Sun Java Enterprise System 2005Q4 Deployment Example

Deployment Example: Sun Java™ System Communications Services 2005Q4 on a Single Host

Part Number 819-4879-15

This deployment example describes how to install Sun Java™ Enterprise System software on one computer for a functioning deployment of Sun Java System Communications Services 6 2005Q4 and Sun Java System Portal Server 6 2005Q4, including Sun Java System Portal Server Mobile Access 6 2005Q4. This document is intended for any evaluator, system administrator, or installation technician who wants to install and evaluate the services delivered by these components.


Caution

This evaluation has been verified in many different environments. However, every deployment is unique, so you may not experience a completely trouble-free installation.


This deployment example contains the following sections:


Deployment Example Revision History

Table 1  Revision History 

Date

Description of Changes

April 3, 2007

Fifth revision. HTML version was missing a Note after Step 4 in the section titled “Verifying Single Sign-on (SSO) Configuration.”

May 10, 2006

Fourth revision. Corrected Access Manager version on page 4. Added section on starting and stopping services.

May 2, 2006

Third revision. Added procedures to install, configure, and patch Sun Java System Instant Messaging 7 2006Q1. Added links to the document Sun Java Communications Suite Evaluation Guide.

January 5, 2006

Second revision. Updated browser requirements. Minor updates to these tasks: To Start the Installer; To Install the Software; To Verify the Installation; To Disable sendmail; and To Create End User Accounts and Groups.

December 14, 2005

First revision. Added map.beta.com to the resolv.conf file for the domain name in the “To Check DNS” task.

November 18, 2005

Initial release of this deployment example.


Summary of Changes

The following describes the changes that have occurred from the Sun Java System Communications Services 6 2005Q1 single host installation example (as described in Technical Note: Deploying Java Enterprise System on a Single Host for Evaluation):

  1. Changed the Messaging Server port from 2080 to 8080, as 8080 is a more mainstream port assignment.
  2. The order of the configuration has been changed slightly. You now configure Delegated Administrator before Messaging Server.
  3. Currently, there are no patches to apply to the system, so there is no patching section in this document.
  4. The Base DN used for Instant Messaging has been changed to o=isp.
  5. The “To Add Services to the Lower Level Organization” section has been completely revised.
  6. Steps to configure the Communications Express Address Book proxy authentication have been rewritten.
  7. Steps to configure users through the Delegated Administrator console have been rewritten.
  8. Many changes were made to the section on configuring Portal Server channels.


About This Deployment Example

This section provides an overview of this deployment scenario, the hardware and software used, and the procedures you follow to install, configure, and use this deployment.

This section contains the following topics:

Installation Overview

This scenario results in a functioning deployment suited for the evaluation and testing of Communications Services 6 2005Q4 and Portal Server 6 2005Q4 products. These instructions are not intended to act as a replacement for the individual component documentation, but to merely guide the evaluator through an initial installation.

If you want to include Mobile Access 6 2005Q4 in this evaluation, note that it supports the use of the following software:

What Components Are Installed?

This example guides you through installing the following Java Enterprise System components:

The example installation in this document uses the following data that you change according to your installation and test machine:

This example installs all of the software on a single system. Adjust host names accordingly if you install the components on multiple systems.


Note

Installing the back-end messaging, calendar, and address book servers on the same system as Mobile Access is not the optimal configuration, nor does it provide the best performance. This example deployment is not intended for production purposes. Use this configuration for evaluation and for training purposes only. Performance is better if you install Mobile Access on a machine separate from the back-end machine where Messaging Server and Calendar Server are installed.


Recommended Ports

For convenience, this example uses a set of recommended ports. If you use different ports, be sure to make the changes consistently throughout the installation. For example, this document uses port 390 for the Access Manager admin port. If you decide to use port 3333 instead, be sure to change it to 3333 everywhere 390 occurs in the deployment example. See Table 4 for more information.


Note

Unless otherwise indicated, all of the examples and instructions in this document assume that you are logged in as root.


Implementation Specifications for This Example

This section describes implementation specifications for this example.

Table 2  Evaluation Host Hardware and Software Requirements 

Component

Platform Requirement

CPU

SPARC

RAM

2 Gbytes or more

Disk space

2.2 Gbytes or more free disk space for installed software. 2.1 Gbytes additional disk space may be needed for temporary storage of Java Enterprise System zip files.

Software

Minimum Solaris 9 Operating System recommended. Note: Mobile Access is supported on Solaris OS 8, 9, and 10. Java Enterprise System software is also supported on Solaris OS 8, 9, and 10. These installation instructions are based on Solaris OS 9. If you use Solaris OS 8, several patches are required.

Messaging Server 6 2005Q4 (Sun ONE Messaging Server 5.2 and 6.0 also work but configuration procedures are different)

Calendar Server 6 2005Q4 (Sun ONE Calendar Server 5.1.1 and 6.0 also work but configuration procedures are different.)

Users

Table 3  Client Software Requirements 

Component

Platform Requirement

Browser

Netscape™ Communication 7.2, Internet Explorer 6.0 sp1+, or Mozilla™ 1.4+

Table 4  Server Configuration Information 

Install Notes

Server Root

Port

Port Number

Directory Server 5 2005Q4

Installed with Java ES

/opt/DSServers

Directory Server Port

389

 

 

LDAP port

389

 

 

Admin Port

390

Messaging Server 6 2005Q4

Additional configuration required

/opt/SUNWmsgsr

Messaging Server Port

8080

 

 

Admin Port

390

 

 

Webmail port (HTTP)

8080

 

 

SMTP port

25

 

 

POP port

110

 

 

IMAP port

143

Web Server 6 2005Q4

Installed with JES

/opt/SUNWwbsvr

Web Port

80

 

 

Admin Port

8888

Calendar Server 6 2005Q4

Additional configuration required

/opt/SUNWics5

Calendar Server Port

3080

 

 

LDAP Port

389

Instant Messaging 7 2006Q1

Additional configuration required

/opt/SUNWiim

Server Port

45222

 

 

Multiplexor Port

5222

Installation Time Estimates

The following table provides time estimates for installing this example.

Table 5  Installation Time Estimates

Phase

Number of Hours

Solaris 9 OS with Language Support

2

Software installation

2

Software configuration

3

Total

7 hours (average)

As part of the configuration, you will use Delegated Administrator to add data to Messaging Server and Calendar Server.

Installation Notes and Recommendations

  1. With Solaris OS 9, ftp might not work for certain accounts.
  2. These accounts are listed in /etc/ftpd/ftpusers. Just remove the account from this list (for example, root) and you will be able to ftp as that user.

  3. Use gzip -d or gunzip to decompress the *gz files.

Expected User Input

During installation, your are prompted for various input. User input is indicated by text of the form <user-input>. The following table helps you plan for the types of information you must provide during installation.

Table 6  Information Input During Installation

User Input

User Input Action

<enter>

Just hit enter, but verify that the default value shown makes sense.

<sample-password>

Any password, minimum of 8 characters in length, suitable for evaluation purposes. These instructions assume that anywhere <sample-password> is specified, you will enter the same value each time.

<amldapuser-password>

Same criteria as <sample-password>, but must be different from <sample-password>.

<fully-qualified-hostname>

For example, assuming that the host name is abc, and the domain name is demo.xyz.com, then this value would be abc.demo.xyz.com.

<full-cookie-domainname>

For example, assuming that the full domain name is demo.xyz.com, then this value would be .demo.xyz.com (note the inclusion of the leading “.”).

Summary of Installation and Configuration

Installing and configuring this example involves the following high-level steps:

  1. Preparing the system for Java Enterprise System
  2. Running the Java ES installer and selecting the necessary components
  3. Installing Messaging Server, Calendar Server, Communications Express, Delegated Administrator, Instant Messaging, Web Server, Directory Server, Access Manager, Portal Server, and Mobile Access software
  4. Configuring Delegated Administrator
  5. Configuring Messaging Server
  6. Configuring Instant Messaging
  7. Configuring Calendar Server
  8. Configuring Communications Express
  9. Configuring Single Sign-on
    1. Communications Single Sign-on
    2. Portal Single Sign-on
  10. Configuring a Portal User


Installing the Example

This section describes how to install and configure components on a single machine for evaluation purposes. Some components are configured after installation, using component configuration tools.

This section contains the following topics:

Checking Installation Requirements

Before you install components, use the steps in this section to make sure the computer on which you are installing is ready.

  To Check System Requirements

The computer should meet the following requirements:

  To Check DNS

Verify that DNS is running and configured properly:

  1. Make sure that the /etc/resolv.conf file has name server entries with the IP addresses of valid name servers. For example:
  2. domain map.beta.com

    nameserver 192.168.100.22

    nameserver 192.168.100.23

    nameserver 192.168.100.24

    nameserver 192.168.100.25

  3. Make sure that the /etc/hosts file has an entry for the fully qualified host name of the server. This fully qualified host name should be listed before the non fully qualified host name. For example:
  4. 10.1.82.52 wireless.map.beta.com wireless loghost

  5. Make sure that the /etc/nsswitch.conf file is configured to use files first to resolve host names. The hosts line in the nsswitch.conf file should list files first in its entry:
  6. hosts: files dns nis [NOTFOUND=return]

    # OR (if NIS is not used)

    hosts: files dns

  To Unzip the Java Enterprise System Zip Files

  1. Download the Java ES software from the Sun Download Center at http://www.sun.com/download.
  2. Create a /tmp/JES4 directory.
  3. Unzip the Java ES zip files in this directory. Then run the Java ES installer as described in the next section.

