteria. For
example, if you changed Social Office's authentication method to use the screen name
instead of the email address, you would modify the search filter so that it can match
the entered login name:
(cn=@screen_name@)

Import Search Filter: Depending on the LDAP server, there are different ways to
identify the user. Generally, the default setting (objectClass=inetOrgPerson) is fine, but if
you want to search for only a subset of users or users that have different object
classes, you can change this.
User Mapping: The next series of fields allows you to define mappings from
LDAP attributes to Social Office fields. Though your LDAP user attributes may be
different from LDAP server to LDAP server, there are five fields that Social Office
requires to be mapped in order for the user to be recognized. You must define a
mapping to the corresponding attributes in LDAP for the following Social Office fields:
• Screen Name
• Password
• Email Address
• First Name
• Last Name
The Control Panel provides default mappings for commonly used LDAP
attributes. You can also add your own mappings if you wish.
Test LDAP Users: Once you have your attribute mappings set up (see above),
click the Test LDAP Users button, and Social Office will attempt to pull LDAP users and

Global Server Settings 73

Control Panel

match them up with their mappings as a preview.

Illustration 28: Testing LDAP Users

Groups
This section contains settings for mapping LDAP groups to Social Office.
Import Search Filter: This is the filter for finding LDAP groups that you want to
map to Social Office. Enter the LDAP group attributes that you want retrieved for this
mapping. The following attributes can be mapped:
• Group Name
• Description
• User
Test LDAP Groups: Click the Test LDAP Groups to display a list of the groups
returned by your search filter.

Illustration 29: Mapping LDAP Groups.

Import/Export

74 Global Server Settings

 Control Panel

Users DN: Enter the location in your LDAP tree where the users are stored. When
Social Office does an export, it will export the users to this location.
User Default Object Classes: When a user is exported, the user is created with
the listed default object classes. To find out what your default object classes are, use
an LDAP browser tool such as JXplorer to locate a user and view the Object Class
attributes that are stored in LDAP for that user.
Groups DN: Enter the location in your LDAP tree where the groups are stored.
When Social Office does an export, it will export the groups to this location.
Once you have completed configuring LDAP, click the Save button. This will take
you back to the General tab under Settings. Click the LDAP tab to get back to the LDAP
settings, where you can define the global LDAP settings as shown below.

Global LDAP Options

Use LDAP Password Policy: Social Office uses its own password policy by
default. This can be configured on the Password Policies link in the Portal section on the
left side of the Control Panel. If you want to use the password policies defined by your
LDAP directory, check this box. Once this is enabled, the Password Policies tab will
display a message stating that you're not using a local password policy. You'll now
have to use your LDAP directory's mechanism for setting password policies. Social
Office does this by parsing the messages in the LDAP controls that are returned by
your LDAP server. By default, the messages in the LDAP controls that Social Office is
looking for are the messages that are returned by the Fedora Directory Server. If
you're using a different LDAP server, you'll need to customize the messages in Social
Office's portal-ext.properties file, as there is not yet a GUI for setting this. See below for
instructions describing how to do this.
Import Enabled: Check this box to cause Social Office to do a mass import from
your LDAP directories. If you want Social Office to only synchronize users when they
log in, leave this box unchecked. Definitely leave this unchecked if you're working in
a clustered environment. Otherwise, all of your nodes would try to do a mass import
when each of them starts up.
If you check the box, several other options become available.
Import on Startup Enabled: Check this box to have Social Office run the import
when it starts up. This box only appears if you check Import Enabled above.
Export Enabled: Check this box to enable Social Office to export user accounts
from the database to LDAP. Social Office uses a listener to track any changes made to
the User object and will push these changes out to the LDAP server whenever the User
object is updated. Note that by default on every login, fields such as LastLoginDate
are updated. When export is enabled, this has the effect of causing a user export
every time the user logs in. You can disable this by setting the following property in
your portal-ext.properties file:
users.update.last.login=false

