This chapter and those that follow in Using Domains Created by Messaging Server describe how to administer Calendar Server, and contains the following sections:
You manage Calendar Server by running either the Delegated Administrator utility (formerly the User Management Utility) or the Calendar Server command-line utilities and by editing the ics.conf configuration file.
To run the command-line utilities, you must log in as a user who has administrative rights to the system where Calendar Server is running.
For more information, see Appendix D, Calendar Server Command-Line Utilities Reference.
Additional administration topics are covered in other, separate chapters. They include the following topics:
This section covers how to use start-cal and stop-cal and contains the following topics:
You can start and stop Calendar Server using the start-cal and stop-cal commands. The start-cal and stop-cal utilities are located in the cal_svr_base/SUNWics5/cal/sbin directory. You must run these utilities on the local machine where Calendar Server is installed.
Calendar Server provides the csstart and csstop utilities only for compatibility with earlier releases. If possible, use the start-cal and stop-cal utilities to start and stop Calendar Server.
The start-cal utility starts Calendar Server services in the following order:
enpd— Event Notification Service (ENS)
csnotifyd— Notification Service
csadmind— Administration Service
csdwpd— Database Wire Protocol (DWP) service, the distributed database service starts only if you have a remote Calendar Server database configuration
cshttpd— HTTP Service
csstored— Automatic Backup Service
For a description of these services, seeCalendar Server Services
Log in as a user who has administrative rights to the system.
Change to the cal_svr_base/SUNWics5/cal/sbin directory.
Start Calendar Server:
./start-cal |
Log in as a user who has administrative rights to the system where Calendar Server is running.
Change to the cal_svr_base/SUNWics5/cal/sbin directory.
Stop Calendar Server:
./stop-cal |
Automatic backups are managed by the csstored process that starts up automatically when start-cal is issued. However, you can either enable or disable automatic backups at will. The default is for automatic backups to be disabled. The csstored process runs even if automatic backups are not enabled.
There are two kinds of automatic backups: hot backups and archival backups. You enable or disable them separately.
The csstored process must be configured before you issue start-cal, or you will receive an error message informing you that csstored is not configured. You will receive the same message every 24 hours thereafter until it is configured.
For information on automatic backups and instructions on configuring csstored, see Chapter 10, Configuring Automatic Backups (csstored).
The following is a list of tasks for enabling and disabling automatic backups:
At a command line, change to the directory where the ics.conf is located:
cd /etc/opt/SUNWics5/config
Enable hot backups by setting the following ics.conf parameter to “yes”:
caldb.berkeleydb.hotbackup.enable="yes"
Specify the directory path for the hot backup directory:
caldb.berkeleydb.hotbackup.path= /var/opt/SUNWics5/hotbackup_directory
The default is the current directory.
When you have completed editing the ics.conf file, restart Calendar Server:
cal_svr_base/SUNWics5/cal/sbin/start-cal
The calendar services do not need to be stopped to edit the ics.conf file, but you must restart the services in order for the changes to take effect.
At a command line, change to the directory where the ics.conf is located:
cd /etc/opt/SUNWics5/config
Enable archive backups by setting the following ics.conf parameter to “yes”:
caldb.berkeleydb.archive.enable=”yes”
Specify the directory path for the archive directory:
caldb.berkeleydb.archive.path= /var/opt/SUNWics5/hotbackup_directory
The default is the current directory.
When you have completed editing the ics.conf file, restart Calendar Server:
cal_svr_base/SUNWics5/cal/sbin/start-cal
The calendar services do not need to be stopped to edit the ics.conf file, but you must restart the services in order for the changes to take effect.
Backups are disabled by default. If you have previously enabled them and want to disable them, perform the following steps:
At a command line, change to the directory where the ics.conf is located:
cd /etc/opt/SUNWics5/config
Disable hot backups by setting the following ics.conf parameter to "no":
caldb.berkeleydb.hotbackup.enable="no"
When you have completed editing the ics.conf file, restart Calendar Server:
cal_svr_base/SUNWics5/cal/sbin/start-cal
The calendar services do not need to be stopped to edit the ics.conf file, but you must restart the services in order for the changes to take effect.
Backups are disabled by default. If you have previously enabled them and want to disable them, perform the following steps:
At a command line, change to the directory where the ics.conf is located:
cd /etc/opt/SUNWics5/config
Disable archive backups by setting the following ics.conf parameter to "no":
caldb.berkeleydb.archive.enable="no"
When you have completed editing the ics.conf file, restart Calendar Server:
cal_svr_base/SUNWics5/cal/sbin/start-cal
The calendar services do not need to be stopped to edit the ics.conf file, but you must restart the services in order for the changes to take effect.
The Group Scheduling Engine (GSE) keeps a queue of events that will be used to update the component database. An administrator can change the timeout value to adjust the time between Calendar Server scans of the queue. Events in the queue can also be listed and specific events deleted if necessary.
This section contains the following topics:
The GSE allows a Calendar Server user to create events and invite other attendees. If an attendee is on the same Calendar Server, the event is scheduled in the attendee’s calendar. If an attendee is not on the same Calendar Server, the invitation is sent via email. The attendee can then accept or decline the invitation and the GSE will update the event with the reply.
The GSE queue is in reality a separate database managed by the GSE. Calendar Server scans the queue for updates that need to be made to the components database.
You can tune Calendar Server by adjusting the frequency of this scan. This is accomplished by changing the timeout value of gse.belowthresholdtimeout in the ics.conf file. See Chapter 21, Tuning Calendar Server Performance.
The GSE queue entries can be managed (listed and deleted) using csschedule. You must run csschedule on the local machine where Calendar Server is installed.
To list entries in the GSE queue, use the csschedule utility list command.
For example, to list all entries in the GSE queue:
csschedule list |
To list the first ten entries stored in the GSE queue:
csschedule -c 10 list |
To list all entries in the GSE queue for a calendar with the calid Holiday_Schedule:
csschedule -v list Holiday_Schedule |
To delete entries in the GSE queue, use the csschedule utility delete command.
For example, to delete all entries in the GSE queue:
csschedule -v delete
To delete the entry in the GSE queue for calendar calA with the first schedule time of 13:30:45 on 11/30/2001, an offset number of 1, the unique identifier 1111, the recurrence ID 0, and the sequence number 0:
csschedule -v -t 20011130T133045Z -o 1 -u 1111 -r 0 -n 0 delete calA
You will want to monitor system activity as part of your daily tasks. There are several utility tools available to you for monitoring Calendar Server activity: csmonitor, csstats, cstool. In addition, you can set up many log files to help monitor system usage.
This section covers the following topics:
This Calendar Server utility is a shell script that requires bash. When invoked, this utility performs the following functions:
Monitors and logs the following processes according to the log level specified in the ics.conf file: csadmind, csnotifyd, cshttpd, enpd.
Checks to see if cshttpd is accepting commands.
Checks to see if the system has LDAP connectivity.
If circular logging is enabled, checks to see if more than one transaction file exists and if so, sends an email warning.
Checks available disk space for the calendar database to make sure there is enough for proper operation.
When errors occur the utility logs them and sends an email to the administrator specified by the ics.conf parameter service.monitor.emailaddress.to.
For debugging purposes, you can configure the monitor to run in a continuous loop with very short intervals, but this requires more system resources, so you don’t want to keep it in that mode during normal production.
To use csmonitor under normal circumstances, set it to run with an interval that you choose.
For more information about the csmonitor utility, see Appendix D, Calendar Server Command-Line Utilities Reference.
Log in as an administrator with permission to change the configuration.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Edit one or more of the ics.conf parameters shown in the following table:
Parameter |
Description and Default Value |
---|---|
Specifies whether csmonitor should loop continuously:"0" – Do not loop continuously (the default)."1" – Loop continuously. Set this parameter to “1” to enable csmonitor to run automatically. |
|
Specifies the delay in seconds between two monitoring loops. The default is “60” seconds. For debugging purposes, make the interval shorter and for production, make the interval much longer. |
|
Specifies the email address csmonitor sends messages from. No default given. |
|
Specifies the email address csmonitor should send messages to. No default given. |
|
service.monitor.csdb.logthreshold |
Monitors the calendar database (csdb). Specifies a threshold value, as a percent of the total disk space, for maximum disk occupation. If the disk occupation for the csdb directory exceeds this value, it sends a warning email message. The default is “90”. |
Specifies the csmonitor log file name. The default is “csmonitor.log”. |
|
Specifies the maximum log file size. If the log file exceeds this size, csmonitor saves the log as csmonitor.log.timestamp and resets the current log. The default is “2097152” |
|
Specifies the debug level. With a range of 0-5, the higher this value, the more precise and verbose messages sent by csmonitor. The default is “0”, which specifies no logging. A value of “5” would indicate debug logging. |
Save the file as ics.conf.
Restart Calendar Server.
cal_svr_base/SUNWics5/cal/sbin/start-cal
The csstats utility displays statistical information from counter objects defined in the calendar configuration (counter.conf) files. Counter objects such as httpstat, authstat, wcapstat, or dbstat show information about Calendar Server including:
Maximum number of concurrent connections and total number of connections
Total number of successful and failed logins and connections
Number of database reads, writes, and deletes
For information about Calendar Server counter statistics, see Appendix E, Calendar Server Configuration Parameters.
You can ping the following services as well as the machine where Calendar Server is installed:
cshttpd
csadmind
enpd
For information about using cstool, see Appendix D, Calendar Server Command-Line Utilities Reference.
Each Calendar Server service writes status information to its own log file. Each log file is named after its associated service name, as shown in the following table:
Service Name |
Log File Name |
---|---|
Administration Service (csadmind) |
admin.log |
Distributed Database Service (csdwpd) |
dwp.log |
HTTP Service (cshttpd) |
http.log |
Notification Service (csnotifyd) |
notify.log |
Single Sign-on log |
am_sso.log |
Log of start commands |
start.log |
Log of stop commands |
stop.log |
Log of store commands |
store.log |
Calendar Server log files are stored in the following default directory:
/var/opt/SUNWics5/logs
Each log file is rolled-over to a new log file identified by a unique number. For example:
admin.log.8.1083013284 http.log.8.1083013284
Calendar Server provides six levels of severity for events reported to the log files as described in the following table. You can specify the level of severity of the events that Calendar Server reports to the log files by modifying the ics.conf parameter logfile.loglevel.
Severity Level |
Meaning |
---|---|
CRITICAL |
Critical condition. |
ERROR |
Error condition. |
WARNING |
Warning condition. |
NOTICE |
Normal, but signification condition. This is the default reporting level for each calendar service. |
INFORMATION |
Informational. |
DEBUG |
Debug-level message. |
A log event is represented by a single line that shows the associated timestamp, server host name, severity level, process name (process ID), type of event, priority, and description.
For information regarding the ics.conf log settings, see Appendix E, Calendar Server Configuration Parameters.
If you have enabled the CLD Cache, you might need to clear the cache from time to time. This section covers the following topics:
The CLD cache can become out of sync with your system configuration for various reason, for example:
You add, delete or rename a server.
You move a server from one function to another in your configuration.
You move one or more calendars to different back-end servers.
If any of these things happen, in order to refresh the CLD cache, you must clear it.
Stop Calendar Server.
Remove all files in the /var/opt/SUNWics5/csdb/cld_cache directory, but do not remove the cld_cache directory itself.
Restart Calendar Server.
If you add, delete or change a server name in your configuration, there are several “housekeeping” steps you should perform to avoid errors:
Clear the CLD Cache
If an old server is taken out, delete it from the ics.conf parameters where it appears.
Anonymous access is a special login that does not require authentication. With anonymous login enabled, read and write access to public calendars is enabled by default. It is possible to deny write access to the public calendars. This section covers the following topics:
Communications Express expects anonymous logins to be allowed for writing as well as reading. See Configuring for Communications Express.
Log in as an administrator with permission to change the configuration.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Edit the following parameters in the ics.conf to enable anonymous access:
Parameters |
Description and Default Value |
---|---|
service.http.allowanonymouslogin |
Enable anonymous access (login) by setting this parameter to “yes”, if necessary. The default value is “yes”. |
service.calendarsearch.ldap |
For security purposes with anonymous logins enabled, you might want to disable searching through the LDAP first when doing calendar searches, by setting this parameter to “no”, which is the default. |
Communications Express expects the value of the service.calendarsearch.ldap parameter to be “no”. This conflicts with instructions given for tuning your system for best performance in a DWP environment. (Your database is distributed across multiple back-ends.) See Improving Calendar Search Performance in a DWP Environment.
Save the file as ics.conf.
Restart Calendar Server.
cal_svr_base/SUNWics5/cal/sbin/start-cal
Log in as an administrator with permission to change the configuration.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Edit the following ics.conf parameter as shown in the following table:
Parameter |
Description and Default Value |
---|---|
service.wcap.anonymous. allowpubliccalendarwrite |
Enables or disables allowing anonymous access users to write to public calendars. Enable access by setting the value to “yes”, which is the default. |
Save the file as ics.conf.
Restart Calendar Server.
cal_svr_base/SUNWics5/cal/sbin/start-cal
Proxy administrator logins (proxy authentication) must be enabled for Communications Express. For instructions on configuring proxy authentication for Communications Express, see Configuring for Communications Express.
However, proxy authentication can be enabled even if you are not using Communications Express. This section contains the procedure for enabling proxy authentication without Communications Express:
Log in as an administrator with permission to change the configuration.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Edit the ics.conf file, setting the following parameter:
service.http.allowadminproxy = "yes"
Save the file as ics.conf.
Restart Calendar Server for the new value to take effect.
Verify that administrator proxy logins are working by using the following WCAP command:
http://server[:port] /login.wcap?user=admin-user&password=admin-password &proxyauth=calendar-user
where:
server– The name of the server where Calendar Server is running.
port– The Calendar Server port number. The default port is 80.
admin-user – The Calendar Server administrator. For example, calmaster.
admin-password – The password for admin-user.
calendar-user – The calid of the Calendar Server user.
If the command is successful, Calendar Server displays the calendar for calendar-user. If problems occur, Calendar Server displays “Unauthorized”. Causes might be:
The admin-user does not have Calendar Server administrator privileges.
The admin-password is incorrect.
The calendar-user is not a valid Calendar Server user.
In the current release, do not use the cstool refresh command to refresh a configuration. Instead, use the stop-cal and start-cal commands. For more information, see Starting and Stopping Calendar Server.
This chapter contains the following sections about administering hosted domains:
Once your calendar installation has been configured for hosted domains and the preparation work described in Chapter 11, Setting Up Hosted Domains has been performed, you can add new hosted domains.
Each domain has a set of attributes and preferences that you can set. These attributes are part of the icsCalendarDomain object class. The attributes include preferences such as access rights, access control lists (ACLs), domain searches, access rights for domain searches, user status, and proxy logins.
To administer Calendar Server hosted (or virtual) domains use one of the two following set of tools:
Delegated Administrator Console or Utility – For Schema 2 environments.
Delegated Administrator is a separately installable component in the Java Enterprise System installer. For more information on the Utility, see the Sun Java System Communications Services 6 2005Q4 Delegated Administrator Guide. For more information on the Console, use the Delegated Administrator Console online help.
Calendar Server Utility — (csdomain and csattribute) For Schema 1 environments.
Installed with Calendar Server. You can add or delete attributes with csdomain, but you there is no modify command. Use csattribute to modify the value of an existing attribute. In addition, should the need arise, use ldapmodify to add or delete object classes in domains created with csdomain.
For information about csdomain and csattribute, see Appendix D, Calendar Server Command-Line Utilities Reference.
For information about particular object classes and attributes, see theSun Java System Communications Services 6 2005Q4 Schema Reference.
For an overview of hosted domains and other introductory material, see Chapter 11, Setting Up Hosted Domains.
Calendar Server does not support using the Access Manager Console for domain administration.
Create hosted domains for either Schema 2 or Schema 1:
You can use either the Delegated Administrator Console or Utility:
Console — Use the Create New Organization wizard on the Organization List page.
For more information, see the Delegated Administrator Console online help.
Utility — Use the commadmin domain create command.
For example, to create the domain sesta.com, issue the following command:
commadmin domain create -D calmaster -d sesta.com -w calmasterpassword -S cal -B backend.sesta.com
For information about the Delegated Administrator Utility, see the Sun Java System Communications Services 6 2005Q4 Delegated Administrator Guide.
You must be in hosted domain mode to run csdomain. For instructions on how to enable hosted domains, see Chapter 11, Setting Up Hosted Domains.
Use csdomain create when creating a hosted domain in Schema 1. For example, to create west.sesta.com, use the following command:
csdomain create west.sesta.com
This section covers the two tasks you must do to enable cross domain searches:
Adding Names of Domains Allowed to Search This Domain in the LDAP entry for each of the domains allowed to search this domain.
Adding Names of Domains to be Searched by This Domain when users in this domain send invitations to events.
This can be done using either of the following tools: ldapmodify (for either Schema mode), or Delegated Administrator Console or Utility (for Schema 2).
Each domain LDAP entry specifies access permissions in ACE's, which are defined in the domainAccess parameter of the icsExtendedDomainPrefs attribute. Two different ways to allow external domains to search this domain are:
The construction of ACI's is explained more fully in Calendar Access Control.
