The steps described in this section walk you through configuring Delegated Administrator.
To run the configuration program, log in as (or become) root and go to the /opt/SUNWcomm/sbin directory. Then enter the command:
| # ./config-commda | 
Once you run the config-commda command, the configuration program starts.
The sections that follow lead you through the configuration panels.
You must enter the information requested in the first configuration-program panels.
 To start the configuration
To start the configurationWelcome
The first panel in the configuration program is a copyright page. Click Next to continue or Cancel to exit.
Select directory to store configuration and data files
Select the directory where you want to store the Delegated Administrator configuration and data files. The default configuration directory is /var/opt/SUNWcomm. This directory should be separate from the da_base directory (/opt/SUNWcomm).
Enter the name of the directory, or keep the default and click Next to continue.
If the directory does not exist, a dialog appears asking if you want to create the directory or choose a new directory. Click Create Directory to create the directory or Choose New to enter a new directory.
A dialog appears indicating that the components are being loaded. This may take a few minutes.
Select components to configure
Select the component or components you want to configure on the Components Panel.
Delegated Administrator Utility (client)—the command-line interface invoked with commadmin. This component is required and is selected by default. It cannot be deselected.
Delegated Administrator Server—the Delegated Administrator server components required to run the Delegated Administrator console.
Delegated Administrator Console—the Delegated Administrator graphical user interface (GUI).
Click Next to continue, Back to return to the previous panel, or Cancel to exit.
For more information about how to choose components, see Choose Which Components to Configure
If you choose not to configure the Delegated Administrator server, a dialog box cautions you that you must configure the Delegated Administrator Server on another machine. The server must be configured to enable the Delegated Administrator utility and console to work.
You must configure the Delegated Administrator utility on all machines on which you install a Delegated Administrator component (server or console).
 To configure the Delegated Administrator Utility
To configure the Delegated Administrator UtilityAccess Manager host name and port number
Enter the Access Manager (formerly called Identity Server) host name and port number. If you are installing the Delegated Administrator server component, you must install it on the same host as Access Manager.
Click Next to continue, Back to return to the previous panel, or Cancel to exit.
Default domain
Enter the default domain for the Top-Level administrator. This is the domain used when a domain is not explicitly specified by the -n option when executing the commadmin command-line utility. This is also known as the default organization. If the domain specified does not exist in the directory, it will be created.
Click Next to continue, Back to return to the previous panel, or Cancel to exit.
Default SSL port for client
Enter the default SSL port that the Delegated Administrator utility uses.
Click Next to continue, Back to return to the previous panel, or Cancel to exit.
If you chose to configure only the Delegated Administrator utility, go on to
If you chose to configure both the Delegated Administrator console and the server, or if you chose to configure the console only, go on to
Configuring the Delegated Administrator Console
If you chose to configure the Delegated Administrator server only (together with the required Delegated Administrator utility), go on to
The configuration program now displays the following panel:
Select a Web Container for Delegated Administrator
Select the Web container on which you will deploy the Delegated Administrator console. You can configure Delegated Administrator on
Sun Java System Web Server
Sun Java System Application Server 7.x
Sun Java System Application Server 8.x
Click Next to continue, Back to return to the previous panel, or Cancel to exit.
This panel and the panels that follow gather information about the Web container for the Delegated Administrator console. Follow the instructions in the appropriate section:
You can deploy the Delegated Administrator console and server on two different Web containers, on two different instances of the Web container, or on the same Web container.
If you chose to configure both the Delegated Administrator console and Delegated Administrator server in Panel 3, a second series of panels will ask for Web container information for the server.
Thus, you will see the Web container configuration panels twice. Follow the appropriate instructions for deploying each of the Delegated Administrator components.
When you complete the Web container configuration panels:
If you chose to configure both the Delegated Administrator console and the server, go on to
If you chose to configure the Delegated Administrator console only (together with the required Delegated Administrator utility), go on to
If you are deploying the Delegated Administrator server or console on Web Server, follow the steps described in this section.
