{anchor:top}
h1. {anchor:ACFCK} Completing the Delegated Administrator 6.4 Installation: Initial Configuration
The Delegated Administrator configuration program ({{config-commda}}) creates a new configuration with your specific requirements. This initial runtime configuration program performs minimal configuration.
After you run the program, complete the initial configuration by following the steps described in [Post-Configuration Tasks|#acfdf].
You can further customize your Delegated Administrator configuration by performing the tasks described in [CommSuite:Customizing Delegated Administrator].
You might need to perform additional configuration, as described in the _Sun Java System Messaging Server Administration Guide_.
The following topics are described in this article:
{toc:minLevel=2|maxLevel=2}
h2. {anchor:ganxs} If You Are Upgrading from a Previous Release of Delegated Administrator
If you are configuring Delegated Administrator for the first time, you can skip this section and go directly to the section, [Choose Which Components to Configure|#acfcl].
If you are upgrading to this release of Delegated Administrator from an earlier release, and you have customized your configuration, you might have to take steps to preserve your customizations.
For instructions on how to upgrade Delegated Administrator from a previous version, see [Delegated Administrator Upgrade].
To learn how to preserve your customized configuration, see [Preserving Customized Data When You Upgrade Delegated Administrator|Delegated Administrator Upgrade#ganxs].
h2. {anchor:acfcl} Choose Which Components to Configure
The third panel in the configuration program asks which Delegated Administrator components you want to configure:
* *Delegated Administrator Utility (client)*---the command-line interface invoked with {{commadmin}}.
* *Delegated Administrator Console*---the Delegated Administrator graphical user interface (GUI).
* *Delegated Administrator Server*---the Delegated Administrator server components required to run the Delegated Administrator utility and console.
The configuration program displays different panels depending on which components you select.
The following steps summarize the configuration choices. Each summary step (below) links you to a section (later in this article) that walks you through the actual configuration panels.
h6. {anchor:GADPU} Summary of Configuration Choices
# [Starting the Configuration|#acfcp]\\
Enter the information requested in these panels to begin the configuration.\\
\\
# [Configuring the Delegated Administrator Utility|#acfcq]\\
These panels follow directly after the _Select Components to Configure_ panel. They ask for information used to configure the Delegated Administrator utility.\\
#* The standard approach is to configure the Delegated Administrator utility with the other two components, the server and console, on the same machine.\\
You must configure the Delegated Administrator utility on all machines on which you install a Delegated Administrator server.\\
\\
#* You can also configure the Delegated Administrator utility and console on a separate machine. On the machine on which you configure the utility and console, you would select only those components on the _Select Components to Configure_ panel.\\
In this case, you must run the configuration program again on the machine where you configure the server.\\
# [Configuring the Delegated Administrator Console|#acfcr]\\
These panels follow the panels that configure the utility.\\
You can choose whether or not to configure the Delegated Administrator console.\\
#* If you configure the Delegated Administrator console and server on the same machine, you would select both the console and the server in _Select Components to Configure_ panel.\\
#* You also can configure the Delegated Administrator console and server on different machines.\\
On the machine on which you configure the console, you would select only the console on the _Select Components to Configure_ panel. The utility is selected by default; be sure it remains selected.\\
In this case, you must run the configuration program again on the machine on which you configure the server.\\
If you configure the console and server on different machines, the utility is configured on _both_ machines.\\
The configuration program displays different panels depending on which Web container you select for the console. You can deploy to one of the following Web containers:\\
\\
#* Sun Java System Web Server 6._x_ \[WEB\]
#* Sun Java System Web Server 7._x_ \[WEB7\]
#* Sun Java System Application Server 7._x_ \[APP7\]
#* Sun Java System Application Server 8._x_ or higher\[APP8\]
If you are configuring the Delegated Administrator server and console on one machine, you will go through these instructions _twice_ (once for the server, once for the console).\\
# [Configuring the Delegated Administrator Server|#acfcv]\\
These panels follow the panels that configure the console.\\
You can choose whether or not to configure the Delegated Administrator server on a given machine.\\
If you do not choose to configure the server on a given machine, the configuration program warns you that you must configure it on another machine. The server component is required for running the utility and console.\\
All other considerations for deploying the server are the same as those for the console, as (described in [Configuring the Delegated Administrator Console|#acfcr]).
{info:title=Note}{*}The Delegated Administrator server uses the same Web container as Access Manager.* The configuration program asks for Web container information after it asks for the Access Manager base directory.
{info}
# [Completing the Configuration|#acfcw]\\
Enter the information requested in these panels to complete the configuration.
[Top|#top]
h2. {anchor:acfcm} Run the Configuration Program
The steps described in this section walk you through configuring Delegated Administrator.
*NOTE:* _da-base_ is {{/opt/sun/comms/da}} by default on all platforms; use this value unless you chose a different path during installation. In Communications Suite 5, the Solaris value is: {{/opt/SUNWcomm/}}.
h3. {anchor:ACFCO} Launching the Configuration Program
To run the configuration program, log in as (or become) root and go to the {{{_}da-base_/sbin}} directory. Then enter the command:
{panel}
{{*\# ./config-commda{*}}}
{panel}
Once you run the {{config-commda}} command, the configuration program starts.
For example, in Communication Suite 5 in Solaris, the command is: {{/opt/SUNWcomm/sbin/config-commda}}.
The sections that follow lead you through the configuration panels.
[Top|#top]
h3. {anchor:acfcp} Starting the Configuration
You must enter the information requested in the first configuration-program panels.
h6. {anchor:gadqc} To start the configuration
# *Welcome*
\\
The first panel in the configuration program is a copyright page. Click {{{*}Next{*}}} to continue or {{{*}Cancel{*}}} to exit.\\
\\
# *Select directory to store configuration and data files*
\\
Select the directory where you want to store the Delegated Administrator configuration and data files. The default configuration directory is {{/var/_da-base_}}. This directory should be separate from the _da-base_ directory, (which is {{/opt/sun/comms/da}} by default).
\\
Enter the name of the directory, or keep the default and click {{{*}Next{*}}} to continue.
\\
If the directory does not exist, a dialog appears asking if you want to create the directory or choose a new directory. Click {{{*}Create Directory{*}}} to create the directory or {{{*}Choose New{*}}} to enter a new directory.
\\
A dialog appears indicating that the components are being loaded. This may take a few minutes.\\
\\
# *Select components to configure*
\\
Select the component or components you want to configure on the Components Panel.
#* *Delegated Administrator Utility (client)*---the command-line interface invoked with {{commadmin}}. This component is required and is selected by default. It cannot be deselected.
#* *Delegated Administrator Console*---the Delegated Administrator graphical user interface (GUI).
#* *Delegated Administrator Server*---the Delegated Administrator server components required to run commadmin or the Delegated Administrator console.
Click {{{*}Next{*}}} to continue, {{{*}Back{*}}} to return to the previous panel, or {{{*}Cancel{*}}} to exit.
For more information about how to choose components, see [Choose Which Components to Configure|#acfcl]
If you choose not to configure the Delegated Administrator server, a dialog box cautions you that you must configure the Delegated Administrator Server on another machine. The server must be configured to enable the Delegated Administrator utility and console to work.
[Top|#top]
h3. {anchor:acfcq} Configuring the Delegated Administrator Utility
You must configure the Delegated Administrator utility on all machines on which you install a Delegated Administrator component (server or console).
h6. {anchor:gadpq} To configure the Delegated Administrator Utility
# *Access Manager host name and port number*
\\
Enter the Access Manager host name and port number. If you are installing the Delegated Administrator server component, you must install it on the same host as Access Manager.
\\
Click {{{*}Next{*}}} to continue, {{{*}Back{*}}} to return to the previous panel, or {{{*}Cancel{*}}} to exit.\\
\\
# *Default domain*
\\
Enter the default domain for the Top-Level Administrator. This is the domain used when a domain is not explicitly specified by the {{\-n}} option when executing the {{commadmin}} command-line utility. This is also known as the default organization. If the domain specified does not exist in the directory, it will be created.
\\
Click {{{*}Next{*}}} to continue, {{{*}Back{*}}} to return to the previous panel, or {{{*}Cancel{*}}} to exit.\\
\\
# *Default SSL port for client*
\\
Enter the default SSL port that the Delegated Administrator utility uses.
\\
Click {{{*}Next{*}}} to continue, {{{*}Back{*}}} to return to the previous panel, or {{{*}Cancel{*}}} to exit.
* If you chose to configure only the Delegated Administrator utility, go on to
[Completing the Configuration|#acfcw]
* If you chose to configure both the Delegated Administrator console and the server, or if you chose to configure the console only, go on to
[Configuring the Delegated Administrator Console|#acfcr]
* If you chose to configure the Delegated Administrator server only (together with the required Delegated Administrator utility), go on to
[Configuring the Delegated Administrator Server|#acfcv]
[Top|#top]
h3. {anchor:acfcr} Configuring the Delegated Administrator Console
The configuration program now displays the following panel:
*Select a Web Container for Delegated Administrator*
Select the Web container on which you will deploy the Delegated Administrator console. You can configure Delegated Administrator on
* Sun Java System Web Server 6._x_ \[WEB\]
* Sun Java System Web Server 7._x_ \[WEB7\]
* Sun Java System Application Server 7._x_ \[APP7\]
* Sun Java System Application Server 8._x_ or higher\[APP8\]
Click {{{*}Next{*}}} to continue, {{{*}Back{*}}} to return to the previous panel, or {{{*}Cancel{*}}} to exit.
This panel and the panels that follow gather information about the Web container for the Delegated Administrator console. Follow the instructions in the appropriate section:
* [Web Server 6.x Configuration|#acfcs]
* [Web Server 7.x Configuration|#gbpmh]
* [Application Server 7.x Configuration|#acfct]
* [Application Server 8.x or higher Configuration|#acfcu]
You can deploy the Delegated Administrator console and server on two different Web containers, on two different instances of the Web container, or on the same Web container.
If you chose to configure both the Delegated Administrator console and Delegated Administrator server in Panel 3, a second series of panels will ask for Web container information for the server.
Thus, you will see the Web container configuration panels twice. Follow the appropriate instructions for deploying each of the Delegated Administrator components.
*When you complete the Web container configuration panels, take one of the following actions:*
* If you chose to configure both the Delegated Administrator console and the server, go on to
[Configuring the Delegated Administrator Server|#acfcv]
* If you chose to configure the Delegated Administrator console only (together with the required Delegated Administrator utility), go on to
[Completing the Configuration|#acfcw]
[Top|#top]
h4. {anchor:acfcs} Web Server 6._x_ Configuration
If you are deploying the Delegated Administrator server or console on Web Server 6._x_, follow the steps described in this section.
h6. {anchor:gadry} To Configure Web Server 6._x_
# *Web Server 6.x Configuration Details*
\\
The panel text tells you if you are providing Web Server 6._x_ configuration information for the Delegated Administrator server or console.
\\
** Enter the Web Server 6._x_ root directory. You can browse to select the directory.
\\
** Enter the Web Server 6._x_ instance identifier. This can be specified by a _host.domain_ name such as {{west.sesta.com}}.
\\
** Enter the virtual server identifier. This can be specified by a {{https\-}}{_}host.domain_ name such as {{https-west.sesta.com}}.
\\
For more information about the Web Server 6._x_ instance identifier and virtual server identifier, see the Web Server documentation.
\\
Files for the Web Server 6._x_ instance are stored in the {{https\-}}{_}host{_}{{.}}{_}domain_ directory under the Web Server 6._x_ installation directory, for example {{/opt/SUNWwbsvr/https-west.sesta.com}}.
\\
** Enter the HTTP port number that the specified virtual server listens to.
\\
Click {{{*}Next{*}}} to continue, {{{*}Back{*}}} to return to the previous panel, or {{{*}Cancel{*}}} to exit.
\\
The configuration program checks if the values you specified are valid. If a directory or identifier is invalid or does not exist, a dialog box tells you to choose a new value.
\\
Next, the configuration program checks if a Web Server 6._x_ instance connection is alive. If not, a dialog box warns you that the configuration program could not connect to the specified instance and your configuration may not be completed. You can accept the specified values or choose new Web Server 6._x_ configuration values.
\\
# *Default Domain Separator*
\\
This panel appears only if you are configuring the Delegated Administrator console. The domain separator is needed to configure the console; this information is not related to the Web container.
\\
Enter the default domain separator to be used for authentication when the user logs on. For example: {{@}}.\\
\\
# *If you are configuring the Delegated Administrator console, take one of the following actions:*
** If you chose to configure both the Delegated Administrator console and the server, go on to [Configuring the Delegated Administrator Server|#acfcv]
** If you chose to configure the Delegated Administrator console only (together with the required Delegated Administrator utility), go on to [Completing the Configuration|#acfcw]
** If you are configuring the Delegated Administrator server, go on to [Step 3|#gadsk] in [Configuring the Delegated Administrator Server|#acfcv].
[Top|#top]
h4. {anchor:gbpmh} Web Server 7._x_ Configuration
If you are deploying the Delegated Administrator server or console on Web Server 7._x_, follow the steps described in this section.
h6. {anchor:gbpna} To Configure Web Server 7._x_
# *Web Server 7.x Configuration Details*
\\
The panel text tells you if you are providing Web Server 7._x_ configuration information for the Delegated Administrator server or console.
\\
** Enter the Web Server 7._x_ server root directory. The Web Server software files are installed in this directory. You can browse to select the directory. The default value is {{/opt/SUNWwbsvr7}}.
\\
** Enter the Web Server 7._x_ configuration root directory. The Web Server configuration files are installed in this directory. You can browse to select the directory. The default value is {{/var/opt/SUNWwbsvr7}}.
\\
** Enter the Web Server 7._x_ instance identifier. This can be specified by a _host.domain_ name such as {{west.sesta.com}}.
\\
** Enter the virtual server identifier. This can be specified by a _host.domain_ name such as {{west.sesta.com}}.
\\
For more information about the Web Server 7._x_ instance identifier and virtual server identifier, see the Web Server documentation.
\\
Files for the Web Server 7._x_ instance are stored in the {{https\-}}{_}host{_}{{.}}{_}domain_ directory under the Web Server 7._x_ configuration directory, for example {{/var/opt/SUNWwbsvr7/https-west.sesta.com}}.
\\
** Enter the HTTP port number that the specified virtual server listens to. For example: {{80}}.
\\
Click {{{*}Next{*}}} to continue, {{{*}Back{*}}} to return to the previous panel, or {{{*}Cancel{*}}} to exit.
\\
The configuration program checks if the values you specified are valid. If a directory or identifier is invalid or does not exist, a dialog box tells you to choose a new value.
\\
Next, the configuration program checks if a Web Server 7._x_ instance connection is alive. If not, a dialog box warns you that the configuration program could not connect to the specified instance and your configuration may not be completed. You can accept the specified values or choose new Web Server 7._x_ configuration values.
\\
# *Web Server 7.x: Administration Instance Details*
\\
** Enter the Administration Server port number. For example: {{8800}}
\\
** Enter the Administration Server administrator user ID. For example: {{admin}}
\\
** Enter the administrator user password.
\\
If you are using a secure Administration Server instance, check the *Secure Administration Server Instance* box. If you are not, leave the box unchecked.
\\
Click {{{*}Next{*}}} to continue, {{{*}Back{*}}} to return to the previous panel, or {{{*}Cancel{*}}} to exit.
\\
# *Default Domain Separator*
\\
This panel appears only if you are configuring the Delegated Administrator console. The domain separator is needed to configure the console; this information is not related to the Web container.
\\
Enter the default domain separator to be used for authentication when the user logs on. For example: {{@}}.
\\
*If you are configuring the Delegated Administrator console, take one of the following actions:*
* If you chose to configure both the Delegated Administrator console and the server, go on to [Configuring the Delegated Administrator Server|#acfcv]
* If you chose to configure the Delegated Administrator console only (together with the required Delegated Administrator utility), go on to [Completing the Configuration|#acfcw]
*If you are configuring the Delegated Administrator server: Go on to [Step 3|#gadsk] in [Configuring the Delegated Administrator Server|#acfcv].
