Appendix A, Instant Messaging Configuration Parameters in iim.conf describes the settings you can configure for Instant Messaging components.
Appendix B, Instant Messaging XMPP/HTTP Gateway Configuration Parameters in httpbind.conf describes the settings you can configure for the gateway.
Appendix C, Instant Messaging imadmin Tool Reference describes the imadmin command used to administer Instant Messaging.
Appendix D, Instant Messaging APIs provides an overview of the APIs used by Instant Messaging.
Appendix E, Instant Messaging LDAP Schema defines modifications made to the LDAP schema for Instant Messaging.
This chapter explains the Instant Messaging configuration parameters in the iim.conf file in the following sections:
Instant Messaging stores configuration settings in the iim.conf file within the Configuration Directory (im-cfg-base).
On Solaris:
/etc/opt/SUNWiim/default/config/iim.conf
On Linux:
/etc/opt/sun/im/default/config/iim.conf
If you created multiple instances of Instant Messaging, the name of the /default directory will vary depending on the instance. See Creating Multiple Instances from a Single Instant Messaging Installation for more information.
This file is a plain ASCII text file, with each line defining a server parameter and its value(s):
A parameter and its value(s) are separated by an equal sign (=) with spaces and tabs allowed before or after the equal sign.
A value can be enclosed in double quotes (" "). If a parameter allows multiple values, the entire value string must be enclosed in double quotes.
A comment line must have an exclamation point (!) as the first character of the line. Comment lines are for informational purposes and are ignored by the server.
If a parameter appears more than once, the value of the last parameter listed overrides the previous value.
A backslash (\) is used for continuation and indicates the value(s) are longer than one line.
Each line is terminated by a line terminator (\n, \r, or \r\n).
The key consists of all the characters in the line starting with the first non-whitespace character and up to the first ASCII equal sign (=) or semi-colon (;). If the key is terminated by a semi-colon, it is followed by “lang-” and a tag that indicates the language in which this value is to be interpreted. The language tag is followed by an equal sign (=). All whitespace characters before and after the equal sign are ignored. All remaining characters on the line become part of the associated value string.
Multiple values in the value string are separated using commas (,).
Within a value, if any special characters like comma, space, newline, tab, double quotes, or backslash are present, the entire value needs to be within double quotes. In addition, every carriage return, line feed, tab, backslash, and double quotes within the value must specified with a backslash (\).
If you make changes to iim.conf, you must refresh the Instant Messaging server in order for the new configuration settings to take effect.
The iim.conf file is initialized by the installation process and should be modified only as described in this guide.
Table A–1 lists and describes the general configuration parameters.
Table A–1 General Configuration Parameters
Parameter |
Default Value |
Description |
---|---|---|
iim.comm.modules |
iim_server,iim_mux |
The communication modules used. The possible values are iim_server and iim_mux. The default value is iim_server, iim_mux, which means both the server and multiplexor are used. The iim_mux value is useful for multiplexor. |
iim.smtpserver |
localhost |
SMTP server to send mail to end users who have set the option for forwarding their messages as emails or to pagers. |
iim.instancedir |
/opt |
The installation directory root. |
iim.instancevardir |
Solaris: /var/opt/SUNWiim/default Linux: /var/opt/sun/im/default |
Sets the directory to contain runtime files, including the end-user profile database, logs, and other files created by the server and multiplexor at runtime. The name of the /default directory may vary if you created multiple instances of Instant Messaging. |
iim.user |
inetuser for LDAP deployments. root for portal deployment. |
The end-user name with which the server processes run. |
iim.group |
inetgroup for LDAP deployments. root for portal deployment. |
The group using which the server processes run. |
iim.jvm.maxmemorysize |
256 |
The maximum number heap size in MB the JVM running the server is allowed to use. Used to construct the -mx argument of the Java command. |
iim.mail.charset |
None |
This parameter specifies if the headers of the mail are in ASCII and not encoded. It contains the name of the character set to be used to encode the headers of the mail message sent out for offline alerts. For example: iim.mail.charset=iso-2022-jp |
iim.jvm.command |
/usr/j2se/bin/java |
The location of the Java Runtime Executable (JRE). |
iim.identity.basedir |
/opt |
The default installation directory, also referred to as the base directory, for Sun JavaTM System Access Manager. |
iim.identity.jre |
/usr/java_1.3.1_04 |
The location of the JRE used by the Access Manager to run all its processes. |
iim.portal.deployuri |
/portal |
The URI using which the Portal Server war files are deployed in the Access Manager. |
iim.portal.host |
imhostname |
The host name of the server on which the Portal Server is running. Specify the port number if a non default port number is used. |
iim.portal.protocol |
http |
The protocol used to access the Portal Server. |
iim.policy.cache.validity |
10 |
Defines the cache validity interval (in minutes) for a single user’s information. The Instant Messaging server saves the last date a single end-user’s information was cached. If the end-user’s information is accessed after the interval determined by this parameter, the server will recache the end user’s information and reset the cache date on the LocalUser object. |
iim.policy.modules |
iim_ldap |
By default, LDAP is used for policy storage. Change the value to identity to indicate that Sun Java System Access Manager should be used for policy storage. |
iim.policy.resynctime |
720 |
Defines the cache validity interval (in minutes) for all end-user information. The Instant Messaging server clears all cached end-user information on a regular basis in order to eliminate old end-user information. This parameter specifies the frequency at which the cached end-user information is cleared. |
iim.userprops.store |
file |
By default, user properties are stored in a user properties file if you chose not to use Access Manager for policy when you ran the configure utility. If you chose to use Access Manager for policy, the default is ldap. Change the value to change the location where user properties are stored. If you change this from file to ldap, you need to run imadmin assign_services to add required objectclasses to user entries in the directory. This parameter is only significant when the service definitions for the Presence and Instant Messaging services have been installed. |
Table A–2 lists and describes the parameters used by Instant Messaging for LDAP, user registration, and user source configuration.
