Sun Java System Communications Express 6 2005Q1 Administration Guide |
Chapter 3
Configuration DetailsThis chapter describes the configuration details for Communications Express.
Communications Express Configuration FilesCommunication Express maintains the configuration parameters in the following files:
- The uwcauth.properties file maintains the authentication, user/group access, and single sign-on related parameters. The uwcauth.properties file is located at : uwc-deployed-path/WEB-INF/config/
- The uwcconfig.properties file maintains the calendar, mail, and address book related configuration parameters. The uwcconfig.properties file is located at: uwc-deployed-path/WEB-INF/config/
- The db_config.properties file is used to define the address book store configuration details. By default, Communications Express deploys two types of db_config.properties file.
- Personal address book store. The personal address book store configuration file resides under uwc-deployed-path/WEB-INF/config/ldappstore/db_config.properties.
- Corporate address book store. The Corporate address book store configuration file resides under uwc-deployed-path/WEB-INF/config/corp-dir/db_config.properties
All configuration files are ASCII text files, with each line defining a parameter and its associated value in the following format:
parameter=value
The parameters are initialized when configuring Communications Express. After installation, you can edit the file using a text editor.
To Edit the Configuration file
- Login as a user having modify permissions.
- Change to the directory where the .properties file is located.
- Edit the parameters using a text editor.
Conventions for parameters are:
- All parameters and their associated value(s) must be separated by an equal sign (=). Spaces or tabs are allowed before or after the equal sign.
For example:
uwc-user-attr-sunUCDefaultApplication=calendar
- A comment line begins with an exclamation point(!).
Some of the configuration parameters are commented out using exclamation points by default. To use these parameters, you must remove the exclamation point, change the value (if required).
- Restart the Web Server or the App Server for the new configuration values to take effect.
Configuration Parameter Details
You can modify calendar, mail, and address book configuration parameters as explained in the following tables.
Refer to Chapter 4, "Implementing Single Sign-On," for more mail, calendar, and address book configurable parameters.
Configuring the Messenger Express Parameters in uwcconfig.properties File
Configuring Directory Server Related Parameters for Sun Java System LDAP Schema v.1 in uwcauth.properties File
You may edit the parameters mentioned in Table 3-2 when the Authentication LDAP Server is different from the User/Group LDAP.
Configuring Identity Server Parameters in uwcauth.properties File
Note
It is mandatory to configure uwcauth.identity.naming.url, uwcauth.identity.binddn, uwcauth.identity.bindcred, when uwcauth.identity.enabled value is set to “true.”
Configuring User Lookup Parameters for User/Group in uwcauth.properties File
Configuring the Calendar Server Parameters in uwcconfig.properties File
Note
Ensure that the Proxy Authentication and Anonymous Access is enabled in Sun Java System Calendar Server.
To enable Proxy Authentication and Anonymous Access, configure the following Calendar Server parameters in the calendar configuration, ics.config, file:
- service.http.allowadminproxy = ”yes”
- service.http.admins = includes-the-value-specified-for- calendar.wcap.adminid-in-uwcconfig.properties.
- service.admin.calmaster.userid = the-value-specified-for- calendar.wcap.adminid-in-uwcconfig.properties
- service.admin.calmaster.cred = the-value-specified-for- calendar.wcap.passwd-in-uwcconfig.properties
- service.wcap.anonymous.allowpubliccalendarwrite = "yes"
- service.http.allowanonymouslogin = "yes"
- service.calendarsearch.ldap = "no"
For more information on enabling Proxy Authentication and instructions on configuring the Calendar Server parameters, refer to Sun Java System Calendar Server Administration Guide at http://docs.sun.com/doc/817-5697
Configuring the Address Book Personal Store Parameters in db_config.properties file
Table 3-7 lists the default Address Book personal store configuration parameters in db_config.properties file.
The file can be accessed from:
uwc-deployed-path/WEB-INF/config/ldappstore/
Configuring Corporate Directory Parameters db_config.properties File
Table 3-8 lists the default corporate directory parameters in db_config.properties file. By default, all the LDAP related information is set based on the values mentioned for user/group directory.
The db_config.properties file can be accessed from:
WEB-INF/config/corp-dir/
Corporate Directory maintains two xlate files in the format xlate-objectclass-name.xml.
In xlate-objectclass-name.xml, objectclass-name represents the object class identifying a particular LDAP entry type. For example, xlate-inetorgperson.xml is an object class used to identify a contact, and groupofuniquemembers is an object class used to identify a group in Sun Java System Directory Server.
The xlate files contains the field mappings between an LDAP schema and the address book XML schema for a contact or group. The mapping is defined in terms of XML nodes. For example,
ab-xml-schema-keydb:LDAPField/ab-xml-schema-key
Where,
ab-xml-schema-field is the value, address book uses in the code.
LDAPField is the corresponding field name in LDAP.
You need to provide an appropriate field name for LDAPField. The value assigned to LDAPField should correspond to the value of LDAPField existing in your corporate directory LDAP schema.
