INSTALLING


Preparing input parameters in a JSON file

You can create a JSON file (.json) to provide input parameters for one-touch Domino setup.

The JSON input data is organized into top-level JSON objects each corresponding to a specific component. Each top-level object can contain nested objects. For example, theserverSetup object contains the object server that includes all server-related parameters, the object network that includes all network-related parameters, and so on.

Note: The JSON file must be saved in UTF-8 format without a byte order mark (BOM) at the beginning of the file. Because UTF-8 is a superset of the ASCII character set, any file with purely printable ASCII characters is also a valid UTF-8 file.

After you've prepared the JSON file, use the validjson tool provided starting with Domino 12.0.1 to validate the configuration. For more information, see Validating a JSON file in advance from the command line.

The sections in this topic includes tables that describe the supported JSON objects and parameters for the following top-level objects:


An X in the First or Addt'l column of a table indicates that a parameter pertains to that type of server setup. An asterisk (*) next to an X indicates a required parameter.

The JSON file must contain valid JSON as described at json.org.


JSON parameters for one-touch setup preferences

The following table describes parameters for the top-level object autoConfigPreferences that you use to specify preferences for running one-touch setup.
ParameterFirstAddt'lDescription
autoConfigPreferences/deleteInputFileAfterProcessingXXIf true, the input JSON file is deleted when processing is complete. This assures that confidential data such as passwords is not left on the file system. When using this option, be sure to have a backup copy of your JSON file in a secure location in case it is needed again.

Default: false

autoConfigPreferences/startServerAfterConfigurationXXIf true, Domino starts after successful setup. If false, setup exits and does not start Domino.

Note: If you are using one-touch setup to configure the ID vault, leave this setting true. The Domino server must start immediately for the ID vault configuration to take effect.

Default: true

autoConfigPreferences/consoleLogOutput/showXXSpecifies which one-touch setup output to write to console log. Possible values are "none", "errors", or "all".

Default: "errors"

autoConfigPreferences/consoleLogOutput/pauseOnErrorSecondsXXTime to pause (in seconds) before exiting when one-touch setup completes with error. Note that for certain errors that happen early in the setup process, there is no pause. You can always consult IBM_TECHNICAL_SUPPORT/autoconfigure.log for output.

Default: 15


JSON parameters for server setup

The following table describes the parameters for the top-level object serverSetup that you use to set up servers with one-touch setup. Note that for a first server, one-touch setup automatically creates certstore.nsf and adds CertMgr to the ServerTasks notes.ini variable. On additional servers, it creates a replica of certstore.nsf from the first server.
ParameterFirstAddt'lDescription
serverSetup/server/typeX*X*Server type. Must be either:
  • "first" for first server in a Domino domain.
  • "additional" for additional servers in the domain.
serverSetup/server/nameX*X*Server common name, for example, "Adminserver".
serverSetup/server/domainNameX*X*Domino domain name.
serverSetup/server/titleXXServer title

Default: none

serverSetup/server/passwordXXServer ID password

Default: none

serverSetup/server/minPasswordLengthXXMinimum password length for all passwords (Integer)

Default: 5

serverSetup/server/useExistingServerIDXValue of true uses the existing server ID specified by IDFilePath. Default is to create a new server ID that defaults to server.id in the Domino data directory.

Default: false

serverSetup/server/IDFilePathXX*Path of server ID file. On Docker, the ID must be relative to the container.
serverSetup/server/serverTasksXXA comma-separated list of server tasks that run on the server.

Default: "Replica,Router,Update,AMgr,Adminp,Sched,CalConn,RnRMgr"

serverSetup/server/additionalServerTasksXXA comma-separated list of additional tasks to run on the server. Use this to add to the default list of server tasks.
serverSetup/network/hostNameX*X*DNS host name. Note that starting in Domino 12.0.2, One-touch setup by default creates Java controller and Java console certificates specific to this host name. Be sure to provide the fully qualified DNS host name (FQDN) to ensure that the Java console, as well as LDAP and HTTP if configured, work properly.
serverSetup/network/enablePortEncryptionXXValue of true enables port encryption. (Boolean)