Table A–2 LDAP, User Registration, and Source Configuration Parameters
Parameter |
Default Value |
Description |
---|---|---|
iim_ldap.host |
localhost:389 |
LDAP server name and port used by Instant Messaging server for end-user authentication. |
iim_ldap.searchbase |
o=internet |
The string used as base to search for the end users and groups on the LDAP server. |
iim_ldap.usergroupbinddn |
None (the server performs anonymous searches) |
Specifies the DN to use to bind to the LDAP server for searches. |
iim_ldap.usergroupbindcred |
None (the server performs anonymous searches) |
Specifies the password to use with the iim_ldap.usergroupbinddn DN for LDAP searches. |
iim_ldap.loginfilter |
(&(|(objectclass=inetorgperson)(objectclass=webtopuser))(uid={0})) |
Search filter used during end-user login. The entire filter is entered as one line. |
iim_ldap.usergroupbyidsearchfilter |
(|(&(objectclass=groupofuniquenames)(uid={0}))(&(|(objectclass=inetorgperson)(objectclass=webtopuser))(uid={0}))) |
The search filter used to search for end users and groups in the directory, under the base specified by ID. The entire filter is entered as one line. |
iim_ldap.usergroupbynamesearchfilter |
(|(&(objectclass=groupofuniquenames)(cn={0})) (&(|(objectclass=inetorgperson)(objectclass=webtopuser))(cn={0}))) |
The search filter used to search for end users and groups in the directory, under the base specified by name. |
iim_ldap.allowwildcardinuid |
False |
Determines if wildcards should be enabled for UIDs while performing a search. As most directory installations have UIDs indexed for exact searches only, the default value is False. Setting this value to True can impact performance unless UIDs are indexed for substring search. |
iim_ldap.userclass |
inetOrgPerson,webtopuser |
The LDAP class that indicates that an entry belongs to an end user. |
iim_ldap.groupclass |
groupOfUniqueNames |
The LDAP class that indicates that an entry belongs to a group. |
iim_ldap.groupbrowsefilter |
(objectclass=groupofuniquenames) |
The search filter used to browse all groups in the directory, under the specified search base. |
iim_ldap.searchlimit |
40 |
Maximum number of entries to be returned by a search. A value of -1 means search is disabled on this server and a value of 0 indicates unlimited search. |
iim_ldap.userdisplay |
cn |
LDAP attribute to use for display name of end users. |
iim_ldap.groupdisplay |
cn |
LDAP attribute to use for display name of groups. |
im_ldap.useruidattr |
uid |
LDAP attribute used as end users’ UID. |
im_ldap.groupmemberattr |
uniquemember |
LDAP attribute that gives the list of members of a group. |
iim_ldap.usermailattr |
|
LDAP attribute that should contain end users’ provisioned email addresses. Used when the email message is sent to an offline end user. |
iim_ldap.userattributes |
None |
LDAP attribute that contains the list of custom attributes from the LDAP user entry. |
iim_ldap.groupattributes |
None |
LDAP attribute that contains the list of custom attributes from the LDAP group entry. |
iim_ldap.groupmemberurlattr |
None |
The membership attribute of a dynamic group, which contains the LDAP filter or the LDAP URL. |
iim_ldap.useidentityadmin |
The default value is true, if you chose to leverage an Access Manager deployment for policy when you ran the configure utility. Otherwise, the default value is false. |
If the value is true then the Access Manager Administrator credentials will be used to bind to the Directory Server. |
iim.register.enable |
None |
If TRUE, the server allows new Instant Messaging end users to register themselves (add themselves to the directory) using Instant Messenger. |
iim_ldap.register.basedn |
None |
If self-registration is enabled, the value of this parameter is the DN of the location in the LDAP directory in which person entries are stored. For example: "ou=people,dc=siroe,dc=com" |
iim_ldap.register.domain |
None |
The domain to which new users will be added. For example, directory.siroe.com. |
Table A–3 lists and describes the logging configuration parameters for both log4j-based logging and iim.conf parameter-based logging.
Table A–3 Logging Configuration Parameters
Parameter |
Default Value |
Description |
---|---|---|
iim.log.iim_server.severity |
INFO |
Level of logging required for the server module. The possible values from highest to lowest are: FATAL, ERROR, WARNING, INFO, and DEBUG. If a lower level of logging is chosen, it is implied that you get the higher levels too. For example, if you choose WARNING you get FATAL, ERROR, and WARNING. |
iim.log.iim_server.url |
im-runtime-base/log/xmppd.log |
Location of the server log file. This file needs to be periodically trimmed to prevent disk space from filling up. |
iim.log.iim_mux.severity |
INFO |
Level of logging required for the multiplexor module. The possible values from highest to lowest are: FATAL, ERROR, WARNING, INFO, and DEBUG. If a lower level of logging is chosen, it is implied that you get the higher levels too. For example, if you choose WARNING you get FATAL, ERROR, and WARNING. |
iim.log.iim_mux.url |
im-runtime-base/log/mux.log |
Location of the multiplexor log file. This file needs to be periodically trimmed to prevent disk space from filling up. |
iim.log.iim_mux.maxlogfiles |
10 |
The maximum number of log files to store for the multiplexor. Once this number is exceeded, the oldest multiplexor log file is deleted. |
iim.log.iim_mux.maxlogfilesize |
10 MB |
This parameter contains the maximum size of a multiplexor log file. If the log files exceeds the size specified in this parameter then a new log file is created. |
iim.log.iim_server.maxlogsize |
This parameter contains the maximum size of a server log file. If the log files exceeds the size specified in this parameter then a new log file is created. |
|
iim.log.iim_wd.severity |
INFO |
Level of logging required for the watchdog. The possible values from highest to lowest are: FATAL, ERROR, WARNING, INFO, and DEBUG. If a lower level of logging is chosen, it is implied that you get the higher levels too. For example, if you choose WARNING you get FATAL, ERROR, and WARNING. |
iim.log.agent-calendar.severity |
INFO |
Level of logging required for the Calendar agent. The possible values from highest to lowest are: FATAL, ERROR, WARNING, INFO, and DEBUG. If a lower level of logging is chosen, it is implied that you get the higher levels too. For example, if you choose WARNING you get FATAL, ERROR, and WARNING. |
iim.log4j.config |
im-cfg-base |
Specifies the location and name of the log4j configuration file. If no value exists for this parameter, the logger will look for log4j.conf in im-cfg-base. If the logger does not find log4j.conf in im-cfg-base, it uses the parameter-based logging method, instead of log4j. |
Table A–4 lists and describes the Instant Messaging server configuration parameters.
