You can modify calendar, mail, and address book configuration parameters as explained in the following tables.
Configuring the Messenger Express Parameters in uwcconfig.properties File
Configuring Access Manager Parameters in uwcauth.properties File
Configuring User Lookup Parameters for User/Group in uwcauth.properties File
Configuring the Calendar Server Parameters in uwcconfig.properties File
Configuring the Address Book Personal Store Parameters in db_config.properties file
Configuring Corporate Directory Parameters db_config.properties File
Configuring Secure Socket Layer (SSL)
Refer to Chapter 1, Overview of Communications Express for more mail, calendar, and address book configurable parameters.
Parameter |
Default Value |
Description |
---|---|---|
Specifies whether Messenger Express is deployed. The parameter is set when you run the configuration wizard. The attribute is set to “true” if Messenger Express is deployed. |
||
Specifies the host name of the machine on which Messenger Express is deployed. The host name of Messenger Express should correspond to the machine name on which Web Server is deployed. |
||
webmail.port |
Specifies the port number Messenger Express HTTP Server listens to. |
You may edit the parameters mentioned in Table 3-2 when the Authentication LDAP Server is different from the User/Group LDAP.
Table 3–2 LDAP Auth Filter Parameters
Parameter |
Default Value |
Description |
---|---|---|
ldapauth.ldaphost |
Specifies the LDAP host value. Normally the ldapauth.ldaphost value is the same as the ldapusersession value. You can set it to a different value, if required. |
|
ldapauth.ldapport |
Specifies the ldap port number. |
|
ldapauth.dcroot |
Specifies the DC root for the authentication tree. |
|
ldapauth.domainattr |
inetDomainBaseDN,inetDomainStatus,inetDomainSearchFilter,domainUidSeparator,preferredLanguage |
Specifies the list of attributes to be retrieved from the domain entry in which the user is authenticated. |
ldapauth.domainfilter |
(|(objectclass=inetDomain)(objectclass=inetDomainAlias)) |
Specifies the filter based on which the domain entry is retrieved. |
ldapauth.ldapbinddn |
Specifies the User DN of the user binding to the authentication LDAP. |
|
ldapauth.ldapbindcred |
Specifies the password of the user binding to the authentication LDAP. |
|
ldapauth.enablessl |
false |
Specifies whether the directory against which authentication is to be performed is in SSL mode. Change the default value to “true” to setup a secure LDAP connection. |
Table 3–3 LDAP User Group Parameters
Parameters |
Default Value |
Description |
---|---|---|
ldapusersession.ldaphost |
Specifies the hostname of the user group directory server. |
|
ldapusersession.ldapport |
Specifies the port number of the user/group directory server. |
|
ldapusersession.ldapbinddn |
Specifies the UserDN of the admin binding to the user/ group directory server. |
|
ldapusersession.ldapbindcred |
Specifies the password of the admin binding to the user tree. |
|
ldapusersession.dcroot |
Specifies the Domain Component (DC) tree in the user/group LDAP that is used to resolve a user entry in Sun Java System LDAP Schema v.1. |
Parameter |
Default Value |
Description |
---|---|---|
uwcauth.identity.enabled |
Specifies whether Identity Sever is enabled. The attribute is set to “true” if Access Manager’s single sign-on mechanism is used for authentication. |
|
uwcauth.identity.naming.url |
Specifies the Access Manager naming URL. For Example, uwcauth.identity.naming.url= protocol ://hostname:port Context URI |
|
uwcauth.identity.binddn |
Specifies the complete Distinguished Name (DN) of the amAdmin user. For example, uid=amadmin, ou=People, o=siroe.com |
|
uwcauth.identity.bindcred |
Specifies the amAdmin password. |
It is mandatory to configure uwcauth.identity.naming.url, uwcauth.identity.binddn, uwcauth.identity.bindcred, when uwcauth.identity.enabled value is set to “true.”
Parameter |
Default Value |
Description |
---|---|---|
ldapusersession.defaultugfilter |
uid@domain |
Specifies the default filter syntax to be used when retrieving the user entry. |
ldapusersession.ldappoolmin |
30 |
Specifies the minimum number of LDAP user connections to be created for a user/group LDAP. |
ldapusersession.ldappoolmax |
100 |
Specifies the maximum number of LDAP user connections to be created for a user/group LDAP. Enter an optimum value to suit your deployment’s requirement. |
ldapusersession.lookthru_limit |
1000 |
Specifies the search query limit for a search. |
Ensure that the Proxy Authentication and Anonymous Access is enabled in Sun Java™ System Calendar Server.
