Sun Java logo     Previous      Contents      Index      Next     

Sun logo
Sun Java Enterprise System 2004Q2 Deployment Example Series: Evaluation Scenario 

Chapter 4
User Management for the Evaluation Deployment

This chapter shows you how to configure your LDAP organization and provision user accounts that can log in to Messaging Server, Calender Server, and Portal Server. This chapter contains the following sections:

About Java Enterprise System User Management

This chapter describes three aspects of user management:

Configuring the User Management Utility

This section describes configuring the User Management Utility. Configuring the User Management Utility does the following:

    To Configure the Identity Server User Management Utility
  1. Change directory to the User Management Utility directory:

    2. cd /opt/SUNWcomm/sbin

  2. Run the command that starts the configuration wizard:

    3. ./config-iscli

    The configuration wizard’s Welcome page is displayed.

  3. Click Next.

    4. The Select Directory to Store Configuration and Data Files page is displayed.

  4. Click Next to accept the default configuration data directory.

    5. The Create New Directory dialog box is displayed.

  5. Click Create Directory.

    6. The Select Components to Configure page is displayed.

  6. Confirm that both components, Commcli Client and Commcli Server, are selected. Click Next.

    7. The ISHostPort page is displayed.

  7. Confirm that the default values for Hostname and Port specify your Identity Server instance on your evaluation_host.
    • The Hostname text field should display your evaluation_host.
    • The Port text field should display 80.

      • Click Next. The Default Domain page is displayed.

  8. Click Next to accept the default values.

    9. The Default SSL Port for Commcli Client page is displayed.

  9. Click Next to accept the default value.

    10. The Identity Server Base Directory page is displayed.

  10. Click Next to accept the default value.

    11. The Directory (LDAP) Server page is displayed.

  11. Do the following to identify your default Directory Server instance:
    • In the LdapURL text field accept the default value of ldap://evaluation_host:389.
    • In the Bind As text field accept the default value of cn=Directory Manager. There must be a space between Directory and Manager.
    • In the Password text field, type password.

      • Click Next. The Identity Server Top Level Administrator page is displayed.

  12. Do the following:
    • In User Name text field, accept the default value of amadmin.
    • In the Password text field, type password.

      • Click Next. The Identity Server Internal LDAP Authentication Password page is displayed.

  13. Do the following:
    • In the Username text field, accept the default value of amldapuser.
    • In the Password text field, type ldappassword.

      • Click Next. The Web Server Instance Directory page is displayed.

  14. Confirm that the default value identifies the Web Server instance on your evaluation_host. You see a value similar to the following:

    15. /opt/SUNWwbsvr/evaluation_host

    Click Next. The Organization DN for the Default Domain.

  15. Confirm that the default organization DN specifies the LDAP organization created by the Messaging Server configuration wizard.

    16. You see a value similar to the following:

    o=example.com,dc=example,dc=com

    Click Next. The Top Level Administrator for the Default Organization page is displayed.

  16. Do the following:
  17. Accept the default admin user ID.
  18. Type password for the admin password.

    19. Click Next. The Ready to Configure page is displayed.

  19. Review the configuration summary.

    20. Click Configure Now. The Starting Task Sequence page is displayed. When configuration is complete, the Sequence Complete page is displayed.

  20. Review the messages and confirm that the User Management Utility is successfully configured. You see the following message:

    21. All Tasks Completed

    Click Next. A Web Server Restart dialog box is displayed.

  21. Click OK.

    22. The Installation Summary page is displayed.

  22. In the Installation Summary page, review the details of the configuration.

    23. Click Close. The configuration wizard closes.

  23. Change directory to the Web Server default instance directory. The directory name includes the fully qualified name of the system on which you installed Web Server.

    24. cd /opt/SUNWwbsvr/https-evaluation_host

  24. Run the command to stop Web Server:

    25. ./stop

  25. Run the command to start Web Server:

    26. ./start

    The Web Server displays a sequence of startup messages. The startup process might take a few moments. When startup is complete, the following message is displayed:

    startup: server started successfully

The User Management Utility is now configured to operate on your default Directory Proxy Server instance.

Configuring Your LDAP Organization for Mail, Calendar and Portal Services

When a user attempts to log in to a Java ES service, the service performs LDAP authentication to determine whether the user is authorized to use the service. LDAP authentication examines the user’s LDAP data for the specific object classes and attributes that indicate that the user is authorized to access the service.

Each Java ES service has its own set of object classes and attributes for authentication.

The LDAP object classes and attributes used in authentication are added to the LDAP organization before user accounts are created in the organization. Adding attributes and object classes is known as extending the schema.

This section describes how to extend your LDAP organization’s schema with the object classes and attributes used to authenticate messaging, calendar, and portal services.