This can be done three ways:
Using ldapmodify, create the following ACE string in the domainAccess preference of the icsExtendedDomainPrefs:
@domain_being_allowed^a^lsfr^g
Form the ACE by specifying the domain allowed to search this domain, followed by sufficient permissions to allow the search.
Using Delegated Administrator Utility command commadmin domain modify, add ACE strings specifying the domainAccess preference in icsExtendedDomainPrefs attribute.
For example, in a Schema 2 environment, sesta.com allows searches from siroe.com:
commadmin domain modify -D admin -w adminpassword -X hostmachine_1 -d sesta.com -A +icsextendeddomainprefs:"domainAccess=@@d^a^slfrwd^g; @siroe.com^a^lsfrwd^g;anonymous^a^r^g;@^a^s^g"
Using Delegated Administrator Console, when creating or editing an organization's properties, you can add domains to the Allow Invitations From Users in These Organizations list.
This updates the domainAccess preference in the icsExtendedDomainPrefs attribute.
While you can specify the exact permissions given to the domains in the first two methods just listed, the last one, using the Delegated Administrator Console, does not allow the administrator as much control. The list of permissions is preset. The permissions given are: free-busy access, and event scheduling access. The user can't see event details unless the owner of that calendar has set permissions to allow all users to read it.
There are three ways to allow all external domains to search this domain:
Using ldapmodify, create the following ACE string in the domainAccess preference of the icsExtendedDomainPrefs:
@^a^slfr^g
Form the ACE by specifying that all domains have sufficient access to perform searches.
Using Delegated Administrator Utility command commadmin domain modify, add ACE strings specifying the domainAccess preference in icsExtendedDomainPrefs attribute.
For example, in a Schema 2 environment, sesta.com allows searches by all domains:
commadmin domain modify -D admin -w adminpassword -X hostmachine_1 -d sesta.com -A +icsextendeddomainprefs:"domainAccess=@@d^a^slfrwd^g; anonymous^a^r^g;@^a^slfr^g"
The characters @@d refer to the domain of the primary owner.
Using Delegated Administrator Console, when creating or editing an organization's properties, you can add domains to the Allow Invitations From Users in These Organizations list.
This updates the domainAccess preference in the icsExtendedDomainPrefs attribute.
While you can specify the exact permissions given to the domains in the first two methods just listed, the last one, using the Delegated Administrator Console, does not allow the administrator as much control. The list of permissions is preset. The permissions given are: free-busy access, and event scheduling access. The user can't see event details unless the owner of that calendar has set permissions to allow all users to read it.
There are three ways to do add external domains to be searched by this domain:
Using ldapmodify, add one instance of icsDomainNames for each external domain that can be searched by users in this domain.
For example, sesta.com searches in both siroe.com and example.com when performing cross domain searches. Use ldapmodify (for either Schema 1 or Schema 2) to create the following LDIF:
dn: dc=sesta, dc=com, o=internet changetype: modify add: icsDomainNames icsDomainNames:siroe.com icsDomainNames:example.com
Using Delegated Administrator Utility command commadmin domain modify, specify the option -A to add names of domains to be searched.
For example:
commadmin domain modify -D admin -w adminpassword -X hostmachine_1 -d sesta.com -A +icsDomainNames:siroe.com -A +icsDomainNames:example.com
Using Delegated Administrator Console, when creating or editing an organization's properties, you can add domains to the Invite Calendars in These Organizations list.
This adds icsDomainNames attributes to the domain LDAP entry. Add one attribute for each external domain to be searched when users in this domain send invitations to an event.
For more information, see the Delegated Administrator Console online help.
Calendar Server defaults to non-hosted domains. If you are using Calendar Server and Messaging Server in your Java Enterprise System deployment, you should use hosted domains.
You can enable or disable hosted domains for your installation by editing the ics.conf file.
Edit the ics.conf file as follows:
service.virtualdomain.support="yes" (the default is "no".)
Restart Calendar Services.
For a list of all the ics.conf parameters necessary to implement hosted domains, see Setting up a Hosted Domain Environment.
This chapter describes how to use the Calendar Server utilities to manage users and resources. This chapter contains the following sections:
Calendar users and resources can be administered using one of the following user management tools:
Delegated Administrator Console
Use this GUI to provision users and resources in LDAP for Calendar Server. For information on using the GUI, see the Delegated Administrator Console online help.
Delegated Administrator Utility (commadmin)
Use these tools to provision users and resources in LDAP for Calendar Server . For detailed instructions, see the Sun Java System Communications Services 6 2005Q4 Delegated Administrator Guide.
Delegated Administrator does not manage calendars. To create calendars for users and resources, use the Calendar Server utilities.
Calendar Server utilities (csuser and csresource)
Use these utilities to manage calendars. In addition, use them for user and resource management if your configuration meets all of the following criteria:
You are not using Access Manager.
You have an earlier version of Calendar Server or Messaging Server installed using Sun LDAP Schema 1
You plan to continue using Schema 1.
See also the command-line utility reference in this guide, Appendix D, Calendar Server Command-Line Utilities Reference.
In certain cases, even if you are using Schema 2 and Delegated Administrator, you will need to use some of the Calendar Server command-line utilities to perform special functions. When this is necessary, task oriented documentation in this guide will tell you which utility to use.
This section provides the following information about managing new Calendar Server users and resources:
You can use either the Delegated Administrator Console or Utility:
Delegated Administrator Console
In the Delegated Administrator Console, use the Create New User wizard. (Click New in the User List page for the organization where the user is to reside.) For more information, see the Delegated Administrator Console online help.
Delegated Administrator Utility
Use the commadmin utility user create command. For example, to add user jdoe in the sesta.com domain:
commadmin user create -D calmaster -F John -n sesta.com -k hosted -l jdoe -w calmasterpassword -W jdoepassword -L Doe -S cal -B red.sesta.com -E jdoe@sesta.com
For details on all the available options for the commadmin utility, refer to the Sun Java System Communications Services 6 2005Q4 Delegated Administrator Guide
Use the csuser utility. For example, to add user jdoe in the sesta.com domain:
csuser -m jdoe@sesta.com -d sesta.com create jdoe
You can use either the Delegated Administrator Console or Utility:
Delegated Administrator Console
In the Delegated Administrator Console, use the Create New Resource wizard. (Click New in the Calendar Resources tab for the organization where the resource is to reside.) For more information, see the Delegated Administrator Console online help.
Delegated Administrator Utility
User the commadmin utility rescource create command to create an LDAP entry. For example, to add the conference room Conference_Room_100, use the following command:
commadmin resource create -D calmaster -w calmasterpassword -n sesta.com -c room100 -N Conference_Room_100
You must then use csresource to create the actual resource calendar. For information on how to create a resource calendar, see Creating Calendars
For details on all the available options for the commadmin utility, refer to the Sun Java System Communications Services 6 2005Q4 Delegated Administrator Guide
Use the csresource utility to create both the LDAP entry and the resource calendar. For example, to add a projector, p101, use the following command:
csresource -m p101@siroe.com -c p101 create Projector_101
For more information on csresource, see the csresource.
Calendar Server requires users and resources to have the mail attribute, which contains the email address of the user or resource. This enables people to search for calendars and resources using an email address or a calid. When you create new users with Delegated Administrator, it adds the mail attribute automatically. This happens even if the user has not been assigned mail service.
Calendar Server does not support email notifications for resource calendars.
Adding the mail attribute does not enable email notifications for user calendars.
To enable email notification for user calendars, add the following two attributes to the user’s LDAP entry:
icsExtendedUserPrefs:ceNotifyEnable=1 icsExtendedUserPrefs:ceNotifyEmail=jdoe@sesta.com
If your users and resources were added in an earlier version of Calendar Server (when the mail attribute was not required), you might have to add the mail attribute to your existing user and resource LDAP entries.
This section covers the following topics:
To check if the attribute has been set, use the csattribute list command with the -v (verbose) option:
csattribute -v list Room100
The output tells if the mail attribute is present:
cn=Room 100,ou=conferenceRooms,dc=sesta,dc=com has mail: Room100@sesta.com
To add the mail attribute to existing users and resources, use one of the following methods:
Use the Calendar Server csattribute utility.
The following example adds the LDAP mail attribute for an existing conference room named Room100 on the sesta.com server:
csattribute -a mail=Room100@sesta.com add Room100
Use ldapmodify to add the attribute directly to the LDAP entry.
After your users are created, use the csuser utility to perform the following administrative tasks:
To list all calendar users or to display the calendar attributes of a specified user, use the csuser utility list command.
For example, to display all users enabled for calendaring:
csuser list
To display all of the calendar attributes of a single user such as jsmith:
csuser -v list jsmith
The purpose of disabling a user is to prevent the user from logging into Calendar Server. This is handled differently depending on which user management tool you used to create the user. Users created in the Delegated Administrator Console should be administered using it also. Likewise, if you assigned calendar service to the user with Delegated Administrator Utility, use it to remove the service. And finally, users in a non-hosted domain environment should be administered using only the Calendar Server Utilities. Each handles the situation a bit differently.
This section contains the following topics:
Calendar Server Utilities (csuser disable) (Calendar Server utilities)
In the Delegated Administrator Console, select the user from the User List page. In the Properties for this user, delete the service package with calendar service in it. This disables the user for calendar, including setting the user's icsStatus to inactive.
If the package also contains other services, you will have to reassign those services using another package that does not contain calendar.
To prevent a user from accessing calendar services, remove the service from the user’s LDAP entry, as shown in the example that follows:
commadmin user delete jsmith -S cal
This disables the user for calendar without completely removing the LDAP entry. In addition, this command changes the user's icsStatus to inactive.
The disable command prohibits a user from accessing calendar data, but it does not remove the user’s information from the LDAP entry or the Calendar Server database. This command changes the icsStatus attribute from active to inactive. In non-hosted domain mode, there is no such thing as a calendar service.
For example, to disable jsmith from accessing Calendar Server:
csuser disable jsmith
If jsmith is currently logged into Calendar Server, jsmith retains access to calendar data until he logs off.
To enable a user, use one of the following tools:
Delegated Administrator (commadmin user create)(for Schema 2)
Calendar Server Utilities (csuser enable) (for Schema 1).
You can add enable both a new user and an existing user:
New user — When the user is created, using the New User wizard, assign the user a service package that includes calendar service. The user is automatically enabled.
Existing user — Select the user from the User List page and use the Assign Service Package wizard to select a service package with calendar service. The user is automatically enabled.
When creating a user, enable the user for calendar services, as illustrated in the example that follows:
commadmin user create jsmith -S cal
If you did not enable the user for calendar services when the user was created, you can add calendar services to the user later, using a modify command, as illustrated in the following example:
commadmin user modify jsmith -S cal
If you used csuser create when you created the user entry, the user is automatically enabled.
If a user sends a request to another user who has not been enabled for calendaring (that is, the user does not have a default calendar), Calendar Server returns the “Calendar not found” error to the user sending the request.
If you need to setup email aliases for a calendar user, add the mailalternateaddress attribute to the user's LDAP entry. The mail attribute provides the primary mail address, and the mailalternateaddress attribute is used for email aliases. Both attributes map the mail addresses to the user’s calendar ID (calid).
You can add the attribute using the Calendar Server Utility csattribute, or by directly updating LDAP with ldapmodify. The following example uses csattribute.
To enable these changes, you might also need to rebuild alias tables or configurations. Refer to the documentation for Messaging Server (or your email product) as well as your site's own documentation and procedures regarding changes to mail services. Messaging Server documentation is available on this at: http://docs.sun.com/coll/1312.1.
For example, to add the mailalternateaddress attribute for a user named John Smith with these values:
User ID (uid) and calid: johnsmith
password: password for John Smith
Email address: john.smith@sesta.com
Email aliases: johns@sesta.com and jsmith@sesta.com
csattribute -a mailalternateaddress=johns@sesta.com add johnsmith csattribute -a mailalternateaddress=jsmith@sesta.com add johnsmith
To determine if a specific user exists in your directory server and is enabled to access Calendar Server data, use the csuser utility check command.
For example, to check if jsmith is enabled for calendaring:
csuser check jsmith
If the check command indicates that a user does not exist in your LDAP directory server, you must create a directory server entry for the user.
Use different tools depending on whether you are deleting a user from a hosted domain or a non-hosted domain:
There is no undelete command.
Once users in hosted domains are deleted using Delegated Administrator, they must be purged and re-added from scratch. The user name can not be reused until the purge happens.
For non-hosted domains, see For Non-Hosted Domains Only: Undeleting Users Marked for Deletion but Not Purged.
You can mark users for deletion with either Delegated Administrator interface. However you can not purge users from LDAP with Delegated Administrator Console. You must use the Delegated Administrator Utility for that. The following task lists the steps for deleting a user from LDAP. The user is not actually removed from LDAP until the last step is complete.
Mark a user entry for deletion.
For Delegated Administrator Console: Select the users to delete in the User List page and click Delete.
For Delegated Administrator Utility: Use the commadmin user delete command. For example:
commadmin user delete -D chris -n siroe.com -w bolton -l jsmith
In both cases the icsStatus attribute in the user LDAP entry is changed from active to deleted.
Use the Calendar Server Utility csclean to remove all calendars belonging to all deleted users in one or all domains, as shown in the following example:
csclean clean “*”
Or to remove calendars belonging to all deleted users in one domain, specify the actual domain, as shown in the following example: csclean clean sesta.com
If you inadvertently purge the users from LDAP before deleting the users' calendars, you can remove them later using the cscal utility, as described in Managing User Calendars.
Purge the domain of all users marked for deletion, using Delegated Administrator Utility command commadmin domain purge.
For example:
commadmin domain purge -D chris -d sesta.com -n siroe.com -w bolton
In this example, all users in sesta.com that are marked as deleted will be purged, that is, permanently removed.
Run this utility manually from time to time to clean up your LDAP directory. For more information about this command, see the Sun Java System Communications Services 6 2005Q4 Delegated Administrator Guide.
To remove the specified user’s LDAP entry and the user’s default calendar, use the Calendar Server utility csuser with the delete command.
For example, to delete the LDAP entry and the default calendar for user jsmith use the following command:
csuser delete jsmith
If you wish to remove the other calendars belonging to this user, you must use cscal as described in Managing User Calendars.
For a non-hosted domain, to undelete users marked for deletion but not yet purged, it is necessary to reset the users' icsStatus attributes to active. You can achieve this by directly changing the LDAP entries (using ldapmodify), or by using the Calendar Server Utility csattribute.
However, in a non-hosted domain, once the user is purged, you can only recover the LDAP server information by restoring it from a backup.
To restore the default settings of all calendar LDAP attributes for a specific user, use the csuser utility reset command.
For example, to reset all calendar attributes of jsmith to the default configuration settings:
csuser reset jsmith
After a calendar user has been reset, all of the calendar attributes are removed from the user’s LDAP entry, including icsCalendarUser (object class), icsSubscribed, icsCalendarOwned, icsCalendar, and icsDWPHost (if in the LDAP CLD setup). A Calendar Server administrator will not be able to create calendars on the user’s behalf.
These attributes are restored in the user’s LDAP entry when:
The user logs back into Calendar Server, or
The Calendar Server administrator issues a csuser enable command for the user (although in this case, the icsDWPHost attribute is not restored).
If one or more user ID's need to be changed, run the csrename utility. This utility performs the following steps:
Converts the user ID's in the Calendar Server LDAP attributes (the ones with the ics prefix). The LDAP directory is updated in place.
Renames the users in events and tasks on the Calendar Server database files. It writes the new database to a destination directory. Existing database files are not modified.
Be aware that changing even one user ID causes the whole database to be rewritten. So this is a “costly” utility to run.
For instructions on how to run the csrename utility, see Appendix D, Calendar Server Command-Line Utilities Reference.
Log in as an administrator with permission to change the configuration.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Edit the following ics.conf parameter as shown in the following table:
Parameter |
Description and Default Value |
---|---|
service.wcap. allowpublicwritablecalendars |
Enables users to have publicly writable calendars. This is enabled by default (set to “yes”). |
Save the file as ics.conf.
Restart Calendar Server.
cal_svr_base/SUNWics5/cal/sbin/start-cal
After your resources are added, you can administer them using csresource:
Change to the sbin directory.
Use the csresource list command to list one or all resources.
For example, list all the information about all the resources:
./csresource -v list
Change to the sbin directory.
Use the csresource enable command to enable one or more resources.
For example, to enable the ConfRm12 resource:
./csresource -v enable ConfRm12
Change to the sbin directory.
Use the csresource disable command to disable one or more resources. For example, to disable the ConfRm12 resource:
./csresource -v disable ConfRm12
Change to the sbin directory.
Use the csresource delete command to delete one or more resources. For example, to delete the ConfRm12 resource:
./csresource -v delete ConfRm12
This section contains directions for setting up a bitbucket channel for both Messaging Server and Sendmail. The bitbucket channel is a way to discard the email generated for resource calendars. These examples use a resource named Room100 on the sesta.com server. If you don’t set up the bitbucket channel (or equivalent), you will need to periodically delete the email messages sent to the resource calendar.
This section contains the following procedures:
Ensure the bitbucket channel is defined in the imta.cnf file.
