test

Sun Java System Communications Express 6.3 Administration Guide

Configuration Parameter Details

You can modify calendar, mail, and address book configuration parameters as explained in the following tables.

Configuring Messenger Express Parameters in the uwcconfig.properties File

Table 3–1 lists all the messenger express related parameters

Table 3–1 Mail Parameters

Parameter 

Default Value 

Description 

mail.deployed

 

This parameter is set to true if Mail is deployed. The parameter is set when you run the configuration wizard.

webmail.host

 

Specifies the host on which the Messaging Server's HTTP service is running. The host name of Messenger Express should correspond to the machine name on which Web Server is deployed.  

webmail.port

 

Specifies the port number that the Messenger Express HTTP uses on the "MSG/HTTP" host. 

webmail.securedproxyauth

 

Specifies whether authentication is in SSL mode or non-SSL mode. If set to true, authentication is done in SSL mode 

webmail.proxyadmin

 

Specifies the proxy administration user ID 

webmail.ssl.port

 

Specifies the mail (HTTPS) server port. 

webmail.proxyadminpass

 

Specifies the encrypted proxy administrator's password in encrypted format. 

Configuring Directory Server Related Parameters for Sun Java System LDAP Schema V.1 in the uwcauth.properties File

You edit the parameters mentioned in Table 3–2 when the Authentication LDAP Server is different from the User or Group LDAP.

Table 3–2 LDAP Authentication Filter Parameters

Parameter 

Default Value 

Description 

ldapauth.ldaphost

 

Specifies the LDAP host value. Normally the ldapauth.ldaphost value is the same as the ldapusersession value. You can set it to a different value, if required.
     

ldapauth.ldapport

 

Specifies the LDAP port number 

ldapauth.dcroot

 

Specifies the DC root for the authentication tree 

ldapauth.domainattr

inetDomainBaseDN,inetDomainStatus,inetDomainSearchFilter,domainUidSeparator,preferredLanguage

Specifies the list of attributes to be retrieved from the domain entry in which the user is authenticated. 

ldapauth.domainfilter

(|(objectclass=inetDomain)(objectclass=inetDomainAlias))

Specifies the filter based on which the domain entry is retrieved. 

ldapauth.ldapbinddn

 

Specifies the User domain name of the user binding to the authentication LDAP. 

ldapauth.ldapbindcred

 

Specifies the password of the user binding to the authentication LDAP. 

ldapauth.enablessl

false

Specifies whether the directory against which authentication is to be performed is in SSL mode. 

Change the default value to true to set up a secure LDAP connection. 

Table 3–3 LDAP User Group Parameters

Parameters 

Default Value 

Description 

ldapusersession.ldaphost

 

Specifies the hostname of the user group directory server. 

ldapusersession.ldapport

 

Specifies the port number of the user/group directory server. 

ldapusersession.ldapbinddn

 

Specifies the UserDN of the administrator binding to the user or group directory server. 

ldapusersession.ldapbindcred

 

Specifies the password of the admin binding to the user tree.

ldapusersession.dcroot

 

Specifies the Domain Component (DC) tree in the user or group LDAP that is used to resolve a user entry in Sun Java System LDAP Schema v.1. 

ldapusersessionl.daploadbalancingstrategy

Specifies the LDAP load balancing strategy to be used. Valid values are 1, 2, or 3.

ldapusersession.basedn

 

This property is assigned a value during configuration of Communications Express. It specifies the basedn of the user group.

Configuring Access Manager Parameters in the uwcauth.properties File

Table 3–4 Access Manager Parameters

Parameter 

Default Value 

Description 

uwcauth.identity.enabled

 

Specifies whether Identity Server is enabled. The attribute is set to true if Access Manager’s single sign-on mechanism is used for authentication.

uwcauth.identity.binddn

 

Specifies the complete Distinguished Name (DN) of the amAdmin user.

For example, 

uid=amadmin, ou=People, o=siroe.com

uwcauth.identity.bindcred

 

Specifies the amAdmin password.

Configuring User Lookup Parameters for User or Group in the uwcauth.properties File

Table 3–5 User Lookup Parameters

Parameter 

Default Value 

Description 

ldapusersession.defaultugfilter

uid@domain

Specifies the default filter syntax to be used when retrieving the user entry. 

ldapusersession.ldappoolmin

30 

Specifies the minimum number of LDAP user connections to be created for a user or group LDAP. 

ldapusersession.ldappoolmax

100 

Specifies the maximum number of LDAP user connections to be created for a user or group LDAP. Enter an optimum value to suit your deployment’s requirement. 

Configuring Calendar Server Parameters in the uwcconfig.properties File

Note –

Ensure that the Proxy Authentication and Anonymous Access is enabled in Sun JavaTM System Calendar Server.

