This chapter describes the schema and provisioning options for Communications Services. Because of the complexity in provisioning Communications Services, you need to understand your options before installing the product.
This chapter contains the following sections:
This section describes the schema options that are available and supported with Communications Services, and how to decide which to use.
Two schema options are available and supported with Messaging Server: Sun Java System LDAP Schema version 1 and Sun Java System LDAP Schema version 2.
See the commdirmig command in the Sun Java System Communications Services 6 2005Q4 Schema Migration Guide for information on how to migrate from Sun Java System LDAP Schema version 1 to Sun Java System LDAP Schema version 2.
Support for installation and provisioning of Schema 1 will be deprecated and removed from future releases. However, customers with their own provisioning tools may continue to use LDAP Schema 1.
Choosing the schema that’s right for your Messaging Server installation depends on your provisioning needs:
Are you integrating Messaging Server with other Java Enterprise System component products, such as Portal Server or Access Manager, which provide single sign-on capabilities?
Are you installing Messaging Server for the first time or are you upgrading from an older version?
If you are installing Messaging Server for the first time, use Schema 2.
If you are upgrading from an older version of Messaging Server, you can either use Schema 1 or Schema 2.
LDAP Schema 1 is a provisioning schema that consists of both an Organization Tree and a DC Tree. This set of schema (at the time, it was simply called “schema”) was supported in previous Messaging Server 5.x versions.
In Schema 1, when Messaging Server searches for user or group entries, it looks at the user's or group’s domain node in the DC Tree and extracts the value of the inetDomainBaseDN attribute. This attribute holds a DN reference to the organization subtree containing the actual user or group entry.
Only sites that have installed previous versions of Messaging Server should use Schema 1.
Migrating to Schema 2 is imperative if you plan to install Messaging Server with other Sun Java System products in the future.
Schema 1 supports SunTM ONE Delegated Administrator for Messaging (formerly called iPlanet Delegated Administrator) as well as LDAP provisioning tools. For more information, see Understanding Provisioning Tools.
LDAP Schema 2 is a set of provisioning definitions that describes the types of information that can be stored as entries by using the Directory Server LDAP.
The native mode uses search templates to search the LDAP directory server. Once the domain is found by using the domain search template, the user or group search templates are used to find a specific user or group.
You should use native mode if you are installing Communications Services for the first time and you do not have other applications on your machine that are dependent on a two-tree provisioning model. You should also use this mode if you want to install other products in the Java Enterprise System product suite.
If you have an existing Communications Services 5.x installation that uses Schema 1, and you want to integrate Communications Services with other Java Enterprise Server products, you should migrate your directory to Schema 2 after you upgrade to Communications Services 6. Refer to the Sun Java System Communications Services 6 2005Q4 Schema Migration Guide for information on how to migrate from LDAP Schema version 1 to LDAP Schema version 2.
Schema 2 Native Mode is the recommended provisioning model for all Sun Java System products in the Java Enterprise System product suite.
Schema 2 supports Sun Java System Communications Services Delegated Administrator. For more information, see Understanding Provisioning Tools.
Schema 2 compatibility mode is an interim mode between Schema 1 and Schema 2 native mode. Schema 2 compatibility mode supports both schemas and enables you to retain the existing two-tree design you already have. Schema 2 compatibility mode also assumes that you have installed Access Manager prior to installing Messaging Server.
Use Schema 2 Compatibility if you have existing applications that require Schema 1, but you also need functionality that requires Schema 2, for example, Access Manager, single sign-on, and so forth.
Schema 2 compatibility mode is provided as a convenience in migrating to the Schema 2 Native mode. Do not use Schema 2 compatibility mode as your final schema choice. The migration process from Schema 1 to Schema 2 compatibility mode and then finally to Schema 2 native mode is more complex that simply migrating from Schema 1 to Schema 2 native mode. See the Sun Java System Communications Services 6 2005Q4 Schema Migration Guide for more information.
Two schema options are available and supported with Calendar Server: Sun Java System LDAP Schema version 1 and Sun Java System LDAP Schema version 2.
Refer to the Sun Java System Communications Services 6 2005Q4 Schema Migration Guide for information on how to migrate from Sun Java System LDAP Schema version 1 to Sun Java System LDAP Schema version 2.
Support for installation and provisioning of Schema 1 will be deprecated and removed from future releases. However, customers with their own provisioning tools may continue to use LDAP Schema 1.
Choosing the schema that’s right for your Calendar Server installation depends on your provisioning needs:
Are you integrating Calendar Server with other Java Enterprise System component products, such as Portal Server or Access Manager, which provide single sign-on capabilities?
