Chapter 3
Configuring Your System for Communications Express
This chapter describes the system requirements and system configuration details for Communications Express.
System Requirements
This section describes the following:
Hardware
Before installing Sun Java™ System Communications Express, you must ensure you have met the minimum hardware and operating system requirements.
A JavaScript enabled browser is required to access Sun Java System Communications Express.
Browser
The Communications Express can be viewed using:
- Netscape™ Communicator 6.2.x, 7
- Internet Explorer 5.x, 6.0
- Mozilla™ 1.0 or higher
Platforms
The product is supported on following platforms:
- Solaris 9 on Sparc with Webserver 6.1 and Application Server 7.0
- Solaris 9 on X86 with Webserver 6.1 and Application Server 7.0
For optimal performance, use the browser and platform combinations listed in Table 3-1.
Table 3-1 Browser Platform Recommendations
|
Browsers
|
Solaris on Sparc
|
Solaris on x86
|
Linux on x86
|
Windows XP
|
Windows 98
|
|
Netscape™ Communicator
|
6.2.x, 7.x
|
6.2.x, 7.x
|
6.2.x, 7.x
|
6.2.x, 7.x
|
6.2.x, 7.x
|
|
Internet Explorer
|
NA
|
NA
|
NA
|
6.0, 5.5
|
6.0, 5.5
|
|
Mozilla™
|
1.0
|
1.0
|
1.0
|
1.0
|
1.0
|
Software Dependencies
The following should be installed before installing Communications Express:
- Directory Server 5.2
- Calendar Sever 6.1
- Messaging Server 6.1
- Identity Server 6.2 (if you are using Schema 2)
- Web Server 6.1 SP2 with JDK version 1.4.2
or
Application Server 7.0
Editing the Properties file
Communication Express maintains the configuration parameters in the following files:
- The uwcauth.properties file maintains the authentication , user/group access and single sign-on related parameters. The uwcauth.properties file is located at : <uwc-deployed-path>/WEB-INF/config/
- The uwcconfig.properties file maintains the calendar, mail and address book related configuration parameters. The uwcconfig.properties file is located at: <uwc-deployed-path>/WEB-INF/config/
- The db_config.properties file is used to define the address book store configuration details. By default Communications Express deploys two types of db_config.properties file.
- Personal address book store. The personal address book store configuration file resides under <uwc-deployed-path>/WEB-INF/config /ldappstore/db_config.properties.
- Corporate address book store. The Corporate address book store configuration file resides under <uwc-deployed-path>/WEB-INF/ config /corp-dir/db_config.properties
All configuration files are ASCII text files, with each line defining a parameter and its associated value in the following format:
<parameter>=<value>
The parameters are initialized when configuring Communications Express. After installation, you can edit the file using a text editor.
To Edit the Properties file
- Login as a user having modify permissions.
- Change to the directory where the .properties file is located.
- Edit the parameters using a text editor.
Conventions for parameters are:
- All parameters and their associated value(s) must be separated by an equal sign (=). Spaces or tabs are allowed before or after the equal sign.
For example:
uwc-user-attr-sunUCDefaultApplication=calendar
- A comment line begins with an exclamation point(!).
Some of the configuration parameters are commented out using exclamation points by default. To use these parameters, you must remove the exclamation point, change the value (if required), and restart the Web Sever for the parameters to take effect.
- Restart the Web Server for the new configuration values to take effect.
Configuring Mail, Calendar and Address Book Parameters
You can modify calendar, mail, and address book configuration parameters as explained in the following tables.
Refer to Chapter 4, "Implementing Single Sign-On," for more mail, calendar and address book configurable parameters.
Configuring the Application-Wide Parameters in uwcconfig.properties and uwcauth.properties File
Table 3-2 Configuring Application-Wide Parameters in uwcconfig.properties
|
Parameters
|
Default Value
|
Description
|
|
uwc.defaultskin
|
uwc
|
Specifies the name of the global theme to be used for the application.
|
|
uwc.gzipcompression
|
true
|
Enables GZIP compression of the web-page contents.
