After installation and post installation configuration, Calendar Server can be run as is. However, you can customize features in your system (reconfigure your system) by editing the ics.conf file.
Duplicate parameters are allowed in the ics.conf file. The system takes the value of the last instance of the parameter in the file.
Best Practices: To avoid confusion, add your customizations to the end of the file in a section you create for that purpose. For example, you can create a comment line with the following text: ! My ics.conf Changes. Then add any new parameters or any parameters that you are modifying, and their values. Add comments to each parameter describing why the change was made and add the current date. This will give you a history of the changes made to the system for later reference.
If you make extensive customizations, to improve processing efficiency, you might consider commenting out the original parameter that you are replacing. Also, periodically review the file, commenting out obsolete duplicate parameters.
This chapter, and the chapters that follow in Part III, Customizing Your Calendar Server Configuration, contain instructions and information you can use to reconfigure Calendar Server.
You can find the ics.conf file in the following directory:
For Solaris: /etc/opt/SUNWics5/cal/config
For Linux: /etc/opt/sun/calendar/config
Do not attempt to edit the configuration file until you have completed the following tasks:
Install or upgrade to Calendar Server 6 2006Q3.
Run the post installation configuration programs comm_dssetup.pl and csconfigurator.sh.
Run csmig, csvdmig, cs5migrate, csmigrate, and commdirmig as needed against your existing calendar databases. See Chapter 3, Database Migration Utilities for Calendar Server 6.3.
This chapter covers the following configuration topics:
4.3 Configuring Calendar for LDAP Users, Groups and Resources
4.7 Configuring Periodic Deadlock Checking for the Berkeley in Calendar Server Version 6.3
This section covers the two configuration file parameters to configure for Communications Express.
Communications Express requires the following:
Log in as an administrator with permission to change the configuration.
Stop Calendar Server services by issuing the stop-cal.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Edit the ics.conf parameters as shown in the following table:
Enables administrator proxy authentication when set to "yes". The default is "yes".
Lists the user ID's with administration rights to Calendar Server. The default is “calmaster”. This can be a space-separated list with multiple values. One of the values must be the value as specified in the uwconfig.properties file for calendar.wcap.adminid.
User ID of the calmaster. This should be the same as the user ID found in the calendar.wcap.adminid parameter of the uwcconfig.properties file.
Password for the calmaster. This should be the same as the user ID found in the calendar.wcap.passwd parameter of the uwcconfig.properties file.
The uwcconfig.properties file is located in the comms-express-svr-base/WEB-INF/config directory, where comm-express-svr-base is the directory where Communications Express was installed.
Save the file as ics.conf.
Restart Calendar Server.
cal-svr-base/SUNWics5/cal/sbin/start-cal
For instructions on configuring Communications Express, see theSun Java System Communications Express 6.3 Customization Guide .
Log in as an administrator with permission to change the configuration.
Stop Calendar Server services by issuing the stop-cal.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Edit the following parameters in the ics.conf to enable anonymous access:
Enables or disables allowing anonymous access users to write to public calendars. Enable access by setting the value to "yes", which is the default.
Enables users to have publicly writable calendars. This is enabled by default (set to "yes").
Enable anonymous access (login) by setting this parameter to "yes", if necessary. The default value is "yes".
For security purposes with anonymous logins enabled, you might want to disable searching through the LDAP first when doing calendar searches, by setting this parameter to "no", which is the default.
Communications Express expects the value of the service.calendarsearch.ldap parameter to be "no". This conflicts with instructions given for tuning your system for best performance in a DWP environment, (in which your database is distributed across multiple back-ends.) See 21.2 Improving Calendar Search Performance in a DWP Environment.
Save the file as ics.conf.
Restart Calendar Server.
cal-svr-base/SUNWics5/cal/sbin/start-cal
For instructions on configuring Communications Express, see theSun Java System Communications Express 6.3 Administration Guide.
This section contains the following topics:
Log in as an administrator with permission to change the configuration.
Stop Calendar Server services by issuing the stop-cal.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Edit one or more of the parameters as shown in the following table:
Specifies the default access control permissions used when a user creates a calendar. The format is specified by a semicolon-separated list of access control entry (ACE) argument strings. The default is:
"@@o^a^r^g;@@o^c^wdeic^g; @^a^fs^g;@^c^^g;@^p^r^g"
For more information on the ACE format, see 15.4 Calendar Access Control Calendar Server utilities, see D.5 cscal.
Specifies the default access control settings for owners of a calendar. The default is: "@@o^a^rsf^g;@@o^c^wdeic^g"
Specifies whether a user's default calendar is included in user's free/busy calendar list. The default is “yes”.
Specifies whether a user's default calendar can be removed from user's free/busy calendar list. The default is “no”.
Specifies a URL to use to search for a calendar in a different database. This is only used while migrating calendar databases. During the time that calendars are split between two different databases, you can specify a URL other than the current Calendar Server database. The system searches the Calendar Server calendar database first and if it can’t find the user, checks to see if the redirect URL is available. This feature can be turned off by passing in the noredirect parameter set to 1 with the get_freebusy command.
Specifies whether a user's default calendar is included in the user's subscribed calendar list. The default is “yes”.
If "yes", default user calendars are initially set to public read/private write. If no, default user calendars are initially set to private read/private write. The default is “no”.
Determines if a user calendar can have more than one event scheduled for the same time period:
"no" prevents double booking.
"yes" allows double booking, and is the default.
This parameter is used only when a user calendar is created. Thereafter, Calendar Server checks the calendar properties file (ics50calprops.db) to determine if double booking is allowed.
To change the value of the double booking calendar property, use cscal with the -k option.
Determines if user calendar should be auto-created if the user receives an invitation but has no default calendar. The default is the enable this option ("yes").
Save the file as ics.conf.
