Sun Java System Communications Express 6 2005Q4 Administration Guide

Communications Express Configuration Files

Communication Express maintains the configuration parameters in the following files:

ProcedureTo Edit the Configuration file

Steps
  1. Login as a user having modify permissions.

  2. Change to the directory where the .properties file is located.

  3. Edit the parameters using a text editor.

    Conventions for parameters are:

    • All parameters and their associated value(s) must be separated by an equal sign (=). Spaces or tabs are allowed before or after the equal sign.

      For example:

      uwc-user-attr-sunUCDefaultApplication=calendar

      • A comment line begins with an exclamation point(!).

        Some of the configuration parameters are commented out using exclamation points by default. To use these parameters, you must remove the exclamation point, change the value (if required).

  4. Restart the Web Server or the Application Server for the new configuration values to take effect.

Configuration Parameter Details

You can modify calendar, mail, and address book configuration parameters as explained in the following tables.

Configuring the Messenger Express Parameters in uwcconfig.properties File

Table 3–1 Mail Parameters

Parameter 

Default Value 

Description 

mail.deployed

 

Specifies whether Messenger Express is deployed. The parameter is set when you run the configuration wizard. The attribute is set to “true” if Messenger Express is deployed. 

webmail.host

 

Specifies the host name of the machine on which Messenger Express is deployed. The host name of Messenger Express should correspond to the machine name on which Web Server is deployed. 

webmail.port 

 

Specifies the port number Messenger Express HTTP Server listens to. 

Configuring Directory Server Related Parameters for Sun Java System LDAP Schema V.1 in uwcauth.properties File

You may edit the parameters mentioned in Table 3-2 when the Authentication LDAP Server is different from the User/Group LDAP.

Table 3–2 LDAP Auth Filter Parameters

Parameter 

Default Value 

Description 

ldapauth.ldaphost 

 

Specifies the LDAP host value. Normally the ldapauth.ldaphost value is the same as the ldapusersession value. You can set it to a different value, if required.

ldapauth.ldapport 

 

Specifies the ldap port number. 

ldapauth.dcroot 

 

Specifies the DC root for the authentication tree. 

ldapauth.domainattr 

inetDomainBaseDN,inetDomainStatus,inetDomainSearchFilter,domainUidSeparator,preferredLanguage 

Specifies the list of attributes to be retrieved from the domain entry in which the user is authenticated. 

ldapauth.domainfilter 

(|(objectclass=inetDomain)(objectclass=inetDomainAlias)) 

Specifies the filter based on which the domain entry is retrieved. 

ldapauth.ldapbinddn 

 

Specifies the User DN of the user binding to the authentication LDAP. 

ldapauth.ldapbindcred 

 

Specifies the password of the user binding to the authentication LDAP. 

ldapauth.enablessl 

false 

Specifies whether the directory against which authentication is to be performed is in SSL mode. 

Change the default value to “true” to setup a secure LDAP connection. 

Table 3–3 LDAP User Group Parameters

Parameters 

Default Value 

Description 

ldapusersession.ldaphost 

 

Specifies the hostname of the user group directory server. 

ldapusersession.ldapport 

 

Specifies the port number of the user/group directory server. 

ldapusersession.ldapbinddn 

 

Specifies the UserDN of the admin binding to the user/ group directory server. 

ldapusersession.ldapbindcred 

 

Specifies the password of the admin binding to the user tree. 

ldapusersession.dcroot 

 

Specifies the Domain Component (DC) tree in the user/group LDAP that is used to resolve a user entry in Sun Java System LDAP Schema v.1. 

Configuring Access Manager Parameters in uwcauth.properties File

Table 3–4 Access Manager Parameters

Parameter 

Default Value 

Description 

uwcauth.identity.enabled 

 

Specifies whether Identity Sever is enabled. The attribute is set to “true” if Access Manager’s single sign-on mechanism is used for authentication. 

uwcauth.identity.naming.url 

 

Specifies the Access Manager naming URL. For Example, uwcauth.identity.naming.url= protocol ://hostname:port Context URI

uwcauth.identity.binddn 

 

Specifies the complete Distinguished Name (DN) of the amAdmin user. 

For example, 

uid=amadmin, ou=People, o=siroe.com

uwcauth.identity.bindcred 

 

Specifies the amAdmin password. 


Note –

It is mandatory to configure uwcauth.identity.naming.url, uwcauth.identity.binddn, uwcauth.identity.bindcred, when uwcauth.identity.enabled value is set to “true.”


