Sun Java Communications Suite 5 Release Notes

Known Issues and Limitations in Delegated Administrator

This section describes known issues in Communications Suite Delegated Administrator. The section includes the following topics:

Delegated Administrator Installation, Upgrade, and Configuration Issues


You cannot upgrade Delegated Administrator from version 2004Q2 to version 6.4 (the current release) when Access Manager is deployed to an Application Server node agent.

This issue occurs when Delegated Administrator is deployed to Application Server and you upgrade Application Server from version 7 to version 8.x. The asupgrade utility migrates the Application Server 7 server1 instance into the Application Server 8.x server1 target running under a nodeagent. However, asupgrade changes the value of the virtual server from server1 in Application Server 7 to server in Application Server 8.x.


When you run the Delegated Administrator configuration program, config-commda , in the Application Server Preferences panel, specify these values for the target and virtual server:

  • Target: server1

  • Virtual Server: server

6376896, 6294603

Upgrading to Access Manager 7.0 without upgrading Delegated Administrator to version 6.4 (the current release) will cause user creation to fail.

Note –

This issue occurs only if you are currently running Delegated Administrator 6 2005Q1 (Java ES Release 3) or earlier. If you have installed Delegated Administrator version 6 2005Q4 (Java ES Release 4) or have already upgraded Delegated Administrator to version 6.4, this issue does not occur.

When you upgrade to Java Enterprise System Release 5, if you upgrade Access Manager from version 6.x to 7.0 but do not upgrade Delegated Administrator to version 6.4, user creation with mail or calendar service will fail.

The recommended way to solve this issue is to upgrade Delegated Administrator to version 6.4. If you have a compelling reason not to upgrade Delegated Administrator, take the steps described in the following workaround.


  1. Update the UserCalendarService.xml file, located by default in the following directory:


    In the UserCalendarService.xml file, mark the mail , icssubscribed, and icsfirstday attributes as optional instead of required.

  2. In Access Manager, remove the existing xml file by running the amadmin command, as in the following example:

    amadmin -u amadmin -w netscape -r UserCalendarService
  3. In Access Manager, add the updated xml file, as in the following example:

    amadmin -u amadmin -w netscape  
    -s /opt/SUNWcomm/lib/services/UserCalendarService.xml
  4. Restart the Web container.


The Delegated Administrator configuration program allows you to enter invalid values in the Domain Separator field.

In the configuration program, config-commda, you can enter invalid characters such as ^ in the Domain Separator field. You cannot log into the Delegated Administrator console using a login ID with the invalid domain-separator character.

Workaround: Edit the value of the commadminserver.domainseparator property in the file, located in the following default path:


Use a valid value such as @, -, or _.

Redeploy the edited file to the Web container used by the Delegated Administrator console.

Before the change can take effect, you must run the script that deploys the customized file to your Web container.

For instructions on how to deploy a customized properties file to a particular Web container, see To Deploy a Customized Configuration File in Sun Java System Delegated Administrator 6.4 Administration Guide.


Values in the files are overwritten when Delegated Administrator is reconfigured with the config-commda program.

If you configure an existing, configured installation of Delegated Administrator by running the config-commda program again, the properties in the file are reset to their default values.

For example, suppose you previously set the following properties to these values:



And then you ran config-commda. These properties would be reset to their default values, as follows:



This issue is of concern only if you have changed the Delegated Administrator configuration (if you have enabled plug-ins or modified the values of any properties in the file).

Workaround: If you need to upgrade Delegated Administrator, or if you need to rerun the config-commda program for any other reason, you can preserve your existing configuration by taking the following steps:

  1. Back up the file.

    The file is located in the following default path:

  2. Run the config-commda program.

  3. Edit the new file created by the config-commda program. Follow these steps.

    (The new file is located in the default path shown in 1. Back up the file, above.)

    1. Open the new file.

      Be sure to edit the file in the original (standard) location in the Delegated Administrator installation directory, not the file deployed to the Web container used by the Delegated Administrator server.

    2. Open your back-up copy of the file.

    3. Locate the properties that were customized in the back-up copy. Apply the customized values to the corresponding properties in the new file.

      Do not simply overwrite the new file with the entire back-up copy. The new file may contain new properties created to support this release of Delegated Administrator.

  4. Redeploy the edited file to the Web container used by the Delegated Administrator server.

    Before the change can take effect, you must run the script that deploys the customized file to your Web container.

