Sun Java System Instant Messaging 7.2 Administration Guide

Searching the Directory Anonymously

Instant Messaging needs to be able to search the directory to function correctly. If your directory is configured to be searchable by anonymous users, Instant Messaging has the capability to search the directory. If the directory is not readable or searchable by anonymous users, you must take additional steps to configure iim.conf with the credentials of a user ID that has at least read access to the directory. These credentials consist of:

ProcedureTo Enable the Server to Conduct Directory Searches as a Specific End User

  1. Identify values for the following parameters in iim.conf:

    • iim_ldap.usergroupbinddn - Specifies the distinguished name (dn) to use to bind to the directory for searches.

    • iim_ldap.usergroupbindcred - Specifies the password to use with the distinguished name (dn).

    For example:

    iim_ldap.usergroupbinddn="cn=iim server,"


    Note –

    You do not have to use administrator-level credentials with write level access, as all that is necessary is read access to the domain tree. Thus, if there is an LDAP user with read level access, use its credentials instead. This is a safer alternative as it does not force you to disseminate the administrator-level credentials.

    See iim.conf File Syntax for instructions on locating and modifying iim.conf.

  2. In a deployment with Sun Java System Access Manager, if the directory is not searchable by anonymous users:

    • Set the iim_ldap.useidentityadmin configuration parameter to true.

    • Also, you can delete or comment out the following configuration parameters:

      • iim_ldap.usergroupbinddn

      • iim_ldap.usergroupbindcred

  3. Edit iim.conf.

    See iim.conf File Syntax for instructions on locating and modifying iim.conf.

    If the iim_ldap.usergroupbinddn and iim_ldap.usergroupbindcred parameters do not appear in iim.conf, you can add them anywhere in the file.