Code Example 3-1 is an example of xlate-inetorgperson.xml file:
Code Example 3-1 Default Contents of xlate-introgperson
<phone priority="3" type="mobile">db:mobile</phone>
<phone priority="4" type="home">db:homePhone</phone>
<phone priority="5" type="pager">db:pager</phone>
<email priority="1" type="work">db:mail</email>
<im priority="1" service="SunONE">db:uid</im>
<im priority="2" service="AIM">db:aimscreenname</im>
<im priority="3" service="ICQ">db:icqnumber</im>
<postaladdress type="home">
<street>db:homePostalAddress</street>
</postaladdress>
<postaladdress type="work">
<street>db:postaladdress</street>
</postaladdress>
<weburl priority="1">
<urladdr>db:labeleduri</urladdr>
<description>URL</description>
</weburl>
<weburl priority="2">
<urladdr>db:homepage</urladdr>
<description>Home URL</description>
</weburl>
<calendar type="calendar">
<urladdr>db:caluri</urladdr>
</calendar>
</abperson>
Configuring Secure Socket Layer (SSL)
You can configure the Web Server on which Communications Express is deployed in SSL mode. For information on how to configure the Web Server on which Communications Express is deployed in SSL mode, refer to Sun ONE Web Server Administrator’s Configuration File Reference at http://docs.sun.com/db/coll/S1_websvr61_en
To Use Communications Express in the SSL mode
To Configure Communications Express for SSL, for Authentication Only
Supporting Horizontal Scalability of Addressbook Server
In the previous release of the Sun Java System Communications Express, the Personal Address Book entries for a particular domain was stored in a single LDAP location that was represented by the defaultserver instance defined in the db_config.properties file. The db_config.properties file existed in the directory pointed by the personalstore.properties for the domain. For example, uwc-install/WEB-INF/config/ldappstore.
This deployment was unable to scale to support large number of users and contacts per Personal Address Book. To overcome this limitation, the psRoot attribute in Sun Java System Communications Express 6.2, enables the administrator provision users so that PAB data for different users can be is spread across different LDAP locations.
For example, ldap://mydir.com:389/piPStoreOwner=jsmith,o=siroe.com,o=PiServerDb
Figure 3-1 provides a high level overview of the architecture used to scale Addressbook Server horizontally.
The key components of the Address Book Horizontal Scalability architecture are:
A Personal Store maintains the address book information of a user. It contains the definition of all the address books a user has created along with all the entries in those address books. Personal Stores are expressed as URLs, which describe the directory instance in which they are located and the DN within that particular directory instance.
A DB contains a collection of Personal Stores and as shown in Figure 3-1, any number of DB’s can be accessed by the Address Book Server. Every DB is defined by a DB-ID that defines the connection parameters for that DB. A DB can be of different types and can point to different DB locations.
A DBMap is a collection of DBs of the same type. Each DBMap has an ID which refers to the configuration information for that DBMap.
Figure 3-1 Horizontal Scalability of Address Book
The psRoot is an attribute in the User’s LDAP that specifies the host, port of the directory instance and the DN where the Address Book entries for the user is stored. The psRoot is in the form: ldap://ldap_host:ldap_port/DN.
The value of psRoot attribute determines the DB type and DB location.
In the psRoot example, ldap://mydir.com:389/piPStoreOwner=jsmith,o=siroe.com,o=PiServerDb
ldap:// indicates that the Address Book Personal Store for the user is accessed using LDAP DB Plugin.
mydir.com:389 specifies the LDAP Host and Port.
piPStoreOwner=jsmith,o=siroe.com,o=PiServerDb specifies the DN of the Personal Store.
Note
The Addressbook Server does not provide any utility to distribute psRoot values for users, per any scalability policy. Administrators need to set a specific policy suited best for the organization and use custom scripts to set the psRoot value for that policy.
The psRoot attribute can be turned on or off using the db.UserPsRoot parameter present in the domain specific personalstore.properties file. Set the parameter to “false” to use the defaultserver parameters in db_config.properties file. Set the parameter to “true” to use the user’s psRoot value. The Personal Store parameters listed in Table 3-7 must be provided for each unique directory server instance used in psRoot. At runtime, the value of psRoot attribute is resolved to a directory instance using db-key.ldaphost and db-key.ldapport, where db-key is an arbitrary string that distinguishes one instance from the other. When no match is found for the db-key.ldaphost and db-key.ldapport, the defaultserver instance is used.
Setting the psRoot Value Automatically
When a new user logs in, default values are set for the psRoot attribute in the User’s entry.
For new users a psRoot value is constructed using the psRoot pattern defined in personalstore.properties file, and the defaultserverhost and defaultserverPort values, in the db_config.properties file. For example, using the default psRoot pattern, the default psRoot value will be in the format:
ldap://defaultserver_host:defaultserver_port/piPStoreOwner=%U,o=%D,o=PiServerDb
where,
%U = login ID of the user, for example, jsmith.
%D = domain of the user, for example siroe.com.