CHAPTER 4 |
Hosted Domains |
This chapter describes how to create, delete, and modify hosted domains, how to create and remove hosted domain delegated administrators, and how to customize the Delegated Admin Console.
TABLE 4-1 Hosted Domain Topics and Tasks Topic/Task
Description
Page
How users log in to a hosted domain
How to create, delete and modify hosted domains.
Creating, Viewing and Removing Delegated Administrators and Postmasters
How to create and remove delegated administration privileges.
Refer to the SIMS Delegated Management Guide.
Customization of the Delegated Management Console.
Note - Users in the default domain do not need to enter their domain name to access their mailboxes. They only need to enter their user ID name. The default domain is the first domain created upon installation. Do not change the default domain after installation as this can cause problems in the message store.
| |
Changing the Default Separator |
The default message access login separator is +. It can be changed by modifying the loginSeparator in the $BASEDIR/etc/opt/SUNWmail/sims.cnf, but it MUST be done before SIMS deployment. Once the separator is changed, email that has been stored under the previous separator will no longer be accessible. Refer to the sims.cnf man page.
| |
Allowing Users in Subdomains to Log In Using the Domain Name |
When a hosted domain is created, the default set up is such that users must enter their fully qualified domain name to access their mailbox. For example, a user called wallyboy in the domain mktg.bridge.com would log in using wallyboy+mktg.bridge.com. A user called superbryn in the domain creative.bridge.com would use superbryn+creative.bridge.com. If you want to set up the system such that users in any subdomain of bridge.com can login as <uid>+bridge.com change the simsRecursive attribute in the
dn:dc=stream,dc=com,o=internet to 1.Note that you will have to create three sets of re-write rules to complete message delivery, one for each domain. bridge.com, mktg.bridge.com and creative.bridge.com.
|
To Set Up the System So that Users Can Log in Without Entering their Domain Name |
You can create hosted domains using the SIMS Admin Console, by modifying the LDAP directory (see the SIMS Provisioning Guide), or using the imadmin-create-domain utility. When SIMS is first installed, it will have a single domain in the DIT. FIGURE 4-2 shows the DIT of our Bridge example immediately after installation.
Note - Hosted mail domains need to correspond with your Domain Name System (DNS). For example, if you add a domain named eng to the DIT of the Bridge-ISP Corporation, then the mail domain eng.bridge.com needs to exist in Bridge's DNS.
| |
To Create an Hosted Domain |
Utility: imadmin-create-domain
Unlike the imadmin-create-domain command, creating a hosted domain with the Admin Console does not also allow you to create a Delegated Administrator. To do this you must use the imadmin-add-admin utility. In this example, the default domain (the domain specified at install) is bridge.com. We will describe how to create two example hosted domains called stream.com and bridge.com.
AdminConsole>User Manager>Create pulldown>Domain
| 1. | From the Admin Console home page, click the User Manager icon. |
| 2. | Click the Create pull-down menu and select Domain. |
| Mail Domain is the fully qualified mail domain that you want to create. Example: bridge.com. |
Note - If you entered a domain such as green.org, SIMS would create the domain org automatically. However, you will not be able to delete org from the Admin Console. You would have to use and LDAP command. If you created org separately, and then created green as a child of org, you would be able delete both from the Admin Console. Parent domains created in one step (entering <domain>.<domain parent> in the Mail Domain Field) cannot be deleted or viewed.
| Mail Server is the fully qualified host name of the machine supporting the hosted domains. In this example it might be mailserver19.bridge.com. |
Note - You can only create hosted domains that are children of the top-level domain components (those under o=internet such as org, gov, and edu). When you create a hosted domain, if a parent domain does not exist SIMS will create one.
| 3. | Enter the desired information in the dialog box and click Add. |
| The mail domain is created along with a People and Groups container. A SIMS administrator can now create user entries in this mail domain. To view the domain select User Manager>Choose Domain to Browse. |
| 4. | Create a delegated administrator |
| Creating a hosted domain with the Admin Console does not automatically create a delegated administrator. See "Creating Delegated Administrators" on page 71. |
| |
To Create Hosted Domain Alias |
Utility: imadmin-add-alias, imadmin-delete-alias and imadmin-modify-alias
There may be a situation in which a hosted domain customer wishes to have an alias for its domain. For example, suppose your domain is
international-basketball-league.com, but you also wish receive mail sent to ibl.com. To create hosted domain aliases, use the imadmin-add-alias utility. Refer to the man page for complete details.
