Sun Java logo     Previous      Contents      Index      Next     

Sun logo
Sun Java System Communications Services 6 2005Q1 Deployment Planning Guide 

Chapter 8
Understanding Schema and Provisioning Options

This chapter describes the schema and provisioning options for Communications Services. Because of the complexity in provisioning Communications Services, you need to understand your options before installing the product.

This chapter contains the following sections:

Understanding Schema Choices

This section describes the schema options that are available and supported with Communications Services, and how to decide which to use.

Understanding Messaging Server Schema Choices

Two schema options are available and supported with Messaging Server: Sun Java System LDAP Schema version 1 and Sun Java System LDAP Schema version 2.

Note

See the commdirmig command in the Sun Java System Communications Services Schema Migration Guide for information on how to migrate from Sun Java System LDAP Schema version 1 to Sun Java System LDAP Schema version 2.

Support for installation and provisioning of Schema 1 will be deprecated and removed from future releases. However, customers with their own provisioning tools may continue to use LDAP Schema 1.

Deciding Which Schema to Use for Messaging Server

Choosing the schema that’s right for your Messaging Server installation depends on your provisioning needs:

LDAP Schema 1 and Messaging Server

LDAP Schema 1 is a provisioning schema that consists of both an Organization Tree and a DC Tree. This set of schema (at the time, it was simply called “schema”) was supported in previous Messaging Server 5.x versions.

In Schema 1, when Messaging Server searches for user or group entries, it looks at the user‘s or group’s domain node in the DC Tree and extracts the value of the inetDomainBaseDN attribute. This attribute holds a DN reference to the organization subtree containing the actual user or group entry.

Only sites that have installed previous versions of Messaging Server should use Schema 1.

Note

Migrating to Schema 2 is imperative if you plan to install Messaging Server with other Sun Java System products in the future.

LDAP Schema 1 and Messaging Server Supported Provisioning Tools

Schema 1 supports Sun™ ONE Delegated Administrator for Messaging (formerly called iPlanet Delegated Administrator) as well as LDAP provisioning tools. For more information, see Understanding Provisioning Tools.

LDAP Schema 2 (Native Mode) and Messaging Server

LDAP Schema 2 is a set of provisioning definitions that describes the types of information that can be stored as entries by using the Directory Server LDAP.

The native mode uses search templates to search the LDAP directory server. Once the domain is found by using the domain search template, the user or group search templates are used to find a specific user or group.

You should use native mode if you are installing Communications Services for the first time and you do not have other applications on your machine that are dependent on a two-tree provisioning model. You should also use this mode if you want to install other products in the Java Enterprise System product suite.

If you have an existing Communications Services 5.x installation that uses Schema 1, and you want to integrate Communications Services with other Java Enterprise Server products, you should migrate your directory to Schema 2 after you upgrade to Communications Services 6. Refer to the Sun Java System Communications Services Schema Migration Guide for information on how to migrate from LDAP Schema version 1 to LDAP Schema version 2:

LDAP Schema 2 and Messaging Server Supported Provisioning Tools

Schema 2 supports Sun Java System Communications Services Delegated Administrator. For more information, see Understanding Provisioning Tools.

LDAP Schema 2 Compatibility Mode and Messaging Server

Schema 2 compatibility mode is an interim mode between Schema 1 and Schema 2 native mode. Schema 2 compatibility mode supports both schemas and enables you to retain the existing two-tree design you already have. Schema 2 compatibility mode also assumes that you have installed Access Manager prior to installing Messaging Server.

Use Schema 2 Compatibility if you have existing applications that require Schema 1, but you also need functionality that requires Schema 2, for example, Access Manager, single sign-on, and so forth.

Note

Schema 2 compatibility mode is provided as a convenience in migrating to the Schema 2 Native mode. Do not use Schema 2 compatibility mode as your final schema choice. The migration process from Schema 1 to Schema 2 compatibility mode and then finally to Schema 2 native mode is more complex that simply migrating from Schema 1 to Schema 2 native mode. See the Sun Java System Communications Services Schema Migration Guide for more information:

Understanding Calendar Server Schema Choices

Two schema options are available and supported with Calendar Server: Sun Java System LDAP Schema version 1 and Sun Java System LDAP Schema version 2.

Note

Refer to the Sun Java System Communications Services Schema Migration Guide for information on how to migrate from Sun Java System LDAP Schema version 1 to Sun Java System LDAP Schema version 2.

Support for installation and provisioning of Schema 1 will be deprecated and removed from future releases. However, customers with their own provisioning tools may continue to use LDAP Schema 1.

Deciding Which Schema to Use for Calendar Server

Choosing the schema that’s right for your Calendar Server installation depends on your provisioning needs:

LDAP Schema 1 and Calendar Server

LDAP Schema 1 is a provisioning schema that consists of both an Organization Tree and a DC Tree. This set of schema (at the time, it was simply called “schema”) was supported in previous Calendar Server 5.x versions.

When Calendar Server searches for user or group entries, it looks at the user‘s or group’s domain node in the DC Tree and extracts the value of the inetDomainBaseDN attribute. This attribute holds a DN reference to the organization subtree containing the actual user or group entry.

