Sun Java System Communications Services 6 2005Q1 Delegated Administrator Guide |
Chapter 4
Customizing Delegated AdministratorAfter you have installed and configured Delegated Administrator with the configuration program (config-commda), you can customize your configuration to meet your particular needs. This chapter offers examples of how to customize certain Delegated Administrator features.
This chapter describes the following topics:
Configuring the Preferred Mail Host Using the Service-Wide DefaultIf you want the Preferred Mail Host and Preferred Mail Store to be set using the server-wide default, you can perform the tasks described in this section.
If you need to remove the Preferred Mail Host field from the Console (specifically, from the New Organization Wizard and Organization Properties screens), you can should take the following steps:
- Edit the Security.properties file. This step is described in this section.
- Enable the MailHostStorePlugin. This step is described in the following section, Adding Plug-ins for Delegated Administrator.
The Security.properties file lets you customize the Delegated Administrator Console for all or for individual roles.
The Security.properties file is located in the directory da_base/da/WEB-INF/classes/com/sun/comm/da/resources
To remove the Preferred Mail Host from the Console, add the lines shown below to the Security.properties file:
# Remove Preferred Mail Host from UI
*.NewOrganizationPage6.PreferredMailHostProperty=INVISIBLE
*.NewOrganizationSummaryPage.PreferredMailHostSummaryProperty=INVISIBLE
*.OrgProperties.MailHostName=INVISIBLE
*.OrgProperties.MailHostNameText=INVISIBLE
*.OrgProperties.MailHostValue=INVISIBLECAUTION: You may add lines to this file for your own customization, but do not edit the lines already present. Editing existing lines could result in exceptions being thrown on the Console.
The properties in the file are of the form: Security Element Name=Permission
A Security Element Name is of the form:
Role Name.Container View Name.Console Element NameA Security Element specifies the Console element and role for which the permission is being defined. If you do not know an element name, view the source of a page to match the name on the page to the Console element you are interested in.
The names on the page are fully qualified names. You need to pick up only the last two elements of the name, which form Container View Name.Console Element Name.
Valid role names for Delegated Administrator are as follows:
“ProviderAdminRole” (SPA) For information about this role, see
Appendix A, “Service Provider Administrator and Service Provider Organizations.”“OrganizationAdminRole” (OUA)
“Top-levelAdminRole” (TLA)
“*” (applies a permission to all roles unless it is overridden for a specific role)
A permission must be one of the following strings:
Adding Plug-ins for Delegated AdministratorYou can customize Delegated Administrator to support the following plug-ins:
Sets the attribute "volinternallogin" by using the "volmaillogin" attribute value (passed in by the Delegated Administrator console) and the value found in the volinternalloginpluginfile. The form of the volinternallogin attribute is <volmaillogin value>@<value found in file>. For details about volinternalloginpluginfile, see Additional Flat File Required for Two Plug-Ins, later in this section.
In the resource.properties file, the attr-loginid must be set to volmaillogin.
Enabling the Plug-Ins
To enable these plug-ins, edit the commcli servlet resource.properties file, located in the following directory:
da_base/data/WEB-INF/classes/sun/comm/cli/server/servlet/
resource.properties(By default, da_base is /opt/SUNWcomm.)
The plug-ins are located in the resource.properties file in a section headed as follows:
########################
# Plugin Configuration #
##########################Each has "plugin" as the suffix. The current list looks like:
jdapi-mailhoststoreplugin=disabled
jdapi-mailhoststorepluginclass=sun.comm.cli.server.util.MailHostStorePlugin
jdapi-mailhoststorepluginfile=/tmp/mailhostmailstore
jdapi-volinternalloginplugin=disabled
jdapi-volinternalloginpluginclass=sun.comm.cli.server.util.
VolInternalLoginPlugin
jdapi-volinternalloginpluginfile=/tmp/volinternalloginplugin
jdapi-objectclassplugin=disabled
jdapi-objectclasspluginclass=sun.comm.cli.server.util.ObjectClassPlugin
jdapi-maildomainreportaddressplugin=enabled
jdapi-maildomainreportaddresspluginclass=sun.comm.cli.server.
util.MailDomainReportAddressPlugin
jdapi-uidautogenerationplugin=disabled
jdapi-uidautogenerationpluginclass=sun.comm.cli.server.util.UidPlugin
Plug-In Format
Each plug-in has at least two lines, which take the following form:
To enable a plug-in, change “disabled” to “enabled”.
Plug-in classes are supplied for all the plug-ins listed in this section. The classes are located in the following directory:
da_base/data/WEB-INF/classes/sun/comm/cli/server/util
You do not need to do anything with these classes.
Additional Flat File Required for Two Plug-Ins
Two plug-ins, MailHostStorePlugin and VolInternalLoginPlugin, require a flat file, which is included in a third line for the plug-in. The plug-in reads the value in the flat file and uses it to set attribute values. If the plug-in is enabled, the file must be present, or an error will occur.
- jdapi-mailhoststoreplugin
o jdapi-mailhoststoreplugininf=<full file name>
o file has one line
o value is that for :
o preferredmailhost attribute
o preferredmailmessagestore attribute
o form
o <mailhost>:<mailpartion>- jdapi-volinternalloginplugin
o jdapi-volinternalloginpluginfile=<full file name>
o file has one line
o value is that for
o right hand side of volinternallogin attribute
Customizing the User Log-InWhen you run the Delegated Administrator configure program (config-commda), the value you use to log in to Delegated Administrator is set to be a uid.
For example, if you intend to log in as the TLA, and the TLA’s uid is john.doe, you would use john.doe to log in to Delegated Administrator.
You can customize Delegated Administrator to enable you to use additional values for the user log-in. For example, you could add the mail address (mail).
How the User Log-In Value Is Set
The config-commda program sets this value to uid with the loginAuth-idAttr property in the resource.properties file, as shown in the following example:
loginAuth-searchBase=<$rootSuffix>
servicepackage-cosdefbasedn = <$rootSuffix>
loginAuth-idAttr-1=uidwhere <$rootSuffix> is the root suffix in your directory.
The resource.properties file is located in /var/opt/SUNWcomm/WEB-INF/classes/sun/comm/cli/server/servlet/
resource.properties.Adding a User Log-In Value
You can set additional values for the user log-in by editing the resource.properties file.
For example, to enable you to use a mail address (such as john.doe@sesta.com) to log in, you could add the following line to the resource.properties file:
loginAuth-searchBase=<$rootSuffix>
servicepackage-cosdefbasedn = <$rootSuffix>
loginAuth-idAttr-1=uid
loginAuth-idAttr-2=mailwhere <$rootSuffix> is the root suffix in your directory.
Note that you must add an increment to the loginAuth-idAttr property for each new value. In this example, a second value is added, so you add -2 to loginAuth-idAttr .
You can add multiple instances of the loginAuth-idAttr property:
loginAuth-idAttr-1=uid
loginAuth-idAttr-2=mail
|
loginAuth-idAttr-n=<login-in value>