Sun Java System Instant Messaging 7 2005Q1 Administration Guide |
Chapter 4
Administering Instant Messaging ComponentsThis chapter explains how to administer the Instant Messaging components (server, multiplexor, Calendar agent, and watchdog) and perform other administrative tasks, such as changing configuration parameters and managing logging.
This chapter contains the following sections, which describe the various administrative tasks in Instant Messaging:
Administering End UsersThe administrative tasks in Instant Messaging are listed in the preceding section and are described throughout the rest of this chapter. Take note of the methods—as explained subsequently—for provisioning and managing end users.
Instant Messaging does not provide bulk user provisioning tools. You need to use a directory bulk provisioning tool for provisioning multiple Instant Messaging end users. By default, Instant Messaging does not provide specific commands to add, modify, or delete Instant Messaging end users. However, you can customize Instant Messenger to allow users to add themselves to the directory. See Registering New Users for information.
Likewise in an LDAP-only deployment, you cannot prevent an end user from using Instant Messenger. In an LDAP-only deployment, the only way to prevent end users from using Instant Messaging is to delete them from the directory. In a deployment using Sun Java System Access Manager policy attributes, you can prevent an end user from accessing Instant Messenger. If you deploy Instant Messaging with Access Manager, you should use the provisioning tools provided with Access Manager instead of allowing users to register themselves.
The administrator can manage Instant Messaging end users, using the Instant Messaging Administrator Access Control mechanism. For more information on Instant Messaging Administrator Access Control, see Overview of Privacy, Security, and Site Policies. If you are using Sun Java System Access Manager, then the Access Manager is used for provisioning Instant Messaging end users. For more information, see Sun Java System Communications Services Deployment Planning Guide.
Registering New UsersYou can customize Instant Messenger to allow new user registration. When a user registers, the Instant Messaging server uses the information provided during registration to perform an ldapadd operation to create a user entry in the directory.
To allow new user registration, you need to add an argument to the im.jnlp.template and im.html.template files, run the configure utility, then (if necessary) redeploy the resource files.
This section describes:
See Chapter 5, "Managing Instant Messenger" for more information about customizing resource files.
Customizing Instant Messenger to Allow New User Registration
When you customize the resource files to allow new user registration, a new button appears on the Login dialog box. Users click this button to access the New User Registration dialog box where they can register. When a user registers, their information is added to the LDAP directory.
To Customize Instant Messenger to Allow New User Registration
- Open the im.jnlp.template file in a text editor.
By default this file is stored in im_svr_base/html.
- Search for the line:
<application-desc main-class="com.iplanet.im.client.iIM">
- Add the following argument to the end of the section:
<argument>register=true</argument>
- Save and close the im.jnlp.template file.
- Repeat steps 1 through 4 for im.html.template.
- Run the configure utility, selecting the “Messenger Resources” component only when prompted for which components you want to configure. See Configuring Instant Messaging After Installing or Upgrading for instructions.
- If you are using Sun Java System Access Manager or Sun Java System Web Server, redeploy the resource files as described in Redeploying Resource Files.
- Launch Instant Messenger.
The I am a New User button should appear on the Login dialog box.
Registering New Users
Once you have added the new user registration argument to the im.jnlp and im.html files and redeployed the resource files users can register themselves.
To Register as a New User
- In a web browser, go to the Instant Messaging home page.
- Click Start or click Use Java Plug-in.
The Login dialog box appears, displaying the I am a New User button.
- Click I am a New User.
The New User Registration dialog box appears.
- Enter the information in the fields provided and click OK.
The information is stored in the directory.
Stopping, Starting, and Refreshing Instant Messaging ComponentsThe imadmin command enables you to:
- Start and stop all Instant Messaging components (server, multiplexor, watchdog, and Calendar agent).
- Start and stop an individual Instant Messaging component.
- Refresh all Instant Messaging component configurations.
- Refresh an individual Instant Messaging component.
- Check the status of the Instant Messaging components.