Configuring User Lookup Parameters for User/Group in uwcauth.properties File

Table 3–5 User Lookup Parameters

Parameter 

Default Value 

Description 

ldapusersession.defaultugfilter 

uid@domain 

Specifies the default filter syntax to be used when retrieving the user entry. 

ldapusersession.ldappoolmin 

30 

Specifies the minimum number of LDAP user connections to be created for a user/group LDAP. 

ldapusersession.ldappoolmax 

100 

Specifies the maximum number of LDAP user connections to be created for a user/group LDAP. Enter an optimum value to suit your deployment’s requirement. 

ldapusersession.lookthru_limit 

1000 

Specifies the search query limit for a search. 

Configuring the Calendar Server Parameters in uwcconfig.properties File


Note –

Ensure that the Proxy Authentication and Anonymous Access is enabled in Sun Java™ System Calendar Server.

To enable Proxy Authentication and Anonymous Access, configure the following Calendar Server parameters in the calendar configuration, ics.config, file:

For more information on enabling Proxy Authentication and instructions on configuring the Calendar Server parameters, refer to Sun Java System Calendar Server Administration Guide


Table 3–6 Calendar Server Parameters

Parameter 

Default Value 

Description 

calendar.deployed

true 

Specifies whether the calendar module is deployed. The parameter is set when you run the configuration wizard. The attribute is set to “true” if calendar is deployed. 

calendar.wcap.host

 

Specifies the host name of the WCAP server. 

calendar.wcap.port

 

Specifies the port number WCAP listens to. 

calendar.wcap.adminid 

 

Specifies the Admin ID for the WCAP Sever. 

calendar.wcap.passwd

 

Specifies the Admin Password for the WCAP Server. 


Note –

Configuring the Address Book Personal Store Parameters in db_config.properties file

Table 3-7 lists the default Address Book personal store configuration parameters in db_config.properties file.

The file can be accessed from:

uwc-deployed-path/WEB-INF/config/ldappstore/

Table 3–7 Personal Address Book Personal Store Parameters

Parameter 

Default Value 

Description 

defaultserver.ldaphost

 

Specifies the LDAP host for the Personal Address Book (PAB) Store. 

defaultserver.ldapport

 

Specifies the port for the Store. 

defaultserver.ldapbinddn

 

Specifies the DN used to bind to the Personal Address Book Store. 

It is mandatory to enter this value if the login type is “restricted” or “proxy.” 

If the login type is “anonymous” you need not enter a value for this parameter. 

defaultserver.ldapbindcred

 

Specifies the password for the DN used to bind to the Personal Address Book Store. 

login_type

restricted 

Specifies the method using which the connection to the LDAP store is maintained. 

You can assign the following three values to this parameter: 

anon - to connect to the LDAP as an anonymous user

restricted - to connect as a user who has the rights to perform operations on the Address Book Store.

proxy - to masquerade as a user who can perform operations on the Address Book Store. Assigning this value enhances performance as it bypasses the LDAP bind on each operation.

NOTE: It is recommended that the user masquerading here have admin level ACLs. 

defaultserver.ldappoolmin

Specifies the minimum number of LDAP client connections maintained for Personal Address Book Store. 

defaultserver.ldappoolmax

12 

Specifies the maximum number of LDAP client connections maintained for Personal Address Book Store. 

defaultserver.ldappooltimeout

10 

Specifies the number of seconds before timing out an LDAP connection. Increase this value to accommodate large search results. 

lookthru_limit

1000 

Specifies the search query limit for a search. 

delete_perm 

true 

Enables contact/group entries to be marked for deletion or deleted permanently. 

Set the parameter to false to mark the contacts/groups for deletion. 

Set the parameter to true to permanently delete the contacts and groups. 

Configuring Corporate Directory Parameters db_config.properties File

Table 3-8 lists the default corporate directory parameters in db_config.properties file. By default, all the LDAP related information is set based on the values mentioned for user/group directory.

The db_config.properties file can be accessed from:

WEB-INF/config/corp-dir/

Table 3–8 Corporate Directory Parameters

Parameter 

Default Value 

Description 

defaultserver.ldaphost

 

Specifies the LDAP host for the Corporate Directory. 

defaultserver.ldapport

 

Specifies the Port for the Corporate Directory. 

defaultserver.ldapbinddn

 

Specifies the DN used to bind to the Corporate Directory. 

If the login type is “restricted” or “proxy” it is mandatory to assign a value to defaultserver.ldapbinddn.

If the login type is “anonymous,” you need not enter a value for this parameter. 

defaultserver.ldapbindcred

 

Specifies the bind password. 

entry_id

uid 

Specifies the key in corporate directory used to identify a contact/group entry. 

You can set the entry_id to the UID or a key used to fetch the contact/group information, such as, empid or principal ID. 