Table A–4 General Instant Messaging server Configuration Parameters
Parameter |
Default Value |
Description |
|
---|---|---|---|
iim_server.autosubscribe |
FALSE |
Indicates whether subscriptions are automatically authorized by the server. The possible values are TRUE and FALSE. If TRUE, subscribe requests are automatically followed by a subscribed response generated by the server. The server then sends the modified roster to the subscriber and the user the subscriber added as a contact. The user and the contact must be in the same domain to use this feature. |
|
iim_server.domainname |
host’s domain name |
The logical Instant Messaging server domain name you want this server to support. This is the name that is used by other servers in the network to identify this server. It is also the name used by this server to identify its end users to other servers. This is not necessarily the Fully Qualified Domain Name of the system running the Instant Messaging server. For example, if the system iim.xyz.com is the only Instant Messaging server for a company xyz.com, then the domain name is likely to be xyz.com. |
|
iim_server.port |
5269 |
IP address and port for the server to bind to, and to listen for connections from other servers. IP address setting is useful for multi homed machines when you want to use only one particular IP address. If no IP address is listed, this indicates a value of INADDR_ANY on localhost. |
|
iim_server.useport |
TRUE |
Indicates whether the server should listen on the server-to-server communication port. The possible values are TRUE and FALSE. If TRUE, the server listens on the port defined by iim_server.port or on port 5269, if that is not explicitly defined. |
|
iim_server.clienttimeout |
15 |
Specifies the time, in minutes, before the server discards client connections that are no longer active. For example, when a machine is turned off. The minimum accepted value is 5. |
|
iim_server.usesso |
The default value is 1, if you chose to leverage an Access Manager deployment for SSO when you ran the configure utility. Otherwise, the default value is 0. |
This parameter tells the server whether or not to depend on the SSO provider during authentication. An SSO provider is a module the server uses to validate a session ID with a SSO service. TheAccess Manager Session API provides the Instant Messaging server with the ability to validate session IDs sent by the client. The value for this parameter can either be 0, 1, or -1. 0 - do not use the SSO provider. 1 - use the SSO provider first and default to LDAP if the SSO validation fails. -1- use SSO provider only without attempting LDAP authentication even when the SSO validation fails. The iim_server.usesso parameter is used in conjunction with the iim_server.ssoprovider parameter. |
|
iim_server.ssoprovider |
None |
Specifies the class implementing the com.sun.im.provider.SSOProvider interface. If iim_server.usesso is not equal to 0 and this option is not set, the server uses the default Access Manager–based SSO Provider. |
|
iim.policy.modules |
The default value is identity, if you chose to leverage an Access Manager deployment for policy when you ran the configure utility. Otherwise, the default value is iim_ldap. |
If the value is identity, indicates that Sun Java System Access Manager is used for policy storage. If the value is iim_ldap, directory is used. |
|
iim.userprops.store |
file |
If the value is file, indicates that the user properties are stored in a user properties file. If the value is ldap, directory is used. |
|
iim_server.msg_archive |
false |
This parameter specifies whether the archive provider should be enabled or disabled. Set this value to false to disable all archiving. Set the value to true to enable all archiving, including Portal, email, and any custom archive provider you want to use. |
|
iim_server.msg_archive.provider |
None |
This parameter contains the list of archive providers. This parameter allows multiple values and each value is separated by a comma (,). If you are using the Portal Server Search based archive, the value should be com.iplanet.im.server.IMPSArchive. If you are using email archiving, the value should be com.iplanet.im.server.EmailIMArchive. |
|
iim_server.conversion |
false |
This parameter specifies whether message conversion should be enabled. It specifies whether the configured list of Message Conversion Providers should be used for message conversion. |
|
iim_server.conversion.provider |
None |
This parameter contains the list of Message Conversion Providers to be used for message conversion. This parameter allows multiple values with each value is separated by a comma (,). |
|
iim_server.servertimeout |
-1 |
The server can be configured to automatically close the connection opened by a remote server, if the remote server is inactive. This is performed by periodically measuring the time the last request was made by the remote server to the server. The connection to the remote server is terminated, if the time of the last request made by the remote server exceeds the value of the iim_server.servertimeout parameter. The parameter value is in minutes. |
|
iim_server.enable |
true |
This value defines whether or not the Instant Messaging server is enabled. This parameter is set false to enable the Instant Messaging multiplexor. |
|
iim_server.conversion.external.command |
None |
This parameter contains the external command used for message conversion. |
|
iim_server.stat_frequency |
1 |
This parameter contains the frequency at which the server logs the summary of activities to the log file. The server logs the summary of activities to the log file only if the server minimum log severity is set to INFO or lower. The value is in minutes. |
|
iim_server.certnickname |
Server-Cert |
This value should contain the name of the certificate you entered while installing the certificate. The certificate name is case-sensitive. |
|
iim_server.sslkeystore |
None |
Contains the relative path and filename for the server's Java keystore (JKS). For example:
|
|
iim_server.keystorepasswordfile |
sslpassword.conf |
This value should contain the relative path and the name of the file containing the password for the key database. This file should contain the following line: Internal (Software) Token:password Where password is the password protecting the key database. |
|
iim_server.requiressl |
false |
If true, the server will terminate any connection that does not request a TLS connection after the initial stream session is set up. This includes connections from clients, other servers, and server components, such as the XMPP/HTTP Gateway and agents, except the multiplexor. |
|
iim_server.trust_all_cert |
false |
If this value is true than the server will trust all certificates and will also add the certificate information into the log files. |
For communication between multiple Instant Messaging servers in your network, you need to configure your server to identify itself with the other servers and identify itself with each coserver, or cooperating server, which will have a connection to your server. The coserver identifies itself with its Instant Messaging domain name, host and port number, server ID, and password.