To enable Proxy Authentication and Anonymous Access, configure the following Calendar Server parameters in the calendar configuration file ics.config:

For more information about enabling Proxy Authentication and instructions on configuring the Calendar Server parameters, refer to Sun Java System Calendar Server 6.3 Administration Guide.

Table 3–6 Calendar Server Parameters

Parameter 

Default Value 

Description 

calendar.deployed

 

Is set to true if Calendar is deployed. The parameter is set when you run the configuration wizard.

calendar.wcap.host

 

Specifies the host name of the WCAP server. 

calendar.wcap.port

 

Specifies the port number WCAP listens to. 

calendar.wcap.adminid

 

Specifies the administrator user ID for the WCAP Server. 

calendar.wcap.passwd

 

Specifies the administrator password in encrypted form for the WCAP Server. 

Note –

Configuring the Address Book Personal Store Parameters in the db_config.properties File

Table 3–7 lists the default Address Book personal store configuration parameters in the db_config.properties file.

The file can be accessed from: uwc-deployed-path/WEB-INF/config/ldappstore/

Table 3–7 Personal Address Book Personal Store Parameters

Parameter 

Default Value 

Description 

defaultserver.ldaphost

 

Specifies the LDAP host for the Personal Address Book (PAB) store. 

defaultserver.ldapport

 

Specifies the port for the store. 

defaultserver.ldapbinddn

 

Specifies the DN used to bind to the Personal Address Book Store. 

This value depends on the login_type value if the login_type is set to restricted or proxy.

If the login type is anonymous you need not enter a value for this parameter.

defaultserver.ldapbindcred

 

Specifies the password for the DN used to bind to the Personal Address Book store. 

login_type

restricted 

Specifies the method through which the connection to the LDAP store is maintained. 

You can assign the following three values to this parameter: 

anon - Enables the user to connect to the LDAP as an anonymous user

restricted - Enables the user to connect as a user who has the rights to perform operations on the Address Book Store.

proxy - Enables the user to masquerade as a user who can perform operations on the Address Book Store. Assigning this value enhances performance as it bypasses the LDAP bind on each operation.

Note –

It is recommended that the user masquerading here have administration level Access Control Lists (ACLs).

defaultserver.ldappoolmin

Specifies the minimum number of LDAP client connections maintained for Personal Address Book Store. 

defaultserver.ldappoolmax

12 

Specifies the maximum number of LDAP client connections maintained for Personal Address Book Store. 

defaultserver.ldappooltimeout

10 

Specifies the number of seconds before timing out an LDAP connection. Increase this value to accommodate large search results. 

lookthru_limit

1000 

Specifies the search query limit for a search. 

delete_perm

true 

Enables contact or group entries to be marked for deletion or deleted permanently. 

Set the parameter to false to mark the contacts or groups for deletion.

Set the parameter to true to permanently delete the contacts and groups.

allow_duplicate_entries

 

Allows personal address book entries/groups to have the same name. 

Configuring Corporate Directory Parameters in the db_config.properties File

Table 3–8 lists the default corporate directory parameters in the db_config.properties file. By default, all the LDAP related information is set based on the values mentioned for the user or group directory.

The db_config.properties file can be accessed from:WEB-INF/config/corp-dir/

Table 3–8 Corporate Directory Parameters

Parameter 

Default Value 

Description 

defaultserver.ldaphost

 

Specifies the LDAP host for the Corporate Directory. 

defaultserver.ldapport

 

Specifies the port for the Corporate Directory. 

defaultserver.ldapbinddn

 

Specifies the DN used to bind to the Corporate Directory. 

If the login type is restricted or proxy it is mandatory to assign a value to defaultserver.ldapbinddn.

If the login type is anonymous you need not enter a value for this parameter.

defaultserver.ldapbindcred

 

Specifies the bind password. 

entry_id

uid 

Specifies the key in the corporate directory used to identify a contact or group entry. 

You can set the entry_id to the UID or a key used to fetch the contact or group information, such as, empid or principal ID.

In the xlate-inetorgperson.xml file replace “uid” in <entry entryID= “db:uid”\> with the entry_id value specified here.

login_type

restricted 

Specifies the method using which the connection to the LDAP store is maintained. 

You can assign the following three values to this parameter: 

anon - Enables users to connect to the LDAP as an anonymous user.

restricted - Enables users to connect as a user who has the rights to perform operations on the Address Book Store.

proxy - Enables users to masquerade as a user who can perform operations on the Address Book Store. Assigning this value enhances performance as it bypasses the LDAP bind on each operation.

NOTE: A Read only access is given to a masquerading user. 

defaultserver.ldappoolmin

Specifies the minimum number of LDAP client connections maintained for Corporate Directory. 

defaultserver.ldappoolmax

Specifies the maximum number of LDAP client connections maintained for Corporate Directory. 

defaultserver.ldappooltimeout

60 

Specifies the number of seconds before timing out an LDAP connection. Increase this value to accommodate large search results. 

lookthru_limit

3000 

Specifies the search query limit for a search. 