Installing the Components

You install Java Enterprise System components by running the Java Enterprise System installer.

  To Start the Installer

  1. Log in as root to the machine on which you are installing Java Enterprise System.
  2. Change to the /tmp/JES4 directory where you stored and unzipped the Java ES zip files.
  3. Change to the Solaris_sparc platform directory.
  4. Start the Java Enterprise System installer in graphical mode.
  5. ./installer &

  6. Click Next at the Welcome page.
  7. Accept the license and select language(s). English is installed by default.
  8. Select the following products.
    • Sun Java System Messaging Server 6 2005Q4
    • Sun Java System Calendar Server 6 2005Q4
    • Sun Java System Instant Messaging 7 2005Q4
    • Sun Java System Portal Server 6 2005Q4 (includes Mobile Access)
    • Sun Java System Communications Express 6 2005Q4
    • Sun Java System Directory Preparation Tool
    • Sun Java System Delegated Administrator 6 2005Q4
    • Sun Java System Web Server 6.1 SP5 2005Q4
    • Sun Java System Access Manager 7 2005Q4 and all supporting software
    • Sun Java System Directory Server 5 2005Q4
    • Sun Java System Administration Server 5 2005Q4

    • Note

      Web Proxy Server, Message Queue, and Service Registry are not selected at this time.


  9. Click Next at the Component Selection page.
  10. Click Next to upgrade shared components.
  11. Locations:

    • Directory Preparation Tool: /opt/SUNWcomds
    • Access Manager: /opt (will create /opt/SUNWam)
    • Web Server: /opt/SUNWwbsvr
    • Instant Messaging: /opt (will create /opt/SUNWiim)
    • Calendar Server: /opt (will create /opt/SUNWics5)
    • Delegated Administrator: /opt/SUNWcomm
    • Communications Express: /opt/SUNWuwc
    • Messaging Server: /opt/SUNWmsgsr
    • Portal Server: /opt (will create /opt/SUNWps)

    • Note

      You will specify the Directory Server root as /opt/DSServers (changed from /var/opt/mps/serverroot) later during the installation.


  12. Accept the target directories for each product and click Next.
  13. The installer verifies system requirements, such as memory, disk space, and operating system patches. When done click Next.
  14. Choose Configure Now then click Next.
  15. The installer lists the components that must be configured after installation. This document informs you of the order in which to do so.
    • Sun Java System Instant Messaging 7 2005Q4
    • Sun Java System Calendar Server 6 2005Q4
    • Sun Java System Delegated Administrator 2005Q4
    • Sun Java System Communications Express 6 2005Q4
    • Sun Java System Messaging Server 6 2005Q4
  16. Click Next to configure the Web Server, Directory Server, Access Manager, and Portal Server components. You configure these components as part of the installation process.
  17. Continue with the following procedures to input the appropriate information for each of these products when prompted by the installer.


    Caution

    This example uses root and other, or root and root, for System User and System Group. These choices are satisfactory for evaluation deployments but not for production deployments. If you use this document to create a production deployment, use non-root identifiers. Refer to the following section in the Sun Java Enterprise System 2005Q4 Installation Guide for UNIX for more information:

    http://docs.sun.com/app/docs/doc/819-2328/6n4khb8km?a=view


  To Select Common and Web Server Settings

This installation assumes the use of Sun Java System Web Server. You can choose an alternate web container but that is beyond the scope of this document.

  To Select Directory Server Settings

  To Select Administration Server Settings

  To Select Access Manager Settings

  To Select Portal Server Settings

  To Install the Software

  1. Click Next when you are satisfied with the Ready to Install list.
  2. Deselect the Open Registration Window option.
  3. Click Install to install the Java Enterprise System components.
  4. Because of the number of components selected, the installation process can be lengthy.

  5. When installation is complete, the Installation Complete page is displayed. Click Close to exit the installer.

  6. Tip

    On certain installations, the installation may hang at 24 percent complete. If you look at the list of running processes, you will notice a process that looks like the following:

    /bin/sh //usr/sbin/mpsadmserver configure -f /tmp/adminserv.statefile

    If you come across this condition, kill the process ID for this process and the installation will resume.


  To Verify the Installation

Once the installation has completed, start LDAP and Portal Server and verify that they work.

  1. Start Directory Server:
  2. cd /opt/DSServers

    cd slapd-wireless

    ./start-slapd


    Tip

    In the above commands, wireless is the host name. Substitute the appropriate name if you are using a different host name.


  3. Start Web Server:
  4. cd /opt/SUNWwbsvr/https-wireless.map.beta.com

    ./stop

    ./start

    The Web Server can take a while to start.

  5. Verify that you can log in to the Access Manager console as amadmin. The URL for the Access Manager console is:
  6. http://fully-qualified-hostname:portal-server-port/amconsole

    In this example, type:

    http://wireless.map.beta.com/amconsole

    Use amadmin and adminpass as the user ID and password.

  7. Proceed to Configuring Components for instructions on how to configure Java Enterprise System.

Uninstalling the Components

After you complete your evaluation, you can use the Java Enterprise System uninstaller to remove the components that you installed. See Chapter 8, “Uninstalling Components,” in the Sun Java Enterprise System 2005Q4 Installation Guide for UNIX:


Configuring Components

This section describes how to configure and start the components that you use in this example deployment.

This section contains the following topics:

Before You Begin

Before you configure the Messaging Server software, you need to create the mailsrv user and disable the sendmail process.

  To Create the mailsrv User

  To Disable sendmail

Preparing the Directory and Configuring Messaging Server

This section explains how to prepare the Directory Server LDAP schema and configure Messaging Server.

  To Apply Schema 2 to Your Directory Tree

  1. Run the comm_dssetup.pl script:
  2. cd /opt/SUNWcomds/sbin

    /opt/DSServers/bin/slapd/admin/bin/perl comm_dssetup.pl

  3. Type y to continue.
  4. The perl script prompts for a series of options. The following table shows how to respond to the prompts.

    Table 12  Values for comm_dssetup.pl Script  

    Option

    [Default Value]

    Enter:

    Directory server root

    [/var/opt/mps/serverroot]

    /opt/DSServers

    Directory server instance

    slapd-wireless

    accept default

    Directory Manager DN 

    [cn=Directory Manager]

    accept default

    Directory Manager Password 

    --

    adminpass

    Use directory server for users/groups

    [Yes]

    accept default

    Users/Groups base suffix

    [o=isp]

    accept default

    Schema type?

    [2]

    accept default

    Update the schema files?

    [yes]

    accept default

    Configure new indexes?

    [yes]

    accept default

    Reindex new indexes?

    [yes]

    accept default

  5. Confirm your choices and type y to continue. The comm_dssetup script proceeds.
  6. When prompted, type y to continue with script.
  7. Continue with the next step after the comm_dssetup script finishes and displays its “Successful Completion” message.

Configuring Delegated Administrator and Communications CLI

This section describes configuring Delegated Administrator console and utility, which are used for user management.

  To Configure Delegated Administrator

  1. Run the configurator script:
  2. cd /opt/SUNWcomm/sbin

    ./config-commda

  3. Accept the default for the Directory to store User Mgmt data files: [/var/opt/SUNWcomm]
  4. If the directory does not exist, click Create Directory to create the directory.

  5. Install Delegated Administrator Utility, Console, and Server.
  6. The installation script prompts for a series of options. Use the following table to respond to the configuration options:

    Table 13  Values for config-commda Script  

    Option

    [Default Value]

    Enter:

    AM Hostname

    [wireless.map.beta.com]

    accept default

    AM Port

    [8080]

    80

    Default Domain

    [map.beta.com]

    accept default

    Default SSL Port

    [443]

    accept default

    Web Container

    [Web Server]

    accept default

    Web Server Root Directory

    [/opt/SUNWwbsvr]

    accept default

    Web Server Instance Identifier

    [wireless.map.beta.com]

    accept default

    Web Virtual Server Identifier

    [https-wireless.map.beta.com]

    accept default

    Web Server HTTP Port

    [80]

    80 (default)

    Default Domain Separator

    [@]

    accept default

    Access Manager Base Directory

    [/opt/SUNWam]

    accept default

    Web Server Root Directory

    [/opt/SUNWwbsvr]

    accept default

    Web Server Instance Identifier

    [wireless.map.beta.com]

    accept default

    Web Virtual Server Identifier

    [https-wireless.map.beta.com]

    accept default

    Web Server HTTP Port

    [80]

    80 (default)

    URL of Directory Server

    [ldap://wireless.map.beta.com:389/]

    accept default

    Bind As

    [cn=Directory Manager]

    accept default

    Password

    --

    adminpass

    AM Top level admin

    [amadmin]

    accept default

    AM admin password

    --

    adminpass

    Access Manager Internal LDAP Auth Username

    amldapuser

    accept default

    AM Internal LDAP Auth Password for amldapuser

    --

    nonadminpass

    Organization DN

    [o=map.beta.com,o=isp]

    accept default

    Top Level Admin for Default Organization

    [admin]

    accept default

    Password

    --

    adminpass

    Load Sample Service Packages

    --

    Yes (Checked)

    Load Sample Organizations

    --

    Yes (Checked)

    Preferred Mailhost for Sample

    [wireless.map.beta.com]

    accept default

  7. Select Configure Now.
  8. The script begins to run.

  9. When the panel displays “All Tasks Passed,” click Next to continue.
  10. Two warnings appear: one is remind you to restart Web Server; the other is to remind you to enable the mail and calendar services in the domain. The next steps correct these problems.

