Sun Java System Delegated Administrator 6.4 Administration Guide

Chapter 2 Planning for Installation and Configuration

To install Sun Java System Delegated Administrator on Solaris systems, you must use the Sun Java Communications Suite installer, which also installs other Communications Suite component products.

To install and configure Delegated Administrator, follow these steps:

Gather Your Delegated Administrator Configuration Information
Run the Sun Java Communications Suite Installer
Run the Directory Server Setup Script
Configure Delegated Administrator
Configure Messaging Server and Calendar Server

For the most recent information about Delegated Administrator, see the Sun Java Communications Suite Release Notes.

Gather Your Delegated Administrator Configuration Information

Delegated Administrator Components

Delegated Administrator comprises the following components:

Delegated Administrator Utility (client)—the command-line interface invoked with commadmin.

Required. You must configure the utility on all machines on which you install Delegated Administrator.
Delegated Administrator Server—the Delegated Administrator server components needed to run the Delegated Administrator utility and console.

Required. You must configure the Delegated Administrator server on at least one machine.
Delegated Administrator Console—the Delegated Administrator graphical user interface (GUI).

Optional. If you want to use only the Delegated Administrator utility, you do not have to configure the console.

Web Containers

In addition, the Delegated Administrator server and console must be deployed to a Web container. You can configure the Delegated Administrator console and server on

Sun Java System Web Server 6.x
Sun Java System Web Server 7.x
Sun Java System Application Server 7.x
Sun Java System Application Server 8.x

Follow these guidelines:

The Delegated Administrator server must be deployed to the Web container used by Access Manager.
You can deploy the Delegated Administrator console and server on two different Web containers, on two different instances of the Web container, or on the same Web container.

Configuration Information

Before configuring Delegated Administrator, you should gather configuration information.

Table 2–1 lists the configuration options required for Delegated Administrator.

Table 2–2 lists the configuration options for deploying on Web Server 6.x.

Table 2–3 lists the configuration options for deploying on Web Server 7.x.

Table 2–4 lists the configuration options for deploying on Application Server 7.x.

Table 2–5 lists the configuration options for deploying on Application Server 8.x.

Table 2–1 Delegated Administrator: Required Configuration Options


Option	Description
Configuration Directory	Directory to store configuration and data files.
Access Manager Host name	Host name where Access Manager is installed. The Delegated Administrator server should be installed on the same server.
Access Manager port number	Port number of Access Manager. Should be the same port number as Web Server port number.
Default domain	The default domain of the Top-Level Administrator. This is the domain used when a domain is not explicitly specified by the `-n` option when executing the `commadmin` command-line utility.
Default SSL port	The SSL port that is used by the Delegated Administrator client.
Access Manager Base Directory	The directory where Access Manager is installed. The default directory is `/opt/SUNWam`.
LDAP URL	User and Group Directory Server LDAP URL.
Bind as	User and Group Directory Server Directory Manager. For example “cn=Directory Manager”.
LDAP password	User and Group Directory Manager Password.
Access Manager Top-Level Administrator user ID and password	User ID and password for the Access Manager Top-Level Administrator
Password for the Access Manager Internal LDAP authentication user	User created by Access Manager. This is the BindDN user for the LDAP service.
Organization name	Used to name the LDAP subtree under which all email users and groups that belong to the default email domain are located.
Top-Level Administrator for default organization user ID and password	User ID and password for the Top-Level Administrator that will be created in the default organization.
Preferred mail host for sample organizations	Name of the machine on which Messaging Server is installed. If you choose to install sample organizations in your directory, you must enter the preferred mail host.

Table 2–2 Web Server 6.x Configuration Options


Option	Description
Web Server 6.x root (instance) directory	Directory where the Web Server 6.x instance resides. Files for the Web Server instance are stored in the `https-host.domain` directory under the Web Server installation directory.
Web Server 6.x instance identifier	Fully qualified domain name for the Web Server 6.x instance. This can be specified by a host.domain name such as `west.sesta.com`.
Virtual server identifier	Specified by a `https-`host.domain name such as `https-west.sesta.com`.
HTTP port number	HTTP port number for Web Server 6.x.

Table 2–3 Web Server 7.x Configuration Options


Option	Description
Web Server root directory	Directory where Web Server 7.x server files are installed. The default root directory is `/opt/SUNWwbsvr7.`
Web Server configuration root directory	Directory where the Web Server 7.x configuration files are installed. The default configuration root directory is `/var/opt/SUNWwbsvr7`.
Web Server instance identifier	Fully qualified domain name for the Web Server 7.x instance. This can be specified by a host.domain name such as `west.sesta.com`.
Virtual server identifier	Specified by a host.domain name such as `west.sesta.com`.
HTTP port number	HTTP port number for Web Server 7.x. The default port number is `80`.
Administration Server port number	Port number for the Administration Server instance for Web Server 7.x. For example: `8800`.
Administration Server administrator user ID	User ID example: `admin`
Administration Server administrator password	Enter the password for the administrator user ID.
HTTP or HTTPS access to Administration Server instance	You will need to specify whether the HTTP access to the Administration Server instance is secure or not.