Each cooperating server is given a symbolic name, which is a string consisting of letters and digits, for example, coserver1. Using the symbolic naming convention you can specify multiple servers.
When Instant Messaging servers are configured in this manner, you can form a larger Instant Messaging community. Therefore, end users on each server can do the following:
Communicate with end users on every other server
Use conferences rooms on other servers
Subscribe to news channels on other servers (subject to access privileges)
Table A–5 lists and describes the multiple server configuration parameters.
Table A–5 Multiple Server Configuration Parameters
Parameter |
Default Value |
Description |
---|---|---|
iim_server.serverid |
None |
String used by this server to identify itself to all other servers. |
iim_server.password |
None |
Password used by this server to authenticate itself to all other servers. |
iim_server.coservers |
None |
Comma separated list containing symbolic names of the servers that can connect to this server. Any meaningful names are allowed, but they must match what you use for the *.serverid, *.password, and *.host parameters. Examples: iim_server.coservers=coserver1,coserver2 or iim_server.coservers=abc,xyz,ntc |
iim_server.coserver1.serverid |
None |
String that identifies the cooperating server represented by the name, coserver1 to authenticate to this server. For example, if you used abc in the iim_server.coservers list, then the corresponding name for its serverid would be iim_server.abc.serverid. |
iim_server.coserver1.password |
None |
Password used by cooperating server represented by the name, coserver1 to authenticate to this server. For example, if you used abc in the iim_server.coservers list, then the corresponding name for its password would be iim_server.abc.password. |
iim_server.coserver1.host |
None |
IP address and the port to connect to, for end users on this server to communicate to end users on the server represented by the name coserver1. For example, if you used abc in the iim_server.coservers list, then the corresponding name for its host would be iim_server.abc.host. The format is name:port or IPaddress:port. |
iim_server.coserver1.requiressl |
False |
Indicates if this server should require TLS when communicating with the server identified by coserver1. The possible values are TRUE and FALSE. |
Table A–6 lists and describes the multiplexor configuration parameters.
Table A–6 Multiplexor Configuration Parameters
Parameter |
Default Value |
Description |
|
---|---|---|---|
iim_mux.listenport |
multiplexorname or IP address:5222 |
IP address or FQDN and listening port on which the multiplexor listens for incoming requests from Instant Messenger. The value format is IPaddress:port or multiplexorname:port. If no IP address or domain name is listed, INADDR_ANY on localhost is assumed. If you change this value, also change the im.html and im.jnlp files so that they match the port value. |
|
iim_mux.serverport |
45222 |
The Instant Messaging server and port the multiplexor talks to. The value format is servername:port or IPaddress:port. |
|
iim_mux.numinstances |
1 |
Number of instances of the multiplexor. This parameter is valid only for Solaris platforms. |
|
iim_mux.maxthreads |
5 |
Maximum number of threads per instance of the multiplexor. |
|
iim_mux.maxsessions |
2000 |
Maximum number of concurrent connections per multiplexor process. |
|
iim_mux.usessl |
off |
If the value is set to on, the multiplexor requires an SSL handshake for each connection it accepts, before exchanging any application data. |
|
iim_mux.secconfigdir |
/etc/opt/SUNWiim/default/config |
This directory contains the key and certificate databases. In addition, it also usually contains the security module database. The name of the /default directory may vary if you created multiple instances of Instant Messaging. |
|
iim_mux.keydbprefix |
None |
This value should contain the key database filename prefix. The key database file name must always end with key3.db. If the Key database contains a prefix, for example This-Database-key3.db, then value of this parameter is This-Database. |
|
iim_mux.certdbprefix |
None |
This value should contain the certificate database filename prefix. The certificate database file name must always end with cert7.db. If the certificate database contains a prefix, for example Secret-stuff-cert7.db, then value of this parameter is Secret-stuff. |
|
iim_mux.secmodfile |
secmod.db |
This value should contain the name of the security module file. |
|
iim_mux.certnickname |
Multiplexor-Cert |
This value should contain the name of the certificate you entered while installing the certificate. The certificate name is case-sensitive. |
|
iim_mux.keystorepasswordfile |
/etc/opt/SUNWiim/default/config/sslpassword.conf |
This value should contain the relative path and the name of the file containing the password for the key database. This file should contain the following line:
Where password is the password protecting the key database. The name of the /default directory may vary if you created multiple instances of Instant Messaging. |
|
iim_mux.stat_frequency |
600 |
This value should contain the frequency at which the multiplexor logs the summary of activities to the log file. The minimum value is 10 seconds. |
|
iim_mux.enable |
true |
If the value is true then the multiplexor will run for this instance. If the value is false then the multiplexor will not run for this instance. |
Table A–7 lists the parameters you use to administer the Instant Messaging redirect server.