[Top|#top]
h4. {anchor:acfct} Application Server 7._x_ Configuration
If you are deploying the Delegated Administrator server or console on Application Server 7._x_, follow the steps described in this section.
h6. {anchor:gadrv} To configure Application Server 7._x_
# *Application Server 7.x Configuration Details*
The panel text tells you if you are providing Application Server 7._x_ configuration information for the Delegated Administrator server or console.
Enter the Application Server installation directory. By default, this directory is {{/opt/SUNWappserver7}}.
Enter the Application Server domain directory. By default, this directory is {{/var/opt/SUNWappserver7/domains/domain1}}.
Enter the Application Server document root directory. By default, this directory is{{/var/opt/SUNWappserver7/domains/domain1/server1/docroot}}.
You can browse to select any of these directories.
Enter the Application Server instance name. For example: {{server1}}.
Enter the Application Server virtual server identifier. For example: {{server1}}.
Enter the Application Server instance HTTP port number.
Click {{{*}Next{*}}} to continue, {{{*}Back{*}}} to return to the previous panel, or {{{*}Cancel{*}}} to exit.
The configuration program checks if the directories you specified are valid. If a directory is invalid or does not exist, a dialog box tells you to choose a new directory.
Next, the configuration program checks if an Application Server instance connection is alive. If not, a dialog box warns you that the configuration program could not connect to the specified instance and your configuration may not be completed. You can accept the specified values or choose new Application Server configuration values.
# *Application Server 7.x: Administration Instance Details*
Enter the Administration Server port number. For example: {{4848}}
Enter the Administration Server administrator user ID. For example: {{admin}}
Enter the administrator user password.
If you are using a secure Administration Server instance, check the *Secure Administration Server Instance* box. If you are not, leave the box unchecked.
Click {{{*}Next{*}}} to continue, {{{*}Back{*}}} to return to the previous panel, or {{{*}Cancel{*}}} to exit.
# *Default Domain Separator*
This panel appears only if you are configuring the Delegated Administrator console. The domain separator is needed to configure the console; this information is not related to the Web container.
Enter the default domain separator to be used for authentication when the user logs on. For example: {{@}}.
# *If you are configuring the Delegated Administrator console, take one of the following actions:*
#* If you chose to configure both the Delegated Administrator console and the server, go on to
[Configuring the Delegated Administrator Server|#acfcv]
#* If you chose to configure the Delegated Administrator console only (together with the required Delegated Administrator utility), go on to
[Completing the Configuration|#acfcw]
*If you are configuring the Delegated Administrator server:*
Go on to
[Step 3|#gadsk] in [Configuring the Delegated Administrator Server|#acfcv].
[Top|#top]
h4. {anchor:acfcu} Application Server 8._x_ or higher Configuration
If you are deploying the Delegated Administrator server or console on Application Server 8._x_ or higher, follow the steps described in this section.
h6. {anchor:gadsf} To configure Application Server 8._x_ or higher
# *Application Server 8.x or higher Configuration Details*
The panel text tells you if you are providing Application Server 8._x_ or higher configuration information for the Delegated Administrator server or console.
Enter the Application Server installation directory. By default, this directory is {{/opt/SUNWappserver/appserver}}.
Enter the Application Server domain directory. By default, this directory is {{/var/opt/SUNWappserver/domains/domain1}}.
Enter the Application Server document root directory. By default, this directory is {{/var/opt/SUNWappserver/domains/domain1/docroot}}.
You can browse to select any of these directories.
Enter the Application Server target name. For example: {{server}}.
Enter the Application Server virtual server identifier. For example: {{server}}.
{info:title=Note}If you are running the {{config-commda}} program to upgrade Delegated Administrator, and you also have upgraded Application Server from version 7 to version 8._x_, specify the following values for the Application Server target name and virtual server identifier:
##* Target name: {{server1}}
##* Virtual server identifier: {{server}}
You must specify these values because the {{asupgrade}} utility migrates the Application Server 7 {{server1}} instance into the Application Server 8._x_ or higher {{server1}} target running under a nodeagent. However, {{asupgrade}} changes the value of the virtual server from {{server1}} in Application Server 7 to {{server}} in Application Server 8._x_ or higher.
{info}Enter the Application Server target HTTP port number.
Click {{{*}Next{*}}} to continue, {{{*}Back{*}}} to return to the previous panel, or {{{*}Cancel{*}}} to exit.
The configuration program checks if the directories you specified are valid. If a directory is invalid or does not exist, a dialog box tells you to choose a new directory.
Next, the configuration program checks if an Application Server target connection is alive. If not, a dialog box warns you that the configuration program could not connect to the specified target and your configuration may not be completed. You can accept the specified values or choose new Application Server configuration values.
{note:title=Note}
If you are deploying the Delegated Adminstrator server or console on Application Server 9.x, please note that the default installation directories are different from those for Application Server 8.x as follow:
Enter the Application Server installation directory. By default, this directory is {{/opt/SUNWappserver}}.
Enter the Application Server domain directory. By default, this directory is {{/opt/SUNWappserver/domains/domain1}}.
Enter the Application Server document root directory. By default, this directory is {{/opt/SUNWappserver/domains/domain1/docroot}}.
{note}
# *Application Server 8.x or higher: Administration Instance Details*
Enter the Administration Server port number. For example: {{4849}}
Enter the Administration Server administrator user ID. For example: {{admin}}
Enter the administrator user password.
If you are using a secure Administration Server instance, check the *Secure Administration Server Instance* box. If you are not, leave the box unchecked.
Click {{{*}Next{*}}} to continue, {{{*}Back{*}}} to return to the previous panel, or {{{*}Cancel{*}}} to exit.
# *Default Domain Separator*
This panel appears only if you are configuring the Delegated Administrator console. The domain separator is needed to configure the console; this information is not related to the Web container.
Enter the default domain separator to be used for authentication when the user logs on. For example: {{@}}.
# *If you are configuring the Delegated Administrator console, take one of the following actions:*
#* If you chose to configure both the Delegated Administrator console and the server, go on to
[Configuring the Delegated Administrator Server|#acfcv]
#* If you chose to configure the Delegated Administrator console only (together with the required Delegated Administrator utility), go on to
[Completing the Configuration|#acfcw]
*If you are configuring the Delegated Administrator server:*
Go on to
[Step 3|#gadsk] in [Configuring the Delegated Administrator Server|#acfcv].
[Top|#top]
h3. {anchor:acfcv} Configuring the Delegated Administrator Server
If you chose to configure the Delegated Administrator server, the configuration program displays the following panels.
h6. {anchor:gadso} To configure Delegated Administrator Server
# *Access Manager base directory*
Enter the Access Manager Base Directory. The default directory is {{/opt/SUNWam}}.
Click {{{*}Next{*}}} to continue, {{{*}Back{*}}} to return to the previous panel, or {{{*}Cancel{*}}} to exit.
The configuration program checks if a valid Access Manager base directory is specified. If not, a dialog box displays indicating that an existing Access Manager base directory must be selected.
# Next, a Web container *Configuration Details* panel appears.
If you chose to configure the console and server, this is the second time a Web container *Configuration Details* panel appears.
The Delegated Administrator server is deployed to the same Web container as Access Manager. (You cannot choose a Web container for the Delegated Administrator server.)
Follow the instructions in the appropriate section:
#* [Web Server 6.x Configuration|#acfcs]
#* [Application Server 7.x Configuration|#acfct]
#* [Application Server 8.x or higher Configuration|#acfcu]
# {anchor:GADSK} *Directory (LDAP) Server*
This panel asks for information about connecting to the LDAP Directory Server for the user/group suffix.
Enter the User and Group Directory Server LDAP URL (*LdapURL*), Directory Manager (*Bind As*), and password in the text boxes.
The Directory Manager has overall administrator privileges on the Directory Server and all Sun Java System servers that make use of the Directory Server (for example, Delegated Administrator) and has full administration access to all entries in the Directory Server. The default and recommended Distinguished Name (DN) is {{cn=Directory Manager}}.
Click {{{*}Next{*}}} to continue, {{{*}Back{*}}} to return to the previous panel, or {{{*}Cancel{*}}} to exit.
# *Access Manager Top-Level Administrator*
Enter the user ID and password for the Access Manager Top-Level Administrator. The user ID and password are created when Access Manager is installed. The value, {{amadmin}}, is hard-coded in AM.
Click {{{*}Next{*}}} to continue, {{{*}Back{*}}} to return to the previous panel, or {{{*}Cancel{*}}} to exit.
# *Access Manager internal LDAP authentication password*
Enter the password for the Access Manager Internal LDAP authentication user.
The authentication user name is hard-coded as {{amldapuser}}. It is created by the Access Manager installer and is the Bind DN user for the LDAP service.
Click {{{*}Next{*}}} to continue, {{{*}Back{*}}} to return to the previous panel, or {{{*}Cancel{*}}} to exit.
# *Organization Distinguished Name (DN)*
Enter the Organization DN for the default domain. For example, if your organization DN is {{o=siroe.com}}, all the users in that organization will be placed under the LDAP DN {{o=siroe.com, o=usergroup}}, where {{o=usergroup}} is your root suffix.
By default, the configuration program adds the default domain under the root suffix in the LDAP directory.
If you want to create the default domain at the root suffix (not underneath it), delete the organization name from the DN that appears in the *Organization Distinguished Name (DN)* text box.
For example, if your organization DN is {{o=siroe.com}} and your root suffix is {{o=usergroup}}, delete {{"o=siroe.com"}} from the DN in the text box; leave only {{o=usergroup}}.
If you choose to create the default domain at the root suffix, and if you later decide to use hosted domains, it can be difficult to migrate to the hosted-domain configuration. The {{config-commda}} program displays the following warning:
"The Organization DN you chose is the User/Group Suffix. Although this is a valid choice, if you ever decide to use hosted domains, there will be difficult migration issues. If you do wish to use hosted domains, then specify a DN one level below the User/Group suffix."
For more information, see [Directory Structure Supporting a One-Tiered Hierarchy|CommSuite:Delegated Administrator Overview#ACFBB].
Click {{{*}Next{*}}} to continue, {{{*}Back{*}}} to return to the previous panel, or {{{*}Cancel{*}}} to exit.
# *Top-Level Administrator for the default organization*
Enter the user ID and password for the Top-Level Administrator that is to be created in the default domain (organization).
A \*Confirm Password*field asks you to enter the password a second time.
Click {{{*}Next{*}}} to continue, {{{*}Back{*}}} to return to the previous panel, or {{{*}Cancel{*}}} to exit.
# *Service Package and Organization Samples*
You can choose to add sample service packages and sample organizations to your LDAP directory.
*Load sample service packages*. Select this option if you want to use or modify sample service package templates to create your own Class-of-Service packages.
*Load sample organizations*. Select this option if you want your LDAP directory tree to contain sample provider organization nodes and subordinate organization nodes.
You can select
#* Both the sample service packages and the sample organizations
#* Only one of these options
#* Neither option
*Preferred Mailhost for Sample*. Enter the name of the machine on which Messaging Server is installed.
For example: {{mymachine.siroe.com}}
If you chose to load the sample organizations into your LDAP directory, you must enter a preferred mail host name for these samples.
For information about service packages and organizations, see Chapter 2, "Delegated Administrator Overview," in the _Sun Java System Delegated Administrator 6.4 Administration Guide_.
After you run the configuration program, you must modify the service package templates to create your own Class-of-Service packages. For information about this post-configuration task, see [Create Service Packages|#acfdh].
[Top|#top]
h3. {anchor:acfcw} Completing the Configuration
Take the steps described in this section to finish running the configuration program.
h6. {anchor:gadsu} To complete the configuration
# *Ready to Configure*
\\
The verification panel displays the items that will be configured.
\\
Click {{{*}Configure Now{*}}} to begin the configuration, {{{*}Back{*}}} to return to any previous panel to change information, or {{{*}Cancel{*}}} to exit.\\
\\
# *Task Sequence*
\\
A sequence of tasks being performed is displayed on the Task Sequence Panel. This is when the actual configuration takes place.
\\
When the panel displays "All Tasks Passed" you can click {{{*}Next{*}}} to continue or {{{*}Cancel{*}}} stop the tasks from being performed and exit.
\\
A dialog box appears reminding you to restart the Web container in order for configuration changes to take effect.\\
\\
# *Installation Summary*
\\
The Installation Summary panel displays the product installed and a {{{*}Details...*}} button that displays more information about this configuration.
Click {{{*}Close{*}}} to complete the configuration.
[Top|#top]
h3. {anchor:acfcx} Restarting the Web Container
After you complete the Delegated Administrator configuration, you must restart the Web container to which Delegated Administrator is deployed.
[Top|#top]
h3. {anchor:acfcy} Configuration and Log Files Deployed by the {{config-commda}} Program
[Top|#top]
h4. {anchor:acfcz} Configuration Files
Using the information you provided in the panels, the {{config-commda}} program deploys the following configuration files for the three Delegated Administrator components:
* Delegated Administrator utility:
** {{cli-usrprefs.properties}}
Location: _da-base{_}{{/data/config}}
* Delegated Administrator server:
** {{resource.properties}}
* Delegated Administrator console:
** {{daconfig.properties}}
** {{Resources.properties}}
** {{Security.properties}}
** {{logger.properties}}
(The {{logger.properties}} file specifies the location of log files and whether or not logging is enabled. It is a configuration file, not a log file.)
The {{config-commda}} program deploys the configuration files to the application repository of the Web container where you deployed Delegated Administrator. For a list of the deployed locations of the files, see [Deployed Locations of the Configuration Files|http://docs.sun.com/app/docs/doc/819-4438/gbrdp?a=view].
For information about the properties contained in the configuration files and how to edit these properties to customize your configuration, see Chapter 4, "Customizing Delegated Administrator," in the _Sun Java System Delegated Administrator 6.4 Administration Guide_.
[Top|#top]
h4. {anchor:acfda} Log Files
A log file for the config-commda program is created in the da-base/install directory. The name of the log file is commda-config_YYYYMMDDHHMMSS.log, where YYYYMMDDHHMMSS identifies the 4-digit year, month, date, hour, minute, and second of the configuration.[Top|#top]
NOTE: The process described in this document is called "configuration", but the directory of the configuration logs is "install".
A commda-config_YYYYMMDDHHMMSS.log file is created every time config-commda is run, even if the configuration is not completed.
A commda-config_YYYYMMDDHHMMSS.log directory is created when a configuration process is completed. It contains many of the configuration and data files used during the configuration session.
The "install" directory is best viewed with the {{ls -F}} command:
{noformat}
# ls -F
commda-config_20081118183153/
commda-config_20081118183153.log
{noformat}
h2. {anchor:acfdb} Perform Silent Installation
The Delegated Administrator utility initial runtime configuration program automatically creates a silent installation state file (called {{saveState}}). This file contains internal information about the configuration program, and is used for running silent installs.
The silent installation {{saveState}} file is stored in the {{{_}da-base_/data/setup/commda-config\_}}{_}YYYYMMDDHHMMSS{_}{{/}} directory, where _YYYYMMDDHHMMSS_ identifies the 4-digit year, month, date, hour, minute, and second of the {{saveState}} file.
For example, once you have run the {{config-commda}} program once, you can run it in silent install mode:
{panel}
{{ _da-base_/sbin/config-commda -nodisplay -noconsole -state}}
{{ _fullpath_/saveState}}
{panel}
The _fullpath_ variable is the full directory path of where the {{saveState}} file is located.
[Top|#top]
h2. {anchor:acfdc} Run Delegated Administrator Console and Utility
h3. {anchor:acfdd} Launching the Console
The Delegated Administrator console is launched by accessing the Web container to which it is deployed.
h6. {anchor:gadsr} To launch the Delegated Administrator console
# Go to the following url:
\\
{{http://}}{_}host{_}{{:}}{_}port{_}{{/da}}
\\
where
\\
_host_ is the Web container host machine
\\
_port_ is the Web container port
\\
For example:
\\
{{[http://siroe.com:8080/da]}}
\\
The Delegated Administrator console log-in window appears.
{info:title=Note}In previous releases of Delegated Administrator, the console was launched from the following url:
{{http://}}{_}host{_}{{:}}{_}port{_}{{/da/DA/Login}}
You can continue to use this url in the current release.