Restart Calendar Server.
cal-svr-base/SUNWics5/cal/sbin/start-cal
Log in as an administrator with permission to change the configuration.
Stop Calendar Server services by issuing the stop-cal.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Edit one or more of the parameters as shown in the following table:
Determines if a calendar that belongs to a resource (such as a conference room or audio visual equipment) can have more than one event scheduled for the same time slot when the calendar is created:
"no" prevents double booking, and is the default.
"yes" allows double booking.
This parameter is used only when a resource calendar is created.
After a resource calendar is created, Calendar Server checks the calendar properties (ics50calprops.db) to determine if double booking is allowed.
If you need to change the calendar properties for a resource calendar to allow or disallow double booking, use csresource with the -k option.
Specifies the default access control permissions used when a resource calendar is created. The default is:
"@@o^a^r^g;@@o^c^wdeic^g; @^a^rsf^g"
When invitations are sent to resources should they be automatically marked as accepted? The default is "yes".
When a resource is invited to an event, if it has no existing calendar, should it be autoprovisioned?
The default is "yes".
Save the file as ics.conf.
Restart Calendar Server.
cal-svr-base/SUNWics5/cal/sbin/start-cal
A group calendar can be scheduled with events similar to a user calendar. However, a user should not log into a group calendar. To view a group calendar, the user should subscribe to it. To configure a group calendar, edit the ics.conf file as shown in the steps that follow.
Log in as an administrator with permission to change the configuration.
Stop Calendar Server services by issuing the stop-cal.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Edit one or more of the parameters as shown in the following table:
Specifies whether the group calendar can be double booked. The default is yes.
Specifies the default ACL for group calendars:
"@@o^a^r^g;@@o^c^wdeic^g;@^a^rsf^g"
Specifies whether autoprovisioning is enabled or disabled. The default is "yes" (enabled).
Specifies whether a group invitation will automatically have PARTSTAT=ACCEPTED.
Determines if a group should be expanded for invitations.
If “yes”, the list will be expanded if it meets the constraints of the calstore.group.attendee.maxsize parameter. If the expansion fails, or this parameter is set to "no", only the group name shows up on the attendee list and no RSVP is required.
Specifies whether groups can be expanded. A value of "0" means no expansion limits. A group of any size can be expanded.
If expansion is allowed, but not unlimited. The value of the parameter indicates the maximum number of attendees allowed in an expanded group. If the number in the group exceeds the maximum size, then the group is not expanded.
A value of "-1" means no expansion allowed.
If expansion is not allowed because it exceeds the maximum size, only the group name appears in the attendee list and an error is returned to the organizer.
Save the file as ics.conf.
Restart Calendar Server.
cal-svr-base/SUNWics5/cal/sbin/start-cal
For instructions on configuring groups, see To Configure Calendar Server for Groups.
Autoprovisioning of user , resource and group calendars is enabled by default. That is, if a user attempting to log in does not yet have a default calendar, the system creates a user calendar with default settings.
If a user, resource or a group is invited to an event, but it does not yet have a default calendar, the system creates a resource or group calendar with default settings.
If you want to disable any of these calendars from being autoprovisioned, change the appropriate parameter in the ics.conf file as shown in the steps that follow.
Log in as an administrator with permission to change the configuration.
Stop Calendar Server services by issuing the stop-cal.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Disable autoprovisioning of user, resource and group calendars by editing the following parameters:
Specifies whether autoprovisioning of user calendars is enabled (“yes”), or disabled (“no”). The default is “yes”.
Specifies whether autoprovisioning of resource calendars is enabled (“yes”), or disabled (“no”). The default is “yes”.
Specifies whether autoprovisioning of group calendars is enabled (“yes”), or disabled (“no”). The default is “yes”.
Specifies whether auto-inviting of user calendars is enabled (“yes”), or disabled (“no”). The default is “yes”.
Save the file as ics.conf.
Restart Calendar Server.
cal-svr-base/SUNWics5/cal/sbin/start-cal
The free-busy view is used for several purposes. There are a number of ics.conf parameters that can be set to customize how the free-busy view is generated.
Log in as an administrator with permission to change the configuration.
Stop Calendar Server services by issuing the stop-cal.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Edit one or more of the following ics.conf parameters shown in the following table:
Specifies the offset from the current time in days for get_freebusy for beginning of the range. The default is "30".
Specifies the offset from the current time in days for get_freebusy for end of the range. The default is "30".
Specifies whether a user's default calendar is included in user's free/busy calendar list. The default is "yes".
Specifies whether a user's default calendar can be removed from user's free/busy calendar list. The default is "no".
Save the file as ics.conf.
Restart Calendar Server.
cal-svr-base/SUNWics5/cal/sbin/start-cal
This section contains instructions on configuring LDAP users, groups and resources.
This section includes the following topics:
Log in as an administrator with permission to change the configuration.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Edit one or more of the following ics.conf parameters shown in the following table:
The attribute used to specify which groups a user, group, or resource is a member of, for ACL evaluation. The default is "aclgroupaddr". (This is used to calculate dynamic groups.)
If "yes", allow users to change their passwords. The default is "no".
If "yes", allow users to have publicly writable calendars. The default is "yes".
Specifies whether a user's default calendar can be removed from the user's subscribed calendar list. The default is "no".
If "yes", allow calendars to be created by users who do not have administrative privileges. The default is "yes".
If "yes", allow calendars to be deleted by users who do not have administrative privileges, but do have delete permission for that calendar. The default is "yes".
Save the file as ics.conf.
Restart Calendar Server.
cal-svr-base/SUNWics5/cal/sbin/start-cal
Log in as an administrator with permission to change the configuration.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Edit one or more of the following ics.conf parameters shown in the following table:
If "yes", allow set_userprefs to modify the user preference "cn" (LDAP user's common name). The default is “no”.
If "yes", allow set_userprefs to modify the user preference "givenname" (LDAP user's given name). The default is “no”.