In the xlate-inetorgperson.xml file replace “uid” in <entry entryID= “db:uid”\> with the entry_id value specified here.

login_type

restricted 

Specifies the method using which the connection to the LDAP store is maintained. 

You can assign the following three values to this parameter: 

anon - to connect to the LDAP as an anonymous user.

restricted - to connect as a user who has the rights to perform operations on the Address Book Store.

proxy - to masquerade as a user who can perform operations on the Address Book Store. Assigning this value enhances performance as it bypasses the LDAP bind on each operation.

NOTE: A Read only access is given to a masquerading user. 

defaultserver.ldappoolmin

Specifies the minimum number of LDAP client connections maintained for Corporate Directory. 

defaultserver.ldappoolmax

Specifies the maximum number of LDAP client connections maintained for Corporate Directory. 

defaultserver.ldappooltimeout

10 

Specifies the number of seconds before timing out an LDAP connection. Increase this value to accommodate large search results. 

lookthru_limit

1000 

Specifies the search query limit for a search. 

Corporate Directory maintains two xlate files in the format xlate-objectclass-name.xml.

In xlate-objectclass-name .xml, objectclass-name represents the object class identifying a particular LDAP entry type. For example, xlate-inetorgperson.xml is an object class used to identify a contact, and groupofuniquemembers is an object class used to identify a group in Sun Java System Directory Server.

The xlate files contains the field mappings between an LDAP schema and the address book XML schema for a contact or group. The mapping is defined in terms of XML nodes. For example,

ab-xml-schema-keydb:LDAPField /ab-xml-schema-key

Where,

ab-xml-schema-field is the value, address book uses in the code.

LDAPField is the corresponding field name in LDAP.

You need to provide an appropriate field name for LDAPField. The value assigned to LDAPField should correspond to the value of LDAPField existing in your corporate directory LDAP schema.

Code Example 3-1 is an example of xlate-inetorgperson.xml file:


Example 3–1 Default Contents of xlate-introgperson


<abperson uid="db:uid"\>
 <entry entryID="db:uid"\>
   <displayname\>db:cn</displayname\>
   <description\>db:multilineDescription</description\>
   <creationdate\>db:createtimestamp</creationdate\>
   <lastmodifieddate\>db:modifytimestamp</lastmodifieddate\>
 </entry\>
 <person\>
   <givenname\>db:givenname</givenname\>
   <surname\>db:sn</surname\>
 </person\>
 <organization\>
   <company\>db:company</company\>
   <organizationalunit\>db:ou</organizationalunit\>
   <location\>
     <building\>db:buildingnum</building\>
     <floor\>db:iplanetbuildinglev</floor\>
     <office\>db:roomNumber</office\>
   </location\>
   <title\>db:title</title\>
   <manager\>db:manager</manager\>
   <secretary\>db:secretary</secretary\>
 </organization\>
<phone priority="1" type="work"\>db:telephoneNumber</phone\>
<phone priority="2" type="fax"\>db:facsimileTelephoneNumber</phone\>
 <phone priority="3" type="mobile"\>db:mobile</phone\>
 <phone priority="4" type="home"\>db:homePhone</phone\>
 <phone priority="5" type="pager"\>db:pager</phone\>
 <email priority="1" type="work"\>db:mail</email\>
 <im priority="1" service="SunONE"\>db:uid</im\>
 <im priority="2" service="AIM"\>db:aimscreenname</im\>
 <im priority="3" service="ICQ"\>db:icqnumber</im\>
 <postaladdress type="home"\>
   <street\>db:homePostalAddress</street\>
 </postaladdress\>
 <postaladdress type="work"\>
   <street\>db:postaladdress</street\>
 </postaladdress\>
 <weburl priority="1"\>
   <urladdr\>db:labeleduri</urladdr\>
   <description\>URL</description\>
 </weburl\>
 <weburl priority="2"\>
   <urladdr\>db:homepage</urladdr\>
   <description\>Home URL</description\>
 </weburl\>
 <calendar type="calendar"\>
   <urladdr\>db:caluri</urladdr\>
 </calendar\>
</abperson\>

Configuring Secure Socket Layer (SSL)

You can configure the Web Server on which Communications Express is deployed in SSL mode. For information on how to configure the Web Server on which Communications Express is deployed in SSL mode, refer to Sun ONE Web Server Administrator’s Configuration File Reference

ProcedureTo Use Communications Express in the SSL mode

Steps
  1. Edit the following configuration parameters in uwc-deployed-path /WEB-INF/config/uwcauth.properties:

    • uwcauth.ssl.enabled=true

      • uwcauth.https.port=SSL-port-number-of -the webserver-in which-uwc-is-deployed

        Communications Express can also be configured for SSL, for authentication only. Implying, authentication can be performed over SSL, but access of the application thereafter is over non-SSL mode.