{info}
\\
# Log in to the Delegated Administrator console.
You could use the Top-Level Administrator (TLA) user ID and password specified in the Delegated Administrator configuration program. This information was requested in the following panel:
*Top-Level Administrator for the default organization*
{info:title=Note}Values set in Access Manager can determine session time-outs when you are running the Delegated Administrator console. For information on the session time-out values, see "Session Service Attributes," in the _Sun Java System Access Manager Administration Guide_. For information on viewing these values in the Access Manager console, see "Current Sessions" in the _Sun Java System Access Manager Administration Guide_.
{info}
[Top|#top]
h3. {anchor:acfde} Running the Command-Line Utility
You can run the Delegated Administrator utility by entering the command name, {{commadmin}}, from a terminal window.
h6. {anchor:gadsz} To run the command-line utility
# Go to the _da-base{_}{{/bin/}} directory.
# Enter the {{commadmin}} command.
For example, in Comm Suite 5 in Solaris: {{/opt/SUNWcomm/bin/commadmin}}
h6. {anchor:gamyn} Example: Using {{commadmin}} to search for users
The following command searches for users in the {{varrius.com}} domain:
{panel}
{{commadmin user search -D chris -w bolton -d varrius.com -n sesta.com}}
{panel}
For details about this {{commadmin}} command, see [commadmin user search|#acfgx].
h6. {{commadmin}} Return Codes
When a {{commadmin}} operation success, an OK message is displayed on the command line.
If a failure occurs, the following message appears:
{{FAIL}}
_<message>_
Where _<message>_ displays the error text.
[Top|#top]
h2. {anchor:acfdf} Post-Configuration Tasks
After you run the Delegated Administrator configuration program, you should perform the following tasks:
* [Add Mail and Calendar Services to the Default Domain|#acfdg]
* [Enforce Unique Values for Mail Attributes|#gcfeh]
* [Create Service Packages|#acfdh]
Perform the following task only if you are using an LDAP directory in Schema 2 compatibility mode:
* [Add ACIs for Schema 2 Compatibility Mode|#acfdk]
[Top|#top]
h3. {anchor:acfdg} Add Mail and Calendar Services to the Default Domain
The {{config-commda}} program creates a default domain.
If you want to create users with mail service or calendar service in the default domain, you first must add mail service and calendar service to the domain.
To perform this task, use the {{commadmin domain modify}} command with the {{\-S mail}} and {{\-S cal}} options.
The following example shows how you can use {{commadmin domain modify}} to add mail and calendar services to the default domain:
{panel}
{{commadmin domain modify -D chris -w bolton -n sesta.com -d siroe.com}}
{{ -S mail,cal -H test.siroe.com}}
{panel}
For {{commadmin}} command syntax and details, see "Chapter 5, "Command Line Utilities," in the _Sun Java System Delegated Administrator 6.4 Administration Guide_.
[Top|#top]
h3. {anchor:gcfeh} Enforce Unique Values for Mail Attributes
Messaging Server uses the following mail attributes to identify a user's email address and alternate email addresses:
* {{mail}}
* {{mailAlternateAddress}}
* {{mailEquivalentAddress}}
Each user's mail attributes should be unique across the directory.
The following procedure shows how to modify a Directory Server ldif file to enforce the uniqueness of these attributes. Whenever Delegated Administrator (or any LDAP tool) adds an entry or modifies a mail attribute, the ldif plug-in checks that the mail attribute values are unique. If an operation would cause two entries to have the same mail-attribute values, it is terminated.
For definitions of the mail attributes, see Chapter 3, "Messaging Server and Calendar Server Attributes," in the _Sun Java Communications Suite 5 Schema Reference_\|http://docs.sun.com/doc/819-4437/anoct?a=view\].
h6. {anchor:gcfqm} To enforce the uniqueness of mail attributes
h6. Before You Begin
{info:title=Note}
If you are running Directory Server 5.2.5 (Java ES Release 4) or later, follow the procedures described below.
If you are running Directory Server 5.2.4 (Java ES Release 4), you need to apply patch 5.2_Patch_4_6313027 before you begin the following procedure.
If you are running an earlier version of Directory Server, you need to upgrade to Directory Server 5.2.5 or later before you begin.
To access Directory Server patches, go to [http://sunsolve.sun.com].
{info}
# Create a text file with the following lines. Replace the parameters shown in the file with values specific to your installation:
{panel}
{{dn: cn=Uniqueness in Attribute Set,cn=plugins,cn=config}}
{{objectClass: top}}
{{objectClass: nsSlapdPlugin}}
{{objectClass: ds-signedPlugin}}
{{objectClass: extensibleObject}}
{{cn: Uniqueness in Attribute Set}}
{{nssldap-pluginPath: _server_root_/lif/uid-plugin.so}}
{{nsslapd-pluginInitfunc: NSUniqueAttrSet_Init}}
{{nsslapd-pluginType: preoperation}}
{{nsslapd-pluginEnabled: on}}
{{nsslapd-pluginarg0: attributeset=mail,mailalternateaddress,mailequivalentaddress}}
{{nsslapd-pluginarg1: _ugldapbasedn{_}}}
{{nsslapd-plugin-depends-on-type: database}}
{{nsslapd-pluginId: NSUniqueAttrSet}}
{{nsslapd-pluginVersion: 5.2}}
{{nsslapd-pluginVendor: Sun Microsystems, Inc.}}
{{nsslapd-pluginDescription: Enforce unique values among an attribute set}}
{panel}
Change the following parameters:
Replace _server_root_ with the directory underneath which your Directory Server is installed. For example: {{/var/opt/mps/serverroot}}
Replace \_ugldapbasedn_with your root suffix. Uniqueness checking is performed on all entries underneath this suffix.
# Stop Directory Server.
# Add your modified text file to the Directory Server {{dse.ldif}} file.
*Location of the dse.ldif File:*
The {{dse.ldif}} file is located in the following directory:
_server_root{_}{{/slapd\-}}{_}machine_name{_}{{/config}}
where
_ server_root\_ is the directory underneath which Directory Server is installed. For example: {{/var/opt/mps/serverroot}}
_machine_name_ is the name of the host machine where Directory Server is installed.
*Where to Add Your Text File:*
Add your text file after the {{uid uniqueness}} section of the {{dse.ldif}} file. The first line of this section (the {{dn}}) is as follows:
{{dn: cn=uid uniquenss,cn=plugins,cn=config}}
# Restart Directory Server.
When Directory Server starts, it installs the modified {{dse.ldif}} file in the directory.
h6. Troubleshooting
If Directory Server does not start because the {{dse.ldif}} file has generated an error, check the values you used to replace the parameters in the sample text file. Your LDAP root suffix and the Directory Server installation path and host machine must be correct for your installation.
If Directory Server still does not start, you can, as a last resort, remove the text file from the {{dse.ldif}} file and restart Directory Server.
[Top|#top]
h3. {anchor:acfdh} Create Service Packages
Each user and group provisioned in the LDAP directory with Delegated Administrator should have a service package. A user or group can have more than one service package.
[Top|#top]
h4. {anchor:acfdi} Predefined Class-of-Service Templates
When you run the Delegated Administrator configuration program ({{config-commda}}), you can choose to have the {{config-commda}} program install sample Class-of-Service templates in the directory.
For information about the sample Class-of-Service templates and the available mail attributes in a service package, see [Service Package Details|CommSuite:Service Package Details].
You can use the sample Class-of-Service templates to create and assign service packages. However, the sample templates are meant to be examples.
[Top|#top]
h4. {anchor:acfdj} Creating Your Own Service Packages
Most likely you will want to create your own service packages based on customized Class-of-Service templates with attribute values appropriate for the users and groups in your installation.
To create your own service packages, use the Class-of-Service templates stored in the {{da.cos.skeleton.ldif}} file, located in the following directory:
_da-base{_}{{/lib/config-templates}}
This file was created specifically for use as a template for writing customized Class-of-Service templates. It is not installed in the LDAP directory when Delegated Administrator is configured.
The {{da.cos.skeleton.ldif}} file contains a parameterized template for each Class-of-Service definition provided by Delegated Administrator:
* {{standardUserMail}}
* {{standardUserCalendar}}
* {{standardUserMailCalendar}}
* {{standardGroupMail}}
* {{standardGroupCalendar}}
* {{standardGroupMailCalendar}}
You can create your own Class-of-Service templates by using one or more of the parameterized templates in the {{da.cos.skeleton.ldif}} file.
The Class-of-Service templates in the {{da.cos.skeleton.ldif}} file are as follows:
{panel}
{{\# Templates for creating COS templates for service packages.}}
{{\#}}
{{\# There are six COS definitions :}}
{{\# standardUserMail}}
{{\# standardUserCalendar}}
{{\# standardUserMailCalendar}}
{{\# standardGroupMail}}
{{\# standardGroupCalendar}}
{{\# standardGroupMailCalendar}}
{{\#}}
{{\# Each definition can have zero or more COS templates which}}
{{\# define specific values for the attributes listed in the }}
{{\# COS definition.}}
{{\#}}
{{\# Each COS definition points to a corresponding subdirectory}}
{{\# in which COS templates for that definition (and no other}}
{{\# definition) are found. The templates directory structure}}
{{\# is as follows:}}
{{# standardUserMail => o=mailuser,o=costemplates,<ugldapbasedn>}}
{{\# standardUserCalendar => o=calendaruser,o=costemplates,}}
{{\# <ugldapbasedn>}}
{{\# standardUserMailCalendar => o=mailcalendaruser,o=costemplates,}}
{{\# <ugldapbasedn>}}
{{# standardGroupMail => o=mailgroup,o=costemplates,}}
{{\# <ugldapbasedn>}}
{{# standardGroupCalendar => o=calendargroup,o=costemplates,}}
{{\# <ugldapbasedn>}}
{{\# standardGroupMailCalendar => o=mailcalendargroup,o=costemplates,}}
{{\# <ugldapbasedn>}}
{{\#}}
{{\# Thus, all COS templates for the user mail service are found in the}}
{{\# o=mailuser,o=costemplates,<ugldapbasedn> directory, etc.}}
{{\#}}
{{\# It is not necessary to have any templates for a given definition. }}
{{\# In that case default values are assumed for those attributes defined}}
{{\# in the COS definition.}}
{{\#}}
{{\# If a template is created for a definition there should be at least}}
{{\# one attribute with a defined value.}}
{{\#}}
{{\# Consult documentation for values for the attributes. }}
{{\# Documentation includes units and default values.}}
{{\#}}
{{\# The finished COS derived from this skeleton is added to the }}
{{\# directory with the following command:}}
{{\# }}
{{\# ldapmodify -D <directory manager> -w <password> }}
{{\# -f <cos.finished.template.ldif>}}
{{\#}}
{{\#}}
{{\############################################################}}
{{\#}}
{{# standardMailUser COS template}}
{{\#}}
{{\############################################################}}
{{\# There must be a least one of the following attributes:}}
{{\# - mailMsgMaxBlocks}}
{{\# - mailQuota}}
{{\# - mailMsgQuota}}
{{\# - mailAllowedServiceAccess}}
{{\#}}
{{dn: cn=<service package name>,o=mailuser,o=cosTemplates,}}
{{ <ugldapbasedn>}}
{{changetype: add}}
{{objectclass: top}}
{{objectclass: LDAPsubentry}}
{{objectclass: extensibleobject}}
{{objectclass: cosTemplate}}
{{cn: <service package name>}}
{{mailMsgMaxBlocks: <mailMsgMaxBlocksValue>}}
{{mailQuota: <ma:ilQuotaValue>}}
{{mailMsgQuota: <mailMsgQuotaValue>}}
{{mailAllowedServiceAccess: <mailAllowedServiceAccessValue>}}
{{daServiceType: mail user#}}
{{\#}}
{{\############################################################}}
{{\#}}
{{# standardCalendarUser COS template}}
{{\#}}
{{\############################################################}}
{{\# There must be a least one of the following attributes:}}
{{\# - icsPreferredHost}}
{{\# - icsDWPHost}}
{{\# - icsFirstDay}}
{{\#}}
{{dn: cn=<service package name>,o=calendaruser,o=cosTemplates,}}
{{ <ugldapbasedn>}}
{{changetype: add}}
{{objectclass: top}}
{{objectclass: LDAPsubentry}}
{{objectclass: extensibleobject}}
{{objectclass: cosTemplate}}
{{cn: <service package name>}}
{{icsPreferredHost: <preferredHostValue>}}
{{icsDWPHost: <dwpHostValue>}}
{{icsFirstDay: <firstDayValue>}}
{{daServiceType: calendar user}}
{{\#}}
{{\#}}
{{\############################################################}}
{{\#}}
{{# standardMailCalendarUser COS template}}
{{\#}}
{{\############################################################}}
{{\# There must be a least one of the following attributes:}}
{{\# - mailMsgMaxBlocks}}
{{\# - mailQuota}}
{{\# - mailMsgQuota}}
{{\# - mailAllowedServiceAccess}}
{{\#}}
{{dn: cn=<service package name>,o=mailcalendaruser,o=cosTemplates,}}
{{ <ugldapbasedn>}}
{{changetype: add}}
{{objectclass: top}}
{{objectclass: LDAPsubentry}}
{{objectclass: extensibleobject}}
{{objectclass: cosTemplate}}
{{cn: <service package name>}}
{{mailMsgMaxBlocks: <mailMsgMaxBlocksValue>}}
{{mailquota: <mailQuotaValue>}}
{{mailmsgquota: <mailMsgQuotaValue>}}
{{mailAllowedServiceAccess: <mailAllowedServiceAccessValue>}}
{{daServiceType: calendar user}}
{{daServiceType: mail user}}
{{\#}}
{{\#}}
{{\############################################################}}
{{\#}}
{{# standardMailGroup COS template}}
{{\#}}
{{\############################################################}}
{{\# There must be a least one of the following attributes:}}
{{\# - mailMsgMaxBlocks}}
{{\#}}
{{\#}}
{{dn: cn=<service package name>,o=mailgroup,o=cosTemplates,}}
{{ <ugldapbasedn>}}
{{changetype: add}}
{{objectclass: top}}
{{objectclass: LDAPsubentry}}
{{objectclass: extensibleobject}}
{{objectclass: cosTemplate}}
{{cn: <service package name>}}
{{mailMsgMaxBlocks: <mailMsgMaxBlocksValue>}}
{{daServiceType: mail group}}
{{\#}}
{{\#}}
{{\############################################################}}
{{\#}}
{{# standardCalendarGroup COS template}}
{{\#}}
{{\############################################################}}
{{\# There must be a least one of the following attributes:}}
{{\# - icsdoublebooking}}
{{\# - icsautoaccept}}
{{\#}}
{{\#}}
{{dn: cn=<service package name>,o=calendargroup,o=cosTemplates,}}
{{ <ugldapbasedn>}}
{{changetype: add}}
{{objectclass: top}}
{{objectclass: LDAPsubentry}}
{{objectclass: extensibleobject}}
{{objectclass: cosTemplate}}
{{cn: <service package name>}}
{{icsdoublebooking: <doubleBookingValue>}}
{{icsautoaccept: <autoAcceptValue>}}
{{daServiceType: calendar group}}
{{\#}}
{{\#}}
{{\############################################################}}
{{\#}}
{{# standardMailCalendarGroup COS template}}
{{\#}}
{{\############################################################}}
{{\# There must be a least one of the following attributes:}}
{{\# - icsdoublebooking}}
{{\# - icsautoaccept}}
{{\# - mailMsgMaxBlocks}}
{{\#}}
{{\#}}
{{dn: cn=<service package name>,o=mailcalendargroup,o=cosTemplates,}}
{{ <ugldapbasedn>}}
{{changetype: add}}
{{objectclass: top}}
{{objectclass: LDAPsubentry}}
{{objectclass: extensibleobject}}
{{objectclass: cosTemplate}}
{{cn: <service package name>}}
{{mailmsgmaxblocks: <mailMsgMaxBlocksValue>}}
{{icsdoublebooking: <doubleBookingValue>}}
{{icsautoaccept: <autoAcceptValue>}}
{{daServiceType: calendar group}}
{{daServiceType: mail group}}
{panel}
h6. {anchor:gadsq} To create your own service packages
# Copy and rename one of the parameterized templates in the {{da.cos.skeleton.ldif}} file.
When you install Delegated Administrator, the {{da.cos.skeleton.ldif}} file is installed in the following directory:
_da-base{_}{{/lib/config-templates}}
Choose one of these templates in the {{da.cos.skeleton.ldif}} file to copy and rename:
{panel}
{{standardUserMail}}
{{standardUserCalendar}}
{{standardUserMailCalendar}}
{{standardGroupMail}}
{panel}
# Edit the following parameters in your copy of the template:
#* {{<ugldapbasedn>}}
Change the root suffix parameter,{{<rootSuffix>}}, to your root suffix (such as {{o=usergroup}}).
