Sun Java System Communications Services 2005Q4 Release Notes

Known Issues and Limitations

This section describes known issues in Communications Services Delegated Administrator. The section includes the following topics:

Installation, Upgrade, and Configuration

When you upgrade from Application Server 7.x (Java ES Release 2) to Application Server 8.x (Java ES Release 4) and then upgrade to Delegated Administrator 6 2005Q4 (Java ES Release 4), Delegated Administrator fails to redeploy to the upgraded Application Server. (6319257)

After an upgrade to Application Server 8.x, applications such as Delegated Administrator are automatically redeployed to a non-DAS server1 instance. To maintain compatibility, the non-DAS instance runs on the same port as the previous release of Application Server.

However, Delegated Administrator uses the deploydir command to deploy to Application Server. In Application Server 8.x, the deploydir command only works on DAS instances. Delegated Administrator cannot be deployed to the non-DAS instance.


After you have upgraded to Application Server 8.x, take the following steps:

  1. Modify the following Access Manager configuration properties file:


    by replacing the following line:



  2. Before you run the Delegated Administrator configuration program, undeploy the /commcli and /da web applications from the server1 instance in the upgraded Application Server. Run the following commands:

    /opt/SUNWappserver/appserver/bin/asadmin undeploy 
    --secure=false --user admin --password xxxx
    --target server1 commcli

    /opt/SUNWappserver/appserver/bin/asadmin undeploy 
    --secure=false --user admin --password xxxx
    --target server1 da
  3. Run the Delegated Administrator configuration program, config-commda. When you are prompted for the Access Manager host and port, specify the port for the DAS server instance.

    Specify the DAS server instance, even though Access Manager is running on the non-DAS server1 instance.

    When the config-commda program asks you where to deploy the Delegated Administrator console and Delegated Administrator server, specify the DAS server information, not the server1 information.

    If you already have configured Delegated Administrator with the server1 port (if you have already run config-commda), modify the port information (to specify the DAS port) in the following two files:

  4. After you run config-commda, log in to the Application Server console. Copy all Access Manager library paths in the JVM settings for classpath-prefix and classpath-suffix entries from the server1 instance to the server instance. You can perform this task by copying the paths in the server1 domain.xml file to the server domain.xml file.

The Delegated Administrator configuration program allows you to enter invalid values in the Domain Separator field. (6310711)

In the configuration program, config-commda, you can enter invalid characters such as ^ in the Domain Separator field. You cannot log into the Delegated Administrator console using a login ID with the invalid domain-separator character.


Edit the value of the commadminserver.domainseparator property in the file, located in the following default path:


Use a valid value such as @, -, or _.

Upgrading to Access Manager 7.0 without upgrading to Delegated Administrator 6 2005Q4 (Java ES Release 4) will cause user creation to fail. (6294603)

When you upgrade to Java Enterprise System Release 4, if you upgrade Access Manager from version 6.x to 7.0 but do not upgrade Delegated Administrator to version 6 2005Q4 (Java ES Release 4), user creation with mail or calendar service will fail.


  1. Update the UserCalendarService.xml file, located by default in the following directory:


    In the UserCalendarService.xml file, mark the mail , icssubcribed, and icsfirsdayattributes as optional instead of required.

  2. In Access Manager, remove the existing xml file by running the amadmin command, as in the following example:

    amadmin -u amadmin -w netscape -r UserCalendarService
  3. In Access Manager, add the updated xml file, as in the following example:

    amadmin -u amadmin -w netscape  
    -s /opt/SUNWcomm/lib/services/UserCalendarService.xml
  4. Restart the Web container.

The Delegated Administrator configuration program (config-commda) can be slow if a very large number of organizations are deployed in the directory. (6219610)

If the directory contains a very large number of organizations (50,000 or more), the Delegated Administrator configuration program (config-commda) can take a long time to complete. Performance of administrative tasks related to Access Manager is slow.


Create a pres,eq index on the ou attribute.

Values in the files are overwritten when Delegated Administrator is reconfigured with the config-commda program. (6218713)

If you configure an existing, configured installation of Delegated Administrator by running the config-commda program again, the properties in the file are reset to their default values.

For example, if you previously set the following properties to these values:



and then run config-commda, these properties would be reset to their default values, as follows:



This issue is of concern only if you have changed the Delegated Administrator configuration (if you have enabled plug-ins or modified the values of any properties in the file).