To direct messages to the bitbucket channel, create the email address for the resource using the csattribute utility:
csattribute -a mail=Room100@bitbucket.sesta.com add Room100 |
In the /etc/aliases file on the appropriate host, add an entry such as:
Resource/Conference room aliases Room100: /dev/null |
Add the email address for the resource to the LDAP directory using the csattribute utility:
csattribute -a mail=Room100@sesta.com add Room100 |
Manage LDAP attributes used by Calendar Server, with the csattribute utility, or ldapmodify. Attributes can be listed, added, or deleted with csattribute. To modify an attribute, use ldapmodify. This section contains the following topics:
Log in as the user or group under which Calendar Server is running (such as icsuser and icsgroup) that was specified during installation, or as root
Change to the sbin directory.
Use the csattribute list command to list the attributes for a user or a resource. For example, to list the attributes for tchang@sesta.com:, issue the following command:
./csattribute -t user -d sesta.com list tchang
Log in as the user or group under which Calendar Server is running (such as icsuser and icsgroup) that was specified during installation, or as root
If you want this attribute change to be recognized immediately, stop Calendar Server. Otherwise, you do not have to stop Calendar Server.
Change to the sbin directory.
Use the csattribute add command to add an attribute to a user or a resource. For example, to add the LDAP attribute icsCalendar with the value Conference_Schedule to the user tchang:
./csattribute -a icsCalendar=Conference_Schedule add tchang@sesta.com
Log in as the user or group under which Calendar Server is running (such as icsuser and icsgroup) that was specified during installation, or as root
If you want this attribute change to be recognized immediately, stop Calendar Server. Otherwise, you do not have to stop Calendar Server.
Change to the sbin directory.
Use the csattribute delete command to delete an attribute from a user or a resource. For example, to delete the LDAP attribute icsCalendar with the value Conference_Schedule from the user tchang:
./csattribute -a icsCalendar=Conference_Schedule -t user -d sesta.com delete tchang
To modify an LDAP entry attribute, use ldapmodify. For example, to change the status of user with uid=tchang, use ldapmodify as shown:
dn:uid=tchang,ou=people,o=sesta.com changetype: modify add: objectclass objectClass: icsCalendarUser add: icsStatus icsStatus: active |
If your site is using the LDAP CLD plug-in, do not attempt to move a user’s calendars from one back-end host to another by changing the value of icsDWPHost, using csattribute. Modifying icsDWPHost does not cause the calendar to be moved to the new back-end host. For instruction on how to move a calendar from one back-end server to another, see Managing User Calendars.
This chapter contains the following topics, which describe how to use Calendar Server command-line utilities to create and manage calendars:
The Delegated Administrator does not create or manage calendars. You must use the Calendar Server utilities described in Appendix D, Calendar Server Command-Line Utilities Reference.
Before creating calendars, you must know the following information:
There are two types of calendars, user calendars and resource calendars.
User calendars are for scheduling human activity. Resource calendars are for scheduling the use of inanimate objects, such as conference rooms, or video equipment.
Both types of calendars are identified by a unique calendar identifier (calid).
Create user calendars with cscal. (Alternately, you can allow auto-provisioning at login time. See Automatic Creation of User Calendars.
Create resource calendars with csresource. (There is no auto-provisioning of resource calendars.)
To run cscal or csresource, you must log in as a user who has administrative rights to the system where Calendar Server is running. You must run these commands from the /opt/SUNWics5/cal/sbin directory. That is, you must change to the sbin directory; you can not run them from another directory by specifying the path.
Each calendar in the Calendar Server database is identified by a unique calendar identifier (ID) or calid. When creating calendars, you are required to specify the calid.
This section contains the following topics:
Each calendar in the database is identified by a unique calendar ID (calid). The following calid syntax has three parts:
userid[@domain][:calendar-name]
The three parts are:
A user ID that is unique for the domain in this Calendar Server instance.
The name of the user’s domain.
With no hosted domains, the domain part is optional since there is no ambiguity about which domain the user is in.
With hosted domains, if the domain part is not specified, then Calendar Server uses the value specified in the ics.conf parameter service.defaultdomain for the domain. If the user is not in the default domain, the domain part must be specified.
For more information about hosted domains (also called virtual domains), see Chapter 11, Setting Up Hosted Domains and Chapter 13, Administering Hosted Domains.
An optional calendar name that is unique to the specific user. Although an owner has only one default calendar, it is possible to have other calendars for various purposes. Each of these non-default calendars is distinguished by its calendar name. For example, if user John Doe has a uid jdoe, his default calendar might be jdoe@sesta.com. An auxiliary calendar he uses to keep track of baseball games for the Little League team he coaches might be identified with the following calid: jdoe@sesta.com:baseball.
When creating a calid, keep in mind the following rules:
Calendar ID's are case sensitive. For example, JSMITH is not equivalent to jsmith. (This differs from email addresses, which are not case sensitive. For example, jsmith@sesta.com is equivalent to JSMITH@SESTA.COM.)
A calendar ID cannot contain spaces and is limited to the following characters:
Alphabetic (a-z, A-Z) and numeric (0-9) characters (non-ASCII characters are not allowed)
Special characters: period (.), underscore (_), hyphen or dash (-), at sign (@), apostrophe ('), percent sign (%), slash (/), or exclamation point (!)
Because the user ID is part of the calid, the user ID should not contain spaces (for example, j smith). While a user with a user ID that contains a space can log into Calendar Server, the space can cause subsequent problems.
Examples of proper calendar ID's are:
jsmithjsmith:private_calendar jsmith@calendar.sesta.com:new-cal
If you have calid's that were created before you had hosted domains, and you now want to convert the non-hosted domain calid's to hosted domain calid's, there is a utility, csvdmig, that can be used to add the domain part to your existing calids. See csvdmig for instructions on how to use the utility.
This section covers the following topics:
Calendar Server automatically creates a default calendar for a user the first time the user logs in. This feature is called auto-provisioning. Autoprovisioning is enabled by default. However, auto-provisioning is available for user calendars only; resource calendars must be explicitly created.
Calendar Server creates the calendar ID (calid) for this new default calendar from the user ID, unless a calendar by that name already exists.
For example, if John Smith, with a user ID of jsmith, logs into Calendar Server for the first time, Calendar Server automatically creates a default calendar with jsmith as the calid. Each subsequent calendar John Smith creates has a calid with jsmith: prepended to the calendar name. For example, if John Smith later creates a new calendar named meetings, the calid for the new calendar (in a non-hosted environment) is jsmith:meetings.
Calendar Server returns the Calendar not found error when a user without a default calendar is specified as an attendee.
Autoprovisioning is enabled by default. However, if you need to turn it on again after disabling it, perform the steps that follow:
Log in as an administrator with permission to change the configuration.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Edit one or more of the following parameters in the Calendar Server configuration file, ics.conf, as shown in the following table:
Parameters |
Description and Default Value |
---|---|
local.autoprovision |
Set to “yes”, allows default calendar creation to occur automatically when the user logs in the first time. Autoprovisioning is enabled by default. To turn this feature off, set the value to “no”. |
Verify that the user’s LDAP entry is enabled for calendar.
The entry must contain the icsCalendarUser object class. Add the class to the user’s LDAP entry if it is not there.
If your site is using hosted domains, the user’s domain must also be calendar enabled before auto-provisioning will work. The domain entry must contain the icsCalendarDomain object class.
Save the file.
Restart Calendar Server.
cal_svr_base/SUNWics5/cal/sbin/start-cal
Log in as an administrator with permission to change the configuration.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Edit one or more of the following parameters in the Calendar Server configuration file, ics.conf, as shown in the following table:
Parameters |
Description and Default Value |
---|---|
local.autoprovision |
Setting the parameter to no disables autoprovisioning of user calendars. |
Save the file.
Restart Calendar Server.
cal_svr_base/SUNWics5/cal/sbin/start-cal
If autoprovisioning is disabled, calendars must be explicitly created for users before they can successfully log in.
Calendar Server uses Access Control Lists (ACLs) to determine the access control for calendars, calendar properties, and calendar components such as events and todos (tasks).
This section covers the following topics:
The following table describes the configuration parameters in the ics.conf file that Calendar Server uses for access control.
Table 15–1 Access Control Configuration Parameters
Parameter |
Description |
---|---|
Specifies the default access control settings used when a user creates a calendar. The default is: "@@o^a^r^g;@@o^c^wdeic^g; @^a^fs^g;@^c^^g;@^p^r^g" |
|
Specifies the default access control settings for owners of a calendar. The default is: "@@o^a^rsf^g;@@o^c^wdeic^g" |
|
Specifies the default access control settings used when a resource calendar is created. The default is: "@@o^a^r^g;@@o^c^wdeic^g; @^a^rsf^g" |
When creating a new event or task, a user can specify whether the event or task is Public, Private, or Time and Date Only (confidential):
Anyone with read permission to the user’s calendar can view the event or task.
Only owners of the calendar can view the event or task.
These are confidential events and tasks. Owners of the calendar can view the event or task. Other users with read permission to the calendar can see only “Untitled Event” on the calendar, and the title is not an active link.
The calstore.filterprivateevents determines whether Calendar Server filters (recognizes) Private, and Time and Date Only (confidential) events and tasks. By default this parameter is set to "yes". If you set calstore.filterprivateevents to "no", Calendar Server treats Private and Time and Date Only events and tasks as if they are Public.
The following table describes the Calendar Server command-line utilities that allow you to set or modify ACLs for access control:
Table 15–2 Command-Line Utilities for Access Control
Utility |
Description |
---|---|
Use the create and modify commands with the -a option to set ACLs for specific user or resource calendars. |
|
If you are creating resource calendars with csresource (you are in Schema 1 mode), use the csresource utility with the -a option to set ACLs for resource calendars. |
|
csuser |
Use the Schema 2 commadmin utility to change the default ACL used when a user creates a calendar. Use the Schema 1 csuser utility with the -a option to change the default ACL used when a user creates a calendar. |
To set access rights in the Delegated Administrator Console, from the Organization Properties page (also from the Create New Organization wizard), click the Advanced Rights button to see the list of access rights that can be administered from the console.
This section contains the following topics:
To create a new calendar, use the cscal utility create command. The user or resource entry must already exist in the LDAP directory. Refer to Chapter 14, Administering Users and Resourcesfor information on adding users and resources to your LDAP directory.
If your site is using the LDAP Calendar Lookup Database (CLD) plug-in, you must create all of the calendars for a particular user or resource on the same back-end server, as indicated by the icsDWPHost LDAP attribute in the user or resource entry. If you try to create a calendar on a different back-end server, the cscal utility returns an error. For information about the LDAP CLD plug-in, see Chapter 6, Configuring Calendar Database Distribution Across Multiple Machines.
For example, to create a new calendar with the calendar ID (calid) jsmith:
cscal -o jsmith -n JohnSmithCalendar create jsmith
where:
-o jsmith specifies the primary owner of the new calendar.
-n JohnSmithCalendar specifies the viewable name for the new calendar.
The default access control settings are defined by calstore.calendar.default.acl in the ics.conf file.
To create a calendar with the viewable name Hobbies that is owned by John Smith and uses the default access control settings for group scheduling:
cscal -n Hobbies -o jsmith create Personal
where:
-n Hobbies specifies the viewable name of the calendar.
-o jsmith specifies the user ID of the primary owner.
Personal is used as the second part of the calendar ID (calid). For example: jsmith:Personal
The following example creates a new calendar similar to the previous example, but it also associates the calendar with the category named sports, enables double booking, and specifies Ron Jones as another owner:
cscal -n Hobbies -o jsmith -g sports -k yes -y rjones create Personal
where:
-g sports associates the calendar with a category named sports.
-y rjones specifies another owner of the calendar.
-k yes enables double booking. (-k no would disable double booking.)
The following example creates a calendar similar to the previous example, but it also sets specific access control settings for group scheduling:
cscal -n Hobbies -o jsmith -a "@@o^a^sfr^g" create Personal
where -a "@@o^a^sfr^g" grants other owners schedule, free/busy, and read access privileges to both the components and calendar properties of this calendar for group scheduling.
A resource calendar is associated with things that can be scheduled, such as meeting rooms, notebook computers, overhead projectors and other equipment. Resource calendars require access control lists.
As shown in table Table 15–3, two configuration parameters in the ics.conf file apply to resource calendars:
resource.default.acl– A default access control list.
resource.allow.doublebook– A parameter that allows or disallows doublebooking.
While doublebooking a user’s calendar might be desirable, doublebooking of resources is probably not desirable, therefore, the default value is "no". However, you are allowed to change it to "yes", if desired.
To change the default values for these parameters (shown in table Table 15–3), edit the ics.conf file. Changes to the default values will apply only to new resource calendars; it will not change the values for existing resources.
For Schema 1, use the Calendar Server Utility cscal to change values for an existing resource calendar. The csresource utility does not have a modify command.
For Schema 2, use the Delegated Administrator Utility command commadmin resource modify. The Delegated Administrator Console does not allow you to change these values for calendar resources.
The Calendar Server notification software is not programmed to send notifications to resources, only to users.
Parameter |
Description and Default Value |
---|---|
resource.default.acl |
This parameter determines the default access control permissions used when a resource calendar is created. The default permissions are specified by the following Access Control List (ACL): "@@o^a^r^g;@@o^c^wdeic^g;@^a^rsf^g" This ACL grants all calendar users read, schedule, and free/busy access to the calendar, including both components and properties. To change the permissions for a resource, use the-a option when you create the calendar using the csresource utility create command. |
resource.allow.doublebook |
This parameter determines if a resource calendar allows doublebooking. Doublebooking allows a resource calendar to have more than one event scheduled for the same time. The default is "no"— Do not allow doublebooking. To allow doublebooking for a resource calendar, use the -k option when you create the calendar using the csresource utility create command. |
Calendar Server does not have autoprovisioning of resource calendars. For every resource required at your site, you must use of the following methods:
For Schema 1, use the Calendar Server Utility command csresource create.
This utility creates both the LDAP entry and the default calendar for the resource.
For example, to create a resource LDAP entry and calendar with the calendar ID aud100, viewable name Auditorium (LDAP cn attribute), with the default settings, use the following command:
csresource -m aud100@siroe.com -c aud100 create Auditorium
For Schema 2, use a combination of the Delegated Administrator Utility command commadmin resource create to create the LDAP entry. Then use the Calendar Server Utility command csresource create to create the default calendar.
For Schema 2, create the resource LDAP entry using the Delegated Administration Console. Then use the Calendar Server Utility command csresource create to create the default calendar.
To create the LDAP resource with the Console, select the organization where this resource will reside from the Organizations List. From the Calendar Resources page for this organization, click New to bring up the Create New Calendar Resource Wizard.
If there is an existing LDAP entry for the resource, csresource creates only the calendar. It will not create a duplicate LDAP entry.
For more information about the Delegated Administrator Utility, see Sun Java System Communications Services 6 2005Q4 Delegated Administrator Guide.
For more information about the Delegated Administrator Console, see the online help.
For more information about csresource, see Appendix D, Calendar Server Command-Line Utilities Reference.
By default, Calendar Server does not allow double booking for a resource calendar (resource.allow.doublebook parameter). This default prevents scheduling conflicts for resources such as rooms and equipment. However, if you want to allow double booking for a resource calendar, set the csresource -k option to “yes” when you create the calendar.
The following command creates a resource LDAP entry and calendar, but the -k option allows double booking on the calendar, the -o option specifies bkamdar as the owner of the calendar, and the -y option specifies jsmith as another owner:
csresource -m aud100@siroe.com -c aud100 -k yes -o bkamdar -y jsmith create Auditorium
To control who can schedule a specific resource, consider limiting the users who have write access to the resource calendar. For example, you might want to allow only certain users to schedule meeting rooms or reserve equipment.
If you do not specify an owner for a resource calendar, the value is taken from the service.admin.calmaster.userid parameter in the ics.conf file.
After your user calendars are created, use the cscal utility to perform the following administrative tasks:
To display all calendars, all calendars owned by a user, or the properties of a specific calendar, use the cscal utility list command.
For example, to list all calendars in the calendar database:
cscal list
To list all calendars owned by jsmith:
cscal -o jsmith list
To list all the properties of a calendar with the calendar ID jsmith:meetings:
cscal -v list jsmith:meetings
To delete one or more calendars from Calendar Server, use the cscal utility delete command. This utility deletes the calendar, but it does not delete the user from the directory server.
The delete command removes all of the calendar information from the calendar database and cannot be undone. After you delete a calendar, you can recover the calendar data only if it was backed up. For more information, see Chapter 17, Backing Up and Restoring Calendar Server Data.
The cscal utility lets you delete a single calendar or multiple calendars.
For example, to delete a specific calendar with the calendar ID jsmith:meetings:
cscal delete jsmith:meetings
To delete all calendars whose primary owner is jsmith:
cscal -o jsmith delete
If you have deleted one or more users with the Calendar Server Utility command csuser delete, or with Delegated Administrator Console or Utility, calendars owned by that user might still be present in the database.
There are two ways to remove users’ calendars. The method to use depends on the tool you used to delete the user:
The csuser utility removes the user from the LDAP directory and removes the user’s default calendar, but not any other calendars the user might own. For instructions on how to use cscal to remove these calendars, see To Remove All Calendars of a User Deleted with csuser.
Delegated Administrator does not remove any calendars. Use Delegated Administrator to mark users for deletion and then use Calendar Server Utility csclean to remove calendars for user's marked for deletion.
For instructions on how to remove deleted users’ calendars using csclean, see To Remove All Calendars for Users Deleted by Delegated Administrator.
