Delegated Administrator 6.4 Release Notes

Sun Java System Delegated Administrator 6.4 Release Notes

A Note About This Release

Delegated Administrator 6.4 released with Communications Suite 6 is functionally the same version as the Delegated Administrator 6.4 released with Communications Suite 5. (However, bugs have been fixed since the Communications Suite 5 release.)
These Communications Suite 6 Release Notes contain new information not included in Sun Java System Delegated Administrator 6.4 Release Notes in the Communications Suite 5 Release Notes.

These Release Notes contain important information available at the time of the general release of Sun Java System Delegated Administrator 6.4 including:

About Delegated Administrator 6.4

Delegated Administrator 6.4 enables you to provision organizations (domains), users, groups, and resources in an LDAP directory used by Communications Suite applications such as Messaging Server, Calendar Server, and Instant Messaging.

The Delegated Administrator has two user interfaces:

  • A utility (a set of command-line tools) invoked with the commadmin command.
  • A console (a graphical user interface) accessible through a Web browser.

Online help in the Delegated Administrator console describes how administrators can use the GUI to provision users in an LDAP directory.

With Delegated Administrator 6.4, you can provision users in an LDAP Schema 2 directory only. To provision Messaging Server users in an LDAP Schema 1 directory, you must use iPlanet Delegated Administrator, a deprecated tool.

For information about configuring and managing Delegated Administrator, see the Sun Java System Delegated Administrator 6.4 Administration Guide. For a description of the Delegated Administrator commadmin command-line tools, see Delegated Administrator Utility (commadmin) Reference.

What's New in This Release of Delegated Administrator

See the Communications Suite 6 What's New document.

Deprecated and Removed Features for Delegated Administrator 6.4

Top

Deprecated Platforms: Version 3 of Red Hat Linux (effective in Communications Suite 6)

Support for Communications Suite (including Delegated Administrator) on the following versions of Red Hat Linux has been deprecated and may be removed in a future release:

  • Red Hat Enterprise Linux Advanced Server (32– and 64–bit versions), version 3 (all updates)
  • Red Hat Enterprise Linux Enterprise Server (32– and 64–bit versions), version 3 (all updates)

For information on currently supported versions of Red Hat Linux, see Operating System Requirements.

Top

iPlanet Delegated Administrator (effective in Communications Suite 5)

iPlanet Delegated Administrator has been deprecated in favor of the Communications Suite Delegated Administrator console and utility. Sun Microsystems, Inc. will announce an end-of-life time line for iPlanet Delegated Administrator at a future date.

Note

Although iPlanet Delegated Administrator has been deprecated, the iPlanet Delegated Administrator imadmin user purge command has been updated to be compatible with Messaging Server 6.3. For more information about the updated command, see Purging Users with iPlanet Delegated Administrator and Messaging Server 6.3.

Delegated Administrator Installation Notes

For a detailed steps required to install and configure Delegated Administrator, see “Chapter 2: Planning for Installation and Configuration” in the Sun Java System Delegated Administrator 6.4 Administration Guide.

Top

ACI Consolidation

For large-scale installations with Access Manager, Messaging Server, and an LDAP Schema 2 directory, you might want to consolidate the Access Control Instructions (ACIs) in your directory.

When you install Access Manager with Messaging Server, a large number of ACIs initially are installed in the directory. Many default ACIs are not needed or used by Messaging Server. You can improve the performance of Directory Server and, consequently, of Messaging Server look-ups, by consolidating and reducing the number of default ACIs in the directory.

For information about how to consolidate and discard unused ACIs, see Consolidating ACIs for Directory Server Performance.

Delegated Administrator Documentation Updates

In this release of Delegated Administrator, Sun Java System Delegated Administrator Administration Guide describes how to enforce unique values for mail attributes when running Directory Server 5.x. This task appears as a “Post-Configuration Task” after you run the Delegated Administrator configuration program.

If you are running Directory Server 6.x, you must follow the procedure described here to enforce unique mail attribute values:

To enforce the uniqueness of mail attributes when running Directory Server 6.x

Messaging Server uses the following mail attributes to identify a user's email address and alternate email addresses:

  • mail
  • mailAlternateAddress
  • mailEquivalentAddress

Each user's mail attributes should be unique across the directory.

  1. Install the following Directory Server plug-in: 6.1_PR_6573440.

    To install the plug-in, follow the instructions in the plug-in README file.

    The plug-in is available with Directory Server 6.x patches on SunSolve.

    This plug-in provides a hotfix patch to Directory Server to enforce mail attribute uniqueness. Although the plug-in is labeled “6.1”, it applies to other Directory Server 6.x releases such as Directory Server 6.0.
  2. Create the plug-in for Delegated Administrator by using the Directory Server configuration utility, dsconf.

