Sun Java logo     Previous      Contents      Index      Next     

Sun logo
Sun Java Enterprise System 2003Q4 Deployment Example Series: Evaluation Scenario 

Chapter 4
Provisioning a Java Enterprise System User

This chapter shows you how to set up Identity Server as a general purpose provisioning tool and how to provision a Java Enterprise System user with Identity Server. This chapter contains the following sections:

About Java Enterprise System User Provisioning

A Java Enterprise System user is an account that has access to one or more services provided by Java Enterprise System components. (Some services may be provided by several Java Enterprise System components working together.)

The idea of a Java Enterprise System user encompasses:

User provisioning is creating the user’s account and enabling the user’s access to Java Enterprise System services.

Java Enterprise System has the following interfaces for user provisioning and working with LDAP directory entries:

The procedures in this chapter show you how to provision a user with the Sun ONE Identity Server Console.

In a production system, Java Enterprise System administrators manage users. User management tasks not demonstrated in this chapter include LDAP organizational planning, database management, and delegated administration.

Using Identity Server as a Provisioning Tool

This section describes how to set up the LDAP attributes necessary for using Identity Server as a general purpose provisioning tool. You set up the LDAP attributes with Identity Server Services. Identity Server Services are a mechanism for grouping and managing LDAP attributes.

Identity Server Services are not end-user services. The Sample Mail Server Service and Sample Calendar Server Service described in this section add Identity Server LDAP attributes that enable you to provision users with end-user mail and calendar services.

Importing the Identity Server Services into Identity Server

The Java Enterprise System installer supplies definitions for two Identity Server Services that add LDAP attributes for managing end-user mail and calendar services. These definitions are supplied as two Extensible Markup Language (XML) files. These XML files describe Identity Server Services named Sample Mail Server Service and Sample Calendar Server Service.

Sample Mail Server Service and Sample Calendar Server Service are not intended for production use. User provisioning in a production environment is typically performed by batch processing operations, which these sample services do not support. For information on production user provisioning, and the command line tools used in production user provisioning, see Sun ONE Identity Server 6.1 Administration Guide and Sun ONE Messaging and Collaboration 6.0 User Management Utility Installation and Reference Guide.

    To Import the Identity Server Services into Identity Server
  1. Navigate to the samples directory:

    2. cd /opt/SUNWam/samples/integration

  2. Run the amadin command for the Sample Mail Server Service:

    3. /opt/SUNWam/bin/amadmin --runasdn "uid=amadmin,ou=people,dc=example,dc=com" --password password --schema sampleMailServerService.xml

    Note

    If your domain name includes a subdomain, you must specify each element of the name separately. For example, if you use my.example.com, you must type dc=my,dc=example,dc=com.

  3. Run the amadin command for the Sample Calendar Server Service:

    4. /opt/SUNWam/bin/amadmin --runasdn "uid=amadmin,ou=people,dc=example,dc=com" --password password --schema sampleCalendarServerService.xml

  4. Use the cp command to copy the associated property files, which enable localization, to the locale directory:

    5. cp sampleMailServerService.properties /opt/SUNWam/locale

    cp sampleCalendarServerService.properties /opt/SUNWam/locale

  5. Stop Identity Server:

    6. /opt/SUNWam/bin/amserver stop

  6. Stop and restart Application Server:

    7. cd /var/opt/SUNWappserver7/domains/domain1/server1/bin

    ./stopserv

    ./startserv

    Restarting Application Server also restarts Identity Server.

Registering the Identity Server Services

In this section, you use the Identity Server console to register Sample Mail Server Service and Sample Calendar Server Service with your Administration Server domain and LDAP organization.

    To Register the Sample Services With Your Administration Server Domain
  1. In a web browser, open the following URL:

    2. http://example.com:81/amconsole

    The Login dialog opens.

    Tip

    Remember to substitute the host and domain that you are using.

    The URL includes the URI amconsole. You specified this URI on the installer’s Identity Server: Web Container for Running the Sun ONE Identity Services page. See To Supply Identity Server Information.

  2. In the login dialog, type the Administration User ID (the default value is amadmin) and password. Click OK.

    3. The Identity Server administration console opens in the browser. Figure 4-1 shows the administration console displaying information about the example domain. The domain name is displayed and highlighted in the left panel, just below the word Search.

    Note

    You defined the Administration User ID and password on the installer’s Identity Server: Sun ONE Application Server page. See To Supply Identity Server Information.

    Figure 4-1  Sun ONE Identity Server Console
    Screen capture; shows information about the example domain.

  3. In the left pane, open the View drop-down menu and choose Services.

    4. The window refreshes, and the left pane displays a list of services in the domain. Figure 4-2 shows the console window displaying a list of services. Notice that the View menu is displaying “Services.”