Table 2–4 Application Server 7.x Configuration Options


Option	Description
Application Server installation directory	Directory where Application Server 7.x is installed. By default, this directory is `/opt/SUNWappserver7`.
Application Server domain directory	By default, this directory is `/var/opt/SUNWappserver7/domains/domain1`.
Application Server document root directory	By default, this directory is `/var/opt/SUNWappserver7/ \ domains/domain1/server1/docroot`
Application Server instance name	Name of the instance. For example: `server1`.
Virtual server identifier	Name of the Application Server virtual server identifier. For example: `server1`.
Application Server instance HTTP port number	HTTP port number for the Application Server instance.
Administration Server port number	Port number for the Administration Server instance for Application Server 7.x. For example: `4848`.
Administration Server administrator user ID and password.	User ID and password for the Administration Server administrator. User ID example: `admin`
HTTP or HTTPS access to Administration Server instance	You will need to specify whether the HTTP access to the Administration Server instance is secure or not.

Table 2–5 Application Server 8.x Configuration Options


Option	Description
Application Server installation directory	Directory where Application Server 8.x is installed. By default, this directory is `/opt/SUNWappserver/appserver`.
Application Server domain directory	By default, this directory is `/var/opt/SUNWappserver/domains/domain1`.
Application Server document root directory	By default, this directory is `/var/opt/SUNWappserver/domains/domain1/docroot`
Application Server target name	Name of the instance. For example: `server`.
Virtual server identifier	Name of the Application Server virtual server identifier. For example: `server`.
Application Server target HTTP port number	HTTP port number for the Application Server target.
Administration Server port number	Port number for the Administration Server instance for Application Server 8.x. For example: `4849`.
Administration Server administrator user ID and password.	User ID and password for the Administration Server administrator. User ID example: `admin`
HTTP or HTTPS access to Administration Server instance	You will need to specify whether the HTTP access to the Administration Server instance is secure or not.

Run the Sun Java Communications Suite Installer

The Communications Suite installer program installs a series of products, shared components, and libraries that interoperate with one another.

To successfully install and configure Delegated Administrator, you need to install the following components by running the Communications Suite installer. Alternatively, the dependent components such as Directory Server may already be installed on your system. If supported versions have already been installed, you do not have to reinstall them now.

The following list includes all supported versions of the dependent components. If you install the components with the current Communications Suite installer, only the latest versions of these components are available.

Sun Java System Directory Server 5.x or 6.x. (Version 6.x is installed with the current Communications Suite installer.)
Sun Java System Access Manager 6.x or 7.x. (Version 7.x is installed with the current Communications Suite installer.)

Access Manager 7 has two installation types: Legacy Mode (the default) and Realm Mode. Legacy Mode is compatible with Delegated Administrator.

When you run the Communications Suite installer, in the first Access Manager panel, you must choose Legacy mode as the Install type. Do not choose Realm mode.

Because Delegated Administrator requires you to use LDAP Schema 2 to provision your users and groups, you need to install Access Manager.
One of the following Web containers:
- Sun Java System Web Server 6.x
- Sun Java System Web Server 7.x (installed with the current Communications Suite installer)
- Sun Java System Application Server 7.x
- Sun Java System Application Server 8.x (installed with the current Communications Suite installer)
The Communications Suite installer also checks to make sure you have installed Directory Server and one of the Web containers listed above.
One or both of Sun Java System Messaging Server and Sun Java System Calendar Server.

Delegated Administrator is a provisioning tool for Messaging Server and Calendar Server. Therefore, to use Delegated Administrator successfully, you should install either or both of these applications.

See the Sun Java System Messaging Server Administration Guide for instructions on configuring Messaging Server. See the Sun Java System Calendar Server Administration Guide for instructions on configuring Calendar Server.
Delegated Administrator

A panel in the Communications Suite installer asks whether to install Delegated Administrator. In this panel, specify that you want to install Delegated Administrator.

The installer installs Delegated Administrator in a directory referred to as the da-base (for example, the default is /opt/SUNWcomm).

For information about the Communications Suite installer, refer to the Sun Java Communications Suite Installation Guide.

Note –

If you are upgrading Delegated Administrator from a previous Sun Java version, see the chapter called “Upgrading Delegated Administrator” in the Sun Java Communications Suite Upgrade Guide.

Run the Directory Server Setup Script

Before configuring Delegated Administrator, Messaging Server, or Calendar Server, the Directory Server Preparation Tool script (comm_dssetup.pl) must be run. You only need to run the comm_dssetup.pl script once.

This script configures your LDAP Directory Server to work with Delegated Administrator, Messaging Server, or Calendar Server configurations. The comm_dssetup.pl script prepares the Directory Server by setting up new schema, index, and configuration data.

See the Sun Java System Messaging Server Administration Guide or the Sun Java System Calendar Server Administration Guide for instructions and options for the comm_dssetup.pl script.

In order to run Delegated Administrator, you must select the “Schema 2” schema type when running the comm_dssetup.pl script.

Consolidating ACIs in the Directory

For large-scale installations with Access Manager, Messaging Server, and an LDAP Schema 2 directory, you might want to consolidate the Access Control Instructions (ACIs) in your directory.

When you install Access Manager with Messaging Server, a large number of ACIs initially are installed in the directory. Many default ACIs are not needed or used by Messaging Server. You can improve the performance of Directory Server and, consequently, of Messaging Server look-ups, by consolidating and reducing the number of default ACIs in the directory.

For information about how to consolidate and discard unused ACIs, see Appendix E, Consolidating ACIs for Directory Server Performance later in this guide.

Configure Delegated Administrator

After you install Delegated Administrator, run the Delegated Administrator configuration program using the information from Gather Your Delegated Administrator Configuration Information

For information about running the configuration program, see Chapter 3, Configuring Delegated Administrator.

Configure Messaging Server and Calendar Server

See the Sun Java System Messaging Server Administration Guide for instructions on configuring Messaging Server. See the Sun Java System Calendar Server Administration Guide for instructions on configuring Calendar Server.