    To Extend Your LDAP Organization’s Schema for Messaging and Calendar Services
  1. Change directory to the User Management Utility directory:

    2. cd /opt/SUNWcomm/bin

  2. Use the commadmin domain modify command to extend your LDAP organization:

    3. ./commadmin domain modify -D admin -w password -S mail -H evaluation_host -S cal -B evaluation_host -P allowProxyLogin:yes -T America/Los_Angeles

  3. You might be prompted to Enter DNS Domain Name. If this happens, type your evaluation_domain and press Enter.

This command adds the LDAP attributes and object classes need for mail and calendar authentication to your LDAP organization.

    To Extend Your LDAP Organization’s Schema for Portal Services

In this section, you use the Identity Server console to register Portal services with your LDAP organization.

  1. In a web browser, open the following URL:

    2. http://evaluation_host/amconsole

    The Identity Server console login page is displayed.

  2. Type your Administration User ID (amadmin) and password (password). Click OK.

    3. The Identity Server administration console is displayed in the browser. By default, the Identity Management tab is selected, and the console displays information about your LDAP domain.

    Figure 4-1  Sun Java System Identity Server Console
    Screen capture; shows the information about the example domain described in text.

    Figure 4-1 shows the administration console displaying information about the example domain.

    • In the left pane, just below the Identity Management tab, the domain name is displayed and highlighted.
    • The left pane also lists the LDAP organizations in the domain. In Figure 4-1 the example.com organization is listed.
  3. Click the name of your LDAP organization.

    4. You see a display similar to Figure 4-2. The left pane’s title bar now shows your domain and your LDAP organization.

    Figure 4-2  Selecting an Organization
    Screen capture; the left pane title bar displays the organization name as described in text.

  4. In the left pane, open the View drop-down menu and choose Services.

    5. The left pane displays the list of services registered for your LDAP organization. You see a display similar to Figure 4-3. Initially, no services are registered for your LDAP organization.

    Figure 4-3  Viewing Services for the LDAP Organization
    Screen capture; the left pane displays a new button, named Add.

  5. Click Add.

    6. The right pane displays a list of services that can be registered.

  6. Register the Portal Server Configuration services. Select the following services:
    • Net Mail
    • Portal Desktop
    • SSO Adapter
    • Subscriptions

      • Click the OK button at the end of the list. The left pane displays the services you selected in the list of registered services.

  7. Leave the console window open.

You have added the LDAP attributes and object classes for messaging, calendar, and portal services use to your directory tree.

Provisioning an End User Account

This section describes how to use the User Management Utility and the Identity Server console to provision a user account. You set up an LDAP user entry with a user ID and a password, and you give the user access to portal, mail, and calendar services.

In a production system, Java ES administrators manage users. User management tasks not demonstrated in this chapter include LDAP organizational planning, LDAP database management, and delegated administration.

    To Create an End User Account
  1. Change directory to the User Management Utility directory:

    2. cd /opt/SUNWcomm/bin

  2. Run the command that creates a user account and provisions it for messaging and calendar services:

    3. ./commadmin user create -D admin -w password -l TestUser -F Test -L User -W password -S mail -H evaluation_host -E test.user@evaluation_domain -S cal -B evaluation_host -J 0 -T America/Los_Angeles

    To Provision the End User Account for Portal Services
  1. Return to the Identity Server console.
  2. In the left pane, open the View drop-down menu and choose Users.

    3. The left pane displays a list of users in your LDAP organization. You see a display similar to Figure 4-4. The list should include the user you created in the preceding step.

    Figure 4-4  Selecting Test User
    Screen capture; TestUser is selected as described in step 3.

  3. Select your new user.

    4. By default, the Store Administrator user is selected. Locate Test User in the list of users. Click the arrow symbol (>) that follows the user’s name. If necessary, scroll the left pane to the right.

    The right page displays user properties for Test User.

  4. Display the registered services for your new user.

    5. In the right pane, open the View drop-down menu and choose Services.

    The right pane displays a list of registered services for the user. You see a display similar to Figure 4-5. Initially, no services are registered for Test User.

    Figure 4-5  Displaying Services for Test User
    Screen capture; the right pane displays a new button, named Add.

  5. Display a list of services you can add.

    6. In the right pane, click Add. The right pane displays a list of services available in the LDAP organization but not yet registered for Test User.

  6. Add the portal services for your new user. Select the following:
    • NetMail
    • Portal Desktop
    • SSO Adapter
    • Subscriptions

      • Click the OK button. The right pane displays the updated list of services for the user.

  7. Log out of the console.

You have created a user account and provisioned it for the messaging, calendar, and portal services.



Previous      Contents      Index      Next     

Part No: 817-5417-10.   Copyright 2004 Sun Microsystems, Inc. All rights reserved.