Note - Your new domain must be registered with InterNIC in order for it to operational.
| |
To Delete a Hosted Domain |
Utility: imadmin-delete-domain and imadmin-purge-domain
You can mark a domain as deleted from the directory information tree (DIT). This operation deletes all folders and entries contained in that domain. For example, if you delete the domain named mktg.bridge.com from the DIT of the Bridge-ISP Corporation, then all user entries in the People folder and all group entries in the Group folder contained in the Marketing domain will be marked as deleted.
AdminConsole>User Manager>Selected domain to delete>Selected-Delete
| 1. | From the Admin Console home page, click the User Manager icon in the Tasks portion of the page. |
| The User Manager page displays. |
| 2. | In the directory tree highlight the domain label (for example, Marketing), then click the Selected menu and choose Delete. |
| A dialog prompts you to confirm deletion of the domain. |
| 3. | Click OK. |
| Note that this only marks the domain for deletion. The domain cannot be seen on the Admin Console, but it still exists in the DIT until it is purged. |
| 4. | Run imadmin-purge-domain |
| See the imadmin-purge-domain man page for details. |
| |
Modifying a Hosted Domain |
Use the imadmin-modify-domain utility to modify attributes of a domain's domain entry in the DIT. See the man page and Schema in the SIMS Reference Manual for details.
| |
To Set Up the System So that Users Can Log in Without Entering their Domain Name |
It is possible to set up virtual hosted domains such that users do not have to include the separator and domain name upon login. This is a complex process involving the configuration of the DNS and server hardware to support multiple IP addresses on a single SIMS server, and configuring the ims.cnf file to support IP address-based domain recognition. This technology is referred to as Domain from IP.
| 1. | Setup up your SIMS server to have multiple IP addresses, and give each address a DNS hostname. |
| 2. | Create your virtual hosted domain in the directory. (See "To Create an Hosted Domain" on page 64). |
| 3. | List all of the virtual IP addresses in the DNS zone file for the host domain pointing to the logical hostname in /etc/opt/SUNWmail/sims.cnf. |
| For example, if your sims.cnf file has: |
| logicalHostname=mail.bridge.net |
| Your DNS zone file needs: |
| mail.bridge.net IN A 209.20.10.2 mail.bridge.net IN A 209.20.10.3 |
| 4. | Bind the DNS hostname or IP address to the hosted domain in the /etc/opt/SUNWmail/ims/ims.cnf configuration file using the ims-bind-address attribute. |
| The format for setting the ims-bind-address attribute is as follows: |
| ims-bind-address:[<hostname>[=domain]] [(<service>=<port1>[,<port2>..] [:<service>=<port3>[,<port4>..]..])] |
| <hostname> is a hostname or an IP address to listen to when binding sockets in the message-access server. If hostname is not present or the value is equal to '*', listen to all the addresses available. |
| <domain> is the default search domain associated to this address(es) / port(s). This value supersedes defaultDomain from sims.cnf. |
| <service> is one of imap, pop3, imaps, pop3s (if no service is listed, the ports indicated in /etc/services are used) |
| <port>[,<port>..] is one or more TCP port numbers to listen to for the service specified. Specifying 0 means the service not provided on this address) |
| The code line for our example would look as follows: |
| ims-bind-address: mail.beam.com=beam.com ims-bind-address: mail.stream.com=stream.com |
| 5. | Restart imaccessd each time you modify ims.cnf. |
| Use /etc/init.d/im.server stop and use /etc/init.d/im.server start. |
| 6. | Make sure all clients point to the new POP server hostname. |
| A more realistic configuration would have multiple proxies and multiple backend messages stores installed as follows. As more hosted domains are added, the DNS configuration gets more complex. |
Note - If beam.com contains subdomains and the domain entries has the simsRecursive attribute set to 1, then users in subdomains of beam.com can also login using their uid (note that the appropriate rewrite rules must also be defined). If simsRecursive attribute is set to 0, then they must enter their uid+subdomain to access their mailboxes.