 To Configure Web Server
To Configure Web ServerWeb Server Configuration Details
The panel text tells you if you are providing Web Server configuration information for the Delegated Administrator server or console.
Enter the Web Server root directory. You can browse to select the directory.
Enter the Web Server instance identifier. This is can be specified by a host.domain name such as west.sesta.com.
Enter the virtual server identifier. This can be specified by a https-host.domain name such as https-west.sesta.com.
For more information about the Web Server instance identifier and virtual server identifier, see the Web Server documentation.
Files for the Web Server instance are stored in the https-host.domain directory under the Web Server installation directory, for example /opt/SUNWwbsvr/https-west.sesta.com.
Enter the HTTP port number for the Web Server.
Click Next to continue, Back to return to the previous panel, or Cancel to exit.
The configuration program checks if the values you specified are valid. If a directory or identifier is invalid or does not exist, a dialog box tells you to choose a new value.
Next, the configuration program checks if a Web Server instance connection is alive. If not, a dialog box warns you that the configuration program could not connect to the specified instance and your configuration may not be completed. You can accept the specified values or choose new Web Server configuration values.
Default Domain Separator
This panel appears only if you are configuring the Delegated Administrator console. The domain separator is needed to configure the console; this information is not related to the Web container.
Enter the default domain separator to be used for authentication when the user logs on. For example: @.
The domain separator value is contained in the daconfig.properties file. You can edit this property value after the configuration program runs. For more information, see Chapter 4, Customizing Delegated Administrator.
If you are configuring the Delegated Administrator console:
If you chose to configure both the Delegated Administrator console and the server, go on to
If you chose to configure the Delegated Administrator console only (together with the required Delegated Administrator utility), go on to
If you are configuring the Delegated Administrator server:
Go on to
If you are deploying the Delegated Administrator server or console on Application Server 7.x, follow the steps described in this section.
 To configure Application Server 7.x
To configure Application Server 7.x
Application Server 7.x Configuration Details
The panel text tells you if you are providing Application Server 7.x configuration information for the Delegated Administrator server or console.
Enter the Application Server installation directory. By default, this directory is /opt/SUNWappserver7.
Enter the Application Server domain directory. By default, this directory is /var/opt/SUNWappserver7/domains/domain1.
Enter the Application Server document root directory. By default, this directory is/var/opt/SUNWappserver7/domains/domain1/server1/docroot.
You can browse to select any of these directories.
Enter the Application Server instance name. For example: server1.
Enter the Application Server virtual server identifier. For example: server1.
Enter the Application Server instance HTTP port number.
Click Next to continue, Back to return to the previous panel, or Cancel to exit.
The configuration program checks if the directories you specified are valid. If a directory is invalid or does not exist, a dialog box tells you to choose a new directory.
Next, the configuration program checks if an Application Server instance connection is alive. If not, a dialog box warns you that the configuration program could not connect to the specified instance and your configuration may not be completed. You can accept the specified values or choose new Application Server configuration values.
Application Server 7.x: Administration Instance Details
Enter the Administration Server port number. For example: 4848
Enter the Administration Server administrator user ID. For example: admin
Enter the administrator user password.
If you are using a secure Administration Server instance, check the Secure Administration Server Instance box. If you are not, leave the box unchecked.
Click Next to continue, Back to return to the previous panel, or Cancel to exit.
Default Domain Separator
This panel appears only if you are configuring the Delegated Administrator console. The domain separator is needed to configure the console; this information is not related to the Web container.
Enter the default domain separator to be used for authentication when the user logs on. For example: @.
If you are configuring the Delegated Administrator console:
If you chose to configure both the Delegated Administrator console and the server, go on to
If you chose to configure the Delegated Administrator console only (together with the required Delegated Administrator utility), go on to
If you are configuring the Delegated Administrator server:
Go on to
If you are deploying the Delegated Administrator server or console on Application Server 8.x, follow the steps described in this section.
 To configure Application Server 8.x
To configure Application Server 8.x
Application Server 8.x Configuration Details
The panel text tells you if you are providing Application Server 8.x configuration information for the Delegated Administrator server or console.