    For example: 
    dsconf create-plugin -h host -p port 
-H /opt/SUNWdsee/ds6/lib/uid-plugin.so -F NSUniqueAttrSet_Init 
-Y preoperation -G attributeset=mail,mailalternateaddress,mailequivalentaddress 
-G "ugldapbasedn" "Uniqueness in Attrbute Set"

    where

    host and port are the host name and port number of the machine where Directory Server is installed

    /opt/SUNWdsee/ds6/lib/uid-plugin.so is an example of the library path where uid-plugin.so is located on Solaris. (For Linux platforms, use the appropriate Linux library path.)

    ugldapbasedn is your root suffix. Uniqueness checking is performed on all entries underneath this suffix.

  3. Enable the plug-in for Delegated Administrator.

    For example: 
    dsconf enable-plugin -h host -p port "Uniqueness 
in Attribute Set"

    For more information about using the dsconf utility to enforce attribute value uniqueness, see the following chapter in the Sun Java System Directory Server Enterprise Edition 6.3 Administration Guide: Directory Server Attribute Value Uniqueness.

  4. Restart Directory Server.

Delegated Administrator Compatibility Issues

The following table lists the known incompatibilities between Communications Suite Delegated Administrator 6.4 and earlier versions.

Incompatibility Impact Comments
Access Manager in Realm Mode (version 7.x style)
Note: Access Manager has two install types: Realm Mode (version 7.x style) and Legacy Mode (version 6.x style). Legacy Mode is the default.		 At installation, you must choose Legacy Mode as the install type on the following panel:

Access Manager: Administration (1 of 6)		 If the Realm Mode install type of Access Manager is installed, you will not be able to run Delegated Administrator.
Directory Server releases 5.2.4 and earlier The Directory Server feature that enforces unique values for mail attributes is not available with versions earlier than 5.2.4. Solution: Upgrade to Directory Server 5.2.5 or later.

You also can install Directory Server 5.2.4, but you must apply patch 5.2_Patch_4_6313027. For detailed instructions, see Enforce Unique Values for Mail Attributes

Problems Fixed in This Release of Delegated Administrator (since Communications Suite 5)

This list describes the issues fixed in Delegated Administrator.

6679372

Getting inconsistent results of organization searches for adding icsExtendedDomainPreds in DA console.

6587572

Delegated Administrator creates new mail groups with mgrpBroadcasterPolicy=NO_REQUIREMENTS

6587520

Delegated Administrator creates new users with mailAutoReplyMode=echo

6553328

There is no longer a Manager Field available in the Delegated Administrator tool like the one in iPlanet Delegated Administrator 1.2.

6525830

The Delegated Administrator online help for the Editing Group Properties page incorrectly documents the following UI fields: Add Header Field and Remove Header Field.

6525829

The Delegated Administrator online help incorrectly describes the Message Prefix Text field in the Create New Group wizard and Group Properties page.

6512161

The Delegated Administrator online help incorrectly defines the Attachment Quota value in the Create New Organization wizard and Organization Properties page.

6507859

Delegated Administrator online help erroneously states that you can use “>” and “<” signs when searching for organizations.

6483254

Delegated Administrator online help does not explain that the Login ID must be in ASCII characters.

6454001

Can not display icsExtendedDomainPrefs entry properly on Delegated Administrator console.

6431459

Although IMAPS is enabled for a service package, it shows "IMAP: disabled"

6317850

Attributes passed with the –A option of the commadmin command are ignored if the command also calls an input file containing attributes passed with –A.

6314711

An Organization Administrator (OA) can remove himself as an OA by modifying the organization Properties page.

6218713

Values in the resource.properties files are overwritten when Delegated Administrator is reconfigured with the config-commda program.

5107441

If the first part of the default organization name created in the Delegated Administrator configuration program (config-commda) matches the root suffix name, the organization cannot be created.

4934768

Cannot modify non-ASCII groups.

Known Issues and Limitations in Delegated Administrator

This section describes known issues in Communications Suite Delegated Administrator. The section includes the following topics:

Top

Delegated Administrator Installation, Upgrade, and Configuration Issues

6771475

After Delegated Administrator is upgraded with commpkg upgrade, the post-upgrade script always displays a success message, even when the upgrade failed.

If a problem occurs during the Delegated Administrator upgrade, the post-upgrade script displays "All tasks PASSED." It does not point to the log files, which would provide information about the upgrade failure.

6434047

You cannot upgrade Delegated Administrator from version 2004Q2 to version 6.4 (the current release) when Access Manager is deployed to an Application Server node agent.