To enable Proxy Authentication and Anonymous Access, configure the following Calendar Server parameters in the calendar configuration, ics.config, file:
service.http.allowadminproxy = ”yes”
service.http.admins = includes-the-value-specified-for- calendar.wcap.adminid-in-uwcconfig.properties.
service.admin.calmaster.userid = the-value-specified-for- calendar.wcap.adminid-in-uwcconfig.properties
service.admin.calmaster.cred = the-value-specified-for- calendar.wcap.passwd-in-uwcconfig.properties
service.wcap.anonymous.allowpubliccalendarwrite = "yes"
service.http.allowanonymouslogin = "yes"
service.calendarsearch.ldap = "no"
For more information on enabling Proxy Authentication and instructions on configuring the Calendar Server parameters, refer to Sun Java System Calendar Server Administration Guide
Parameter |
Default Value |
Description |
---|---|---|
true |
Specifies whether the calendar module is deployed. The parameter is set when you run the configuration wizard. The attribute is set to “true” if calendar is deployed. |
|
Specifies the host name of the WCAP server. |
||
Specifies the port number WCAP listens to. |
||
calendar.wcap.adminid |
Specifies the Admin ID for the WCAP Sever. |
|
Specifies the Admin Password for the WCAP Server. |
Ensure that the Calendar Admin User ID value you have assigned to calendar.wcap.adminid is the same as the service.admin.calmaster.userid value mentioned in Calendar Server’s ics.conf file.
Ensure that the corresponding user entry for Calendar Admin User ID exists on LDAP server.
Table 3-7 lists the default Address Book personal store configuration parameters in db_config.properties file.
The file can be accessed from:
uwc-deployed-path/WEB-INF/config/ldappstore/
Table 3–7 Personal Address Book Personal Store Parameters
Parameter |
Default Value |
Description |
---|---|---|
Specifies the LDAP host for the Personal Address Book (PAB) Store. |
||
Specifies the port for the Store. |
||
Specifies the DN used to bind to the Personal Address Book Store. It is mandatory to enter this value if the login type is “restricted” or “proxy.” If the login type is “anonymous” you need not enter a value for this parameter. |
||
Specifies the password for the DN used to bind to the Personal Address Book Store. |
||
restricted |
Specifies the method using which the connection to the LDAP store is maintained. You can assign the following three values to this parameter: anon - to connect to the LDAP as an anonymous user restricted - to connect as a user who has the rights to perform operations on the Address Book Store. proxy - to masquerade as a user who can perform operations on the Address Book Store. Assigning this value enhances performance as it bypasses the LDAP bind on each operation. NOTE: It is recommended that the user masquerading here have admin level ACLs. |
|
4 |
Specifies the minimum number of LDAP client connections maintained for Personal Address Book Store. |
|
12 |
Specifies the maximum number of LDAP client connections maintained for Personal Address Book Store. |
|
10 |
Specifies the number of seconds before timing out an LDAP connection. Increase this value to accommodate large search results. |
|
1000 |
Specifies the search query limit for a search. |
|
delete_perm |
true |
Enables contact/group entries to be marked for deletion or deleted permanently. Set the parameter to false to mark the contacts/groups for deletion. Set the parameter to true to permanently delete the contacts and groups. |
Table 3-8 lists the default corporate directory parameters in db_config.properties file. By default, all the LDAP related information is set based on the values mentioned for user/group directory.
The db_config.properties file can be accessed from:
WEB-INF/config/corp-dir/
Table 3–8 Corporate Directory Parameters
Parameter |
Default Value |
Description |
---|---|---|
Specifies the LDAP host for the Corporate Directory. |
||
Specifies the Port for the Corporate Directory. |
||
Specifies the DN used to bind to the Corporate Directory. If the login type is “restricted” or “proxy” it is mandatory to assign a value to defaultserver.ldapbinddn. If the login type is “anonymous,” you need not enter a value for this parameter. |
||
Specifies the bind password. |
||
uid |
Specifies the key in corporate directory used to identify a contact/group entry. You can set the entry_id to the UID or a key used to fetch the contact/group information, such as, empid or principal ID. In the xlate-inetorgperson.xml file replace “uid” in <entry entryID= “db:uid”\> with the entry_id value specified here. |
|
restricted |
Specifies the method using which the connection to the LDAP store is maintained. You can assign the following three values to this parameter: anon - to connect to the LDAP as an anonymous user. restricted - to connect as a user who has the rights to perform operations on the Address Book Store. proxy - to masquerade as a user who can perform operations on the Address Book Store. Assigning this value enhances performance as it bypasses the LDAP bind on each operation. NOTE: A Read only access is given to a masquerading user. |
|
1 |
Specifies the minimum number of LDAP client connections maintained for Corporate Directory. |
|
4 |
Specifies the maximum number of LDAP client connections maintained for Corporate Directory. |
|
10 |
Specifies the number of seconds before timing out an LDAP connection. Increase this value to accommodate large search results. |
|
1000 |
Specifies the search query limit for a search. |
Corporate Directory maintains two xlate files in the format xlate-objectclass-name.xml.
