Previous     Contents     Index     Next     
iPlanet Delegated Administrator 4.5 Deployment and Customization Guide



Chapter 1   Introduction


This chapter provides a quick overview of Delegated Administrator features and and briefly describes how it works. The chapter includes the following sections:



Overview of Delegated Administrator

iPlanet Delegated Administrator is a web-based directory application designed for Internet Service Providers (ISPs), enterprise extranets, and large corporate intranets. Using Delegated Administrator, you can automatically create a directory structure that supports six pre-configured administrator types.

Delegated Administrator helps you manage your directory data efficiently. It distributes the workload among a group of administrators rather than focusing it on a select few. It also puts user management in the hands of those who are directly impacted by changes to the directory database. The results are faster turnaround times and reduced administration costs.



Delegating Administration


When you install Delegated Administrator, it automatically creates all user entries and appropriate Access Control Instructions (ACIs) required to support six types of administrators (see Figure 1-1). At the highest level, Top-level Administrators have unrestricted access to data for all users in the entire enterprise. A Top-level Administrator can create new organizations, and then delegate user data management to other administrators at levels further down in the user tree. This makes it possible for Organization Administrators, Help Desk Administrators, Group Administrators, and even end users to make some changes in the directory. An administrator's role determines the scope of changes he or she can make.

Figure 1-1    The default administrator types for Delegated Administrator,



Architecture


Delegated Administrator uses HTTP or HTTPS and LDAP or LDAPS protocols. It works in conjunction with iPlanet Directory Server 4.12 and a web server such as iPlanet Web Server 4.1 (see Figure 1-2). Directory Server stores user information and makes it accessible to other applications and servers. Delegated Administrator uses a servlet engine and Java servlet APIs to pass user data between Directory Server and Web Server. Web Server serves up HTML forms that administrators can use to create or modify user entries in the directory (see Figure 1-3).

Figure 1-2    Delegated Administrator Architecture

Figure 1-3    Customizable HTML forms comprise the Delegated Administrator UI.



Customization


While designed to work right out of the box, Delegated Administrator is also highly customizable. Using instructions in this manual, you can modify the UI look and feel, and extend back-end functionality. The following are examples of ways you can customize Delegated Administrator to meet your company's needs:

  • Modify HTML page layout and related directory attributes.

  • Customize Delegated Administrator configuration in the directory.

  • Extend or replace servlet functionality.



What's New in This Release

The following features are new in Delegated Administrator 4.5:

Flexible Directory Information Tree (DIT) support. The current release removes a restriction present in previous versions that required the use of a specific fixed DIT structure and attribute for the relative distinguished name of the base suffix in the directory. Delegated Admin 4.5 may now be installed against a variety of DIT structures and base suffixes including o=, ou=, dc=, l=, and c=.

Support for Netscape Messaging Server 4. Templates are available to support managing account options including access method (POP, IMAP, webmail), quota, vacation message, forwarding options, and end-user mailing list management. These templates are only installed when this option is chosen during installation.

Customized administrator roles. Added support for customized administrative roles. New roles can be built by creating new HTML templates, and modifying the Directory Server ACIs.

Class of Service (COS). Supports the ability to set the value of one or more directory attributes for large sets of users with a single write to the directory (for example, "email Bronze" sets those users up with 5mb mail quota and access to WebMail).

Configuration options can be set on a per-Organization basis. Many of the configuration options such as COS definitions and userid uniqueness can be set on a per-Organization (directory branch) basis.

Improved User Interface. New user interface includes navigation and ease-of-use enhancements.

JPEG image support. Capable of displaying JPEG images stored in the directory.

Support for SiteMinder Single Sign-On. iPlanet Delegated Administrator supports single sign-on via Netegrity SiteMinder 4.0 or higher.

SSL encryption performance enhancement. SSL communications are now up to 10 times faster.



What's New in This Manual


Product information that was not available at the initial release of Delegated Administrator 4.5 has been added to this manual. These topics include:

Other modifications to the original manual include the following:

  • Appendix B, "User Data Migration Scripts," has been removed from this manual. It has been revised and is now a separate HTML document packaged with the actual scripts. For more information, see
    http://docs.iplanet.com/docs/manuals/deladmin/45/related.htm

  • Appendix E, "Mapping Operations to Templates," was removed from this manual. It is replaced by the section "Determining the Appropriate Template.

  • Typographical errors have been corrected and other minor corrections have also been incorporated into this updated edition.


Previous     Contents     Index     Next     
Copyright © 2000 Sun Microsystems, Inc. Some preexisting portions Copyright © 2000 Netscape Communications Corp. All rights reserved.

Last Updated May 24, 2001