If you need to upgrade Delegated Administrator, or if you need to rerun the config-commda program for any other reason, you can preserve your existing configuration by taking the following steps:

  1. Back up the file.

    The file is located in the following default path:

  2. Run the config-commda program.

  3. Edit the new file created by the config-commda program, as follows:

    (The new file is located in the default path shown in 1. Back up the file, above.)

    a. Open the new file.

    b. Open your back-up copy of the file.

    c. Locate the properties that were customized in the back-up copy. Apply the customized values to the corresponding properties in the new file.

Do not simply overwrite the new file with the entire back-up copy. The new file may contain new properties created to support this release of Delegated Administrator.

Delegated Administrator Console and Command-Line Utilities

If you make the root suffix a domain, Delegated Administrator functions do not work. (6321748)

By default, when Access Manager is installed, the root suffix is not installed as a domain. That is, the root suffix does not contain the sunPreferredDomain attribute. If the root suffix is turned into a mail domain, problems occur in Delegated Administrator.


Use the same default domain that you set up for Messaging Server. If you have not installed Messaging Server, make sure that the default domain is created one level below the root suffix in the DIT.

When you create a group with no services using the command-line utility (commadmin group create) and then assign a service package to the group in the Delegated Administrator console, you are not prompted to enter any Mail Service details. (6317925)

This issue occurs when you create a group with commadmin group create without adding any services to the group, and then use the Delegated Administrator console to assign a service package to the group. You can assign a mail service package to the group using the Assign Service Package wizard, but you are not prompted to enter information in the Mail Service Details panel. A message informs you that the mail service package was assigned successfully. If you open the group's Properties page, the group members are listed, but you cannot edit these fields or enter an email address for the group.


Use the commadmin group modify command to add mail service and an email address to the group. For example:

./commadmin group modify -D <TLA> -w <TLA_password> -G Group0 
-S mail -E Group0@<domain> -d <domain> 

Attributes passed with the —A option of the commadmin command are ignored if the command also calls an input file containing attributes passed with —A. (6317850)

This issue occurs if you run a commadmin command such as this one:

./commadmin user create -D tla -w pass -d <domain> 
-F test -L User -W pass -i /tmp/ -A preferredlanguage:es

and the input file,, contains attributes passed with the -A option. The result is that the -A option in the command line is ignored. In the example shown above, the preferredlanguage:es is not added.


If any attributes are passed in the input file with the -A option, pass all values of -A in the input file. Do not also use -A in the command line.

An Organization Administrator (OA) can remove himself as an OA by modifying the organization Properties page. (6314711)

If you log into the Delegated Administrator console as an OA, you can go to the organization's Properties page and remove yourself from the list of users with OA rights. No error occurs, and you can continue using the console. You should either be unable to remove yourself as an OA or be logged out as soon as you remove yourself.

An inappropriate error message is displayed when you use a domain name that conflicts with the name of a deleted domain. (6309418)

This issue occurs if you create an organization with a domain name that is the same as the name of a deleted domain. (The organization name is different than the name of the deleted organization.) The following error message appears: Attribute uniqueness violated.


Specify a new domain name.

The Delegated Administrator console writes icsAllowRights values to the directory that are different than the values documented in the Schema Reference. (6308579)

This issue occurs when you set Advanced Rights in an organization that has Calendar service allocated to it. If you open the Properties page for the organization, navigate to the Calendar Service section, and click the Advanced Rights button, the Advanced Rights properties are displayed. These properties are stored with the icsAllowRights attribute in the directory.

In the Delegated Administrator console, if you set the Advanced Rights properties to “No,” the icsAllowRights value in the directory is saved as 0. However, the Schema Reference documents that the value 0 means that the property is allowed.

Note also that the Advanced Rights properties in the Delegated Administrator console are set to “No” by default, even if these values conflict with the corresponding values in the ics.conf file. The values set by Delegated Administrator override the values in the ics.conf file.

When you use commadmin group create to create a group, you can add only one dynamic membership filter (LDAP URL) with the —f option. (6303551)

The commadmin group create command allows you to use the -f option multiple times to construct dynamic membership filters (LDAP URLs) for the group. However, only the last filter is saved in the LDAP directory.


Run the commadmin group modify command multiple times, once for each filter you wish to add.

When you add Dynamic members to a group In the Delegated Administrator console, you cannot test a manually constructed LDAP URL. (6300923)

When you create a new group and add dynamic members to the group, you can either manually construct an LDAP URL or use the fields available in the drop-down menus to construct the LDAP URL. If you use the drop-down menus, you can click the Test LDAP URL button. If you manually construct the LDAP URL, this feature is disabled.