Set this value to true to enable GZIP compression of the web-page contents.
|
Table 3-3 Configuring Application-Wide Parameters in uwcauth.properties
|
Parameters
|
Default Value
|
Description
|
|
defaultdomain
|
|
Specifies the default domain to be used for a user logging in without a domain suffix.
The defaultdomain is assigned the value entered during configuration.
|
|
defaultlocal
|
en
|
Specifies the default locale to be used by the application.
|
|
virtualdomain.mode
|
|
Specifies if Communications Express is operating in virtual domain mode.
Enable this option if you have enabled hosted domain support for Calendar Server.
The virtualdomain.mode is assigned the value entered during configuration.
|
Configuring the Mail Server Parameters in uwcconfig.properties File
Table 3-4 Mail Server Parameters
|
Parameter
|
Default Value
|
Description
|
|
mail.deployed
|
|
Specifies whether Messenger Express is deployed. The parameter is set when you run the configuration wizard.
The attribute is set to “true” if Messenger Express is deployed.
|
|
webmail.host
|
|
Specifies the host name of the machine on which Messenger Express is deployed.
The host name of Messenger Express should correspond to the machine name on which Web Server is deployed.
|
|
webmail.port
|
|
Specifies the port number Messenger Express HTTP Server listens to.
|
Configuring LDAP Auth Filter Parameters for Sun Java System LDAP Schema v.1 in uwcauth.properties File
You may edit the parameters mentioned in Table 3-5 when the Authentication LDAP Server is different from the User/Group LDAP.
Table 3-5 LDAP Auth Filter Parameters
|
Parameter
|
Default Value
|
Description
|
|
ldapauth.ldaphost
|
|
Specifies the LDAP host value.
Frequently the ldapauth.ldaphost value is the same as the ldapusersession value. You can set it to a different value, if required.
|
|
ldapauth.ldapport
|
|
Specifies the ldap port number.
|
|
ldapauth.dcroot
|
|
Specifies the DC root for the authentication tree.
|
|
ldapauth.domainattr
|
inetDomainBaseDN,inetDomainStatus,inetDomainSearchFilter,domainUidSeparator,preferredLanguage
|
Specifies the list of attributes to be retrieved from the domain entry in which the user is authenticated.
|
|
ldapauth.domainfilter
|
(|(objectclass=inetDomain)(objectclass=inetDomainAlias))
|
Specifies the filter based on which the domain entry is retrieved.
|
|
ldapauth.ldapbinddn
|
|
Specifies User DN of the user binding to the authentication LDAP.
|
|
ldapauth.ldapbindcred
|
|
Specifies Password of the user binding to the authentication LDAP.
|
|
ldapauth.enablessl
|
false
|
Specifies whether the directory against which authentication is to be performed is in SSL mode.
Change the default value to “true” to setup a secure LDAP connection.
|
Table 3-6 LDAP User Group Parameters
|
Parameters
|
Default Value
|
Description
|
|
ldapusersession.ldaphost
|
|
Specifies the hostname of the user group directory server.
|
|
ldapusersession.ldapport
|
|
Specifies the port number of the user/group directory server.
|
|
ldapusersession.ldapbinddn
|
|
Specifies the UserDN of the admin binding to the user group Directory Server.
|
|
ldapusersession.ldapbindcred
|
|
Specifies the password of the admin binding to the user tree.
|
|
ldapusersession.dcroot
|
|
Specifies the Domain Component (DC) tree in the user/group LDAP that is used to resolve a user entry in Sun Java System LDAP Schema v.1.
|
Configuring Identity Server Parameters in uwcauth.properties File
Table 3-7 Identity Server Parameters
|
Parameter
|
Default Value
|
Description
|
|
uwcauth.identity.enabled
|
true
|
Specifies whether Identity Sever is enabled.