A delegated administrator adds, deletes, searches, and modifies user and group entries for a particular domain. Typically a delegated administrator works for the company, owning the domain, at the company's site (as opposed to working at the ISP providing the virtual hosted domain). The delegated administrator performs the administrative tasks using the Delegated Management Console. Refer to the Delegated Management Guide for further information.
A domain postmaster is simply a mailbox that receives failed delivery notifications and external requests for addresses. By designating a postmaster to a hosted domain, the SIMS administrator does not have to receive and deal with failed delivery messages and external requests for email addresses. These messages can go to a postmaster mailbox designated at each hosted domain company.
| |
Creating Delegated Administrators |
To create a delegated administrator, a SIMS administrator must grant delegated administration privileges to an existing user. Therefore, you must first create a user (see "To Create a User Entry" on page 28) and you must then run the
imadmin-add-admin utility.
| |
Viewing Delegated Administrators |
A list of users who have delegated administrator privileges for a particular domain can be generated with the utility imadmin-search-admin
| |
Removing Delegated Administrator Privileges |
Delegated administrator privileges can be removed by a SIMS administrator using the utility imadmin-remove-admin.
| |
Creating Domain Postmaster Mailboxes |
To create a domain postmaster mailboxes, select the mailbox you wish to make a postmaster, then use the add the imadmin-modify-domain utility to add the rfc822postmaster:<uid@domain> attribute to the domain:
# imadmin modify domain -D <SIMS Admin login> -w <password> -A rfc822postmaster:<uidOfPostmaster@domain> -n <domain>
User's can perform the following email administrative functions by accessing the User's Delegated Management Console.
|
Change password |
|
|
Start and stop vacation notice |
|
|
Forwarding mail |
|
|
Listing distribution lists membership |
To access the console, enter http://<SIMS server>/sims/en/emailuser.html in the browser installed with SIMS. Refer to the SIMS Delegated Management Guide for more information.
Every company creates customized branding with certain color themes, typefaces, and corporate or product logos. The look of the Delegated Management Console can be customized to better reflect the corporate identity. The graphical elements in the Delegated Management Console can be replaced or redesigned. New elements that did not ship with the product can also be added.
This section points out the graphical elements that may be customized. It also provides customization tips to consider when redesigning or changing these elements.
HTML tables are used to organize the graphical elements and contents in the Delegated Management Console pages. It is necessary to discuss the underlying table structure because the organization of these tables dictates how the graphical elements align on the page. An illustration of the structural table is shown in FIGURE 4-7. The tables are referred to in the code by the same names given in the illustration.
The HTML code is structured such that an Overall Layout table contains two other main tables used to organize the contents and consistently designate certain areas of the screen for certain functionality. These two tables are the NavBar table, on the left, and the Contents table, on the right. The NavBar table designates the left pane of the screen as the navigation area by organizing navigation buttons vertically in the left pane of the screen. The Contents table designates the right pane of the screen as the content area, where all of the information a user will manipulate appears.
FIGURE 4-7 Structural table of the Delegated Management Console
The concept of two panes with distinct functionalities is visually reinforced with a two-color background image (bkgd.gif). This background image, which creates the background colors for the page, is placed in the Overall Layout table. The image tiles vertically down the page, producing colored columns that create two visually distinct panes on the screen. The navigation pane, on the left, is dark purple (or the NavBar color). The contents pane, on the right, is a lighter purple (or the Contents color). This visual aid helps reinforce the idea of distinct functionality for different parts of the screen. Every page uses the background image.
The colors of the background image may be changed to reflect the corporate identity, however the new colors that are chosen should be reused in the navigation buttons.
The content color in the background image will create the content area, so a color should be chosen that ensures good legibility of the text in the content area. For this reason it is recommended to use a darker color for the navigation area and a lighter color for the content area.
The background image, bkgd.gif, can be found in the /opt/SUNWmail/html/language/graphics directory.