The imadmin command-line utility can be executed only by root or a user who has administration rights to the system(s) on which the Instant Messaging server and multiplexor are running. This end user is typically the identity that the server runs as, and is designated during installation:
The imadmin command-line utility is located in the following directory:
im_svr_base/sbin
Starting the Instant Messaging server enables Instant Messenger to connect to it. Stopping the Instant Messaging server closes all connections and disconnects all Instant Messenger clients.
To Start Instant Messaging Components
You can start all the components together or a single component separately.
Use the imadmin command to start the Instant Messaging Server, multiplexor, Calendar agent, and watchdog depending on which components are enabled:
To Start All Components
- Use the imadmin command to start all components.
imadmin start
If both server and multiplexor are enabled, this command first starts the Instant Messaging server, and then starts the multiplexor.
If the watchdog is enabled (default), this command starts the watchdog, then the watchdog reads the configuration file and starts the Instant Messaging Server and/or multiplexor as necessary.
To Start a Single Component
To Stop Instant Messaging Components
You can stop all the components together or a single component separately.
Use the imadmin command to stop the Instant Messaging Server, multiplexor, Calendar agent, and watchdog depending on which components are enabled:
To Stop All Components
- Use the imadmin command to stop all components:
imadmin stop
If the watchdog is running, the imadmin utility brings the watchdog down first, and then stops the server and/or the multiplexor.
This command stops the server, multiplexor, Calendar agent, and watchdog, terminates all end user connections, and disconnects any inbound and outbound servers configured.
To Stop a Single Component
To Refresh Component Configuration
Use the imadmin command with the refresh parameter to stop and restart an individual Instant Messaging component and refresh that component’s configuration.
You can refresh all the components together or a single component separately.
Whenever you change a configuration parameter in the iim.conf file, make sure to refresh the configuration.
To Refresh All Components
- Use the imadmin command to refresh all components:
imadmin refresh
This command stops the server, multiplexor, Calendar agent, and watchdog, terminates all end user connections, and disconnects any inbound and outbound servers configured.
If the watchdog is running, the imadmin utility brings the watchdog down first, and then stops the server and/or the multiplexor. Then starts the watchdog which reads the configuration file and starts the Instant Messaging Server and/or multiplexor as necessary.
To Refresh a Single Component
To Check the Status of Instant Messaging Components
You can check the status of all the components together or a single component separately using the imadmin command.
To Check the Status of All Components
To Check the Status of a Single Component
Changing Instant Messaging Server and Multiplexor Configuration ParametersInstant Messaging stores configuration parameters in the iim.conf file. For a complete list of configuration parameters, see Instant Messaging Configuration Parameters.
To change configuration parameters, manually edit the configuration parameters and values in the iim.conf file, then refresh the Instant Messaging server configuration. If you change a multiplexor parameter, you only need to refresh the multiplexor using the following imadmin command:
imadmin refresh multiplexor
For a complete list of parameters and their values, see Instant Messaging Configuration Parameters.
To Change Configuration Parameters
- Change to the config directory. For example, on Solaris type:
cd etc/opt/SUNWiim/default/config
- Edit the iim.conf file. For example:
vi iim.conf
- Save your changes.
- Refresh the configuration.
Caution
If you change the multiplexor listen port (iim_mux.listenport) or the multiplexor host, update the im.html or the im.jnlp files accordingly. Failure to do so disables Instant Messenger from connecting to the server. For more information, see the section on Managing Instant Messenger.
Managing LoggingInstant Messaging creates log files that record events, related status of various software components, system errors, and other aspects of the server, multiplexor, Calendar agent, and watchdog. By examining the log files, you can monitor many aspects of the server’s operation. In addition, you can collect logging data for Instant Messenger on demand. This section provides information about logging in the following topics:
Logging Overview
You can configure the level of logging for the Instant Messaging server, multiplexor, Calendar agent, and watchdog by specifying the parameters in the iim.conf file. For information on configuring the level of logging in the iim.conf file, see Changing Instant Messaging Server and Multiplexor Configuration Parameters.
