This chapter provides information specific to the Solaris operating environment.
To access the configuration data from the Configuration Manager, a desktop client requires the Sun JavaTM Desktop System Configuration Agent. The Configuration Agent communicates with the remote configuration data repository and the adapters as well as integrates data into specific configuration systems. The configuration systems that are currently supported are GConf, Mozilla Preferences, and StarOffice Registry.
The Configuration Agent is part of the SUNWapbas, SUNWapmsc, and SUNWapoc packages. When you install the Solaris SVR4 package, the files that are required for this API are installed. You can install the packages manually or through the Java Desktop System installation. After installation, you must configure and enable the Configuration Agent on your system.
To access the remote configuration data, the Configuration Agent requires some minimal bootstrap information, such as the host name and port of the LDAP server. This information is maintained in a set of properties files, such as policymgr.properties, apocd.properties, os.properties. These files are stored locally in the /etc/apoc directory. You can manually edit these properties files, or you can use the configuration wizard for the Configuration Agent.
The configuration wizard offers a graphical user interface that guides you through
the necessary settings of the Configuration Agent. For each page of the wizard,
a corresponding help screen is available. You can startup the wizard as super user
(root) by means of the /usr/bin/apoc-config script. A corresponding
desktop menu entry is also available under Preferences/System Tools/Network Settings, or under system-settings:///Network Settings in the Nautilus
file manager.
The wizard can also be started without launching the graphical interface. For example, execute /usr/bin/apoc-config -nodisplay to start the wizard in console mode.
Associated property file keys are indicated in parentheses, where appropriate.
Server Identifier (Server): host name of the LDAP server.
Server Port (Port): port number of the LDAP server.
Suffix (BaseDn): base DN of the LDAP repository.
State: The status of the Configuration Agent. The checkbox can be used to either activate or deactivate the Configuration Agent. To make use of the configuration repository, the Configuration Agent must be active. The activation automatically includes the necessary registration with inetd.
To manually enable or disable the Configuration Agent, log in as root and type the command /usr/lib/apocd enable or /usr/lib/apocd disable, respectively.
Host Identifier (HostIdentifier): can be "HostName" or "IPAddress". The identifier must be set to match the contents of the LDAP attribute that is used to identify hosts. This attribute is defined in the mapping files as Host/UniqueIdAttribute.
Authentication Type for the Configuration Agent: can be "Anonymous" or "Simple". If "Anonymous" is selected, the Qualified User Name and Password fields are automatically disabled.
Qualified User Name (AuthDn): full DN of a user with read and search access rights on the repository.
If anonymous access is enabled in the directory, this setting can be left blank.
Password (Password): password of a registered LDAP user
If anonymous access is enabled in the directory, this setting can be left blank.
Authentication Type for applications (AuthType): can be Anonymous or GSSAPI, depending on how the LDAP server authenticates users.
The Configuration Agent uses two ports:
Agent Port (DaemonPort): used by the agent to communicate with client applications (default is 38900).
Administration Port (DaemonAdminPort): used by the agent controller program, apocdct1, when communicating with the agent (default is 38901).
The Configuration Agent periodically checks for any changes in the configuration data using the following two intervals:
General Detection Interval (ChangeDetectionInterval): interval in minutes between the change detection cycles for the desktop application's (client's) configuration data.
Specifying -1 turns off change detection.
Interval for Agent Settings (DaemonChangeDetectionInterval): interval in minutes between the change detection cycles for the agent-specific configuration settings.
Specifying -1 turns off change detection.
You can use the general detection interval to tune the propagation of remote configuration data changes to client side applications. The value provided for this setting is the maximum length of time in minutes that elapses before remotely made changes are reflected in the client applications.
Smaller values result in increased Configuration Agent and LDAP server activity. As a result, use caution when you adjust the value of the settings. For example, in an initial deployment phase, you can set the value to one minute so that you can easily test the impact of remote configuration on client applications. After you complete the testing, return this setting to the initial value.
The following settings can be configured:
Data Directory (DataDir): the directory used to store runtime data. The default is /var/opt/apoc.
Cached Data Storage Life (TimeToLive): interval in minutes that non-offline configuration data remains in the local database.
Garbage Collection Cycle (GarbageCollectionInterval): interval in minutes between the garbage collection cycles in the local configuration database.
Maximum Client Threads (MaxClientThreads): maximum number of client requests that can be processed simultaneously.
Maximum Client Connections (MaxClientConnections): maximum number of client connections.
Maximum Request Size (MaxRequestSize): maximum size of client requests.
Connection Timeout (ConnectTimeout): denotes the allowed interval of the LDAP server to answer a connection request. The default is one second.
Log Level (LogLevel): level of detail in the agent log files. The logging level is consistent with the Java Logger levels. In order of decreasing severity, these levels are:
SEVERE
WARNING
INFO
CONFIG
FINE
FINER
FINEST
Most of the operational settings, with the exception of the Data Directory and Connection Timeout settings, can also be maintained centrally through corresponding policies stored in the LDAP server. If you want to use this feature, do not adapt the corresponding settings by means of the wizard. Instead, use the Configuration Agent policies within the Configuration Manager to centrally specify operational settings.
With the exception of "Data Directory" and "Connection Timeout", operational settings that have been stored on the LDAP server by means of the Configuration Manager take effect automatically at the next change detection cycle for the agent configuration (see DaemonChangeDetectionInterval).
All other settings changed locally require a reload or restart of the Configuration Agent. The reload or restart is performed automatically if you use the configuration wizard.
To manually restart the Configuration Agent, ensure that no related client applications are running, log in as root, and type the command /usr/lib/apoc/apocd restart.
The GConf adapter is part of the SUNWapoc-adapter-gconf package. When you install the adapter from the corresponding package, the GConf data sources path in /etc/gconf/2/path is updated to include the Configuration Manager sources. The two data sources that are provided by the adapter are:
"apoc:readonly:": provides access to non-protected settings from the policies. Insert this data source after the user settings and before the local defaults.
"apoc:readonly:mandatory@": provides access to protected settings from the policies. Insert this data source after the local mandatory settings and before the user settings.
The Mozilla adapter is part of the SUNWmozapoc-adapter package. When you install the adapter from the corresponding RPM, the required files are added to an existing installation of Mozilla and are automatically registered.
The StarOffice adapter is included in a standard StarOffice installation and allows you to access the policy configuration data without any special modifications.