If "yes", allow set_userprefs to modify the user preference “icsCalendar" (a user's default calendar identifier). The default is “no”.
If "yes", allow set_userprefs to modify the user preference "mail" (user's email address). The default is “no”.
If "yes", allow set_userprefs to modify the user preference "preferredlanguage" (LDAP user's preferred language). The default is “no”.
If "yes", allow set_userprefs to modify the user preference "sn" (LDAP user's surname). The default is “no”.
If "yes", enables LDAP proxy authorization for get_userprefs. If "no", anonymous LDAP search is performed. The default is “no”.
Save the file as ics.conf.
Restart Calendar Server.
cal-svr-base/SUNWics5/cal/sbin/start-cal
Calendar Server supports LDAP groups, which are a named collection of users. The group membership can be static, or dynamically created. Groups can be nested. Groups have a groupid that is analogous to a uid for a user. Groups also have a mail address.
In addition, groups can have a default calendar with a group calid that should correspond to the groupid, with the addition of the domain, for instance groupid@sesta.com. Group calendars do not have user interface preferences stored in the preferences database. Instead, the LDAP entry contains an icsDefaultacl attribute that is used in group creation.
A group is defined in the LDAP entry as an instance of icsCalendarGroup. For information on the other attributes available for group calendars, see the Sun Java System Communications Services 6 2005Q4 Schema Reference.
Log in as an administrator with permission to change the configuration.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Edit one or more of the following ics.conf parameters shown in the following table:
Owner attribute to use for groups and resources. The default is "owner".
Secondary owners attribute for groups and resources. The default is "icsSecondaryowners".
The attribute used to store the unique group identifier. The default is "groupid".
The attribute used to store the default ACL given to each group calendar at autoprovisioning. The default is "icsDefaultacl".
The attribute used to specify whether doublebooking of group calendars is permitted. This is the attribute used when a default group calendar is auto-created. The default is "icsDoublebooking".
The attribute used to specify whether invitations to group calendars are automatically accepted. This is the attribute used when a default group calendar is auto-created. The default is "icsAutoaccept".
The attribute used to specify the time zone for an auto-created group calendar. The default is "icsTimezone".
The attribute used to specify which groups a user, group, or resource is a member of, for ACL evaluation. The default is "aclgroupaddr". (For groups, this would be for nested groups.)
Save the file as ics.conf.
Restart Calendar Server.
cal-svr-base/SUNWics5/cal/sbin/start-cal
If you plan to have calendars for groups, you need to configure group calendars. See To Configure Group Calendars.
If you are using groups, you should set the following domain level preferences in the group LDAP entry:
icsAllowRights — Set bit 15 to indicate your domain-level preference for group calendar doublebooking.
icsExtendedDomainPrefs — Set the groupdefaultacl property to determine the default ACL for group calendars in the domain.
For information on how to configure Calendar Server domains for groups, see 11.1 Configuring Domain Preferences for Groups in Calendar Server Version 6.3.
This section contains procedures for customizing server-side configuration by editing the ics.conf file.
This section contains the following topics:
The calendar store is configured by default as shown in The following table. If you wish to reconfigure the store, perform the following steps:
Log in as an administrator with permission to change the configuration.
Stop Calendar Server services using stop-cal.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Edit one or more of the parameters in the following table:
Parameter |
Description and Default Value |
---|---|
calstore.calendar.create.lowercase |
Specifies whether Calendar Server should convert a calendar ID (calid) to lowercase when creating a new calendar or when looking up a calendar using the LDAP CLD plug-in. The default is "no". |
calstore.default.timezoneID |
Time zone ID to be used when importing files, and no other time zone ID's can be found for any of the following: an event, a calendar, a user. The default is "America/New_York" An invalid value causes the server to use the GMT (Greenwich Mean Time) time zone. |
calstore.filterprivateevents |
Specifies whether Calendar Server filters (recognizes) Private and Confidential (Time-and-Date-Only) events and tasks.If "no", Calendar Server treats them the same as Public events and tasks. The default is "yes". |
calstore.group.attendee.maxsize |
Maximum number of members allowed when expanding a group. The default value, "0" means to expand the group without regard to size. A value of -1 means no expansion of groups. |
calstore.recurrence.bound |
Maximum number of events that can be created by a recurrence expansion. The default is "60". |
calstore.userlookup.maxsize |
Maximum number of results returned from LDAP lookup from user search. Value of "0" means no limit. The default is "200". |
calstore.unqualifiedattendee.fmt1.type |
Specifies how Calendar Server treats strings, such as jdoe or jdoe:tv, when performing a directory lookup for attendees of an event. Allowable values are: uid, cn, gid, res, mailto, cap. The default is "uid". |
calstore.unqualifiedattendee.fmt2.type |
Specifies how Calendar Server treats strings with an at sign (@), such as jdoe@sesta.com, when performing a directory lookup for attendees of an event. Allowable values are: uid, cn, gid, res, mailto, cap. The default is "mailto". |
calstore.unqualifiedattendee.fmt3.type |
Specifies how Calendar Server treats strings with a space, such as john doe, when performing a directory lookup for attendees of an event. Allowable values are: uid, cn, gid, res, cap. The default is "cn". |
If "yes", the server must validate that each owner of a calendar exists in the LDAP directory. The default is "no". |
|
service.wcap.freebusy.redirecturl |
If the requested calendar can’t be found in the local calendar database, alternately, a URL found in this parameter can be used to redirect the search to another database. This is specifically used for scripts created when migrating between two databases and both are still being used. Then the get_freebusy.wcap command can be used to specify whether to look in the other database. See the get_freebusy command description in the Sun Java System Calendar Server 6.3 WCAP Developer’s Guide. |
store.partition.primary.path |
Location of primary disk partition where calendar information is stored. The default is "/var/opt/SUNWics5/csdb". |
Save the file as ics.conf.