Using the browser's Back button in the Delegated Administrator console can cause unexpected pages to be displayed. (6292610)


Navigate only by using the tabs and navigation links provided on the page itself.

The number of service packages assigned to groups in an organization can exceed the number allocated to that organization. (6285713)

After you allocate a specified number of service packages for groups in an organization, you can assign an unlimited number of service packages to the groups in the organization. The allocation limits are not enforced.

For example, if you allocate 20 service packages for groups in an organization, you can assign service packages to more than 20 groups in the organization.

An incorrect error message is displayed when you create a new user with a Login ID that is already in use. (6283567)

When you create a new user with a unique email address but a login ID that is already used, the user is not created (which is the correct behavior), but the following error message is displayed: “Cannot create user — mail address already used.” The error message should say that the login ID is already used.

You cannot create users in a domain that includes an underscore in its name. (6281261)


Do not include an underscore in the domain name.

On Linux, you cannot use the commadmin utility to add certain service object classes. (6280807)

This issue occurs when you run commadmin with the -A option to add particular service object classes. For example, if you run the following command:

/opt/sun/comms/commcli/bin/commadmin user modify -D admin 
-n <domain> -w <password> -p81 -X localhost -d <domain> -l test 
-A +objectclass:sunportalgatewayaccessservice

Delegated Administrator is unable to get the service object classes.


Manually add the required object class for the user in Directory Server through the Administration Console, or by using the ldapmodify command.

Searching for organizations by service name, service package name, and mail host does not work. (6277314)

In the Organization list page, if you use the drop-down menu to search for organizations by service name, service package name, or mail host, and then enter a search string, the search result includes all organizations.

You cannot create an organization with a comma in the organization name. (6275439)

If you use the Create Organization wizard to create an organization and specify an organization name containing a comma, an error is displayed and the organization is not created.


Do not put a comma in an organization name.

If you delete a domain with the commadmin domain delete command, you cannot use commadmin to purge the domain. (6245878, 6203605)

If you use commadmin domain delete to delete an organization with mail service, the inetDomainStatus is set to deleted . If you then use msuserpurge to remove users from the message store and commadmin domain purge to purge the domain, the domain remains in the LDAP directory. The mailDomainStatus value for the domain does not equal removed.

The same issue exists if you use commadmin domain delete to delete an organization with Calendar service, then use csclean to remove the calendar, and then use commadmin domain purge to purge the domain. The icsStatus is not marked as removed in LDAP.


Use ldapmodify to set the mailDomainStatus or icsStatus to removed. Then use commadmin domain purge.

The Domain Disk Quota value is lost if you change the Domain status or Mail Service status of a full organization. (6239311)

This problem occurs if you edit a full organization with a Domain Disk Quota value set to any numeric value, and you change the Domain Status or Mail Service Status from Active to any other value (such as Inactive or Hold).

A message indicates that the properties of the organization have been successfully modified, but the value of the Domain Disk Quota field is set to unlimited, and the LDAP attribute (mailDomainDiskQuota) is lost for the organization.


This issue is fixed in the latest Delegated Administrator patch. Download the patch, as described in Recommended Patch.

Or: Reset the value of the Domain Disk Quota field and save the properties of the organization again.

No indication when a User, Organization, or Group list page has finished loading. (6234660)

If you click a button while a list page is loading, an error occurs.

While the page is loading, a message asks you to wait. Do not click any buttons or links until the page is ready.

The commadmin user modify command fails if you assign both the sunpresenceuser and sunimuser object classes to a user entry. (6214638)

A newly created user does not inherit the domain’s timezone (TZ). (6206160)

If you create a domain with a non-default timezone, and then create a new user without explicitly using the -T <timezone > option, the user is given the default timezone (America/Denver).

For example, assume you create a domain named sesta with a timezone of Europe/Paris. Next, create a new user in sesta. The user is given the default timezone, America/Denver.


When you create or modify a user, pass -T < timezone> explicitly to the commadmin user create or commadmin user modify command.

You need to save the Organization Properties page to successfully add an administrator. (6201912)

If you open the Organization Properties page and assign an administrator role to a specified user, you must then save the Organization Properties page to add the administrator successfully. If you log out after assigning the new administrator, the administrator is not added.

New non-ascii organizations cause an error because the default administrator’s email address cannot be specified. (6195040)

The default administrator’s uid defaults to “admin_ new_organization_name.” If the new organization name contains non-ascii characters, the email address that uses this uid is invalid.

