CHAPTER 2 |
The SIMS Administration Console Overview |
The Admin Console provides a browser-based GUI interface for common SIMS administrative tasks, namely SIMS configuration, and populating the system with users and groups. Note that only one administrator can be logged on to the Admin Console at a time. The first screen of the Admin Console is shown below.
TABLE 2-1 SIMS Admin Console Home Page (see FIGURE 2-1 on page 13) Components/Task
Description
Page
Self Explanatory
Provides instructions for adding, deleting, or modifying user, group or organizational units entries in the directory.
Monitor and customize the SIMS message storage and access character-istics by modifying the parameters of this component. The Message Store chapter provides instructions for monitoring message store paths, space usage and user space quotas; configuring user quotas, mail server client type, maximum connections, disk space threshold, /var/mail support, message store size increase, and message purge schedule.
The IMTA receives, routes, and sends incoming messages to their destination. SIMS message transport can be customized by modifying the IMTA attributes. This chapter provides instructions for viewing and changing the message transport characteristics of SIMS, including configuring/monitoring channels, directory cache update, anti-spam features, IMTA location relative to the Internet, and routability scope.
View and monitor all user connections to SIMS, as well as start and stop client access to the message store.
The Directory Service contains the routing information for SIMS. Pressing this icon brings up the Sun Directory Service log on screen. If the Netscape Directory Server is installed, this icon will not appear. For complete information refer to the Sun Directory Service or Netscape Directory Service documentation.
7) Help
Online help for SIMS.
8) Home
Return to Home Page.
Display the current state of each component.
Not all tasks can be done on the Admin Console. Some tasks require editing SIMS configuration files, others require running UNIX commands, and still others require using the directory service interface. Wherever possible, we try to state which these permissions, accounts, or interface is needed to perform a specific SIMS task. |
Most Admin Console tasks can be accomplished by using one or more other methods. These methods include: |
Modifying a configuration file. |
Executing a SIMS utility or command. |
Modifying the LDAP directory. |
Generally using the Admin Console is not as fast as using the command line interfaces or modifying the LDAP directory directly. However it's usually easier and provides a bit of protection by asking for confirmations, as well as not modifying restricted lines or parameters. |
When you set a configuration in the Admin Console, press the Apply button to save your settings. If you don't do this, you may lose your settings if you exit the page on which you specified your configurations. |
The same login and password required to log on to the Admin Console can be used to execute the imadmin provisioning utilities. See the imadmin man page for details. |
To Start the SIMS Admin Console |
You must use the Netscape 4.05 browser and above for the Admin Console to work properly. If you are using the Netscape browser, you MUST add the following line in.netscape/preferences.js (Solaris Operating Environment) or in
user/<username>/pref.js (Windows NT) for the Admin Console to run correctly:
user_pref("signed.applets.codebase_principal_support",true);Failure to set this arguments could cause deleterious effects on your system.
To bring up the Admin Console, start the browser and go to
http://<machine-name>/sims/. Enter the SIMS administrator's login (default: siteadmin), the domain to which the administrator belongs, (specified at installation) and the password.
Note - If you are running on the Netscape browser, you need to run the browser as a regular user on the Solaris and Windows NT desktop. Running as a super user on the desktop does not have the setup to run Java applets.
TABLE 2-3 describes the most common buttons that appear in the Admin Console or dialog boxes.
When you set a configuration, you must press the Apply button to save your settings. If you do not do this, you may lose your settings. You are not always warned about losing the settings when you exit a page.
SIMS polls each component (except the directory service) periodically to determine its current state. The System Components on the Admin Console home page (FIGURE 2-2) displays the current state of each component. TABLE 2-4 outlines the possible SIMS component states.
If a System Component graphic indicates that a component is in either an alert or down state, you can access more information from the System Status section on the Admin Console home page. Each entry indicates the time at which the component was polled, the component status, and more detailed information about if the component is in either an alert or down state.
If the Internet Message Transfer Agent (IMTA) is in an alert or down state, you should also check the status of each IMTA channel. For more information, refer to "Monitoring Channel Status" on page 85.
For more problem resolving information see Chapter 13, "SIMS Troubleshooting."
Note - The Stop all function on the home page does not stop the Directory Service so the Directory Services icon will not have a red X over it if you execute this procedure (see "To Stop SIMS Components" on page 21).
SIMS requires a variety of different permissions and accounts to access and service all the SIMS administrative capabilities. For example:
To log on to the SIMS Admin Console, and to be able to execute the imadmin commands (example: imadmin-add-user) requires a SIMS administrator login and password. |
To execute IMTA and message store configuration commands, as well as message store maintenance functions, the inetmail UNIX account is required. |
To modify the Sun Directory Services configuration and to create replicas, the Sun Directory Services or NetScape Directory Services login and password are required. which are different from their SIMS login and password. |
A default SIMS administrator is created at installation called siteadmin. In this document, a SIMS administrator refers to a user who has the ability to log on to the SIMS Admin Console and to execute the imadmin commands.