Restart Calendar Server.
cal-svr-base/SUNWics5/cal/sbin/start-cal
Log in as an administrator with permission to change the configuration.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Edit one or more of the parameters shown in the following table:
Parameter |
Description and Default Value |
---|---|
logfile.admin.logname |
This log file contains history of the administrative tool commands issued. The default is "admin.log". |
logfile.buffersize |
Size in bytes for log buffers. The default is "0". Specify the size of each entry in the log files. If your buffers fill up too fast, consider making them larger. |
logfile.dwp.logname |
Name of the log file for logging Database Wire Protocol related administrative tools. The default is "dwp.log". Specify one per front-end server. |
logfile.expirytime |
Number of seconds before the log files expire. The default is "604800". After this time, a cleanup routine will purge the log. If you want to archive the log, you must write your own routine. |
logfile.flushinterval |
Number of seconds between the flushing of buffers to log files. the default is "60". If your system experiences a high volume of log information and your buffers fill up before 60 seconds, you will lose information. In that case consider decreasing this time interval. Note that decreasing the time interval increases system overhead. |
logfile.http.logname |
Name of the current log file for the cshttpd service. The default is "http.log". |
logfile.http.access.logname |
Name of the current HTTP access log file. |
logfile.logdir |
Directory location of the log files. The default is "/var/opt/SUNWics5/logs". |
logfile.loglevel |
Determines the level of detail the server will log. Each log entry is assigned one of these levels (starting with the most severe): CRITICAL, ALERT, ERROR, WARNING, NOTICE, INFORMATION, and DEBUG. The default is “NOTICE”. If you set to CRITICAL, Calendar Server logs the least amount of detail. If you want the server to log the most amount of detail, specify DEBUG. Each succeeding log level also gives you all the more severe log levels before it. For example, if set to WARNING, only CRITICAL, ERROR, and WARNING level log entries are logged. If set to DEBUG, all levels are logged. |
logfile.maxlogfiles |
Maximum number of log files in the log directory. The default is "10". Before the system tries to create the 11th log, it runs the clean up routine to purge old log files. |
logfile.maxlogfilesize |
Maximum disk space in bytes for all log files. The default is "2097152". When creating the next log file will violate this limit, the system tries to free disk space by deleting the oldest logs. |
logfile.minfreediskspace |
Minimum free disk space (in bytes) that must be available for logging. When this value is reached, Calendar Server attempts to free disk space by expiring old log files. Logging is paused if space cannot be freed up. The default is "5242880". |
logfile.notify.logname |
Name of the log file for the csnotifyd service. The default is "notify.log". |
logfile.rollovertime |
Number of seconds before the log files are rotated. That is, the time interval between creation opening of new log files. The default is "86400". |
logfile.store.logname |
Name of the log file for the calendar store. The default is "store.log". |
Save the file as ics.conf.
Restart Calendar Server.
cal-svr-base/SUNWics5/cal/sbin/start-cal
To configure transaction logging for the calendar database, see Chapter 9, Configuring Automatic Backups (csstored).
You do not have to configure the delete log (for deleted events and tasks). See Chapter 18, Administering the Delete Log Database.
Log in as an administrator with permission to change the configuration.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Edit one or more of the following ics.conf parameters as shown in following table:
Save the file as ics.conf.
Restart Calendar Server.
cal-svr-base/SUNWics5/cal/sbin/start-cal
Three types of email notifications can be enabled:
Send email notifications to attendees who are invited to an event.
Send email notifications to attendees when an event is cancelled.
Send email notifications to organizers when attendees reply.
Log in as an administrator with permission to change the configuration.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Edit one or more of the following ics.conf parameters as shown in following table:
Parameter |
Description and Default Value |
---|---|
ine.invitation.enable |
"yes"- (Default) To send notifications of invitations to attendees. "no"- Do not send email notifications of invitations to attendees. |
ine.cancellation.enable |
"yes"- (Default) To send notifications of event cancellations to attendees. "no"- Do not send notifications of cancellation to attendees. |
ine.reply.enable |
"yes"- (Default) To send organizers notifications of attendees' replies to invitations. "no"- Do not send organizers notifications of replies. |
Save the file as ics.conf.
Restart Calendar Server.
cal-svr-base/SUNWics5/cal/sbin/start-cal
For more information about configuring notifications, see E.4.1 Calendar Server Email Notifications Configuration Parameters and Format Files.
This section contains instructions for configuring logins and authentication.
This section contains the following topics:
Proxy logins must be configured for Communications Express. For instructions on how to configure proxy logins for Communications Express, see4.1 Configuring for Communications Express.
To allow administrator proxy logins for Calendar Server outside Communications Express, perform these steps:
Log in as an administrator with permission to change the configuration.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Edit the parameter that follows:
Specifies whether administrators are allowed to perform proxy logins to administer user calendars. If "yes", proxy logins are allowed. If "no" proxy logins are not allowed. The default value is "yes".
Restart Calendar Server for the new value to take effect.
Verify that administrator proxy logins are working by using the following WCAP command:
http://server[:port]/login.wcap? user=admin-user&password=admin-password &proxyauth=calendar-user&fmt-out=text/html |
The following list contains an explanation of each variable in the previous example:
server is the name of the server where Calendar Server is running.
port is the Calendar Server port number. The default port is 80.
admin-user is the Calendar Server administrator. For example, calmaster.
admin-password is the password for admin-user.
calendar-user is the calid of the Calendar Server user.
fmt-out is the specification for output format of the content. For example, text or HTML.
If the command is successful, Calendar Server displays the calendar for calendar-user. If problems occur, Calendar Server displays “Unauthorized”.
Causes for error might be:
The admin-user does not have Calendar Server administrator privileges.
The admin-password is incorrect.
The calendar-user is not a valid Calendar Server user.