This issue occurs when Delegated Administrator is deployed to Application Server and you upgrade Application Server from version 7 to version 8.x. The asupgrade utility migrates the Application Server 7 server1 instance into the Application Server 8.x server1 target running under a nodeagent. However, asupgrade changes the value of the virtual server from server1 in Application Server 7 to server in Application Server 8.x.

Workaround:

When you run the Delegated Administrator configuration program, config-commda , in the Application Server Preferences panel, specify these values for the target and virtual server:

  • Target: server1
  • Virtual Server: server

6376896, 6294603

Upgrading to Access Manager 7.0 without upgrading Delegated Administrator to version 6.4 (the current release) will cause user creation to fail.

Note

This issue occurs only if you are currently running Delegated Administrator 6 2005Q1 (Java ES Release 3) or earlier. If you have installed Delegated Administrator version 6 2005Q4 (Java ES Release 4) or have already upgraded Delegated Administrator to version 6.4, this issue does not occur.

When you upgrade to Java Enterprise System Release 5, if you upgrade Access Manager from version 6.x to 7.0 but do not upgrade Delegated Administrator to version 6.4, user creation with mail or calendar service will fail.

The recommended way to solve this issue is to upgrade Delegated Administrator to version 6.4. If you have a compelling reason not to upgrade Delegated Administrator, take the steps described in the following workaround.

Workaround:

  1. Update the UserCalendarService.xml file, located by default in the following directory: 
    /opt/SUNWcomm/lib/services/UserCalendarService.xml

    In the UserCalendarService.xml file, mark the mail , icssubscribed, and icsfirstday attributes as optional instead of required.

  2. In Access Manager, remove the existing xml file by running the amadmin command, as in the following example: 
    amadmin -u amadmin -w netscape -r UserCalendarService
  3. In Access Manager, add the updated xml file, as in the following example: 
    amadmin -u amadmin -w netscape  
-s /opt/SUNWcomm/lib/services/UserCalendarService.xml
  4. Restart the Web container.

6310711

The Delegated Administrator configuration program allows you to enter invalid values in the Domain Separator field.

In the configuration program, config-commda, you can enter invalid characters such as ^ in the Domain Separator field. You cannot log into the Delegated Administrator console using a login ID with the invalid domain-separator character.

Workaround: Edit the value of the commadminserver.domainseparator property in the daconfig.properties file, located in the following default path:

/var/opt/SUNWcomm/da/WEB-INF/classes/
com/sun/comm/da/resources/daconfig.properties

Use a valid value such as @, -, or _.

Redeploy the edited daconfig.properties file to the Web container used by the Delegated Administrator console.

Before the change can take effect, you must run the script that deploys the customized daconfig.properties file to your Web container.

For instructions on how to deploy a customized properties file to a particular Web container, see To Deploy a Customized Configuration File in Delegated Administrator 6.4 Administration Guide.

Top

Delegated Administrator Console and Command-Line Utilities

6760564

In the Delegated Administrator console, the Calendar service Advanced Rights interface is missing the calendar group double-booking option.

When the group calendar account functionality was added in Calendar Server 6.3, a new bit was added to the icsAllowRights LDAP attribute:

bit 15 : allowGroupDoubleBook : "Double booking of group calendars"


The Delegated Administrator console is missing a field to "Allow double booking for new group calendars" by setting bit 15 of the icsAllowedRights attribute. (The Advanced Rights fields are in the Calendar Service section of the Organization Properties page in the Delegated Administrator console.)

Workaround:

Use the commadmin domain create -R or commadmin domain modify -R command to set the advanced rights properties (bits) in the icsAllowRights attribute.

6677194

Local Organization Administrators and Service Provider Administrators can change the disk space quota attribute of their domains when the service package assigned to the domains restricts the disk space quota.

An Organization Administrator can use the Delegated Administrator console to change the value of the Disk Space Quota option for the domain, overriding the service package restrictions.

Workaround: Edit the Security.properties file, as follows:

1. To prohibit an organization administrator from editing the disk space quota field, add the following line to the Security.properties file:

OrganizationAdminRole.UserProperties.MailQuotaValue=NONEDITABLE

For a Service Provider Administrator, add the following line:

ProviderAdminRole.UserProperties.MailQuotaValue=NONEDITABLE

Be sure to update the Security.properties file in the Delegated Administrator configuration directory. For example:

/var/opt/sun/com/da/WEB-INF/classes/com/sun/comm/da/resources/Security.properties

Note: If you are running Communications Suite 5 version of Delegated Administrator 6.4, the default path on Solaris would be:

/var/opt/SUNWcomm/da/WEB-INF/classes/com/sun/comm/da/resources/Security.properties

2. You also must deploy the updated Security.properties file to the web container's configuration directory. For example, if you have deployed Delegated Administrator to Web Server 7.x, the default path would be:

/var/opt/SUNWwbsvr7/<https-Host_name>/web-app/<Host_name> \
/da/WEB-INF/classes/com/sun/comm/da/resources/Security.properties



3. Restart the web container.

6430018

If service packages are displayed across multiple pages in the Delegated Administrator console, only changes to the last page are saved.