The attribute is set to “true” if Identity Server’s single sign-on mechanism is used for authentication.
|
|
uwcauth.identity.naming.url
|
|
Specifies the Identity Server naming URL
For Example, uwcauth.identity.naming.url= protocol://hostname:port Context URI
|
|
uwcauth.identity.binddn
|
|
Specifies the complete Distinguished Name (DN) of the amAdmin user.
For example,
uid=amadmin, ou=People, o=siroe.com
|
|
uwcauth.identity.bindcred
|
|
Specifies the amAdmin password.
|
|
|
Note
|
It is mandatory to configure uwcauth.identity.naming.url, uwcauth.identity.binddn, uwcauth.identity.bindcred when uwcauth.identity.enabled value is set to “true.”
|
|
Configuring User Lookup Parameters for User/Group in uwcauth.properties File
Table 3-8 User Lookup Parameters
|
Parameter
|
Default Value
|
Description
|
|
ldapusersession.defaultugfilter
|
uid@domain
|
Specifies the default filter syntax to be used when retrieving the user entry.
|
|
ldapusersession.ldappoolmin
|
30
|
Specifies the minimum number of LDAP user connections to be created for a user/group LDAP.
|
|
ldapusersession.ldappoolmax
|
100
|
Specifies the maximum number of LDAP user connections to be created for a user/group LDAP.
Enter an optimum value to suit your deployment’s requirement.
|
|
ldapusersession.lookthru_limit
|
1000
|
Specifies the search query limit for a search.
|
Configuring the Calendar Server Parameters in uwcconfig.properties File
|
|
Note
|
Ensure that Proxy Authentication and Anonymous Access is enabled in Sun Java™ System Calendar Server.
To enable Proxy Authentication and Anonymous Access, configure the following Calendar Server parameters in the calendar configuration, ics.config, file:
- service.http.allowadminproxy = ”yes”
- service.http.admins = <includes the value specified for calendar.wcap.adminid in uwcconfig.properties>
- service.admin.calmaster.userid = <the value specified for calendar.wcap.adminid in uwcconfig.properties>
- service.admin.calmaster.cred = <the value specified for calendar.wcap.passwd in uwcconfig.properties>
- service.wcap.anonymous.allowpubliccalendarwrite = "yes"
- service.http.allowanonymouslogin = "yes"
- service.calendarsearch.ldap = "no"
For more information on enabling Proxy Authentication and instructions on configuring the Calendar Server parameters, refer to Sun Java System Calendar Server Administration Guide at http://docs.sun.com/doc/817-5697-10
|
|
Table 3-9 Calendar Server Parameters
|
Parameter
|
Default Value
|
Description
|
|
calendar.deployed
|
true
|
Specifies whether the calendar module is deployed. The parameter is set when you run the configuration wizard.
The attribute is set to “true” if Calendar is deployed.
|
|
calendar.wcap.host
|
|
Specifies the host name of the WCAP server.
|
|
calendar.wcap.port
|
|
Specifies the port number WCAP listens to.
|
|
calendar.wcap.adminid
|
|
Specifies the Admin ID for the WCAP Sever.
|
|
calendar.wcap.passwd
|
|
Specifies the Admin Password for the WCAP Server.
|
|
|
Note
|
- Ensure that the Calendar Admin User ID value you have assigned to calendar.wcap.adminid is the same as the service.admin.calmaster.userid value mentioned in Calendar Server’s ics.conf file.
- The Calendar Admin User ID value should be in the format "uid@domain" if calendar is running in the hosted domains (or virtual domains) enabled mode. Otherwise, if calendar is running in hosted domains disabled (or non virtual domains) mode, the Calendar Admin User ID value should be in the format uid.
- Ensure that the corresponding user entry for Calendar Admin User ID exists on LDAP server.
|
|
Configuring the Address Book Personal Store Parameters in db_config.properties file
Table 3-10 lists the default Address Book personal store configuration parameters in db_config.properties file.