LDAP Options Not Available in the GUI

Global Server Settings 75

Control Panel

Though most of the LDAP configuration can be done from the Control Panel,
there are several configuration parameters that are only available by editing por­
tal-ext.properties. These options are available in the GUI in future versions of Social
Office, but for now they can only be configured by editing the properties file.
If you need to change any of these options, copy the LDAP section from the por­
tal.properties file into your portal-ext.properties file. Note that since you have already
configured LDAP from the GUI, any settings from the properties file that match
settings already configured in the GUI is ignored. The GUI, which stores the settings
in the database, always takes precedence over the properties file.
ldap.auth.method=bind
#ldap.auth.method=password-compare

Set either bind or password-compare for the LDAP authentication method. Bind
is preferred by most vendors so that you don't have to worry about encryption
strategies. Password compare does exactly what it sounds like: it reads the user's
password out of LDAP, decrypts it, and compares it with the user's password in Social
Office, syncing the two.
ldap.auth.password.encryption.algorithm=
ldap.auth.password.encryption.algorithm.types=MD5,SHA

Set the password encryption to used to compare passwords if the property

ldap.auth.method is set to password-compare.
ldap.import.method=[user,group]

If you set this to user, Social Office will import all users from the specified portion
of the LDAP tree. If you set this to group, Social Office will search all the groups and
import the users in each group. If you have users who don't belong to any groups,
they will not be imported.
ldap.error.password.age=age
ldap.error.password.expired=expired
ldap.error.password.history=history
ldap.error.password.not.changeable=not allowed to change
ldap.error.password.syntax=syntax
ldap.error.password.trivial=trivial
ldap.error.user.lockout=retry limit

These properties are a list of phrases from error messages which can possibly be
returned by the LDAP server. When a user binds to LDAP, the server can return con­
trols with its response of success or failure. These controls contain a message
describing the error or the information that's coming back with the response. Though
the controls are the same across LDAP servers, the messages can be different. The
properties described here contain snippets of words from those messages, and will
work with Red Hat's Fedora Directory Server. If you're not using that server, the word
snippets may not work with your LDAP server. If they don't, you can replace the
values of these properties with phrases from your server's error messages. This will
enable Social Office to recognize them.

Single Sign-On

76 Global Server Settings

 Control Panel

Single Sign-On solutions allow you to provide a single log in credential for
multiple systems. This allows you to have people authenticate to the Single Sign-On
product and they are automatically logged in to Social Office and to other products as
well.
Social Office at the time of this writing supports several single sign-on solutions.
Of course if your product is not yet supported, your organization can choose to
sponsor support for it. Please contact sales@liferay.com for more information about
this.

Authentication: Central Authentication Service (CAS)

CAS is an authentication system that was originally created at Yale University.
It's a widely-used open source single sign-on solution, and was the first SSO product
supported by Social Office.
Please follow the documentation for CAS to install it on your application server
of choice.
Your first step is to copy the CAS client .jar file to Social Office's library folder. In
the bundle, this is in [Social Office Home]/tomcat-[version]/webapps/ROOT/WE­
B-INF/lib. Once you've done this, the CAS client is available to Social Office the next
time you start it.
The CAS Server application requires a properly configured Secure Socket Layer
certificate on your server in order to work. If you wish to generate one yourself, you'll
need to use the keytool utility that comes with the JDK. Your first step is to generate
the key. Next, you export the key into a file. Finally, you import the key into your
local Java key store. For public, Internet-based production environments, you'll need
to either purchase a signed key from a recognized certificate authority (such as
Thawte or Verisign) or have your key signed by a recognized certificate authority. For
Intranets, you should have your IT department pre-configure users' browsers to
accept the certificate so that they don't get warning messages about the certificate.
To generate a key, use the following command:
keytool -genkey -alias tomcat -keypass changeit -keyalg RSA

Instead of the password in the example (changeit), use a password that you can
remember. If you're not using Tomcat, you may want to use a different alias as well.
For First and Last name, enter localhost, or the host name of your server. It cannot be
an IP address.
To export the key to a file, use the following command:
keytool -export -alias tomcat -keypass changeit -file server.cert

Finally, to import the key into your Java key store, use the following command:
keytool -import -alias tomcat -file %FILE_NAME% -keypass changeit
-keystore $JAVA_HOME/jre/lib/security/cacerts

If you're on a Windows system, replace $JAVA_HOME above with %JAVA_HOME%.