This issue affects three functions:

  • Allocating service packages to an organization.
  • Changing the quantities of service packages allocated to an organization.
  • Removing service packages from the list of service packages allocated to an organization.

Workaround:

If the services packages are displayed on multiple pages, click the icon that displays multiple pages pointing to a single page.

This icon appears above and below the list of service packages. If you place your cursor over the icon, a message says: Show Data in a Single Page.

You must display all service packages on a single page to save your all of your changes. If the service packages are displayed on multiple pages, only the changes made to service packages on the last page are saved.

6300923

When you add Dynamic members to a group In the Delegated Administrator console, you cannot test a manually constructed LDAP URL.

When you create a new group and add dynamic members to the group, you can either manually construct an LDAP URL or use the fields available in the drop-down menus to construct the LDAP URL. If you use the drop-down menus, you can click the Test LDAP URL button. If you manually construct the LDAP URL, this feature is disabled.

6292610

Using the browser or system controls in the Delegated Administrator console can generate unexpected results.

Workaround: Navigate only by using the built-in Delegated Administrator controls, such as the tabs, buttons, and navigation links provided on the page itself. Do not use browser or system controls, such as your browser's Back button or the Close icon on dialog windows.

6234660

No indication when a User, Organization, or Group list page has finished loading.

If you click a button while a list page is loading, an error occurs.

Workaround: While the page is loading, a message asks you to wait. Do not click any buttons or links until the page is ready.

5094680

The advanced search feature does not return correct results for organizations.

This issue occurs if you perform the following steps:

  1. Select the Advanced Search feature.
  2. Select “Organizations” from the drop-down list.
  3. Click the Match All or Match Any radio button.
  4. Select an organization name from the drop-down list.
  5. Enter valid values in the text field.
  6. Click Search.

Instead of returning only the organizations that match the search criteria, Delegated Administrator displays all organizations.

Workaround: None.

Top

Delegated Administrator Localization and Globalization Issues

This section describes Delegated Administrator localization problems. No localization issue exist for this release.

Top

Delegated Administrator Documentation

This section describes errors or incomplete information in the Delegated Administrator books and online help.

6760559

In the Delegated Administrator console, the Calendar service advanced rights (icsAllowRights) GUI interface can easily be misinterpreted.

This issue is described in the following page: Setting Calendar Server Advanced Rights with Delegated Administrator.

6693218

The Delegated Administrator online help displays the current version as Communications Suite 5 Delegated Administrator instead of Delegated Administrator 6.4 or Communications Suite 6 Delegated Administrator.

6607494

The Delegated Administrator online help describes nested groups, although nested groups are not supported in Delegated Administrator.

For example, the online help describes how to add a nested group (add a group as a member of an existing group) by choosing from a drop-down menu and searching/selecting a group. These options do not exist in the UI. You cannot added nested groups.

651216

The Delegated Administrator online help incorrectly defines the Attachment Quota value in the Create New Organization wizard and Organization Properties page.

The online help describing the Mail Service Details panel in the Create New Organization wizard and the Mail Service section of the Organization Properties page states that the Attachment Quota field displays the “attachment size per message.” The online help tells the user to enter a maximum attachment quota size in kilobytes. This is incorrect.

The Attachment Quota sets the maximum number of attachments for each email message. For example, setting a value of 2 would allow users to attach no more than two files to a message. The size of each attachment is not affected by this attribute.

Redistributable Files for Delegated Administrator

Top

Requirements for Delegated Administrator

See Requirements for Communications Suite 6 and Requirements for Delegated Administrator.

This section describes the following platform, client product, and additional software requirements for this release of Delegated Administrator:

Top

Important Patch Information for Delegated Administrator

At the time of general release of the Sun Java Communications Suite 6, the following Delegated Administrator 6.4 upgrade patches are available:

Platform Patch Number (English)
Solaris, SPARC 121581–18
x86 121582–18
Linux 121583–18

Top

Delegated Administrator Operating System Requirements

This release of the Communications Suite products, including Delegated Administrator, is supported on the following platforms:

  • Solaris 10 Operating System (SPARC™ and x86 Platform Editions) including Zones Support
  • Solaris 9 Operating System Update 2 (SPARC™ and x86 Platform Editions)
  • Red Hat Enterprise Linux Advanced Server (32– and 64–bit versions), version 4 (all updates) and 5 (all updates)
  • Red Hat Enterprise Linux Enterprise Server (32– and 64–bit versions), version 4(all updates) and 5 (all updates)
Note

Delegated Administrator is no longer supported on HP-UX or Windows platforms.

