test

Sun Java Enterprise System 2005Q4 Installation Planning Guide

Delegated Administrator

Delegated Administrator provides user management services by operating on user data in the LDAP directory.

Delegated Administrator operates on an LDAP directory tree branch that represents an email domain. Delegated Administrator is designed for solutions when all component instances share the same LDAP tree branch for user and group data. The LDAP branch is created by the Messaging Server configuration wizard. In this type of solution, Messaging Server itself has solution-level dependencies on Directory Preparation Tool, Access Manager, and Directory Server. Therefore, it is logical to install and configure Delegated Administrator after Directory Server, Administration Server, Messaging Server, and Calendar Server are all installed, configured, and verified.

Delegated Administrator has local dependencies on a web container and on either Access Manager or the Access Manager SDK. Typically, in a distributed solution, the deployment architecture will specify a local copy of the Access Manager SDK, which supports interaction with remote instances of Access Manager.

Basic Installation Procedures for Delegated Administrator

The basic steps for installing and configuring Delegated Administrator are the following:

  1. Use the Java ES installer to install Delegated Administrator on all computers systems specified in your deployment architecture.

    1. When you install Delegated Administrator you also install the web container in which Delegated Administrator runs.

    2. When you install Delegated Administrator you must also install either a copy of the Access Manager SDK, or a local copy of Access Manager.

  2. Run the Delegated Administrator configuration wizard. When you configure Instant Messaging you must specify the repository for user and group data (typically a Directory Server instance, specified with a URL).

  3. Start and verify all instances of Delegated Administrator.

  4. If your solution uses load balancing for the Delegated Administrator instances, verify that the load balancer is working properly.

Choosing Configuration Values for Delegated Administrator

For each Delegated Administrator instance in your solution, you must input values that configure the instance to interoperate with the other components in the solution. For example, Delegated Administrator manages LDAP directory entries. Therefore, Delegated Administrator must be configured to log in Directory Server instance that stores user and group data. Use Table 3–14 to help you choose configuration values.

Table 3–14 Key Configuration Values for Delegated Administrator Instances

Input Field 

Choosing a Value for Your Solution 

Delegated Administrator Utility, Delegated Administrator Console, Delegated Administrator Server 

Select the subcomponents specified in the deployment architecture. For more information, see Analyzing a Deployment Architecture and Distributed Subcomponents.

Hostname and Port 

Use these fields to specify the Access Manager instance used in your solution. Hostname is the fully qualified domain name of the computer running Access Manager. Port is the port on which Access Manager listens for connections. The port was assigned when Access Manager was configured. For more information, see Table 3–8.

Default Domain 

Specify the default email domain defined byMessaging Server configuration. This is specified as the default email domain for user data managed by Delegated Administrator. For more information, see Table 3–9.

Default SSL Port 

Assign the port on which Delegated Administrator listens for connection requests. 

Web Container: Web Server, App Server 7.x, App Server 8.x 

Select the web container used in your solution. 

Server Root Directory, Server Instance Identifier, Virtual Server Identifier, HTTP Port 

If you are installing Delegated Administrator and Web Server together, use these fields to specify how Web Server is installed. 

If you are installingDelegated Administrator on a computer where Web Server is already installed, use these fields to specify an existing Web Server instance. 
 

If you are installing Delegated Administrator and Application Server together, use these fields to specify how Application Server is installed. 

If you are installingDelegated Administrator on a computer where Application Server is already installed, use these fields to specify an existing Application Server instance. 

Domain Separator 

 

Access Manager Base Directory 

Specify the directory where the Access Manager instance used in your solution is installed. This can be a directory on the remote computer you specified earlier in the configuration process. What if Access Manager is load balanced? 

LDAP URL, Bind As, Password 

Use these fields to specify the Directory Server instance used in your solution. LDAP URL is in the form http://directory_hostname:directory_port, where directory_hostname specifies the computer running Directory Server, and directory_port is the port assigned for connection requests when the Directory Server instance was configured. Bind As, and Password are the directory manager account and password. For more information, see Table 3–5.

Access Manager Top Level Administrator: Username and Password 

Use the top-level administrator account for the Access Manager instance used in your solution. Username is always amadmin, Password was assigned when Access Manager was configured. For more information, see Table 3–8.

Access Manager Internal LDAP Authentication Password: Username and Password 

Use the LDAP user account for the Access Manager instance used in your solution. Username is always amldapuser. Password was assigned when Access Manager was configured. For more information, see Table 3–8.

Enter Org DN 

Specify the LDAP organization (directory tree branch) your solution is using for user and group data. This is the organization created by Messaging Server configuration. For more information, see Table 3–9. The components in your solution look up user data in this LDAP organization for authentication and authorization. Delegated Administrator is used to manage user and group data in the same LDAP organization.

Top Level Administrator for the Default Organization: Username and Password 

Specify a privileged administrator account for Delegated Administrator. Administrators who log in to Delegated Administrator with this account have unrestricted privileges, included the ability to create lower-level administrator accounts. 

Load Sample Service Packages and Load Sample Organizations 

If you select these options, the configuration wizard adds sample service packages and organizations to the directory. You can use the samples to develop your own. 

Adding Procedures for Delegated Administrator to Your Installation Plan

To add installation and configuration instructions for Delegated Administrator, do the following:

  1. If theDelegated Administrator instances are load balanced, add an instruction to your installation plan to confirm that the load balancer is functioning before anyJava ES software is installed.

  2. Next, in your plan, list all of the computers with Delegated Administrator instances.

    1. Delegated Administrator has a local dependency on a web container. Each computer that runs an instance of Delegated Administrator must also run an instance of the specified web container. Your deployment architecture should indicate which web container your solution is using.

    2. For each computer, add an instruction to run the Java ES installer and select Delegated Administrator. Add an instruction to select either Web Server or Application Server as the web container. Add an instruction to select either Access Manager SDK or Access Manager.

    3. If the computers that run Delegated Administrator are already listed in your plan (if the plan already has instructions for installing another component on the same computer) simply add an instruction to select Delegated Administrator. You can install Delegated Administrator at the same time as the other components, and deploy it to the same web container, but your plan must put the instructions for configuring, starting, and verifying any Directory Server, Access Manager, Messaging Server, or Calendar Serverinstances ahead of the instructions for configuring or starting the Instant Messaging instances.

  3. Add an instruction to run the Delegated Administrator configuration wizard. Underneath this instruction, list the key values for configuring the instance. UseTable 3–14 to help you select configuration values.

  4. Underneath each Web Server or Application Server instance, list the key values for configuring the instance. For information on selecting configuration values for these components, see Web Server or Application Server. If your plan already installs Web Server or Application Server on the computer, you do not need to repeat this step. You can deploy Delegated Administrator to the same web container instance when you run the Delegated Administrator configuration wizard.

  5. For each computer, add an instruction to start and verify the Delegated Administrator instance.

  6. If the Delegated Administrator instances are load balanced, add an instruction to verify operation of the load balancer.