Table A–7 Redirect Server Parameters
Parameter |
Default Value |
Description |
---|---|---|
iim_server.redirect.provider |
None |
Comma-separated list of redirect provider names or classes that implement the com.sun.im.provider.Redirector interface. Any value for this parameter defines the server instance as a redirect server. Supported values include db, roundrobin, regex, and class names that implement the com.sun.im.provider.Redirector interface. |
iim_server.redirect.to |
None |
Comma-separated list of nodes to which this redirect server may redirect client connections. Node names can be any alphanumeric string. This list may be a superset of the hosts defined in iim_server.redirect.to.nodename.host. |
iim_server.redirect.to.nodename.host |
None |
Where nodename is the name of the node as it exists in iim_server.redirect.to. This attribute is required for nodename to be used by the redirect server. |
iim_server.redirect.to.nodename.usessl |
False |
If true, then nodename is configured to use legacy SSL. See Overview of Using TLS and Legacy SSL in Instant Messaging for more information. |
iim_server.redirect.db.users |
im-db-base/redirect.db |
Name and location of the redirect database. |
iim_server.redirect.db.partitions |
im-cfg-base/redirect.partitions |
Name and location of the redirect partitions file. |
iim_server.redirect.db.partitionsize |
5000 |
The maximum number of users in a partition. |
iim_server.redirect.roundrobin.partitions |
im-cfg-base/redirect.partitions |
Name and location of the redirect partitions file. |
iim_server.redirect.pollfrequency |
|
The interval between connections made by the redirect server to the hosts defined in the redirect.hosts file. The redirect server polls these hosts to determine if they are online and able to accept client connections. |
Table A–8 lists the parameters you use to manage Instant Messaging archiving.
Table A–8 Archive Parameters
Parameter |
Default Value |
Description |
---|---|---|
iim_arch.title.attr |
Title |
This parameter contains the name of the field equivalent to the Title field in the default schema of the Portal Server Search. |
iim_arch.keyword.attr |
Keyword |
This parameter contains the name of the field equivalent to the Keyword field in the default schema of the Portal Server Search. |
iim_arch.readacl.attr |
ReadACL |
This parameter contains the name of the field equivalent to the ReadACL field in the default schema of the Portal ServerSearch. |
iim_arch.description.attr |
Description |
This parameter contains the name of the field equivalent to the Description field in the default schema of the Portal Server Search. |
iim_arch.fulltext.attr |
Full-Text |
This parameter contains the name of the field equivalent to the Full-Text field in the default schema of the Portal Server Search. |
iim_arch.category.attr |
Category |
This parameter contains the name of the field equivalent to the Category field in the default schema of the Portal Server Search. |
iim_arch.readacl.admin |
None |
This parameter contains the administrator’s DN. Multiple values should be separated by “;” |
iim_arch.readacl.adminonly |
false |
This parameter will contain true or false. true - Only the administrator’s DN specified by the parameter iim_arch.readacl.admin will be added to the ReadACL field overwriting the default behavior of the ReadACL field. false - The administrator’s DN specified by the parameter iim_arch.readacl.admin will be added to the ReadACL field in addition to the default behavior. |
iim_arch.categories |
all |
This parameter contains a list of message types that can be archived. The value can be: poll alert chat conference news Multiple values can be specified separated by commas (,). |
iim_arch.categoryname |
None |
If a category name is not assigned for any of the categories then the value of this parameter is used as the category name. |
iim_arch.alert.categoryname |
None |
This parameter contains the name of the category containing the archived alert messages. It is not required to dedicate a category to alert messages. |
iim_arch.poll.categoryname |
None |
This parameter contains the name of the category containing the archived poll messages. It is not required to dedicate a category to poll messages. |
iim_arch.conference.categoryname |
None |
This parameter contains the name of the category containing the archived conference messages. It is not required to dedicate a category to conference messages. |
iim_arch.chat.categoryname |
Name |
This parameter contains the name of the category containing the archived chat messages. It is not required to dedicate a category to chat messages. |
iim_arch.news.categoryname |
None |
This parameter contains the name of the category containing the archived news messages. It is not required to dedicate a category to news messages. |
iim_arch.conference.quiettime |
5 |
This parameter contains the maximum duration of silence between two consecutive messages in a room (both public and private) after which the RD expires and a new RD is created for archiving the message. The value is in minutes. |
iim_arch.poll.maxwaittime |
15 |
This parameter contains the (maximum) time for which poll data is buffered in the server. The value is in minutes. |
iim_arch.ignoreexplicitdeny |
true |
This parameter will contain true or false. true - For Poll and Conference category the data with explicit deny access will not be archived. Each time when these messages are not archived this information will be logged into the xmppd.log file. false - For Poll and Conference category the data with explicit deny access will not be archived and the message will be added to the Portal Server Search database. Note: If you do not explicitly deny access to a room or a news channel then the default access is either READ or WRITE or MANAGE. Some end users can also be granted NONE access. |
iim_arch.portal.search |
None |
The value of the this parameter should be the URL of the Portal Server Search servlet. For example: http://www.example.com/portal/search If this parameter is not present then the Archive Provider determines the value of the Portal Server Search URL based on the AMConfig.properties file present on the system. |
iim_arch.portal.admindn |
None |
The value of this parameter should be the DN of the admin user. For example: uid=amadmin,ou=People,o=internet This parameter is required when the Document level Security in the Portal Server Server is on. |
iim_arch.portal.adminpassword |
None |
The value of this parameter should be the password of the administrative user as specified by the iim_arch.portal.admindn parameter. This parameter is required when the Document level Security in the Portal Search Server is on. |
iim_arch.portal.search.database |
None |
The value of this parameter should be the name of the database where the Instant Messaging server stores archived messages. If this parameter is not defined then all messages are stored in the default database of Portal Server Search. |
iim_arch.admin.email |
Empty String |
Comma-separated list of administrator email addresses. |
iim_arch.alert.admin.email |
None |
Comma-separated list of administrator email addresses to which all archived alert messages will be sent. This parameter overrides iim_arch.admin.email for alert messages. |
iim_arch.chat.admin.email |
None |
Comma-separated list of administrator email addresses to which all archived chat messages will be sent. This parameter overrides iim_arch.admin.email for chat messages. |
iim_arch.conference.admin.email |
None |
Comma-separated list of administrator email addresses to which all archived conference messages will be sent. This parameter overrides iim_arch.admin.email for conference messages. |
iim_arch.poll.admin.email |
None |
Comma-separated list of administrator email addresses to which all archived poll messages will be sent. This parameter overrides iim_arch.admin.email for poll messages. |
iim_arch.news.admin.email |
None |
Comma-separated list of administrator email addresses to which all archived news messages will be sent. This parameter overrides iim_arch.admin.email for news messages. |
iim_arch.email.archiveheader.name |
None |
Name of the extended RFC 822 header. |
iim_arch.email.archiveheader.value |
all |
Value corresponding to the header name for iim_arch.email.archiveheader.name. |
The watchdog monitors the server process and attempts to restart the server if it determines that the server is not running. See Managing the Watchdog Process
Table A–9 lists and describes the watchdog configuration parameters.