  11. Click Close to complete the configuration.
  12. Restart Web Server:
  13. cd /opt/SUNWwbsvr/https-wireless.map.beta.com

    ./stop

    ./start

  14. Modify the mail and calendar domains, and create users by using the commadmin utility:
  15. /opt/SUNWcomm/bin/commadmin domain modify -D admin -w adminpass -X wireless.map.beta.com -n map.beta.com -p 80 -d map.beta.com -S mail,cal -H wireless.map.beta.com

    /opt/SUNWcomm/bin/commadmin user create -D admin -F John -l jdoe -L Doe -n map.beta.com -p 80 -w adminpass -W demo -X wireless.map.beta.com -S mail,cal -E jdoe@map.beta.com -H wireless.map.beta.com -k legacy

    /opt/SUNWcomm/bin/commadmin user create -D admin -F Calendar -l calmaster -L Master -n map.beta.com -p 80 -w adminpass -W adminpass -X wireless.map.beta.com -S mail,cal -E calmaster@map.beta.com -H wireless.map.beta.com -k legacy

    Create as many users as you need. Steps later in this document show how to add Presence and Instant Messaging services to those users.

Configuring Messaging Server

This section describes configuring Messaging Server, including configuring the Webmail port.

  To Configure Messaging Server

  1. Run the Messaging Server configure script:
  2. cd /opt/SUNWmsgsr/sbin

    ./configure

    The Configuration Wizard appears. Read the introductory information and proceed by clicking Next.

  3. Verify the following:
    1. Fully qualified host name of Messaging Server, FQHN: [wireless.map.beta.com]
    2. Directory to store config/data files: [/var/opt/SUNWmsgsr]
    3. When prompted, choose to create the new directory.

    4. Install MTA, MS store, and Messenger Express. There is no need to install the Multiplexor for this deployment.
    5. Name of the mail server Unix user: Unix username [mailsrv]
    6. Unix group: [mail]
  4. The installation script prompts for a series of options. Use the following table to respond to the configuration options:
  5. Table 14  Values for Messaging Server configure Script  

    Option

    [Default Value]

    Enter:

    URL of Directory Server

    [ldap://wireless.map.beta.com:389]

    accept default

    Bind As

    [cn=Directory Manager]

    accept default

    Password

    --

    adminpass

    User/Group Server LDAP

    [ldap://wireless.map.beta.com:389]

    accept default

    Bind As

    [cn=Directory Manager]

    accept default

    Password

    --

    adminpass

    Postmaster email address

    --

    foo@wireless.map.beta.com

    Password for Messaging Server accounts

    --

    adminpass

    Default email Domain

    [map.beta.com]

    accept default

    Organization DN

    [o=map.beta.com,o=isp]

    accept default

  6. Click Next, then click Configure Now.
  7. You receive an error about the Webmail port being in use. Click Next to continue. The following step corrects this problem.

  8. When the configuration is finished, click Next to continue, then click Close to exit.
  9. Configure the Webmail port:
  10. /opt/SUNWmsgsr/sbin/configutil -o service.http.port -v 8080

  11. Start Messaging Server:
  12. /opt/SUNWmsgsr/sbin/stop-msg

    /opt/SUNWmsgsr/sbin/start-msg

Configuring Instant Messaging

Configuring Instant Messaging is important for the completeness of the Sun Java Communications Suite but is not necessary for Mobile Access. The version of Instant Messaging shipped with Java Enterprise System 2005Q4 is not current and should be replaced with Sun Java System Instant Messaging 2006Q1. To upgrade your system to Sun Java System Instant Messaging 2006Q1, you first install Sun Java System Instant Messaging 7 2005Q4 then upgrade by applying the following Instant Messaging patches:

Patches are available from SunSolve Online. For more information on upgrading, see the Sun Java System Instant Messaging 7 2006Q1 Release Notes:

  To Patch Instant Messaging

  1. Download and copy the Instant Messaging patches to the /tmp directory on your server then unzip and/or untar them to the /tmp directory.
  2. You should have two resultant directories: /tmp/118786-11 and /tmp/118789-13

  3. Run the patchadd command to apply patch 118786-11 to the system:
  4. cd /tmp/118786-11

    patchadd .

  5. Run the patchadd command to apply patch 118789-13 to the system:
  6. cd /tmp/118789-13

    patchadd .

  7. Proceed with the next task.

  To Configure Instant Messaging

  1. Run the Instant Messaging configurator script:
  2. cd /opt/SUNWiim

    ./configure

  3. Click Next at the Welcome page, then click Next at the Software Requirements page.
  4. Install all services (Instant Messaging server, resources, and Identity Manager service) and verify the following:
    • Hostname: wireless
    • DNS domain name: map.beta.com
  5. Check both Access Manager (Identity Server) options for SSO and Policy.
  6. You receive a message to assign IM and Presence services after completing the initial configuration.

  7. Click OK to continue.
  8. Verify the Instant Messaging Server runtime files directory: [/var/opt/SUNWiim]
  9. Click Next to continue.
  10. When prompted, choose to create the directory.

  11. Verify configuration information and ports:
    • Instant Messaging Server Domain Name: map.beta.com
    • Public XMPP Port: 5222
    • Private Multiplexed Server Port: 45222
    • Leave Disable Server (enable only multiplexor) unchecked
    • Click Next to continue.

  12. Verify LDAP configuration:
    • LDAP Host Name: wireless.map.beta.com
    • LDAP Port: 389
    • Base DN: o=isp
    • Bind DN: cn=Directory Manager
    • Bind Password: adminpass
    • Click Next to continue.

  13. Set the SMTP Server.
  14. Use wireless.map.beta.com and also enable Email Archiving.

    Click Next to continue.

  15. Deploy client resources.
  16. Set codebase to http://wireless.map.beta.com:80/im.

    Click Next to continue.

  17. Deploy the Instant Messenger HTTP Gateway.
  18. The Context Root is http://wireless.map.beta.com:80/httpbind.

    Click Next to continue.

  19. Configure the Calendar Agent by clicking the Check box to enable.
    • Notification Server Hostname: localhost
    • Notification Server Port: 57997
    • Calendar alarm URL: enp:///ics/customalarm
    • Click Next to continue.

  20. When a message appears that server localhost is not listening on port 57997, click Accept to accept this setting.
  21. Start Instant Messaging after successful configuration and on system startup by selecting the check boxes.
  22. After clicking Next, wait a few minutes for Instant Messaging to be configured.

  23. At the Configuration Summary page, click Close to exit.

  To Configure the Instant Messaging Portlet

Use this procedure to edit the Instant Messaging portlet in the Portal Server Desktop to include the proper ports and parameters.


Note

If you are not deploying Portal Server, you do not have to execute this step but you still must perform To Add Services to the Lower Level Organization for Access Manager integration.



Note

You might have to execute these steps after you have added the mail and calendar services to Access Manager, because you might not be able to access the Portal Desktop until that service has been registered.


  1. In your web browser, open a URL for the Access Manager console and log in as amadmin (password is adminpass.) The URL for the Access Manager console is:
  2. http://fully-qualified-hostname:portal-server-port/amconsole

    In this example, type:

    http://wireless.map.beta.com/amconsole

  3. Choose Services from the View menu in the left pane.
  4. Click the properties icon for Portal Desktop Service.
  5. The properties appear in the right pane.
  6. Click the Manage Channels and Containers link in the right pane.
  7. Scroll to the bottom of the right pane where the Channels are listed. You will see a channel labeled IMChannel. Click the Edit Properties link to the right of the channel name and type the following attributes:
    • authMethod: idsvr
    • clientRunMode: jnlp (changed from plugin)
    • codebase: im
    • mux: wireless.map.beta.com
    • muxport: 5222
  8. When done, click Save.

Configuring Calendar Server

This section shows you how to run the Calendar Server configuration script and how to verify the Calendar Server configuration.

