test

Sun Java System Messaging Server 6 2005Q4 Administration Guide

ProcedureTo Modify the Messaging Server LDAP User-lookup Settings by Using Console

Steps

  1. From Console, open the Messaging Server whose LDAP connection you want to customize.

  2. Click the Configuration tab.

  3. Select the Services folder in the left pane.

  4. Select the LDAP tab in the right pane. The LDAP form appears.

    The LDAP form displays the configuration settings for both the configuration directory and the user directory. The configuration-directory settings, however, are read-only in this form. See the Administration Server chapter of Sun ONE Server Console 5.2 Server Management Guide if you need to change them.

  5. To change the user-directory connection settings, click the box labeled “Use messaging server specific directory settings”.

  6. Update the LDAP configuration by entering or modifying any of the following information (for explanations of directory concepts, including definitions of terms such as distinguished name, see the Directory Server Administration Guide):

    Host name: The name of the host machine on which the directory containing your installation’s user information resides. This is typically not the same as the Messaging Server host, although for very small installations it might be.

    Port number: The port number on the directory host that Messaging Server must use to access the directory for user lookup. This number is defined by the directory administrator, and may not necessarily be the default port number (389).

    Base DN: The search base—the distinguished name of a directory entry that represents the starting point for user lookups. To speed the lookup process, the search base should be as close as possible in the directory tree to the information being sought. If your installation’s directory tree has a “people” or “users” branch, that is a reasonable starting point.

    Bind DN: The distinguished name that your Messaging Server uses to represent itself when it connects to the directory server for lookups. The bind DN must be the distinguished name of an entry in the user directory itself that has been given search privileges to the user portion of the directory. If the directory allows anonymous search access, you can leave this entry blank.

  7. To change the password used in conjunction with the Bind DN, to authenticate this Messaging Server to the LDAP directory for user lookups, click the Change Bind password button. A Password-Entry window opens, into which you can enter the updated password.

    Your own security policies should determine what password you use in this situation. Initially, the password is set to no password. The password is not used if you have specified anonymous access by leaving the Bind DN field blank.

    This step updates the password stored in server configuration, but does not change the password in the LDAP server. This account is also used for PAB lookups by default. The following two steps need to be performed after the password has been changed.

  8. Modify the password for the user specified in the configuration attribute local.ugldapbinddn. This user account exists in the directory server specified in configuration attribute local.ugldaphost.

  9. If the same account is used for PAB access, specified in the attributes local.service.pab.ldapbinddn and local.service.pab.ldaphost, then the password stored in local.service.pab.ldappasswd must be updated.

    To return to using the default user directory, uncheck the “Use messaging server specific directory settings” box.

    Command Line: You can also set values for the user-directory connection settings at the command line as follows. Be sure to also set the LDAP and PAB password as described in the steps 8 and 9 above.

    To specify whether to use Messaging Server specific directory settings:

    configutil -o local.ugldapuselocal -v [ yes | no ]

    To specify the LDAP host name for user lookup:

    configutil -o local.ugldaphost -v name[:port_number]

    To specify the LDAP port number for user lookup:

    configutil -o local.ugldapport -v number

    To specify the LDAP base DN for user lookup:

    configutil -o local.ugldapbasedn -v basedn

    To specify the LDAP bind DN for user lookup:

    configutil -o local.ugldapbinddn -v binddn