The file can be accessed from:
<uwc-deployed-path>/WEB-INF/config/ldappstore/
Table 3-10 Personal Address Book Personal Store Parameters
|
Parameter
|
Default Value
|
Description
|
|
defaultserver.ldaphost
|
|
Specifies the LDAP host for the Personal Address Book (PAB) Store.
|
|
defaultserver.ldapport
|
|
Specifies the port for the Store.
|
|
defaultserver.ldapbinddn
|
|
Specifies the DN used to bind to the PAB Store.
It is mandatory to enter this value if the login type is restricted or proxy.
If the login type is “anonymous” you need not enter a value for this parameter.
|
|
defaultserver.ldapbindcred
|
|
Specifies the password for the DN used to bind to the PAB Store.
|
|
login_type
|
restricted
|
Specifies the method using which the connection to the LDAP store is maintained.
You can assign the following three values to this parameter:
anon - to connect to the LDAP as an anonymous user
restricted - to connect as a user who has the rights to perform operations on the Address Book Store.
proxy - to masquerade as a user who can perform operations on the Address Book Store. Assigning this value enhances performance as it bypasses the LDAP bind on each operation.
NOTE: It is recommended that the user masquerading here have admin level ACLs.
|
|
defaultserver.ldappoolmin
|
4
|
Specifies the minimum number of LDAP client connections maintained for PAB Store.
|
|
defaultserver.ldappoolmax
|
12
|
Specifies the maximum number of LDAP client connections maintained for PAB Store.
|
|
defaultserver.ldappooltimeout
|
10
|
Specifies the number of seconds before timing out an LDAP connection. Increase this value to accommodate large search results.
|
|
lookthru_limit
|
1000
|
Specifies the search query limit for a search.
|
Configuring Corporate Directory Parameters db_config.properties File
Table 3-11 lists the default corporate directory parameters in db_config.properties file. By default, all the LDAP related information is set based on the values mentioned for user/group directory.
The db_config.properties file can be accessed from:
WEB-INF/config/corp-dir/
Table 3-11 Corporate Directory Parameters
|
Parameter
|
Default Value
|
Description
|
|
defaultserver.ldaphost
|
|
Specifies the LDAP host for the Corporate Directory.
|
|
defaultserver.ldapport
|
|
Specifies the Port for the Corporate Directory.
|
|
defaultserver.ldapbinddn
|
|
Specifies the DN used to bind to the Corporate Directory.
if the login type is restricted or proxy it is mandatory to assign a value to defaultserver.ldapbinddn. If the login type is “anonymous” you need not enter a value for this parameter.
|
|
defaultserver.ldapbindcred
|
|
Specifies the bind password.
|
|
entry_id
|
uid
|
Specifies the key in corporate directory used to identify a contact/group entry.
You can set the entry_id to the UID or a key used to fetch the contact/group information such as empid or principal ID.
In the xlate-inetorgperson.xml file replace “uid” in <entry entryID= “db:uid”> with the entry_id value specified here.
|
|
login_type
|
restricted
|
Specifies the method using which the connection to the LDAP store is maintained.
You can assign the following three values to this parameter:
anon - to connect to the LDAP as an anonymous user
restricted - to connect as a user who has the rights to perform operations on the Address Book Store.
proxy - to masquerade as a user who can perform operations on the Address Book Store. Assigning this value enhances performance as it by passes the LDAP bind on each operation.
NOTE: A Read only access is given to a masquerading user.
|
|
defaultserver.ldappoolmin
|
1
|
Specifies the minimum number of LDAP client connections maintained for Corporate Directory.
|
|
defaultserver.ldappoolmax
|
4
|
Specifies the maximum number of LDAP client connections maintained for Corporate Directory.
|
|
defaultserver.ldappooltimeout
|
10
|
Specifies the number of seconds before timing out an LDAP connection. Increase this value to accommodate large search results.
|
|
lookthru_limit
|
1000
|
Specifies the search query limit for a search.
|
Corporate Directory maintains two xlate files in the format xlate-<objectclass-name>.xml.
