With Delegated Administrator, you can distribute provisioning tasks to lower-level administrators who have the authority to manage specified organizations in the LDAP directory. The power to delegate user administration offers the following advantages:
Distributes among many administrators the potentially time-consuming responsibility for provisioning a large directory. Tens or hundreds of administrators can manage organizations within a directory that may include thousands or millions of users.
Allows you to create organizations in the directory structure that can be managed and provisioned as distinct (or unique) units. These organizations can contain users belonging to customer businesses, corporate departments, or other groups.
Delegated Administrator provides two interfaces for provisioning users and organizations in the directory:
These interfaces are summarized in the sections that follow.
The Delegated Administrator utility is a set of command-line tools for provisioning Messaging Server and Calendar Server organizations, users, groups, and Calendar resources.
The Delegated Administrator utility provides the command-line functions that were available in previous releases of Communications Services products (Messaging Server 6 2005Q1 and Calendar Server 6 2005Q1). The Delegated Administrator utility does not offer commands for creating the Service Provider roles and organizations described in this book. To create and manage these new roles and organizations, you must use the Delegated Administrator console.
You invoke the utility with the commadmin command.
For information about the syntax and options available with the commadmin utility, see Chapter 5, Command Line Utilities
The Delegated Administrator console is a graphical user interface (GUI) for provisioning Messaging Server and Calendar Server organizations, users, groups, and Calendar resources.
For information on how to use the console, see the Delegated Administrator console online help.
Delegated Administrator enables you to provision users by modifying the LDAP directory. You do not need to modify the directory directly. However, it can be useful to understand the Delegated Administrator attributes added to user entries and higher-level nodes in the directory.
For information about the LDAP schema object classes and attributes that support Delegated Administrator, see “Chapter 5: Communications Services Delegated Administrator Classes and Attributes (Schema 2)” in the Sun Java System Communications Services Schema Reference.