The interface is designed so that navigation occurs in the left pane of the screen with navigation buttons. These navigation buttons are located in the NavBar Table so that they appear vertically in the left pane of the screen. Each navigation button links to a particular page in the Delegated Management Console.
FIGURE 4-9 Selected Navigation Button in the Delegated Management Console
The colors, shape, or design of the buttons may be changed to better reflect the corporate identity. It is helpful to understand how the buttons function before editing or manipulating them. The buttons act as tabs. Each button consists of two images: one for an unselected state of the button (button.gif) and one for the selected state of the button (button_select.gif). An unselected button image is the same color as the NavBar color portion of the background image. When a user selects a button, it changes appearance and becomes the color of the Content color portion of the background image. The selected button now physically connects to the content area, like a tab, and clearly indicates the user's location within the application. The button remains selected as long as the user remains on that page, providing a visual indication of the user's location within the application.
If the colors of the selected and unselected buttons are changed, the new colors should be used in the background image (bkgd.gif) as well in order to retain a working tab model.
If the length of the navigation buttons is changed, the length of the NavBar color in the background image should also be edited. To maintain the tab effect where a selected button changes colors and visually connects with the content area, the right edge of the navigation buttons must align with the right edge of the NavBar color in the background image. The background image is located in the Overall Layout table. Because the navigation buttons are embedded in the NavBar table, which is inside the Overall Table, the buttons are indented, even when table borders and buffering are turned off. This indentation is uncontrollable. Therefore, the NavBar color portion of the background image must be made longer or shorter to accommodate the indentation if the length of the navigation buttons is changed. Keep in mind also that different browsers indent tables differently and that the design should be tested in multiple browsers on multiple platforms.
If the text labels on the buttons are changed, maintain consistent naming between the selected and unselected states of each button. The label on the buttons should correspond to the page titles within the Delegated Management Console.
A light font color should be chosen for the labels on the unselected buttons. The font color should provide ample contrast to the button color for good legibility. The Delegated Management Console uses white text on dark purple buttons.
A dark color should be chosen for the labels on the selected buttons. The font color should provide ample contrast to the button color for good legibility. The Delegated Management Console uses black text on lighter purple buttons.
The navigation buttons (button.gif and button_select.gif) can be found in the /opt/SUNWmail/html/<locale>/graphics directory.
A banner image with the product name and Sun logo (banner.gif) is located in the Overall Layout table. This banner appears on every screen in the Delegated Management Console and can be replaced. The current banner is 600x36 pixels, but the size (as well as the colors and the text) may be altered.
The dimensions and locations of the Sun logos can be used as guidelines for inserting a new logo. The Sun logo in the banner is 166x36 pixels in size.
The banner image (banner.gif) can be found in the /opt/SUNWmail/html/<locale>/graphics directory.
All of the graphics available for customization in the Delegated Management Console are listed in TABLE 4-2. The table lists the name of the graphic along with the name of the GIF file. The /opt/SUNWmail/html/<locale>/graphics directory is created when SIMS is installed. This is the directory where all the graphics files are placed. When the CGI program runs, it picks up the graphics from this directory. Therefore, any customized graphics must be saved here as well.
To customize a graphic:
| 1. | Use the graphic from the /opt/SUNWmail/html/<locale>/graphics directory. | |
| 2. | Edit the graphic with a graphics editor, or create a new graphic. | |
| 3. | Save the graphic back into the /opt/SUNWmail/html/<locale>/graphics directory. |
For example, if you wish to customize the banner graphic, start with the existing banner graphic, banner.gif, from the /opt/SUNWmail/html/<locale>/graphics directory. Make modifications with a graphics editor, and save the modified banner graphic back into the /opt/SUNWmail/html/<locale>/graphics directory. If you do not want to overwrite the original graphic shipped with the Delegated Management Console, save the modified graphic with a new name.
When altering or creating new graphics to appear in the Delegated Management Console, be sure to create the graphics using the so-called "web-safe" color palette. While there is some disagreement about whether the web-safe palette is actually safe, using it may ensure that graphics appear more consistently across various platforms.
To allow for future flexibility to change the background colors and color themes of the Delegated Management Console, design all images as transparent gifs. Avoid transparent gifs with "halos" around them by not dithering the gif to a background color.