The {{<ugldapbasedn>}} parameter appears in the DN.
#* {{<service package name>}}
Change the {{<service package name>}} parameter to your own service package name.
The {{<service package name>}} parameter appears in the DN and the {{cn}}.
#* Mail attribute values:
{panel}
{{<mailMsgMaxBlocksValue> }}
{{<mailQuotaValue> }}
{{<mailMsgQuotaValue> }}
{{<mailAllowedServiceAccessValue>}}
{panel}
Edit these values to your specifications.
For example, you could enter the following values for the mail attributes:
{panel}
{{mailMsgMaxBlocks: 400 }}
{{mailQuota: 400000000 }}
{{mailMsgQuota: 5000 }}
{{mailAllowedServiceAccess: imap:ALL$+pop:ALL$+smtp:ALL$+http:ALL}}
{panel}
#* Calendar attribute values:
{panel}
{{<preferredHostValue>}}
{{<dwpHostValue>}}
{{<firstDayValue>}}
{panel}
These parameters represent values for the {{icsPreferredHost}}, {{icsDWPHost}}, and {{icsFirstDay}} LDAP attributes.
Edit these values to your specifications.
For definitions and descriptions of these attributes, see Chapter 3, "Messaging Server and Calendar Server Attributes," in the _Sun Java Communications Suite Schema Reference_.
You must use at least one attribute in a customized Class-of-Service template. You do not have to use all four mail attributes in a custom template. You can delete one or more attributes from the service package.
# Use the LDAP directory tool {{ldapmodify}} to install the service package in the directory.
For example, you could run the following command:
{{ldapmodify \-D <directory manager> \-w <password> \-f <cos.finished.template.ldif>}}
where
{{<directory manager>}} is the name of the Directory Server administrator.
{{<password>}} is the password of the Directory Service administrator.
{{<cos.finished.template.ldif>}} is the name of the edited ldif file to be installed as a service package in the directory.
Restart the web containers.
The Delegated Administrator Console loads the COS Templates, and stores them in memory. The specific behavior varies by version and by configuration. After adding a service package to the Directory Server, the DIT will be updated immediately, but the user interface may not display the Service Package immediately.
[Top|#top]
h3. {anchor:acfdk} Add ACIs for Schema 2 Compatibility Mode
If you are using an LDAP directory in Schema 2 compatibility mode, you must manually add ACIs to the directory to enable Delegated Administrator to provision in your directory. Take the following steps:
h6. {anchor:gadsp} To add ACIs for Schema 2 compatibility mode
# Add the following two ACIs to the OSI root. You can find the following two ACIs in the {{usergroup.ldif}} file, located in the {{{_}da-base_/config}} directory.
Be sure to replace {{ugldapbasedn}} with your usergroup suffix. Add the edited {{usergroup.ldif}} into the LDAP directory.
{panel}
{{\#}}
{{\# acis to limit Org Admin Role}}
{{\#}}
{{\########################################}}
{{\# dn: <local.ugldapbasedn>}}
{{\########################################}}
{{dn: <ugldapbasedn>}}
{{changetype: modify}}
{{add: aci}}
{{aci: (target="ldap:///($dn),<ugldapbasedn>")(targetattr="*")}}
{{(version 3.0; acl "Organization Admin Role access deny to org node";}}
{{deny (write,add,delete) roledn = "ldap:///cn=Organization Admin }}
{{Role,($dn),<ugldapbasedn>";)}}
{panel}
{panel}
{{dn: <ugldapbasedn>}}
{{changetype: modify}}
{{add: aci}}
{{aci: (target="ldap:///($dn),<ugldapbasedn>")(targetattr="*")}}
{{(version 3.0; acl "Organization Admin Role access allow read }}
{{to org node";}}
{{allow (read,search) roledn = "ldap:///cn=Organization Admin }}
{{Role,($dn),<ugldapbasedn>";)}}
{panel}
# Add the following two ACIs to the DC Tree root suffix. You can find the following two ACIs in the {{dctree.ldif}} file, located in the {{{_}da-base_/lib/config-templates}} directory.
Be sure to replace _dctreebasedn_ with your DC Tree root suffix and _ugldapbasedn_ with your usergroup suffix. Add the edited {{dctree.ldif}} into the LDAP directory.
{panel}
{{\#}}
{{\# acis to limit Org Admin Role}}
{{\#}}
{{\########################################}}
{{\# dn: <dctreebasedn>}}
{{\########################################}}
{{dn: <dctreebasedn>}}
{{changetype: modify}}
{{add: aci}}
{{aci: (target="ldap:///($dn),<dctreebasedn>")(targetattr="*")}}
{{(version 3.0; acl "Organization Admin Role access deny to dc node"; }}
{{deny (write,add,delete) roledn = "ldap:///cn=Organization Admin }}
{{Role,($dn),<ugldapbasedn>";)}}
{panel}
{panel}
{{dn: <dctreebasedn>}}
{{changetype: modify}}
{{add: aci}}
{{aci: (target="ldap:///($dn),<dctreebasedn>")(targetattr="*")}}
{{(version 3.0; acl "Organization Admin Role access allow read to dc }}
{{node"; allow (read,search) roledn = "ldap:///cn=Organization Admin }}
{{Role,($dn),<ugldapbasedn>";)}}
{panel}
# Add the following additional ACIs to the DC Tree root suffix. (These ACIs are not in the {{dctree.ldif}} file.)
{panel}
{{dn:<dctreebasedn> }}
{{changetype:modify}}
{{add:aci}}
{{aci: (target="ldap:///<dctreebasedn>")(targetattr="*")}}
{{(version 3.0; acl "S1IS Proxy user rights"; allow (proxy)}}
{{userdn = "ldap:///cn=puser,ou=DSAME Users,<ugldapbasedn>";)}}
{panel}
{panel}
{{dn:<dctreebasedn>}}
{{changetype:modify}}
{{add:aci}}
{{aci: (target="ldap:///<dctreebasedn>")(targetattr="*")}}
{{(version 3.0; acl "S1IS special dsame user rights for all under the }}
{{root suffix"; allow (all) userdn ="ldap:///cn=dsameuser,ou=DSAME }}
{{Users,<ugldapbasedn>";)}}
{panel}
{panel}
{{dn:<dctreebasedn>}}
{{changetype:modify}}
{{add:aci}}
{{aci: (target="ldap:///<dctreebasedn>")(targetattr="*")}}
{{(version 3.0; acl "S1IS Top-level admin rights"; }}
{{allow (all) roledn = "ldap:///cn=Top-level Admin }}
{{Role,<ugldapbasedn>";)}}
{panel}
# Set the {{com.iplanet.am.domaincomponent}} property in the {{AMConfig.properties}} file to your DC Tree root suffix.
For example, modify the following lines in the {{<}}{_}AM_base_directory{_}{{>/lib/AMConfig.properties}} [file:\\]
from
{{com.iplanet.am.domaincomponent=o=isp}}
to
{{com.iplanet.am.domaincomponent=o=internet}}
# Enable Access Manager to use compatibility mode.
In the Access Manager Console, in the Administration Console Service page, check (enable) the *Domain Component Tree Enabled* check box.
# Add the {{inetdomain}} object class to all the DC Tree nodes (such as {{dc=com,o=internet}}), as in following example:
{panel}
{{/var/mps/serverroot/shared/bin 298% ./ldapmodify }}
{{\-D "cn=Directory Manager" -w password}}
{{dn: dc=com,o=internet}}
{{changetype: modify}}
{{add: objectclass}}
{{objectclass: inetdomain}}
{panel}
# Restart the Web container.
[Top|#top]
h2. {anchor:gdwlc} Configuring Web Server to Run Delegated Administrator in SSL Mode
If you have deployed the Delegated Administrator console to Web Server 6 or Web Server 7._x_, you can run the Delegated Administrator console in SSL mode, over a secure port.
If the Delegated Administrator server is deployed to Web Server 6 or Web Server 7._x_, you can run the Delegated Administrator utility ({{commadmin}}) in SSL mode.
To enable the Delegated Administrator console and utility to use SSL access:
* For the console, complete all the steps in the SSL-configuration procedure.
* For the utility, you only have to complete Step 1 in the SSL-configuration procedure. Use the {{\-s}} option with the {{commadmin}} commands to run in SSL mode.
For Web Server 6, follow this procedure:
* [To Configure Web Server 6 to Enable Delegated Administrator to Run in SSL Mode|#gegtp]
For Web Server 7._x_, follow this procedure:
* [To Configure Web Server 7.x to Enable Delegated Administrator to Run in SSL Mode|#gdwnb]
h6. {anchor:gegtp} To Configure Web Server 6 to Enable Delegated Administrator to Run in SSL Mode
In this procedure, the certificate truststore is created in the Delegated Administrator configuration directory. For example: {{/var/_da-base_/config}}
# Request and install a certificate.
In a production environment, you must request a certificate from a Certificate Authority (CA), which issues the certificate to you. Next, you install the certificate.
In a test environment, you can create and install a self-signed certificate.
For information about requesting and installing certificates for Web Server 6, see "Using Certificates and Keys" in the ??Sun Java System Web Server 6.1 SP6 Administrator's Guide??.
After you complete this step, you can run the Delegated Administrator utility in SSL mode.
# Export the specific certificate in ASCII encoding.
For example:
{panel}
{{/opt/SUNWwbsvr/bin/https/admin/bin/certutil -L -n Server-Cert -d \ }}
{{\-P https\-_host.domain_\-_host_\-}}
{{/opt/SUNWwbsvr/alias -a > /tmp/_host_.cert}}
{panel}
where
#* {{Server-Cert}} is the default name created by the Administration interface
#* _host_ is the host name of the machine where Web Server 6 is running. For example: {{myhost}}.
#* _host.domain_ is the host and domain name of the machine where Web Server 6 is running. For example: {{myhost.siroe.com}}.
# Use the java {{keytool}} utility to import the certificate into a truststore.
This step assumes that you are creating a new truststore in the Delegated Administrator configuration directory.
## Import the certificate.
For example:
{panel}
{{cd /var/_da-base_/config}}
{{keytool -import -alias Server-Cert -file /tmp/_host_.cert}}
{{\-keystore truststore}}
{panel}
## Enter a password when the {{keytool}} prompts you for one.
# Define the {{ssl.truststore}} property in the JVM Setting for the Web Server 6 instance configuration.
For example:
{panel}
{{\-Djavax.net.ssl.trustStore=/var/_da-base_/config/truststore}}
{{Djavax.net.ssl.trustStorePassword=_password{_}}}
{panel}
where _password_ is the password you entered at the {{keytool}} prompt.
# Modify the following property in the JVM Setting for the Web Server 6 instance configuration.
Change
{panel}
{{\-Djava.protocol.handler.pkgs=com.iplanet.services.comm}}
{panel}
to the following value:
{panel}
{{\-Djava.protocol.handler.pkgs=com.sun.identity.protocol}}
{panel}
# Change the following properties in the {{daconfig.properties}} file:
## Open the {{daconfig.properties}} file in a text editor.
The {{daconfig.properties}} file is located by default in the Delegated Administrator configuration directory:
{panel}
{{{_}da-base_/data/da/WEB-INF/classes/com/sun/comm/da/resources}}
{panel}
(In a later step, you will deploy the {{daconfig.properties}} file to the Web Server 6 configuration directory.)
## Change the property values as follows:
{panel}
{{commadminserver.host=_host.domain{_}}}
{{commadminserver.port=_port{_}}}
{{commadminserver.usessl=true}}
{panel}
where _host.domain_ is the host and domain name of the machine where Web Server 6 is running. For example: {{myhost.siroe.com}}.
And where _port_ is the SSL port. For example: 443.
# Deploy the Web Server 6 configuration and restart the instance:
## Run the Web Server 6 deploy script:
{panel}
{{{*}{_}da-base{_}{*}*/sbin/config-wbsvr-da{*}}}
{panel}
## Restart the Web Server 6 instance.
h6. {anchor:gdwnb} To Configure Web Server 7.x to Enable Delegated Administrator to Run in SSL Mode
In this procedure, the certificate truststore is created in the Delegated Administrator configuration directory. For example: {{/var/_da-base_/config}}
# Request and install a certificate.
In a production environment, you must request a certificate from a Certificate Authority (CA), which issues the certificate to you. Next, you install the certificate.
In a test environment, you can create and install a self-signed certificate.
For information about requesting and installing certificates for Web Server 7._x_, see [Managing Certificates in ??Sun Java System Web Server 7.0 Administrator's Guide??|http://docs.sun.com/doc/819-2629/gdhfz?a=view].
After you complete this step, you can run the Delegated Administrator utility in SSL mode.
# Run the {{certutil}} utility to list all certificates in the certificate database.
For example:
{panel}
{{cd /var/_da-base_/config}}
{{/usr/sfw/bin/certutil -L -d }}
{{/var/opt/SUNWwbsvr7/https\-_host.domain_/config}}
{panel}
where _host.domain_ is the host and domain name of the machine where Web Server 7._x_ is running. For example: {{myhost.siroe.com}}
# Export the specific certificate in ASCII encoding.
For example:
{panel}
{{/usr/sfw/bin/certutil -L -n cert\-_host.domain_ -d}}
{{/var/opt/SUNWwbsvr7/https\-_host.domain_/config}}
{{\-a > _host_.cert}}
{panel}
where _host_ and _host.domain_ are the host name or host and domain name of the machine where Web Server 7._x_ is running.
# Use the java {{keytool}} utility to import the certificate into a truststore.
This step assumes that you are creating a new truststore in the Delegated Administrator configuration directory.
## Import the certificate.
For example:
{panel}
{{keytool -import -alias cert\-_host.domain_ -file _host_.cert}}
{{\-keystore truststore}}
{panel}
## Enter a password when the {{keytool}} prompts you for one.
# Define the {{ssl.truststore}} property in the JVM Setting for the Web Server 7._x_ instance configuration.
For example:
{panel}
{{\-Djavax.net.ssl.trustStore=/var/_da-base_/config/truststore }}
{{\-Djavax.net.ssl.trustStorePassword=_password{_}}}
{panel}
where _password_ is the password you entered at the {{keytool}} prompt.
# Modify the following property in the JVM Setting for the Web Server 7._x_ instance configuration.
Change
{panel}
{{\-Djava.protocol.handler.pkgs=com.iplanet.services.comm}}
{panel}
to the following value:
{panel}
{{\-Djava.protocol.handler.pkgs=com.sun.identity.protocol}}
{panel}
# Change the following properties in the {{daconfig.properties}} file:
## Open the {{daconfig.properties}} file in a text editor.
The {{daconfig.properties}} file is located by default in the Delegated Administrator configuration directory:
{panel}
{{{_}da-base_/data/da/WEB-INF/classes/com/sun/comm/da/resources}}
{panel}
(In a later step, you will deploy the {{daconfig.properties}} file to the Web Server 7._x_ configuration directory.)
## Change the property values as follows:
{panel}
{{commadminserver.port=_port{_}}}
{{commadminserver.usessl=true}}
{panel}
where _port_ is the SSL port. For example: 443.
# Deploy the Web Server 7._x_ configuration and restart the instance:
## Run the Web Server 7._x_ deploy script:
{panel}
{{{*}{_}da-base{_}{*}*/sbin/config-wbsvr7x-da{*}}}
{panel}
## Restart the Web Server 7._x_ instance.
h1. {anchor:ACFCK} Completing the Delegated Administrator 6.4 Installation: Initial Configuration
The Delegated Administrator configuration program ({{config-commda}}) creates a new configuration with your specific requirements. This initial runtime configuration program performs minimal configuration.
