test

Sun Java System Calendar Server 6.3 Administration Guide

4.5 Configuring Logins and Authentication

This section contains instructions for configuring logins and authentication.

This section contains the following topics:

ProcedureTo Configure Proxy Administrator Logins

Proxy logins must be configured for Communications Express. For instructions on how to configure proxy logins for Communications Express, see4.1 Configuring for Communications Express.

To allow administrator proxy logins for Calendar Server outside Communications Express, perform these steps:

  1. Log in as an administrator with permission to change the configuration.

  2. Change to the /etc/opt/SUNWics5/cal/config directory.

  3. Save your old ics.conf file by copying and renaming it.

  4. Edit the parameter that follows:

    service.http.allowadminproxy

    Specifies whether administrators are allowed to perform proxy logins to administer user calendars. If "yes", proxy logins are allowed. If "no" proxy logins are not allowed. The default value is "yes".

  5. Restart Calendar Server for the new value to take effect.

  6. Verify that administrator proxy logins are working by using the following WCAP command:


    http://server[:port]/login.wcap?
   user=admin-user&password=admin-password
   &proxyauth=calendar-user&fmt-out=text/html

    The following list contains an explanation of each variable in the previous example:

    • server is the name of the server where Calendar Server is running.

    • port is the Calendar Server port number. The default port is 80.

    • admin-user is the Calendar Server administrator. For example, calmaster.

    • admin-password is the password for admin-user.

    • calendar-user is the calid of the Calendar Server user.

    • fmt-out is the specification for output format of the content. For example, text or HTML.

    If the command is successful, Calendar Server displays the calendar for calendar-user. If problems occur, Calendar Server displays “Unauthorized”.

    Causes for error might be:

    • The admin-user does not have Calendar Server administrator privileges.

    • The admin-password is incorrect.

    • The calendar-user is not a valid Calendar Server user.

ProcedureTo Configure Authentication

  1. Log in as an administrator with permission to change the configuration.

  2. Change to the /etc/opt/SUNWics5/cal/config directory.

  3. Save your old ics.conf file by copying and renaming it.

  4. Edit one or more of the parameters shown in the following table:

    Parameter  

    Description/Default 

    local.authldapbasedn

    Base DN for LDAP authentication. If not specified, local.ugldapbasedn is used.

    local.authldaphost

    Host for LDAP authentication. If not specified, uses the value of local.ugldaphost. The default is "localhost".

    local.authldapbindcred

    Bind credentials (password) for user specified in local.authldapbinddn.

    local.authldapbinddn

    DN used to bind to LDAP authentication host to search for user's dn. If not specified or blank (" "), its assumed to be an anonymous bind.

    local.authldapport

    Port for LDAP authentication. If not specified, uses the value of local.ugldapport. The default is "389".

    local.authldappoolsize

    Minimum number of LDAP client connections that are maintained for LDAP authentication. If not specified, uses the value of local.ugldappoolsize. The default is "1".

    local.authldapmaxpool

    Maximum number of LDAP client connections that are maintained for LDAP authentication. If not specified, uses the value of local.ugldapmaxpool. The default is "1024".

    local.user.authfilter

    Specifies the authentication filter used for user lookup. The default is "(uid=%U)"

    This value is stored in the inetDomainSearchFilter attribute in the domain entry.

    It is possible to filter on a different attribute. For example, you could set this parameter to "(mail=%U)"

    The uid of the authenticated user is passed on to all other functions as the identity for that user, regardless of the attribute used for authentication.

    service.plaintextloginpause

    Number of seconds to delay after successfully authenticating a user with plain text passwords. The default is "0".

ProcedureTo Configure the Authentication Cache

  1. Log in as an administrator with permission to change the configuration.

  2. Change to the /etc/opt/SUNWics5/cal/config directory.

  3. Save your old ics.conf file by copying and renaming it.

  4. Edit one or more of the parameters as shown in The following table:

    service.authcachesize

    Maximum number of authenticated user ID's (uids) and passwords that Calendar Server will maintain in the cache. The default is “10000”.

    service.authcachettl

    Number of seconds since the last access before a uid and password are removed from the cache. The default is “900”.

  5. Save the file as ics.conf.

  6. Restart Calendar Server.

    cal-svr-base/SUNWics5/cal/sbin/start-cal

ProcedureTo Enable Checking the Client IP Address at Login

  1. Log in as an administrator with permission to change the configuration.

  2. Change to the /etc/opt/SUNWics5/cal/config directory.

  3. Save your old ics.conf file by copying and renaming it.

  4. Edit the following parameter as shown in the following table:

    service.dnsresolveclient

    If "yes", when HTTP access is allowed, checks the client IP address against DNS. The default is “no”.

  5. Save the file as ics.conf.

  6. Restart Calendar Server.

    cal-svr-base/SUNWics5/cal/sbin/start-cal