Sun Java System Instant Messaging 7.2 Administration Guide

Methods for Controlling End User and Administrator Privileges

Different sites using Instant Messaging server have different needs in terms of enabling and restricting the type of access end users have to the Instant Messaging service. The process of controlling end user and administrator Instant Messaging server features and privileges is referred to as policy management. There are two methods of policy management available: through access control files or through Sun JavaTM System Access Manager.

If your deployment does not include Sun Java System Access Manager, you must use the access control file method to manage policies. If you are using Sun Java System Access Manager with the Instant Messaging server, and you have installed the Instant Messaging and Presence services components, you can use either policy management method. Managing policies using Sun Java System Access Manager is a more comprehensive method. One advantage of this method is that it allows you to store all end-user information in the directory.

Setting the Policy Management Method

When you choose which method to use to manage policies, you must also choose where they will be stored. Select the method for managing policies by editing the iim.conf file and setting the iim.policy.modules parameter to either identity for the Access Manager method or iim_ldap for the access control file method, which is also the default method.

Follow these steps to set which method you want to use to manage policies.

ProcedureTo Set the Policy Management Method

  1. Open iim.conf.

    See iim.conf File Syntax for instructions on locating and modifying iim.conf.

  2. Edit the iim.policy.modules parameter by setting it to one of the following:

    • iim_ldap (default, the access control file method)

    • identity (the Access Manager method)

    If you choose identity, you can run imadmin assign_services to assign Instant Messaging and presence services to existing users.

  3. Edit the parameter and set it to either:

    • ldap (To store user properties in LDAP.)

      If you choose ldap, you can run imadmin assign_services to add the required objectclasses that store user properties to user entries in the directory.

    • file (Default, to store user properties in files.)

  4. Save and close iim.conf.

  5. Refresh the configuration.

Policy Configuration Parameters

Table 17–1 lists and describes the parameters available in iim.conf that relate to the increased role that Sun Java System Access Manager can play in Instant Messaging deployments.

Table 17–1 Parameters Related to Access Manager in iim.conf

Parameter Name  




Indicates if Sun Java System Access Manager or the directory is used for policy storage. 

iim_ldap (default)


Indicates if the user properties are in a user properties file or stored in LDAP. Only significant when the service definitions for the Presence and Instant Messaging services have been installed. 

file (Default if you chose not to use Access Manager for policy when you ran the configure utility.)

ldap (Default if you chose to use Access Manager for policy when you ran the configure utility.)