For instructions on using Delegated Administrator Utility, see the Sun Java System Communications Services 6 2005Q4 Delegated Administrator Guide.
For instructions on using Delegated Administrator Console, see the online help.
Run cscal list to find all of the calendars for the deleted owner’s uid.
cscal -o owner list
Use cscal to remove all the calendars for this owner.
cscal -o owner delete
Verify that all the calendars have been removed by running csuser list again.
Use this procedure if you used commadmin to mark the user as deleted, and the user’s LDAP entry has already been purged.
Delegated Administrator does not remove calendars. Use the csclean utility to remove all calendars for any users marked as deleted with Delegated Administrator.
Use csclean to remove all calendar for user's marked as deleted but not yet purged.
For example, to remove all the calendars for user’s marked as deleted in the sesta.com domain in the last 10 days, the command would be as follows:
csclean -g 10 clean sesta.com
If the user has already been purged from the LDAP, then you must use cscal.
For instructions, see To Remove All Calendars of a User Deleted with csuser.
To enable a calendar to allow users to access the calendar, use the cscal utility enable command.
For example, to enable calendar jsmith:meetings using the default configuration settings:
cscal enable jsmith:meetings
To enable the calendar jsmith:meetings but not allow doublebooking:
cscal -k no enable jsmith:meetings
To prevent users from accessing a calendar, use the cscal utility disable command. The disable command prohibits users from accessing the calendar, but it does not remove the information from the calendar database.
For example, to prevent users from accessing jsmith:meetings:
cscal disable jsmith:meetings
To modify the properties of a calendar, use the cscal utility modify command.
For example, to change the group scheduling access control settings of AllAdmins and specify RJones as another owner:
cscal -a "@@o^c^wd^g" -y RJones modify AllAdmins
where:
-a "@@o^c^wd^g" grants owners write and delete access to the components (events and tasks) of AllAdmins.
-y RJones specifies this user ID as another owner.
To remove a property value from a calendar, use the cscal utility modify command and specify the option with two double quotes ("") as the value for the option.
For example, to remove a description from jsmith:meetings:
cscal -d "" modify jsmith:meetings
To remove all categories from jsmith:meetings:
cscal -g "" modify jsmith:meetings
To remove “other owners” from jsmith:meetings:
cscal -y "" modify jsmith:meetings
If a user’s default calendar does not appear in the Communications Express Current Calendar drop down list, but still exists in the database, you can recover the calendar by updating the following attributes in the user’s LDAP entry:
icsCalendar:default_calid
icsSubscribed:default_calid
where default_calid is the user’s default calendar ID (calid).
For Schema 2, use one of the following methods to update the attributes:
Use the ldapmodify Directory Server utility.
Use the Calendar Server Utility command csuser reset.
Use the Delegated Administrator Utility command commadmin user modify.
Use the Delegated Administrator Console to add the default calendar name by editing the User Properties page.
For Schema 1, use the csattribute add command to update the attributes.
To move a user calendar from one back-end server to another back-end server, follow these steps:
On the original server, disable the calendar user using the csuser utility. For example to disable the user with the user ID and calid bkamdar:
csuser disable bkamdar |
On the original server, export each of the user’s calendars from the calendar database to a file using the csexport utility. For example:
csexport -c bkamdar calendar bkamdar.ics |
Copy the exported calendar (*.ics) files from the original server to the new server.
On the new server, for each of the calendars exported, import the calendar from the file to the calendar database using the csimport utility. For example:
csimport -c bkamdar calendar bkamdar.ics |
On the LDAP directory server, update the calendar owner’s icsDWPHost LDAP attribute to point to the new back-end server using the csattribute utility. To update an attribute, you must first delete the attribute and then add it with the new value. For example, to set the new server name to sesta.com:
csattribute -a icsDWPHost delete bkamdar csattribute -a icsDWPHost=sesta.com add bkamdar |
On the new server, enable the calendar user using the csuser utility for a user calendar. For example:
csuser enable bkamdar |
On the new server, use the following commands to verify that the attributes are correct and that each calendar has been moved correctly. For example:
cscal -v -o bkamdar list bkamdar ... csattribute -v list bkamdar |
On the original server, delete each calendar you just moved. For example:
cscal -o bkamdar delete bkamdar |
The -o option deletes all calendars whose primary owner is bkamdar.
If you are using the CLD cache option, after moving a calendar to a different back-end server, you should clear the CLD cache to remove the server names. An out-of-date entry in the CLD cache can prevent a front-end server from finding a calendar after it has been moved. To clear the CLD cache, follow these steps:
Stop Calendar Server.
Remove all files in the /var/opt/SUNWics5/csdb/cld_cache directory, but do not remove the cld_cache directory itself.
Restart Calendar Server.
After a resource calendar is created, administer it using the csresource utility. The following are procedures for administering resource calendars:
To display a resource calendar, use the csresource utility list command.
For example, to display a list of all Calendar Server resource calendars and their corresponding LDAP attributes:
csresource list
To display a list of all LDAP attributes for a specific resource calendar named Auditorium:
csresource -v list Auditorium
To modify a resource calendar, use the cscal utility modify command (csresource does not have a modify command).
For example, to set the owner as tchang and add another owner named mwong to the resource calendar named Auditorium:
cscal -o tchang -y mwong modify aud100
In this example, the cscal utility requires the calid (aud100) rather than the calendar name (Auditorium).
You might need to disable a resource calendar to prevent users from scheduling events. For example, a conference room might be unavailable during remodeling, or an overhead project might be out for repair.
To disable or enable a resource calendar, use the csresource utility enable or disable command.
For example, to disable the resource calendar named Auditorium:
csresource disable Auditorium
Then, to enable the resource calendar later:
csresource enable Auditorium
To delete a resource calendar, use the csresource utility delete command.
For example, to delete the Auditorium resource calendar:
csresource delete Auditorium
Calendar Server displays the following message:
Do you really want to delete this resource (y/n)?
Enter “y” to delete the calendar or “n” to cancel the operation.
If you enter “y”, Calendar Server deletes the calendar and displays a message that it has been deleted.
To move a user or resource calendar from one back-end server to another back-end server, follow these steps:
On the original server, disable the calendar resource using the csresource utility. For example to disable the resource with the common name Auditorium:
csresource disable Auditorium |
On the original server, export each of the resources calendars from the calendar database to a file using the csexport utility. For example:
csexport -c aud100 calendar aud100.ics |
Copy the exported calendar (*.ics) files from the original server to the new server.
On the new server, for each calendar exported, import the calendar from the file to the calendar database using the csimport utility. For example:
csimport -c bkamdar calendar bkamdar.ics |
On the LDAP directory server, update the calendar owner’s icsDWPHost LDAP attribute to point to the new back-end server using the csattribute utility. To update an attribute, you must first delete the attribute and then add it with the new value. For example, to set the new server name to sesta.com:
csattribute -a icsDWPHost delete bkamdar csattribute -a icsDWPHost=sesta.com add bkamdar |
On the new server, enable the calendar resource using the csresource utility. For example:
csresource enable bkamdar |
On the new server, use the following commands to verify that the attributes are correct and that each calendar has been moved correctly. For example:
cscal -v -o bkamdar list bkamdar csattribute -v list bkamdar |
On the original server, delete each calendar you just moved. For example:
cscal -o bkamdar delete bkamdar |
The -o option deletes all calendars whose primary owner is bkamdar.
If you are using the CLD cache option and you have moved a calendar to a different back-end server, you should clear the CLD cache to remove the server names. An out-of-date entry in the CLD cache can prevent a front-end server from finding a calendar after it has been moved. To clear the CLD cache, follow these steps:
Stop Calendar Server.
Remove all files in the /var/opt/SUNWics5/csdb/cld_cache directory, but do not remove the cld_cache directory itself.
Restart Calendar Server.
You can create a link to one or more user or resource calendars, as long as each calendar has the permissions set to allow read access. For example, you can embed a calendar link in a web page or email message. Other users can then view the calendar anonymously without having to log into Calendar Server.
To create a link to one or more user calendars, use this syntax:
http://CommunicationsExpresshostname: CommunicationsExpressport/uwc/ ?calid=calid-1[; ... ;calid-n]
For multiple calendars, separate each calendar ID (calid) with a semicolon (;).
For example, to link to the default calendar for jsmith@sesta.com, and jdoe@siroe.com, enter:
http://calendar.sesta.com:8080/?calid=jsmith@sesta;jdoe@siroe.com
To link to a resource calendar for an overhead projector with the calid overhead_projector10:
http://calendar.sesta.com:8080/uwc/?calid=overhead_projector10
To export and import calendar data to and from a file, use the csexport and csimport utilities. The calendar data can be in either iCalendar (.ics) or XML (.xml) format.
You must run csexport and csimport locally on the machine where your Calendar Server is installed. Calendar Server can be either running or stopped.
To import calendar data from a file previously saved using the csexport utility, use csimport. The file name extension of the import file (.ics or .xml) indicates the format in which it was saved.
For example, to import calendar data to the calendar ID (calid) jsmithcal from the file jsmith.ics that was saved in iCalendar (text/calendar MIME) format:
csimport -c jsmithcal calendar jsmith.ics
To import data into the calendar jsmithcal from a file named jsmith.xml that was saved in XML (text/xml MIME) format:
csimport -c jsmithcal calendar jsmith.xml
To export calendar data to a file, use csexport. The file name extension (.ics or .xml) that you specify for the output file determines which format is used.
For example, to export the calendar with the calendar ID (calid) jsmithcal in iCalendar (text/calendar MIME) format to a file named jsmith.ics:
csexport -c jsmithcal calendar jsmith.ics
To export the calendar jsmithcal in XML (text/xml MIME) format to a file named jsmith.xml:
csexport -c jsmithcal calendar jsmith.xml
Calendar Server keeps many database files in multiple directories. You must protect your database files either by implementing the automatic back up process described in Chapter 10, Configuring Automatic Backups (csstored), or by implementing your own system of backups. You can administer the database files using the csdb utility.
This chapter describes how to manage Calendar Server databases using csdb, and includes the following sections:
To administer database files, use the Calendar Server utility csdb. This section contains topics:
The calendar database utility csdb treats the database files as three logical databases:
The caldb consists of all the .db files and the _db.*files found in the database directory. The following is the default location for the calendar database files (as well as the cld_cache and ldap_cache subdirectories):
/var/opt/SUNWics5/csdb
If you prefer, you can specify a different directory when running the Calendar Server configuration program (csconfigurator.sh). For information about the configuration program, refer to Chapter 3, Calendar Server Configuration Program (csconfigurator.sh)
The following table describes the calendar database (caldb) files:
Table 16–1 Calendar Server Database Files
File |
Description |
---|---|
ics50calprops.db |
Calendar properties for all calendars. Includes the calendar ID (calid), calendar name, Access Control List (ACL), and owner. |
ics50events.db |
Events for all calendars. |
ics50todos.db |
Todos (tasks) for all calendars. |
ics50alarms.db |
Alarms for all events and todos (tasks). |
ics50gse.db |
Queue of scheduling requests for the group scheduling engine (GSE). |
ics50journals.db |
Journals for calendars. Journals are not implemented in the current release. |
ics50caldb.conf |
Database version identifier. |
ics50recurring.db |
Recurring events. |
ics50deletelog.db |
Deleted events and todos (tasks). See also Chapter 18, Administering the Delete Log Database |
The session database consists of all files located in the following directories: /opt/SUNWics5/cal/lib/admin/session/ and /opt/SUNWics5/cal/lib/http/session/
The statistical database consists of all files found in the counter directory:
/opt/SUNWics5/cal/lib/counter/
The csdb utility -t option allows you to specify a target database:
-t caldb – calendar database
-t sessdb – session database
-t statdb – statistics database
If you do not include the -t option, csdb operates on all three databases, except for check and rebuild which operate only on the calendar database.
This section describes how to use the csdb utility to perform the following administrative tasks:
To run the csdb utility, you must log in as a user who has administrative rights to the system where Calendar Server is running. For more information, see Appendix D, Calendar Server Command-Line Utilities Reference.
To view the status of a database group (caldb, sessdb, statdb), use the csdb utility list command.
To list database status:
Log in as a user who has administration rights to the system where Calendar Server is installed.
Calendar Server can be either running or stopped; however, if possible, stop Calendar Server.
Change to the /sbin directory. For example, on Solaris Operating Systems, enter:
cd /opt/SUNWics5/cal/sbin |
Run the list command against one or all of the database groups. For example, to list the status and statistics for all three database groups:
./csdb list
The code that follows shows sample output:
Sleepycat Software: Berkeley DB 4.1.25: (December 19, 2002) Calendar database version: 3.0.0 [BerkeleyDB] Total database size in bytes: 57344 Session database version: 1.0.0 [BerkeleyDB] Total database size in bytes: 0 Counter database version: 1.0.0 [Memory Mapped Files] Total database size in bytes: 118792 |
Or, you can choose to use the verbose mode. For example:
./csdb -v list
The following sample code shows the verbose output:
Sleepycat Software: Berkeley DB 4.1.25: (December 19, 2002) Calendar database version: 3.0.0 [BerkeleyDB] Total database size in bytes: 57344 Total number of calendars: 2 Total number of events: 0 Total number of tasks: 0 Total number of alarms: 0 Total number of gse entries: 0 Total number of master component entries: 0 Total number of deletelog entries: 0 Total logfile size in bytes: 5779919 Session database version: 1.0.0 [BerkeleyDB] Total database size in bytes: 0 Total logfile size in bytes: 0 Counter database version: 1.0.0 [Memory Mapped Files] Total database size in bytes: 118792 |
Or, use the -t option to specify one target database group (caldb, sessdb, or statdb). For example, to view database status and statistics for only the calendar database:
csdb -t caldb list
Use the check command to scan for corruptions in the calendar database, including calendar properties (calprops) and events and todos (tasks). If the check command finds an inconsistency that cannot be resolved, it reports the situation in its output.
The check command does not check for corruption in the alarm or group scheduling engine (GSE) databases.
To check for database corruption:
Log in as a user who has administration rights to the system where Calendar Server is installed.
Calendar Server can be either running or stopped; however, if possible, stop Calendar Server.
Make a copy of your calendar database, if you haven’t already done so. Copy only the database (.db) files. You don’t need to copy any share (__db.*) or log (log.*) files.
Change to the cal_svr_base/SUNWics5/cal/sbin directory. For example, on Solaris Operating Systems, enter:
cd /opt/SUNWics5/cal/sbin |
Run the check command on the copy of your calendar database:
./csdb check dbdir \> /tmp/check.out 2\>&1 |
If you don’t specify dbdir, check uses the database in the current directory.
The check command can generate a lot of information, so consider redirecting all output, including stdout and stderr, to a file (as shown in the example).
When check has finished, review the output file.
If your database is corrupted, you can choose to replace it with your hot backup copy. Alternately, you can choose to try to rebuild the corrupted one by running the rebuild command.
To recover a damaged calendar database (caldb), use the csdb utility rebuild command. The rebuild command scans all of the calendar databases for corruption. If the rebuild command finds an inconsistency, it generates a rebuilt calendar database (.db files) in the cal_svr_base/SUNWics5/cal/sbin/rebuild_db directory.
The rebuild command can generate a lot of information, so consider redirecting all output, including stdout and stderr, to a file.
In the instructions that follow, the rebuild command does not rebuild the group scheduling engine (GSE) database.
To rebuild the calendar databases without the GSE database:
Log in as a user who has administration rights to the system where Calendar Server is installed.
Stop Calendar Server.
Make a copy of your calendar database, if you haven’t already done so. Copy the database (.db) files and the log (log.*) files. You don’t need to copy any share (__db.*) files.
Change to the cal_svr_base/SUNWics5/cal/sbin directory. For example, on Solaris Operating Systems, enter:
cd /opt/SUNWics5/cal/sbin |
If disk space is a problem for the sbin directory, run the rebuild command in a different directory.
Run the rebuild command on the copy of your calendar database:
./csdb rebuild /tmp/db /tmp/ |
If you don’t specify a database directory, rebuild uses the database in the current directory. In the preceding example, the /tmp/ parameter specifies the destination directory for the rebuilt database.
Always rebuild your calendar database using the latest backup copy.
However, if you have experienced a significant loss of data and you have periodically backed up your database and have more than one copy available, rebuild from the latest copy to the oldest one. (The only drawback is that calendar components that were deleted will reappear in the rebuilt database.)
For example, if you have three sets of backup calendar database files in directories db_0601, db_0615, and db_0629, run the rebuild command in the following sequence:
./csdb rebuild db_0629
Then check for corruption. If this backup copy is also corrupt, then run rebuild on the next backup copy.
./csdb rebuild db_0615
Then check for corruption. If this backup copy is also corrupt, then run rebuild on the next backup copy.
./csdb rebuild db_0601
... etc.
The rebuild command writes the rebuilt database to the cal_svr_base/SUNWics5/cal/sbin/rebuild_db directory.
When rebuild has finished, review the output in the rebuild.out file. If the rebuild was successful, the last line in the rebuild.out file should be:
Calendar database has been rebuilt |
After you have verified that rebuild was successful, copy the rebuilt database (.db) files from the rebuild_db directory to your production database.
If you have any share (__db.*) files from the corrupted database, move them to another directory.
Restart Calendar Server.
If you have implemented group scheduling at your site, then you should include the GSE database in the rebuild.