Are you installing Calendar Server for the first time or are you upgrading from an older version?
If you are installing Calendar Server for the first time, use Schema 2 Native Mode.
If you are upgrading from an older version of Calendar Server, you can either use Schema 1 or Schema 2 Native or Compatibility Mode.
Do you plan to use either Access Manager CLI utilities for provisioning or single sign-on?
If you answer Yes, use Schema 2 Native or Compatibility Mode.
Do you want to use the Calendar Server csdomain utility for provisioning domains?
If you answer Yes, use Schema 2 Native or Compatibility Mode. If you don’t plan to use the csdomain utility, and you have an existing Calendar Server installation, use Schema 1.
If you don’t want to use either Access Manager or Calendar Server CLI utilities for provisioning, use can use either Schema 2 Native Mode for new installations, or Schema 1 or Schema 2 Compatibility Mode for existing Calendar Server installations.
LDAP Schema 1 is a provisioning schema that consists of both an Organization Tree and a DC Tree. This set of schema (at the time, it was simply called “schema”) was supported in previous Calendar Server 5.x versions.
When Calendar Server searches for user or group entries, it looks at the user's or group’s domain node in the DC Tree and extracts the value of the inetDomainBaseDN attribute. This attribute holds a DN reference to the organization subtree containing the actual user or group entry.
Only sites that have installed previous versions of Calendar Server should use Schema 1.
Migrating to Schema 2 is imperative if you plan to install Calendar Server with other Sun Java System products in the future.
Schema 1 supports LDAP provisioning tools. For more information, see Understanding Provisioning Tools.
Schema 2 is a set of provisioning definitions that describes the types of information that can be stored as entries by using the Directory Server LDAP.
The native mode uses search templates to search the LDAP directory server. Once the domain is found by using the domain search template, the user or group search templates are used to find a specific user or group.
You should use native mode if you are installing Communications Services for the first time and you do not have other applications on your machine that are dependent on a two-tree provisioning model. You should also use this mode if you want to install other products in the Java Enterprise System product suite.
If you have an existing Communications Services 5.x installation that uses Schema 1, and you want to integrate Communications Services with other Java Enterprise Server products, you should migrate your directory to Schema 2 after you upgrade to Communications Services 6. Refer to the Sun Java System Communications Services 6 2005Q4 Schema Migration Guide for information on how to migrate from LDAP Schema version 1 to LDAP Schema version 2.
Schema 2 Native Mode is the recommended provisioning model for all Sun Java System products in the Java Enterprise System product suite.
Schema 2 supports Sun Java System Communications Services Delegated Administrator. For more information, see Understanding Provisioning Tools.
Schema 2 compatibility mode is an interim mode between Schema 1 and Schema 2 native mode. Schema 2 compatibility mode supports both schemas and enables you to retain the existing two-tree design you already have. Schema 2 compatibility mode also assumes that you have installed Access Manager prior to installing Messaging Server.
Use Schema 2 Compatibility if you have existing applications that require Schema 1, but you also need functionality that requires Schema 2, for example, Access Manager, single sign-on, and so forth.
Schema 2 compatibility mode is provided as a convenience in migrating to the Schema 2 Native mode. Do not use Schema 2 compatibility mode as your final schema choice. The migration process from Schema 1 to Schema 2 compatibility mode and then finally to Schema 2 native mode is more complex that simply migrating from Schema 1 to Schema 2 native mode. See the Sun Java System Communications Services 6 2005Q4 Schema Migration Guide for more information.
This section describes supported provisioning tools that enable you to query, modify, add, or delete user, group, and domain entry information in your LDAP directory.
Through supported Messaging Server provisioning tools, you can query, modify, add, or delete user, group, and domain entry information in your LDAP directory. This section examines these Messaging Server provisioning tools.
In addition to the questions asked in Deciding Which Schema to Use for Messaging Server, you should use Table 8–1 to evaluate your schema and provisioning tool options.
Prior to installing and configuring Messaging Server, you need to decide upon a schema model and tool or tools for provisioning your Messaging Server entries.
The following sections provide high-level information about the supported provisioning tools:
Sun ONE Delegated Administrator for Messaging (formerly called iPlanet Delegated Administrator) provides both a command-line and a graphical user interface to provision users and groups. Delegated Administrator uses Sun LDAP Schema 1, which is the Messaging Server 5.x version of provisioning definitions.
Schema 1 users and groups can be provisioned using the LDAP Directory tools (Schema 2 is not supported). Unlike the Delegated Administrator graphical and command-line interfaces, you can directly provision users and groups by adding, removing, and modifying the LDIF records through LDAP without having to use a user interface.