The location of the log files are specified during Instant Messaging configuration. Typically, log files are stored in im_runtime_base/log. Where the defaults for im_runtime_base are as follows:
As part of regular system maintenance, you need to periodically review and trim the log files from occupying more disk space. The server does not perform this action.
Table 4-1 provides the name of the log files and the configuration parameter in iim.conf used to set the logging level for each log file.
The configuration parameters can have the following values:
In addition, logging configuration in deployments with Sun Java System Access Manager is determined by the com.iplanet.services.debug.level property. You set this property in the AMConfig.properties file on the Sun Java System Access Manager host. By default, this file is installed in the following location:
AM_svr_base/lib/AMConfig.properties
Where AM_svr_base is the directory in which you installed Access Manager.
This property can contain the following values:
By default, the Sun Java System Portal Server desktop log file (desktop.debug) and archive log files (IMArchiveSearch.log and IMArchiveSubmit.log) are stored in the following locations:
Logging Levels
The level or priority of maintaining the error log defines how detailed, or verbose, the log should be. A higher priority level implies less details as only events of high priority (high severity) are recorded in the log file. In contrast a lower priority level implies greater details as more events are recorded in the log file.
You can set the logging level separately for the Instant Messaging server, multiplexor, watchdog, and the Calendar agent.
Table 4-2 describes the logging levels for the components. These logging levels are a subset of the levels defined by the Unix syslog facility.
When you select a particular logging level, events corresponding to that level and to all higher and less verbose levels are logged.
INFO is the default level for the server. ERROR is the default level for the multiplexor and watchdog log files.
Note
If you specify DEBUG as the logging level, your log files will occupy more disk space. Monitor and trim your log files to prevent them from occupying more disk space.
To Set Log Levels
You set the log levels by modifying parameters within the iim.conf file. Table 4-1 contains a list of the log files and the parameter that you need to set for each component.
For more information on changing parameters, see Changing Instant Messaging Server and Multiplexor Configuration Parameters. For more information on the watchdog, see Managing the Watchdog Process. For more information on the Calendar agent, see Using Calendar Pop-up Reminders.
Administering Client Logging
By default, client data is not logged. You may be asked to collect client data during a support call. In this situation, you will need to enable logging before you can view client log data.
To enable client logging you need to complete the following steps:
To Enable Client Logging
- Enable the logging feature in either the Java Web Start Application Manager or the Java Plug-In Control Panel as appropriate.
If the client uses the Java plug-in with an earlier version of the JDK, run the Java Plug-In Control Panel. See the online help for the Java Plug-In Control Panel for instructions on enabling logging.
If the client uses Java Web Start or uses the plug-in with JDK 5.0, run the Java Web Start Application Manager, then:
- Open im.jnlp in a text editor.
- Search for the line:
<application-desc main-class="com.iplanet.im.client.iIM">
- Add the following argument to the end of the section:
<argument>debug=true</argument>
- Save and close the im.jnlp file.
- If you are using Sun Java System Access Manager or Sun Java System Web Server, redeploy the resource files as described in Redeploying Resource Files.
- Relaunch Instant Messenger.
Federating Deployment of Multiple Instant Messaging ServersIn an LDAP-only deployment, when you federate multiple Instant Messaging deployments you form a larger Instant Messaging community. End users from different servers can communicate with each other, use conference rooms on other domains, and subscribe to news channels on remote servers based on the access privileges.
In a deployment with Sun Java System Access Manager, a single Instant Messaging server can host multiple domains. You can designate a single domain as the default domain for a Instant Messaging server instance. End users in different domains hosted by the same server cannot interact with each other. When you federate multiple Instant Messaging deployments, end users in default domains can see the end users in default domains of other remote Instant Messaging servers.
For enabling communication between multiple Instant Messaging servers in your network, you need to configure your server to identify itself to the other Instant Messaging servers in the network. A Instant Messaging server identifies itself with its domain name, host and port number, serverID, and password.
In an LDAP-only deployment, the two servers should reside in different domains.
Within the server configuration, you can assign each Instant Messaging server a symbolic name, consisting of letters and digits, for example, IMserver1.