Log in as an administrator with permission to change the configuration.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Edit one or more of the parameters shown in the following table:
Parameter |
Description/Default |
---|---|
Base DN for LDAP authentication. If not specified, local.ugldapbasedn is used. |
|
Host for LDAP authentication. If not specified, uses the value of local.ugldaphost. The default is "localhost". |
|
Bind credentials (password) for user specified in local.authldapbinddn. |
|
DN used to bind to LDAP authentication host to search for user's dn. If not specified or blank (" "), its assumed to be an anonymous bind. |
|
Port for LDAP authentication. If not specified, uses the value of local.ugldapport. The default is "389". |
|
Minimum number of LDAP client connections that are maintained for LDAP authentication. If not specified, uses the value of local.ugldappoolsize. The default is "1". |
|
Maximum number of LDAP client connections that are maintained for LDAP authentication. If not specified, uses the value of local.ugldapmaxpool. The default is "1024". |
|
Specifies the authentication filter used for user lookup. The default is "(uid=%U)" This value is stored in the inetDomainSearchFilter attribute in the domain entry. It is possible to filter on a different attribute. For example, you could set this parameter to "(mail=%U)" The uid of the authenticated user is passed on to all other functions as the identity for that user, regardless of the attribute used for authentication. |
|
Number of seconds to delay after successfully authenticating a user with plain text passwords. The default is "0". |
Log in as an administrator with permission to change the configuration.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Edit one or more of the parameters as shown in The following table:
Maximum number of authenticated user ID's (uids) and passwords that Calendar Server will maintain in the cache. The default is “10000”.
Number of seconds since the last access before a uid and password are removed from the cache. The default is “900”.
Save the file as ics.conf.
Restart Calendar Server.
cal-svr-base/SUNWics5/cal/sbin/start-cal
Log in as an administrator with permission to change the configuration.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Edit the following parameter as shown in the following table:
If "yes", when HTTP access is allowed, checks the client IP address against DNS. The default is “no”.
Save the file as ics.conf.
Restart Calendar Server.
cal-svr-base/SUNWics5/cal/sbin/start-cal
This section contains instructions on how to configure calendar services (daemons).
This section contains the following topics:
To Configure the Watcher Process for Calendar Server Version 6.3
To Configure HTTP Services (cshttpd) for Calendar Server Version 6.3
To Configure Alarm Notification for Calendar Server Version 6.3
See also, Chapter 9, Configuring Automatic Backups (csstored).
The start-cal and stop-cal commands are wrapper scripts that allow ease of starting and stopping Calendar Server. The utility is defined in Appendix D, Calendar Server Command-Line Utilities Reference.
Log in as an administrator with permission to change the configuration.
Stop Calendar Server services by issuing the stop-cal command.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Edit one or more of the parameters as shown in the following table:
Parameter |
Description and Default Value |
---|---|
Runtime user identifier (uid). The default is "icsuser". This is the user identifier to use when super-user privileges are not needed. |
|
Runtime group identifier (gid). The default is "icsgroup". This is the group identifier to use when super-user privileges are not needed. |
|
If this parameter is set to "yes", if a service that is connected to the watcher dies without properly disconnecting, it is automatically restarted. |
|
Defines the auto-restart timeout interval. To avoid infinite restart attempts on auto-start, if a service dies twice in a specific interval, it will not be restarted. The default setting is 10 minutes. |
Save the file as ics.conf.
Restart Calendar Server.
cal-svr-base/SUNWics5/cal/sbin/start-cal
The watcher process, watcher, monitors failed socket connections. It is used with both Calendar Server and Messaging Server. To set the Calendar Server parameters to configure Watcher, perform the following steps:
Log in as an administrator with permission to change the configuration.
Stop Calendar Server services by issuing the stop-cal command.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Edit one or more of the parameters as shown in the following table:
Parameter |
Description and Default Value |
---|---|
If this parameter is set to "yes", the start program attempts to start the watcher before any other services. And daemons will connect to it through a socket connection. The default is "no", but the configuration program changes it to "yes". |
|
This is the port on which the watcher listens. Messaging Server uses port 49994. A different port should be used for Calendar Server, for example 49995. |
|
The configuration file for watcher. If the path is relative, it is relative to the config directory. The default is watcher.cnf. |
|
service.autorestart |
If set to "yes", the watcher automatically restarts any registered service that dies without properly disconnecting. If the service dies twice in 10 minutes, watcher will not restart it. |
Save the file as ics.conf.
Restart Calendar Server.
cal-svr-base/SUNWics5/cal/sbin/start-cal
For more information about the Watcher process, see Sun Java System Messaging Server 6.3 Administration Guide. Both Chapter 4 and Chapter 23 have information.
If Watcher is enabled, each service the Watcher is monitoring must be registered with the Watcher process. This is done automatically and internally by Calendar Server daemons. Alternatively, the daemons create a pid files in the cal-svr-base/data/proc directory that contain the process ID of each service and its status, either "init", or "ready".
Log in as an administrator with permission to change the configuration.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Edit one or more of the parameters as shown in the following table:
Parameter |
Description and Default Value |
---|---|
If "yes", start the csadmind database checkpoint thread. If "no", no checkpoint log files created. The default is "yes". |
|
Maximum cache size (in bytes) for Berkeley Database for administration sessions. The default is "8388608". |
|
If "yes", start the csadmind database deadlock detection thread. The default is "yes". |
|
If "yes", start the csadmind low disk space monitor thread. The default is "no". Disk usage is not monitored by default. |
|
If "yes", start the csadmind service when starting all services and stop csadmind when stopping all services. The default is “yes”. |
|
Maximum number of running threads per administration session. The default is “10”. |
|
Number of seconds before timing out an administration connection. The default is “900”. |
|
If "yes", start the csadmind service response thread. The default is “no”. |
|
Temporary directory for administration session requests. No default. |
|
Number of seconds before timing out an HTTP session in csadmind. The default is “1800”. |
|
Number of seconds to wait between checking for started, stopped, or ready calendar service. The default is “2”. |
|
Number of seconds to wait for any calendar service to start. The default is “300”. |
|
Number of seconds to wait for any calendar service to stop. The default is “300”. |
|
Number of seconds to wait between sending stop commands to any calendar service. The default is “60”. |
Save the file as ics.conf.