Only sites that have installed previous versions of Calendar Server should use Schema 1.

Note

Migrating to Schema 2 is imperative if you plan to install Calendar Server with other Sun Java System products in the future.

LDAP Schema 1 and Calendar Server Supported Provisioning Tools

Schema 1 supports LDAP provisioning tools. For more information, see Understanding Provisioning Tools.

LDAP Schema 2 (Native Mode) and Calendar Server

Schema 2 is a set of provisioning definitions that describes the types of information that can be stored as entries by using the Directory Server LDAP.

The native mode uses search templates to search the LDAP directory server. Once the domain is found by using the domain search template, the user or group search templates are used to find a specific user or group.

You should use native mode if you are installing Communications Services for the first time and you do not have other applications on your machine that are dependent on a two-tree provisioning model. You should also use this mode if you want to install other products in the Java Enterprise System product suite.

If you have an existing Communications Services 5.x installation that uses Schema 1, and you want to integrate Communications Services with other Java Enterprise Server products, you should migrate your directory to Schema 2 after you upgrade to Communications Services 6. Refer to the Sun Java System Communications Services Schema Migration Guide for information on how to migrate from LDAP Schema version 1 to LDAP Schema version 2:

LDAP Schema 2 and Calendar Server Supported Provisioning Tools

Schema 2 supports Sun Java System Communications Services Delegated Administrator. For more information, see Understanding Provisioning Tools.

LDAP Schema 2 Compatibility Mode and Calendar Server

Schema 2 compatibility mode is an interim mode between Schema 1 and Schema 2 native mode. Schema 2 compatibility mode supports both schemas and enables you to retain the existing two-tree design you already have. Schema 2 compatibility mode also assumes that you have installed Access Manager prior to installing Messaging Server.

Use Schema 2 Compatibility if you have existing applications that require Schema 1, but you also need functionality that requires Schema 2, for example, Access Manager, single sign-on, and so forth.

Note

Schema 2 compatibility mode is provided as a convenience in migrating to the Schema 2 Native mode. Do not use Schema 2 compatibility mode as your final schema choice. The migration process from Schema 1 to Schema 2 compatibility mode and then finally to Schema 2 native mode is more complex that simply migrating from Schema 1 to Schema 2 native mode. See the Sun Java System Communications Services Schema Migration Guide for more information:

Understanding Provisioning Tools

This section describes supported provisioning tools that enable you to query, modify, add, or delete user, group, and domain entry information in your LDAP directory.

Understanding Messaging Server Provisioning Tools

Through supported Messaging Server provisioning tools, you can query, modify, add, or delete user, group, and domain entry information in your LDAP directory. This section examines these Messaging Server provisioning tools.

In addition to the questions asked in Deciding Which Schema to Use for Messaging Server, you should use Table 8-1 to evaluate your schema and provisioning tool options.

Note

Prior to installing and configuring Messaging Server, you need to decide upon a schema model and tool or tools for provisioning your Messaging Server entries.

The following sections provide high-level information about the supported provisioning tools:

Sun ONE Delegated Administrator for Messaging

Sun ONE Delegated Administrator for Messaging (formerly called iPlanet Delegated Administrator) provides both a command-line and a graphical user interface to provision users and groups. Delegated Administrator uses Sun LDAP Schema 1, which is the Messaging Server 5.x version of provisioning definitions.

LDAP Provisioning Tools for Messaging Server

Schema 1 users and groups can be provisioned using the LDAP Directory tools (Schema 2 is not supported). Unlike the Delegated Administrator graphical and command-line interfaces, you can directly provision users and groups by adding, removing, and modifying the LDIF records through LDAP without having to use a user interface.

Delegated Administrator and Messaging Server

Access Manager uses Schema 2. Because the Sun Java System component products in the Java Enterprise System product suite use Schema 2, use the Communications Services 6 Delegated Administrator. This should particularly be the case if you are using more than one Java Enterprise System product, or if you are performing a brand new installation of Messaging Server.

See the Sun Java System Communications Services Delegated Administrator Guide for installation details:

Comparing Messaging Server Provisioning Tool Options

The following table shows the various supported schema, provisioning tools, provisioning limitations, and recommended documentation for additional information.

Table 8-1  Messaging Server Provisioning Mechanisms 

Supported Provisioning Tool

Provisioning Tool Functionality

Provisioning Tool Limitations

For Further Information

Sun ONE Delegated Administrator for Messaging Graphical User Interface

Uses: Schema 1

Provides a graphical user interface for administrators to manage users, groups, domains, and mailing lists. End users can manage vacation messages and Sieve filters.

  • Only available to existing Messaging Server 5.x customers who are now upgrading to Messaging Server 6.
  • Can only be used with Sun ONE Web Server 6.0 (which is only available with the Messaging Server 5.2 bundle). It cannot be used with Sun ONE Web Server 6.1.
  • Incompatible with Sun Schema 2 and with other Java Enterprise System products.
  • Unable to use mail filters through Sun Java System Messenger Express. Must use filters through Delegated Administrator.
  • Must use auto reply channel which is only available in Messaging Server 5.2 product.

