Configuring the Delegated Administrator Server

If you chose to configure the Delegated Administrator server, the configuration program displays the following panels.

To configure Delegated Administrator Server

1. Access Manager base directory

   Enter the Access Manager Base Directory. The default directory is /opt/SUNWam.

   Click Next to continue, Back to return to the previous panel, or Cancel to exit.

   The configuration program checks if a valid Access Manager base directory is specified. If not, a dialog box displays indicating that an existing Access Manager base directory must be selected.

2. Next, a Web container Configuration Details panel appears.

   If you chose to configure the console and server, this is the second time a Web container Configuration Details panel appears.

   The Delegated Administrator server is deployed to the same Web container as Access Manager. (You cannot choose a Web container for the Delegated Administrator server.)

   Follow the instructions in the appropriate section:

   • Web Server 6.x Configuration

   • Application Server 7.x Configuration

   • Application Server 8.x Configuration

3. Directory (LDAP) Server

   This panel asks for information about connecting to the LDAP Directory Server for the user/group suffix.

   Enter the User and Group Directory Server LDAP URL (LdapURL), Directory Manager (Bind As), and password in the text boxes.

   The Directory Manager has overall administrator privileges on the Directory Server and all Sun Java System servers that make use of the Directory Server (for example, Delegated Administrator) and has full administration access to all entries in the Directory Server. The default and recommended Distinguished Name (DN) is cn=Directory Manager.

   Click Next to continue, Back to return to the previous panel, or Cancel to exit.

4. Access Manager Top-Level Administrator

   Enter the user ID and password for the Access Manager Top-Level Administrator. The user ID and password are created when Access Manager is installed. The default user ID is amadmin.

   Click Next to continue, Back to return to the previous panel, or Cancel to exit.

5. Access Manager internal LDAP authentication password

   Enter the password for the Access Manager Internal LDAP authentication user.

   The authentication user name is hard-coded as amldapuser. It is created by the Access Manager installer and is the Bind DN user for the LDAP service.

   Click Next to continue, Back to return to the previous panel, or Cancel to exit.

6. Organization Distinguished Name (DN)

   Enter the Organization DN for the default domain. For example, if your organization DN is o=siroe.com, all the users in that organization will be placed under the LDAP DN o=siroe.com, o=usergroup, where o=usergroup is your root suffix.

   By default, the configuration program adds the default domain under the root suffix in the LDAP directory.

   If you want to create the default domain at the root suffix (not underneath it), delete the organization name from the DN that appears in the Organization Distinguished Name (DN) text box.

   For example, if your organization DN is o=siroe.com and your root suffix is o=usergroup, delete “o=siroe.com” from the DN in the text box; leave only o=usergroup.

   If you choose to create the default domain at the root suffix, and if you later decide to use hosted domains, it can be difficult to migrate to the hosted-domain configuration. The config-commda program displays the following warning:

   “The Organization DN you chose is the User/Group Suffix. Although this is a valid choice, if you ever decide to use hosted domains, there will be difficult migration issues. If you do wish to use hosted domains, then specify a DN one level below the User/Group suffix.”

   For more information, see Directory Structure Supporting a One-Tiered Hierarchy.

   Click Next to continue, Back to return to the previous panel, or Cancel to exit.

7. Top-Level Administrator for the default organization

   Enter the user ID and password for the Top-Level Administrator that is to be created in the default domain (organization).

   A Confirm Passwordfield asks you to enter the password a second time.

   Click Next to continue, Back to return to the previous panel, or Cancel to exit.

8. Service Package and Organization Samples

   You can choose to add sample service packages and sample organizations to your LDAP directory.

   Load sample service packages. Select this option if you want to use or modify sample service package templates to create your own Class-of-Service packages.

   Load sample organizations. Select this option if you want your LDAP directory tree to contain sample provider organization nodes and subordinate organization nodes.

   You can select

   • Both the sample service packages and the sample organizations

   • Only one of these options

   • Neither option

   Preferred Mailhost for Sample. Enter the name of the machine on which Messaging Server is installed.

   For example: mymachine.siroe.com

   If you chose to load the sample organizations into your LDAP directory, you must enter a preferred mail host name for these samples.

   For information about service packages and organizations, see Chapter 2: “Delegated Administrator Overview.”

   After you run the configuration program, you must modify the service package templates to create your own Class-of-Service packages. For information about this post-configuration task, see Create Service Packages.