This chapter describes some of the advanced features of Communications Suite.
This chapter contains the following sections:
This section describes how to use Access Manager to provision users and how to configure archiving for Instant Messaging. Access Manager enables you to create roles and policies and apply those to users to define their access rights. Previously, this guide described how easy it is to assign a user to a given role. This section enables you to examine policy and role creation to define a new Instant Messaging policy.
In The Instant Messaging Demo, you learned that access and privacy filters can be used by end users to block Instant Messaging traffic or presence updates from certain individuals. Additional flexibility can be obtained by deploying filters that perform text conversion or block certain payloads that contain viruses. For example, an administrator can create a filter that blocks or converts obscene words in an instant messaging conversation. Other uses include text translation, rich text to plain text conversion, or domain level blocking. Sun Java System Instant Messaging provides a Message Conversion API that developers can use to create more complex filters that can be applied to the Instant Messaging Server. Learn more about API level filtering from the Instant Messaging product documentation (http://docs.sun.com/app/docs/coll/1309.3).
In this task, you perform feature-level access control, a powerful tool that enables or disables client functionality. You create a new instant messaging role and corresponding policy that limits the instant messaging functionality to the basic features. Users assigned to this new role are not able to join conference rooms, send polls, or perform any of the other advanced instant messaging tasks.
Access Manager uses the Instant Messaging Service and the Presence Service to manage the Instant Messaging policy. The Instant Messaging Service contains the policy rules for communicating with others, as well as the ability to chat, exchange files, join conferences, send alerts, and more. The Presence Service contains the policy rules for determining the ability of users to share their presence with others, as well as to access, manage, or publish one's presence.
Use a completely new web browser to start Access Manager.
For example, http://wireless.map.beta.com/amconsole.
If you are using Internet Explorer for the Portal Server desktop and Communications Express, start Mozilla or Firefox.
Log in as user amadmin with the password adminpass.
In the top level organization (o=isp), choose Roles from the View drop-down menu in the left pane of the Access Manager console.
Click New to create a new role.
Select Static Role, type IM Limited User in the Name field, and click Next.
Define the following:
Description: Limited access role
Type of Role: Service
Access Permissions: Organization Administrator
Click Finish to create the role.
Now that you have created this new role, create policies that apply to this role.
Click the Service Configuration tab to add the appropriate Subject Type.
You will use the Subject Type to define a subject for the new policy you will create later.
In the left pane, click the property arrow beside Policy Configuration.
In the right pane, scroll down until you see a list of Selected Policy Subjects. In Selected Policy Subjects, choose all the available subjects, then click Save.
Click the Identity Management tab.
Choose Services from the View drop-down menu in the left pane.
Click the property arrow beside Policy Configuration.
Verify that all Selected Policy Subjects are selected.
In the top level organization (o=isp), choose Policies from the View drop-down menu in the left pane of the Access Manager console.
Click New to create a new policy.
Choose Rules from the View drop-down menu in the right pane of the Access Manager Console.
Click the New button to define rules for this policy.
Select Instant Messaging Service for the Rule Type and click Next.
Type IMLimitedRule for the Rule Name.
Type IMResource for the Resource Name.
Select all Action check boxes.
Click the Deny radio button for the following Actions:
Ability to Exchange Files
Ability to Join Conference Rooms
Ability to Manage Conference Rooms
Ability to Manage News Channels
Ability to Moderate Conference Rooms
Ability to Read News
Ability to Send Alerts
Ability to Send Polls
You have successfully created an Instant Messaging Service rule for this policy.
Click New to define another rule for this policy.
Select Presence Service for the Rule Type and click Next.
Type PresenceLimitedRule for the Rule Name.
Type PresenceResource for the Resource Name.
Select all Action check boxes, but do not click any Deny radio buttons.
All Actions are allowed.
You have successfully created a Presence Service rule for this policy.
Choose Subjects from the View drop-down menu in the right pane of the Access Manager console.
Click New to define the mapping between policies and roles.
Ensure that the Subject Type is Access Manager Roles and click Next.
If "Access Manager Roles" is not an available Subject Type, restart Web Server and retry this step.
Type IM Limited User in the Name field then click Search to search through the list of available Access Manager Roles.
Find the role isp > IM Limited User, highlight this role, and click Add.
Click the IM Limited User checkbox, then click Save.
The new roles and policies have been created. Next you assign Tina to this new Role and note the effect on her Instant Messaging client.
Choose Roles from the View drop-down menu in the left pane of the Access Manager console.
Click on the properties arrow to the right of the IM Limited User role.
The IM Limited User pane appears.
In the right pane, choose Users from the View drop-down menu.
Click Add on the right pane.
Type Tina in the User ID field and click Next.
Select the check box next to Tina's name and click the Finish button.
You have assigned Tina the Instant Messaging Limited User Role, so she has limited access to Instant Messaging.
Choose Organizations from the View drop-down menu in the left pane of the Access Manager console.
Click the link of the organization where user tina exists, for example map.beta.com
Choose Services from the View drop-down menu in the left pane of the Access Manager console.
Click on the properties arrow to the right of the Policy Configuration service.
The Policy Configuration pane appears.
In the right pane, type the LDAP Bind Password in the appropriate text entry boxes. (For example, type adminpass.) Then click Save.
Launch the Instant Messenger client then log in as tina.
Duncan initially has kathy and robert in his Instant Messaging buddy list. The user tina has not yet been added. You can click the Start button from the same Instant Messenger window you used to start kathy. If you start Tina's Instant Messenger, notice that her window has very limited Instant Messaging functionality. This type of provisioning is feature-level provisioning that involves defining roles and policies for these roles. Changing the policy has the effect of removing or adding functionality to the client itself. You can experiment changing the policy and restarting Tina's client to observe the effect. You can also apply the appropriate role to others and see its effect as you start Instant Messaging as those users.