To rebuild both the calendar databases and the GSE database:
Determine if the GSE database has any entries by running the csschedule -v list command and then let the GSE finish processing the entries.
Log in as a user who has administration rights to the system where Calendar Server is installed.
Stop Calendar Server.
Make a copy of your calendar database, if you haven’t already done so.
Copy the database (.db) files and the log (log.*) files. You don’t need to copy any share (__db.*) files.
Change to the cal_svr_base/SUNWics5/cal/sbin directory.
For example, on Solaris Operating Systems, enter:
cd /opt/SUNWics5/cal/sbin
If disk space is a problem for the sbin directory, run the rebuild command in a different directory.
Run the rebuild command on the copy of your calendar database:
./csdb -g rebuild /tmp/db /tmp/
If you don’t specify a database directory, rebuild uses the database in the current directory. In the preceding example, the /tmp/ parameter specifies the destination directory for the rebuilt database.
Always rebuild your calendar database using the latest backup copy.
However, if you have experienced a significant loss of data and you have periodically backed up your database and have more than one copy available, rebuild from the latest copy to the oldest one. (The only drawback is that calendar components that were deleted will reappear in the rebuilt database.)
For example, if you have three sets of backup calendar database files in directories db_0601, db_0615, and db_0629, run the rebuild command in the following sequence:
./csdb rebuild db_0629 ./csdb rebuild db_0615 ./csdb rebuild db_0601 |
The rebuild command then writes the rebuilt database to the cal_svr_base/SUNWics5/cal/sbin/rebuild_db directory.
When rebuild has finished, review the output in the rebuild.out file.
If the rebuild was successful, the last line in the rebuild.out file should be:
Calendar database has been rebuilt |
After you have verified that rebuild was successful, copy the rebuilt database (.db) files from the rebuild_db directory to your production database.
If you have any share (__db.*) files from the corrupted database, move them to another directory.
Restart Calendar Server.
The sample output shows the events and the todos databases scanned twice each. This is not an error. It scans the first time to verify the information in the calprops database and then scans again to make sure calprops is accessible from the calendar database.
The following example shows the command and the output that it generated:
# ./csdb -g rebuild Building calprops based on component information. Please be patient, this may take a while... Scanning events database... 512 events scanned Scanning todos database... 34 todos scanned Scanning events database... 512 events scanned Scanning todos database... 34 todos scanned Scanning deletelog database... 15 deletelog entries scanned Scanning gse database... 21 gse entries scanned Scanning recurring database... 12 recurring entries scanned Successful components db scan Calendar database has been rebuilt Building components based on calprops information. Please be patient, this may take a while... Scanning calprops database to uncover events... 25 calendars scanned Scanning calprops database to uncover todos... 25 calendars scanned Successful calprops db scan Calendar database has been rebuilt |
To delete a calendar database, use the csdb utility delete command. Calendar Server must be stopped.
Use the -t option to specify the target database (caldb, sessdb, or statdb); otherwise, csdb deletes all three databases.
For example, to delete the calendar database:
csdb -t caldb delete
The csdb utility issues a warning before deleting the database.
If you have chosen not to use the automatic backup facility provided by Calendar Server (using csstored), then you need to implement a backup procedure to protect your data. This chapter describes how to use Calendar Server and other Sun tools to perform a manual backup and restore of calendar database files.
To back up and restore Calendar Server data in the /var/opt/SUNWics5/csdb directory, use these command-line utilities:
csbackup backs up the calendar database, a specific calendar, or a user’s default calendar. The directories to be backed up must be owned by the runtime user (icsuser), or you will receive an error message when you attempt to restore the data.
csrestore restores the calendar database, individual calendars, or a user’s default calendar that was saved using csbackup.
If you have an existing custom script that uses the Berkeley database tools (such as, db_recover), you might find that the tools do not work after upgrading to Calendar Server 6. Before Calendar Server 2004Q4, the tools were compiled with a static library. Since that release, they are compiled with a dynamic library.
To accommodate this change, alter your custom script to use the dynamic link library, as follows: Change the global variable LD_LIBRARY_PATH to the name of the dynamic library (libdb-4.2.so).
This chapter includes these sections:
Calendar Server 2 data is not compatible with the current product. Do not try to restore calendar data backed up by the Calendar Server 2 backup utility, because data loss can occur.
If you have 2 calendar data that you want to move to the current release, you must contact technical support for the appropriate migration utilities.
The csbackup utility can back up the calendar database, a specified calendar, or a user’s default calendar. This section describes:
Log in as the owner of the database files (such as icsuser).
Use the csbackup utility database command.
For example, to back up the calendar database to a directory named backupdir:
csbackup -f database backupdir |
Verify the correct version of the database was backed up by checking the ics50caldb.conf version file in the backup directory.
The csbackup utility fails if the target backup directory already exists and you do not specify the -f option. For example, the following command fails if backupdir exists, even if the directory is empty:
csbackup database backupdir |
Therefore, if you specify a target backup directory that already exists, include the -f option when you run csbackup.
You can also specify a nonexistent target backup directory and let csbackup create the directory for you.
Login as the database owner (icsuser).
To backup a calendar to a file in iCalendar or XML format, use the csbackup utility calendar command.
The filename extension (.ics or .xml) of the backup file indicates the format.
For example, to backup the calendar jsmithcal in iCalendar format (text/calendar MIME) to the file jsmith.ics in the backupdir directory:
csbackup -c jsmithcal calendar backupdir/jsmith.ics |
Or, to backup the calendar jsmithcal in XML format (text/XML) to the file jsmith.xml in the backupdir directory:
csbackup -c jsmithcal calendar backupdir/jsmith.xml |
Login as the database owner (icsuser).
To back up a user’s default calendar to a text file in iCalendar or XML format, use the csbackup utility defcal command. The filename extension (.ics or .xml) that you specify for the output file determines which format is used.
For example, to back up calendar user jsmith’s default calendar in iCalendar (text/calendar MIME) format to a file named jsmith.ics in the backup directory:
csbackup -a jsmith defcal backupdir/jsmith.ics |
Or, to back up calendar user jsmith’s default calendar in XML (text/xml MIME) format to a file named jsmith.xml in the backup directory:
csbackup -a jsmith defcal backupdir/jsmith.xml |
The csrestore utility restores the calendar database, individual calendars, or a user’s default calendar that was saved using csbackup. You must run the csrestore utility on the local machine where Calendar Server is installed, and you must first stop Calendar Server. (Calendar Server can be running, however, when you backup the database.)
This section describes:
Log in as the database owner (icsuser).
To restore a calendar database that was saved to a backup directory using the csbackup utility, use the csrestore utility database command.
For example, to restore the calendar database that was saved to a backup directory named backupdir:
csrestore database backupdir |
Log in as the database owner (icsuser).
To restore a specific calendar from a database that was saved to a backup directory using the csbackup utility, use the csrestore utility database command with the -c option.
For example, to restore the calendar jsmithcal from the backup database directory backupdir:
csrestore -c jsmithcal calendar backupdir |
Log in as the database owner (icsuser).
To restore a specific calendar that was saved to a backup file using the csbackup utility, use the csrestore utility calendar command with the -c option.
The filename extension (.ics or .xml) of the backup file indicates the format in which the calendar was saved.
For example, to restore the calendar jsmithcal that was saved in iCalendar (text/calendar MIME) format to the file jsmith.ics located in the backupdir directory:
csrestore -c jsmithcal calendar backupdir/jsmith.ics |
Or, to restore the calendar jsmithcal that was saved in XML (text/calendar MIME) format to the file jsmith.xml located in the bcakupdir directory:
csrestore -c jsmithcal calendar backupdir/jsmith.xml |
Log in as the database owner (icsuser).
To restore a user’s default calendar that was saved to a backup file using the csbackup utility, use the csrestore utility defcal command.
The filename extension (.ics or .xml) of the backup file indicates the format in which the calendar was saved.
For example, to restore calendar user jsmith’s default calendar that was saved in iCalendar (text/calendar MIME) format to a file named jsmith.ics located in the backup directory backupdir:
csrestore -a jsmith defcal backupdir/jsmith.ics |
To restore calendar user jsmith’s default calendar that was saved in XML (text/xml MIME) format to a file named jsmith.xml located in the backup directory backupdir:
csrestore -a jsmith defcal backupdir/jsmith.xml |
You can also use either Sun StorEdge Enterprise Backup software (formerly Solstice Backup) or Legato Networker to back up and restore Calendar Server data. The Sun StorEdge Enterprise Backup software and Legato Networker are similar, and the instructions in this section apply to both products.
Before attempting to backup Calendar Server, however, see the Sun StorEdge Enterprise Backup or Legato Networker documentation.
For the Sun StorEdge Enterprise Backup software documentation, see http://docs.sun.com.
This section describes:
To Back Up Calendar Data Using Sun StorEdge Enterprise Backup software or Legato Networker
To Restore Calendar Data Using Sun StorEdge Enterprise Backup Software or Legato Software
Calendar Server provides the following files in the /opt/SUNWics5/cal/sbin directory to use with the Sun StorEdge or Legato backup software:
Calendar Server Application Specific Module (ASM). An ASM is a program that can be invoked by the Sun StorEdge or Legato backup software to back up and restore data.
Script that calls the csbackup utility.
–Script that calls the csrestore utility.
To backup the calendar database using the Sun StorEdge or Legato backup software:
Copy the Sun StorEdge or Legato nsrfile binary file to the /usr/lib/nsr directory.
Create these symbolic links in the /usr/lib/nsr directory:
icsasm -\> /opt/SUNWics5/cal/sbin/icsasm nsrfile -\> /usr/lib/nsr/nsrfile |
Change to the /opt/SUNWics5/cal/sbin directory and run the csbackup utility with the -l option. For example:
cd /opt/SUNWics5/cal/sbin ./csbackup -l |
The -l option creates a backup directory image under the current directory. The files in this directory are empty and are used only to provide information to the backup program about how calendars will be stored on the backup media. If the backup directory already exists, it is synchronized with the current directory structure.
Use the save command to back up calendar data. For example:
/usr/bin/nsr/save -s /opt/SUNWics5/cal/sbin/budir |
You can also use the Sun StorEdge or Legato backup GUI to schedule backups by setting up a client save set to periodically backup the database.
Notes Do not modify the .nsr files. These generated files contain directives that are interpreted by the save command and the icsasm command during the backup process.
Calendar Server does not support the incremental backup feature. Do not use this feature because the backup directory is only an image of the folder structure and contains no actual data.
You cannot backup a calendar with a name that contains non-ASCII characters or the forward slash (/).
Automate the backup procedure.
The preceding steps describe how to run a backup manually. Set up the backup program’s backup command to run the Calendar Server csbackup command-line utility before the running the backup program’s save command to achieve an automated backup process.
To restore calendar data:
Use the Sun StorEdge Enterprise Backup software nwrestore feature or the recover command to restore backed-up calendar information.
If you use nwrestore, you receive the message:
"File already exists. Do you want to overwrite, skip, backup, or rename?" |
Choose overwrite.
This message appears because the backup tree is just the directory hierarchy. That is, it consists of empty files and stays that way permanently.
Calendar Server includes the Delete Log database (ics50deletelog.db) to store deleted events and todos (tasks).
In early releases, Calendar Server did not maintain a database of deleted events and tasks. Users were forced to save the unique identifiers (uid) or recurrence identifiers (rid) of events or todos (tasks) to determine which components had been deleted. This limitation directly affected installations that used WCAP commands to develop a client user interface (UI). To solve this limitation, the delete log database was created.
This chapter describes:
Calendar Server automatically creates the Delete Log database (ics50deletelog.db) in the csdb directory along with the other Calendar Server database files. Calendar Server writes events and todos to the Delete Log database as follows:
Non-Recurring Events and Todos
When a non-recurring event or todo is deleted, Calendar Server removes it from the Events database (ics50events.db) or Todos database (ics50todos.db) and then writes it to the Delete Log database (ics50deletelog.db).
Recurring Events and Todos
When individual instances of a recurring event or task are deleted, Calendar Server writes each deleted instance of the event or task to the Delete Log database (ics50deletelog.db).
When all instances of a recurring event or todo are deleted, Calendar Server deletes the master component from the event or todo database and then writes it to the Delete Log database. A master component in the Delete Log database will contain the rrules, rdates, exrules, and exdates recurrence parameters.
To return entries from the Delete Log database, use the fetch_deletedcomponents WCAP command in either Expanded Mode or Compressed Mode:
Expanded Mode (recurring = 0)
If the recurring parameter is 0, fetch_deletedcomponents returns all instances of recurring events that match the criteria, but it does not return the master component for recurring events.
Compressed Mode (recurring = 1)
If the recurring parameter is 1, fetch_deletedcomponents returns non-recurring events and the master components for any recurring events, but it does not return individual recurring events.
If all instances in a recurring chain are deleted, the master component returns the dtstart, dtend, rrules, rdates, exrules, exdates, and uid parameters.
Also, fetch_deletedcomponents does not return master components associated with the deleted recurring instances that are still active. To return active master components, use the fetchcomponents_by_lasmod WCAP command. The fetch_deletedcomponents command should be used in conjunction with the fetchcomponents_by_lasmod command.
For more about WCAP commands, see the Sun Java System Calendar Server 6 2005Q4 Developer’s Guide.
Calendar Server provides both the Automatic Purge of the Delete Log Database and the Manual Purge of the Delete Log Database.
If you wish, you can have Calendar Server automatically purge entries in the Delete Log database.
The following table describes the parameters in the ics.conf file that control the automatic purge.
Table 18–1 Configuration Parameters for Automatic Purge of the Delete Log Database
Parameter |
Description |
---|---|
Enables ("yes") or disables ("no") the automatic purge of Delete Log database (ics50deletelog.db) entries. The default is "no". |
|
Specifies the interval time in seconds to automatically purge entries in the Delete Log database (ics50deletelog.db). The default is 60 seconds. |
|
Specifies a time in seconds before which to purge entries in the Delete Log database (ics50deletelog.db). The default is 86400 seconds (1 day). |
For example, to have Calendar Server automatically purge Delete Log database entries every five minutes (600 seconds) that are more than 2 days old (172800 seconds), set parameters in Automatic Purge of the Delete Log Database as follows:
service.admin.purge.deletelog="yes" caldb.berkeleydb.purge.deletelog.interval=600 caldb.berkeleydb.purge.deletelog.beforetime=172800
After you set these parameters, restart Calendar Server for the new values to take effect.
To manually purge entries in the Delete Log database (ics50deletelog.db), use the cspurge utility:
cspurge -e endtime -s starttime
where endtime and starttime specify the ending and starting times in Zulu time (also referred to as GMT or UTC).
To run cspurge, you must be logged in as the user and group under which Calendar Server is running (defaults are icsuser and icsgroup) or as root.
For example, to purge entries from July 1, 2003 through July 31, 2003:
cspurge -e 20030731T235959Z -s 20030701T120000Z
For more information, see cspurge.
The following table lists the Calendar Server utilities that support the delete log database (ics50deletelog.db):
Table 18–2 Utilities that Support the Delete Log Database
Utility |
Description |
---|---|
cspurge |
Allows the manual purge of entries in the Delete Log database. |
csbackup and csrestore |
Supports the backup and restore of the Delete Log database. |
csstats |
Reports Delete Log database statistics. |
csdb |
Supports the rebuild, recover, and check operations on the Delete Log database. |
cscomponents |
Lists (read-only) the number of entries in the Delete Log database. |
For more information, including the syntax for these utilities, see Appendix D, Calendar Server Command-Line Utilities Reference.
This appendix describes how Calendar Server defines and processes time zones, including:
For more information about time-zone properties and parameters, refer to the RFC 2445, Internet Calendaring and Scheduling Core Object Specification (iCalendar):
http://www.ietf.org/rfc/rfc2445.txt
The timezones.ics file contains the representation of the time zones supported by Calendar Server. The file is located in the following directory:
cal_svr_base/SUNWics5/cal/data
At startup, Calendar Server reads the timezones.ics file, generates time-zone data, and then stores the data in memory. Thus, time-zone data is kept in memory while Calendar Server is running. Consequently, if you add a new time zone or modify an existing one, you must stop and restart Calendar Server for the change to take effect.
Time zones in the timezones.ics file are identified by the TZID parameter. For example, Calendar Server identifies the Pacific Standard Time (PST/PDT) zone using the America/Los_Angeles TZID, as shown in Example 19–1. The TZNAME property is an abbreviated representation of the time zone, such as PST (Pacific Standard Time) for the America/Los_Angeles time zone.
Time zones such as America/Los_Angeles that recognize daylight savings time (DST) contain two subcomponents: STANDARD for standard time and DAYLIGHT for DST. The X-NSCP-TZCROSS list contains a series of dates that indicate when the time zone changes to and from DST (DAYLIGHT) and standard (STANDARD) time.
The RRULE property defines the pattern of the STANDARD and DAYLIGHT rules. The TZOFFSETFROM and TZOFFSETTO properties define the offset from GMT before and after the DST to standard or standard to DST change occurs. The Communications Express user interface uses the dates in X-NSCP-TZCROSS to determine when to display a change in the time zone.
A WCAP command that includes the time zone ID (tzid) parameter should refer to a valid time zone defined in the timezones.ics file. Calendar Server then returns data using that time zone. If a WCAP command specifies an unrecognized time zone, Calendar Server returns data in the GMT time zone by default. For more information about WCAP, refer to theSun Java System Calendar Server 6 2005Q4 Developer’s Guide.