Enter the Application Server installation directory. By default, this directory is /opt/SUNWappserver/appserver.
Enter the Application Server domain directory. By default, this directory is /var/opt/SUNWappserver/domains/domain1.
Enter the Application Server document root directory. By default, this directory is /var/opt/SUNWappserver/domains/domain1/docroot.
You can browse to select any of these directories.
Enter the Application Server target name. For example: server.
Enter the Application Server virtual server identifier. For example: server.
Enter the Application Server target HTTP port number.
Click Next to continue, Back to return to the previous panel, or Cancel to exit.
The configuration program checks if the directories you specified are valid. If a directory is invalid or does not exist, a dialog box tells you to choose a new directory.
Next, the configuration program checks if an Application Server target connection is alive. If not, a dialog box warns you that the configuration program could not connect to the specified target and your configuration may not be completed. You can accept the specified values or choose new Application Server configuration values.
Application Server 8.x: Administration Instance Details
Enter the Administration Server port number. For example: 4849
Enter the Administration Server administrator user ID. For example: admin
Enter the administrator user password.
If you are using a secure Administration Server instance, check the Secure Administration Server Instance box. If you are not, leave the box unchecked.
Click Next to continue, Back to return to the previous panel, or Cancel to exit.
Default Domain Separator
This panel appears only if you are configuring the Delegated Administrator console. The domain separator is needed to configure the console; this information is not related to the Web container.
Enter the default domain separator to be used for authentication when the user logs on. For example: @.
If you are configuring the Delegated Administrator console:
If you chose to configure both the Delegated Administrator console and the server, go on to
If you chose to configure the Delegated Administrator console only (together with the required Delegated Administrator utility), go on to
If you are configuring the Delegated Administrator server:
Go on to
If you chose to configure the Delegated Administrator server, the configuration program displays the following panels.
 To configure Delegated Administrator Server
To configure Delegated Administrator ServerAccess Manager base directory
Enter the Access Manager Base Directory. The default directory is /opt/SUNWam.
Click Next to continue, Back to return to the previous panel, or Cancel to exit.
The configuration program checks if a valid Access Manager base directory is specified. If not, a dialog box displays indicating that an existing Access Manager base directory must be selected.
Next, a Web container Configuration Details panel appears.
If you chose to configure the console and server, this is the second time a Web container Configuration Details panel appears.
The Delegated Administrator server is deployed to the same Web container as Access Manager. (You cannot choose a Web container for the Delegated Administrator server.)
Follow the instructions in the appropriate section:
Directory (LDAP) Server
This panel asks for information about connecting to the LDAP Directory Server for the user/group suffix.
Enter the User and Group Directory Server LDAP URL (LdapURL), Directory Manager (Bind As), and password in the text boxes.
The Directory Manager has overall administrator privileges on the Directory Server and all Sun Java System servers that make use of the Directory Server (for example, Delegated Administrator) and has full administration access to all entries in the Directory Server. The default and recommended Distinguished Name (DN) is cn=Directory Manager.
Click Next to continue, Back to return to the previous panel, or Cancel to exit.
Access Manager Top Level Administrator
Enter the user ID and password for the Access Manager Top-Level Administrator. The user ID and password are created when Access Manager is installed. The default user ID is amadmin.
Click Next to continue, Back to return to the previous panel, or Cancel to exit.
Access Manager internal LDAP authentication password
Enter the password for the Access Manager Internal LDAP authentication user.
The authentication user name is hard-coded as amldapuser. It is created by the Access Manager installer and is the Bind DN user for the LDAP service.
Click Next to continue, Back to return to the previous panel, or Cancel to exit.
Organization Distinguished Name (DN)
Enter the Organization DN for the default domain. For example, if your organization DN is o=siroe.com, all the users in that organization will be placed under the LDAP DN o=siroe.com, o=usergroup, where o=usergroup is your root suffix.
By default, the configuration program adds the default domain under the root suffix in the LDAP directory.
If you want to create the default domain at the root suffix (not underneath it), delete the organization name from the DN that appears in the Organization Distinguished Name (DN) text box.
