This chapter contains the following sections about administering hosted domains:
Once your calendar installation has been configured for hosted domains and the preparation work described in Chapter 11, Setting Up Hosted Domains has been performed, you can add new hosted domains.
Each domain has a set of attributes and preferences that you can set. These attributes are part of the icsCalendarDomain object class. The attributes include preferences such as access rights, access control lists (ACLs), domain searches, access rights for domain searches, user status, and proxy logins.
To administer Calendar Server hosted (or virtual) domains use one of the two following set of tools:
Delegated Administrator Console or Utility – For Schema 2 environments.
Delegated Administrator is a separately installable component in the Java Enterprise System installer. For more information on the Utility, see the Sun Java System Communications Services 6 2005Q4 Delegated Administrator Guide. For more information on the Console, use the Delegated Administrator Console online help.
Calendar Server Utility — (csdomain and csattribute) For Schema 1 environments.
Installed with Calendar Server. You can add or delete attributes with csdomain, but you there is no modify command. Use csattribute to modify the value of an existing attribute. In addition, should the need arise, use ldapmodify to add or delete object classes in domains created with csdomain.
For information about csdomain and csattribute, see Appendix D, Calendar Server Command-Line Utilities Reference.
For information about particular object classes and attributes, see theSun Java System Communications Services 6 2005Q4 Schema Reference.
For an overview of hosted domains and other introductory material, see Chapter 11, Setting Up Hosted Domains.
Calendar Server does not support using the Access Manager Console for domain administration.
Create hosted domains for either Schema 2 or Schema 1:
You can use either the Delegated Administrator Console or Utility:
Console — Use the Create New Organization wizard on the Organization List page.
For more information, see the Delegated Administrator Console online help.
Utility — Use the commadmin domain create command.
For example, to create the domain sesta.com, issue the following command:
commadmin domain create -D calmaster -d sesta.com -w calmasterpassword -S cal -B backend.sesta.com
For information about the Delegated Administrator Utility, see the Sun Java System Communications Services 6 2005Q4 Delegated Administrator Guide.
You must be in hosted domain mode to run csdomain. For instructions on how to enable hosted domains, see Chapter 11, Setting Up Hosted Domains.
Use csdomain create when creating a hosted domain in Schema 1. For example, to create west.sesta.com, use the following command:
csdomain create west.sesta.com
This section covers the two tasks you must do to enable cross domain searches:
Adding Names of Domains Allowed to Search This Domain in the LDAP entry for each of the domains allowed to search this domain.
Adding Names of Domains to be Searched by This Domain when users in this domain send invitations to events.
This can be done using either of the following tools: ldapmodify (for either Schema mode), or Delegated Administrator Console or Utility (for Schema 2).
Each domain LDAP entry specifies access permissions in ACE's, which are defined in the domainAccess parameter of the icsExtendedDomainPrefs attribute. Two different ways to allow external domains to search this domain are:
The construction of ACI's is explained more fully in Calendar Access Control.
This can be done three ways:
Using ldapmodify, create the following ACE string in the domainAccess preference of the icsExtendedDomainPrefs:
@domain_being_allowed^a^lsfr^g
Form the ACE by specifying the domain allowed to search this domain, followed by sufficient permissions to allow the search.
Using Delegated Administrator Utility command commadmin domain modify, add ACE strings specifying the domainAccess preference in icsExtendedDomainPrefs attribute.
For example, in a Schema 2 environment, sesta.com allows searches from siroe.com:
commadmin domain modify -D admin -w adminpassword -X hostmachine_1 -d sesta.com -A +icsextendeddomainprefs:"domainAccess=@@d^a^slfrwd^g; @siroe.com^a^lsfrwd^g;anonymous^a^r^g;@^a^s^g"
Using Delegated Administrator Console, when creating or editing an organization's properties, you can add domains to the Allow Invitations From Users in These Organizations list.
This updates the domainAccess preference in the icsExtendedDomainPrefs attribute.
While you can specify the exact permissions given to the domains in the first two methods just listed, the last one, using the Delegated Administrator Console, does not allow the administrator as much control. The list of permissions is preset. The permissions given are: free-busy access, and event scheduling access. The user can't see event details unless the owner of that calendar has set permissions to allow all users to read it.
There are three ways to allow all external domains to search this domain:
Using ldapmodify, create the following ACE string in the domainAccess preference of the icsExtendedDomainPrefs:
@^a^slfr^g
Form the ACE by specifying that all domains have sufficient access to perform searches.
Using Delegated Administrator Utility command commadmin domain modify, add ACE strings specifying the domainAccess preference in icsExtendedDomainPrefs attribute.
For example, in a Schema 2 environment, sesta.com allows searches by all domains:
commadmin domain modify -D admin -w adminpassword -X hostmachine_1 -d sesta.com -A +icsextendeddomainprefs:"domainAccess=@@d^a^slfrwd^g; anonymous^a^r^g;@^a^slfr^g"
The characters @@d refer to the domain of the primary owner.
Using Delegated Administrator Console, when creating or editing an organization's properties, you can add domains to the Allow Invitations From Users in These Organizations list.
This updates the domainAccess preference in the icsExtendedDomainPrefs attribute.
While you can specify the exact permissions given to the domains in the first two methods just listed, the last one, using the Delegated Administrator Console, does not allow the administrator as much control. The list of permissions is preset. The permissions given are: free-busy access, and event scheduling access. The user can't see event details unless the owner of that calendar has set permissions to allow all users to read it.
There are three ways to do add external domains to be searched by this domain:
Using ldapmodify, add one instance of icsDomainNames for each external domain that can be searched by users in this domain.
For example, sesta.com searches in both siroe.com and example.com when performing cross domain searches. Use ldapmodify (for either Schema 1 or Schema 2) to create the following LDIF:
dn: dc=sesta, dc=com, o=internet changetype: modify add: icsDomainNames icsDomainNames:siroe.com icsDomainNames:example.com
Using Delegated Administrator Utility command commadmin domain modify, specify the option -A to add names of domains to be searched.
For example:
commadmin domain modify -D admin -w adminpassword -X hostmachine_1 -d sesta.com -A +icsDomainNames:siroe.com -A +icsDomainNames:example.com
Using Delegated Administrator Console, when creating or editing an organization's properties, you can add domains to the Invite Calendars in These Organizations list.
This adds icsDomainNames attributes to the domain LDAP entry. Add one attribute for each external domain to be searched when users in this domain send invitations to an event.
For more information, see the Delegated Administrator Console online help.
Calendar Server defaults to non-hosted domains. If you are using Calendar Server and Messaging Server in your Java Enterprise System deployment, you should use hosted domains.
You can enable or disable hosted domains for your installation by editing the ics.conf file.
Edit the ics.conf file as follows:
service.virtualdomain.support="yes" (the default is "no".)
Restart Calendar Services.
For a list of all the ics.conf parameters necessary to implement hosted domains, see Setting up a Hosted Domain Environment.