This chapter provides instructions for Oracle Communications Contacts Server post-installation tasks.
Many Contacts Server post-installation tasks involve configuring system security. For security-related tasks, such as configuring SSL, see Contacts Server Security Guide.
Contacts Server requires a unique identifier in the form of an LDAP attribute whose value is used to map each user account to a unique account in the database. The current default and recommended attribute, davuniqueid, prevents a potential serious issue with using nsUniqueId. If you use nsUniqueId and the LDAP entry for a user, group, or resource is deleted and recreated in LDAP, the new entry would receive a different nsUniqueId value from the Directory Server, causing a disconnect from the existing account in the contacts database. As a result, recreated users cannot access their existing contacts.
To change the unique identifier:
Run the davadmin config modify command to modify the davcore.uriinfo.permanentuniqueid configuration parameter. This parameter specifies the unique valued LDAP attribute present in the LDAP entry of all subjects (users, groups, and resources).
See the topic on command-line utilities in Contacts Server System Administrator's Guide for more information about the davadmin command.
Caution:
Changing this option after any user data is created in the database leads to data loss.Contacts Server performs searches on the index you chose to use for davcore.uriinfo.permanentuniqueid. The installation process automatically creates the Directory Server index for davuniqueid. If you did not choose to use the default value of davuniqueid for davcore.uriinfo.permanentuniqueid, you must index the chosen attribute for presence and equality ([pres.eq]) in Directory Server. For more information about working with Directory Server indexes, refer to the Directory Server documentation.
Add the attribute to the list of LDAP attributes fetched by Contacts Server by running the davadmin config modify command to change the davcore.uriinfo.subjectattributes configuration parameter. Make sure to add on to the existing list and pass the entire value when doing the modification.
To enhance security within your installation, you can configure Contacts Server to scan attachments, such as photos, for viruses. Contacts Server virus scanning can examine attachments in a real-time mode to test and optionally reject incoming infected data. You can also choose to scan and optionally delete infected existing data on-demand.
To enable Contacts Server for virus scanning, see the topic on configuring virus scanning in Calendar Server System Administrator's Guide.
Though this documentation is written for Calendar Server, it also applies to Contacts Server. The only exception is that Contacts Server does not have an iSchedule database.
This section describes how to set up a Virtual List View (VLV) browsing index for Oracle Directory Server Enterprise Edition 11.1.1.5.0 using Contacts Server. Directory Server VLV browsing indexes are used by Contacts Server to enable pagination support in the Corporate Address Book from the RESTful protocol. For more information, see the topic on managing browsing indexes in Oracle Directory Server Enterprise Edition Administration Guide at:
http://docs.oracle.com/cd/E20295_01/html/821-1220/bcaug.html
By default, Contacts Server enables the Corporate Directory feature by using the deployment's user/group LDAP pool with the following configuration parameters:
store.corpdir.enablecorpdir=true
store.corpdir.defaultcorpdirectoryurl=ldap://ugldap/??sub?(objectclass=*)
If necessary, tailor the objectclass to your site's needs, for example: objectclass=inetorgperson.
However, VLV is not enabled by default. To use VLV, you must perform the following steps:
Define a browsing index and generate the browsing index in Directory Server, as described in "Creating a VLV Browsing Index."
Use an LDAP URL syntax extension to enable the use of VLV in the Contacts Server store.corpdir.defaultcorpdirectoryurl configuration parameter.
The general LDAP URL syntax is in the form ldap://ldap_pool_name/basedn?attributes?scope?filter?extensions. The available private extensions are:
vlv
sort=sort_on_attribute
displayname=friendly_display_name
The displayname extension is optional. If it is missing, then the value "Corporate Directory" is used. Thus, to enable VLV in the default corporate directory, you set the store.corpdir.defaultcorpdirectoryurl parameter as follows:
store.corpdir.defaultcorpdirectoryurl = ldap://ugldap/??sub?(objectclass=inetorgperson)?vlv,sort=cn,displayname="Default Corporate Directory"
This value enables VLV, uses cn as the sorting attribute, and causes the displayname to appear in the output of listing all public address books:
>> Request << GET /rest/?booktype=public HTTP/1.1 Host: siroe.com Content-Length: 0 Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ== >> Response << HTTP/1.1 200 OK Content-Type: application/json Content-Length: xxxx { "restversion": "1.0", "baseuri": "https://siroe.com", "homeuri": "/rest/home/johndoe/", "addressbook": [{ "uri": "/rest/directory/default/", "displayname": "Default Corporate Directory", "type": "public", "myrights": "r" }], "totalresults": 1 }
You must perform the following steps on every Directory Server instance that Contacts Server uses. Directory Server index configuration settings are not replicated.
Creating a VLV browsing index involves the following tasks:
To define the VLV browsing index:
The following LDAP modifications add the required Directory Server settings for the VLV index, which enables you to then create the index in "Generating the VLV Browsing Index".