Default: true

serverSetup/network/enablePortCompressionXXValue of true enables port compression. (Boolean)

Default: true

serverSetup/org/countryCodeXXOrganization country code

Default: none

serverSetup/org/orgNameX*X*Organization name
serverSetup/org/certifierPasswordX*Organization certifier
serverSetup/org/orgUnitNameXXOrganization unit name

Default: none

serverSetup/org/orgUnitPasswordXXOrganization unit password

Default: none

serverSetup/org/useExistingCertifierIDXValue of true uses the existing certifier ID specified by certifierIDFilePath. Default is to create a new certifier ID that defaults to cert.id in the Domino data directory.

Default: false

serverSetup/org/certifierIDFilePathXPath of certifier ID used when useExistingCertifierID is true. On Docker, the ID must be relative to the container.

Default: none

serverSetup/org/useExistingOrgUnitIDXValue of true uses the existing organization unit certifier ID specified by orgUnitIDFilePath. Default when an orgUnitName is specified is to create a new organization unit certifier ID that defaults to oucert.id in the Domino data directory.

Default: false

serverSetup/org/orgUnitIDFilePathXPath of organization unit certifier ID used when useExistingOrgUnitID is true. On Docker, the ID must be relative to the container.

Default: none

serverSetup/admin/firstNameXAdministrator first name

Default: none

serverSetup/admin/middleNameXAdministrator middle name or initial

Default: none

serverSetup/admin/lastNameX*Administrator last name
serverSetup/admin/passwordX*Administrator ID password
serverSetup/admin/IDFilePathX*Administrator ID file path. On Docker, the ID must be relative to the container.
serverSetup/admin/useExistingAdminIDXValue of true uses the existing server ID specified by IDFilePath. Default is to create a new administrator ID and save it as IDFilePath.

Default: false

serverSetup/admin/CNX*Administrator common name, for example, "Bill Ranney."
serverSetup/notesINI/<any name>XXAny notes.ini setting can be defined when using JSON input. Use with caution when defining notes.ini settings that might be independently defined by server setup; the value defined here overrides any value previously defined by setup.

Default: none

serverSetup/security/ACL/prohibitAnonymousAccessXXValue of true gives Anonymous users No Access. (Boolean)

Default: true

serverSetup/security/ACL/addLocalDomainAdminsXXValue of true gives the LocalDomainAdmins group entry Manager access. (Boolean)

Default: true

serverSetup/security/TLSSetup/methodX*Method for creating TLS artifacts in certstore.nsf. Must be one of:
  • "dominoMicroCA" to create a Domino Micro Certificate Authority and use it to create a TLS certificate. Valid parameters are CADisplayName, CAOrgName, CAKeyType, CAExpirationDays, orgName, TLSKeyType, certExpirationDays.
  • "import" to import certificate data from a .pem, .p12, .pfx, or .kyr file. Valid parameters are importFilePath, importFilePassword, retainImportFile, exportPassword.
serverSetup/security/TLSSetup/CADisplayNameXCertificate Authority display name

Default: DominoMicroCA

serverSetup/security/TLSSetup/CAOrgNameXCertificate Authority organization name. Defaults to the value of the serverSetup/org/orgName property in the source JSON file.
serverSetup/security/TLSSetup/CAKeyTypeXCertificate Authority key type. Must be one of:
  • "RSA" - RSA with default key size
  • "ECDSA" - ECDSA with default key size
  • "RSA2048" - RSA with 2048 bit key
  • "RSA4096" - RSA with 4096 bit key
  • "ES256" - ECDSA with 256 bit key
  • "ES384" - ECDSA with 384 bit key

Default: RSA
serverSetup/security/TLSSetup/CAExpirationDaysXNumber of days until Certificate Authority certificate expires. If not specified, Domino chooses an appropriate default.
serverSetup/security/TLSSetup/orgNameXTLS certificate organization name. Defaults to value of CAOrgName.
serverSetup/security/TLSSetup/TLSKeyTypeXTLSKeyType. See CAKeyType for valid values.

Default: RSA

serverSetup/security/TLSSetup/certExpirationDaysXNumber of days until TLS certificate expires, an integer value between 1 and 398, inclusive.