After you run the program, complete the initial configuration by following the steps described in [Post-Configuration Tasks|#acfdf].
You can further customize your Delegated Administrator configuration by performing the tasks described in [CommSuite:Customizing Delegated Administrator].
You might need to perform additional configuration, as described in the _Sun Java System Messaging Server Administration Guide_.
The following topics are described in this article:
{toc:minLevel=2|maxLevel=2}
h2. {anchor:ganxs} If You Are Upgrading from a Previous Release of Delegated Administrator
If you are configuring Delegated Administrator for the first time, you can skip this section and go directly to the section, [Choose Which Components to Configure|#acfcl].
If you are upgrading to this release of Delegated Administrator from an earlier release, and you have customized your configuration, you might have to take steps to preserve your customizations.
For instructions on how to upgrade Delegated Administrator from a previous version, see [Delegated Administrator Upgrade].
To learn how to preserve your customized configuration, see [Preserving Customized Data When You Upgrade Delegated Administrator|Delegated Administrator Upgrade#ganxs].
h2. {anchor:acfcl} Choose Which Components to Configure
The third panel in the configuration program asks which Delegated Administrator components you want to configure:
* *Delegated Administrator Utility (client)*---the command-line interface invoked with {{commadmin}}.
* *Delegated Administrator Console*---the Delegated Administrator graphical user interface (GUI).
* *Delegated Administrator Server*---the Delegated Administrator server components required to run the Delegated Administrator utility and console.
The configuration program displays different panels depending on which components you select.
The following steps summarize the configuration choices. Each summary step (below) links you to a section (later in this article) that walks you through the actual configuration panels.
h6. {anchor:GADPU} Summary of Configuration Choices
# [Starting the Configuration|#acfcp]\\
Enter the information requested in these panels to begin the configuration.\\
\\
# [Configuring the Delegated Administrator Utility|#acfcq]\\
These panels follow directly after the _Select Components to Configure_ panel. They ask for information used to configure the Delegated Administrator utility.\\
#* The standard approach is to configure the Delegated Administrator utility with the other two components, the server and console, on the same machine.\\
You must configure the Delegated Administrator utility on all machines on which you install a Delegated Administrator server.\\
\\
#* You can also configure the Delegated Administrator utility and console on a separate machine. On the machine on which you configure the utility and console, you would select only those components on the _Select Components to Configure_ panel.\\
In this case, you must run the configuration program again on the machine where you configure the server.\\
# [Configuring the Delegated Administrator Console|#acfcr]\\
These panels follow the panels that configure the utility.\\
You can choose whether or not to configure the Delegated Administrator console.\\
#* If you configure the Delegated Administrator console and server on the same machine, you would select both the console and the server in _Select Components to Configure_ panel.\\
#* You also can configure the Delegated Administrator console and server on different machines.\\
On the machine on which you configure the console, you would select only the console on the _Select Components to Configure_ panel. The utility is selected by default; be sure it remains selected.\\
In this case, you must run the configuration program again on the machine on which you configure the server.\\
If you configure the console and server on different machines, the utility is configured on _both_ machines.\\
The configuration program displays different panels depending on which Web container you select for the console. You can deploy to one of the following Web containers:\\
\\
#* Sun Java System Web Server 6._x_ \[WEB\]
#* Sun Java System Web Server 7._x_ \[WEB7\]
#* Sun Java System Application Server 7._x_ \[APP7\]
#* Sun Java System Application Server 8._x_ or higher\[APP8\]
If you are configuring the Delegated Administrator server and console on one machine, you will go through these instructions _twice_ (once for the server, once for the console).\\
# [Configuring the Delegated Administrator Server|#acfcv]\\
These panels follow the panels that configure the console.\\
You can choose whether or not to configure the Delegated Administrator server on a given machine.\\
If you do not choose to configure the server on a given machine, the configuration program warns you that you must configure it on another machine. The server component is required for running the utility and console.\\
All other considerations for deploying the server are the same as those for the console, as (described in [Configuring the Delegated Administrator Console|#acfcr]).
{info:title=Note}{*}The Delegated Administrator server uses the same Web container as Access Manager.* The configuration program asks for Web container information after it asks for the Access Manager base directory.
{info}
# [Completing the Configuration|#acfcw]\\
Enter the information requested in these panels to complete the configuration.
[Top|#top]
h2. {anchor:acfcm} Run the Configuration Program
The steps described in this section walk you through configuring Delegated Administrator.
*NOTE:* _da-base_ is {{/opt/sun/comms/da}} by default on all platforms; use this value unless you chose a different path during installation. In Communications Suite 5, the Solaris value is: {{/opt/SUNWcomm/}}.
h3. {anchor:ACFCO} Launching the Configuration Program
To run the configuration program, log in as (or become) root and go to the {{{_}da-base_/sbin}} directory. Then enter the command:
{panel}
{{*\# ./config-commda{*}}}
{panel}
Once you run the {{config-commda}} command, the configuration program starts.
For example, in Communication Suite 5 in Solaris, the command is: {{/opt/SUNWcomm/sbin/config-commda}}.
The sections that follow lead you through the configuration panels.
[Top|#top]
h3. {anchor:acfcp} Starting the Configuration
You must enter the information requested in the first configuration-program panels.
h6. {anchor:gadqc} To start the configuration
# *Welcome*
\\
The first panel in the configuration program is a copyright page. Click {{{*}Next{*}}} to continue or {{{*}Cancel{*}}} to exit.\\
\\
# *Select directory to store configuration and data files*
\\
Select the directory where you want to store the Delegated Administrator configuration and data files. The default configuration directory is {{/var/_da-base_}}. This directory should be separate from the _da-base_ directory, (which is {{/opt/sun/comms/da}} by default).
\\
Enter the name of the directory, or keep the default and click {{{*}Next{*}}} to continue.
\\
If the directory does not exist, a dialog appears asking if you want to create the directory or choose a new directory. Click {{{*}Create Directory{*}}} to create the directory or {{{*}Choose New{*}}} to enter a new directory.
\\
A dialog appears indicating that the components are being loaded. This may take a few minutes.\\
\\
# *Select components to configure*
\\
Select the component or components you want to configure on the Components Panel.
#* *Delegated Administrator Utility (client)*---the command-line interface invoked with {{commadmin}}. This component is required and is selected by default. It cannot be deselected.
#* *Delegated Administrator Console*---the Delegated Administrator graphical user interface (GUI).
#* *Delegated Administrator Server*---the Delegated Administrator server components required to run commadmin or the Delegated Administrator console.
Click {{{*}Next{*}}} to continue, {{{*}Back{*}}} to return to the previous panel, or {{{*}Cancel{*}}} to exit.
For more information about how to choose components, see [Choose Which Components to Configure|#acfcl]
If you choose not to configure the Delegated Administrator server, a dialog box cautions you that you must configure the Delegated Administrator Server on another machine. The server must be configured to enable the Delegated Administrator utility and console to work.
[Top|#top]
h3. {anchor:acfcq} Configuring the Delegated Administrator Utility
You must configure the Delegated Administrator utility on all machines on which you install a Delegated Administrator component (server or console).
h6. {anchor:gadpq} To configure the Delegated Administrator Utility
# *Access Manager host name and port number*
\\
Enter the Access Manager host name and port number. If you are installing the Delegated Administrator server component, you must install it on the same host as Access Manager.
\\
Click {{{*}Next{*}}} to continue, {{{*}Back{*}}} to return to the previous panel, or {{{*}Cancel{*}}} to exit.\\
\\
# *Default domain*
\\
Enter the default domain for the Top-Level Administrator. This is the domain used when a domain is not explicitly specified by the {{\-n}} option when executing the {{commadmin}} command-line utility. This is also known as the default organization. If the domain specified does not exist in the directory, it will be created.
\\
Click {{{*}Next{*}}} to continue, {{{*}Back{*}}} to return to the previous panel, or {{{*}Cancel{*}}} to exit.\\
\\
# *Default SSL port for client*
\\
Enter the default SSL port that the Delegated Administrator utility uses.
\\
Click {{{*}Next{*}}} to continue, {{{*}Back{*}}} to return to the previous panel, or {{{*}Cancel{*}}} to exit.
* If you chose to configure only the Delegated Administrator utility, go on to
[Completing the Configuration|#acfcw]
* If you chose to configure both the Delegated Administrator console and the server, or if you chose to configure the console only, go on to
[Configuring the Delegated Administrator Console|#acfcr]
* If you chose to configure the Delegated Administrator server only (together with the required Delegated Administrator utility), go on to
[Configuring the Delegated Administrator Server|#acfcv]
[Top|#top]
h3. {anchor:acfcr} Configuring the Delegated Administrator Console
The configuration program now displays the following panel:
*Select a Web Container for Delegated Administrator*
Select the Web container on which you will deploy the Delegated Administrator console. You can configure Delegated Administrator on
* Sun Java System Web Server 6._x_ \[WEB\]
* Sun Java System Web Server 7._x_ \[WEB7\]
* Sun Java System Application Server 7._x_ \[APP7\]
* Sun Java System Application Server 8._x_ or higher\[APP8\]
Click {{{*}Next{*}}} to continue, {{{*}Back{*}}} to return to the previous panel, or {{{*}Cancel{*}}} to exit.
This panel and the panels that follow gather information about the Web container for the Delegated Administrator console. Follow the instructions in the appropriate section:
* [Web Server 6.x Configuration|#acfcs]
* [Web Server 7.x Configuration|#gbpmh]
* [Application Server 7.x Configuration|#acfct]
* [Application Server 8.x or higher Configuration|#acfcu]
You can deploy the Delegated Administrator console and server on two different Web containers, on two different instances of the Web container, or on the same Web container.
If you chose to configure both the Delegated Administrator console and Delegated Administrator server in Panel 3, a second series of panels will ask for Web container information for the server.
Thus, you will see the Web container configuration panels twice. Follow the appropriate instructions for deploying each of the Delegated Administrator components.
*When you complete the Web container configuration panels, take one of the following actions:*
* If you chose to configure both the Delegated Administrator console and the server, go on to
[Configuring the Delegated Administrator Server|#acfcv]
* If you chose to configure the Delegated Administrator console only (together with the required Delegated Administrator utility), go on to
[Completing the Configuration|#acfcw]
[Top|#top]
h4. {anchor:acfcs} Web Server 6._x_ Configuration
If you are deploying the Delegated Administrator server or console on Web Server 6._x_, follow the steps described in this section.
h6. {anchor:gadry} To Configure Web Server 6._x_
# *Web Server 6.x Configuration Details*
\\
The panel text tells you if you are providing Web Server 6._x_ configuration information for the Delegated Administrator server or console.
\\
** Enter the Web Server 6._x_ root directory. You can browse to select the directory.
\\
** Enter the Web Server 6._x_ instance identifier. This can be specified by a _host.domain_ name such as {{west.sesta.com}}.
\\
** Enter the virtual server identifier. This can be specified by a {{https\-}}{_}host.domain_ name such as {{https-west.sesta.com}}.
\\
For more information about the Web Server 6._x_ instance identifier and virtual server identifier, see the Web Server documentation.
\\
Files for the Web Server 6._x_ instance are stored in the {{https\-}}{_}host{_}{{.}}{_}domain_ directory under the Web Server 6._x_ installation directory, for example {{/opt/SUNWwbsvr/https-west.sesta.com}}.
\\
** Enter the HTTP port number that the specified virtual server listens to.
\\
Click {{{*}Next{*}}} to continue, {{{*}Back{*}}} to return to the previous panel, or {{{*}Cancel{*}}} to exit.
\\
The configuration program checks if the values you specified are valid. If a directory or identifier is invalid or does not exist, a dialog box tells you to choose a new value.
\\
Next, the configuration program checks if a Web Server 6._x_ instance connection is alive. If not, a dialog box warns you that the configuration program could not connect to the specified instance and your configuration may not be completed. You can accept the specified values or choose new Web Server 6._x_ configuration values.
\\
# *Default Domain Separator*
\\
This panel appears only if you are configuring the Delegated Administrator console. The domain separator is needed to configure the console; this information is not related to the Web container.
\\
Enter the default domain separator to be used for authentication when the user logs on. For example: {{@}}.\\
\\
# *If you are configuring the Delegated Administrator console, take one of the following actions:*
** If you chose to configure both the Delegated Administrator console and the server, go on to [Configuring the Delegated Administrator Server|#acfcv]
** If you chose to configure the Delegated Administrator console only (together with the required Delegated Administrator utility), go on to [Completing the Configuration|#acfcw]
** If you are configuring the Delegated Administrator server, go on to [Step 3|#gadsk] in [Configuring the Delegated Administrator Server|#acfcv].
[Top|#top]
h4. {anchor:gbpmh} Web Server 7._x_ Configuration
If you are deploying the Delegated Administrator server or console on Web Server 7._x_, follow the steps described in this section.
h6. {anchor:gbpna} To Configure Web Server 7._x_
# *Web Server 7.x Configuration Details*
\\
The panel text tells you if you are providing Web Server 7._x_ configuration information for the Delegated Administrator server or console.
\\
** Enter the Web Server 7._x_ server root directory. The Web Server software files are installed in this directory. You can browse to select the directory. The default value is {{/opt/SUNWwbsvr7}}.
\\
** Enter the Web Server 7._x_ configuration root directory. The Web Server configuration files are installed in this directory. You can browse to select the directory. The default value is {{/var/opt/SUNWwbsvr7}}.
\\
** Enter the Web Server 7._x_ instance identifier. This can be specified by a _host.domain_ name such as {{west.sesta.com}}.
\\
** Enter the virtual server identifier. This can be specified by a _host.domain_ name such as {{west.sesta.com}}.
\\
For more information about the Web Server 7._x_ instance identifier and virtual server identifier, see the Web Server documentation.
\\
Files for the Web Server 7._x_ instance are stored in the {{https\-}}{_}host{_}{{.}}{_}domain_ directory under the Web Server 7._x_ configuration directory, for example {{/var/opt/SUNWwbsvr7/https-west.sesta.com}}.
\\
** Enter the HTTP port number that the specified virtual server listens to. For example: {{80}}.
\\
Click {{{*}Next{*}}} to continue, {{{*}Back{*}}} to return to the previous panel, or {{{*}Cancel{*}}} to exit.
\\
The configuration program checks if the values you specified are valid. If a directory or identifier is invalid or does not exist, a dialog box tells you to choose a new value.
\\
Next, the configuration program checks if a Web Server 7._x_ instance connection is alive. If not, a dialog box warns you that the configuration program could not connect to the specified instance and your configuration may not be completed. You can accept the specified values or choose new Web Server 7._x_ configuration values.
\\
# *Web Server 7.x: Administration Instance Details*
\\
** Enter the Administration Server port number. For example: {{8800}}
\\
** Enter the Administration Server administrator user ID. For example: {{admin}}
\\
** Enter the administrator user password.
\\
If you are using a secure Administration Server instance, check the *Secure Administration Server Instance* box. If you are not, leave the box unchecked.
\\
Click {{{*}Next{*}}} to continue, {{{*}Back{*}}} to return to the previous panel, or {{{*}Cancel{*}}} to exit.
\\
# *Default Domain Separator*
\\
This panel appears only if you are configuring the Delegated Administrator console. The domain separator is needed to configure the console; this information is not related to the Web container.
\\
Enter the default domain separator to be used for authentication when the user logs on. For example: {{@}}.
\\
*If you are configuring the Delegated Administrator console, take one of the following actions:*
* If you chose to configure both the Delegated Administrator console and the server, go on to [Configuring the Delegated Administrator Server|#acfcv]
* If you chose to configure the Delegated Administrator console only (together with the required Delegated Administrator utility), go on to [Completing the Configuration|#acfcw]
*If you are configuring the Delegated Administrator server: Go on to [Step 3|#gadsk] in [Configuring the Delegated Administrator Server|#acfcv].