Of course, all of this needs to be done on the system on which CAS is running.
Once your CAS server is up and running, you can configure Social Office to use it.

Global Server Settings 77

Control Panel

This is a simple matter of navigating to the Settings -> Authentication -> CAS tab in the
Control Panel. Enable CAS authentication, and then modify the URL properties to
point to your CAS server.
Enabled: Set this to true to enable CAS single sign-on.
Import from LDAP: A user may be authenticated from CAS and not yet exist in
the portal. Select this to automatically import users from LDAP if they don't exist in
the portal.
The rest of the settings are various URLs, with defaults included. Change localhost
in the default values to point to your CAS server. When you're finished, click Save.
After this, when users click the Sign In link from the Dock, they are directed to the
CAS server to sign in to Social Office.

Authentication: NTLM
NTLM is a Microsoft protocol that can be used for authentication through
Microsoft Internet Explorer. Though Microsoft has adopted Kerberos in modern
versions of Windows server, NTLM is still used when authenticating to a workgroup.
Enabled: Check the box to enable NTLM authentication.
Domain Controller: Enter the IP address of your domain controller. This is the
server that contains the user accounts you want to use with Social Office.
Domain: Enter the domain / workgroup name.

Authentication: OpenID
OpenID is a new single sign-on standard which is implemented by multiple
vendors. The idea is that multiple vendors can implement the standard, and then
users can register for an ID with the vendor they trust. The credential issued by that
vendor can be used by all the web sites that support OpenID. Some high profile
OpenID vendors are AOL (http://openid.aol.com/screenname), LiveDoor (http://pro­
file.livedoor.com/username), and LiveJournal (http://username.livejournal.com).
Please see the OpenID site (http://www.openid.net) for a more complete list.
The obvious main benefit of OpenID for the user is that he or she no longer has to
register for a new account on every site in which he or she wants to participate. Users
can register on one site (the OpenID provider's site) and then use those credentials to
authenticate to many web sites which support OpenID. Many web site owners often
struggle to build sites because end users are reluctant to register for so many
different accounts. Supporting OpenID makes it easier for site owners to build their
sites because the barriers to participating (i.e., the effort it takes to register for and
keep track of many accounts) are removed. All of the account information is kept with
the OpenID provider, making it much easier to manage this information and keep it
up to date.
Social Office can act as an OpenID consumer, allowing users to automatically
register and sign in with their OpenID accounts. Internally, the product uses OpenID4­
Java (http://code.google.com/p/openid4java/) to implement the feature.
OpenID is enabled by default in Social Office, but can be disabled on this tab.

78 Global Server Settings

 Control Panel

Atlassian Crowd
Atlassian Crowd is a web-based Single Sign-On product similar to CAS. Crowd can
be used to manage authentication to many different web applications and directory
servers.
Because Atlassian Crowd implements an OpenID producer, Social Office works
and has been tested with it. Simply use the OpenID authentication feature in Social
Office to log in using Crowd.