Default: Domino chooses an appropriate value.

serverSetup/security/TLSSetup/importFilePathXRequired for "method": "import". Path of .pem, .p12, .pfx, or .kyr file to import.
serverSetup/security/TLSSetup/importFilePasswordXPassword to decrypt import file contents. Required if import file is password protected. May use any of the indirect password mechanisms as described in Specifying passwords indirectly.
serverSetup/security/TLSSetup/retainImportFileXBy default, the import file is deleted after a successful import. Specify true to retain the file.
serverSetup/security/TLSSetup/exportPasswordXPassword for storing imported data encrypted, if you want data to be exportable. May use any of the indirect password mechanisms described in https://doc.cnx.cwp.pnp-hcl.com/domino-next/inst_onetouch_specifying_passwords_indirectly.html.
serverSetup/security/JConsole/createControllerCertXXCreates a MicroCA-generated certificate for the Domino server controller. Defaults to true. The certificate is saved to a file named <short-hostname>_<domainname>_s.p12 in the data directory. Also, the file dcontroller.ini is created and initialized to reference this certificate. See the Java console documentation for more details on usage of these files.
serverSetup/security/JConsole/createConsoleCertXXCreates a MicroCA-generated certificate for the Domino server console. Defaults to true. The certificate is saved to a file named <short-hostname>_<domainname>_c.p12 in the data directory. Also, the file dconsole.ini is created and initialized to reference this certificate. See the Java console documentation for more details on usage of these files.
serverSetup/directoryAssistance/databasePathXXDirectory assistance database path. Creates the Domino Directory assistance database if necessary to be used to configure access to external LDAP directories.

Default: da.nsf

serverSetup/directoryAssistance/domainNameXXDirectory assistance domain name. Defaults to the value of the serverSetup/server/domainName property in the source JSON file.
serverSetup/directoryAssistance/companyNameXXDirectory assistance company name. Defaults to the value of the serverSetup/org/orgName property in the source JSON file.
serverSetup/directoryAssistance/LDAP/hostNameX*X*DNS host name of the LDAP server.
serverSetup/directoryAssistance/LDAP/vendorXXDirectory assistance LDAP vendor. Must be one of: "activeDirectory", "openLDAP", "dominoLDAP".

Default: "dominoLDAP"

serverSetup/directoryAssistance/LDAP/userDNXXDirectory assistance LDAP user distinguished name
serverSetup/directoryAssistance/LDAP/passwordXXDirectory assistance LDAP user password
serverSetup/directoryAssistance/LDAP/baseSearchDNXXDirectory assistance LDAP base search distinguished name
serverSetup/directoryAssistance/LDAP/channelEncryptionXXDirectory assistance LDAP channel encryption. Must be "TLS" or "none".

Default: "TLS"

serverSetup/directoryAssistance/LDAP/portXXDirectory assistance LDAP port.

Default: 636 for "channelEncryption": "TLS" and 389 for "channelEncryption": "none".

serverSetup/directoryAssistance/LDAP/acceptExpiredCertificatesXXDirectory assistance LDAP - accept expired certificates.

Default: false

serverSetup/directoryAssistance/LDAP/verifyRemoteServerCertificatesXXDirectory assistance LDAP - verify remote server certificates.

Default: true

serverSetup/directoryAssistance/LDAP/timeoutXXDirectory assistance LDAP timeout, a non-negative integer value. A value of 0 implies no timeout.

Default: 0

serverSetup/directoryAssistance/LDAP/maximumEntriesReturnedXXDirectory assistance LDAP maximum entries returned, a non-negative integer value. A value of 0 implies no limit.

Default: 0

serverSetup/autoregister/countXNumber of additional servers to register automatically.

Default: 0

serverSetup/autoregister/IDPathXSpecifies the directory in which to put generated server ID files. The directory must already exist. On Docker, the ID must be relative to the container.

Default: none

serverSetup/autoregister/patternXSpecifies a pattern for the names of generated server ID files. Pattern must contain a single '#' character which will be replaced with the numbers 0, 1, ... up to count-1. For example, if count is 3 and pattern is "mailserver#", the resulting ID files are named mailserver0.id, mailserver1.id, mailserver2.id.