  To Configure Calendar Server

  1. Run the Calendar Server configurator script:
  2. cd /opt/SUNWics5/cal/sbin

    ./csconfigurator.sh

  3. Click Next at the Welcome page.
  4. Verify the correct Administration and LDAP information.
    • LDAP Server Host Name: wireless.map.beta.com
    • LDAP Server Port: 389
    • Verify the Directory Manager DN as cn=Directory Manager. Type the password as adminpass.
    • The Base DN should be o=map.beta.com,o=isp (you might need to edit this value.)
    • Administrator User ID: calmaster
    • Type the Administrator password as adminpass.
  5. After verifying and typing or modifying the required information, click Next to continue.
  6. Verify Email information:
    • Email alarms should be enabled.
    • The administrator email address is root@wireless.map.beta.com.
    • The SMTP Host Name is wireless.map.beta.com.
  7. After verifying and entering or modifying the required information, click Next to continue.
  8. Verify the correct Runtime configuration:
    • Change the Service Port to 3080.
    • Maximum sessions and threads can be left at default values, 5000 and 20 respectively.
    • The Number of Server processes can be left at the default value, which is generally the number of CPUs in a system.
    • Accept the default Runtime User ID and Runtime Group ID. The default User ID is icsuser and the default Group ID is icsgroup. If this group does not exist, you will be prompted to create the group and the user later.
    • Enable automatic starting of Calendar server on reboot only, not after configuration. (Deselect “Start after successful configuration.”)
  9. After verifying and typing or modifying the required information, click Next to continue.
  10. Verify the locations to store configuration and data files:
    • Accept default Config Directory: /etc/opt/SUNWics5/config
    • Accept default Database Directory: /var/opt/SUNWics5/csdb
    • Accept default Logs directory: /var/opt/SUNWics5/logs
    • Accept default Temporary Files directory: /var/opt/SUNWics5/tmp
  11. After verifying the required information, click Next to continue.
  12. You are prompted to create the new directories if they do not exist. Create them.
  13. Enable Archive and Hot Backup. Accept the defaults:
    • Accept default Archive directory: /var/opt/SUNWics5/csdb/archive
    • Accept default Hot Backup directory: /var/opt/SUNWics5/csdb/hotbackup
    • Accept default Minimum & Maximum archive lengths: 3 days and 6 days respectively
    • Accept default Minimum & Maximum hot backup lengths: 3 days and 6 days respectively
    • Hot backup checkbox should be checked “Same as archive”
  14. You are prompted to create the new directories if they do not exist. Create them.
  15. Click the Configure Now button to configure Calendar Server.
  16. The Configuration begins. Configuration takes less than one minute. Click the Details button to verify that all packages configured correctly. Click the Close button to exit the configurator.

  17. Start the Calendar Server daemons:
  18. cd /opt/SUNWics5/cal/sbin

    ./stop-cal

    ./start-cal

  19. To log in to Calendar Server, open a browser and type the name of the system in the URL. In this example, type:
  20. http://wireless.map.beta.com:3080

    You are prompted for a user name and password. If you created a user according to the previous steps in this section, type jdoe for the user name, and demo for the password.

Configuring Communications Express

This section shows you how to run the Communications Express configuration script.

  To Configure Communications Express

  1. Run the Communications Express configurator script:
  2. cd /opt/SUNWuwc/sbin

    ./config-uwc

  3. Click Next at the Welcome page.
  4. Accept the default for Directory to store configuration and data files: [/var/opt/SUNWuwc]
  5. Choose to create the directory when prompted.

  6. Install the Mail and Calendar Components.
  7. The installation script prompts for a series of options. Use to respond to the configuration options:

    Table 15  Values for config-uwc Script  

    Option

    [Default Value]

    Enter:

    Hostname

    [wireless]

    accept default

    DNS Domain

    [map.beta.com]

    accept default

    Web Container

    [Web Server]

    accept default

    Web Server root Directory

    [/opt/SUNWwbsvr]

    accept default

    Web Server Instance Identifier

    [wireless.map.beta.com]

    accept default

    Virtual Server Identifier

    [https-wireless.map.beta.com]

    accept default

    HTTP Port

    [80]

    accept default

    Web Container User ID

    [webservd]

    root

    Web Container Group IP

    [webservd]

    other

    URI Path

    [/uwc]

    accept default

    Hosted Domain Support

    [No] (Unchecked)

    accept default

    URL of Directory Server

    [ldap://wireless.map.beta.com:389/]

    accept default

    Bind DN

    [cn=Directory Manager]

    accept default

    Password

    --

    adminpass

    DC Tree suffix

    [o=isp]

    accept default

    Default Domain

    [map.beta.com]

    accept default

    IS Login URL

    [http://wireless.map.beta.com:80/amserver/UI/Login]

    accept default

    IS Administrator DN

    --

    uid=amadmin,ou=people,o=isp

    IS Administrator Password

    --

    adminpass

    Messenger Express Port

    [80]

    8080

    Calendar Server Hostname

    [wireless.map.beta.com]

    accept default

    Calendar Server Port

    [9004]

    3080

    Calendar Admin user ID

    [calmaster]

    accept default

    Calendar Administrator User Password

    --

    adminpass

    URL of PAB Directory Server

    [ldap://wireless.map.beta.com:389]

    accept default

    Bind As

    [cn=Directory Manager]

    accept default

    Password

    --

    adminpass

  8. Click the Configure Now button to configure Communications Express.
  9. The system displays a message to restart Web Server. Click OK.

  10. After the configuration is finished, click Next, then click Close.
  11. Restart Web Server:
  12. cd /opt/SUNWwbsvr/https-wireless.map.beta.com

    ./stop

    ./start

Configuring Single Sign-on (SSO) for Communications Products

To set up SSO for Communications Express and for Access Manager/Portal Server, you edit the uwcauth.properties file in the /var/opt/SUNWuwc/WEB-INF/config/ directory. You also need to run the configutil utility for Messaging Server properties, and edit the ics.conf file for Calendar Server.

  To Configure Communications Express for SSO

  1. Verify the following settings in the /var/opt/SUNWuwc/WEB-INF/config/uwcauth.properties file:
  2. uwcauth.identity.enabled=true

    uwcauth.identity.login.url=http://wireless.map.beta.com:80/amserver/UI/Login

    uwcauth.identity.binddn=uid=amadmin,ou=people,o=isp

    uwcauth.identity.cookiename=iPlanetDirectoryPro

    uwcauth.identity.bindcred=adminpass

    uwcauth.http.port=80

    uwcauth.https.port=443

  3. Restart Web Server if you change any of the above settings.

  To Configure Messaging Server for SSO

  1. To enable Communications Express users to access Messenger Express using the Access Manager session, run the following configutil commands:
  2. cd /opt/SUNWmsgsr/sbin

    ./configutil -o local.webmail.sso.amnamingurl -v \

    http://wireless.map.beta.com:80/amserver/namingservice

    ./configutil -o local.webmail.sso.uwcenabled -v 1

    ./configutil -o local.webmail.sso.uwclogouturl -v \

    http://wireless.map.beta.com:80/uwc/base/UWCMain?op=logout

    ./configutil -o local.webmail.sso.uwcport -v 80

    ./configutil -o local.webmail.sso.uwccontexturi -v "uwc"

    ./configutil -o local.webmail.sso.amcookiename -v iPlanetDirectoryPro

    ./configutil -o local.webmail.sso.uwchome -v http://wireless.map.beta.com/uwc

    ./configutil -o service.http.allowadminproxy -v yes

    ./configutil -o service.http.ipsecurity -v no

  3. Stop then start Messaging Server:
  4. cd /opt/SUNWmsgsr/sbin

    ./stop-msg

    ./start-msg

  To Configure Calendar Server for SSO

  1. Stop Calendar Server:
  2. cd /opt/SUNWics5/cal/sbin

    ./stop-cal

  3. Edit the /opt/SUNWics5/cal/config/ics.conf file (in a text editor such as vi) and make the following changes:
  4. service.http.allowadminproxy = "yes"

    local.calendar.sso.amnamingurl = "http://wireless.map.beta.com:80/amserver/namingservice"

    local.calendar.sso.singlesignoff = "yes"

    local.calendar.sso.amcookiename = "iPlanetDirectoryPro"

    local.calendar.sso.logname = "am_sso.log"

    service.calendarsearch.ldap = "no"

    service.http.ipsecurity = "no"

  To Configure Instant Messaging Calendar Notifications

  1. Edit the /opt/SUNWics5/cal/config/ics.conf file (in a text editor such as vi) and make the following changes:
  2. caldb.serveralarms = "1"

    caldb.serveralarms.dispatch = "yes"

    caldb.serveralarms.url = "enp:///ics/customalarm"

    caldb.serveralarms.contenttype = "text/calendar"

    caldb.serveralarms.dispatchtype = "ens"

  3. Restart Calendar Server:
  4. cd /opt/SUNWics5/cal/sbin

    ./start-cal

  To Configure Instant Messaging Settings

Use this procedure to set up Instant Messaging calendar notifications, archiving, and HTTP proxy.

  1. Stop Instant Messaging:
  2. cd /opt/SUNWiim/sbin

    ./imadmin stop

  3. Open the /etc/opt/SUNWiim/default/config/iim.conf file in an editor (such as vi).
  4. Add the following parameters with the appropriate values shown.
  5. ! known components/agent. Add yours as needed

    iim_server.components = "agent-calendar,httpbind"

    iim_agent.enable = "true"

    ! httpbind component (HTTP/XMPP Gateway)

    ! ======================================

    iim_agent.httpbind.enable = "true"

    httpbind.jid = "httpbind.map.beta.com"

    httpbind.password = "adminpass"

    ! Calendar-IM integration Configuration

    ! =====================================

    ! JMS Consumers

    jms.consumers = "cal_reminder"

    jms.consumer.cal_reminder.destination = "enp:///ics/customalarm"

    jms.consumer.cal_reminder.provider = "ens"

    jms.consumer.cal_reminder.type = "topic"

    jms.consumer.cal_reminder.param = "eventtype=calendar.alarm"

    jms.consumer.cal_reminder.factory = "com.iplanet.im.server.JMSCalendarMessageListener"

    ! JMS providers

    jms.providers = "ens"

    jms.provider.ens.broker = "localhost:57997"

    jms.provider.ens.factory = "com.iplanet.ens.jms.EnsTopicConnFactory"

    iim_agent.agent-calendar.enable = "true"

    agent-calendar.jid = "calendar.map.beta.com"

    agent-calendar.password = "adminpass"

  6. Open the /etc/opt/SUNWiim/default/config/httpbind.conf file in an editor (such as vi).
  7. Add the following parameters with the appropriate values shown.
  8. httpbind.config=default

    default.domains=map.beta.com

    default.hosts=wireless.map.beta.com:5222

    default.componentjid=httpbind.map.beta.com

    default.password=adminpass

  9. Restart Instant Messaging:
  10. cd /opt/SUNWiim/sbin

    ./imadmin refresh

Verifying Single Sign-on (SSO) Configuration

This section describes how to verify the SSO configuration for Communications Express client, Delegated Administrator, and Instant Messenger. You simply verify that you can log in to the various services. After you are satisfied that you can log in, log out.