[Top|#top]
h4. {anchor:acfct} Application Server 7._x_ Configuration
If you are deploying the Delegated Administrator server or console on Application Server 7._x_, follow the steps described in this section.
h6. {anchor:gadrv} To configure Application Server 7._x_
# *Application Server 7.x Configuration Details*
The panel text tells you if you are providing Application Server 7._x_ configuration information for the Delegated Administrator server or console.
Enter the Application Server installation directory. By default, this directory is {{/opt/SUNWappserver7}}.
Enter the Application Server domain directory. By default, this directory is {{/var/opt/SUNWappserver7/domains/domain1}}.
Enter the Application Server document root directory. By default, this directory is{{/var/opt/SUNWappserver7/domains/domain1/server1/docroot}}.
You can browse to select any of these directories.
Enter the Application Server instance name. For example: {{server1}}.
Enter the Application Server virtual server identifier. For example: {{server1}}.
Enter the Application Server instance HTTP port number.
Click {{{*}Next{*}}} to continue, {{{*}Back{*}}} to return to the previous panel, or {{{*}Cancel{*}}} to exit.
The configuration program checks if the directories you specified are valid. If a directory is invalid or does not exist, a dialog box tells you to choose a new directory.
Next, the configuration program checks if an Application Server instance connection is alive. If not, a dialog box warns you that the configuration program could not connect to the specified instance and your configuration may not be completed. You can accept the specified values or choose new Application Server configuration values.
# *Application Server 7.x: Administration Instance Details*
Enter the Administration Server port number. For example: {{4848}}
Enter the Administration Server administrator user ID. For example: {{admin}}
Enter the administrator user password.
If you are using a secure Administration Server instance, check the *Secure Administration Server Instance* box. If you are not, leave the box unchecked.
Click {{{*}Next{*}}} to continue, {{{*}Back{*}}} to return to the previous panel, or {{{*}Cancel{*}}} to exit.
# *Default Domain Separator*
This panel appears only if you are configuring the Delegated Administrator console. The domain separator is needed to configure the console; this information is not related to the Web container.
Enter the default domain separator to be used for authentication when the user logs on. For example: {{@}}.
# *If you are configuring the Delegated Administrator console, take one of the following actions:*
#* If you chose to configure both the Delegated Administrator console and the server, go on to
[Configuring the Delegated Administrator Server|#acfcv]
#* If you chose to configure the Delegated Administrator console only (together with the required Delegated Administrator utility), go on to
[Completing the Configuration|#acfcw]
*If you are configuring the Delegated Administrator server:*
Go on to
[Step 3|#gadsk] in [Configuring the Delegated Administrator Server|#acfcv].
[Top|#top]
h4. {anchor:acfcu} Application Server 8._x_ or higher Configuration
If you are deploying the Delegated Administrator server or console on Application Server 8._x_ or higher, follow the steps described in this section.
h6. {anchor:gadsf} To configure Application Server 8._x_ or higher
# *Application Server 8.x or higher Configuration Details*
The panel text tells you if you are providing Application Server 8._x_ or higher configuration information for the Delegated Administrator server or console.
Enter the Application Server installation directory. By default, this directory is {{/opt/SUNWappserver/appserver}}.
Enter the Application Server domain directory. By default, this directory is {{/var/opt/SUNWappserver/domains/domain1}}.
Enter the Application Server document root directory. By default, this directory is {{/var/opt/SUNWappserver/domains/domain1/docroot}}.
You can browse to select any of these directories.
Enter the Application Server target name. For example: {{server}}.
Enter the Application Server virtual server identifier. For example: {{server}}.
{info:title=Note}If you are running the {{config-commda}} program to upgrade Delegated Administrator, and you also have upgraded Application Server from version 7 to version 8._x_, specify the following values for the Application Server target name and virtual server identifier:
##* Target name: {{server1}}
##* Virtual server identifier: {{server}}
You must specify these values because the {{asupgrade}} utility migrates the Application Server 7 {{server1}} instance into the Application Server 8._x_ or higher {{server1}} target running under a nodeagent. However, {{asupgrade}} changes the value of the virtual server from {{server1}} in Application Server 7 to {{server}} in Application Server 8._x_ or higher.
{info}Enter the Application Server target HTTP port number.
Click {{{*}Next{*}}} to continue, {{{*}Back{*}}} to return to the previous panel, or {{{*}Cancel{*}}} to exit.
The configuration program checks if the directories you specified are valid. If a directory is invalid or does not exist, a dialog box tells you to choose a new directory.
Next, the configuration program checks if an Application Server target connection is alive. If not, a dialog box warns you that the configuration program could not connect to the specified target and your configuration may not be completed. You can accept the specified values or choose new Application Server configuration values.
{note:title=Note}
If you are deploying the Delegated Adminstrator server or console on Application Server 9.x, please note that the default installation directories are different from those for Application Server 8.x as follow:
Enter the Application Server installation directory. By default, this directory is {{/opt/SUNWappserver}}.
Enter the Application Server domain directory. By default, this directory is {{/opt/SUNWappserver/domains/domain1}}.
Enter the Application Server document root directory. By default, this directory is {{/opt/SUNWappserver/domains/domain1/docroot}}.
{note}
# *Application Server 8.x or higher: Administration Instance Details*
Enter the Administration Server port number. For example: {{4849}}
Enter the Administration Server administrator user ID. For example: {{admin}}
Enter the administrator user password.
If you are using a secure Administration Server instance, check the *Secure Administration Server Instance* box. If you are not, leave the box unchecked.
Click {{{*}Next{*}}} to continue, {{{*}Back{*}}} to return to the previous panel, or {{{*}Cancel{*}}} to exit.
# *Default Domain Separator*
This panel appears only if you are configuring the Delegated Administrator console. The domain separator is needed to configure the console; this information is not related to the Web container.
Enter the default domain separator to be used for authentication when the user logs on. For example: {{@}}.
# *If you are configuring the Delegated Administrator console, take one of the following actions:*
#* If you chose to configure both the Delegated Administrator console and the server, go on to
[Configuring the Delegated Administrator Server|#acfcv]
#* If you chose to configure the Delegated Administrator console only (together with the required Delegated Administrator utility), go on to
[Completing the Configuration|#acfcw]
*If you are configuring the Delegated Administrator server:*
Go on to
[Step 3|#gadsk] in [Configuring the Delegated Administrator Server|#acfcv].
[Top|#top]
h3. {anchor:acfcv} Configuring the Delegated Administrator Server
If you chose to configure the Delegated Administrator server, the configuration program displays the following panels.
h6. {anchor:gadso} To configure Delegated Administrator Server
# *Access Manager base directory*
Enter the Access Manager Base Directory. The default directory is {{/opt/SUNWam}}.
Click {{{*}Next{*}}} to continue, {{{*}Back{*}}} to return to the previous panel, or {{{*}Cancel{*}}} to exit.
The configuration program checks if a valid Access Manager base directory is specified. If not, a dialog box displays indicating that an existing Access Manager base directory must be selected.
# Next, a Web container *Configuration Details* panel appears.
If you chose to configure the console and server, this is the second time a Web container *Configuration Details* panel appears.
The Delegated Administrator server is deployed to the same Web container as Access Manager. (You cannot choose a Web container for the Delegated Administrator server.)
Follow the instructions in the appropriate section:
#* [Web Server 6.x Configuration|#acfcs]
#* [Application Server 7.x Configuration|#acfct]
#* [Application Server 8.x or higher Configuration|#acfcu]
# {anchor:GADSK} *Directory (LDAP) Server*
This panel asks for information about connecting to the LDAP Directory Server for the user/group suffix.
Enter the User and Group Directory Server LDAP URL (*LdapURL*), Directory Manager (*Bind As*), and password in the text boxes.
The Directory Manager has overall administrator privileges on the Directory Server and all Sun Java System servers that make use of the Directory Server (for example, Delegated Administrator) and has full administration access to all entries in the Directory Server. The default and recommended Distinguished Name (DN) is {{cn=Directory Manager}}.
Click {{{*}Next{*}}} to continue, {{{*}Back{*}}} to return to the previous panel, or {{{*}Cancel{*}}} to exit.
# *Access Manager Top-Level Administrator*
Enter the user ID and password for the Access Manager Top-Level Administrator. The user ID and password are created when Access Manager is installed. The value, {{amadmin}}, is hard-coded in AM.
Click {{{*}Next{*}}} to continue, {{{*}Back{*}}} to return to the previous panel, or {{{*}Cancel{*}}} to exit.
# *Access Manager internal LDAP authentication password*
Enter the password for the Access Manager Internal LDAP authentication user.
The authentication user name is hard-coded as {{amldapuser}}. It is created by the Access Manager installer and is the Bind DN user for the LDAP service.
Click {{{*}Next{*}}} to continue, {{{*}Back{*}}} to return to the previous panel, or {{{*}Cancel{*}}} to exit.
# *Organization Distinguished Name (DN)*
Enter the Organization DN for the default domain. For example, if your organization DN is {{o=siroe.com}}, all the users in that organization will be placed under the LDAP DN {{o=siroe.com, o=usergroup}}, where {{o=usergroup}} is your root suffix.
By default, the configuration program adds the default domain under the root suffix in the LDAP directory.
If you want to create the default domain at the root suffix (not underneath it), delete the organization name from the DN that appears in the *Organization Distinguished Name (DN)* text box.
For example, if your organization DN is {{o=siroe.com}} and your root suffix is {{o=usergroup}}, delete {{"o=siroe.com"}} from the DN in the text box; leave only {{o=usergroup}}.
If you choose to create the default domain at the root suffix, and if you later decide to use hosted domains, it can be difficult to migrate to the hosted-domain configuration. The {{config-commda}} program displays the following warning:
"The Organization DN you chose is the User/Group Suffix. Although this is a valid choice, if you ever decide to use hosted domains, there will be difficult migration issues. If you do wish to use hosted domains, then specify a DN one level below the User/Group suffix."
For more information, see [Directory Structure Supporting a One-Tiered Hierarchy|CommSuite:Delegated Administrator Overview#ACFBB].
Click {{{*}Next{*}}} to continue, {{{*}Back{*}}} to return to the previous panel, or {{{*}Cancel{*}}} to exit.
# *Top-Level Administrator for the default organization*
Enter the user ID and password for the Top-Level Administrator that is to be created in the default domain (organization).
A \*Confirm Password*field asks you to enter the password a second time.
Click {{{*}Next{*}}} to continue, {{{*}Back{*}}} to return to the previous panel, or {{{*}Cancel{*}}} to exit.
# *Service Package and Organization Samples*
You can choose to add sample service packages and sample organizations to your LDAP directory.
*Load sample service packages*. Select this option if you want to use or modify sample service package templates to create your own Class-of-Service packages.
*Load sample organizations*. Select this option if you want your LDAP directory tree to contain sample provider organization nodes and subordinate organization nodes.
You can select
#* Both the sample service packages and the sample organizations
#* Only one of these options
#* Neither option
*Preferred Mailhost for Sample*. Enter the name of the machine on which Messaging Server is installed.
For example: {{mymachine.siroe.com}}
If you chose to load the sample organizations into your LDAP directory, you must enter a preferred mail host name for these samples.
For information about service packages and organizations, see Chapter 2, "Delegated Administrator Overview," in the _Sun Java System Delegated Administrator 6.4 Administration Guide_.
After you run the configuration program, you must modify the service package templates to create your own Class-of-Service packages. For information about this post-configuration task, see [Create Service Packages|#acfdh].
[Top|#top]
h3. {anchor:acfcw} Completing the Configuration
Take the steps described in this section to finish running the configuration program.
h6. {anchor:gadsu} To complete the configuration
# *Ready to Configure*
\\
The verification panel displays the items that will be configured.
\\
Click {{{*}Configure Now{*}}} to begin the configuration, {{{*}Back{*}}} to return to any previous panel to change information, or {{{*}Cancel{*}}} to exit.\\
\\
# *Task Sequence*
\\
A sequence of tasks being performed is displayed on the Task Sequence Panel. This is when the actual configuration takes place.
\\
When the panel displays "All Tasks Passed" you can click {{{*}Next{*}}} to continue or {{{*}Cancel{*}}} stop the tasks from being performed and exit.
\\
A dialog box appears reminding you to restart the Web container in order for configuration changes to take effect.\\
\\
# *Installation Summary*
\\
The Installation Summary panel displays the product installed and a {{{*}Details...*}} button that displays more information about this configuration.
Click {{{*}Close{*}}} to complete the configuration.
[Top|#top]
h3. {anchor:acfcx} Restarting the Web Container
After you complete the Delegated Administrator configuration, you must restart the Web container to which Delegated Administrator is deployed.
[Top|#top]
h3. {anchor:acfcy} Configuration and Log Files Deployed by the {{config-commda}} Program
[Top|#top]
h4. {anchor:acfcz} Configuration Files
Using the information you provided in the panels, the {{config-commda}} program deploys the following configuration files for the three Delegated Administrator components:
* Delegated Administrator utility:
** {{cli-usrprefs.properties}}
Location: _da-base{_}{{/data/config}}
* Delegated Administrator server:
** {{resource.properties}}
* Delegated Administrator console:
** {{daconfig.properties}}
** {{Resources.properties}}
** {{Security.properties}}
** {{logger.properties}}
(The {{logger.properties}} file specifies the location of log files and whether or not logging is enabled. It is a configuration file, not a log file.)
The {{config-commda}} program deploys the configuration files to the application repository of the Web container where you deployed Delegated Administrator. For a list of the deployed locations of the files, see [Deployed Locations of the Configuration Files|http://docs.sun.com/app/docs/doc/819-4438/gbrdp?a=view].
For information about the properties contained in the configuration files and how to edit these properties to customize your configuration, see Chapter 4, "Customizing Delegated Administrator," in the _Sun Java System Delegated Administrator 6.4 Administration Guide_.
[Top|#top]
h4. {anchor:acfda} Log Files
A log file for the config-commda program is created in the da-base/install directory. The name of the log file is commda-config_YYYYMMDDHHMMSS.log, where YYYYMMDDHHMMSS identifies the 4-digit year, month, date, hour, minute, and second of the configuration.[Top|#top]
NOTE: The process described in this document is called "configuration", but the directory of the configuration logs is "install".
A commda-config_YYYYMMDDHHMMSS.log file is created every time config-commda is run, even if the configuration is not completed.
A commda-config_YYYYMMDDHHMMSS.log directory is created when a configuration process is completed. It contains many of the configuration and data files used during the configuration session.
The "install" directory is best viewed with the {{ls -F}} command:
{noformat}
# ls -F
commda-config_20081118183153/
commda-config_20081118183153.log
{noformat}
h2. {anchor:acfdb} Perform Silent Installation
The Delegated Administrator utility initial runtime configuration program automatically creates a silent installation state file (called {{saveState}}). This file contains internal information about the configuration program, and is used for running silent installs.
The silent installation {{saveState}} file is stored in the {{{_}da-base_/data/setup/commda-config\_}}{_}YYYYMMDDHHMMSS{_}{{/}} directory, where _YYYYMMDDHHMMSS_ identifies the 4-digit year, month, date, hour, minute, and second of the {{saveState}} file.
For example, once you have run the {{config-commda}} program once, you can run it in silent install mode:
{panel}
{{ _da-base_/sbin/config-commda -nodisplay -noconsole -state}}
{{ _fullpath_/saveState}}
{panel}
The _fullpath_ variable is the full directory path of where the {{saveState}} file is located.
[Top|#top]
h2. {anchor:acfdc} Run Delegated Administrator Console and Utility
h3. {anchor:acfdd} Launching the Console
The Delegated Administrator console is launched by accessing the Web container to which it is deployed.
h6. {anchor:gadsr} To launch the Delegated Administrator console
# Go to the following url:
\\
{{http://}}{_}host{_}{{:}}{_}port{_}{{/da}}
\\
where
\\
_host_ is the Web container host machine
\\
_port_ is the Web container port
\\
For example:
\\
{{[http://siroe.com:8080/da]}}
\\
The Delegated Administrator console log-in window appears.
{info:title=Note}In previous releases of Delegated Administrator, the console was launched from the following url:
{{http://}}{_}host{_}{{:}}{_}port{_}{{/da/DA/Login}}
You can continue to use this url in the current release.