Wherever possible, we try to state these permissions and accounts needed to perform a specific task.
Creating SIMS Administrators |
Utilities: imadmin-add-admin, imadmin-search-admin,
imadmin-remove-adminSIMS administrators can log on to the SIMS Admin Console and can also execute the imadmin commands. A SIMS administrator is different from a delegated administrator who can only add, modify, delete, and search for group or user entries at a specified hosted domain. A SIMS administrator can modify any entries in any part of the directory and can configure any part of the entire SIMS system.
A SIMS administrator is created by another SIMS administrator using the utility imadmin-add-admin and by setting the appropriate ACLs for the entry. These ACLs are write permission for the userPassword attribute for all users, and write permission for the sub-tree beneath o=internet. For example, in the Sun Directory Service you might add the following to
/etc/opt/SUNWconn/ldap/current/dsserv.acl.confaccess to
attrs=mailAutoReplyStartDate,mailAutoReplyExpirationDate,mailAutoReplyTimeout,mailAutoReplySubject,mailAutoReplyText,mailAutoReplyTextInternal,mailDeliveryOption,mailForwardingAddress,mailProgramDeliveryInfo,userDefinedAttribute1,userDefinedAttribute2,userDefinedAttribute3,userDefinedAttribute4,mail,rfc822MailAlias,description,seeAlso,telephoneNumber,facsimileTelephoneNumber,l,ou,physicalDeliveryOfficeName,postOfficeBox,postalAddress,postalCode,preferredDeliveryMethod,registeredAddress,st,street,telephoneNumber,title,carLicense,givenName,homePhone,homePostalAddress,initials,jpegPhoto,labeledURI,mobile,pager,roomNumber
by self write
by dn="cn=<Admin>,ou=People,dc=bridge,dc=net,o=internet" write
access to attrs=userPassword
by self write
by dn="cn=<Admin>,ou=People,dc=bridge,dc=net,o=internet" write
by * compareaccess to dn=".*o=internet"
by dn="cn=<Admin>,ou=People,dc=bridge,dc=net,o=internet" writeIf the Netscape Directory Service is installed and configured by SIMS during the installation process, imadmin-add-admin will complete the admin creation process. If the Netscape Directory Service is installed, but not configured by SIMS during installation, then you must set the appropriate permissions for the new administrator entry. This involves setting the appropriate access control items (ACIs). See the Netscape Directory Service documentation for further information.
Note - imadmin-add-admin allows you to create both delegated administrators and SIMS administrators. To create a SIMS administrator, do not specify a domain in the argument list or you will create a delegated administrator. delegated administrators have fewer administrative capabilities. See "Creating, Viewing and Removing Delegated Administrators and Postmasters" on page 71.
Changing the SIMS Administrator Password |
Use the imadmin-modify-user utility to modify the userPassword attribute of a SIMS Administrator. Note that you cannot change the password of the SIMS "super" Administrator through the Admin Console or Delegated Management Console (the SIMS administrator as defined by the adminBindDN attribute in the /etc/opt/SUNWmail/sims.cnf file). If you forget the SIMS "super" Administrator password, contact your Sun Microsystems support person.
Viewing SIMS Administrators |
A list of users who have SIMS administrator or delegated administrator privileges for a particular domain can be generated with the utility imadmin-search-admin
Removing SIMS Administrator Privileges |
SIMS administrator privileges can be removed by a SIMS administrator using the utility imadmin-remove-admin.
This section describes tasks that affect the Admin Console. They are:
"To Stop SIMS Components" on page 21 |
"To Log Out of the Administration Console" on page 21 |
"To Access SIMS Version Information" on page 22 |
To Stop SIMS Components |
Utility: /etc/init.d/im.server stop
To stop the SIMS components (IMTA, Sun Message Store, and message access protocols), go to the Admin Console Home Page, click on the SIMS Console menu and select Stop all.
To Start SIMS Components |
Utility: /etc/init.d/im.server start
To start the SIMS components (IMTA, Sun Message Store, and message access protocols), if they are not already started, go to the Admin Console Home Page, click on the SIMS Console pull-down menu and select Start all. This is only available if a component is stopped.
To Log Out of the Administration Console |
After you are finished with the Admin Console you may log out by going to Admin Console Home Page, clicking the SIMS Console menu, and selecting Logout.
Note - For security reasons, we recommend logging out of the SIMS Admin Console after a task is complete. Also, since only one administrator at a time can be logged on, remaining logged on locks other administrators out of the system.
To Access SIMS Version Information |
Access the SIMS Version for all SIMS components by going to the Admin Console Home Page, clicking the SIMS Console menu, and selecting About SIMS.