Access Manager uses Schema 2. Because the Sun Java System component products in the Java Enterprise System product suite use Schema 2, use the Communications Services 6 Delegated Administrator. This should particularly be the case if you are using more than one Java Enterprise System product, or if you are performing a brand new installation of Messaging Server.
See the Sun Java System Communications Services 6 2005Q4 Delegated Administrator Guide for installation details.
Table 8–1 shows the various supported schema, provisioning tools, provisioning limitations, and recommended documentation for additional information.
Table 8–1 Messaging Server Provisioning Mechanisms
Supported Provisioning Tool |
Provisioning Tool Functionality |
Provisioning Tool Limitations |
For Further Information |
---|---|---|---|
Sun ONE Delegated Administrator for Messaging Graphical User Interface Uses: Schema 1 |
Provides a graphical user interface for administrators to manage users, groups, domains, and mailing lists. End users can manage vacation messages and Sieve filters. |
|
Read the Sun ONE Delegated Administrator for Messaging 1.3 documentation. Describes how to install and administer the Sun ONE Delegated Administrator interface. |
Sun ONE Delegated Administrator for Messaging Command-line Interface Uses: Schema 1 |
Provides a command-line interface for administrators to manage users, groups, domains, and mailing lists. |
|
Read the Sun ONE Delegated Administrator for Messaging 1.3 documentation. Provides syntax and usage for Sun ONE Delegated Administrator command-line utilities. |
Uses: Schema 1 |
Provides tools to directly modify LDAP entries or for creating custom provisioning tools. |
|
Read the iPlanet Messaging Server 5.2 Provisioning Guide and the iPlanet Messaging and Collaboration Schema Reference. Describes the Sun LDAP Schema 1 provisioning model. In addition, these guides explain how to use LDAP provisioning tools and the usage of specific attributes and object classes. |
Sun Java System Console Uses: Schema 1 |
Though provisioning functionality is included in the Sun Java System Console, it is not recommended for provisioning Messaging users and groups. Instead, use Sun Java System Console to administer server configuration such as quotas, log files, and other related Message Store items. |
|
Read the Sun Java System Messaging Server 6 2005Q4 Administration Guide and corresponding Sun Java System Console Online Help. |
Uses: Schema 2 |
Provides graphical and command-line interfaces for administrators to manage users, groups, domains, and mailing lists. Compatible with other Java Enterprise System products. |
|
Read the Sun Java System Communications Services 6 2005Q4 Delegated Administrator Guide. Provides syntax and usage for the command-line utility. |
Through supported Calendar Server provisioning tools, you can query, modify, add, or delete user, group, and domain entry information in your LDAP directory. This section examines these Calendar Server provisioning tools.
In addition to the questions asked in Deciding Which Schema to Use for Calendar Server, you should use Table 8–2 to evaluate your schema and provisioning tool options.
Prior to installing and configuring Calendar Server, you need to decide upon a schema model and tool or tools for provisioning your Calendar Server entries.
The following sections provide high-level information about the supported provisioning tools:
Schema 1 users and groups can be provisioned using the LDAP Directory tools (Schema 2 is not supported). You can directly provision users and groups by adding, removing, and modifying the LDIF records through LDAP without having to use a user interface.
Access Manager uses Schema 2. Because the Sun Java System component products in the Java Enterprise System product suite use Schema 2, use the Communications Services 6 Delegated Administrator utility. This should particularly be the case if you are using more than one Java Enterprise System product, or if you are performing a brand new installation of Calendar Server.
See the Sun Java System Communications Services 6 2005Q4 Delegated Administrator Guide for installation details.
The following table shows the various supported schema, provisioning tools, provisioning limitations, and recommended documentation for additional information.
Table 8–2 Calendar Server Provisioning Mechanisms
Supported Provisioning Tool |
Provisioning Tool Functionality |
Provisioning Tool Limitations |
For Further Information |
---|---|---|---|
Uses: Schema 1 |
Provides tools to directly modify LDAP entries or for creating custom provisioning tools. |
Incompatible with Sun Schema 2 and with other Java Enterprise System products. |
Read the iPlanet Messaging Server 5.2 Provisioning Guide and the iPlanet Messaging and Collaboration Schema Reference. Describes the Sun LDAP Schema 1 provisioning model. In addition, these guides explain how to use LDAP provisioning tools and the usage of specific attributes and object classes. |
Uses: Schema 2 |
Provides graphical and command-line interfaces for administrators to manage users, groups, domains, and resources. Compatible with other Java Enterprise System products. |
|
Read the Sun Java System Communications Services 6 2005Q4 Delegated Administrator Guide. Provides syntax and usage for the command-line utility. |