  1. In your web browser, open the following URL for the Communications Express client:
  2. http://wireless.map.beta.com/uwc

  3. Log in as one of the users created earlier.
  4. If you created a user according to the previous steps, type jdoe for the user name, and demo for the password.

  5. In your web browser, open the following URL for Delegated Administrator:
  6. http://wireless.map.beta.com/da/DA/Login

    Log in as user admin. The password is adminpass.

  7. In your web browser, open the following URL for Instant Messenger:
  8. http://wireless.map.beta.com/im/en/im.jnlp

    Login in as user jdoe and password demo.


    Note

    If you cannot log into Instant Messaging as a user, you might need to manually add the Instant Messaging and Presence Services to the user. See To Add Services to the Lower Level Organization for more information.


Configuring Portal Server

The following procedures enable Portal Server services to permit a portal user to gain access to Communications Channel and Mobile Access functionality. These procedures also enable Access Manager authentication with Instant Messaging, and enable the Instant Messaging services for all users.

  To Log In to Access Manager

  1. In your web browser, open a URL for the Access Manager console and log in as amadmin. The URL for the Access Manager console is:
  2. http://fully-qualified-hostname:portal-server-port/amconsole

    In this example, type:

    http://wireless.map.beta.com/amconsole

  3. Log in as amadmin.
  4. The password is adminpass.

  To Add Services to the Lower Level Organization

If you set your Organization DN to o=map.beta.com,o=isp, you need to add Portal Server services to the map.beta.com organization. Once these services have been added to the suborganization, you add the necessary services to each user in this suborganization.


Note

Previously, you created a set of users with the commcli command. These users exist in the map.beta.com organization. At this point, there are no Services defined for these users. You need to register the services with these users for them to be able to log in to Portal Server.


  1. Upon logging into the Access Manager console, you are presented with a view of all your organizations. The map.beta.com organization is listed. Click the link to map.beta.com.
  2. In the right pane, you see a list of General Properties. One of these properties is Domain Name. You must enter the Instant Messaging domain name that you specified during the Instant Messaging configuration.
  3. In this example, the domain name is map.beta.com. Type this domain then click the Save button.

  4. Choose Services from the View menu in the left pane.
  5. Click the Add button.
  6. Either click the individual services to add to this organization, or click the box at the top of the list that shows two checkboxes. This selects all the services. Upon selecting all the services, click the OK button to add all the services to the suborganization.
  7. Within this same suborganization, click the properties icon next to the name of Authentication Configuration.
  8. You see that a template does not exist for these services. Create a new template.

    1. Click the New button to define a new service instance.
    2. Type the Instance Name ldap1, then click the Submit button.
    3. The ldap1 service instance is created.

    4. Click the ldap1 link.
    5. Click Edit besides Authentication Configuration.
    6. A new window appears.

    7. Click the Add button to add the LDAP module of this new ldap1 instance and select the LDAP Module Name from the pulldown menu. The Enforcement Criteria should be REQUIRED. Click OK to add the module, then click OK again to save the module properties. Then click Cancel to close the window.

    8. Note

      If the LDAP module name is missing in the pulldown menu, complete the step below (of assigning ldap1 to the Core service). Then exit the Access Manager console and restart Web Server. After logging into the Access Manager Console, try again to add the LDAP module and LDAP should appear.


  9. Click the properties icon next to Core, just below Authentication Modules.
  10. You need to select the ldap1 service for both Administrator Authentication Configuration and Organization Authentication Configuration.

  11. Click Save.
  12. Click the properties icon next to Portal Desktop service.
  13. In the Portal Desktop Type field, change default to sampleportal. Click Save.

  14. Choose Users from the View menu.
  15. A list of users is presented. You need to add the services you just registered in this suborganization to each user.

  16. Click the property icon beside a user.
  17. In the right pane, open the View drop-down menu and choose Services.
  18. No services are listed.

  19. Click the Add button.
  20. A list of services appears.

  21. Click the double-checked box at the top of the list of services to add all services. Then click the OK button.

Configuring Address Book SSO Adapter Template


Note

This section is applicable only to the Messenger Express personal address book Portal Server channel. Skip this section if you are using the Communications Express Address Book Channel.


The following steps enable use of the Personal Address Book (PAB). Perform these steps very carefully to help insure the correct operation of address book related features.

  To Configure the Address Book SSO Adapter Template

  1. From the previous section, you should still be logged in to the Access Manager console.
  2. Click the Service Configuration tab.
  3. In the left pane, click the property arrow for SSO Adapter.
  4. The SSO Adapter Templates list appears in the right hand panel. There should be an entry labeled [SUN-ONE-ADDRESS-BOOK].

  5. Click the New button to create a template without brackets in the name.
  6. Type in the name SUN-ONE-ADDRESS-BOOK.

  7. Choose the Existing Template [SUN-ONE-ADDRESS-BOOK].
  8. Click the Create button.
  9. A list of editable properties should appear with their corresponding values.

  10. The SSO Adapter Template contains several values for which substitutions must be provided. These values are indicated as hyphen-separated, all uppercase names, contained within square brackets. Edit the values appearing in the editable text boxes, and perform the following substitutions:
    • [SERVER-NAME:PORT]: Specifies the name of the LDAP server providing the PAB service, that is, wireless.map.beta.com:389.
    • [PAB-SEARCH-BASE]: Specifies the LDAP search base of the PAB. Assuming that a default Messaging Server installation was done, a value of o=pab should suffice.
    • [USER-SEARCH-BASE]: Specifies the LDAP search base for users. Using our Messaging Server installation example, a value of o=isp should suffice.
    • [ADMIN-ID]: Specifies the DN of the PAB admin. This can be determined by logging in to the back-end machine as root and performing the following steps:
    • # cd /opt/SUNWmsgsr/sbin

      # ./getconf | grep local.service.pab.ldapbinddn

      For example: uid=msg-admin-wireless.map.beta.com-20030729221841, ou=People, o=sun, o=isp

    • [ADMIN-PASSWORD]: Specifies the password for the PAB admin. This can be determined by logging into the back-end machine as root and performing the following steps:
    • # cd /opt/SUNWmsgsr/sbin

      # ./getconf | grep local.service.pab.ldappasswd

      For example: 7]GV89[1}f

    • [IMAP-HOST]: Should specify the name of the IMAP server that is used for authenticating PAB users. Typically, this is the same server name value used when defining [SERVER-NAME:PORT], that is, wireless.map.beta.com.
    • [IMAP-PORT]: Should specify the port of the IMAP server that is used for authenticating PAB users. Typically, this is set to 143.
    • [CLIENT-PORT]: Should specify the port that provides web application service for PAB. This is typically the port on which Messenger Express service is available. Our example uses client port 8080.
  11. After making all the substitutions to the SSOAdapter Template string, click the Save button beneath the SSO Adapter Templates list.
  12. Click Finished.
  13. You should see the new SSOAdapter Template appear in the list.

  14. Click Delete to remove the original template ([SUN-ONE-ADDRESS-BOOK]).

  15. Note

    Removing the original template is optional. As long as the original configName is enclosed in brackets, it does not need to be removed.


Configuring Portal and Back-end Servers for Proxy Authentication

You can enable administrator proxy authentication for the Address Book, Calendar, and Mail channels. By enabling administrator proxy authentication, users do not need to edit a channel’s properties (through the channel’s edit page) to input their authentication credentials. Instead, an administrator’s credentials are used and are stored in the SSO Adapter template. To configure administrator proxy authentication, you must perform the following steps. If you do this, you can then skip Configuring a Portal Server User.

  To Configure the Portal Mail Channel for the SSO Adapter Service

  1. In the Access Manager console, click the Service Configuration tab.
  2. Click the properties arrow for SSOAdapter.
  3. Find the SSO Adapter Template for SUN-ONE-MAIL. Click the Edit Properties link.
  4. Move the following attributes from the Merge column to the Default column. You do this by clicking the Change Type button and then moving the attributes from Merge to Default.

    • host
    • port
    • smtpServer
    • clientPort
    • smtpPort
    • domain
    • The only attributes remaining in the Merge column will be password and uid.

  5. When done moving the attributes, click the Save button.
  6. Insert values for these default variables.
  7. The keyword merge essentially means that the attribute value is derived from user input. The keyword default means the attribute values are provided in the SSO template. Provide these values:

    • enableProxyAuth
    • The default value is false. Change to true.