You cannot edit a user’s login ID in this release of Delegated Administrator. (6178850)

If the root suffix name is the same as an organization domain name, the Delegated Administrator utility does not work. (5107441)

If you create the root suffix name that is the same as your domain name (for example, if the root suffix is and the domain is, the commadmin utilities do not work.


Avoid using the same name for the root suffix and another domain in the directory. (The o=name values must be different.)

The advanced search feature does not return correct results for organizations. (5094680)

This issue occurs if you perform the following steps:

  1. Select the Advanced Search feature.

  2. Select “Organizations” from the drop-down list.

  3. Click the Match All or Match Any radio button.

  4. Select an organization name from the drop-down list.

  5. Enter valid values in the text field.

  6. Click Search.

Instead of returning only the organizations that match the search criteria, Delegated Administrator displays all organizations.

The Summary page in the New Organization wizard does not display all the organization details. (5087980)

When you create a new organization with the New Organization wizard, certain details, such as Disk Domain Quota and Mail Service Status, are not displayed in the wizard’s Summary page.

Cannot modify non-ASCII groups. (4934768)

If a group is created with a group name that contains non-ASCII characters, it cannot be modified with the commadmin group modify command.

For example, if a group with the non-ASCII characters XYZ is specified with the -G option in the commadmin group create command, an email address of XYZ is automatically added to the group’s LDAP entry. Since non-ASCII characters are not allowed in email addresses, modifying the group with commadmin group modify fails.


Use the -E email option when creating a group. This option will specify the group’s email address. For example: commadmin group create -D admin -w password -d -G XYZ -S mail -E .

Creating a group with multiple -f options adds only one attribute. (4931958)

If you specify multiple -f options for creating dynamic groups in the commadmin group create command, only the value specified with the last -f option is added to the LDAP entry. The other values are not added.


Do not specify the -f option multiple times when using the commadmin group create command.

Localization and Globalization

This section describes Delegated Administrator localization problems.

In the localized Delegated Administrator GUI configuration program, config-commda, the default page size may be too small to display all input fields and field labels properly. (6307209)


If you are using a localized GUI configuration program, config-commda, and any labels or input fields are not visible, resize the dialog in the GUI config-commda to accommodate the longer labels.

You cannot create a domain with a language-tagged welcome message. (6242611)

If you use the commadmin domain create command to create a domain with a language-tagged welcome message (with the -A "mailDomainWelcomeMessage;lang-<language tag>:Subject:<message>" option), the domain cannot be created.


First create the domain with the commadmin domain create command. Then use the commadmin domain modify command to add the language-tagged welcome message. For example:

commadmin domain create -D admin -w pass -S mail -H test.<domain>
-d i18n.tst

commadmin domain modify -D admin -w pass -d i18n.tst 
-A "mailDomainWelcomeMessage;lang-fr:Subject:Test$$Test"

An error message, “The organization already exists,” is not localized. (6201623)

If you attempt to create an organization with the same name as an existing organization, Delegated Administrator displays the following error message: “The organization already exists.” This message appears in English and is not translated.


This section describes errors or incomplete information in the Delegated Administrator books and online help.

Available Languages list in the User Properties page is not described in the Delegated Administrator console online help. (6307846)

The Available Languages drop-down list allows you to select a language for a language-tagged user name.

From the Available Languages list, select the desired language for the user name. (The Available Languages list is displayed alongside the First Name, Last Name, and Display Name fields.)

Next, enter the first name, last name, and click Save . This enters a language-tagged first name, last name, and common name to the LDAP entry.

For example, if you select German from the Available Languages list, enter Gerard as the first name, and Schroeder as the last name, the following attributes are added to the user's LDAP entry:

cn;lang-de:Gerard Schroeder

Applications that are locale—aware will display this cn if the user's chosen language is German.

The Default option in the Available Languages list corresponds to the mandatory, untagged givenname, sn, and cn attributes.

For a shared organization, Calendar Service Details do not appear in the Create New Organization wizard; this information is not explained in the online help. (6295181)

When you create a shared organization in the Delegated Administrator console, the Calendar Service Details panel does not appear in the Create New Organization wizard. Furthermore, after the shared organization is created, Calendar Service Details do not appear in the shared organization's Properties page.

This is because, when you create a shared organization, the Calendar service attributes are inherited from the shared parent domain. Therefore, you cannot create or display Calendar service information that is unique to the new shared organization.

Only the Top-Level Administrator has the authority to edit the parent domain.

The Delegated Administrator console online help does not explain this behavior.