To Configure Communication Between Instant Messaging Servers
This procedure describes how to enable communication between two Instant Messaging servers, iim.company22.com and iim.i-zed.com..
To Configure Communication Between Two Servers
- Gather the following information listed in Table 4-3.
Table 4-3 lists the parameters in the iim.conf file for server-to-server communication and the values for these parameters in the Instant Messaging servers, iim.company22.com and iim.i-zed.com.
For more information on the configuration parameters, see Instant Messaging Configuration Parameters.
- Change to the config directory on the server iim.company22.com. For example, on Solaris:
cd /etc/opt/SUNWiim/default/config
- Edit the iim.conf file, for example:
vi iim.conf
The following example shows the section of the iim.conf file on iim.company22.com corresponding to the server-to-server communications that you can modify:
The following example shows the section of the iim.conf file on iim.i-zed.com corresponding to the server-to-server communications that you can modify:
iim_server.serverid=Iami-zed
iim_server.password=secret4i-zed
iim_server.domain=iim.i-zed.com
iim_server.coservers=coserver1
iim_server.coserver1.host=iim.company22.com:9919
iim_server.coserver1.serverid=Iamcompany22
iim_server.coserver1.password=secretforcompany22
iim_server.coserver1.domain=company22.com
- Save the changes and refresh the configurations on both servers.
Using SSL in Instant MessagingInstant Messaging supports the Secure Sockets Layer (SSL) protocol, for encrypted communications and for certificate-based authentication of Instant Messaging servers. Instant Messaging server supports SSL version 3.0.
Instant Messaging multiplexor and Instant Messenger also support SSL for encrypted communication between the client and the multiplexor.
Enabling SSL for Instant Messaging server requires the following:
- Obtaining and installing a certificate for your Instant Messaging server, and configuring the Instant Messaging server to trust the Certification Authority’s certificate.
- Ensuring that each Instant Messaging server that needs to communicate using SSL with your server, obtains and installs a certificate.
- Turning on SSL in the server by setting the appropriate parameters in the iim.conf file.
Enabling SSL between the multiplexor and Instant Messenger requires the following:
For more information about managing certificates, see the Web Server and Application Server product documentation at http://docs.sun.com
Requesting a Certificate from the Certificate Authority
To enable SSL between Instant Messenger and multiplexor, you need to install the certificate and create databases for secure communication. You can request and install the certificate using Web Server or Application Server.
To Request and Install a Certificate
- Type the following URL for starting the administration server in your browser:
http://hostname.domain-name:administration_port
A window prompting you for a user name and password appears.
- Type the administration user name and password you specified during the Web Server or Application Server installation.
The Administration Server page appears.
- Create a separate Web Server or Application Server instance. For more information on installing multiple instances of the server, see the product documentation at:
- Create a trust database to store the public and private keys, referred as the key-pair file. The key-pair file is used for SSL encryption.
For information on creating a trust database, see the Web Server or Application Server product documentation at:
- Request a certificate from the Certificate Authority.
For more information on requesting a certificate, see the Web Server or Application Server product documentation at:
Installing the Certificate
When you receive the server certificate from your Certificate Authority, you need to install the certificate.
To Install the Certificate
- Type the following URL for starting the administration server in your browser:
http://hostname.domain-name:administration_port
A window appears, prompting you for a user name and password.
- Type the administration user name and password you specified during the Web Server or Application Server installation.
The Administration Server page appears.
- Install the server certificate.
For more information on installing the certificate, see the Web Server or Application Server product documentation at:
- Change to your Web Server or Application Server’s alias directory.
- Copy the database files from the alias directory to the Instant Messenger config directory.
To copy the database files from the alias directory to the Instant Messenger config directory, type the following:
cp https-serverid-hostname-cert8.db /etc/opt/SUNWiim/default/config/cert8.db
cp https-serverid-hostname-key3.db /etc/opt/SUNWiim/default/config/key3.db
cp secmod.db /etc/opt/SUNWiim/default/config/secmod.db
Note
The end user on which the Instant Messaging server runs should have Read permission on cert7.db, key3.db,and secmod.db files.
