Previous     Contents     Index     Next     
iPlanet Delegated Administrator for Messaging and Collaboration 1.2 Installation and Administration Guide

Chapter 3   Administering the iPlanet Delegated Administrator

This chapter includes the following sections:

Changing the iPlanet Delegated Administrator Privileged User Password

During installation, a privileged user (DN: cn=NDAUser, ou=config,o=<root of Org Tree) is created in the directory. This user is employed by the Delegated Administrator to bind to the directory in order to do anonymous searches. A default password (auth) is also created for this user. If you want to change the password, you'll need to change it as described below.

  1. Go to the directory where the file is stored:


  2. In the file, change the password for the following entry:


    Be sure that only authorized personnel have access to this password!

  3. Use ldapmodify to change the password for the NDAUser entry. In the directory DirectoryServer_root/shared/bin, enter the following:

    ldapmodify -h host_name -p port_number -D "cn=directory manager" -w password

  4. At the prompt, enter the following:

    dn: uid=NDAUser, ou=config, o=base_suffix
    changetype: modify
    replace: userpassword

  5. To complete the command:

    • On Unix, enter <Ctrl-D>.

    • On Windows NT, enter <Ctrl-Z>.

  6. Restart Web Server.

Changing the LDAP Server and Port

If you change the LDAP Server host or port to which the iPlanet Delegated Administrator points (specified during the iPlanet Delegated Administrator installation, see "Install Screen 7—LDAP Server Host & Port"), modify the attributes LDAPDatabaseInterface-ldaphost and LDAPDatabaseInterface-ldapport as required. The attributes are located in the file at


Changing the Messaging Server Host or Administration Server Port

If you change the Messaging Server host or the Administration Server port which the iPlanet Delegated Administrator supports (specified during Messaging Server installation), modify the attributes MsgSvr0-name (host name) and MsgSvr0-adminurl (Administration Server URL) as required. The attributes are located in the file at


Restarting the iPlanet Delegated Administrator Web Server

If the iPlanet Delegated Administrator Web Server process hangs, stop and start it by executing the following commands:




Configuring User Session Timeout

The iPlanet Delegated Administrator default session timeout is set to fifteen minutes. To change the user session timeout, edit the file in the root_of_web_server/config directory. After the line:


add the following line: servlets.sessionmgr=com.netscape.server.http.session.SimpleSessionManager, add servlets.sessionmgr.initArgs=timeOut=xx, where xx is the user session timeout in seconds after a session is accessed by the client before the session manager destroys it. For more information on configuring Web Server servlets, see the iPlanet Web Server Programmer's Guide to Servlets.

Adding Single Sign-on

To enable single sign-on for iPlanet Delegated Administrator for Messaging and Collaboration refer to Chapter 2 of the iPlanet Messaging Server Administrator's Guide.

Adding Secure Socket Layer

To configure the iPlanet Delegated Administrator to use SSL-based connections, refer to Secure Sockets Layer (SSL) section in Chapter 4 of the iPlanet Delegated Administrator 4.5 Deployment and Customization Guide at

The default SSL port number is 443. It is recommended that you use a different SSL port number for iPlanet Delegated Administrator/iPlanet Web Server from other products (such as Messenger Express) that you configure to use SSL. To do so, modify the web server SSL port (NDASSLPort) in the file in directory msgserver-root/ndacli/lib/.

Adding User Directory Failover

Refer to the User Directory Failover section in Chapter 4 of the iPlanet Delegated Administrator 4.5 Deployment and Customization Guide at

Changing the Input Validation Servlets

When data is input to certain attribute fields in the iPlanet Delegated Administrator, a validation servlet or routine may verify that the data is of a specific type such as alphabetic or alpha-numeric before accepting the data.

Some attributes may have validation routines that you may wish to modify. For example, the default validation for the telephone number is numeric-punctuation, and you may wish it to be alpha-numeric-punctuation.

Although these validation routines can be changed or removed, please think carefully before doing this as some routines may be important to the proper functioning of the Delegated Administrator for Messaging.

To change the validation routine for a particular attribute, modify the appropriate attribute/validation pair in the file at


and restart the web server that supports the Delegated Administration for Messaging binaries.

Each attribute/validation pair has the following format:




Depending on the deployment needs, the validation routines can be changed. For example, givenname can be restricted to only alphabetic characters with the following attribute-value pair setting:


Validation can also be removed entirely by deleting the line or commenting it out with a hash mark, "#"at the beginning of the line.

The validation routines are as follows:

  • netscape.nda.util.ValAlpha - tests for valid alphabetic string

  • netscape.nda.util.ValAlphaNumeric - tests for valid alpha-numeric string

  • netscape.nda.util.ValAlphaNumericPunctuation - tests for valid alpha-numeric or punctuated string

  • netscape.nda.util.ValNumericPunctuation - tests for valid numeric or punctuated string

  • netscape.nda.util.ValPositiveInteger - tests for "0" or positive integer

  • netscape.nda.util.ValTelephone - tests for a string with numbers or the following punctuation marks: ) ( -

The following validation routines are for internal use only. Lines with these routines should not be modified.


Previous     Contents     Index     Next     
Copyright © 2002 Sun Microsystems, Inc. All rights reserved.

Last Updated February 14, 2002