The following example shows the America/Los_Angeles time-zone representation in the timezones.ics file.
BEGIN:VTIMEZONE TZID:America/Los_Angeles BEGIN:STANDARD DTSTART:19671025T020000 RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10 TZOFFSETFROM:-0700 TZOFFSETTO:-0800 TZNAME:PST END:STANDARD BEGIN:DAYLIGHT DTSTART:19870405T020000 RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4 TZOFFSETFROM:-0800 TZOFFSETTO:-0700 TZNAME:PDT END:DAYLIGHT X-NSCP-TZCROSS: 19880403T100000Z;19881030T090000Z;19890402T100000Z;19891029T090000Z; 19900401T100000Z;19901028T090000Z;19910407T100000Z;19911027T090000Z; 19920405T100000Z;19921025T090000Z;19930404T100000Z;19931031T090000Z; 19940403T100000Z;19941030T090000Z;19950402T100000Z;19951029T090000Z; 19960407T100000Z;19961027T090000Z;19970406T100000Z;19971026T090000Z; 19980405T100000Z;19981025T090000Z;19990404T100000Z;19991031T090000Z; 20000402T100000Z;20001029T090000Z;20010401T100000Z;20011028T090000Z; 20020407T100000Z;20021027T090000Z;20030406T100000Z;20031026T090000Z; 20040404T100000Z;20041031T090000Z;20050403T100000Z;20051030T090000Z; 20060402T100000Z;20061029T090000Z;20070401T100000Z;20071028T090000Z; 20080406T100000Z;20081026T090000Z;20090405T100000Z;20091025T090000Z; 20100404T100000Z;20101031T090000Z;20110403T100000Z;20111030T090000Z; 20120401T100000Z;20121028T090000Z;20130407T100000Z;20131027T090000Z; 20140406T100000Z;20141026T090000Z;20150405T100000Z;20151025T090000Z; 20160403T100000Z;20161030T090000Z;20170402T100000Z;20171029T090000Z; 20180401T100000Z;20181028T090000Z;20190407T100000Z;20191027T090000Z; 20200405T100000Z;20201025T090000Z;20210404T100000Z;20211031T090000Z; 20220403T100000Z;20221030T090000Z;20230402T100000Z;20231029T090000Z; 20240407T100000Z;20241027T090000Z;20250406T100000Z;20251026T090000Z; 20260405T100000Z;20261025T090000Z;20270404T100000Z;20271031T090000Z; 20280402T100000Z;20281029T090000Z;20290401T100000Z;20291028T090000Z; 20300407T100000Z;20301027T090000Z;20310406T100000Z;20311026T090000Z; 20320404T100000Z;20321031T090000Z;20330403T100000Z;20331030T090000Z; 20340402T100000Z;20341029T090000Z;20350401T100000Z;20351028T090000Z; 20360406T100000Z;20361026T090000Z;20370405T100000Z;20371025T090000Z; 20360406T120000Z;20361026T110000Z;20370405T120000Z;20371025T110000Z END:VTIMEZONE |
This section describes these topics:
This section describes how to add a new time zone to Calendar Server, so that it is available in the Communications Express user interface. For example, you might want to add a new time zone for America/Miami.
The simplest way to add a new time zone is to copy and edit time-zone entries that are similar to the time zone you want to add in each of the files described in the following steps. For example, if you want to add a time zone for America/Miami, copy and edit the time-zone entries in each file for America/New_York.
Add a time-zone block for the new time zone in the following file:
cal_svr_base/SUNWics5/cal/data/timezones.ics |
Again, the simplest way to add a new time-zone block is to copy an existing block that is similar, including any daylight savings time (DST) offsets, to the time zone you want to add. Then, edit the new time-zone block, making any changes for the new time zone. If your new time zone has Daylight Savings Time (DST), try to find a similar
Modify the getDisplayNameofTZID template in the following file:
cal_svr_base/SUNWics5/cal/html/language/i18n.xsl file |
where language specifies the directory for the language your site is using. For example: en for English, or fr for French.
Add the new entry in the i18n.xsl file as:
<xsl:when test="$tzid=’TimeZoneArea/ TimeZoneName’"TimeZoneArea/ TimeZoneName</xsl:when\> |
where:
TimeZoneArea is one of the geographic divisions: Africa, America, Asia, Atlantic, Australia, Europe, or Pacific.
TimeZoneName is the name of your new time zone.
For example:
<xsl:when test="$tzid='America/Miami'"\>America/Miami</xsl:when\> |
Modify the following XML files:
cal_svr_base/SUNWics5/cal/html/change_timezone.xml cal_svr_base/SUNWics5/cal/html/new_cal.xml cal_svr_base/SUNWics5/cal/html/new_group.xml |
In each of these files, add the following line:
<timezone type="TimeZoneType" tzid="TimeZoneArea/TimeZoneName" offset="offset"> |
where:
TimeZoneType is "americas","europeAfrica", or "asiaPacific".
TimeZoneArea and TimeZoneName are defined in Adding a New Time Zone.
offset is the number of hours that your new time zone is ahead (+) or behind (-) GMT. For example, if your new time zone is four hours behind GMT, the offset would be "-04:00".
For example:
<timezone type="americas" tzid="America/Miami" offset="-05:00" daylightOffset="-04:00"> |
If you want the new time zone to be the default time zone for user preferences, modify the timezone entry in the following file:
cal_svr_base/SUNWics5/cal/html/default_user_prefs.xml |
Stop (if necessary) and then restart Calendar Server for your new time zone to take effect.
This section describes how to modify an existing time zone. For example, you might want to change the name of a time zone, such as “America/Phoenix” to “US/Arizona”.
Modify the time-zone block for the time zone you want to change in the following file:
cal_svr_base/SUNWics5/cal/data/timezones.ics |
If you are changing a time-zone name, change the TZID entry to the new name.
Modify the getDisplayNameofTZID template in the following file:
cal_svr_base/SUNWics5/cal/html/language/i18n.xsl file |
where: language specifies the directory for the language your site is using. For example: en for English or fr for French.
If you are changing the name, change the existing time-zone name to the new name.
Modify the following XML files for changes to the time zone:
cal_svr_base/SUNWics5/cal/html/change_timezone.xml cal_svr_base/SUNWics5/cal/html/new_cal.xml cal_svr_base/SUNWics5/cal/html/new_group.xml |
For information about the entries in these files, see Adding a New Time Zone.
If the change affects the default time zone for user preferences, modify the “icsTimeZone” entry in the following file:
cal_svr_base/SUNWics5/cal/html/default_user_prefs.xml |
Stop (if necessary) and then restart Calendar Server for your time-zone changes to take effect.
Calendar Server is integrated with Sun Java System Instant Messaging 6.0 (or later) to provide automatic pop-up reminders for both calendar events and tasks.
This chapter describes:
This section contains the following topics:
Users can receive Instant Messenger pop-up reminders for upcoming events and tasks on their calendars. To enable these pop-up reminders, two things must happen:
The administrator must configure Calendar Server and Instant Messaging Server to allow pop-up notifications.
The end user must specify email reminders in the Options tab of Communications Express, which sets an alarm in the Event Notification System.
The end user must enable calendar reminders in Instant Messenger.
With pop-ups enabled, when an impending event or task nears, the alarm set in the Event Notification System causes Calendar Server to send an email notification and Instant Messaging to display a pop-up reminder.
A Calendar Server administrator can choose to configure either email notifications or pop-up reminders or both for end users. For example, to turn email reminders off, set the following parameter in the ics.conf file:
caldb.serveralarms.binary.enable= "no"
If configured, Instant Messaging pop-up reminders follow this architectural flow:
The Instant Messaging JMS subscriber subscribes to Calendar Server events and notifications in the Event Notification Service (ENS).
Calendar Server publishes an event or task notification in text/xml or text/calendar format to ENS.
The Instant Messaging JMS subscriber receives the calendar event or task notification and then generates a message in text/calendar format.
The Instant Messaging server sends the message to the calendar owner, if the end user is online.
If the recipient is available, Instant Messenger generates an HTML pop-up reminder on the end user’s desktop based on the message.
This section includes the following configuration instructions:
The high level list of tasks necessary to configure Instant Messaging for Pop-ups that follows is for your convenience. To configure Instant Messaging, refer to the Instant Messaging documentation available at:
http://docs.sun.com/coll/1309.2
Install the new package SUNWiimag.
Before you can use Instant Messaging for Pop-ups, the Instant Messaging package must be installed using the Java Enterprise System installer.
On the machine where Instant Messaging is installed, change to the following directory:
cd /etc/opt/SUNWiim/default/config
Edit one or more of the parameters in the iim.conf file as shown in the following table.
The parameter values shown assume you want pop-up reminders for both events and tasks. If these parameters do not already exist in your iim.conf file, add them.
Change to the directory where the imadmin command-line utility is located:
cd /opt/SUNWiim/sbin
Start the Calendar agent using imadmin:
imadmin start agent-calendar
The Calendar agent is an Instant Messaging component that provides pop-up functionality to Calendar Server users. Using tools provided with Instant Messaging, you can start, stop, restart, or check the status of the Calendar agent as well as monitor its activity through log files.
If you have scripts that include the stop, start and refresh commands, add the calendar agent to them.
For more information about imadmin and the Calendar agent, see the Sun Java System Instant Messaging 7 2005Q1 Administration Guide.
Confirm that the ics.conf parameters shown in the following table have the values shown. If they do not, or you wish to customize them, perform the following steps:
Log in as an administrator with permission to change the configuration.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Edit the ics.conf parameters as shown in the following table:
Parameter |
Description and Default Value |
---|---|
caldb.serveralarms |
Enables calendar alarms to be queued. The default is “yes” (enabled). |
caldb.serveralarms.contenttype |
Output format for alarm content. The default is "text/xml". |
caldb.serveralarms.dispatch |
Enables calendar alarms to be dispatched. The default is “yes”. |
caldb.serveralarms.dispatchtype |
The type of server alarm to dispatch. The default is "ens". |
caldb.serveralarms.url |
This is the URL for alarm retrieving alarm contents. The default is "enp:///ics/customalarm". |
Save the file as ics.conf.
Restart Calendar Server.
cal_svr_base/SUNWics5/cal/sbin/start-cal
To receive pop-up reminders for Calendar Server events and tasks, end users must configure their Instant Messenger as follows:
On the Main window, from the Tools menu, select Settings.
On the Settings window, click the Alerts tab.
Check the Show Calendar Reminders option.
Click OK.
To improve the performance of Calendar Server, consider the following options:
To improve performance when Calendar Server accesses the LDAP directory server, add indexes to the LDAP configuration file for the following attributes.
This attribute is used to search for the default calendar for a calendar user or resource. Specify presence (pres), equality (eq), and substring (sub) index types.
This attribute is used to search for other calendars owned by the user. Specify presence (pres), equality (eq), and substring (sub) index types. See also Improving Calendar Search Performance in a DWP Environment.
These attributes specify a user’s primary and alternate email addresses. See also Creating Users and Resources and Calendar Server Utilities (csuser enable).
For information about adding directory server indexes, refer to Directory Server documentation found at:
http://docs.sun.com/coll/1316.1
When you are in a DWP environment, that is, the calendar database is distributed across multiple back-end servers, searching for a calendar in the calendar database can be time consuming. It can be faster to look in the LDAP entry first and find out directly which DWP host the calendar resides on.
This section contains the following topics:
To enable calendar searches to look at the LDAP directory first, and the calendar database second, perform the following steps:
Edit the service.calendarsearch.ldap parameter in the ics.conf file, setting the parameter to “yes”, which is the default, as shown below:
service.calendarsearch.ldap="yes"
Restart Calendar Services as follows:
start-cal
If you are allowing anonymous access to public calendars, you might prefer to disable calendar searches from looking at LDAP. In fact, Communications Express expects the parameter value to be “no”.
To determine if the calendar search performance can be improved by indexing, try the following LDAP command:
ldapsearch -b "base" "(&(icscalendarowned=*user*) (objectclass=icsCalendarUser))" |
where base is the LDAP base DN of the directory server where the user and resource data for Calendar Server is located, and user is the value that an end user can enter in a search dialog in .
Tests have shown that with 60,000 entries, the above search took about 50-55 seconds without indexing icsCalendarOwned. After indexing, the above search took only about 1-2 seconds.
Index appropriate LDAP attributes, or at least, icsCalendarOwned, by running comm_dssetup.pl.
The comm_dssetup.pl, indexes this attribute and many others to improve performance in various ways. If you have not run comm_dssetup.pl, or ran it but did not perform the indexing, you can run the utility again to do the indexing, or you can use Directory Server tools to perform the indexing.
For information on how comm_dssetup.pl does indexing, see Attribute Indexes.
For information about adding directory server indexes, refer to Directory Server documentation found at:
By default, wildcard searches are disabled in Calendar Server. That is, when you search for a calendar using the graphical user interface, or when you issue search_calprops.wcap in your custom interface, it searches for an exact match to the search string passed in with the WCAP command.
If you have enabled wildcard searches by uncommenting the following line in the ics.conf file (by removing the exclamation point (“!”) at the beginning), you may be experiencing a negative impact on performance.
!service.calendarsearch.ldap.primaryownersearchfilter = "(&(|(uid=*%s*)(cn=*%s*))(objectclass=icsCalendarUser))"
To test the impact of wildcard searches on performance, comment out the line again by inserting the exclamation point (“!”) in front of it.
Before the system accesses a calendar from the calendar database, it must determine which back-end machine stores that user’s calendars. To find the appropriate back-end machine, the system searches the LDAP directory for the user’s entry and picks up the icsDWPHost attribute. This search is time consuming, and it must be performed for every access to the calendar data. Every user session can result in many accesses of the database and thus many searches of the LDAP. To save time and enhance performance, enable the CLD cache by editing the ics.conf file as follows:
caldb.cld.cache.enable="yes"
The LDAP data cache stores the user ID and its associated icsDWPHost attribute. Before searching the LDAP for a user’s entry, the system checks the cache for the user’s ID. If it is in the cache, it picks up the back-end host name from the icsDWPHost attribute stored there. If it is not in the cache, the system performs the LDAP search and copies the user ID and attribute into the CLD cache. Subsequently, accesses to the user’s calendar data will be faster, since it will now find the user ID in the cache.
With the LDAP data cache enabled, you can tune it using the ics.conf parameters, adjust one or more of the parameters found in the following table:
The LDAP data cache is enabled by default. You can disable it by setting: local.ldap.cache.enable="no"
Parameter |
Description/Value |
---|---|
local.ldap.cache .checkpointinterval |
The number of seconds for the checkpoint thread to sleep between checkpoints. The default is “60”. In a high activity LDAP, you might want to decrease the interval to keep the cache as current as possible. At the same time, remember that the more often you refresh the cache, the more system overhead you introduce. |
local.ldap.cache. circularlogging |
Specifies whether to remove the LDAP data cache database log files after they have been processed. The default is “yes”. Do not change this parameter unless you have a custom clean up routine that will remove the old log files. |
local.ldap.cache. logfilesizemb |
Specifies the maximum size in megabytes of checkpoint file. The default is "10” megabytes. If you have a high activity LDAP, this file could fill up before the checkpoint interval is over. Try to set the value to a number that is close to the actual size of the logs according to your experience |
local.ldap.cache. maxthreads |
Specifies the maximum number of threads for the LDAP data cache database. The default is “1000”. In a high activity LDAP, you might want to increase the number of threads. This could cause increased CPU utilization. Decrease the number of threads only if your LDAP activity is minimal. |
local.ldap.cache. mempoolsizemb |
Specifies the number of megabytes of shared memory. The default is “4” megabytes. |
local.ldap.cache. entryttl |
Specifies the “time to live” (TTL) in seconds for an LDAP data cache entry. The default is “3600” seconds (1 hour). If your cache is filling up too fast (high activity), you can decrease the TTL time. However, this could increase the overall number of LDAP database accesses, which could slow the system down overall. |
local.ldap.cache. cleanup.interval |
Specifies the interval in seconds between each cache database cleanup. The default is “1800” seconds (30 minutes). The system removes expired entries. The time interval does not have to be the same as the entry TTL time. But synchronizing them can make it more efficient. |
local.ldap.cache. stat.enable |
Specifies whether or not to log the access to the LDAP data cache and to print statistics in the log file. The default is “no”. For performance enhancement, use this only in debug mode. |
local.ldap.cache. stat.interval |
Specifies the interval in seconds when each statistics report is written to the log file. The default is “1800” seconds (30 minutes). This is only active if local.ldap.cache.stat.enable is enabled. Decreasing the interval can help you pinpoint problems. Increasing the interval helps decrease system load. |
Communications Express expects data caching to be disabled.
There are a couple of parameters that control how long an item stays in the cache, and how large the cache can be.
To tune the cache, edit one or more of the parameters as shown in the following table:
Table 21–2 ics.conf Parameters for Configuring the LDAP SDK Cache
Parameter |
Description and Default Value |
---|---|
This is not currently implemented. You must manually remove the contents of the ldap_cache directory and then restart Calendar Server. If service.ldapmemcache is "yes", this parameter is used to set the maximum number of seconds that an item can be cached. If “0”, there is no limit to the amount of time that an item can be cached. The default is “30”. |
|
If service.ldapmemcache is "yes", this parameter is used to set the maximum amount of memory in bytes that the cache will consume. If “0”, the cache has no size limit. The default is “131072”. |
You must balance the number of backups you keep on disk with the need to not exceed available disk space. To help manage the amount of disk space your archival and hot backups take, you can change the settings of various ics.conf parameters that determine how many copies of the backups you keep at one time and where the disk space threshold is that will trigger clean up of the older copies.