Default: none

serverSetup/registerUsers/defaultsXAn object containing default parameters for all users to register. Each individual user has properties that can override the defaults.
serverSetup/registerUsers/defaults/saveIDToPersonDocumentXIf true, user ID files are saved as an attachment in the users' Person documents in the Domino directory.

Default: false

serverSetup/registerUsers/defaults/mailTemplatePathXPath of template database to be used to create users' mail files.
serverSetup/registerUsers/defaults/passwordXPassword to be used for all users for which an explicit password is not provided. Use "@Prompt:" to be prompted for each user password, or specify a password to be applied to all users (recommended only for test servers). The indirect password options other than "@Prompt:" are not supported.
serverSetup/registerUsers/defaults/setInternetPasswordXSet to true to cause registered users to have their internet password set to the same value as their standard password. Default is false.
serverSetup/registerUsers/defaults/enableFullTextIndexXIf true, user mail databases are created with the Full Text Index database property enabled. One-touch setup does not create the indexes.

Default: false

serverSetup/registerUsers/defaults/certificateExpirationMonthsXNumber of months in which users' certificates will expire.

Default: 24

serverSetup/registerUsers/usersXAn array of users to register. The entire array begins with a '[' character and ends with a ']' character in the JSON input. Each entry in the array is an object that begins with a '{' character and ends with a '}' character. The properties within an object, shown below, provide the registration data for a user. Some of the properties have defaults as described in the /defaults object above.
serverSetup/registerUsers/users/firstNameXUser first name
serverSetup/registerUsers/users/middleNameXUser middle name
serverSetup/registerUsers/users/lastNameX*User last name
serverSetup/registerUsers/users/shortNameXUser short name
serverSetup/registerUsers/users/passwordXUser ID file password. You can specify an explicit password or use any of the indirect password options documented in Specifying passwords indirectly. You must specify a password for each user, either with this property or with the password property within /defaults.
serverSetup/registerUsers/users/setInternetPasswordXSet to true to cause to set the user's internet password to be set to the same value as their standard password. Default is false.
serverSetup/registerUsers/users/mailFilePathXUser mail file path. If not specified, a mail file is not created for the user.
serverSetup/registerUsers/users/mailTemplatePathXMail template path. If not specified here or with /defaults, the current Domino version's mail template is used by default.
serverSetup/registerUsers/users/IDFilePathXUser ID file path. If you also create an ID vault with one-touch setup, you can omit this property if you don't want the ID file stored on disk. In that case, one-touch setup creates a temporary ID file whose name is derived from the user's mailFilePath, if present, or a unique temporary file name. Then after uploading the ID file to the vault, one-touch setup deletes the temporary ID file. If the user ID file path is specified, the file is not deleted.
serverSetup/registerUsers/users/saveIDToPersonDocumentXIf true, the user's ID file is saved as an attachment in the user's Person document in the Domino directory.
serverSetup/registerUsers/users/enableFullTextIndexXIf true, user's mail database is created with the Full Text Index database property enabled. One-touch setup does not create the index.
serverSetup/registerUsers/users/internetAddressXUser internet address. If not specified, one-touch setup uses <firstName><lastName>@<domain-name>, where <domain-name> is taken from the required property serverSetup/server/domainName.
serverSetup/registerUsers/users/certificateExpirationMonthsXNumber of months in which the user's certificates will expire.
serverSetup/existingServer/CNX*Server common name, for example, "Adminserver", of the existing server to use to replicate the directory and other databases.
serverSetup/existingServer/hostNameOrIPXServer DNS host name or IP address of the existing server.