    • proxyAdminUid
    • Specifies the name of the Messaging Server admin user. The default value is [PROXY-ADMIN-UID]. In this example, the value is admin.

    • proxyAdminPassword
    • Specifies the password of the admin user. The default value is [PROXY-ADMIN_PASSWORD]. In this example, the value is adminpass.

    • serverSSOEnabled
    • Setting this variable enables the link to launch the application from the channel. The default value is false. Change to true.

    • host
    • The value takes the form of fully qualified host. Thus, in this example, the value is wireless.map.beta.com.

    • port
    • This is the value of the IMAP port. In this example, the value is 143.

    • smtpPort
    • This is the value of the SMTP port. In this example, the value is 25.

    • smtpServer
    • This is the value of the SMTP server, which for this example is the same name as the mail host, wireless.map.beta.com.

    • clientPort
    • This is the value of the Messaging Client port, which in this example is 8080.

    • Leave the domain field empty.
  8. Click Save to save the configuration.
  9. Click Finished.

  To Configure the Communications Express Mail Channel for SSO Template Configuration

  1. In the Access Manager console, click the Service Configuration tab.
  2. Click the properties arrow for SSOAdapter.
  3. Find the SSO Adapter Template for SUN-UWC-MAIL. Click the Edit Properties link.
  4. Move the following attributes from the Merge column to the Default column. You do this by clicking the Change Type button and then moving the attributes from Merge to Default.

    • host
    • port
    • smtpServer
    • clientPort
    • smtpPort
    • domain
    • The only attributes remaining in the Merge column will be password and uid.

  5. When done moving the attributes, click the Save button.
  6. Insert values for these default variables.
  7. The keyword merge essentially means that the attribute value is derived from user input. The keyword default means the attribute values are provided in the SSO template. Provide these values:

    • enableProxyAuth
    • The default value is false. Change to true.

    • proxyAdminUid
    • Specifies the name of the Messaging Server admin user. The default value is [PROXY-ADMIN-UID]. In this example, the value is admin.

    • proxyAdminPassword
    • Specifies the password of the admin user. The default value is [PROXY-ADMIN_PASSWORD]. In this example, the value is adminpass.

    • serverSSOEnabled
    • Should be true. Setting this variable enables the link to launch the application from the channel.

    • host
    • The value takes the form of fully qualified host. Thus, in this example, the value is wireless.map.beta.com.

    • port
    • This is the value of the IMAP port. In this example, the value is 143.

    • smtpPort
    • This is the value of the SMTP port. In this example, the value is 25.

    • smtpServer
    • This is the value of the SMTP server, which for this example is the same name as the mail host, wireless.map.beta.com.

    • clientPort
    • This is the value of the Messaging Client port, which in this example is 8080.

    • Leave the domain field empty.
  8. Click Save to save the configuration.
  9. Click Finished.

  To Configure the Calendar Channel for SSO Template Configuration

  1. At the same level where you modified the SSO Template for Mail, find the Global SSO http Adapter for SUN-ONE-CALENDAR.
  2. Click the Edit Properties link.
  3. Move the following attributes from the Merge column to the Default column. You do this by clicking the Change Type button and then moving the attributes from Merge to Default.

    • host
    • port
    • clientPort
  4. When done moving the attributes, click the Save button.
  5. Insert values for these default variables.
  6. The keyword merge essentially means that the attribute value is derived from user input. The keyword default means the attribute values are provided in the SSO template. Provide these values:

    • host
    • The value takes the form of fully qualified host. Thus, in this example, the value is wireless.map.beta.com.

    • port
    • You could use a different port number, but in this example the port is 3080.

    • clientPort
    • This is the value of the Calendar Client port, which in this example is 3080.

    • enableProxyAuth
    • The default value is false. Change to true.

    • proxyAdminUid
    • Specifies the name of the Calendar Server admin user. The default value is [PROXY-ADMIN-UID]. In this example, the value is calmaster.

    • proxyAdminPassword
    • Specifies the password of the calmaster user. The default value is [PROXY-ADMIN_PASSWORD]. In this example, the value is adminpass.

    • serverSSOEnabled
    • The default value is false. Do not change this value. Setting this variable enables the link to launch the application from the channel.

  7. Click Save to save the configuration.
  8. Click Finished.

  To Configure the Communications Express Calendar Channel for SSO Template Configuration

  1. At the same level where you modified the SSO Template for Mail, find the Global SSO http Adapter for SUN-UWC-CALENDAR.
  2. Click the Edit Properties link.
  3. Move the following attributes from the Merge column to the Default column. You do this by clicking the Change Type button and then moving the attributes from Merge to Default.

    • host
    • port
    • clientHost
    • clientPort
  4. When done moving the attributes, click the Save button.
  5. Insert values for these default variables.
  6. The keyword merge essentially means that the attribute value is derived from user input. The keyword default means the attribute values are provided in the SSO template. Provide these values:

    • host
    • The value takes the form of fully qualified host. Thus, in this example, the value is wireless.map.beta.com.

    • port
    • You could use a different port number, but in this example the port is 3080.

    • clientHost
    • Use wireless.map.beta.com as the value.

    • clientPort
    • Use 80 as the value.

    • enableProxyAuth
    • The default value is false. Change to true.

    • proxyAdminUid
    • Specifies the name of the Calendar Server admin user. The default value is [PROXY-ADMIN-UID]. In this example, the value is calmaster.

    • proxyAdminPassword
    • Specifies the password of the calmaster user. The default value is [PROXY-ADMIN_PASSWORD]. In this example, the value is adminpass.

    • serverSSOEnabled
    • The default is true. Do not change this value. Setting this variable enables the link to launch the application from the channel.

  7. Click Save to save the configuration.
  8. Click Finished.

  To Configure the Communications Express Address Book Channel for SSO Template Configuration

  1. At the same level where you modified the SSO Template for Mail, find the Global SSO http Adapter for SUN-UWC-ADDRESS-BOOK.
  2. Click the Edit Properties link.
  3. Move the following attributes from the Merge column to the Default column. You do this by clicking the Change Type button and then moving the attributes from Merge to Default.

    • host
    • clientPort
    • domain
  4. When done moving the attributes, click the Save button.
  5. Insert values for these default variables.
    • host
    • The value takes the form of fully qualified host. Thus, in this example, the value is wireless.map.beta.com.

    • clientPort
    • Use 80 as the value.

    • Leave the domain field empty.
  6. Click the New Default button.
  7. Type the following:
    • Name field: enableProxyAuth
    • Value field: true
  8. Click the Create button.
  9. Click the New Default button.
  10. Type the following:
    • Name field: proxyAdminUid
    • Value field: admin
  11. Click the Create button.
  12. Click the New Default button.
  13. Type the following:
    • Name field: proxyAdminPassword
    • Value field: adminpass
  14. Click the Create button.
  15. Click the New Default button.
  16. Type the following:
    • Name field: userAttribute
    • Value field: uid
  17. Click the Create button.
  18. Click Save to save the configuration.
  19. Click Finished.

  To Set up Admin Proxy Auth for Communications Express

  1. Edit the /var/opt/SUNWuwc/WEB-INF/config/uwcauth.properties files. Uncomment the line that reads:
  2. ! uwcauth.admins=<list of comma seperated admins>

    and replace it with:

    uwcauth.admins=admin

  3. Restart Web Server:
  4. cd /opt/SUNWwbsvr/https-wireless.map.beta.com

    ./stop

    ./start

  To Set up Admin Proxy Auth for Messaging Server and Calendar Server

You need to enable the capability to allow proxy authentication on Messaging Server and Calendar Server. These steps should have already been performed in the previous sections, but you verify that they have been set.

  1. On the Messaging Server host, perform the following:
  2. cd /opt/SUNWmsgsr/sbin

    ./configutil -o service.http.allowadminproxy -v yes

    ./stop-msg

    ./start-msg

  3. To enable http.allowadminproxy on the Calendar Server host, perform the following:
    1. Stop Calendar Server:
    2. cd /opt/SUNWics5/cal/sbin

      ./stop-cal

    3. Open the /opt/SUNWics5/cal/config/ics.conf file in an editor (such as vi).
    4. Type: service.http.allowadminproxy = "yes"
    5. Restart Calendar Server:
    6. cd /opt/SUNWics5/cal/sbin

      ./start-cal

Configuring New Communications Express Channels in the Portal Desktop

By default, the communications channels that are displayed in the Portal Desktop are the “old” channels. If you want to display the “new” Communications Express channels in the Portal Desktop, you need to add them to the Desktop container as well as the Mobile Access native and rendering containers.

  To Configure New Communications Express Channels

  1. In your web browser, open a URL for the Access Manager console and log in as amadmin. The URL for the Access Manager console is:
  2. http://fully-qualified-hostname:portal-server-port/amconsole

    In this example, type:

    http://wireless.map.beta.com/amconsole

  3. Log in as amadmin.
  4. The password is adminpass.

  5. Click the Identity Management tab.
  6. Go to the top level organization, or, if you created service templates, navigate to the lower level organization.
  7. Choose Services from the View menu in the left pane.
  8. Click the property arrow for Portal Desktop.
  9. In the right pane, the Portal Desktop settings appear. Click the Manage Channels and Containers link.
  10. Click the MyFrontPageTabPanelContainer link.
  11. Scroll down until the Ready For Use list appears.
  12. Select the UWCAddressbook, UWCMail, and UWCCalendar channels.
  13. Click the Add button to move them to the Available box. Select them again and click the Add button to move them to the Visible on the Portal Desktop box.
  14. Select Mail, Calendar, and AddressBook (the “old” channels) and move them from the Visible box back up to the Ready For Use box.
  15. This effectively removes them from the Desktop.