Restart Calendar Server.
cal-svr-base/SUNWics5/cal/sbin/start-cal
Log in as an administrator with permission to change the configuration.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Edit one or more of the parameters as shown in the following table:
Parameter |
Description and Default Value |
---|---|
Space separated list of user ID's with administration rights to this Calendar Server. The default is "calmaster". |
|
If "yes", allow login via proxy, which is the default. |
|
If "yes", allow anonymous (no authentication) access. This is a special type of login that is allowed only specified, restricted access (usually read only access to public calendars). The default is "yes". |
|
HTTP host for retrieving HTML documents. To enable users to use a fully qualified host name to access calendar data, this value must be the fully qualified host name (including the machine name, DNS domain and suffix) of the machine on which Calendar Server is running, such as mycal@sesta.com. If not specified, the local HTTP host is used. |
|
service.http.commandlog |
This parameter is for debugging only. If set to "yes", the system logs all incoming commands into the http.commands log file. Do not use this during production runtime. It will fill up the log file very quickly and could cause performance degradation. |
service.http.commandlog.all |
This parameter is for debugging only. If set to "yes", the system logs all HTTP requests into the http.access log file. Do not use this during production runtime. It will fill up the log file very quickly and could cause performance degradation. |
Tells the server to whether or to support cookies (yes/no). It must be set to "yes" to enable single sign-on. The default is "yes". |
|
Maximum cache size of Berkeley database for HTTP sessions. The default is "8388308". |
|
If specified and not blank (" "), filter to allow access based on TCP domains. For example, "ALL: LOCAL.sesta.com" would allow local HTTP access to anyone in the sesta.com domain. Multiple filters are separated by CR-LF (line feed). The default is blank (""). |
|
If specified and not blank (" "), filter to not allow access based on TCP domains. For example, "ALL: LOCAL.sesta.com" would deny HTTP access to anyone in the sesta.com domain. Multiple filters must be separated by CR-LF (line-feed). The default is blank (" "). |
|
Directory location relative to local.queuedir (or an absolute path if specified) where imported files are temporarily stored. The default is the current directory ("."). |
|
If "yes", all requests that reference an existing session are verified as originating from the same IP address. The default is “yes”. |
|
If "yes", start the cshttpd service when starting all services and stop cshttpd when stopping all services. The default is “yes”. Caution – Disabling the HTTP service with this parameter will also disable HTTPS. |
|
Number of seconds before timing out an HTTP connection. The default is “120”. |
|
Specifies the TCP address that HTTP services will listen on for client requests. The default is "INADDR_ANY", which indicates any address. |
|
If "yes", HTTP connections to server are fully logged. The default is “no”. |
|
Maximum number of HTTP sessions in cshttpd service. The default is “5000”. |
|
Maximum number of threads to service HTTP requests in cshttpd service. The default is “20”. |
|
Maximum number of concurrently running HTTP service (cshttpd) processes that should run on a server. The default is “1”. For a server that has multiple CPU's, see 21.8 Using Load Balancing Across Multiple CPU's. |
|
Port for HTTP requests from Calendar Server users. The default is “80”. |
|
If specified and not "", filter for allowing proxy login based on TCP domains. Same syntax as service.http.domainallowed. The default is "". |
|
Number of seconds before timing out an HTTP session. The default is “900”. |
|
Directory for the HTTP session database. The default is “http”. |
|
Number of seconds before timing out an HTTP session in cshttpd service. The default is “1800”. |
|
Directory relative to executable where all URL references to files are stored. The default is "" (null). |
|
service.http.tmpdir |
Temporary directory for HTTP sessions. The default is “/var/opt/SUNWics5/tmp”. |
Save the file as ics.conf.
Restart Calendar Server.
cal-svr-base/SUNWics5/cal/sbin/start-cal
Log in as an administrator with permission to change the configuration.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Edit one or more of the following ics.conf parameters as shown in the following table:
Save the file as ics.conf.
Restart Calendar Server.
cal-svr-base/SUNWics5/cal/sbin/start-cal
You can configure the Calendar Server to periodically check for deadlocks in the Berkeley databases.
It is possible for the Berkeley databases to get into a deadlocked state, thus preventing access to them. To detect this state as early as possible, enable periodic checking for deadlocks.
Log in as an administrator with permission to change the configuration.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Edit the parameter shown in the following table:
Periodically checks if the Berkeley database is in a deadlock state and, if so, instructs the database to reset. The default value is “no” (not enabled).
Save the file as ics.conf.
Restart Calendar Server.
cal-svr-base/SUNWics5/cal/sbin/start-cal
For information about how to reset Berkeley databases once deadlocked, see 22.5.2 Detecting Database Corruption22.5.1.2 List of Available Tools in the Troubleshooting chapter.
This section contains instructions for configuring Calendar Server for LDAP.
This section contains the following topics:
To Configure Anonymous Access to LDAP for Calendar Server Version 6.3
To Configure LDAP Attendee Lookup for Calendar Server Version 6.3
To Configure Search Filters for LDAP Attendee Lookup for Calendar Server Version 6.3
To Configure LDAP Resource Lookup for Calendar Server Version 6.3
To Configure LDAP Mail-to-Calid Lookup for Calendar Server Version 6.3
To Configure the User Preferences LDAP Directory for Calendar Server Version 6.3
To Configure User Preferences for Calendar Server Version 6.3
To Enable and Configure the LDAP Data Cache for Calendar Server Version 6.3
To Enable and Configure the LDAP SDK Cache for Calendar Server Version 6.3
To Set the Date Range for Free Busy Searches for Calendar Server Version 6.3
To Enable Wildcard LDAP Searches of Calendar Properties for Calendar Server Version 6.3
In general, anonymous access is allowed by default. If you want to restrict anonymous access, change the appropriate parameters.