- Change to your Instant Messaging im_cfg_base directory. For example, on Solaris:
cd /etc/opt/SUNWiim/default/config
- Create the sslpassword.conf file using an editor of your choice. For example, you could type:
vi sslpassword.conf
- Enter the following line to the sslpassword.conf file
Internal (Software) Token:password
Password: The password specified during the creation of the trust database.
- Save the file.
Note
All Instant Messenger end users should have Ownership and Read permission on the sslpassword.conf file.
- After verifying the functioning of SSL, log in to the Web Server or Application Server as an administrator and remove the server instance that you have created while requesting the certificate.
Enabling SSL Between the Multiplexor and Instant Messenger
Table 4-4 lists the parameters in the iim.conf file for enabling SSL between Instant Messenger and multiplexor. It also contains the description and the default value of these parameters:
Table 4-4 Instant Messenger and Multiplexor SSL Parameters
Parameter
Default Value
Description
iim_mux.usessl
off
If the value is set to “on”, the multiplexor requires an SSL handshake for each connection it accepts, before exchanging any application data.
iim_mux.secconfigdir
Solaris: /etc/opt/SUNWiim/default/config
Linux: /etc/opt/sun/im/default/config
This directory contains the key and certificate databases. It usually contains the security module database.
iim_mux.keydbprefix
(Empty string)
This value should contain the key database filename prefix. The key database file name must always end with key3.db.
If the Key database contains a prefix, for example This-Database-key3.db, then value of this parameter is This-Database.
iim_mux.certdbprefix
(Empty string)
This value should contain the certificate database filename prefix. The certificate database file name must always end with cert7.db.
If the certificate database contains a prefix, for example Secret-stuff-cert7.db, then value of this parameter is Secret-stuff.
iim_mux.secmodfile
secmod.db
This value should contain the name of the security module file.
iim_mux.certnickname
Server-Cert
This value should contain the name of the certificate you entered while installing the certificate.
The certificate name is case-sensitive.
iim_mux.keystorepasswordfile
sslpassword.conf
This value should contain the relative path and the name of the file containing the password for the key database. This file should contain the following line:
Internal (Software) Token:password
Where password is the password protecting the key database.
To Enable SSL Between Instant Messenger and Multiplexor
- Change to the im_cfg_base directory. For example, on Solaris:
cd /etc/opt/SUNWiim/default/config
- Edit the iim.conf file, for example:
vi iim.conf
- Add the values mentioned in the Table 4-4 to the multiplexor configuration parameters.
The following is an example of the iim.conf file with the multiplexor configuration parameters:
! IIM multiplexor configuration
! =============================
!
! Multiplexor specific options
! IP address and listening port for the multiplexor.
! WARNING: If this value is changed, the port value of ’-server’ argument
! in the client’s im.html and im.jnlp files should also be changed to match th
is.
iim_mux.listenport = "siroe.com:5222"
! The IM server and port the multiplexor talks to.
iim_mux.serverport = "siroe.com:45222"
! Number of instances of the multiplexor.
iim_mux.numinstances = "1"
! Maximum number of threads per instance
iim_mux.maxthreads = "10"
! Maximum number of concurrent connections per multiplexor process
iim_mux.maxsessions = "1000"
iim_mux.usessl = "on"
iim_mux.secconfigdir = "/etc/opt/SUNWiim/default/config"
iim_mux.keydbprefix = "This-Database"
iim_mux.certdbprefix = "Secret-stuff"
iim_mux.secmodfile = "secmod.db"
iim_mux.certnickname = "Server_Cert"
iim_mux.keystorepasswordfile = "sslpassword.conf"
Invoking the Secure Version of Instant Messenger
The secure version of Instant Messenger can be invoked by accessing the imssl.html file or imssl.jnlp file from your browser. These files are located under the resource directory, the base directory under which all the Instant Messenger resources are stored.
The links to these applet descriptor files can also be added to index.html file.
To Activate SSL for Server to Server Communication
Before you can activate SSL, you must create a certificate database, obtain and install a server certificate, and trust the CA’s certificate as described earlier.