Table A–9 Watchdog Configuration Parameters
Parameter |
Default Value |
Description |
---|---|---|
iim_wd.enable |
true |
Enables the watchdog feature. To reset this parameter or disable the watchdog, set this to false. To avoid conflicts, you should disable the watchdog if you are monitoring the Instant Messaging server using the operating system administration console. |
iim_wd.period |
300 (seconds) |
The watchdog periodically polls the server to check whether it is running. This parameter sets the interval between two status polls. |
iim_wd.maxRetries |
3 |
Sets the number of retries, times the watchdog will attempt to contact the Instant Messaging server, before shutting down and restarting the server. The maximum is ten retries. |
The parameter in Table A–10 configures how the server interacts with the Sun Java Enterprise System Monitoring Framework.
Table A–10 Monitoring Parameters
Parameter |
Default Value |
Description |
---|---|---|
iim_server.monitor.enable |
false |
Used by the Sun Java Enterprise System Monitoring Framework. If true, configures the server to make its activities available to mfwk. Otherwise, the server does not make its activities available. |
iim_server.monitor.htmlport |
None. |
If specified, opens the JMX HTML adaptor port on the specified port. By default, this port is not enabled as opening this port can present a security risk. |
Agents, such as the Calendar agent, enable functionality within the Instant Messaging server and enhance its interoperability with other Sun Java System servers.
Table A–11 lists and describes agent configuration parameters.
Table A–11 Agent Configuration Parameters
Parameter |
Default Value |
Description |
---|---|---|
jms.consumers |
None |
Used with the Calendar agent. Contains the name of the alarm. The value for this parameter must be set to: cal_reminder |
jms.consumer.cal_reminder.destination |
None |
Used with the Calendar agent. Destination of the alarm. This must be the same as the value of the caldb.serveralarms.url configuration parameter in the ics.conf file. For example, enp:///ics/customalarm |
jms.consumer.cal_reminder.provider |
None |
Used with the Calendar agent. The name of the provider. Typically, this is set to ens. The value for this parameter must be the same as the name in the jms.providers parameter. |
jms.consumer.cal_reminder.type |
None |
Used with the Calendar agent. The type of alarm to set. The value for this parameter must be set to: topic |
jms.consumer.cal_reminder.param |
None |
Used with the Calendar agent. The alarm parameter. The value for this parameter must be set as follows including the quotes: "eventtype=calendar.alarm" |
jms.consumer.cal_reminder.factory |
None |
Used with the Calendar agent. A listener that registers itself for the new calendar reminder messages. The value for this parameter must be set to: com.iplanet.im.server.JMSCalendarMessageListener |
jms.providers |
None |
Used with the Calendar agent. The name of the provider. Typically, you set the value of this parameter to ens. This must be the same as the value for the jms.consumer.cal_reminder.provider parameter. |
jms.provider.ens.broker |
None |
Used with the Calendar agent. Hostname of the ENS and the port number on which the ENS listens for incoming requests. Set to the port specified in the ics.conf file service.ens.port parameter. The default is 57997. For example: jms.provider.ens.broker=cal.example.com:57997 |
jms.provider.ens.factory |
None |
Used with the Calendar agent. Factory class used for creating the topic connection objects. The value for this parameter must be set as follows. Enter the value on a single line: com.iplanet.ens.jms.EnsTopicConnFactory |
iim_agent.enable |
False |
If TRUE, iim.conf, enables Instant Messaging agents. Set the value to FALSE, or remove the parameter from iim.conf to disable all agents. |
iim_agent.agent-calendar.enable |
None |
Used with the Calendar agent. If TRUE or absent from iim.conf, loads a component that enables the Calendar agent specifically. |
agent-calendar.jid |
None |
The JID of the Calendar agent. |
agent-calendar.password |
None |
Defines the password with which the Calendar agent connects to the Instant Messaging server. |
iim_server.components |
None |
Describes the Calendar agent as a component of the Instant Messaging server. The value of this parameter must be set to: agent-calendar |
Instant Messaging stores configuration settings for the XMPP/HTTP Gateway in the httpbind.conf file. This appendix describes the configuration parameters and the file in the following sections:
Any time you modify the httpbind.conf file, you need to restart the XMPP/HTTP Gateway using the tools provided by your web container or application server.
By default, the configure utility creates the httpbind.conf file within the Configuration Directory (im-cfg-base) of the default server instance, for example:
On Solaris:
/etc/opt/SUNWiim/default/config/httpbind.conf
On Linux:
/etc/opt/sun/im/default/config/httpbind.conf
If you created multiple instances of Instant Messaging, the name of the /default directory will vary depending on the instance. See Creating Multiple Instances from a Single Instant Messaging Installation for more information. This file is created by the configure utility only in the default instance's im-cfg-base directory.
