Introduction to Delegated Administrator

With Delegated Administrator, you can distribute provisioning tasks to lower-level administrators who have the authority to manage specified organizations in the LDAP directory. The power to delegate user administration offers the following advantages:

• Distributes among many administrators the potentially time-consuming responsibility for provisioning a large directory. Tens or hundreds of administrators can manage organizations within a directory that may include thousands or millions of users.

• Allows you to create organizations in the directory structure that can be managed and provisioned as distinct (or unique) units. These organizations can contain users belonging to customer businesses, corporate departments, or other groups.

Delegated Administrator provides two interfaces for provisioning users and organizations in the directory:

• Delegated Administrator Utility

• Delegated Administrator Console

These interfaces are summarized in the sections that follow.

Delegated Administrator provisions the directory to support Messaging Server and Calendar Server.

In addition, users created in Delegated Administrator will have access to Sun Java System Instant Messaging (IM) service if IM is deployed on your site. Users are automatically assigned basic IM service during user creation.

You must use the Access Manager console to set and manage IM user-access levels. In this release, the Delegated Administrator console does not provide access to IM service and does not provide an interface for managing IM user-access levels.

Delegated Administrator Utility

The Delegated Administrator utility is a set of command-line tools for provisioning Messaging Server and Calendar Server organizations, users, groups, and Calendar resources.

The Delegated Administrator utility does not offer commands for creating the Service Provider roles and organizations described in this book. To create and manage these new roles and organizations, you must use the Delegated Administrator console.

You invoke the utility with the commadmin command.

For information about the syntax and options available with the commadmin utility, see Chapter 5, Command Line Utilities.

Delegated Administrator Console

The Delegated Administrator console is a graphical user interface (GUI) for provisioning Messaging Server and Calendar Server organizations, users, groups, and Calendar resources.

For information on how to use the console, see the Delegated Administrator console online help.

Delegated Administrator and the LDAP Directory

Delegated Administrator enables you to provision users by modifying the LDAP directory. You do not need to modify the directory directly. However, it can be useful to understand the Delegated Administrator attributes added to user entries and higher-level nodes in the directory.

For information about the LDAP schema object classes and attributes that support Delegated Administrator, see “Chapter 5: Communications Suite Delegated Administrator Classes and Attributes (Schema 2)” in the Sun Java System Communications Suite Schema Reference.