To Activate SSL
- Set these iim.conf parameters:
- Set the server-to-server configurations as described in Federating Deployment of Multiple Instant Messaging Servers, and add the following:
- iim_server.coserver1.usessl=true
Change the port number of the following:
- iim_server.coserver1.host=hostname:5223
The port number should be the SSL port of the other server.
Following is a section of iim.conf file with the required SSL configuration:
! Server to server communication port.
iim_server.port = "5269”
! Should the server listen on the server to server communication port
iim_server.useport = "True”
! Should this server listen for server-to-server communication using ssl port
iim_server.usesslport = "True”
iim_server.sslport=5223
iim_server.coservers=coserver1
iim_server.coserver1.serverid=Iamcompany22
iim_server.coserver1.password=secretforcompany22
iim_server.coserver1.usessl=true
iim_server.coserver1.host=iim.i-zed.com:5223
iim_server.serverid=Iami-zed
iim_server.password=secret4i-zed
iim_server.secconfigdir = "/etc/opt/SUNWiim/default/config"
iim_server.keydbprefix = "This-Database"
iim_server.certdbprefix = "Secret-stuff"
iim_server.secmodfile = "secmod.db"
iim_server.certnickname = "Server_Cert"
iim_server.keystorepasswordfile = "sslpassword.conf"
Enabling SSL between two servers
Table 4-5 lists the parameters in the iim.conf file for enabling SSL between two Instant Messaging servers. It also contains the description and the default value of these parameters:
Table 4-5 Server-to-Server SSL Configuration Parameters
Parameter
Default Value
Description
iim_server.secconfigdir
Solaris: /etc/opt/SUNWiim/default/config
Linux: /etc/opt/sun/im/default/config
This directory contains the key and certificate databases. It usually contains the security module database.
iim_server.keydbprefix
None
This value should contain the key database filename prefix. The key database file name must always end with key3.db.
If the Key database contains a prefix, for example This-Database-key3.db, then value of this parameter is This-Database.
iim_server.certdbprefix
None
This value should contain the certificate database filename prefix. The certificate database file name must always end with cert7.db.
If the certificate database contains a prefix, for example Secret-stuff-cert7.db, then value of this parameter is Secret-stuff.
iim_server.secmodfile
secmod.db
This value should contain the name of the security module file.
iim_server.certnickname
Server-Cert
This value should contain the name of the certificate you entered while installing the certificate.
The certificate name is case-sensitive.
iim_server.keystorepasswordfile
sslpassword.conf
This value should contain the relative path and the name of the file containing the password for the key database. This file should contain the following line:
Internal (Software) Token:password
Where password is the password protecting the key database.
iim_server.trust_all_cert
false
If this value is true than the server will trust all certificates and will also add the certificate information into the log files.
Managing Instant Messaging's LDAP Access ConfigurationAn LDAP-only deployment of Instant Messaging server requires a directory server. In an LDAP-only deployment, the Instant Messaging server uses the directory server to perform end-user authentication and to search for end users.
In a deployment with Sun Java System Access Manager, the Instant Messaging server uses the directory used by Sun Java System Portal Server. When installed in an Access Manager deployment environment, the Instant Messaging server uses the directory used by the Access Manager to search for end users, and not for end-user authentication. In an Access Manager deployment, Access Manager performs the authentication.
If you use an LDAP directory to maintain your user namespace, the default configuration makes the following assumptions regarding the schema used by this directory:
- End user entries are identified by the inetOrgPerson object class.
- Group entries are identified by the groupOfUniqueNames or groupofURLs object class.
- Instant Messenger user ID attribute of an end user is provided by the uid attribute (from inetOrgPerson objectclass).
- The email address of an end user is provided by the mail attribute.
- The display name of an end user or group is provided by the cn attribute.
- The list of members of a group is provided by the uniqueMember attribute (groupOfUniqueNames object class).
You can change these default settings by editing the iim.conf file. See Using the iim.conf file for more information.