Authentication: OpenSSO
OpenSSO is an open source single sign-on solution that comes from the code base
of Sun's System Access Manager product. Social Office integrates with OpenSSO,
allowing you to use OpenSSO to integrate Social Office into an infrastructure that
contains a multitude of different authentication schemes against different
repositories of identities.
You can set up OpenSSO on the same server as Social Office or a different box.
Follow the instructions at the OpenSSO site (http://opensso.dev.java.net) to install
OpenSSO. Once you have it installed, create the Social Office administrative user in it.
Users are mapped back and forth by screen names. By default, the Social Office admin­
istrative user has a screen name of test, so in OpenSSO, you would register the user
with the ID of test and an email address of test@liferay.com. Once you have the user set
up, log in to Open SSO using this user.
In the same browser window, go to the URL for your server running Social Office
and log in as the same user, using the email address test@liferay.com. Go to the Control
Panel and click Settings -> Authentication -> OpenSSO. Modify the three URL fields (Login
URL, Logout URL, and Service URL) so that they point to your OpenSSO server (i.e.,
only modify the host name portion of the URLs), click the Enabled check box, and then
click Save. Social Office will then redirect users to OpenSSO when they click the Sign
In link.

Authentication: SiteMinder
SiteMinder is a single sign-on implementation from Computer Associates. Social
Office now has built-in integration with SiteMinder. SiteMinder uses a custom HTTP
header to implement its single sign-on solution.
To enable SiteMinder authentication in Social Office, check the Enabled box on
the SiteMinder tab. If you're also using LDAP with Social Office, you can check the Im­
port from LDAP box. If this box is checked, user authenticated from SiteMinder that
don't exist in the portal is imported from LDAP.
The last field defines the header SiteMinder is using to keep track of the user.
The default value is already populated. If you have customized the field for your
installation, enter the custom value here.
When you're finished, click Save.

Default User Associations

Global Server Settings 79

Control Panel

The Default User Associations link has three fields allowing you to list (one per
line) sites, roles, and user groups that you assign new users by default. Social Office's
default is to assign new users both the Users role and the Power Users role.
The Power Users role allows used to allow users to have their own set of pages.
This is now provided to all users and can be modified using the portal-ext.properties
file. You can now use the Power Users role to provide your own differentiation
between regular users and users to whom you wish to give more privileges in the
portal, or you can remove it altogether.
If you have defined other user groups, sites, or roles that you want assigned to
newly created users by default, enter them here. For example, you may have defined
page templates in certain user groups to pre-populate end users' private pages. If
there's a particular configuration that you want everyone to have, you may want to
enter those user groups here.

Reserved Credentials
The next link is Reserved Credentials. You can enter screen names and email
addresses here that you don't want others to use. Social Office will then prevent users
from registering with these screen names and email addresses. You might use this
feature to prevent users from creating IDs that look like administrative IDs or that
have reserved words in their names.

Mail Host Names

The next link is Mail Host Names. You can enter (one per line) other mail host
names besides the one you configured on the General tab. Social Office will fail over to
these host names in the event that the connection to the main one fails.

Email Notifications
There are three tabs under the Email Notifications link. The Sender tab allows you
to set the portal administration name and email address. By default, this is Joe Bloggs
and test@liferay.com. You can change it to anything you want. This name and address
will appear in the From field in all email messages sent by the portal.
The other two tabs (Account Created Notification and Password Changed Notification)
allow you to customize the email messages that are sent to users on those two events.
A list of tokens for inserting certain values (such as the portal URL) is given if you
wish to use those.

Identification
The identification section has several links for addresses, phone numbers, and
other information you can configure in your portal. This allows you to set up contact
information for the organization that's running the installation of Social Office.

Miscellaneous: Display Settings

This section allows you to set the default portal language and the time zone. You

80 Global Server Settings

 Control Panel

can also set the site-wide logo which appears in the top left corner of each page. Be
careful when using this option to choose an image file that fits the space. If you pick
something that's too big, it will mess up the navigation.

Monitoring
The next link on the left side of the Control Panel is for monitoring. Using this,
you can see all of the live sessions in the portal. For performance reasons, this setting
is generally turned off in production, but if you have it turned on, you can view the
active sessions here.