  2. You need to set the local.webmail.sso.uwcport Messenger Express parameter value to the SSL port-number of the Web Server in which Communications Express is deployed.

    For example,

    local.webmail.sso.uwcport=SSL port-number of the webserver in which communications express is deployed

ProcedureTo Configure Communications Express for SSL, for Authentication Only

Steps
  1. Set uwcauth.ssl.enabled to “false” in uwcauth.properties file.

  2. Set uwcauth.https.port to the SSL port number of the Web Server in which Communications Express is deployed.

  3. Set uwcauth.ssl.authonly to “true.”


    Note –

    The two parameters, uwcauth.ssl.authonly and uwcauth.ssl.enabled are mutually exclusive .

    Messaging SSO is not supported in SSL.


Supporting Horizontal Scalability of Addressbook Server

In the previous release of the Sun Java System Communications Express, the Personal Address Book entries for a particular domain was stored in a single LDAP location that was represented by the defaultserver instance defined in the db_config.properties file. The db_config.properties file existed in the directory pointed by the personalstore.properties for the domain. For example, uwc-install/WEB-INF/config/ldappstore .

This deployment was unable to scale to support large number of users and contacts per Personal Address Book. To overcome this limitation, the psRoot attribute in Sun Java System Communications Express 6.2, enables the administrator provision users so that PAB data for different users can be is spread across different LDAP locations.

For example, ldap://mydir.com:389/piPStoreOwner=jsmith,o=siroe.com,o=PiServerDb

Figure 3-1 provides a high level overview of the architecture used to scale Addressbook Server horizontally.

The key components of the Address Book Horizontal Scalability architecture are:

A Personal Store maintains the address book information of a user. It contains the definition of all the address books a user has created along with all the entries in those address books. Personal Stores are expressed as URLs, which describe the directory instance in which they are located and the DN within that particular directory instance.

A DB contains a collection of Personal Stores and as shown in Figure 3-1, any number of DB’s can be accessed by the Address Book Server. Every DB is defined by a DB-ID that defines the connection parameters for that DB. A DB can be of different types and can point to different DB locations.

A DBMap is a collection of DBs of the same type. Each DBMap has an ID which refers to the configuration information for that DBMap.

Figure 3–1 Horizontal Scalability of Address Book

Address Book Horizontal Scalability

The psRoot is an attribute in the User’s LDAP that specifies the host, port of the directory instance and the DN where the Address Book entries for the user is stored. The psRoot is in the form: ldap://ldap_host:ldap_port/DN.

The value of psRoot attribute determines the DB type and DB location.

In the psRoot example, ldap://mydir.com:389/piPStoreOwner=jsmith,o=siroe.com,o=PiServerDb

ldap:// indicates that the Address Book Personal Store for the user is accessed using LDAP DB Plugin.

mydir.com:389 specifies the LDAP Host and Port.

piPStoreOwner=jsmith,o=siroe.com,o=PiServerDb specifies the DN of the Personal Store.


Note –

The Addressbook Server does not provide any utility to distribute psRoot values for users, per any scalability policy. Administrators need to set a specific policy suited best for the organization and use custom scripts to set the psRoot value for that policy.


The psRoot attribute can be turned on or off using the db.UserPsRoot parameter present in the domain specific personalstore.properties file. Set the parameter to “false” to use the defaultserver parameters in db_config.properties file. Set the parameter to “true” to use the user’s psRoot value. The Personal Store parameters listed in Configuring the Address Book Personal Store Parameters in db_config.properties file must be provided for each unique directory server instance used in psRoot. At runtime, the value of psRoot attribute is resolved to a directory instance using db-key.ldaphost and db-key.ldapport, where db-key is an arbitrary string that distinguishes one instance from the other. When no match is found for the db-key.ldaphost and db-key.ldapport, the defaultserver instance is used.

Setting the psRoot Value Automatically

When a new user logs in, default values are set for the psRoot attribute in the User’s entry.

For new users a psRoot value is constructed using the psRoot pattern defined in personalstore.properties file, and the defaultserverhost and defaultserverPort values, in the db_config.properties file. For example, using the default psRoot pattern, the default psRoot value will be in the format:

ldap://defaultserver_host :defaultserver_port/piPStoreOwner=%U,o=%D,o=PiServerDb

where,

%U = login ID of the user, for example, jsmith.

%D = domain of the user, for example siroe.com.