Read the Sun ONE Delegated Administrator for Messaging 1.3 documentation.

Describes how to install and administer the Sun ONE Delegated Administrator interface.

Sun ONE Delegated Administrator for Messaging Command-line Interface

Uses: Schema 1

Provides a command-line interface for administrators to manage users, groups, domains, and mailing lists.

  • Incompatible with Sun Schema 2 and with other Java Enterprise System products.

Read the Sun ONE Delegated Administrator for Messaging 1.3 documentation.

Provides syntax and usage for Sun ONE Delegated Administrator command-line utilities.

LDAP Provisioning Tools

Uses: Schema 1

Provides tools to directly modify LDAP entries or for creating custom provisioning tools.

  • Incompatible with Sun Schema 2 and with other Java Enterprise System products.

Read the Sun ONE Messaging Server 5.2 Provisioning Guide and Sun ONE Messaging and Collaboration Schema Reference Manual.

Describes the Sun LDAP Schema 1 provisioning model.

In addition, these guides explain how to use LDAP provisioning tools and the usage of specific attributes and object classes.

Sun Java System Console

Uses: Schema 1

Though provisioning functionality is included in the Sun Java System Console, it is not recommended for provisioning Messaging users and groups. Instead, use Sun Java System Console to administer server configuration such as quotas, log files, and other related Message Store items.

  • Incompatible with Sun Schema 2 and with other Java Enterprise System products.
  • Not recommended as a provisioning tool in that the Console is unable to properly add and modify users and groups.

Read the Sun Java System Messaging Server Administration Guide and corresponding Sun Java System Console Online Help.

Delegated Administrator

Uses: Schema 2

Provides graphical and command-line interfaces for administrators to manage users, groups, domains, and mailing lists.

Compatible with other Java Enterprise System products.

  • Not backwardly compatible with Sun Schema 1.
  • No GUI provisioning tool to use with Sun Java System Access Manager
  • Sun Java System Access Manager must be installed to enable this command-line interface.

Read the Sun Java System Communications Services Delegated Administrator Guide.

Provides syntax and usage for the command-line utility.

Understanding Calendar Server Provisioning Tools

Through supported Calendar Server provisioning tools, you can query, modify, add, or delete user, group, and domain entry information in your LDAP directory. This section examines these Calendar Server provisioning tools.

In addition to the questions asked in Deciding Which Schema to Use for Calendar Server, you should use Table 8-2 to evaluate your schema and provisioning tool options.

Note

Prior to installing and configuring Calendar Server, you need to decide upon a schema model and tool or tools for provisioning your Calendar Server entries.

The following sections provide high-level information about the supported provisioning tools:

LDAP Provisioning Tools for Calendar Server

Schema 1 users and groups can be provisioned using the LDAP Directory tools (Schema 2 is not supported). You can directly provision users and groups by adding, removing, and modifying the LDIF records through LDAP without having to use a user interface.

Delegated Administrator and Calendar Server

Access Manager uses Schema 2. Because the Sun Java System component products in the Java Enterprise System product suite use Schema 2, use the Communications Services 6 Delegated Administrator utility (command-line interface). This should particularly be the case if you are using more than one Java Enterprise System product, or if you are performing a brand new installation of Calendar Server.

Note

Even though you install Access Manager, there is no graphical user interface compatibility with Calendar Server. Therefore, to provision Calendar Server users and groups with an interface, you can only use the Delegated Administrator command-line interface.

See the Sun Java System Communications Services Delegated Administrator Guide for installation details:

Comparing Calendar Server Provisioning Tool Options

The following table shows the various supported schema, provisioning tools, provisioning limitations, and recommended documentation for additional information.

Table 8-2  Calendar Server Provisioning Mechanisms 

Supported Provisioning Tool

Provisioning Tool Functionality

Provisioning Tool Limitations

For Further Information

LDAP Provisioning Tools

Uses: Schema 1

Provides tools to directly modify LDAP entries or for creating custom provisioning tools.

Incompatible with Sun Schema 2 and with other Java Enterprise System products.

Read the Sun ONE Calendar Server 5.2 Provisioning Guide and Sun ONE Messaging and Collaboration Schema Reference Manual.

Describes the Sun LDAP Schema 1 provisioning model.

In addition, these guides explain how to use LDAP provisioning tools and the usage of specific attributes and object classes.

Delegated Administrator

Uses: Schema 2

Provides a command-line interface for administrators to manage users, groups, domains, and mailing lists.

Compatible with other Java Enterprise System products.

Note: Currently, there is no graphical interface for managing Calendar Server provisioning. You must use the command-line interface.

  • Not backwardly compatible with Sun Schema 1.
  • No GUI provisioning tool to use with Sun Java System Access Manager
  • Sun Java System Access Manager must be installed to enable this command-line interface.

Read the Sun Java System Communications Services Delegated Administrator Guide.

Provides syntax and usage for the command-line utility.



Previous      Contents      Index      Next     

Part No: 819-0063-10.   Copyright 2005 Sun Microsystems, Inc. All rights reserved.