For detailed information about Solaris and Linux requirements, including required upgrade patches and kernel versions, see the Sun Java Communications Suite Installation Guide and Sun Java Communications Suite Release Notes .

Top

Sun Java System Software

The following Sun Java System Software, tools, and LDAP schema version are required for this release of Delegated Administrator:

  • Directory Server 5.x or 6
    To enforce unique values for mail attributes, you must install one of these releases:
    • Directory Server 6
    • Directory Server 5.2.5 or later
    • Directory Server 5.2.4, and you must apply patch 5.2_Patch_4_6313027
  • Access Manager 7.1
  • Either Messaging Server 6 or Calendar Server 6, or both
  • Java System Web container. You must deploy Delegated Administrator to one of the following Web containers:
    • Sun Java System Web Server 6.1 or higher
    • Sun Java System Web Server 7 or higher
    • Sun Java System Application Server 7.x
    • Sun Java System Application Server 8.x
    • Sun Java System Application Server 9.x
  • Directory Server Preparation Tool (Setup script): comm_dssetup.pl version 6.4–0.03
    comm-dssetup.pl version {{6.4-2.01} is provided in Communications Suite 6.
  • LDAP Schema 2
    This release of Communications Suite Delegated Administrator is designed for provisioning users in an LDAP Schema 2 directory.

For information about requirements for Directory Server, Access Manager, Web Server, and Application Server, see the current release notes for these products.
For installation instructions for the Java Enterprise System components listed in this section, see the Sun Java Enterprise System Installation Guide.

Top

Delegated Administrator Hardware Requirements

The memory and disk space requirements for Delegated Administrator are the same as those of the Web container to which Delegated Administrator is deployed.

For information about the Web container's hardware requirements, see the current release notes for this Java Enterprise System component.

Supported Browsers for Delegated Administrator

See Client Requirements for more information.

Labels

delegatedadministrator delegatedadministrator Delete
guide guide Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.

Comments (4)

 

  1. Sep 14, 2008

    benc2 says:

    Incompatibilities: Can we change the entries so the conflict is clearly stated? ...

    Incompatibilities: Can we change the entries so the conflict is clearly stated?

    Original Changed
    Access Manager has two install types: Realm Mode (version 7.x style) and Legacy Mode (version 6.x style). Legacy Mode is the default.
    		"Access Manager in Realm Mode (version 7.x style)" [You can insert the explanation of the modes afterwards, if needed]
    Upgrading Access Manager from version 6.x to 7.0 (Java ES Release 5) without upgrading Delegated Administrator to version 6.4. remove? This isn't an incompatibility with 6.4, unless Access Manager 6.0 is not compatibile (unlikely given the item above).
    Running Directory Server releases earlier than 5.2.4. "Directory Server releases 5.2.4 and earlier"


    1. Sep 15, 2008

      Steven_Kahn says:

      Hi Benc, Made the changes you suggested. Thanks.

      Hi Benc,
      Made the changes you suggested. Thanks.

  2. Nov 26, 2008

    benc2 says:

    I made a bunch of cleanup edits, fixed links, etc. I should mention three things...

    I made a bunch of cleanup edits, fixed links, etc. I should mention three things:

    1. added back "Hardware Requirements" by copying from the Comms5 RN
    2. a couple links were broken in w/ the new spaces. I fixed them w/ URL's, you can see b/c they now have "little green arrows"
    3. not sure what to do about "Redistributable Files for Delegated Administrator" section, which is empty.

  3. May 20

    benc2 says:

    The patch number provided here is not the matching patch number that came with U...

    The patch number provided here is not the matching patch number that came with U1.

Sign up or Log in to add a comment or watch this page.


The individuals who post here are part of the extended Sun Microsystems community and they might not be employed or in any way formally affiliated with Sun Microsystems. The opinions expressed here are their own, are not necessarily reviewed in advance by anyone but the individual authors, and neither Sun nor any other party necessarily agrees with them.

Copyright 1994-2009 Sun Microsystems, Inc.
Powered by Atlassian Confluence Sun Guidelines on Public Discourse Privacy Policy Terms of Use Trademarks Site Map Employment Investor Relations Contact