For example, if your organization DN is o=siroe.com and your root suffix is o=usergroup, delete “o=siroe.com” from the DN in the text box; leave only o=usergroup.
If you choose to create the default domain at the root suffix, and if you later decide to use hosted domains, it can be difficult to migrate to the hosted-domain configuration. The config-commda program displays the following warning:
“The Organization DN you chose is the User/Group Suffix. Although this is a valid choice, if you ever decide to use hosted domains, there will be difficult migration issues. If you do wish to use hosted domains, then specify a DN one level below the User/Group suffix.”
For more information, see Directory Structure Supporting a One-Tiered Hierarchy.
Click Next to continue, Back to return to the previous panel, or Cancel to exit.
Top-Level Administrator for the default organization
Enter the user ID and password for the Top-Level Administrator that is to be created in the default domain (organization).
A Confirm Passwordfield asks you to enter the password a second time.
Click Next to continue, Back to return to the previous panel, or Cancel to exit.
Service Package and Organization Samples
You can choose to add sample service packages and sample organizations to your LDAP directory.
Load sample service packages. Select this option if you want to use or modify sample service package templates to create your own Class-of-Service packages.
Load sample organizations. Select this option if you want your LDAP directory tree to contain sample provider organization nodes and subordinate organization nodes.
You can select
Both the sample service packages and the sample organizations
Only one of these options
Neither option
Preferred Mailhost for Sample. Enter the name of the machine on which Messaging Server is installed.
For example: mymachine.siroe.com
If you chose to load the sample organizations into your LDAP directory, you must enter a preferred mail host name for these samples.
For information about service packages and organizations, see Chapter 2: “Delegated Administrator Overview.”
After you run the configuration program, you must modify the service package templates to create your own Class-of-Service packages. For information about this post-configuration task, see Create Service Packages.
Take the steps described in this section to finish running the configuration program.
 To complete the configuration
To complete the configurationReady to Configure
The verification panel displays the items that will be configured.
Click Configure Now to begin the configuration, Back to return to any previous panel to change information, or Cancel to exit.
Task Sequence
A sequence of tasks being performed is displayed on the Task Sequence Panel. This is when the actual configuration takes place.
When the panel displays “All Tasks Passed” you can click Next to continue or Cancel stop the tasks from being performed and exit.
A dialog box appears reminding you to restart the Web container in order for configuration changes to take effect.
Installation Summary
The Installation Summary panel displays the product installed and a Details... button that displays more information about this configuration.
A log file for the config-commda program is created in the /opt/SUNWcomm/install directory. The name of the log file is commda-config_YYYYMMDDHHMMSS.log, where YYYYMMDDHHMMSS identifies the 4-digit year, month, date, hour, minute, and second of the configuration.
Click Close to complete the configuration.
After you complete the Delegated Administrator configuration, you must restart the Web container to which Delegated Administrator is deployed (one of the following):
Web Server
Application Server 7.x
Application Server 8.x
Using the information you provided in the panels, the config-commda program creates the following configuration files for the three Delegated Administrator components:
Delegated Administrator utility:
Configuration file name: cli-usrprefs.properties
Default location: /var/opt/SUNWcomm/config
Delegated Administrator server:
Configuration file name: resource.properties
Default location:
/opt/SUNWcomm/WEB-INF/classes/sun/comm/cli/server/servlet
or
/var/opt/SUNWcomm/WEB-INF/classes/sun/comm/cli/server/servlet
Delegated Administrator console:
Configuration file name: daconfig.properties
Default location:
/opt/SUNWcomm/WEB-INF/classes/com/sun/comm/da/resources
or
/var/opt/SUNWcomm/WEB-INF/classes/com/sun/comm/da/resources
For information about these files, the properties they contain, and how to edit these properties to customize your configuration, see Chapter 4, Customizing Delegated Administrator.
The Delegated Administrator console creates a runtime log file:
Default log file name: da.log
Default location: /opt/SUNWcomm/log
For more information about this and other Delegated Administrator log files, see Appendix C, Debugging Delegated Administrator.