Searching the Directory as Anonymous Users
Instant Messaging needs to be able to search the directory to function correctly. If your directory is configured to be searchable by anonymous users, Instant Messaging has the capability to search the directory. If the directory is not readable or searchable by anonymous users, you must take additional steps to configure the iim.conf file with the credentials of a user ID that has at least read access to the directory.
These credentials consist of:
To Enable the Server to Conduct Directory Searches as a Specific End User
- Identify values for the following parameters in the iim.conf file:
- iim_ldap.usergroupbinddn - Specifies the distinguished name (dn) to use to bind to the directory for searches.
- iim_ldap.usergroupbindcred - Specifies the password to use with the distinguished name (dn)
For example:
iim_ldap.usergroupbinddn="cn=iim server,o=i-zed.com"
iim_ldap.usergroupbindcred=secret
Note
You do not have to use administrator-level credentials with write level access, as all that is necessary is read access to the domain tree. Thus, if there is an LDAP user with read level access, use its credentials instead. This is a safer alternative as it does not force you to disseminate the administrator-level credentials.
- In a deployment with Access Manager, the directory is generally not searchable by anonymous users. You should set the iim_ldap.useidentityadmin configuration parameter to true in this case. Also you can delete or comment out the following configuration parameters:
- Edit the iim.conf file.
See Changing Instant Messaging Server and Multiplexor Configuration Parameters for instructions on editing the iim.conf file.
If the iim_ldap.usergroupbinddn and iim_ldap.usergroupbindcred parameters do not appear in the iim.conf file, you can add them anywhere in the file.
Configuring Dynamic LDAP Server Group
In the LDAP Server, the dynamic groups filter end users based on their DN and include them in a single group. The dynamic groups are defined in Directory Server as the groupOfUrls objectclass.
To enable end users to view the dynamic groups in search results and add them to their contact list, you need to include the groupOfUrls objects to search results.
The following modifications need to be made to the server configuration file iim.conf:
The attribute and objectclass names are configurable.By default, the memberOfUrls attribute is used as the membership attribute of a dynamic group. If you want to use an attribute name other than memberOfUrls, set the iim_ldap.groupmemberurlattr option to the attribute name you want to use.
Backing Up Instant Messaging DataInstant Messaging does not come with any disaster recovery tools. Use your site’s backup system to backup the configuration and database directories periodically.
Backup Information
The Instant Messaging information that needs to be backed up are of the following types:
The configuration information is stored in the configuration directory (im_cfg_base). Default paths are as follows:
- Solaris: /etc/opt/SUNWiim/default/config
- Linux: /etc/opt/sun/im/default/config
- (Optional) If you customized any of the files mentioned in Customizing Instant Messenger, back them up from the resource directory.
The Instant Messaging data is stored in the database directory (im_db_base). Defaults for im_db_base are as follows:
The Instant Messenger resources must be backed up if they have been customized. The location of the Instant Messenger resources are provided during installation.
Performing a Backup
While the configuration information does not change frequently, the Instant Messaging end-user data changes rapidly and to prevent any loss of end-user data you should back up the Instant Messaging end-user data on a periodic basis. You need to perform the backup before running the installation program and the uninstallation program.
To backup the end user data and the configuration information you do not have to stop the Instant Messaging server as all the disk commits by the server are automatically performed.
Restoring Backup Information
The back up of the end-user data and the configuration information needs to be restored when there is a disk failure and all the end-user data and the configuration information is lost.
To Restore End-user Data from Backup
- Change to the runtime directory.
For example:
cd im_runtime_base
The default values for im_runtime_base are as follows:
Solaris: /var/opt/SUNWiim/default
Linux: /var/opt/sun/im/
- Stop the Instant Messaging server, type:
imadmin stop
- Copy the backed up data to the im_db_base directory. Be sure to maintain the directory structure of the backed up data.
- Verify the permissions and owner of the newly restored data.
The files should be owned by the Instant Messaging system user. See Creating a UNIX System User and Group for information on this user. Permissions should be set as follows:
- Start the Instant Messaging server.
imadmin start