- xlate-inetorgperson.xml for contacts
- xlate-groupofuniquemembers.xml for groups
In xlate-<objectclass-name>.xml, <objectclass-name> represents the object class identifying a particular LDAP entry type. For example, xlate-inetorgperson.xml is an object class used to identify a contact, and groupofuniquemembers is an object class used to identify a group in Sun Java System Directory Server.
The xlate files contains the field mappings between an LDAP schema and address book XML schema for a contact or group. The mapping is defined in terms of XML nodes. For example,
<ab-xml-schema-key>db:LDAPField</ab-xml-schema-key>
Where, ab-xml-schema-field is the value address book uses in the code and LDAPField is the corresponding field name in LDAP.
You need to provide an appropriate field name for LDAPField. The value assigned to LDAPField should correspond to the value of LDAPField existing in your corporate directory LDAP schema.
Code Example 3-1 is an example of xlate-inetorgperson.xml file:
Code Example 3-1 Default Contents of xlate-introgperson
|
<abperson uid="db:uid">
<entry entryID="db:uid">
<displayname>db:cn</displayname>
<description>db:multilineDescription</description>
<creationdate>db:createtimestamp</creationdate>
<lastmodifieddate>db:modifytimestamp</lastmodifieddate>
</entry>
<person>
<givenname>db:givenname</givenname>
<surname>db:sn</surname>
</person>
<organization>
<company>db:company</company>
<organizationalunit>db:ou</organizationalunit>
<location>
<building>db:buildingnum</building>
<floor>db:iplanetbuildinglev</floor>
<office>db:roomNumber</office>
</location>
<title>db:title</title>
<manager>db:manager</manager>
<secretary>db:secretary</secretary>
</organization>
<phone priority="1" type="work">db:telephoneNumber</phone>
<phone priority="2" type="fax">db:facsimileTelephoneNumber</phone>
|
|
|
<phone priority="3" type="mobile">db:mobile</phone>
<phone priority="4" type="home">db:homePhone</phone>
<phone priority="5" type="pager">db:pager</phone>
<email priority="1" type="work">db:mail</email>
<im priority="1" service="SunONE">db:uid</im>
<im priority="2" service="AIM">db:aimscreenname</im>
<im priority="3" service="ICQ">db:icqnumber</im>
<postaladdress type="home">
<street>db:homePostalAddress</street>
</postaladdress>
<postaladdress type="work">
<street>db:postaladdress</street>
</postaladdress>
<weburl priority="1">
<urladdr>db:labeleduri</urladdr>
<description>URL</description>
</weburl>
<weburl priority="2">
<urladdr>db:homepage</urladdr>
<description>Home URL</description>
</weburl>
<calendar type="calendar">
<urladdr>db:caluri</urladdr>
</calendar>
</abperson>
|
|
Configuring Secure Socket Layer (SSL)
You can configure the Web Server on which Communications Express is deployed in SSL mode. For information on how to configure the Web Server on which Communications Express is deployed in SSL mode, refer to SunONE Web Server Administrator’s Configuration File Reference at http://docs.sun.com/db/coll/S1_websvr61_en
To Use Communications Express in the SSL mode
- Edit the following configuration parameters in <uwc-deployed-path>/WEB-INF/config/uwcauth.properties:
- uwcauth.ssl.enable=true
- uwcauth.https.port=SSL-port-number-of -the webserver-in which-uwc-is-deployed
Communications Express can also be configured for SSL, for authentication only. Implying, authentication can be performed over SSL, but access of the application thereafter is over non-SSL mode.
To Configure Communications Express for SSL for Authentication Only
- Set uwcauth.ssl.enable to “false” in uwcauth.properties file.
- Set uwcauth.https.port to the SSL port number of the Web Server in which Communications Express is deployed.
- Set uwcauth.ssl.authonly to “true.”
|
|
Note
|
The two parameters, uwcauth.ssl.authonly and uwcauth.ssl.enable are mutually exclusive parameters.
|
|