    For instructions on how to deploy a customized properties file to a particular Web container, see To Deploy a Customized Configuration File in Sun Java System Delegated Administrator 6.4 Administration Guide.


If the first part of the default organization name created in the Delegated Administrator configuration program (config-commda) matches the root suffix name, the organization cannot be created.

When you run the config-commda program, if you specify a default organization DN whose first characters are same as the root suffix, a Name Collision error occurs. For example, if you create an organization named and the root suffix is o=isp, this error occurs.

Workaround: Run the config-commda program in silent install mode with a state file. In silent install mode, the configuration program does not validate the organization DN value, so the organization can be created.

Alternatively, make sure that the default organization DN does not start with the same string as the root suffix name.

Delegated Administrator Console and Command-Line Utilities

6485784, 2146157

The default postmaster created by the Messaging Server configure program cannot be modified.

If you try to modify fields in the User Properties page of the default postmaster created during the Messaging Server configuration, the change operation fails.

Note that, in this situation, the Delegated Administrator console was not used to allocate service packages to the postmaster's organization, and the postmaster user was not assigned a service package.

Workaround: Use either of the following methods to solve this issue:

  • In the Delegated Administrator console, allocate mail service packages to the organization; then assign a mail service package to the user.

  • Use the Delegated Administrator utility (the commadmin command) with the -S mail option to add mail service to the organization and the user.


When a service package has IMAPS enabled but IMAP access is disabled, the Delegated Administrator console displays it as having IMAP access disabled.

Assume there is a service package that provides access to IMAPS but not IMAP. For example:

mailuserallowedservice: +imaps:ALL$+smpts:ALL$+http:ALL

In the Delegated Administrator console, the Service Package page shows this service package with IMAP Access disabled.

A service package that has IMAP access enabled (such as the bronze service package) is displayed with IMAP enabled.


In the Create Group wizard in the Delegated Administrator console, an incorrect message appears instead of the Back to Top message.

When you search for users in the Create Group wizard—for example, when you are adding an internal member or owner—and you move the mouse over the “Back to Top” link, the tooltip message “Jump to xxx section” appears instead of “Back to Top.”


Attributes passed with the –A option of the commadmin command are ignored if the command also calls an input file containing attributes passed with –A.

This issue occurs if you run a commadmin command such as this one:

./commadmin user create -D tla -w pass -d <domain> 
-F test -L User -W pass -i /tmp/ -A preferredlanguage:es

And the input file,, contains attributes passed with the -A option. The result is that the -A option in the command line is ignored. In the example shown above, the preferredlanguage:es is not added.

Workaround: If any attributes are passed in the input file with the -A option, pass all values of -A in the input file. Do not also use -A in the command line.


An Organization Administrator (OA) can remove himself as an OA by modifying the organization Properties page.

If you log into the Delegated Administrator console as an OA, you can go to the organization's Properties page and remove yourself from the list of users with OA rights. No error occurs, and you can continue using the console. You should either be unable to remove yourself as an OA or be logged out as soon as you remove yourself.

Workaround: None.


An inappropriate error message is displayed when you use a domain name that conflicts with the name of a deleted domain.

This issue occurs if you create an organization with a domain name that is the same as the name of a deleted domain. (The organization name is different than the name of the deleted organization.) The following error message appears: Attribute uniqueness violated.

Workaround: Specify a new domain name.


When you add Dynamic members to a group In the Delegated Administrator console, you cannot test a manually constructed LDAP URL.

When you create a new group and add dynamic members to the group, you can either manually construct an LDAP URL or use the fields available in the drop-down menus to construct the LDAP URL. If you use the drop-down menus, you can click the Test LDAP URL button. If you manually construct the LDAP URL, this feature is disabled.


Using the browser or system controls in the Delegated Administrator console can generate unexpected results.

Workaround: Navigate only by using the built-in Delegated Administrator controls, such as the tabs, buttons, and navigation links provided on the page itself. Do not use browser or system controls, such as your browser's Back button or the Close icon on dialog windows.


An incorrect error message is displayed when you create a new user with a Login ID that is already in use.

When you create a new user with a unique email address but a login ID that is already used, the user is not created (which is the correct behavior), but the following error message is displayed: “Cannot create user — mail address already used.” The error message should say that the login ID is already used.

Workaround: None.


No indication when a User, Organization, or Group list page has finished loading.