Corporate Directory maintains the following two xlate files in the format xlate-objectclass-name.xml.

In xlate-objectclass-name .xml, objectclass-name represents the object class identifying a particular LDAP entry type. For example, xlate-inetorgperson.xml is an object class used to identify a contact, and groupofuniquemembers is an object class used to identify a group in Sun Java System Directory Server.

The xlate files contain the field mappings between an LDAP schema and the address book XML schema for a contact or group. The mapping is defined in terms of XML nodes. For example,

ab-xml-schema-keydb:LDAPField /ab-xml-schema-key

In this example:

You need to provide an appropriate field name for LDAPField. The value assigned to LDAPField should correspond to the value of LDAPField existing in your corporate directory LDAP schema.

Example 3–1 is an example of the xlate-inetorgperson.xml file.

Example 3–1 Default Contents of xlate-inetorgperson.xml


<abperson uid="db:uid">
  <entry entryID="db:uid">
    <displayname>db:cn</displayname>
    <description>db:multilineDescription</description>
    <creationdate>db:createtimestamp</creationdate>
    <lastmodifieddate>db:modifytimestamp</lastmodifieddate>
  </entry>
  <person>
    <givenname>db:givenname</givenname>
    <surname>db:sn</surname>
  </person>
  <organization>
    <company>db:company</company>
    <organizationalunit>db:ou</organizationalunit>
    <location>db:expr: db:iplanetbuildingnum+' '+db:iplanetbuildinglev+' '+db:roomNumber</location>
    <title>db:title</title>
    <manager>db:manager</manager>
    <secretary>db:secretary</secretary>
  </organization>
  <phone priority="1" type="work">db:telephoneNumber</phone>
  <phone priority="2" type="fax">db:facsimileTelephoneNumber</phone>
  <phone priority="3" type="mobile">db:mobile</phone>
  <phone priority="4" type="home">db:homePhone</phone>
  <phone priority="5" type="pager">db:pager</phone>
  <email priority="1" type="work">db:mail</email>
  <im priority="1" service="SunONE">db:uid</im>
  <im priority="2" service="AIM">db:aimscreenname</im>
  <im priority="3" service="ICQ">db:icqnumber</im>
  <postaladdress type="home">
    <street>db:homePostalAddress</street>
  </postaladdress>
  <postaladdress type="work">
    <street>db:postaladdress</street>
  </postaladdress>
  <weburl priority="1">
    <urladdr>db:labeleduri</urladdr>
    <description>URL</description>
  </weburl>
  <weburl priority="2">
    <urladdr>db:homepage</urladdr>
    <description>Home URL</description>
  </weburl>
  <calendar type="calendar">
    <urladdr>db:caluri</urladdr>
  </calendar>
</abperson>

Configuring Secure Socket Layer

You can configure the Web Server or Application Server on which Communications Express is deployed in the SSL mode.

For information about how to configure the Web Server on which Communications Express is deployed in the SSL mode, refer to Sun Java System Web Server 7.0 Administrator’s Configuration File Reference guide.

For information about how to configure the Application Server on which Communications Express is deployed in the SSL mode, refer to Sun Java System Application Server Administration Guide.

ProcedureTo Use Communications Express in SSL Mode

  1. Set the following configuration parameters in the uwc-deployed-path /WEB-INF/config/uwcauth.properties file:

    • uwcauth.ssl.enabled=true. If set to true, the entire authentication process and access of the application is done in SSL mode.

    • uwcauth.https.port=SSL-port-number-of -the webcontainer-in which-uwc-is-deployed

    • webmail.ssl.port=SSL port for the Messaging Server

  2. Set the local.webmail.sso.uwcsslport Messenger Express parameter value to the SSL port-number of the Web Server in which Communications Express is deployed.

    This parameter is required to instruct Messenger Server to get Communications Express integration services. For example, if this parameter is set, then time out event of webmail will take the user to Communications Express' login page.

    For example, local.webmail.sso.uwcsslport=SSL port-number of the webserver in which communications express is deployed

  3. Set the webmail.ssl.port parameter for Messaging Server.

    Set the parameter to the SSL port that Messaging Server listens to.

ProcedureTo Configure Communications Express for SSLAuthentication Only

Communications Express can be configured for SSL authentication only, which implies that authentication can be performed over SSL, but access of the application thereafter is over non-SSL mode.

  1. Set uwcauth.ssl.enabled to false in the uwcauth.properties file.

  2. Set uwcauth.https.port to the SSL port number of the Web Server in which Communications Express is deployed.

  3. Set uwcauth.ssl.authonly to true.

    Note –

    The two parameters, uwcauth.ssl.authonly and uwcauth.ssl.enabled in the uwcauth.properties file are mutually exclusive .