{info}
\\
# Log in to the Delegated Administrator console.
You could use the Top-Level Administrator (TLA) user ID and password specified in the Delegated Administrator configuration program. This information was requested in the following panel:
*Top-Level Administrator for the default organization*
{info:title=Note}Values set in Access Manager can determine session time-outs when you are running the Delegated Administrator console. For information on the session time-out values, see "Session Service Attributes," in the _Sun Java System Access Manager Administration Guide_. For information on viewing these values in the Access Manager console, see "Current Sessions" in the _Sun Java System Access Manager Administration Guide_.
{info}
[Top|#top]
h3. {anchor:acfde} Running the Command-Line Utility
You can run the Delegated Administrator utility by entering the command name, {{commadmin}}, from a terminal window.
h6. {anchor:gadsz} To run the command-line utility
# Go to the _da-base{_}{{/bin/}} directory.
# Enter the {{commadmin}} command.
For example, in Comm Suite 5 in Solaris: {{/opt/SUNWcomm/bin/commadmin}}
h6. {anchor:gamyn} Example: Using {{commadmin}} to search for users
The following command searches for users in the {{varrius.com}} domain:
{panel}
{{commadmin user search -D chris -w bolton -d varrius.com -n sesta.com}}
{panel}
For details about this {{commadmin}} command, see [commadmin user search|#acfgx].
h6. {{commadmin}} Return Codes
When a {{commadmin}} operation success, an OK message is displayed on the command line.
If a failure occurs, the following message appears:
{{FAIL}}
_<message>_
Where _<message>_ displays the error text.
[Top|#top]
h2. {anchor:acfdf} Post-Configuration Tasks
After you run the Delegated Administrator configuration program, you should perform the following tasks:
* [Add Mail and Calendar Services to the Default Domain|#acfdg]
* [Enforce Unique Values for Mail Attributes|#gcfeh]
* [Create Service Packages|#acfdh]
Perform the following task only if you are using an LDAP directory in Schema 2 compatibility mode:
* [Add ACIs for Schema 2 Compatibility Mode|#acfdk]
[Top|#top]
h3. {anchor:acfdg} Add Mail and Calendar Services to the Default Domain
The {{config-commda}} program creates a default domain.
If you want to create users with mail service or calendar service in the default domain, you first must add mail service and calendar service to the domain.
To perform this task, use the {{commadmin domain modify}} command with the {{\-S mail}} and {{\-S cal}} options.
The following example shows how you can use {{commadmin domain modify}} to add mail and calendar services to the default domain:
{panel}
{{commadmin domain modify -D chris -w bolton -n sesta.com -d siroe.com}}
{{ -S mail,cal -H test.siroe.com}}
{panel}
For {{commadmin}} command syntax and details, see "Chapter 5, "Command Line Utilities," in the _Sun Java System Delegated Administrator 6.4 Administration Guide_.
[Top|#top]
h3. {anchor:gcfeh} Enforce Unique Values for Mail Attributes
Messaging Server uses the following mail attributes to identify a user's email address and alternate email addresses:
* {{mail}}
* {{mailAlternateAddress}}
* {{mailEquivalentAddress}}
Each user's mail attributes should be unique across the directory.
The following procedure shows how to modify a Directory Server ldif file to enforce the uniqueness of these attributes. Whenever Delegated Administrator (or any LDAP tool) adds an entry or modifies a mail attribute, the ldif plug-in checks that the mail attribute values are unique. If an operation would cause two entries to have the same mail-attribute values, it is terminated.
For definitions of the mail attributes, see Chapter 3, "Messaging Server and Calendar Server Attributes," in the _Sun Java Communications Suite 5 Schema Reference_\|http://docs.sun.com/doc/819-4437/anoct?a=view\].
h6. {anchor:gcfqm} To enforce the uniqueness of mail attributes
h6. Before You Begin
{info:title=Note}
If you are running Directory Server 5.2.5 (Java ES Release 4) or later, follow the procedures described below.
If you are running Directory Server 5.2.4 (Java ES Release 4), you need to apply patch 5.2_Patch_4_6313027 before you begin the following procedure.
If you are running an earlier version of Directory Server, you need to upgrade to Directory Server 5.2.5 or later before you begin.
To access Directory Server patches, go to [http://sunsolve.sun.com].
{info}
# Create a text file with the following lines. Replace the parameters shown in the file with values specific to your installation:
{panel}
{{dn: cn=Uniqueness in Attribute Set,cn=plugins,cn=config}}
{{objectClass: top}}
{{objectClass: nsSlapdPlugin}}
{{objectClass: ds-signedPlugin}}
{{objectClass: extensibleObject}}
{{cn: Uniqueness in Attribute Set}}
{{nssldap-pluginPath: _server_root_/lif/uid-plugin.so}}
{{nsslapd-pluginInitfunc: NSUniqueAttrSet_Init}}
{{nsslapd-pluginType: preoperation}}
{{nsslapd-pluginEnabled: on}}
{{nsslapd-pluginarg0: attributeset=mail,mailalternateaddress,mailequivalentaddress}}
{{nsslapd-pluginarg1: _ugldapbasedn{_}}}
{{nsslapd-plugin-depends-on-type: database}}
{{nsslapd-pluginId: NSUniqueAttrSet}}
{{nsslapd-pluginVersion: 5.2}}
{{nsslapd-pluginVendor: Sun Microsystems, Inc.}}
{{nsslapd-pluginDescription: Enforce unique values among an attribute set}}
{panel}
Change the following parameters:
Replace _server_root_ with the directory underneath which your Directory Server is installed. For example: {{/var/opt/mps/serverroot}}
Replace \_ugldapbasedn_with your root suffix. Uniqueness checking is performed on all entries underneath this suffix.
# Stop Directory Server.
# Add your modified text file to the Directory Server {{dse.ldif}} file.
*Location of the dse.ldif File:*
The {{dse.ldif}} file is located in the following directory:
_server_root{_}{{/slapd\-}}{_}machine_name{_}{{/config}}
where
_ server_root\_ is the directory underneath which Directory Server is installed. For example: {{/var/opt/mps/serverroot}}
_machine_name_ is the name of the host machine where Directory Server is installed.
*Where to Add Your Text File:*
Add your text file after the {{uid uniqueness}} section of the {{dse.ldif}} file. The first line of this section (the {{dn}}) is as follows:
{{dn: cn=uid uniquenss,cn=plugins,cn=config}}
# Restart Directory Server.
When Directory Server starts, it installs the modified {{dse.ldif}} file in the directory.
h6. Troubleshooting
If Directory Server does not start because the {{dse.ldif}} file has generated an error, check the values you used to replace the parameters in the sample text file. Your LDAP root suffix and the Directory Server installation path and host machine must be correct for your installation.
If Directory Server still does not start, you can, as a last resort, remove the text file from the {{dse.ldif}} file and restart Directory Server.
[Top|#top]
h3. {anchor:acfdh} Create Service Packages
Each user and group provisioned in the LDAP directory with Delegated Administrator should have a service package. A user or group can have more than one service package.
[Top|#top]
h4. {anchor:acfdi} Predefined Class-of-Service Templates
When you run the Delegated Administrator configuration program ({{config-commda}}), you can choose to have the {{config-commda}} program install sample Class-of-Service templates in the directory.
For information about the sample Class-of-Service templates and the available mail attributes in a service package, see [Service Package Details|CommSuite:Service Package Details].
You can use the sample Class-of-Service templates to create and assign service packages. However, the sample templates are meant to be examples.
[Top|#top]
h4. {anchor:acfdj} Creating Your Own Service Packages
Most likely you will want to create your own service packages based on customized Class-of-Service templates with attribute values appropriate for the users and groups in your installation.
To create your own service packages, use the Class-of-Service templates stored in the {{da.cos.skeleton.ldif}} file, located in the following directory:
_da-base{_}{{/lib/config-templates}}
This file was created specifically for use as a template for writing customized Class-of-Service templates. It is not installed in the LDAP directory when Delegated Administrator is configured.
The {{da.cos.skeleton.ldif}} file contains a parameterized template for each Class-of-Service definition provided by Delegated Administrator:
* {{standardUserMail}}
* {{standardUserCalendar}}
* {{standardUserMailCalendar}}
* {{standardGroupMail}}
* {{standardGroupCalendar}}
* {{standardGroupMailCalendar}}
You can create your own Class-of-Service templates by using one or more of the parameterized templates in the {{da.cos.skeleton.ldif}} file.
The Class-of-Service templates in the {{da.cos.skeleton.ldif}} file are as follows:
{panel}
{{\# Templates for creating COS templates for service packages.}}
{{\#}}
{{\# There are six COS definitions :}}
{{\# standardUserMail}}
{{\# standardUserCalendar}}
{{\# standardUserMailCalendar}}
{{\# standardGroupMail}}
{{\# standardGroupCalendar}}
{{\# standardGroupMailCalendar}}
{{\#}}
{{\# Each definition can have zero or more COS templates which}}
{{\# define specific values for the attributes listed in the }}
{{\# COS definition.}}
{{\#}}
{{\# Each COS definition points to a corresponding subdirectory}}
{{\# in which COS templates for that definition (and no other}}
{{\# definition) are found. The templates directory structure}}
{{\# is as follows:}}
{{# standardUserMail => o=mailuser,o=costemplates,<ugldapbasedn>}}
{{\# standardUserCalendar => o=calendaruser,o=costemplates,}}
{{\# <ugldapbasedn>}}
{{\# standardUserMailCalendar => o=mailcalendaruser,o=costemplates,}}
{{\# <ugldapbasedn>}}
{{# standardGroupMail => o=mailgroup,o=costemplates,}}
{{\# <ugldapbasedn>}}
{{# standardGroupCalendar => o=calendargroup,o=costemplates,}}
{{\# <ugldapbasedn>}}
{{\# standardGroupMailCalendar => o=mailcalendargroup,o=costemplates,}}
{{\# <ugldapbasedn>}}
{{\#}}
{{\# Thus, all COS templates for the user mail service are found in the}}
{{\# o=mailuser,o=costemplates,<ugldapbasedn> directory, etc.}}
{{\#}}
{{\# It is not necessary to have any templates for a given definition. }}
{{\# In that case default values are assumed for those attributes defined}}
{{\# in the COS definition.}}
{{\#}}
{{\# If a template is created for a definition there should be at least}}
{{\# one attribute with a defined value.}}
{{\#}}
{{\# Consult documentation for values for the attributes. }}
{{\# Documentation includes units and default values.}}
{{\#}}
{{\# The finished COS derived from this skeleton is added to the }}
{{\# directory with the following command:}}
{{\# }}
{{\# ldapmodify -D <directory manager> -w <password> }}
{{\# -f <cos.finished.template.ldif>}}
{{\#}}
{{\#}}
{{\############################################################}}
{{\#}}
{{# standardMailUser COS template}}
{{\#}}
{{\############################################################}}
{{\# There must be a least one of the following attributes:}}
{{\# - mailMsgMaxBlocks}}
{{\# - mailQuota}}
{{\# - mailMsgQuota}}
{{\# - mailAllowedServiceAccess}}
{{\#}}
{{dn: cn=<service package name>,o=mailuser,o=cosTemplates,}}
{{ <ugldapbasedn>}}
{{changetype: add}}
{{objectclass: top}}
{{objectclass: LDAPsubentry}}
{{objectclass: extensibleobject}}
{{objectclass: cosTemplate}}
{{cn: <service package name>}}
{{mailMsgMaxBlocks: <mailMsgMaxBlocksValue>}}
{{mailQuota: <ma:ilQuotaValue>}}
{{mailMsgQuota: <mailMsgQuotaValue>}}
{{mailAllowedServiceAccess: <mailAllowedServiceAccessValue>}}
{{daServiceType: mail user#}}
{{\#}}
{{\############################################################}}
{{\#}}
{{# standardCalendarUser COS template}}
{{\#}}
{{\############################################################}}
{{\# There must be a least one of the following attributes:}}
{{\# - icsPreferredHost}}
{{\# - icsDWPHost}}
{{\# - icsFirstDay}}
{{\#}}
{{dn: cn=<service package name>,o=calendaruser,o=cosTemplates,}}
{{ <ugldapbasedn>}}
{{changetype: add}}
{{objectclass: top}}
{{objectclass: LDAPsubentry}}
{{objectclass: extensibleobject}}
{{objectclass: cosTemplate}}
{{cn: <service package name>}}
{{icsPreferredHost: <preferredHostValue>}}
{{icsDWPHost: <dwpHostValue>}}
{{icsFirstDay: <firstDayValue>}}
{{daServiceType: calendar user}}
{{\#}}
{{\#}}
{{\############################################################}}
{{\#}}
{{# standardMailCalendarUser COS template}}
{{\#}}
{{\############################################################}}
{{\# There must be a least one of the following attributes:}}
{{\# - mailMsgMaxBlocks}}
{{\# - mailQuota}}
{{\# - mailMsgQuota}}
{{\# - mailAllowedServiceAccess}}
{{\#}}
{{dn: cn=<service package name>,o=mailcalendaruser,o=cosTemplates,}}
{{ <ugldapbasedn>}}
{{changetype: add}}
{{objectclass: top}}
{{objectclass: LDAPsubentry}}
{{objectclass: extensibleobject}}
{{objectclass: cosTemplate}}
{{cn: <service package name>}}
{{mailMsgMaxBlocks: <mailMsgMaxBlocksValue>}}
{{mailquota: <mailQuotaValue>}}
{{mailmsgquota: <mailMsgQuotaValue>}}
{{mailAllowedServiceAccess: <mailAllowedServiceAccessValue>}}
{{daServiceType: calendar user}}
{{daServiceType: mail user}}
{{\#}}
{{\#}}
{{\############################################################}}
{{\#}}
{{# standardMailGroup COS template}}
{{\#}}
{{\############################################################}}
{{\# There must be a least one of the following attributes:}}
{{\# - mailMsgMaxBlocks}}
{{\#}}
{{\#}}
{{dn: cn=<service package name>,o=mailgroup,o=cosTemplates,}}
{{ <ugldapbasedn>}}
{{changetype: add}}
{{objectclass: top}}
{{objectclass: LDAPsubentry}}
{{objectclass: extensibleobject}}
{{objectclass: cosTemplate}}
{{cn: <service package name>}}
{{mailMsgMaxBlocks: <mailMsgMaxBlocksValue>}}
{{daServiceType: mail group}}
{{\#}}
{{\#}}
{{\############################################################}}
{{\#}}
{{# standardCalendarGroup COS template}}
{{\#}}
{{\############################################################}}
{{\# There must be a least one of the following attributes:}}
{{\# - icsdoublebooking}}
{{\# - icsautoaccept}}
{{\#}}
{{\#}}
{{dn: cn=<service package name>,o=calendargroup,o=cosTemplates,}}
{{ <ugldapbasedn>}}
{{changetype: add}}
{{objectclass: top}}
{{objectclass: LDAPsubentry}}
{{objectclass: extensibleobject}}
{{objectclass: cosTemplate}}
{{cn: <service package name>}}
{{icsdoublebooking: <doubleBookingValue>}}
{{icsautoaccept: <autoAcceptValue>}}
{{daServiceType: calendar group}}
{{\#}}
{{\#}}
{{\############################################################}}
{{\#}}
{{# standardMailCalendarGroup COS template}}
{{\#}}
{{\############################################################}}
{{\# There must be a least one of the following attributes:}}
{{\# - icsdoublebooking}}
{{\# - icsautoaccept}}
{{\# - mailMsgMaxBlocks}}
{{\#}}
{{\#}}
{{dn: cn=<service package name>,o=mailcalendargroup,o=cosTemplates,}}
{{ <ugldapbasedn>}}
{{changetype: add}}
{{objectclass: top}}
{{objectclass: LDAPsubentry}}
{{objectclass: extensibleobject}}
{{objectclass: cosTemplate}}
{{cn: <service package name>}}
{{mailmsgmaxblocks: <mailMsgMaxBlocksValue>}}
{{icsdoublebooking: <doubleBookingValue>}}
{{icsautoaccept: <autoAcceptValue>}}
{{daServiceType: calendar group}}
{{daServiceType: mail group}}
{panel}
h6. {anchor:gadsq} To create your own service packages
# Copy and rename one of the parameterized templates in the {{da.cos.skeleton.ldif}} file.
When you install Delegated Administrator, the {{da.cos.skeleton.ldif}} file is installed in the following directory:
_da-base{_}{{/lib/config-templates}}
Choose one of these templates in the {{da.cos.skeleton.ldif}} file to copy and rename:
{panel}
{{standardUserMail}}
{{standardUserCalendar}}
{{standardUserMailCalendar}}
{{standardGroupMail}}
{panel}
# Edit the following parameters in your copy of the template:
#* {{<ugldapbasedn>}}
Change the root suffix parameter,{{<rootSuffix>}}, to your root suffix (such as {{o=usergroup}}).