The Sun Java Communications Suite provides the following two ways to archive chat sessions:
Archive provider API. Using this API, developers can extend the archive capability.
Portal Server search database or Message Store. Without changing any capabilities, you can archive chat sessions in Portal Server's search database or in Messaging Server's Message Store.
By default, the single host deployment example, on which this evaluation guide is based, uses the Message Store to archive chat sessions. By viewing Duncan's inbox, you can see that he has several messages that contain the chat conversations he had with Kathy and others.
The single host deployment example, on which this evaluation guide is based, does not include the Portal Server as an installation component. To change the archive store from the Message Store to the Portal Server search database requires that the Portal Server first be installed. Installation of the Portal Server is beyond the scope of this evaluation. However, if you install the Portal Server, you can change the archive store to the Portal Server search database to archive chat sessions by doing the following:
Edit the /etc/opt/SUNWiim/default/config/iim.conf file and set the following parameter:
iim_server.msg_archive.provider = "com.iplanet.im.server.IMPSArchive"
Restart the Instant Messaging server.
Perform a poll, or a chat, to generate some Instant Messaging data. For performing poll or chat, see The Instant Messaging Demo.
Click the Search tab from within Duncan's Portal Server desktop.
In the Find field, type a key word such as poll or a word from the chat, and click Search.
The results of the search are displayed. Note that the poll results look like actual final poll results, not extraneous data points. Also, the entire conversation is returned, not just the sentence containing the keyword.
Sun Java System Instant Messaging has an HTTP proxy gateway to connect simple HTTP clients to the Instant Messaging server. Uses for this include phone clients, simple web-based clients, or other clients. You can install web-based clients such as jwchat into a web container and use them in conjunction with your host.
In addition to command-line tools and Access Manager, Communications Suite has a graphical user interface called Delegated Administrator, that you can use to provision users, domains, and service packages.
This section walks you through a scenario that uses Delegated Administrator as if you were a service provider hosting email for several small companies. As this service provider, you have just signed an agreement with a new company. You now need to provision the new domain and add the required mail service for that domain. As the administrator for the service provider, you must also create a domain administrator who has access to that specific domain only.
In this task, you create a new domain for hosting email and you assign different levels of service to this domain.
Type the following URL of Delegated Administrator in your web browser.
For example, http://wireless.map.beta.com/da/DA/Login.
Log in as user amadmin with password adminpass.
The main Delegated Administrator view appears. You are logged in to the root organization and the default domain appears in the organization list.
Click New Organization.
The New Organization pop-up window appears.
For the Organization name, type demoone.com, and for Domain Status, select Active and click Next.
Skip the Contact Information screen and click Next.
The Account Information screen appears.
Type demoone.com in the Domain field. Click the Default Administrator checkbox to create the default Organization Administrator Account. Type a Login ID and Password for this account, for example admin_demoone with password adminpass. Then click Next.
The Select Service Packages screen appears.
Because you are interested in only enabling hosted mail, choose Service Packages that only contain mail.
Several packages are available, depending on the desired mail quota. To display all the packages in a single page, click the icon at the top of the Service Packages table that represents a mapping from multiple pages to one page. This will enable you to show the service package data in a single page. Select the bronze, silver, and platinum check boxes and click Next.
The Mail Service Details screen appears where you allow the administrator to define disk and attachment quotas for the domain.
For the Preferred Mail Host, type your host name, for example, wireless.map.beta.com and click Next.
The Quantity of Service Packages screen appears.
(Optional) If calendar service packs were chosen, establish calendar session timeouts and other attributes through Calendar Service Details.
Calendar Server has not been configured for hosted domains, so leave all the fields blank and click Next.
Define the number of Service Packages you would like to assign to this domain.
Because this is a small company of less than 50 people, assign 30 service packages for each type of service.
You have created your first domain.
Click the Log Out link to exit Delegated Administrator.
You have just learned to create domains. In this demo, you will log in as the organization administrator and create users.
At the Delegated Administrator Login screen, log in as the domain-level administrator.
Use the ID and password from the sectionTo Create a Domain, for example, admin_demoone with password adminpass.
To Create users for this company, click the New button.
The New User pop-up window appears.
Type the following:
First Name: Larry
Last Name: Brown
Display Name: Larry Brown
Skip the Contact Information screen and click Next.
The Select Service Package screen appears.
Select one of the three packages, for example, bronze. Click Next.
Type the mail service details.
Instead of accepting the default Email Address, change the email address to firstname.lastname@example.org and click Next.
(Optional) If you chose a service pack that included calendar service when you originally created your domain, you will see a Calendar Service Details screen.
If you left all the calendar fields blank when you created the domain, you can leave all the fields blank in this screen also and click Next.
Change the Login ID from Larry_Brown to lbrown. Type the password demo and click Next.
Verify the User Information then click Finish to create the user.
Look in the Delegated Administrator user interface to see that the new user has been added to the demoone.com domain.
Click the Log Out link to exit Delegated Administrator.
Continue with the next task to verify that the user ID can log in.
Type the following URL of Communications Express in your web browser. For example,
For this example, the User Name is email@example.com and the password is demo.
You are now logged into Communications Express as Larry Brown.
Send test messages to yourself or to other users, such as duncan, kathy, tina, and robert in the map.beta.com domain.
This section describes the commands needed to start and stop all the Communications Suite services.
You should stop services before attempting to start them.
To stop services:
/opt/SUNWdsee/ds6/bin/dsadm stop /var/opt/SUNWdsee/dsins1
To start all services:
/opt/SUNWdsee/ds6/bin/dsadm start /var/opt/SUNWdsee/dsins1