iPlanet Delegated Administrator for Messaging and Collaboration 1.2 Installation and Administration Guide: Chapter 3 Administering the iPlanet Delegated Administrator

Previous Contents Index Next

iPlanet Delegated Administrator for Messaging and Collaboration 1.2 Installation and Administration Guide

Chapter 3 Administering the iPlanet Delegated Administrator

This chapter includes the following sections:

"Changing the iPlanet Delegated Administrator Privileged User Password"

"Changing the LDAP Server and Port"

"Changing the Messaging Server Host or Administration Server Port"

"Restarting the iPlanet Delegated Administrator Web Server"

"Configuring User Session Timeout"

"Adding Single Sign-on"

"Adding Secure Socket Layer"

"Changing the Input Validation Servlets"

Changing the iPlanet Delegated Administrator Privileged User Password

During installation, a privileged user (DN: cn=NDAUser, ou=config,o=<root of Org Tree) is created in the directory. This user is employed by the Delegated Administrator to bind to the directory in order to do anonymous searches. A default password (auth) is also created for this user. If you want to change the password, you'll need to change it as described below.

Go to the directory where the file resource.properties is stored:

DelegatedAdmin_root/nda/classes/netscape/nda/servlet/

In the file resource.properties, change the password for the following entry:

NDABasicAuth-uidrespw=auth

Be sure that only authorized personnel have access to this password!

Use ldapmodify to change the password for the NDAUser entry. In the directory DirectoryServer_root/shared/bin, enter the following:

ldapmodify -h host_name -p port_number -D "cn=directory manager" -w password

At the prompt, enter the following:

dn: uid=NDAUser, ou=config, o=base_suffix
changetype: modify
replace: userpassword
userpassword: newpassword

To complete the command:

On Unix, enter <Ctrl-D>.

On Windows NT, enter <Ctrl-Z>.

Restart Web Server.

Changing the LDAP Server and Port

If you change the LDAP Server host or port to which the iPlanet Delegated Administrator points (specified during the iPlanet Delegated Administrator installation, see "Install Screen 7—LDAP Server Host & Port"), modify the attributes LDAPDatabaseInterface-ldaphost and LDAPDatabaseInterface-ldapport as required. The attributes are located in the file resource.properties at
DelegatedAdmin_root/nda/classes/netscape/nda/servlet/

Changing the Messaging Server Host or Administration Server Port

If you change the Messaging Server host or the Administration Server port which the iPlanet Delegated Administrator supports (specified during Messaging Server installation), modify the attributes MsgSvr0-name (host name) and MsgSvr0-adminurl (Administration Server URL) as required. The attributes are located in the file resource.properties at
DelegatedAdmin_root/nda/classes/netscape/nda/servlet/

Restarting the iPlanet Delegated Administrator Web Server

If the iPlanet Delegated Administrator Web Server process hangs, stop and start it by executing the following commands:
root_of_web_server/https-fully-qualified_machine_name/stop
root_of_web_server/https-fully-qualified_machine_name/start
Example:
/export/servers/enterpriseserver/https-red.iplanet.com/stop
/export/servers/enterpriseserver/https-red.iplanet.com/start

Configuring User Session Timeout

The iPlanet Delegated Administrator default session timeout is set to fifteen minutes. To change the user session timeout, edit the servlet.properties file in the root_of_web_server/config directory. After the line:
servlets.sessionmgr=com.netscape.server.http.session.SimpleSessionManager
add the following line: servlets.sessionmgr=com.netscape.server.http.session.SimpleSessionManager, add servlets.sessionmgr.initArgs=timeOut=xx, where xx is the user session timeout in seconds after a session is accessed by the client before the session manager destroys it. For more information on configuring Web Server servlets, see the iPlanet Web Server Programmer's Guide to Servlets.

Adding Single Sign-on

To enable single sign-on for iPlanet Delegated Administrator for Messaging and Collaboration refer to Chapter 2 of the iPlanet Messaging Server Administrator's Guide.

Adding Secure Socket Layer

To configure the iPlanet Delegated Administrator to use SSL-based connections, refer to Secure Sockets Layer (SSL) section in Chapter 4 of the iPlanet Delegated Administrator 4.5 Deployment and Customization Guide at http://docs.iplanet.com/docs/manuals/deladmin/45/html/04_conf.htm#22559
The default SSL port number is 443. It is recommended that you use a different SSL port number for iPlanet Delegated Administrator/iPlanet Web Server from other products (such as Messenger Express) that you configure to use SSL. To do so, modify the web server SSL port (NDASSLPort) in the cli-usrprefs.properties file in directory msgserver-root/ndacli/lib/.

Adding User Directory Failover

Refer to the User Directory Failover section in Chapter 4 of the iPlanet Delegated Administrator 4.5 Deployment and Customization Guide at http://docs.iplanet.com/docs/manuals/deladmin/45/html/04_conf.htm#27796

Changing the Input Validation Servlets

When data is input to certain attribute fields in the iPlanet Delegated Administrator, a validation servlet or routine may verify that the data is of a specific type such as alphabetic or alpha-numeric before accepting the data.
Some attributes may have validation routines that you may wish to modify. For example, the default validation for the telephone number is numeric-punctuation, and you may wish it to be alpha-numeric-punctuation.
Although these validation routines can be changed or removed, please think carefully before doing this as some routines may be important to the proper functioning of the Delegated Administrator for Messaging.
To change the validation routine for a particular attribute, modify the appropriate attribute/validation pair in the resource.properties file at
DelegatedAdmin_root/nda/classes/netscape/nda/servlet
and restart the web server that supports the Delegated Administration for Messaging binaries.
Each attribute/validation pair has the following format:
validateAttr-attribute=java_servlet
Examples:
validateAttr-givenname=netscape.nda.util.ValAlphaNumericPunctuation
validateAttr-surname=netscape.nda.util.ValAlphaNumericPunctuation
validateAttr-telephonenumber=netscape.nda.util.ValNumericPunctuation
validateAttr-fax=netscape.nda.util.ValTelephone
Depending on the deployment needs, the validation routines can be changed. For example, givenname can be restricted to only alphabetic characters with the following attribute-value pair setting:
validateAttr-givenname=netscape.nda.util.ValAlpha
Validation can also be removed entirely by deleting the line or commenting it out with a hash mark, "#"at the beginning of the line.
The validation routines are as follows:

netscape.nda.util.ValAlpha - tests for valid alphabetic string

netscape.nda.util.ValAlphaNumeric - tests for valid alpha-numeric string

netscape.nda.util.ValAlphaNumericPunctuation - tests for valid alpha-numeric or punctuated string

netscape.nda.util.ValNumericPunctuation - tests for valid numeric or punctuated string

netscape.nda.util.ValPositiveInteger - tests for "0" or positive integer

netscape.nda.util.ValTelephone - tests for a string with numbers or the following punctuation marks: ) ( -
The following validation routines are for internal use only. Lines with these routines should not be modified.
netscape.nda.util.ValAccess
netscape.nda.util.ValBroadcaster
netscape.nda.util.ValBroadcasterPolicy
netscape.nda.util.ValDomain
netscape.nda.util.ValMailAddress
netscape.nda.util.ValMailAutoReplyMode
netscape.nda.util.ValMailDeliveryOption
netscape.nda.util.ValIMSStatus
netscape.nda.util.ValQuota
netscape.nda.util.ValExtendedQuota
netscape.nda.util.ValVacationDate

Previous Contents Index Next
Copyright © 2002 Sun Microsystems, Inc. All rights reserved.

Last Updated February 14, 2002