Log in as an administrator with permission to change the configuration.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Edit one or more of the parameters in the following:
Parameter |
Description/Default |
---|---|
calstore.anonymous.calid |
Specifies the anonymous login calendar identifier (calid). The default is "anonymous". |
service.http.allowanonymouslogin |
Specifies whether or not anonymous access is allowed without a login. The default is “yes”. (Allows recipient of emailed calendar URL to access a free-busy version of the calendar without login in.) |
service.wcap.anonymous. allowpubliccalendarwrite |
Specifies whether or not to allow anonymous users to write to a publicly writable calendar. The default is “yes”. |
service.wcap.userprefs.ldapproxyauth |
Enables anonymous search of the LDAP used for user preferences. The default is “no”, which allows anonymous access. Specifying “yes” means using proxy authentication to do the search. |
Save the file as ics.conf.
Restart Calendar Server.
cal-svr-base/SUNWics5/cal/sbin/start-cal
Log in as an administrator with permission to change the configuration.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Edit one or more of the parameters in the following table:
Parameter |
Description/Default |
---|---|
minwildcardsize |
Specifies the minimum string size for wildcard searches in an attendee lookup search. Zero (0) means always do a wildcard search. |
sasl.default.ldap.searchfilter |
Specifies the authentication filter for user lookup. The default is: "(uid=%s)" |
local.lookupldapbasedn |
Specifies the DN for LDAP attendee lookup. If not specified, uses local.ugldapbsedn. No default value. |
local.lookupldapbinddn |
Specifies the DN to bind to the host used for LDAP attendee lookup. If not specified (default is ““), anonymous bind assumed. |
local.lookupldapbindcred |
Credentials (password) for user identified in local.lookupldapbinddn. No default value. |
local.lookupldaphost |
The host name for LDAP attendee lookup. If not specified, uses local.ugldaphost. |
local.lookupldapmaxpool |
Specifies the number of LDAP client connections maintained for LDAP attendee lookup. If not specified, uses local.ugldapmaxpool. The default is “1024”. |
local.lookupldappoolsize |
Specifies the minimum number of LDAP client connections maintained for LDAP attendee lookup. If not specified, uses local.ugldappoolsize. The default is “1”. |
local.lookupldapport |
Specifies the port to use for LDAP attendee lookup. If not specified, uses local.ugldapport. |
local.lookupldapsearchattr.calid |
Specifies the calid attribute for attendee lookup. The default is icsCalendar. |
local.lookupldapsearchattr.mail |
Specifies the mail attribute for attendee lookup. The default is mail. |
local.lookupldapsearchattr. mailalternateaddress |
Specifies the alternate mail address attribute for attendee lookup. The default is mailalternateaddress. |
local.lookupldapsearchattr. mailequivalentaddres |
Specifies the equivalent address mail attribute for attendee lookup. The default is mailequivalentaddress. |
local.lookupldapsearchattr. calendar |
Specifies the calendar attribute for attendee lookup. The default is icsCalendar. |
local.lookupldapsearchattr.cn |
Specifies the common name attribute for attendee lookup. The default is cn. |
local.lookupldapsearchattr. objectclass |
Specifies the object class attribute for attendee lookup. The default is objectclass. |
local.lookupldapsearchattr. objectclass.caluser |
Specifies the object class for calendar users. The default is icsCalendarUser. |
local.lookupldapsearchattr. objectclass.calresource |
Specifies the object class for calendar resources. The default is icsCalendarResource. |
local.lookupldapsearchattr. objectclass.group |
Specifies the object class for groups. The default is icsCalendarGroup. |
local.lookupldapsearchattr. objectclass.person |
Specifies the object class for persons. The default is person. |
local.lookupldapsearchattr. memberurl |
Specifies the member URL attribute for attendee lookup. The default is memberurl. |
local.lookupldapsearchattr. uniquemember |
Specifies the unique member attribute for attendee lookup. The default is uniquemember. |
local.lookupldapsearchattr. givenname |
Specifies the given name attribute for attendee lookup. The default is givenname. |
local.lookupldapsearchattr.sn |
Specifies the screen name attribute for attendee lookup. The default is sn. |
Name of the default domain used to lookup an attendee’s calendar ID that corresponds to an email address. For example, jsmith resolves to jsmith@sesta.com if the value for this setting is "sesta.com". |
Save the file as ics.conf.
Restart Calendar Server.
cal-svr-base/SUNWics5/cal/sbin/start-cal
Log in as an administrator with permission to change the configuration.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Edit one or more of the parameters in the following table:
In all the parameter descriptions that follow, %s allows only a single attendee.
Save the file as ics.conf.
Restart Calendar Server.
cal-svr-base/SUNWics5/cal/sbin/start-cal
Log in as an administrator with permission to change the configuration.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Edit the parameter shown in the following table:
Whether to use the User/Group LDAP server for resource lookup, or the Lookup server.
“yes” – Use the User/Group LDAP server.
“no” – Use the Lookup server. The default is “no”.
Save the file as ics.conf.