The httpbind.conf file is a plain ASCII text file, with each line defining a gateway parameter and its value(s):
A parameter and its value(s) are separated by an equal sign (=) with spaces and tabs allowed before or after the equal sign.
A value can be enclosed in double quotes (" "). If a parameter allows multiple values, the entire value string must be enclosed in double quotes.
A comment line must have an exclamation point (!) as the first character of the line. Comment lines are for informational purposes and are ignored by the server.
If a parameter appears more than once, the value of the last parameter listed overrides the previous value.
A backslash (\) is used for continuation and indicates the value(s) are longer than one line.
Each line is terminated by a line terminator (\n, \r, or \r\n).
The key consists of all the characters in the line starting with the first non-whitespace character and up to the first ASCII equal sign (=) or semi-colon (;). If the key is terminated by a semi-colon, it is followed by “lang-” and a tag that indicates the language in which this value is to be interpreted. The language tag is followed by an equal sign (=). All whitespace characters before and after the equal sign are ignored. All remaining characters on the line become part of the associated value string.
Multiple values in the value string are separated using commas (,).
Within a value, if any special characters like comma, space, newline, tab, double quotes, or backslash are present, the entire value needs to be within double quotes. In addition, every carriage return, line feed, tab, backslash, and double quotes within the value must specified with a backslash (\).
If you make changes to httpbind.conf, you must refresh the gateway's web container in order for the new configuration settings to take effect.
The httpbind.conf file is initialized by the configure utility and should be modified only as described in this guide.
Table B–1 describes the configuration parameters in httpbind.conf.
Table B–1 XMPP/HTTP Gateway Configuration Parameters in httpbind.conf
Parameter |
Default Value |
Description |
---|---|---|
httpbind.pool.nodeId |
N/A |
If httpbind.pool.support is set to true, this parameter specifies the full URL for the server node in the server pool. This URL should not point to a load balancer, but to an Instant Messaging server instance. |
httpbind.pool.support |
false |
This parameter defines whether or not the gateway is in a server pool deployment. If no httpbind.pool.nodeId is specified, the value for this parameter is set to false. The value for this parameter can be:
|
httpbind.config |
N/A |
Contains a comma-separated list of ID keys, or gwdomain-id, which the gateway uses as a configuration key to determine which domains, hosts, host passwords, and component JIDs the gateway should use. See Table B–2 for more information on ID keys. |
httpbind.content_type |
text/xml; charset=utf-8 |
The default value for the content-type HTTP header the gateway uses when sending a response back to the client. |
httpbind.hold |
N/A |
Specifies the maximum permissible value for the hold attribute in the client request as defined in JEP 124. If the client specifies a value higher than the gateway in the request, the gateway's value will be used. Otherwise, the value in the client request will be used. |
httpbind.inactivity |
180 |
The maximum time in seconds of client inactivity after which the gateway will terminate the connection to the client. |
httpbind.log4j.config |
N/A |
The location of the log4j configuration file the gateway will use for logging. If you leave this parameter blank, then logging for the gateway is turned off. The logger name is “httpbind” (log4j.logger.httpbind). |
httpbind.polling |
1 (second) |
The minimum time, in seconds, a client must wait before sending another request. |
httpbind.requests |
2 |
The number of concurrent requests a client can make to the gateway. If the value of this parameter is less than the value for the JEP 124 hold attribute in the client request, the value for this parameter will be set to hold+1. Do not set this parameter to 1, as doing so could severely degrade performance. See httpbind.hold for more information. |
httpbind.round_trip_delay |
1 (second) |
The amount of time, in seconds, to allow in addition to time-outs for round trips to account for network latencies. Setting this value too high may degrade performance. |
httpbind.wait_time |
120 (seconds) |
The default time, in seconds, within which the gateway will send a response to the client. If the client wait time is set to a value higher than the gateway wait time, the gateway's wait time is used. |
Table B–2 describes the keys used to define each ID in the httpbind.config parameter. In each key described in the table, gwdomain-id is a domain identifier specified in httpbind.config.
Table B–2 httpbind.config ID Keys
Key |
Description |
---|---|
gwdomain-id.domains |
Comma-separated list of domains for this ID. |
gwdomain-id.hosts |
Space-separated list of hosts for this ID. Each of these hosts must be able to service the domains listed in gwdomain-id.domains. This list helps provide failover across the domains. If no explicit route host mentioned in the request, one of the hosts listed in this key will be used to service that request. |
gwdomain-id.componentjid |
The component JID to use to connect to the host. |
gwdomain-id.password |
The password to use to connect to the host. |
This chapter explains the imadmin command used to administer Instant Messaging in the following sections:
You can use the imadmin utility to start, stop, and refresh the Instant Messaging server and multiplexor. Run imadmin as root or as the end user you specified during configuration.
You must invoke the imadmin utility from the host on which Instant Messaging server is installed.
By default, imadmin is installed in the following location:
im-svr-base/sbin
Table C–1 lists and describes commands related to the imadmin command.
Table C–1 imadmin Commands and Descriptions
Command |
Description |
---|---|
imadmin assign_services |
If iim.policy.modules is set to identity, this command assigns Instant Messaging and presence services to existing users under the base DN you specify. The DN should be the base DN of the organization under which user entries are stored. If iim.policy.modules is set to iim_ldap, and iim.userprops.store is set to ldap, this command adds objectclasses (sunIMUser, and sunPresenceUser) to user entries in the directory. Instant Messaging requires these objectclasses in order to store properties in LDAP. |
imadmin status (Previously imadmin check) |
Checks to see if the components (server, multiplexor, agent-calendar, and watchdog) are up and running and displays the results. If you don’t specify a component, the imadmin utility returns information about all components. |
imadmin start |
Starts the enabled component(s). |
imadmin stop |
Stops the enabled component(s). |
imadmin refresh |
Refreshes the enabled component(s). |
imadmin start server |
Starts only the server. |
imadmin stop server |
Stops only the server. |
imadmin refresh server |
Refreshes only the server. |
imadmin start multiplexor |
Starts only the multiplexor. |
imadmin stop multiplexor |
Stops only the multiplexor. |
imadmin refresh multiplexor |
Refreshes only the multiplexor. |
imadmin start agent-calendar |
Starts only the Calendar agent. |
imadmin stop agent-calendar |
Stops only the Calendar agent. |
imadmin refresh agent-calendar |
Refreshes only the Calendar agent. |
imadmin start watchdog |
Starts only the watchdog. |
imadmin stop watchdog |
Stops only the watchdog. |
imadmin refresh watchdog |
Refreshes only the watchdog. |
imadmin version |
Displays the version. |
imadmin [options] [action] [component]
Table C–2 lists and describes options for the imadmin command.