Default: none


JSON parameters for ID vault setup

The following table describes the parameters for the top-level object IDVault that you use to set up an ID vault with one-touch setup.
ParameterFirstAddt'lDescription
IDVault/nameX*Vault name. Specify as "O=<vaultname>" for example, "O=DemoVault". You must include the "O=" prefix. If you omit it, you can get an 'Entry not found in index' error when the vault creation is attempted.
IDVault/descriptionX*Vault description.
IDVault/IDFileX*Vault ID file
IDVault/IDPasswordX*Vault ID file password
IDVault/pathXVault database path. This is an optional parameter and we recommend you not specify it since it can be derived from the name parameter. If you do specify it, the directory portion of the path must be IBM_ID_VAULT and the file name portion of the path must match the name parameter, without the O= prefix, for example, "IBM_ID_VAULT/DemoVault.nsf".
IDVault/passwordReset/helpTextX*Help text for users who forget their passwords.
IDVault/securitySettingsPolicy/nameX*Security Settings policy name
IDVault/securitySettingsPolicy/descriptionX*Security Settings policy description
IDVault/masterPolicy/descriptionX*Master policy description

JSON parameters for application configuration

The following table describes the parameters for the top-level object appConfiguration that you use to set up applications with one-touch setup.
ParameterFirstAddt'lDescription
appConfiguration/notesINI/<any-name> XXAny notes.ini variables may be defined here as an alternative to specifying them within serverSetup properties.
appConfiguration/databases/actionX*X*Specify "create" to create a new database, or "update" to update an existing database.
appConfiguration/databases/filePathX*X*Database file path.
appConfiguration/databases/titleXXDatabase title.
appConfiguration/databases/templatePathXXDatabase template file path. Required when action is "create".
appConfiguration/databases/signUsingAdminpXXWhen set to true, an adminp request is issued to sign all design documents using the server's ID.

Default: false

appConfiguration/databases/ACL/rolesXXAn array of role names. Example: [ "SpecApprover", "SpecAuthor" ]
appConfiguration/databases/ACL/ACLEntriesAn array of ACL entries. The entire array begins with a '[' character and ends with a ']' character in the JSON input. Each entry in the array is an object that begins with a '{' character and ends with a '}' character. The properties within an object, shown below, provide the data for an ACL entry.
appConfiguration/databases/ACL/ACLEntries/nameX*X*ACL entry name in hierarchical format (e.g. "adminserver/sherlock"). The name can be specified in canonical format (e.g. "CN=adminserver/O=sherlock") but it needn't be because one-touch setup automatically canonicalizes the name.
appConfiguration/databases/ACL/ACLEntries/levelX*X*Access level. Must be one of: "noAccess", "depositor", "reader", "author", "editor", "designer", "manager".
appConfiguration/databases/ACL/ACLEntries/typeXXAccess type. Must be one of: "unspecified", "person", "server", "personGroup", "serverGroup", "mixedGroup"

Default: "unspecified".

appConfiguration/databases/ACL/ACLEntries/canCreateDocumentsXXNamed entity can create documents.

Default: false.

appConfiguration/databases/ACL/ACLEntries/canDeleteDocumentsXXNamed entity can create documents.

Default: false.

appConfiguration/databases/ACL/ACLEntries/canCreatePersonalAgentXX Named entity can create private agents.

Default: false.

appConfiguration/databases/ACL/ACLEntries/canCreatePersonalFolderXXNamed entity can create personal folders and views.

Default: false.

appConfiguration/databases/ACL/ACLEntries/canCreateSharedFolderXXNamed entity can create shared folders and views

Default: false.

appConfiguration/databases/ACL/ACLEntries/canCreateLSOrJavaAgentXXNamed entity can create LotusScript and Java agents.

Default: false.

appConfiguration/databases/ACL/ACLEntries/isPublicReaderXXNamed entity can read public documents.

Default: false.

appConfiguration/databases/ACL/ACLEntries/isPublicWriterXXNamed entity can write public documents.

Default: false.

appConfiguration/databases/ACL/ACLEntries/canReplicateOrCopyDocumentsXXNamed entity can replicate and copy documents.