  16. Click Save (under Channel Management).
  17. Click the Top link to navigate to the Container Channels list.
  18. Click the JSPNativeContainer link to add the Communications Express channels to the Visible list as was done in the earlier steps.
  19. Click the Save button to save all changes.
  20. Click the Top link to navigate to the Container Channels list.
  21. Click the JSPRenderingContainer link to add the Communications Express channels to the Visible list as was done in the earlier steps.
  22. Click the Save button to save all changes.


Configuring Users

This section describes how to use the Access Manager console to add services to user accounts, the Delegated Administrator utility to create additional users, as well as additional Portal Server configuration steps.

This section contains the following topics:

Configuring User Services

The following steps are required to add mobile services to each of the users that you previously created. You should have already performed these steps in previous sections of this document. However, if you are only interested in adding mobile services that enable users to modify their mobile mail or addressbook preferences, this section describes how to do this.

  To Add Services to User Accounts

  1. In a web browser, open the URL for the Access Manager console and log in as amadmin. The URL for the Access Manager console is:
  2. http://fully-qualified-hostname:portal-server-port/amconsole

    In this example, type:

    http://wireless.map.beta.com/amconsole

  3. Click the Identity Management tab.
  4. You will be presented with a view of all your organizations including map.beta.com. Click the map.beta.com link.
  5. Choose Users from the View menu.
  6. For each user created, click the property icon to the right of the user’s name.
  7. In the right pane, Choose Services from the View menu.
  8. Click the Add button to add new services.
  9. Select Mobile Address Book, Mobile Calendar, and Mobile Mail checkboxes, as well as any other available services, then click the OK button.

  10. Tip

    A shortcut is to click the double-checked box at the top of the list of services to add all services.


  11. Repeat these steps for other users as needed.

  To Configure User Services

Use this procedure if you want Access Manager services to automatically be added upon user creation. This is useful if you want the Instant Messaging, Presence, and Portal services to be automatically created for each user you create through Delegated Administrator (either the command-line utility or console).


Caution

Try this on a test system first to verify that you don’t have subsequent performance issues.


  1. In the Access Manager console, from within the map.beta.com organization, choose Services from the View menu.
  2. Click the properties icon beside Administration service.
  3. In the right pane, scroll down until you see Required Services.
  4. Add the following services by typing the name of the service in the entry box and clicking Add.
    • SunPortalDesktopService
    • SunIM
    • SunPresence
    • SunSSOAdapterService
  5. Add any other services you choose.
  6. Click Save.

Creating Additional User Accounts and Groups

This section describes how to create additional users accounts and groups. Users and groups created in this fashion work with both Communications Services products and Portal Server.

  To Create End User Accounts and Groups

  1. The following example shows how to create users using the Delegated Administrator command-line utility and also how to create a group consisting of the users created.
  2. /opt/SUNWcomm/bin/commadmin user create -D admin -F Demo -l demo1 -L One -n map.beta.com -p 80 -w adminpass -W demo -X wireless.map.beta.com -S mail,cal -E demo1@map.beta.com -H wireless.map.beta.com -k legacy

    /opt/SUNWcomm/bin/commadmin user create -D admin -F Demo -l demo2 -L Two -n map.beta.com -p 80 -w adminpass -W demo -X wireless.map.beta.com -S mail,cal -E demo2@map.beta.com -H wireless.map.beta.com -k legacy

    /opt/SUNWcomm/bin/commadmin group create -D admin -G Demostaff -n map.beta.com -p 80 -w adminpass -X wireless.map.beta.com -S mail -E Demostaff@map.beta.com -H wireless.map.beta.com -o calmaster -m demo1 -m demo2


    Note

    Creating groups using the Delegated Administrator command-line interface will guarantee that these groups will be recognized by Access Manager as LDAP groups that can be searched on using Instant Messenger. They can also be used to send email to the entire group.


  To Create User Accounts by Using Delegated Administrator Console

An alternative to using the Delegated Administrator command-line utility to create users is to use the Delegated Administrator console. The high-level steps to create users with Delegated Administrator console are the following:

Prior to using Delegated Administrator, check the resource.properties file to make sure users will be created using options consistent with your usage. Because this example uses a non-hosted domain scenario, you must edit this file first.

  1. Change directories to /var/opt/SUNWcomm/WEB-INF/classes/sun/comm/cli/server/servlet and change the following lines in the resource.properties file:
  2. servicepackage-ttlhours=0

    to

    servicepackage-ttlhours=20

    servicepackage-ttlminutes=5

    to

    servicepackage-ttlminutes=0

    This has the effect of delaying the time between refreshes of service packages. In a demo scenario, service packages do not change very often so there is no need to refresh them every five minutes. Instead, refresh them every 20 hours to improve Delegated Administrator performance.

  3. Change switch-caltype=hosted to switch-caltype=legacy.
  4. Now, when users are created using Delegated Administrator, they will be created as uid rather than uid@domain.

  5. Restart Web Server:
  6. cd /opt/SUNWwbsvr/https-wireless.map.beta.com

    ./stop

    ./start

  7. The first time you use Delegated Administrator console, you must add service packs to the organization that contains your users. In a web browser, open the URL for the Delegated Administrator console and log in as amadmin (password is adminpass):
  8. http://wireless.map.beta.com/da/DA/Login

  9. Click the check box next to the map.beta.com organization, then click the Allocate Service Package button.
  10. Select the desired service packages.
  11. Choose from among earth, mars, and mercury, because they have mail and calendar services enabled. Each service package has a different mail quota.

  12. Click Next to continue.
  13. Accept the Mail Service defaults, then click Next.
  14. If you chose a service package that contains Calendar, enter the Calendar Host wireless.map.beta.com and Anonymous Login Yes. Then click Next.
  15. Now select the quantity of each service pack desired then click Next.
  16. A quantity of 100 is adequate for demo purposes.

  17. Click Finish.
  18. The service packages are created.

  19. Once the service packs have been allocated for the domain, you can now add users to the domain. Click the domain link, map.beta.com.
  20. Click the New button to create a new user account within this domain.
  21. Type a First Name (such as Demo), Last Name (such as Five), Display Name (such as Demo Five), then click Next.
  22. There is no need to type postal information, so click Next.
  23. Select a service pack for this user, for example, earth, then click Next.
  24. Type the email address, for example, demo5@map.beta.com. Mail Delivery Option should be Local Inbox. Leave the other fields blank.
  25. Click Next.
  26. Choose your calendar preferences and pick your preferred timezone. Then click Next.
  27. Type Login ID and Password. In this example, Login ID is demo5 and password is demo.
  28. Click Next to continue.
  29. Verify the user information then click Finish to create the user account.
  30. Log in to Access Manager as amadmin and assign services to those users as described previously in To Add Services to the Lower Level Organization or in To Add Services to User Accounts.

Configuring a Portal Server User

If you already configured Portal Server for proxy authentication, you do not need to perform steps in this section. Instead, skip to Logging in From a Mobile Device.

The Communication Services channel providers and the Mobile Access wireless applications are intended to give a portal user, through either an HTML or wireless Desktop, access to various services such as Mail, Calendar, and Addressbook. In the default Communication Services channel and Mobile Access installation, individual users must configure their channels with the information needed to gain access to a particular messaging service. The information provided by the user applies to both the HTML and wireless desktops.

  To Access the Portal Server Desktop

To configure channels, each end user must first access the Portal Server Desktop:

  1. In a web browser, open the following URL:
  2. http://wireless.map.beta.com/portal/dt

  3. Using the LoginProvider channel, enter the user name and password of a previously defined user (see To Create User Accounts by Using Delegated Administrator Console).
  4. Click Login.
  5. Once the Desktop appears, proceed with the following steps.

  To Configure a Portal User’s Mail Channel

  1. Look for the channel named Mail.
  2. The name of the channel is on the left side of the channel’s menu bar.

  3. On the right side of the channel’s menu bar, click the pencil icon (Edit Mail).
  4. Under the Account Information category, fill in the following fields:
    • Server Name: Type the name of the server that provides IMAP service for this user. In this example, use wireless.map.beta.com.
    • IMAP Server Port: If the IMAP server is configured in a standard fashion, skip this field. Otherwise, type the port number of the IMAP service. In this example, use 143.
    • SMTP Server Name: If the SMTP server is the same as the IMAP server, skip this field. Otherwise, type the name of the SMTP server that this user should use. In this example, use wireless.map.beta.com.
    • Client Port: Type the port number of the IMAP server that provides Messenger Express service. In this example, use 8080.
    • User Name: Type the user’s IMAP username.
    • User Password: Type the user’s IMAP password.
    • Mail Domain: This is left blank for this example.
  5. When done entering information, click the Finished button.
  6. The Desktop should reappear, but this time the Mail channel should contain a summary of the user’s IMAP inbox.