Server Administration
The Server Administration link lets you perform various tasks relating to admin­
istration of the overall Social Office installation, as opposed to administering
resources in the site. Clicking the link makes this abundantly clear: you're
immediately presented with a graph showing the resources available in the JVM.

Resources
The first tab is called Resources. This tab contains the aforementioned graph plus
several server wide actions that an administrator can execute. These are:
• Garbage collection: You can send in a request to the JVM to begin the
garbage collection task.
• Clearing caches: You can send in a request to the JVM to clear a single VM
cache, the cluster cache, or the database cache.
• Reindex: You can send in a request to regenerate all search indexes.
• Generate Thread Dump: If you're performance testing, you can generate a
thread dump which can be examined later to determine if there are any
deadlocks and where they might be.

Log Levels
Here you can dynamically modify the log levels for any class hierarchy in the
portal. If you have custom code that you have deployed which isn't in the list, you can
use the Add Category tab to add it. If you change the log level near the top of the class
hierarchy (such as at com.liferay), all the classes under that hierarchy will have their
log levels changed. If you're testing something specific, it's much better to be as
specific as you can when you change log levels, as by modifying them too high in the
hierarchy you can generate a lot more log messages than you probably need.

System Properties
This tab shows an exhaustive list of system properties for the JVM, as well as
many Social Office system properties. This information can be used for debugging
purposes or to check the configuration of the currently running portal.

Global Server Settings 81

Control Panel

Portal Properties
This tab shows an exhaustive list of the portal properties. These properties are
customizable, which you'll see in the next chapter. If you need to check the current
value of a particular property, it can be viewed from this screen without having to
shut down the portal or open any properties files.

Shutdown
If you ever need to shut down your Social Office server while users are logged in,
you can use the Shutdown tab to inform your logged-in users of the impending
shutdown. You can define the number of minutes until the shutdown and a custom
message that is displayed.
Users will see your message at the top of their portal pages for the duration of
time you specified. When the time expires, all portal pages will display a message
saying the portal has been shut down. At this point, restart the server to restore
access.

OpenOffice
Social Office contains a Document Library application. This application allows
users to upload documents in many formats into a folder structure that they define.
OpenOffice.org is an open source office suite which is normally run in graphical
mode to create documents, but it can be run in “server” mode. When run in server
mode, OpenOffice.org can be used to convert documents to and from all of the file
types it supports. Social Office's Document Library application can make use of this
feature to automatically convert documents on the fly.
You would use this tab to tell Social Office how to connect to your running
instance of OpenOffice.org. You can install OpenOffice.org on the same server upon
which Social Office is running. Once you have it installed, you can start
OpenOffice.org in server mode with the following command:
soffice -headless -accept="socket,host=127.0.0.1,port=8100;urp;"
-nofirststartwizard

As you can see, the command above specifies that OpenOffice.org will run on
port 8100, which is the default port in the Control Panel. If you can use this port, all
you need to do is check the Enabled box, and Social Office is integrated with
OpenOffice.org.
If you have something else running on this port, find a port that's open and
specify it both in the command above and on the Control Panel's OpenOffice.org
configuration page. When you're finished, click Save.

Summary
We went in-depth through Social Office's Control Panel. Using the Control Panel,
we learned how to manage users and roles. We also learned how to configure various
server settings, such as authentication, LDAP integration, and single sign-on. We also
learned how to associate users by default with different sites and roles, and we saw

82 Summary
 Control Panel

how to reserve screen names and email addresses so that users cannot register in the
portal with them.
Next, we saw how to view and configure overall server settings. We saw how to
view the memory currently being used by the server, as well as how to initiate
garbage collection, a thread dump, search engine re-indexing, and the clearing of
various caches. We learned how to debug parts of the portal by changing log levels,
and by viewing the various properties that are defined in the portal.
Finally, we learned how to properly notify users that the portal is about to shut
down and how to enable the OpenOffice.org integration.
All of this information should help to bring you well on your way to becoming a
seasoned Liferay Social Office Administrator.

Summary 83