There are three types of parameters that can be adjusted for the each backup type, archival and hot backup:
mindays – The minimum number of days worth of backups held on disk.
maxdays – The maximum number of days worth of backups held on disk.
threshold – The percentage of disk space used. This is used as a trigger point.
Calendar Server keeps backups for the maximum number of days possible without going over the threshold on disk space. So if the current backup is going to push the disk usage above the threshold, the system will purge the oldest backup copy and see if disk space usage goes below the threshold. It will continue to purge old backup copies until either of the following conditions is met: removing another backup copy would bring the number of backups on disk below the minimum number of backup copies, or the disk space usage falls below the threshold.
Therefore, you can manage the amount of disk space backups use with the threshold parameter. And conversely, you can manage how many backups you keep on disk by adjusting the amount of disk space and copies allowed.
The following table lists the ics.conf parameters that control the disk space and number of backups kept on disk:
Table 21–3 ics.conf Parameters Used to Set Number of Backups Held on Disk
ics.conf Parameter |
Default Setting |
Description |
---|---|---|
caldb.berkeleydb.hotbackup.mindays |
3 |
Minimum number of days of hot backups held on disk. |
caldb.berkeleydb.hotbackup.maxdays |
6 |
Maximum number of days of hot backups held on disk. |
caldb.berkeleydb.hotbackup.threshold |
70 |
Percent of disk space used for hot backups. Triggers purge of oldest copies when exceeded. |
caldb.berkeleydb.archive.mindays |
3 |
Minimum number of days of archival backups held on disk. |
caldb.berkeleydb.archive.maxdays |
6 |
Maximum number of days of archival backups held on disk. |
caldb.berkeleydb.archive.threshold |
70 |
Percent of disk space used for archival backups. Triggers purge of oldest copies when exceeded. |
If a server has multiple CPU's, by default Calendar Server distributes the HTTP Service (cshttpd processes) and Distributed Database Service (csdwpd processes) across the CPU's.
The service.http.numprocesses and service.dwp.numprocesses parameters determine the actual number of processes that run for each service. By default, these parameters are set to the number of CPU's for the server during installation, but you can reset these values. For example, if a server has 8 CPU's, but you want a cshttpd and csdwpd process to run in only 4 CPU's, set the parameters as:
service.http.numprocesses="4" service.dwp.numprocesses="4"
To disable load balancing, add the service.loadbalancing parameter to the ics.conf file and set it to “no”. Then restart Calendar Server for the change to take effect.
Calendar Server performance can be adjusted using timeout values for various ics.conf parameters.
The following types of timeouts exist:
For information about editing ics.conf parameters, see Editing the ics.conf Configuration File.
The following table describes the Calendar Server timeout parameters in the ics.conf file used by the Administration (csadmin) service.
Table 21–4 HTTP Timeout Values for the Administration Service (csadmin)
Parameter |
Description |
---|---|
service.admin.idletimeout |
Specifies the number of seconds the csadmind service waits before timing out an idle HTTP connection. The default is 120 seconds (2 minutes). |
service.admin.resourcetimeout |
Specifies the number of seconds the csadmind service waits before timing out an HTTP session for a resource calendar. The default is 900 seconds (15 minutes). |
service.admin.sessiontimeout |
Specifies the number of seconds the csadmind service waits before timing out an HTTP session. The default is 1800 seconds (30 minutes). |
The following table describes the Calendar Server HTTP timeout parameters in the ics.conf file that apply to end users.
Table 21–5 HTTP Timeout Values in ics.conf for End Users (cshttpd Service)
Parameter |
Description |
---|---|
service.http.idletimeout |
Specifies the number of seconds the cshttpd service waits before timing out an idle HTTP connection. The default is "120" seconds (2 minutes). |
service.http.resourcetimeout |
Specifies the number of seconds the cshttpd service waits before timing out an HTTP session for a resource calendar. The default is "900" seconds (15 minutes). |
service.http.sessiontimeout |
Specifies the number of seconds the cshttpd service waits before timing out an HTTP session. The default is "1800" seconds (30 minutes). |
The following ics.conf file parameter specifies the time in seconds to wait before Calendar Server scans the Group Scheduling Engine (GSE) queue for incoming jobs:
gse.belowthresholdtimeout="3"
If there are more jobs in the queue than the maximum threads allocated, the last thread always scans the queue again. Therefore, this setting only takes effect when the number of jobs is below the maximum threads allocated.
The default is "3". Increasing this number reduces the frequency the server scans the queue and can improve overall performance. However, if the queue is getting too large because of an increased volume of events, the time can be decreased to allow the queue to be processed faster. This may serve to slow down overall performance, but events will be updated sooner.
This chapter covers some of the troubleshooting techniques you can use to determine if there is a problem with your system and what is causing it. The chapter contains the following topics:
Troubleshooting Calendar Server
While there is no one ics.conf parameter that puts the whole system in “debug mode”, this section describes some ways to get useful debug information:
Be sure to turn off excess logging and monitoring when not needed as it will negatively impact performance.
Use the parameter shown in the following table to increase the verbosity of logging:
Parameter |
Description and Default Value |
---|---|
logfile.loglevel |
Set to DEBUG to get all levels logged, including CRITICAL, ALERT, ERROR, WARNING, NOTICE, and INFORMATION. This applies to all logs. |
For more information about the different logs available, see Using Calendar Server Log Files.
To log all accesses of the LDAP data cache and print out the log (report) set the ics.conf parameters shown in the following table:
Parameter |
Description and Default Value |
---|---|
local.ldap.cache.stat.enable |
Specifies whether or not to log the access to the LDAP data cache and to print statistics in the log file. The default is “no” (no statistics logged). Set to “yes” to enable logging of statistics. For performance enhancement, use this only in debug mode. |
local.ldap.cache.stat.interval |
Specifies the interval in seconds when each statistics report is written to the log file. The default is “1800” seconds (30 minutes). This is only active if logging is enabled. Decreasing the interval can help you pinpoint problems. Increasing the interval helps decrease system load. |
There is currently no logic in Calendar Server to expire LDAP cache data. You must manually remove the contents of the ldap_cache directory and restart Calendar Server.
Stop Calendar Server.
Remove all files in the /var/opt/SUNWics5/csdb/ldap_cache directory, but do not remove the ldap_cache directory itself.
Restart Calendar Server.
Use the following Calendar Server utilities to monitor your system:
csmonitor – Specify the debug level you need. The higher the number, the more verbose the messages.
csstats – Use the list command to display statistical information from counter objects defined in the counter.conf file.
cstool – Use this utility to ping the following services: cshttpd, csadmind, and enpd.
For more information on the Calendar Server utilities, see Appendix D, Calendar Server Command-Line Utilities Reference.
If you are creating a hosted environment for the first time, you must create the DC tree in LDAP by adding the appropriate entries for domains, containers, users, and resources. If the DC tree does not already exist when using a Calendar Server utility, such as cscal, you might see the following error message: "Initialization failed .... exiting".
Be sure that your DC tree contains at least one (default) domain under the DC tree root. Create the DC tree structure using instructions found in Creating New Hosted Domains.
Calendar Server offers several utilities for migrating calendar databases and LDAP directories. This section contains the following topics:
In general, if you have trouble using the migration utilities, you should contact technical support, having already gathered the following information:
Back-up copies of the databases in question.
Copies of all the pertinent logs.
Any error output messages, including cores.
The various migration utilities and their documentation can be found at the locations indicated in the list that follows:
This utility is bundled with Delegated Administrator, which is a separately installable component. It migrates your LDAP directory from Schema 1 to Schema 2. For information about this utility, see theSun Java System Communications Services 6 2005Q4 Schema Migration Guide.
Technical support offers a migration bundle that includes the utility and the documentation for it.
This utility is installed with Calendar Server. Documentation can be found in Chapter 4, Database Migration Utilities, which includes a troubleshooting section. Running this utility is necessary if you are using hosted domains and the LDAP Calendar Lookup Database (CLD) plug-in.
This utility is installed with Calendar Server. Documentation can be found in Chapter 4, Database Migration Utilities. Use this utility to prepares your calendar database and LDAP directory entries for hosted domains.
This utility is installed with Calendar Server. Documentation can be found in Chapter 4, Database Migration Utilities. Use this utility to migrate your Calendar Server 2 databases to be compatible with Calendar Server 5.
This utility is available only from technical support. The utility package includes documentation. This utility migrates Netscape Calendar Server 4 to Calendar Server 5. These migrations tend to require special attention because of the lack of uniformity in the source database. It is not unusual for a lot of manual This utility is available only from technical support. The utility package includes documentation. This utility migrates Netscape Calendar Server 4 to Calendar Server 5. These migrations tend to require special attention. It is not unusual for a lot of work on the source file to be necessary before the utility can be run. You might consider using Professional Services to help you plan your migration.
This section covers various troubleshooting ideas for non-database problems. The following topics are covered in this section:
In addition, there is a trouble shooting section for SSL in the SSL chapter:
To verify that a service is listening on a specified port number, use the cstool utility ping command. Pinging a service does not verify that a service is actually running but indicates if it can accept a socket connection.
The Calendar Server service options are:
HTTP Service (cshttpd)
Administration Service (csadmind)
Event Notification Service (enpd)
You cannot ping the DWP service (csdwpd), or Notification Service (csnotifyd).
For example, to ping the machine with the host name calserver to see if the cshttpd service is listening on port 80:
cstool -p 80 -h calserver ping http
By default, cstool waits 120 seconds for a response; however, you can change by value by using the -t timeout option.
For the complete utility reference material, refer to Appendix D, Calendar Server Command-Line Utilities Reference.
To run cstool, Calendar Server must be running.
If not all of the calendar services started when you issued start-cal, the ones that did start must be stopped before restarting. For example, if enpd, csnotifyd, and csadmind started, but not cshttpd, then enpd, csnotifyd, and csadmind must be stopped.
To start calendar services:
Log in as a user who has administrative rights to the system where Calendar Server is running.
Use start-cal to stop and then restart services. For example:
cal_svr_base/SUNWics5/cal/sbin/start-cal
start-cal issues a stop-cal command first before starting the various calendar services.
If stop-cal fails to stop, there might be some child processes that failed to stop. To handle this, see Fixing stop-cal Problems.
There are two separate issues to consider when Calendar Server shuts down:
After issuing stop-cal, it is possible that some child processes were not stopped. For example, stop-cal might stop the cshttpd parent process but not any cshttpd child processes. In this situation, you must stop the remaining Calendar Server processes individually, using the following procedure:
Log in as a user who has administrative rights to the system where Calendar Server is running.
Determine the process ID (PID) of the remaining Calendar Server processes by entering a ps command for each service:
ps -elf | grep cs-process |
where cs-process is enpd, csnotifyd, csdwpd, csadmind, or cshttpd. For example:
ps -elf | grep cshttpd |
Using the PID of each process that is still running, enter a kill -15 command to kill the process. For example: kill -15 9875
Enter each ps command again to make sure that all Calendar Server processes are stopped.
If a Calendar Server process is still running, enter a kill -9 command to kill it. For example: kill -9 9875 |
On Linux systems with Calendar Server running, if you search for calendar processes using the ps command, the results might appear confusing. In Linux, the ps command returns the list of threads running rather than the list of processes. There is no known workaround to display only the processes.
If Calendar Server was not properly shutdown, perform the following steps:
Perform the steps in the previous procedure, Fixing stop-cal Problems.
Manually delete all files in the LDAP data cache database directory.
These left over files could cause database corruptions. To delete the files:
Change to the LDAP data cache directory.
The default is /opt/SUNWics5/csdb/ldap_cache, but use the directory pointed to by the local.ldap.cache.homedir.path parameter in the ics.conf file.
Remove all files in the directory.
For example: rm *.*
Check to make sure all files were removed.
For example: ls
Restart Calendar Server.
cal_svr_base/SUNWics5/cal/sbin/start-cal
For instructions on how to configure LDAP data caching, see Configuring Calendar Server for LDAP. For more information about the LDAP data cache, see theSun Java System Communications Services 6 2005Q4 Deployment Planning Guide.
Ping the back-end server to see if it is responding.
If it is responding, go to step 3. If it is not responding, determine why it is failing, and when it is functioning again, proceed to
Clear the CLD cache. See Clearing the CLD Cache.
If you are using the CLD cache option and you have updated a server name for an ics.conf parameter, you should clear the CLD cache to remove the server names. An out-of-date entry in the CLD cache can prevent a front-end server from establishing a connection to the correct back-end server or cause Calendar Server not to find a calendar after it have been moved.
Restart Calendar Server.
If you are using the CLD cache option and you have moved one or more calendars to different back-end servers (or changed the name of the back-end server), perform the following steps:
Be sure that you followed the procedure for moving calendars found at:
Clear the CLD cache. See Clearing the CLD Cache.
The CLD cache will be out of date if you moved one or more calendars to different back-end servers. To refresh it, you need to clear the cache so it will be rebuilt.
Verify that service.http.allowadminproxy is set to “yes”.
Verify that the admin-user has Calendar Server administrator privileges.
Verify that the admin-password is correct.
Verify that the calendar-user is a valid Calendar Server user.
The nsslapd-sizelimit and nsLookthroughLimit attributes in your LDAP directory server configuration must be large enough so that searches complete properly. If nsSizeLimit is not large enough, truncation can occur and no results will be displayed. If nsLookthroughLimit is not large enough the search may not complete.
This section covers the following topics:
To determine if these attributes are set to appropriate values, try the following command:
ldapsearch -b "base" "(&(icscalendarowned=*user*)(objectclass=icsCalendarUser))"
where base is the LDAP base DN of the directory server where the user and resource data for Calendar Server is located, and user is the value that an end user can enter in the search dialog in the user interface.
If the LDAP server returns an error, the nsSizeLimit or the nsLookthroughLimit parameters might not be large enough.
The DN for these attributes is:
dn: cn=config,cn=ldbm databases,cn=plug ins,cn=config
Use ldapmodify to dynamically set the value of nsLookthroughLimit.
You do not have to stop and restart Directory Server to change this attribute.
The default value is 5000. You might want to increase this value if searches are not reporting results. However, this could slow down the LDAP server.
It is possible to set the limit to -1, which causes no limit to be used. However, do this with caution as it could conceivably cause the system to hang.
If you want to set nsslapd-sizelimit to a higher value, you must perform the following steps:
Stop the Directory Server.
Edit the dse.ldif file.
Restart the Directory Server.
For information on how to use ldapmodify and edit the dse.ldif file, see Directory Server documentation found at:
http://docs.sun.com/coll/1316.1
The start-cal command launches the csstored process by default, even if it is unconfigured. An unconfigured csstored process will emit a message stating it is unconfigured, every 24 hours, on every machine where csstored is running.
Disable the message by preventing csstored from running unconfigured. To disable the csstored process from running, set the following ics.conf parameter as shown for each machine where the message is being generated:
service.store.enable=”no”
Be careful not to disable the process on the machines where you have csstored configured to make automatic backups.
This section covers various issues involving the calendar server databases:
Preventing Service Interruptions When Your Database is Corrupted (Read-only Mode)
Using the Dump and Load Procedure to Recover a Calendar Database
Many of the troubleshooting steps you will want to take require having access to the Berkeley database utility programs. While a version of these utility programs is available in the Calendar Server bundle, they are not supported. You might want to obtain more information directly from Sleepycat Software (http://www.sleepycat.com.
This section covers the following topics:
Set and export the LD_LIBRARY_PATH environment variable to reflect the following directory:
cal_svr_base/SUNWics5/cal/tools/unsupported/bin/
The following table lists some of the commonly used Berkeley database tools (utility programs).
Berkeley Database Tools |
Description |
---|---|
db_archive |
Writes the path names of log files that are no longer in use to the standard output, one pathname per line. |
db_checkpoint |
A daemon process that monitors the database log and periodically calls the checkpoint routine to checkpoint it. |
db_deadlock |
Traverses the database environment lock region and aborts a lock request each time it detects a deadlock or a lock request that has timed out. |
db_dump |
Writes the specified file to standard output in a flat-text format understood by the db_load utility. |
db_load |
Reads from the standard input and loads it into the database file specified. If the file does not already exist it creates it. |
db_printlog |
Debugging utility that dumps log files in human-readable format. |
db_recover |
Restores the database to a consistent state after an unexpected application, database, or system failure. |
db_stat |
Displays statistics for the database environment. |
db_verify |
Verifies the structure of one or more files and the databases they contain. |
If the Berkeley database is in a deadlock state, you must reset the database. It is important to detect this condition as early as possible.
To enable the system to periodically check the databases to detect a deadlock state and inform the Administrator:
Log in as an administrator with permission to change the configuration.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Edit the ics.conf, if necessary, to have the following value:
local.caldb.deadlock.autodetect=”yes”
When this parameter is set to “yes”, the db_deadlock daemon is launched that will monitor the lock region.
