Chapter 4 Customizing Delegated Administrator

After you have installed and configured Delegated Administrator with the configuration program (config-commda), you can customize your configuration to meet your particular needs. This chapter offers examples of how to customize certain Delegated Administrator features.

Configuring the Preferred Mail Host Using the Service-Wide Default

If you want the Preferred Mail Host and Preferred Mail Store to be set using the server-wide default, you can perform the tasks described in this section.

If you need to remove the Preferred Mail Host field from the Console (specifically, from the New Organization Wizard and Organization Properties screens), you can should take the following steps:

Edit the Security.properties file. This step is described in this section.

Enable the MailHostStorePlugin. This step is described in the following section, Adding Plug-ins for Delegated Administrator.

The Security.properties file lets you customize the Delegated Administrator Console for all or for individual roles.

The Security.properties file is located in the directory da_base/da/WEB-INF/classes/com/sun/comm/da/resources

To remove the Preferred Mail Host from the Console, add the lines shown below to the Security.properties file:

# Remove Preferred Mail Host from UI
*.NewOrganizationPage6.PreferredMailHostProperty=INVISIBLE
*.NewOrganizationSummaryPage.PreferredMailHostSummaryProperty=INVISIBLE
*.OrgProperties.MailHostName=INVISIBLE
*.OrgProperties.MailHostNameText=INVISIBLE
*.OrgProperties.MailHostValue=INVISIBLE

CAUTION: You may add lines to this file for your own customization, but do not edit the lines already present. Editing existing lines could result in exceptions being thrown on the Console.

A Security Element Name is of the form:
Role Name.Container View Name.Console Element Name

A Security Element specifies the Console element and role for which the permission is being defined. If you do not know an element name, view the source of a page to match the name on the page to the Console element you are interested in.

The names on the page are fully qualified names. You need to pick up only the last two elements of the name, which form Container View Name.Console Element Name.

“ProviderAdminRole” (SPA) For information about this role, see
Appendix A, “Service Provider Administrator and Service Provider Organizations.”

“OrganizationAdminRole” (OUA)

“Top-levelAdminRole” (TLA)

“*” (applies a permission to all roles unless it is overridden for a specific role)

EDITABLE – indicates that the security element is editable.

NONEDITABLE – indicates that the security element is read-only.

VISIBLE – indicates that the security element is visible and read-only.

INVISIBLE – indicates that the security element is invisible.

Adding Plug-ins for Delegated Administrator

By default, this plug-in is disabled. If no preferredmailhost is supplied when a business organization is created, an exception will be raised. If the plug-in is enabled, values from the flat file (described later in this section) will be used only if the corresponding attribute is absent.

Uses the domain value to return the desired DSN address. The default implementation is to return the string MAILER-DAEMON@<domain>.

Generates a unique id string. The default implementation generates a GUID to return to the caller.

Sets the attribute "volinternallogin" by using the "volmaillogin" attribute value (passed in by the Delegated Administrator console) and the value found in the volinternalloginpluginfile. The form of the volinternallogin attribute is <volmaillogin value>@<value found in file>. For details about volinternalloginpluginfile, see Additional Flat File Required for Two Plug-Ins, later in this section.

In the resource.properties file, the attr-loginid must be set to volmaillogin.

Adds the "volperson" object class to each user created.

Enabling the Plug-Ins

To enable these plug-ins, edit the commcli servlet resource.properties file, located in the following directory:

The plug-ins are located in the resource.properties file in a section headed as follows:

jdapi-mailhoststorepluginclass=sun.comm.cli.server.util.MailHostStorePlugin
jdapi-mailhoststorepluginfile=/tmp/mailhostmailstore
jdapi-volinternalloginplugin=disabled
jdapi-volinternalloginpluginclass=sun.comm.cli.server.util.
VolInternalLoginPlugin
jdapi-volinternalloginpluginfile=/tmp/volinternalloginplugin
jdapi-objectclassplugin=disabled
jdapi-objectclasspluginclass=sun.comm.cli.server.util.ObjectClassPlugin
jdapi-maildomainreportaddressplugin=enabled
jdapi-maildomainreportaddresspluginclass=sun.comm.cli.server.
util.MailDomainReportAddressPlugin
jdapi-uidautogenerationplugin=disabled
jdapi-uidautogenerationpluginclass=sun.comm.cli.server.util.UidPlugin

Plug-In Format

jdapi-<name>plugin= “enabled” | “disabled”

jdapi-<name>pluginclass=sun.comm.cli.server.util/
<java class name>

Plug-in classes are supplied for all the plug-ins listed in this section. The classes are located in the following directory:

Additional Flat File Required for Two Plug-Ins

Two plug-ins, MailHostStorePlugin and VolInternalLoginPlugin, require a flat file, which is included in a third line for the plug-in. The plug-in reads the value in the flat file and uses it to set attribute values. If the plug-in is enabled, the file must be present, or an error will occur.

jdapi-mailhoststoreplugin
    o jdapi-mailhoststoreplugininf=<full file name>
    o file has one line
     o value is that for :
            o preferredmailhost attribute
             o preferredmailmessagestore attribute
     o form
              o <mailhost>:<mailpartion>

jdapi-volinternalloginplugin
     o jdapi-volinternalloginpluginfile=<full file name>
     o file has one line
     o value is that for
            o right hand side of volinternallogin attribute

Customizing the User Log-In

When you run the Delegated Administrator configure program (config-commda), the value you use to log in to Delegated Administrator is set to be a uid.

For example, if you intend to log in as the TLA, and the TLA’s uid is john.doe, you would use john.doe to log in to Delegated Administrator.

You can customize Delegated Administrator to enable you to use additional values for the user log-in. For example, you could add the mail address (mail).

How the User Log-In Value Is Set

The config-commda program sets this value to uid with the loginAuth-idAttr property in the resource.properties file, as shown in the following example:

loginAuth-searchBase=<$rootSuffix>
servicepackage-cosdefbasedn = <$rootSuffix>
loginAuth-idAttr-1=uid

The resource.properties file is located in /var/opt/SUNWcomm/WEB-INF/classes/sun/comm/cli/server/servlet/
resource.properties.

Adding a User Log-In Value

You can set additional values for the user log-in by editing the resource.properties file.

For example, to enable you to use a mail address (such as john.doe@sesta.com) to log in, you could add the following line to the resource.properties file:

loginAuth-searchBase=<$rootSuffix>
        servicepackage-cosdefbasedn = <$rootSuffix>
        loginAuth-idAttr-1=uid
         loginAuth-idAttr-2=mail

Note that you must add an increment to the loginAuth-idAttr property for each new value. In this example, a second value is added, so you add -2 to loginAuth-idAttr .

        loginAuth-idAttr-1=uid
         loginAuth-idAttr-2=mail
         |
         loginAuth-idAttr-n=<login-in value>

Previous Contents Index Next
Sun Java System Communications Services 6 2005Q1 Delegated Administrator Guide