|Previous Contents Index Next|
|iPlanet Delegated Administrator for Messaging and Collaboration 1.2 Installation and Administration Guide|
Chapter 3 Administering the iPlanet Delegated Administrator
This chapter includes the following sections:
"Changing the iPlanet Delegated Administrator Privileged User Password"
Changing the iPlanet Delegated Administrator Privileged User Password
During installation, a privileged user (DN: cn=NDAUser, ou=config,o=<root of Org Tree) is created in the directory. This user is employed by the Delegated Administrator to bind to the directory in order to do anonymous searches. A default password (auth) is also created for this user. If you want to change the password, you'll need to change it as described below.
Go to the directory where the file resource.properties is stored:
In the file resource.properties, change the password for the following entry:
Use ldapmodify to change the password for the NDAUser entry. In the directory DirectoryServer_root/shared/bin, enter the following:
- Be sure that only authorized personnel have access to this password!
At the prompt, enter the following:
- ldapmodify -h host_name -p port_number -D "cn=directory manager" -w password
To complete the command:
- dn: uid=NDAUser, ou=config, o=base_suffix
Changing the LDAP Server and Port
If you change the LDAP Server host or port to which the iPlanet Delegated Administrator points (specified during the iPlanet Delegated Administrator installation, see "Install Screen 7LDAP Server Host & Port"), modify the attributes LDAPDatabaseInterface-ldaphost and LDAPDatabaseInterface-ldapport as required. The attributes are located in the file resource.properties at
Changing the Messaging Server Host or Administration Server Port
If you change the Messaging Server host or the Administration Server port which the iPlanet Delegated Administrator supports (specified during Messaging Server installation), modify the attributes MsgSvr0-name (host name) and MsgSvr0-adminurl (Administration Server URL) as required. The attributes are located in the file resource.properties at
Restarting the iPlanet Delegated Administrator Web Server
If the iPlanet Delegated Administrator Web Server process hangs, stop and start it by executing the following commands:
Configuring User Session Timeout
The iPlanet Delegated Administrator default session timeout is set to fifteen minutes. To change the user session timeout, edit the servlet.properties file in the root_of_web_server/config directory. After the line:
add the following line: servlets.sessionmgr=com.netscape.server.http.session.SimpleSessionManager, add servlets.sessionmgr.initArgs=timeOut=xx, where xx is the user session timeout in seconds after a session is accessed by the client before the session manager destroys it. For more information on configuring Web Server servlets, see the iPlanet Web Server Programmer's Guide to Servlets.
Adding Single Sign-on
To enable single sign-on for iPlanet Delegated Administrator for Messaging and Collaboration refer to Chapter 2 of the iPlanet Messaging Server Administrator's Guide.
Adding Secure Socket Layer
To configure the iPlanet Delegated Administrator to use SSL-based connections, refer to Secure Sockets Layer (SSL) section in Chapter 4 of the iPlanet Delegated Administrator 4.5 Deployment and Customization Guide at http://docs.iplanet.com/docs/manuals/deladmin/45/html/04_conf.htm#22559
The default SSL port number is 443. It is recommended that you use a different SSL port number for iPlanet Delegated Administrator/iPlanet Web Server from other products (such as Messenger Express) that you configure to use SSL. To do so, modify the web server SSL port (NDASSLPort) in the cli-usrprefs.properties file in directory msgserver-root/ndacli/lib/.
Adding User Directory Failover
Refer to the User Directory Failover section in Chapter 4 of the iPlanet Delegated Administrator 4.5 Deployment and Customization Guide at http://docs.iplanet.com/docs/manuals/deladmin/45/html/04_conf.htm#27796
Changing the Input Validation Servlets
When data is input to certain attribute fields in the iPlanet Delegated Administrator, a validation servlet or routine may verify that the data is of a specific type such as alphabetic or alpha-numeric before accepting the data.
Some attributes may have validation routines that you may wish to modify. For example, the default validation for the telephone number is numeric-punctuation, and you may wish it to be alpha-numeric-punctuation.
Although these validation routines can be changed or removed, please think carefully before doing this as some routines may be important to the proper functioning of the Delegated Administrator for Messaging.
To change the validation routine for a particular attribute, modify the appropriate attribute/validation pair in the resource.properties file at
and restart the web server that supports the Delegated Administration for Messaging binaries.
Each attribute/validation pair has the following format:
Depending on the deployment needs, the validation routines can be changed. For example, givenname can be restricted to only alphabetic characters with the following attribute-value pair setting:
Validation can also be removed entirely by deleting the line or commenting it out with a hash mark, "#"at the beginning of the line.
The validation routines are as follows:
netscape.nda.util.ValAlpha - tests for valid alphabetic stringThe following validation routines are for internal use only. Lines with these routines should not be modified.
Previous Contents Index Next
Copyright © 2002 Sun Microsystems, Inc. All rights reserved.
Last Updated February 14, 2002