Calendar database corruption can be caused by various reasons: system resource contention, hardware failures, application errors, database failures, and of course human error. This section describes how to detect calendar database corruption:
No one can guarantee corruption free databases. But you can minimize data loss and operational downtime. Closely monitoring the database and calendar server is key to detecting corruption early. Frequent and complete backups are the key to recovering from corruption once it is found.
There are two levels of corruption possible in a calendar database:
Application level–Offending entries in one of more database files prevent the server from running when they are operated upon.
Database level–Corruptions in the Berkeley database pages cause various problems. One common symptom is looping while running csdb check. Another common symptom is an error message like the following:
“illegal page type or format”, or “page 97895 doesn’t exist, create flag not set.”
Monitor the Calendar Server log files, including the alarm logs, for any error messages that might indicate database corruption. For information about the log files, refer to Using Calendar Server Log Files.
You should inspect the log files on a regular basis for ALERT, CRITICAL, ERROR, and WARNING level errors and, if found, examine the events for possible problems with the operation of Calendar Server. The NOTICE and INFORMATION level log events are generated during normal operation of Calendar Server and are provided to help you monitor server activity.
Never remove any transaction log files in the database directory. The transaction log files contain the transaction updates (additions, modifications, or deletions), and removing them can corrupt the calendar database beyond recovery.
When requesting technical support for Calendar Server, you might be asked to provide the log files for help in resolving problems.
Use the csmonitor utility to monitor Calendar Server. It will send an alert email to the administrator if it detects problems, such as more than one transaction log file, or a shortage of disk space for the calendar database. For more information, see csmonitor.
Use the check command to scan for corruptions in the calendar database, including calendar properties (calprops) and events and todos (tasks). If the check command finds an inconsistency that cannot be resolved, it reports the situation in its output.
The check command does not check for corruption in the alarm or group scheduling engine (GSE) databases.
Log in as a user who has administration rights to the system where Calendar Server is installed.
Calendar Server can be either running or stopped; however, if possible, stop Calendar Server.
Make a copy of your calendar database, if you haven’t already done so.
Copy only the database (.db) files. You don’t need to copy any share (__db.*) or log (log.*) files.
Change to the cal_svr_base/SUNWics5/cal/sbin directory.
For example, on Solaris Operating Systems for the default directory, enter:
cd /opt/SUNWics5/cal/sbin |
Run the check command on the copy of your calendar database:
./csdb check dbdir /tmp/check.out |
If you don’t specify dbdir, check uses the database in the current directory.
The check command can generate a lot of information, so consider redirecting all output, including stdout and stderr, to a file (as shown in the example).
When check has finished, review the output file. If your database is corrupted, run the rebuild command.
This sections covers how to keep your corrupted database accessible while you are in recovery mode and includes the following topics:
If you are encountering database corruption, one way to prevent service interruptions is to put your database in read-only mode. This mode allows end users to read database entries, but does not allow additions, modifications, or deletions. If an end user attempts to add, modify or delete any calendar data, the system gives an error message. In addition, administrator tools that add, modify or delete calendar events and todos will not work while the database is in read-only mode.
If the database is corrupted to the point that it can’t be read, you must interrupt service long enough to restore a backup. The quickest way to restore a backup is to have a good hot backup. See Before You Restore.
While it isn’t necessary, you might choose to stop calendar services momentarily to prevent further corruption of the database.
To stop calendar services:
cal_svr_base/SUNWics5/cal/sbin/stop-cal
At a command line, change to the directory where the ics.conf is located:
cd /etc/opt/SUNWics5/config
Specify read-only mode for the calendar database:
caldb.berkeleydb.readonly=”yes”
When you have completed editing the ics.conf file, restart Calendar Server:
cal_svr_base/SUNWics5/cal/sbin/start-cal
You must restart the services in order for the ics.conf changes to take effect.
This section covers a few of the common database failures and includes some suggested remedies. It contains the following topics:
Since csadmind is the service that handles both the group scheduling engine (GSE) and the alarm dispatch engine, this could have been caused by offending entries in the GSE queue or the alarm queue.
Remedies:
If csadmind is not running, issue stop-cal immediately.
Leaving calendar server running could cause transaction logs to accumulate, which could further corrupt the database, and could take much longer to reconcile the transaction log files to the database.
Try restarting csadmind again (issue start-cal again).
If it starts successfully, make sure the two queues are functioning by:
Checking the GSE queue using csschedule.
Checking the alarm queue using dbrig.
For instructions on running csschedule and dbrig, see Appendix D, Calendar Server Command-Line Utilities Reference.
If csadmind crashes with a dump, analyze the pstack.
If you notice any GSE related functions in the trace (they will have the letters GSE in them), look at the first entry in the GSE queue and the referenced entry in the events database. Most of the time, the event referred to in the GSE entry is the offending entry. To fix this problem:
Remove the GSE entry using csschedule.
Remove the offending event from the database using cscomponents.
For instructions on running csschedule and cscomponents, see Appendix D, Calendar Server Command-Line Utilities Reference.
If the entries are not corrupted, then it could be a special case that the calendar server could not handle.
Take the following steps:
Take a calendar environment snapshot of the corrupted database, and contact customer support.
To create an environmental backup:
Use the db_checkpoint utility found at:
cal_svr_base/SUNWics5/cal/tools/unsupported/bin/db_checkpoint
Run db_archive -s.
Use the -s option to identify all the database files and copy them to a removable medium, such as CD, or DVD, or tape.
Run db_archive -l.
Use the -loption to identify all the log files and copy unapplied log files to a removable-medium device.
To avoid service interruptions, place your calendar database into a read-only state temporarily, and revert to a hot backup copy.
Placing your calendar database into a read-only state temporarily prevents any add, modify or delete transactions from taking place. End users will get an error message when they try to add, modify or delete any calendar data. Administrator tools that add, modify or delete calendar events and todos also will not work while the database is in read-only mode.
To put your calendar database in read-only mode, edit the ics.conf file and set the following parameter to “yes”, as shown:
caldb.berkeleydb.readonly=”yes”
Revert to a hot backup copy, using the instructions found in Restoring an Automatic Backup Copy.
With csstored configured and enabled, a hot backup is available that should be within minutes of being up-to-date. You should always verify your hot backup copy to make sure it is not corrupt also. (Run db_verify.)
If all else fails, perform the dump and reload procedure to see if it can salvage the database.
This procedure is described in Using the Dump and Load Procedure to Recover a Calendar Database.
This condition may be caused by a control thread, which holds a Berkeley DB database page lock, quitting without releasing the lock. To confirm the problem, run pstack on cshttpd processes and csadmind. (pstack is a standard UNIX utility found at: /usr/bin/pstack) It should show threads that are waiting to acquire a lock.
To fix the problem, restart Calendar Server, as follows:
Change to the directory where start-cal resides.
cd cal_svr_base/SUNWics5/cal/sbin
Issue the start-cal command.
./start-cal
Database looping is usually caused by corruption in the database files. Since it is a database corruption, it can be unrecoverable. There are several options:
Revert to the hot backup.
If the corruption occurred recently, you can use one of your hot backups.
Use your catastrophe archival recovery process.
For a suggested process, see Restoring an Automatic Backup Copy.
Use the dump and reload procedure, Using the Dump and Load Procedure to Recover a Calendar Database.
This section describes how to use the csdb rebuild command and contains the following topics:
The rebuild command scans a calendar database and checks the calendar properties (calprops) events and todos (tasks) for corruption. If the rebuild command finds an inconsistency, it generates a rebuilt calendar database (.db files) in the cal_svr_base/SUNWics5/cal/sbin/rebuild_db directory.
The rebuild command without the -g option rebuilds all databases except the group scheduling engine (GSE) database. To also rebuild the GSE database, include the -g option.
To determine if the GSE database has any entries, run the csschedule -v list command and then let the GSE finish processing the entries before you run the rebuild command.
Log in as a user who has administration rights to the system where Calendar Server is installed.
Stop Calendar Server.
Make a copy of your calendar databases, placing them into the /tmp/db directory.
Copy the database (.db) files and the log (log.*) files. You don’t need to copy any share (__db.*) files.
Change to the cal_svr_base/SUNWics5/cal/sbin directory.
For example, on Solaris Operating Systems, for the default directory, enter:
cd /opt/SUNWics5/cal/sbin |
If disk space is a problem for the sbin directory, run the rebuild command in a different directory.
Run the rebuild command on the copy of your calendar database:
./csdb rebuild /tmp/db /tmp/ |
If you don’t specify a database path, rebuild uses the current directory. The /tmp/ parameter species the destination directory for the rebuilt database.
To also rebuild the GSE database, include the -g option.
The rebuild command can generate a lot of information, so consider redirecting all output, including stdout and stderr, to a file.
Always rebuild your calendar database using the latest backup copy.
However, if you have experienced a significant loss of data and you have periodically backed up your database and have more than one copy available, rebuild from the latest copy to the oldest one. (The only drawback is that calendar components that were deleted will reappear in the rebuilt database.)
For example, if you have three sets of backup calendar database files in directories db_0601, db_0615, and db_0629, run the rebuild command in the following sequence:
./csdb rebuild db_0629 ./csdb rebuild db_0615 ./csdb rebuild db_0601 |
The rebuild command then writes the rebuilt database to the cal_svr_base/SUNWics5/cal/sbin/rebuild_db directory.
When rebuild has finished, review the output in the rebuild.out file.
If the rebuild was successful, the last line in the rebuild.out file should be:
Calendar database has been rebuilt |
After you have verified that rebuild was successful in the previous step, copy the rebuilt database (.db) files from the rebuild_db directory to your production database.
If you have any share (__db.*) or log (log.*) files from the corrupted database, move them to another directory.
Restart Calendar Server.
The following example shows the command and the output that it generated:
# ./csdb -g rebuild Building calprops based on component information. Please be patient, this may take a while... Scanning events database... 512 events scanned Scanning todos database... 34 todos scanned Scanning events database... 512 events scanned Scanning todos database... 34 todos scanned Scanning deletelog database... 15 deletelog entries scanned Scanning gse database... 21 gse entries scanned Scanning recurring database... 12 recurring entries scanned Successful components db scan Calendar database has been rebuilt Building components based on calprops information. Please be patient, this may take a while... Scanning calprops database to uncover events... 25 calendars scanned Scanning calprops database to uncover todos... 25 calendars scanned Successful calprops db scan Calendar database has been rebuilt |
The preceding sample output shows the events and the todos databases scanned twice each. This is not an error. It scans the first time to verify the information in the calendar properties database and then scans again to make sure calendar properties database is accessible.
This sections contains the following topics:
Use the dump and load procedure to try to recover a corrupted database. The dump and load procedure uses the Berkeley database db_dump and db_load utilities, which Calendar Server includes in the following directory:
cal_svr_base/SUNWics5/cal/tools/unsupported/bin |
The db_dump utility reads a database file and writes the database entries to an output file, using a format that is compatible with the db_load utility.
For documentation about the db_dump and db_load utilities, refer to the Sleepycat Software Web site:
http://www.sleepycat.com/docs/utility/index.html
Your success in recovering a database using the db_dump and db_load utilities depends on the degree of corruption of your database. You might need to try several db_dump options before you successfully recover your database. If your database is severely corrupted, however, recovery might not be possible, and you might need to revert to the last good hot backup or archive backup of your database.
Before you perform the dump and load procedure, your calendar database must be Berkeley DB version 3.2.9, or later. If you have an earlier version, first run the cs5migrate utility to upgrade your calendar database.
For the most up to date version of cs5migrate, call Sun technical support.
Log in as the user and group under which Calendar Server is running, such as icsuser and icsgroup, or as superuser (root).
Stop Calendar Server, if necessary.
Backup your corrupted database using a utility such as csbackup, the Sun StorEdge Enterprise BackupTM software, or Legato Networker®.
For more information refer to Chapter 17, Backing Up and Restoring Calendar Server Data.
Dump each corrupted database file using the db_dump utility.
The database files are ics50calprops.db, ics50journals.db, ics50alarms.db, ics50events.db, ics50todos.db, and ics50gse.db.
Run db_dump using the following options, in order, until your database is recovered (or until you determine that the database can’t be recovered):
No options for minor database corruption.
-r option for moderate database corruption.
-R option for severe database corruption. The -R option dumps more data than the -r option, including partial and deleted records, from the corrupted database.
For example, to run db_dump with the -r option:
db_dump -r ics50events.db \> ics50events.db.txt |
Load the output file into a new database file using the db_load utility.
For example:
db_load new.ics50events.db < ics50events.db.txt |
If db_load reports an odd number of keys or data entries, edit the db_dump output file, and remove the odd key or data entries. Then run db_load again.
Repeat the previous two steps for the other corrupted database files.
That is, run db_dump for the other corrupted database files.
Rebuild the recovered database files using the csdb rebuild command, as described in Rebuilding a Corrupted Calendar Database.
When rebuild has finished, review the output in the output file. If the rebuild was successful, the last line in the rebuild.out file should be:
Calendar database has been rebuilt |
If the csdb rebuild command was not successful, dump your database using the next db_dump option (-r or -R).
If the db_dump -R option does not recover your corrupted database, contact your Sun Microsystems technical support or sales account representative for assistance. In the meantime, you might need to revert to the last good backup of your database.
If you have used the automatic backup feature described in Chapter 10, Configuring Automatic Backups (csstored),, you can use the hot backup copy when your live database is corrupted.
This sections covers how to restore the two different automatic backups:
Before you restore a backup, be sure that you have:
Tried to diagnose which transaction caused the corruption of the live database.
Removed or corrected the corrupting transaction so the new archive will not be corrupted.
Preserved the corrupted database by copying it to another directory or removable media. This is necessary should you need to contact technical support.
Hot backups should be your first choice of backup when your live database is corrupted. To restore a hot backup, follow these steps:
Identify any log files that were unapplied or open for writing in the corrupted live database directory.
Close the log that was open for writing. It contains the most recent transactions.
Create a new (recovery) directory.
Copy the current hot backup copy into the new recovery database directory.
Copy the log.* files from your corrupted live database directory into your new recovery database directory.
If you are keeping an archive copy of the database, copy the logs that had not been applied to the live database into the archive directory, so your archive backup copy will be complete.
Run db_recover with the -c -h options specified against the new recovery database.
For example, if your new recovery directory is called recoverydb, then the command would be as follows:
db_recover -c -h recoverydb
Leave the log.* files in the new recovery directory.
The db_recover program applied the log files to the new recovery databases, but starting with version 42, the Berkeley DB expects them to remain.
Run db_verify against the database files in the new recovery directory.
For instructions, see To Check for Calendar Database Corruption.
Run csdb -v list against the new recovery directory.
If the new recovery directory passed all three preceding recovery steps, replace the old corrupted live database with the new recovery database.
Copy the new live database into your hot backup directory to function as the new snapshot.
All new logs will be applied to this copy until the next regular snapshot is taken.
Start Calendar Server.
If the new recovery directory failed any of the steps, identify an uncorrupted older hot backup as follows:
Working backward through your hot backups, find the most recent copy that is not corrupted by running db_verify and csdb -v list on each in turn.
The first hot backup copy that passes can be restored to your live database directory.
Replace the corrupted live database with the clean hot backup, as described in To Restore a Hot Backup. (Be sure to read Before You Restore first.)
If none of your hot backups work and you do not have archive backups to try, call technical support. If you do have archive backups, follow the procedure that followsTo Restore an Archive Backup. (See also, Before You Restore.)
If you do not have an uncorrupted hot backup, but have archive backups and their transaction logs, you can restore the most current uncorrupted version of the archived database by performing the following steps:
Identify any log files that were unapplied or open for writing in the corrupted live database directory.
Close the log that was open for writing. It contains the most recent transactions.
Create a new (recovery) directory.
Copy the most recent archive copy and its log files into the new recovery database directory.
Copy any unapplied log.* files from your corrupted live database directory into your new recovery database directory.
Run db_recover with the -c -h options specified against the new recovery database.
For example, if your new recovery directory is called recoverydb, then the command would be as follows:
db_recover -c -h recoverydb
Leave the log.* files in the new recovery directory.
The db_recover program applied the log files to the new recovery databases, but starting with version 4.2, Berkeley DB expects the log files to still be there.
Run db_verify against the database files in the new recovery directory.
For instructions, see To Check for Calendar Database Corruption.
Run csdb -v list against the new recovery directory.
If the new recovery directory passed all three preceding recovery steps, replace the old corrupted live database with the new recovery database.
Copy the new live database into your hot backup directory to function as the new snapshot.
Start Calendar Server.
If the new recovery directory failed any of the steps, identify an uncorrupted older archive backup as follows:
Working backward through your archive backup copies, find the most recent copy that is not corrupted by running the three recovery programs against each of them in turn: db_recover -c-h, db_verify and csdb -v list.
The first archive copy that passes can be restored to your live database directory.
Replace the corrupted live database with the clean archive backup, as shown in To Restore an Archive Backup.
If none of your archive backups work, call technical support.
This section includes the following topics:
If you have created a custom backup script using the Berkeley database tools, such as db_recover, you may find that it will no longer work after upgrading to Calendar Server. The reason for this is that the earlier versions of Calendar Server compiled the tools with a static library. The tools are now compiled with a dynamic library, libdb-4.2.so.
To use the new dynamic library with your existing custom scripts, set the following global variable as shown:
LD_LIBRARY_PATH=libdb-4.2.so