  To Configure a Portal User’s Addressbook Channel

  1. Look for the channel named Addressbook.
  2. The name of the channel is on the left side of the channel’s menu bar.

  3. On the right side of the channel’s menu bar, click the pencil icon (Edit Addressbook).
  4. Under the Account Information category, fill in the following fields:
    • IMAP User Id: Type the user’s IMAP username.
    • IMAP Password: Type the user’s IMAP password.
  5. The Communications Express Addressbook has additional fields or the field names might be slightly different. You might need to add or change the following:
    • Host Name: Type the server hostname (wireless.map.beta.com).
    • Client Port: Type the server port (80).
    • User Domain: This is left blank in our example.
    • User Name and Password: Type the user’s name and credentials.
  6. Click the Finished button.
  7. The Desktop should reappear, but this time the Addressbook channel should contain a summary of the user’s address book.

  To Configure a Portal User’s Calendar Channel

  1. Look for the channel named Calendar.
  2. The name of the channel is on the left side of the channel’s menu bar.

  3. On the right side of the channel's menu bar, click the pencil icon (Edit Calendar.)
  4. Under the Account Information category, fill in the following fields:
    • Server Name: Type the name of the server that provides calendar service for this user. This is assumed to be Calendar Server host. In this example, use wireless.map.beta.com.
    • Server Port: Type the port number on which Calendar Server services are found. In this example, use 3080.
    • User Name: Type the user’s Calendar Server user name.
    • User Password: Type the user’s Calendar Server password.
  5. The UWC Calendar includes a few additional fields:
    • Client Server Name: The Web Server for Communications Express. In this example, use wireless.map.beta.com.
    • Client Port: This is the port that Communications Express runs on. In this example, use 80.
  6. Click the Finished button.
  7. The Desktop should reappear, but this time the Calendar channel should contain a summary of the user’s calendar.

Logging in From a Mobile Device

This section describes how to log in to Mobile Access.

  To Log In to Mobile Access

  1. In your web browser, log in to Mobile Access. Open the following URL:
  2. http://wireless.map.beta.com/amserver/UI/Login

    You will then be presented with the mobile authentication page.

  3. Type your user ID and password.

Logging in from the Portal Server Desktop is similar. All channels should be readily viewable.


Starting and Stopping Communications Services

This section describes the commands needed to start and stop all the Communications Services.

  To Start and Stop Services

You should stop services before attempting to start them.

  1. To stop all services:
  2. Table 16  Commands to Stop Communications Services

    Service

    Command

    Instant Messaging

    /opt/SUNWiim/sbin/imadmin stop

    Access Manager

    /etc/init.d/amserver stop

    Web Server

    /opt/SUNWwbsvr/https-wireless.map.beta.com/stop

    Calendar Server

    /opt/SUNWics5/cal/sbin/stop-cal

    Messaging Server

    /opt/SUNWmsgsr/sbin/stop-msg

    Administration Server

    /opt/DSServers/stop-admin

    Directory Server

    /opt/DSServers/sladp-wireless/stop-slapd

  3. To start all services:
  4. Table 17  Commands to Start Communications Services

    Service

    Command

    Administration Server

    /opt/DSServers/start-admin

    Directory Server

    /opt/DSServers/slapd-wireless/start-slapd

    Messaging Server

    /opt/SUNWmsgsr/sbin/start-msg

    Calendar Server

    /opt/SUNWics5/cal/sbin/start-cal

    Web Server

    /opt/SUNWwbsvr/https-wireless.map.beta.com/start

    Access Manager

    /etc/init.d/amserver start

    Instant Messaging

    /opt/SUNWiim/sbin/imadmin start


Evaluating the Deployment

Now that you have installed and configured your single host deployment example, you can begin evaluating and using the email, calendar, and instant messaging services both as an end user and as an administrator.

To use and learn about the Sun Java Communications Suite, see the Sun Java Communications Suite Evaluation Guide at http://docs.sun.com/doc/819-6321. This guide provides a tutorial-type walk through of the key features of the Sun Java Communications Suite, including the Connector for Microsoft Outlook plug-in, the messaging, calendaring, and address book components of the Communications Express UI, and Instant Messaging.


Known Issues and Limitations

See the Java Enterprise System Release Notes Collection at the following URL to find out about known problems:


Accessing Sun Resources Online

The docs.sun.comSM web site enables you to access Sun technical documentation online. You can browse the docs.sun.com archive or search for a specific book title or subject. Books are available as online files in PDF and HTML formats. Both formats are readable by assistive technologies for users with disabilities.

To access the following Sun resources, go to http://www.sun.com:


Sun Welcomes Your Comments

Sun is interested in improving its documentation and welcomes your comments and suggestions.

To share your comments, go to http://docs.sun.com and click Send Comments. In the online form, provide the document title and part number. The part number is a seven-digit or nine-digit number that can be found on the title page of the book or at the top of the document. For example, the title of this book is Deployment Example: Sun Java System Communications Services 2005Q4 on a Single Host, and the part number is 819-4879-15.


�2006 Sun Microsystems, Inc. 4150 Network Circle Santa Clara, CA 95054 U.S.A. All rights reserved.

This product or document is protected by copyright and distributed under licenses restricting its use, copying, distribution, and decompilation. No part of this product or document may be reproduced in any form by any means without prior written authorization of Sun and its licensors, if any. Third-party software, including font technology, is copyrighted and licensed from Sun suppliers.

Parts of the product may be derived from Berkeley BSD systems, licensed from the University of California. UNIX is a registered trademark in the U.S. and other countries, exclusively licensed through X/Open Company, Ltd.

Sun, Sun Microsystems, the Sun logo, docs.sun.com, AnswerBook, AnswerBook2, Java, and Solaris are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the U.S. and other countries. Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc. This product includes software developed by Computing Services at Carnegie Mellon University (http://www.cmu.edu/computing).

The OPEN LOOK and Sun™ Graphical User Interface was developed by Sun Microsystems, Inc. for its users and licensees. Sun acknowledges the pioneering efforts of Xerox in researching and developing the concept of visual or graphical user interfaces for the computer industry. Sun holds a non-exclusive license from Xerox to the Xerox Graphical User Interface, which license also covers Sun’s licensees who implement OPEN LOOK GUIs and otherwise comply with Sun’s written license agreements.

U.S. Government Rights - Commercial software. Government users are subject to the Sun Microsystems, Inc. standard license agreement and applicable provisions of the FAR and its supplements.

DOCUMENTATION IS PROVIDED ”AS IS” AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID.


@2006 Sun Microsystems, Inc. 4150 Network Circle, Santa Clara, CA 95954 U.S.A. Tous droits res�rv�s.

Ce produit ou document est prot�g� par un copyright et distribu� avec des licences qui en restreignent l’utilisation, la copie, la distribution, et la d�compilation. Aucune partie de ce produit ou document ne peut �tre reproduite sous aucune forme, par quelque moyen que ce soit, sans l’autorisation pr�alable et �crite de Sun et de ses bailleurs de licence, s’il y en a. Le logiciel d�tenu par des tiers, et qui comprend la technologie relative aux polices de caract�res, est prot�g� par un copyright et licenci� par des fournisseurs de Sun.

Des parties de ce produit pourront �tre d�riv�es du syst�me Berkeley BSD licenci�s par l’Universit� de Californie. UNIX est une marque d�pos�e aux Etats-Unis et dans d’autres pays et licenci�e exclusivement par X/Open Company, Ltd.

Sun, Sun Microsystems, le logo Sun, docs.sun.com, AnswerBook, AnswerBook2, Java et Solaris sont des marques de fabrique ou des marques d�pos�es, de Sun Microsystems, Inc. aux Etats-Unis et dans d’autres pays. Toutes les marques SPARC sont utilis�es sous licence et sont des marques de fabrique ou des marques d�pos�es de SPARC International, Inc. aux Etats-Unis et dans d’autres pays. Les produits portant les marques SPARC sont bas�s sur une architecture d�velopp�e par Sun Microsystems, Inc. Ce produit comprend du logiciel d�velop� par Computing Services � Carnegie Mellon University (http://www.cmu.edu/computing).

L’interface d’utilisation graphique OPEN LOOK et Sun™ a �t� d�velopp�e par Sun Microsystems, Inc. pour ses utilisateurs et licenci�s. Sun reconna�t les efforts de pionniers de Xerox pour la recherche et le d�veloppement du concept des interfaces d’utilisation visuelle ou graphique pour l’industrie de l’informatique. Sun d�tient une licence non exclusive de Xerox sur l’interface d’utilisation graphique Xerox, cette licence couvrant �galement les licenci�s de Sun qui mettent en place l’interface d’utilisation graphique OPEN LOOK et qui en outre se conforment aux licences �crites de Sun.

CETTE PUBLICATION EST FOURNIE “EN L’ETAT” ET AUCUNE GARANTIE, EXPRESSE OU IMPLICITE, N’EST ACCORDEE, Y COMPRIS DES GARANTIES CONCERNANT LA VALEUR MARCHANDE, L’APTITUDE DE LA PUBLICATION A REPONDRE A UNE UTILISATION PARTICULIERE, OU LE FAIT QU’ELLE NE SOIT PAS CONTREFAISANTE DE PRODUIT DE TIERS. CE DENI DE GARANTIE NE S’APPLIQUERAIT PAS, DANS LA MESURE OU IL SERAIT TENU JURIDIQUEMENT NUL ET NON AVENU.