Table C–2 Options for imadmin command
Option |
Description |
---|---|
-c alt-config-file |
Used with the start and refresh actions, to specify a different configuration file other than /etc/opt/SUNWiim/config/iim.conf file |
-h |
Displays help on the imadmin command. |
Table C–3 lists and describes actions performed after various imadmin commands are issued.
Table C–3 Actions for imadmin Command
Option |
Description |
---|---|
status (Previously imadmin check) |
Returns information about Instant Messaging components (server, multiplexor, agent-calendar, and watchdog). You do not need to provide a [component] with this action. |
start |
Sets the classpath, the Java heap size and starts all the specified components. |
stop |
Stops all the specified component’s daemons. |
refresh |
Stops and starts the specified component(s). Useful after a configuration change. |
Table C–4 lists and describes the components for the imadmin command.
Table C–4 Components for imadmin Command
Option |
Description |
---|---|
agent-calendar |
Indicates the Calendar agent (agent-calendar). |
multiplexor |
Indicates the multiplexor alone. |
server |
Indicates the Instant Messaging server. |
watchdog |
Indicates the watchdog. |
This chapter describes the APIs used by Instant Messaging in the following sections:
Instant Messaging provides Java APIs which can be used to develop extension or integration modules. Detailed documentation of these APIs are provided with the installed Instant Messenger component, in the form of HTML files generated by Javadocs. The Javadoc files are installed in the im-svr-base/html/apidocs/ directory. To view the API documentation, point your browser to codebase/apidocs where codebase is the Instant Messenger resources codebase.
The following are the Instant Messaging APIs:
The Instant Messaging API is used by the applications located on the same host or in the remote host to access Instant Messaging services, such as Presence, Conference, Notification, Polls and News channels.
The Instant Messaging Service API can be used for:
A Java-based or web-based client, such as a portal channel.
A Bridge or a Gateway to enable another class of clients.
Integration of Instant Messenger and Presence into existing applications.
Displaying news feeds as Instant Messenger news.
A Messenger bean is a dynamically loaded module used to extend Instant Messenger functionality. Messenger beans can add action listeners, such as buttons and menu items, and item listeners, such as check boxes and toggle buttons in the existing Instant Messenger window. The item listeners are invoked when an end-user input is received and bean-specific actions are based on the end-user input. Beans have the ability to add their own settings panel and save bean-specific properties on the server. Beans can be notified of any event received by Instant Messenger, for example, a new alert message.
The applications that use Messenger Beans include the following:
Ability for end users to share application and conference along with voice or video.
Ability to retrieve and process the transcript of a conference. For example, the contents of a received or sent alert, for archiving purposes.
The Service Provider Interface APIs provide the ability to extend the Instant Messaging server functionality. The Service Provider Interface is composed of the following independent APIs:
An Archive Provider is a software module usually providing integration with the archive or auditing system. Each configured Archive Provider is invoked for each server process.
The Archive Provider is invoked for the following server processes:
When an instant message is sent, such as alert, poll, chat, news or conference messages.
During an authentication event, such as login or logout.
When there is a change in the presence status.
During a subscription event. For example, when someone joins or leaves a conference, or subscribes or unsubscribes to a news channel.
The application that uses the Archive Provider API are as follows:
Instant Messaging Archive
The default Instant Messaging archive in Instant Messaging is based on the Archive Provider API. For more information on Instant Messaging Archive, see Chapter 18, Managing Archiving for Instant Messaging.
The application that records the usage statistics for sizing purposes.
A Message Converter is invoked for every message or each message part going through the server. The Message Converter may leave the message part intact or modify or remove the message part. The text parts are processed as Java String Objects. The Message Converter processes other attachment as a stream of bytes and returns a potentially different stream of bytes, or nothing at all if the attachment is to be removed.
The applications that uses Message Conversion API include the following:
Virus checking and removal
Translation engine integration
Message content filtering
The Authentication Provider API provides the ability to deploy Instant Messaging in environments that are not using Access Manager password-based or token-based authentication service. This API is invoked whenever an end user requests authentication, and it can be used in conjunction with the LDAP authentication.
Single Sign-on (SSO) with Access Manager is performed using the Authentication Provider API. This API can also be used to integrate with other authentication systems.
This appendix describes modifications made to the LDAP schema for Instant Messaging.
The following table lists LDAP objectclasses added to the schema and to entries in the directory for Instant Messaging.
Table E–1 Instant Messaging Objectclasses
Name |
Description |
---|---|
sunIMUser |
Contains user properties. Added to user entries under base DN specified when you run the imadmin assign_services command. |
sunPresenceUser |
Contains user presence properties. Added to user entries under base DN specified when you run the imadmin assign_services command. |
sunIMNews |
Contains news channel properties. If userprops.store is set to ldap, when a new news channel is created, an entry for the news channel is added to the directory. The news channel entry will contain the sunIMNews objectclass. |
sunIMConference |
Contains conference room properties. If userprops.store is set to ldap, when a new conference room is created, an entry for the conference room is added to the directory. The conference room entry will contain the sunIMConference objectclass. |