Default: false.

appConfiguration/databases/ACL/ACLEntries/rolesXXAn array of roles granted to the named entity. Example: [ "SpecApprover", "SpecAuthor" ]

Default: false.

appConfiguration/documentsXXAn array of documents within the database. The entire array begins with a '[' character and ends with a ']' character in the JSON input. Each entry in the array is an object that begins with a '{' character and ends with a '}' character. The properties within an object, shown below, provide the document data to be created or updated.
appConfiguration/documents/actionX*X*Specify "create" to create a new document, or "update" to update an existing document.
appConfiguration/documents/findDocumentXXRequired when action is "update", the properties in this object define one or more items used to find the document to update. The document must have all of those items with the exact values as specified. For example:

"findDocument": { "Type": "Server", "ServerName": "CN=adminserver/O=sherlock" }

appConfiguration/documents/computeWithFormXXCompute/Validate the document against its form. If true, form logic such as input validation formulas and default value formulas execute, possibly modifying the document (for example, adding additional items).

Default: false.

appConfiguration/documents/itemsXXDocument items. These can be in a simple format or canonical format. You may specify some items in simple format and some in canonical format. The canonical format is required for setting any of the item flags. The simple formats are shown first, then the canonical format. The supported data types are text, number, text list, and number list.
appConfiguration/documents/items/"<item-name>": "<item-value>"XXSimple format for text item.
appConfiguration/documents/items/"<item-name>": <item-value>XXSimple format for number item. Note there are no quotes around the value.
appConfiguration/documents/items/"<item-name>": [ "v1", "v2" ]XXSimple format for text list item. Array may contain one or more items (two shown here).
appConfiguration/documents/items/"<item-name>": [ 1, 2 ]XXSimple format for number list item. Note there are no quotes around the values. Array may contain one or more items (two shown here).
appConfiguration/documents/items/"<item-name>"XXCanonical format for item
appConfiguration/documents/items/"<item-name>"/"type"XXItem data type. Optional for text and number items; may be deduced from JSON data type as with the simple formats above. If specified, must be one of: "text", "number", "datetime".
appConfiguration/documents/items/"<item-name>"/"value"XX
  • For type "text", must be either a single string or an array of strings.
  • For type "number", must be a single number or an array of numbers.
  • For type "datetime", must be a date and/or time in one of the following ISO-8601 formats, shown via examples, or an array of such values.
    • "20210728T162308,50-04" - 4 digit year, 2 digit month, 2 digit day, "T" delimiter, 2 digit hour, 2 digit minute, 2 digit second, comma delimiter, 2 digit hundredths of seconds, "+" or "-" delimiter for offset from Greenwich Mean Time, 2 digit hour timezone offset from GMT.
    • "20210728T162308,50-0330" - as above, followed by 2 digit minute timezone offset from GMT.
    • "20210728" - date only - 4 digit year, 2 digit month, 2 digit day.
    • "T162308,50" - time only - "T" delimiter, 2 digit hour, 2 digit minute, 2 digit second, comma delimiter, 2 digit hundredths of seconds.
appConfiguration/documents/items/"<item-name>"/"names"XXItem contains names.

Default: false.

appConfiguration/documents/items/"<item-name>"/"readers"XXReaders item used to determine who can read document.

Default: false.

appConfiguration/documents/items/"<item-name>"/"authors"XXAuthors item used to determine who can edit document.

Default: false.

appConfiguration/documents/items/"<item-name>"/"protected"XXItem is protected.

Default: false.

appConfiguration/documents/items/"<item-name>"/"sign"XXItem is part of document signature computation if document is signed.

Default: false.

appConfiguration/documents/items/"<item-name>"/"encrypt"XXItem is encrypted if document is encrypted.

Default: false.

appConfiguration/documents/items/"<item-name>"/"nonSummary"XXItem is not a summary item. By default, items are summary items.

Default: false.

appConfiguration/agents/XXAn array of agents within the database. The entire array begins with a '[' character and ends with a ']' character in the JSON input. Each entry in the array is an object that begins with a '{' character and ends with a '}' character. The properties within an object, shown below, provide the information on the agent to be processed.
appConfiguration/agents/nameX*X*Agent name.
appConfiguration/agents/actionX*X*Action(s) to perform on agent. Value may be a single string or an array of strings. Valid values are:
  • "enable" - Enable the agent
  • "disable" - Disable the agent
  • "sign" - Sign the agent with the server ID
  • "run" - Run the agent


Parent topic: Preparing input parameters for one-touch Domino setup