Restart Calendar Server.
cal-svr-base/SUNWics5/cal/sbin/start-cal
Log in as an administrator with permission to change the configuration.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Edit one or more of the parameters in the following table:
Parameter |
Description/Default |
---|---|
local.lookupldap.mailtocalid.search |
Specifies the mail attributes to use for mail-to-calid lookup. The default is "(|(mail=%s)(mailalternateaddress=%s))” You can substitute the attribute mailequivalentaddress in place of mailalternateaddress. |
local.ugldapbasedn |
Specifies the base DN for mail-to-calid lookup. |
local.authldapbinddn |
Specifies the DN to bind to the host used for mail-to-calid lookup. If not specified (default is ""), anonymous bind assumed. |
local.authldapbindcred |
Specifies the password for the DN specified in local.authldapbinddn. No default. |
local.ugldaphost |
Specifies the LDAP host used for mail -to-calid lookup. |
local.ugldapmaxpool |
Specifies the maximum number of client connections maintained for mail-to-calid lookup. The default is “1024”. |
local.ugldappoolsize |
Specifies the minimum number of client connections to maintain for mail-to-calid lookup. The default is “1”. |
local.ugldapport |
Specifies the port for the LDAP mail-to-calid lookup. No default. |
Save the file as ics.conf.
Restart Calendar Server.
cal-svr-base/SUNWics5/cal/sbin/start-cal
Log in as an administrator with permission to change the configuration.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Edit one or more of the parameters in the following table:
Parameter |
Description/Default |
---|---|
Bind credentials (password) for LDAP user preferences authentication. No default. |
|
DN used to bind to LDAP user preferences host. Must be specified. If blank (" ") or not specified, assumes an anonymous bind. |
|
Minimum number of LDAP client connections that are maintained for LDAP user preferences. The default is “1”. |
|
Maximum number of LDAP client connections that are maintained for LDAP user preferences. The default is “1024”. |
|
service.wcap.userprefs.ldapproxyauth |
Enables anonymous search of the LDAP used for user preferences. The default is “no”, which allows anonymous access. Specifying “yes” means using proxy authentication to do the search. |
Save the file as ics.conf.
Restart Calendar Server.
cal-svr-base/SUNWics5/cal/sbin/start-cal
You can restrict the preferences users are allowed to set by removing them from the default list.
Log in as an administrator with permission to change the configuration.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Edit the list of user preferences in the parameter shown in the following table:
Parameter |
Default List of User Preferences |
Description |
---|---|---|
ugldapicsextendeduserprefs |
"ceColorSet, ceFontFace, ceFontSizeDelta, ceDateOrder, ceDateSeparator, ceClock, ceDayHead, ceDayTail, ceInterval, ceToolText, ceToolImage, ceDefaultAlarmStart, ceSingleCalendarTZID, ceAllCalendarTZIDs, ceDefaultAlarmEmail, ceNotifyEmail, ceNotifyEnable, ceDefaultView, ceExcludeSatSun, ceGroupInviteAll" |
User preference values are kept in LDAP. This parameter defines which user preferences are kept in LDAP in the icsExtendedUserPrefs attribute. |
Save the file as ics.conf.
Restart Calendar Server.
cal-svr-base/SUNWics5/cal/sbin/start-cal
For overview information about the LDAP Data Cache, see 1.7 LDAP Data Cache Option for Calendar Server Version 6.3.
Log in as an administrator with permission to change the configuration.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Enable the LDAP data cache by editing the parameter as shown in the following table:
Save the file as ics.conf.
Restart Calendar Server.
cal-svr-base/SUNWics5/cal/sbin/start-cal
For information about tuning the LDAP data cache, see 21.5 Improving Performance of the LDAP Data Cache.
If Calendar Server or the server where Calendar Server is running is not properly shut down, manually delete all files in the ldap_cache directory to avoid any database corruption that might cause problems during a subsequent restart.
The LDAP SDK cache is disabled by default.
Log in as an administrator with permission to change the configuration.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Editing one or more of the parameters as shown in the following table:
If "yes", enables LDAP SDK cache. The default is “no”.
If service.ldapmemcache is "yes", this parameter is used to set the maximum number of seconds that an item can be cached. If “0”, there is no limit to the amount of time that an item can be cached. The default is “30”.
If service.ldapmemcache is "yes", this parameter is used to set the maximum amount of memory in bytes that the cache will consume. If “0”, the cache has no size limit. The default is “131072”.
Save the file as ics.conf.
Restart Calendar Server.
cal-svr-base/SUNWics5/cal/sbin/start-cal
Log in as an administrator with permission to change the configuration.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Edit one or more of the following parameters as shown in the following table:
Specifies the offset from the current time in days for get_freebusy for beginning of the range. The default is “30”.
Specifies the offset from the current time in days for get_freebusy for end of the range. The default is “30”.
Save the file as ics.conf.
Restart Calendar Server.
cal-svr-base/SUNWics5/cal/sbin/start-cal
Log in as an administrator with permission to change the configuration.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Edit the parameter as shown in the following table:
The default search filter used for search_calprops searches for exact matches to the search string. To allow wildcard searches such that matches are found when the search string is merely contained within the property value, uncomment this parameter. This enables the system to use the following search filter:
"(&(|(uid=*%s*)(cn=*%s*)) (objectclass=icsCalendarUser))"
Enabling this search filter can negatively impact performance.
Save the file as ics.conf.
Restart Calendar Server.
cal-svr-base/SUNWics5/cal/sbin/start-cal
While it is possible to reset the root suffix for your LDAP organization tree (Schema version 2), or domain component tree (Schema version 1), this should be done with great care. It would be better to rerun the configuration program to do this.
Log in as an administrator with permission to change the configuration.
Change to the /etc/opt/SUNWics5/cal/config directory.
Save your old ics.conf file by copying and renaming it.
Edit one of the parameters as shown in the following table:
Root suffix of the DC tree in the directory. Required for multiple domain support using Schema version 1, and Schema version 2 compatibility mode (1.5). The default is "o=internet".
See also 10.2 Setting up a Multiple Domain Environment for Calendar Server Version 6.3 for the First Time.
Root suffix of the DIT (Organization Tree) for Schema version 2. No default value.
Save the file as ics.conf.
Restart Calendar Server:
cal-svr-base/SUNWics5/cal/sbin/start-cal