xlate-inetorgperson.xml for contacts
xlate-groupofuniquemembers.xml for groups
In xlate-objectclass-name .xml, objectclass-name represents the object class identifying a particular LDAP entry type. For example, xlate-inetorgperson.xml is an object class used to identify a contact, and groupofuniquemembers is an object class used to identify a group in Sun Java System Directory Server.
The xlate files contains the field mappings between an LDAP schema and the address book XML schema for a contact or group. The mapping is defined in terms of XML nodes. For example,
ab-xml-schema-keydb:LDAPField /ab-xml-schema-key
Where,
ab-xml-schema-field is the value, address book uses in the code.
LDAPField is the corresponding field name in LDAP.
You need to provide an appropriate field name for LDAPField. The value assigned to LDAPField should correspond to the value of LDAPField existing in your corporate directory LDAP schema.
Code Example 3-1 is an example of xlate-inetorgperson.xml file:
<abperson uid="db:uid"\> <entry entryID="db:uid"\> <displayname\>db:cn</displayname\> <description\>db:multilineDescription</description\> <creationdate\>db:createtimestamp</creationdate\> <lastmodifieddate\>db:modifytimestamp</lastmodifieddate\> </entry\> <person\> <givenname\>db:givenname</givenname\> <surname\>db:sn</surname\> </person\> <organization\> <company\>db:company</company\> <organizationalunit\>db:ou</organizationalunit\> <location\> <building\>db:buildingnum</building\> <floor\>db:iplanetbuildinglev</floor\> <office\>db:roomNumber</office\> </location\> <title\>db:title</title\> <manager\>db:manager</manager\> <secretary\>db:secretary</secretary\> </organization\> <phone priority="1" type="work"\>db:telephoneNumber</phone\> <phone priority="2" type="fax"\>db:facsimileTelephoneNumber</phone\> <phone priority="3" type="mobile"\>db:mobile</phone\> <phone priority="4" type="home"\>db:homePhone</phone\> <phone priority="5" type="pager"\>db:pager</phone\> <email priority="1" type="work"\>db:mail</email\> <im priority="1" service="SunONE"\>db:uid</im\> <im priority="2" service="AIM"\>db:aimscreenname</im\> <im priority="3" service="ICQ"\>db:icqnumber</im\> <postaladdress type="home"\> <street\>db:homePostalAddress</street\> </postaladdress\> <postaladdress type="work"\> <street\>db:postaladdress</street\> </postaladdress\> <weburl priority="1"\> <urladdr\>db:labeleduri</urladdr\> <description\>URL</description\> </weburl\> <weburl priority="2"\> <urladdr\>db:homepage</urladdr\> <description\>Home URL</description\> </weburl\> <calendar type="calendar"\> <urladdr\>db:caluri</urladdr\> </calendar\> </abperson\> |
You can configure the Web Server on which Communications Express is deployed in SSL mode. For information on how to configure the Web Server on which Communications Express is deployed in SSL mode, refer to Sun ONE Web Server Administrator’s Configuration File Reference
Edit the following configuration parameters in uwc-deployed-path /WEB-INF/config/uwcauth.properties:
You need to set the local.webmail.sso.uwcport Messenger Express parameter value to the SSL port-number of the Web Server in which Communications Express is deployed.
For example,
local.webmail.sso.uwcport=SSL port-number of the webserver in which communications express is deployed
Set uwcauth.ssl.enabled to “false” in uwcauth.properties file.
Set uwcauth.https.port to the SSL port number of the Web Server in which Communications Express is deployed.
Set uwcauth.ssl.authonly to “true.”
The two parameters, uwcauth.ssl.authonly and uwcauth.ssl.enabled are mutually exclusive .
Messaging SSO is not supported in SSL.