If you click a button while a list page is loading, an error occurs.

Workaround: While the page is loading, a message asks you to wait. Do not click any buttons or links until the page is ready.


The advanced search feature does not return correct results for organizations.

This issue occurs if you perform the following steps:

  1. Select the Advanced Search feature.

  2. Select “Organizations” from the drop-down list.

  3. Click the Match All or Match Any radio button.

  4. Select an organization name from the drop-down list.

  5. Enter valid values in the text field.

  6. Click Search.

Instead of returning only the organizations that match the search criteria, Delegated Administrator displays all organizations.

Workaround: None.


Cannot modify non-ASCII groups.

If a group is created with a group name that contains non-ASCII characters, it cannot be modified with the commadmin group modify command.

For example, if a group with the non-ASCII characters XYZ is specified with the -G option in the commadmin group create command, an email address of XYZ is automatically added to the group’s LDAP entry. Since non-ASCII characters are not allowed in email addresses, modifying the group with commadmin group modify fails.

Workaround: Use the -E email option when creating a group. This option will specify the group’s email address. For example: commadmin group create -D admin -w password -d -G XYZ -S mail -E .

Delegated Administrator Localization and Globalization Issues

This section describes Delegated Administrator localization problems. No localization issue exist for this release.

Delegated Administrator Documentation

This section describes errors or incomplete information in the Delegated Administrator books and online help.

No Issue ID

The Delegated Administrator online help displays the current version as Communications Suite 5 Delegated Administrator instead of Delegated Administrator 6.4.


The Delegated Administrator online help for the Editing Group Properties page incorrectly documents the following UI fields: Add Header Field and Remove Header Field.

These UI fields are not implemented in Delegated Administrator. The LDAP attributes, mgrpAddHeader and mgrpAddHeader, are not provisioned through the Delegated Administrator console.


The Delegated Administrator online help incorrectly describes the Message Prefix Text field in the Create New Group wizard and Group Properties page.

The correct description is as follows:

Enter the text to be added to the beginning of the message text sent to the group. You must supply the formatting. That is, you must supply the CRLF where they belong in the text.


The Delegated Administrator online help incorrectly defines the Attachment Quota value in the Create New Organization wizard and Organization Properties page.

The online help describing the Mail Service Details panel in the Create New Organization wizard and the Mail Service section of the Organization Properties page states that the Attachment Quota field displays the “attachment size per message.” The online help tells the user to enter a maximum attachment quota size in kilobytes. This is incorrect.

The Attachment Quota sets the maximum number of attachments for each email message. For example, setting a value of 2 would allow users to attach no more than two files to a message. The size of each attachment is not affected by this attribute.


Delegated Administrator online help erroneously states that you can use “>” and “<” signs when searching for organizations.

The “Searching Organizations” online help topic contains the following erroneous statement: “You can also search for organizations with values greater than or less than the value entered in the text box by entering a > or < sign before the value.”

You cannot search for greater-than or less-than values when searching for organizations.


Delegated Administrator online help does not explain that the Login ID must be in ASCII characters.

When you enter a Login ID when creating a new user or editing user properties in the Delegated Administrator console, the online help should read as follows:

Login ID. Enter the user's login ID. Values entered in this field are limited to ASCII characters.


Access Manager online help does not explain that unselecting the Compliance User Deletion option causes problems when deleting mail and calendar users with the Delegated Administrator delete commands.

The Access Manager Administration Console option, Compliance User Deletion, must be selected to enable the Delegated Administrator console delete and commadmin delete operations to successfully delete users, groups, and resources.

The Access Manager Compliance User Deletion option should be documented as follows:

Specifies whether a user's entry will be deleted, or just marked as deleted, from the directory. This attribute is only applicable when Access Manager is installed in legacy mode.

When a user's entry is deleted and this option is selected (true), the user's entry will still exist in the directory, but will be marked as deleted. After the user entry is marked for deletion, you can permanently remove it from the directory by using the Communications Suite Delegated Administrator commadmin domain purge command.

Messaging Server and Calendar Server require this option to be selected to properly maintain the integrity of their databases with respect to the user data in the directory.

User entries that are marked for deletion are not returned during Access Manager searches of the Directory Server.

If this option is not selected, the user's entry will be deleted from the directory. Deleting a Messaging Server or Calendar Server user's entry when this option is not selected can cause the user's mailbox or calendar to be orphaned.