The {{<ugldapbasedn>}} parameter appears in the DN.
#* {{<service package name>}}
Change the {{<service package name>}} parameter to your own service package name.
The {{<service package name>}} parameter appears in the DN and the {{cn}}.
#* Mail attribute values:
{panel}
{{<mailMsgMaxBlocksValue> }}
{{<mailQuotaValue> }}
{{<mailMsgQuotaValue> }}
{{<mailAllowedServiceAccessValue>}}
{panel}
Edit these values to your specifications.
For example, you could enter the following values for the mail attributes:
{panel}
{{mailMsgMaxBlocks: 400 }}
{{mailQuota: 400000000 }}
{{mailMsgQuota: 5000 }}
{{mailAllowedServiceAccess: imap:ALL$+pop:ALL$+smtp:ALL$+http:ALL}}
{panel}
#* Calendar attribute values:
{panel}
{{<preferredHostValue>}}
{{<dwpHostValue>}}
{{<firstDayValue>}}
{panel}
These parameters represent values for the {{icsPreferredHost}}, {{icsDWPHost}}, and {{icsFirstDay}} LDAP attributes.
Edit these values to your specifications.
For definitions and descriptions of these attributes, see Chapter 3, "Messaging Server and Calendar Server Attributes," in the _Sun Java Communications Suite Schema Reference_.
You must use at least one attribute in a customized Class-of-Service template. You do not have to use all four mail attributes in a custom template. You can delete one or more attributes from the service package.
# Use the LDAP directory tool {{ldapmodify}} to install the service package in the directory.
For example, you could run the following command:
{{ldapmodify \-D <directory manager> \-w <password> \-f <cos.finished.template.ldif>}}
where
{{<directory manager>}} is the name of the Directory Server administrator.
{{<password>}} is the password of the Directory Service administrator.
{{<cos.finished.template.ldif>}} is the name of the edited ldif file to be installed as a service package in the directory.
Restart the web containers.
The Delegated Administrator Console loads the COS Templates, and stores them in memory. The specific behavior varies by version and by configuration. After adding a service package to the Directory Server, the DIT will be updated immediately, but the user interface may not display the Service Package immediately.
[Top|#top]
h3. {anchor:acfdk} Add ACIs for Schema 2 Compatibility Mode
If you are using an LDAP directory in Schema 2 compatibility mode, you must manually add ACIs to the directory to enable Delegated Administrator to provision in your directory. Take the following steps:
h6. {anchor:gadsp} To add ACIs for Schema 2 compatibility mode
# Add the following two ACIs to the OSI root. You can find the following two ACIs in the {{usergroup.ldif}} file, located in the {{{_}da-base_/config}} directory.
Be sure to replace {{ugldapbasedn}} with your usergroup suffix. Add the edited {{usergroup.ldif}} into the LDAP directory.
{panel}
{{\#}}
{{\# acis to limit Org Admin Role}}
{{\#}}
{{\########################################}}
{{\# dn: <local.ugldapbasedn>}}
{{\########################################}}
{{dn: <ugldapbasedn>}}
{{changetype: modify}}
{{add: aci}}
{{aci: (target="ldap:///($dn),<ugldapbasedn>")(targetattr="*")}}
{{(version 3.0; acl "Organization Admin Role access deny to org node";}}
{{deny (write,add,delete) roledn = "ldap:///cn=Organization Admin }}
{{Role,($dn),<ugldapbasedn>";)}}
{panel}
{panel}
{{dn: <ugldapbasedn>}}
{{changetype: modify}}
{{add: aci}}
{{aci: (target="ldap:///($dn),<ugldapbasedn>")(targetattr="*")}}
{{(version 3.0; acl "Organization Admin Role access allow read }}
{{to org node";}}
{{allow (read,search) roledn = "ldap:///cn=Organization Admin }}
{{Role,($dn),<ugldapbasedn>";)}}
{panel}
# Add the following two ACIs to the DC Tree root suffix. You can find the following two ACIs in the {{dctree.ldif}} file, located in the {{{_}da-base_/lib/config-templates}} directory.
Be sure to replace _dctreebasedn_ with your DC Tree root suffix and _ugldapbasedn_ with your usergroup suffix. Add the edited {{dctree.ldif}} into the LDAP directory.
{panel}
{{\#}}
{{\# acis to limit Org Admin Role}}
{{\#}}
{{\########################################}}
{{\# dn: <dctreebasedn>}}
{{\########################################}}
{{dn: <dctreebasedn>}}
{{changetype: modify}}
{{add: aci}}
{{aci: (target="ldap:///($dn),<dctreebasedn>")(targetattr="*")}}
{{(version 3.0; acl "Organization Admin Role access deny to dc node"; }}
{{deny (write,add,delete) roledn = "ldap:///cn=Organization Admin }}
{{Role,($dn),<ugldapbasedn>";)}}
{panel}
{panel}
{{dn: <dctreebasedn>}}
{{changetype: modify}}
{{add: aci}}
{{aci: (target="ldap:///($dn),<dctreebasedn>")(targetattr="*")}}
{{(version 3.0; acl "Organization Admin Role access allow read to dc }}
{{node"; allow (read,search) roledn = "ldap:///cn=Organization Admin }}
{{Role,($dn),<ugldapbasedn>";)}}
{panel}
# Add the following additional ACIs to the DC Tree root suffix. (These ACIs are not in the {{dctree.ldif}} file.)
{panel}
{{dn:<dctreebasedn> }}
{{changetype:modify}}
{{add:aci}}
{{aci: (target="ldap:///<dctreebasedn>")(targetattr="*")}}
{{(version 3.0; acl "S1IS Proxy user rights"; allow (proxy)}}
{{userdn = "ldap:///cn=puser,ou=DSAME Users,<ugldapbasedn>";)}}
{panel}
{panel}
{{dn:<dctreebasedn>}}
{{changetype:modify}}
{{add:aci}}
{{aci: (target="ldap:///<dctreebasedn>")(targetattr="*")}}
{{(version 3.0; acl "S1IS special dsame user rights for all under the }}
{{root suffix"; allow (all) userdn ="ldap:///cn=dsameuser,ou=DSAME }}
{{Users,<ugldapbasedn>";)}}
{panel}
{panel}
{{dn:<dctreebasedn>}}
{{changetype:modify}}
{{add:aci}}
{{aci: (target="ldap:///<dctreebasedn>")(targetattr="*")}}
{{(version 3.0; acl "S1IS Top-level admin rights"; }}
{{allow (all) roledn = "ldap:///cn=Top-level Admin }}
{{Role,<ugldapbasedn>";)}}
{panel}
# Set the {{com.iplanet.am.domaincomponent}} property in the {{AMConfig.properties}} file to your DC Tree root suffix.
For example, modify the following lines in the {{<}}{_}AM_base_directory{_}{{>/lib/AMConfig.properties}} [file:\\]
from
{{com.iplanet.am.domaincomponent=o=isp}}
to
{{com.iplanet.am.domaincomponent=o=internet}}
# Enable Access Manager to use compatibility mode.
In the Access Manager Console, in the Administration Console Service page, check (enable) the *Domain Component Tree Enabled* check box.
# Add the {{inetdomain}} object class to all the DC Tree nodes (such as {{dc=com,o=internet}}), as in following example:
{panel}
{{/var/mps/serverroot/shared/bin 298% ./ldapmodify }}
{{\-D "cn=Directory Manager" -w password}}
{{dn: dc=com,o=internet}}
{{changetype: modify}}
{{add: objectclass}}
{{objectclass: inetdomain}}
{panel}
# Restart the Web container.
[Top|#top]
h2. {anchor:gdwlc} Configuring Web Server to Run Delegated Administrator in SSL Mode
If you have deployed the Delegated Administrator console to Web Server 6 or Web Server 7._x_, you can run the Delegated Administrator console in SSL mode, over a secure port.
If the Delegated Administrator server is deployed to Web Server 6 or Web Server 7._x_, you can run the Delegated Administrator utility ({{commadmin}}) in SSL mode.
To enable the Delegated Administrator console and utility to use SSL access:
* For the console, complete all the steps in the SSL-configuration procedure.
* For the utility, you only have to complete Step 1 in the SSL-configuration procedure. Use the {{\-s}} option with the {{commadmin}} commands to run in SSL mode.
For Web Server 6, follow this procedure:
* [To Configure Web Server 6 to Enable Delegated Administrator to Run in SSL Mode|#gegtp]
For Web Server 7._x_, follow this procedure:
* [To Configure Web Server 7.x to Enable Delegated Administrator to Run in SSL Mode|#gdwnb]
h6. {anchor:gegtp} To Configure Web Server 6 to Enable Delegated Administrator to Run in SSL Mode
In this procedure, the certificate truststore is created in the Delegated Administrator configuration directory. For example: {{/var/_da-base_/config}}
# Request and install a certificate.
In a production environment, you must request a certificate from a Certificate Authority (CA), which issues the certificate to you. Next, you install the certificate.
In a test environment, you can create and install a self-signed certificate.
For information about requesting and installing certificates for Web Server 6, see "Using Certificates and Keys" in the ??Sun Java System Web Server 6.1 SP6 Administrator's Guide??.
After you complete this step, you can run the Delegated Administrator utility in SSL mode.
# Export the specific certificate in ASCII encoding.
For example:
{panel}
{{/opt/SUNWwbsvr/bin/https/admin/bin/certutil -L -n Server-Cert -d \ }}
{{\-P https\-_host.domain_\-_host_\-}}
{{/opt/SUNWwbsvr/alias -a > /tmp/_host_.cert}}
{panel}
where
#* {{Server-Cert}} is the default name created by the Administration interface
#* _host_ is the host name of the machine where Web Server 6 is running. For example: {{myhost}}.
#* _host.domain_ is the host and domain name of the machine where Web Server 6 is running. For example: {{myhost.siroe.com}}.
# Use the java {{keytool}} utility to import the certificate into a truststore.
This step assumes that you are creating a new truststore in the Delegated Administrator configuration directory.
## Import the certificate.
For example:
{panel}
{{cd /var/_da-base_/config}}
{{keytool -import -alias Server-Cert -file /tmp/_host_.cert}}
{{\-keystore truststore}}
{panel}
## Enter a password when the {{keytool}} prompts you for one.
# Define the {{ssl.truststore}} property in the JVM Setting for the Web Server 6 instance configuration.
For example:
{panel}
{{\-Djavax.net.ssl.trustStore=/var/_da-base_/config/truststore}}
{{Djavax.net.ssl.trustStorePassword=_password{_}}}
{panel}
where _password_ is the password you entered at the {{keytool}} prompt.
# Modify the following property in the JVM Setting for the Web Server 6 instance configuration.
Change
{panel}
{{\-Djava.protocol.handler.pkgs=com.iplanet.services.comm}}
{panel}
to the following value:
{panel}
{{\-Djava.protocol.handler.pkgs=com.sun.identity.protocol}}
{panel}
# Change the following properties in the {{daconfig.properties}} file:
## Open the {{daconfig.properties}} file in a text editor.
The {{daconfig.properties}} file is located by default in the Delegated Administrator configuration directory:
{panel}
{{{_}da-base_/data/da/WEB-INF/classes/com/sun/comm/da/resources}}
{panel}
(In a later step, you will deploy the {{daconfig.properties}} file to the Web Server 6 configuration directory.)
## Change the property values as follows:
{panel}
{{commadminserver.host=_host.domain{_}}}
{{commadminserver.port=_port{_}}}
{{commadminserver.usessl=true}}
{panel}
where _host.domain_ is the host and domain name of the machine where Web Server 6 is running. For example: {{myhost.siroe.com}}.
And where _port_ is the SSL port. For example: 443.
# Deploy the Web Server 6 configuration and restart the instance:
## Run the Web Server 6 deploy script:
{panel}
{{{*}{_}da-base{_}{*}*/sbin/config-wbsvr-da{*}}}
{panel}
## Restart the Web Server 6 instance.
h6. {anchor:gdwnb} To Configure Web Server 7.x to Enable Delegated Administrator to Run in SSL Mode
In this procedure, the certificate truststore is created in the Delegated Administrator configuration directory. For example: {{/var/_da-base_/config}}
# Request and install a certificate.
In a production environment, you must request a certificate from a Certificate Authority (CA), which issues the certificate to you. Next, you install the certificate.
In a test environment, you can create and install a self-signed certificate.
For information about requesting and installing certificates for Web Server 7._x_, see [Managing Certificates in ??Sun Java System Web Server 7.0 Administrator's Guide??|http://docs.sun.com/doc/819-2629/gdhfz?a=view].
After you complete this step, you can run the Delegated Administrator utility in SSL mode.
# Run the {{certutil}} utility to list all certificates in the certificate database.
For example:
{panel}
{{cd /var/_da-base_/config}}
{{/usr/sfw/bin/certutil -L -d }}
{{/var/opt/SUNWwbsvr7/https\-_host.domain_/config}}
{panel}
where _host.domain_ is the host and domain name of the machine where Web Server 7._x_ is running. For example: {{myhost.siroe.com}}
# Export the specific certificate in ASCII encoding.
For example:
{panel}
{{/usr/sfw/bin/certutil -L -n cert\-_host.domain_ -d}}
{{/var/opt/SUNWwbsvr7/https\-_host.domain_/config}}
{{\-a > _host_.cert}}
{panel}
where _host_ and _host.domain_ are the host name or host and domain name of the machine where Web Server 7._x_ is running.
# Use the java {{keytool}} utility to import the certificate into a truststore.
This step assumes that you are creating a new truststore in the Delegated Administrator configuration directory.
## Import the certificate.
For example:
{panel}
{{keytool -import -alias cert\-_host.domain_ -file _host_.cert}}
{{\-keystore truststore}}
{panel}
## Enter a password when the {{keytool}} prompts you for one.
# Define the {{ssl.truststore}} property in the JVM Setting for the Web Server 7._x_ instance configuration.
For example:
{panel}
{{\-Djavax.net.ssl.trustStore=/var/_da-base_/config/truststore }}
{{\-Djavax.net.ssl.trustStorePassword=_password{_}}}
{panel}
where _password_ is the password you entered at the {{keytool}} prompt.
# Modify the following property in the JVM Setting for the Web Server 7._x_ instance configuration.
Change
{panel}
{{\-Djava.protocol.handler.pkgs=com.iplanet.services.comm}}
{panel}
to the following value:
{panel}
{{\-Djava.protocol.handler.pkgs=com.sun.identity.protocol}}
{panel}
# Change the following properties in the {{daconfig.properties}} file:
## Open the {{daconfig.properties}} file in a text editor.
The {{daconfig.properties}} file is located by default in the Delegated Administrator configuration directory:
{panel}
{{{_}da-base_/data/da/WEB-INF/classes/com/sun/comm/da/resources}}
{panel}
(In a later step, you will deploy the {{daconfig.properties}} file to the Web Server 7._x_ configuration directory.)
## Change the property values as follows:
{panel}
{{commadminserver.port=_port{_}}}
{{commadminserver.usessl=true}}
{panel}
where _port_ is the SSL port. For example: 443.
# Deploy the Web Server 7._x_ configuration and restart the instance:
## Run the Web Server 7._x_ deploy script:
{panel}
{{{*}{_}da-base{_}{*}*/sbin/config-wbsvr7x-da{*}}}
{panel}
## Restart the Web Server 7._x_ instance.