    Figure 4-2  Displaying a List of Services
    Screen capture; shows list of services in domain. Shows two new buttons, Register and Unregister, in left pane.

  4. In the left pane, click Register.

    5. A list of services that can be registered is displayed in the right pane. Your display should resemble Figure 4-3.

    Figure 4-3  Registering Services With a Domain
    Screen capture; right pane shows list of services that can be registered. List includes sample calendar and sample mail services

  5. Select and register the Sample Calendar Server Service and Sample Mail Server Service.
    1. Scroll to the bottom of the list.
    2. Select Sample Calendar Server Service and Sample Mail Server Service.
    3. Click the Register button that appears at the end of the list.

      4. The display refreshes. In the left pane, the Sample Calendar Server Service and Sample Mail Server Service are added to the list of registered services.

    To Register the Sample Services With Your Organization
  1. In the left pane, open the View menu and choose Organizations.

    2. The window refreshes, and the left pane displays a list of organizations in the domain. Figure 4-4 shows the list of organizations in the example domain.

    Figure 4-4  Listing Organizations in the Example Domain
    Screen capture; in the left pane, the organization name (example.com) is selected.

  2. Click the name of your organization.

    3. The window refreshes. The left pane’s title bar now shows your domain and your organization. Your display should be similar to Figure 4-5.

    Figure 4-5  Selecting an Organization
    Screen capture; the left pane title bar displays the organization name.

  3. In the left pane, open the View drop-down menu and choose Services.

    4. The window refreshes. Your display should be similar to Figure 4-6.

    Figure 4-6  Viewing Services for the Example.Com Organization
    Screen capture; the left pane displays a new button, name Register.

  4. Click Register.

    5. The window refreshes, and the right pane displays a list of services that can be registered.

  5. Select Sample Calendar Server Service, Sample Mail Server Service, Portal Desktop, and SSO Adapter. Click the Register button at the end of the list.

    6. The window refreshes. In the left pane, the four services you selected are added to the list of registered services.

Provisioning a Sample End User

This section describes how to use Identity Server to provision an end user. You set up a user name and password, and you use Sample Mail Server Service and Sample Calender Server Service to give the user access to the end-user services Mail Express and Calendar Express.

    To Provision a Sample End User
  1. In the left pane, open the View drop-down menu and choose Users.

    2. The window refreshes, and the left pane displays a list of users in your organization. Your display should resemble Figure 4-7, which shows the list of users in the example domain organization. In particular, the list of users should include admin, calmaster, and msg-admin-allinone.example.com.

    Figure 4-7  Sun ONE Identity Server Console Window
    Screen capture; users is selected in the left pane. The right pane displays default user information for a store administrator.

  2. In the left pane, click New.

    3. The window refreshes, and the right pane displays input fields.

    Figure 4-8  New User Fields
    Screen capture; the right pane displays input fields for new user information.

  3. Define your Java Enterprise System user.
    1. Select Portal Desktop, Sample Calendar Server Service, Sample Mail Server Service, and SSO Adapter.
    2. Fill in the user information with the following values:
    3. Userid: scott
    4. First Name: Scott
    5. Last Name: McDuke
    6. Full Name: Scott McDuke
    7. Password: password
    8. Password (confirm): password

      9. Click Create.

  4. Scroll the left pane all the way to the left, until the View menu is visible. Open the View menu and choose Users.

    5. The window refreshes. The left pane displays a list of users for the organization, including the user that you just created.

  5. Scroll the left pane to the right and click the arrow symbol (>) that follows the new user’s Full Name.

    6. In Figure 4-9, the left pane displays the new user’s Full Name (Scott McDuke) and the > symbol.

    Figure 4-9  Sample Calendar Server Service Properties
    Screen capture; in left pane user Scott McDuke is selected.

  6. In the right pane, open the View menu and choose Sample Calendar Server Service. The window refreshes and displays the user’s Sample Calendar Service properties.
  7. Type the following values:
    • calendar status: active
    • back end host: allinone.example.com
    • first day of week: 1

      • Click the Save button.

      The window refreshes and displays a message indicating the user properties have been saved.

  8. In the right pane, open the View menu and choose Sample Mail Server Service.

    9. The window refreshes and displays the user’s Sample Mail Server Service properties.

    Figure 4-10  Sample Mail Server Service Properties
    Screen capture; right pane shows Sample Mail Server Service properties.

  9. In the Sample Mail Server Service property fields, type the following values:
    • mail: scott.mcduke@example.com
    • mail alternate address: smcduke@example.com
    • mailhost: allinone.example.com
    • mail delivery option: mailbox
    • maximum number of messages: -1
    • mail quota: -1

      • Click Save.

      The window refreshes and displays a message indicating the user properties have been saved.

  10. Click Logout (in the upper right corner of the page).



Previous      Contents      Index      Next     

Copyright 2004 Sun Microsystems, Inc. All rights reserved.