/opt/sun/dsee7/dsrk/bin/ldapmodify -h directory_server_hostname -p directory_server_port -D "cn=Directory Manager" dn: cn=Browsing organization,cn=database_backend,cn=ldbm database,cn=plugins,cn=config changetype: add objectClass: top objectClass: vlvSearch cn: Browsing organization vlvbase: organization_base vlvscope: 2 vlvfilter: vlv_search_filter aci: (targetattr="*")(version 3.0; acl "VLV for Anonymous"; allow (read,search,compare) userdn="ldap:///anyone";) dn: cn=Sort by vlv_sort_attribute,cn=Browsing organization,cn=database_backend,cn=ldbm database,cn=plugins,cn=config changetype: add objectClass: top objectClass: vlvIndex cn: Sort by vlv_sort_attribute vlvSort: vlv_sort_attribute
To determine the database_backend setting, to refer to the ds_instance_path/config/dse.ldif file and search for nsslapd-suffix: user_group_base. The following example shows the database_backend as isp for the user_group_base of o=isp.
dn: cn=isp,cn=ldbm database,cn=plugins,cn=config objectClass: top objectClass: extensibleObject objectClass: nsBackendInstance cn: isp creatorsName: cn=directory manager modifiersName: cn=directory manager entrydn: cn=isp,cn=ldbm database,cn=plugins,cn=config numSubordinates: 4 nsslapd-suffix: o=isp nsslapd-cachesize: -1 nsslapd-cachememsize: 10485760 nsslapd-readonly: off nsslapd-require-index: off nsslapd-directory: /var/opt/SUNWdsee/dsins1/db/isp
The following ldapmodify command uses the preceding value for database_backend:
/opt/sun/dsee7/dsrk/bin/ldapmodify -h directory.siroe.com -p 389 -D "cn=Directory Manager" dn: cn=Browsing siroe.com,cn=isp,cn=ldbm database,cn=plugins,cn=config changetype: add objectClass: top objectClass: vlvSearch cn: Browsing siroe.com vlvbase: o=siroe.com,o=isp vlvscope: 2 vlvfilter: (objectclass=inetorgperson) aci: (targetattr="*")(version 3.0; acl "VLV for Anonymous"; allow (read,search,compare) userdn="ldap:///anyone";) dn: cn=Sort by cn,cn=Browsing siroe.com,cn=isp,cn=ldbm database,cn=plugins,cn=config changetype: add objectClass: top objectClass: vlvIndex cn: Sort by cn vlvSort: cn
To propagate the VLV index with data, you must first stop the Directory Server.
Change to the ds_install/bin directory and stop the Directory Service.
cd /opt/sun/dsee7/bin
dsadm stop ds_instance_path
Generate the index.
dsadm reindex -l -t "Sort by vlv_sort_attribute" ds_instance_path "organization_base"
Start the service.
dsadm start ds_instance_path
The following commands show how to generate a VLV index using the preceding example settings:
cd /opt/sun/dsee7/bin dsadm stop /var/opt/sun/dsee7/dsins1/ dsadm reindex -l -t "Sort by cn" /var/opt/sun/dsee7/dsins1/ "o=siroe.com,o=isp" dsadm start /var/opt/sun/dsee7/dsins1/
To verify that the VLV index is created and in use, run the ldapsearch command. Because Contacts Server uses an internal administrative user to proxy as a regular user, the following example does the same.
/opt/sun/dsee7/dsrk/bin/ldapsearch -h directory.siroe.com -p 389 -D \ "uid=nab-admin-contactsserver.siroe.com-20140314084929Z,ou=People,o=siroe.com, \ o=isp" -Y "dn:uid=johndoe,ou=People,o=siroe.com,o=isp" -w - -b o=siroe.com,o=isp \ -G 0:4:1:0 -S cn -x "(objectclass=inetorgperson)" dn cn
Log entries similar to the following appear in the Directory Server access log for the preceding search, indicating that the VLV is set up properly.
[26/Mar/2014:08:11:53 +0000] conn=14037 op=1 msgId=2 - SRCH base="o=siroe.com,o=isp" scope=2 filter="(objectClass=inetorgperson)" attrs="dn cn" [26/Mar/2014:08:11:53 +0000] conn=14037 op=1 msgId=2 - SORT cn [26/Mar/2014:08:11:53 +0000] conn=14037 op=1 msgId=2 - VLV 0:4:0:0 1:212689 (0) [26/Mar/2014:08:11:53 +0000] conn=14037 op=1 msgId=2 - RESULT err=0 tag=101 nentries=5 etime=0
This section describes how to set up indexes for Oracle Directory Server Enterprise Edition using Contacts Server for the following telephone attributes:
telephoneNumber
facsimileTelephoneNumber
homePhone
mobile
pager
By default, the comm_dssetup script only creates an index on telephoneNumber.
You must perform the following steps on every Directory Server instance that Contacts Server uses. Directory Server index configuration settings are not replicated.
Copy the index-odsee.sh script from the ContactsServer_home/sbin directory to the Directory Server host.
On the Directory Server host, change to the directory in which you copied the script.
Run the index-odsee.sh script.
index-odsee.sh -B dsbinpath -D binddn -j passwdfile -h dshost -p dsport -s suffix
where:
-B dsbinpath: Specifies the path to the Directory Server binary location
-D binddn: Specifies the bind dn
-j passwdfile: Reads the bind password from a file for simple authentication
-h dshost: Specifies the Directory Server host name
-p dsport: Specifies the Directory Server port number
-s suffix: Specifies the directory suffix where indexes are to be created