Chapter 3   Basic Installation and Configuration


This chapter provides instructions for installing and configuring Delegated Administrator to support the default directory information tree that ships with the product.

This chapter incldues the following sections:

• System Requirements

• Before You Begin

• Step 1: Install or Upgrade to iPlanet Directory Server 4.12.

• Step 2: Configure the Directory Server Plug-ins.

• Step 3: Configure the Directory Server

• Step 4: Install or Upgrade to iPlanet Web Server 4.1

• Step 5: Create a Web Server Instance

• Step 6: (Optional) Install or Upgrade to Netscape Messaging Server 4.1

• Step 7: Install Delegated Administrator

• Step 8: Configure Netscape Messaging Server

• Step 9: (Optional) Disable Anonymous Access to Your User Tree

• Getting Started

• Uninstalling Delegated Administrator

System Requirements

---

This section describes the minimum hardware and software requirements for installing and using Delegated Administrator 4.5.

Server Requirements

Web Server 4.1 and Delegated Administrator 4.5

Delegated Administrator and iPlanet Web Server 4.1 must be installed on the same computer system and must run a on supported platform (see Table 3-1). iPlanet highly recommends using Web Server 4.1 SP7, although versions 4.1 with SP2 through SP5 are also supported. To determine which patches you need, see the Web Server Release Notes at: http://docs.iplanet.com/docs/manuals/enterprise/41/rn41sp7.html#19292.

Delegated Administrator by itself requires a minimum of 20MB disk space after installation. An additional 5MB is required for each customized or localized organization you add to the Delegated Administrator tree. For example, you could add Organization A and Organization B under the Delegated Administrator root. If you then create a French version and an English version for each of these organizations, the result is a total four localized organizations. This would require 20MB additional disk space.

Directory Server 4.12

Netscape Directory Server 4.12 must be installed and running; it does not have to be installed on the same computer system as Delegated Administrator. In addition to the minimum system requirements for the server, the Directory Server host computer must have 200MB disk space free when preparing an empty directory for use with Delegated Administrator.

For complete Netscape Directory Server 4.12 installation requirements, see the Directory Server Release and Installation Notes available at

http://home.netscape.com/eng/server/directory/4.12/installation.html.

Supported Platforms

Table 3-1summarizes the hardware requirements for installing Delegated Administrator with iPlanet Web Server, Enterprise Edition 4.1 with SP2.

Table 3-1    Supported Platforms.

Vendor	Architecture	Operating System	Minimum Memory (RAM)	Minimum Disk Space After Installation
Sun	SPARC	Solaris 2.6, 2.8	128 MB	150 MB (300 MB during installation)
Hewlett-Packard	HP9000	HP-UX 11.0	128 MB	150 MB (300 MB during installation)
IBM	RS/6000	AIX 4.3.3	128 MB	150 MB (300 MB during installation)
Microsoft	Pentium	Windows NT 4.0 with SP5	128 MB	150 MB (300 MB during installation)

Additional System Requirements for Windows NT 4.0

• Paging space at least as large as the amount of RAM (twice the amount of RAM is recommended).

• 30 MB free disk space for the log files (for approximately 300,000 accesses per day).

• If you plan to run more than two separate instances of Web Server on the same computer system, each server will require an additional 16 MB RAM.

Software Compatibility

Delegated Administrator 4.5 works with the following servers and software:

• Required— iPlanet Web Server 4.1 with appropriate patches. See Server Requirements for more information.

• Required—Netscape Directory Server 4.12

• Required—A browser such as Netscape Communicator or Microsoft Internet Explorer. See Table 3-2 for supported browser versions.

• Netscape Messaging Server 4.1x

• iPlanet Certificate Management System 4.1, 4.2

• Netegrity SiteMinder 4.0

Web Browser Requirements

Administrators and end users will use web browsers to perform user management tasks. Table 3-2 summarizes the web browsers supported for Delegated Administrator.

Table 3-2    Supported Browsers.

Operating System	For Administrators	For End Users
Unix	Netscape Communicator 4.72 Microsoft Internet Explorer 4.0 or 5.0	Netscape Communicator 4.51 or higher Microsoft Internet Explorer 4.0 or higher
Windows NT 4.0	Netscape Communicator 4.72 Microsoft Internet Explorer 4.0 or 5.0	Netscape Communicator 4.08 or higher Microsoft Internet Explorer 4.0 or higher

Before You Begin

---

Before you can install Delegated Administrator, you'll need to resolve the following:

• iPlanet Directory Server 4.12 and Web Server 4.1 with Service Pack 2 must be installed, configured, and running. Table 3-3 summarizes the installation steps you must take and where to find the detailed instructions you'll need in order to install these servers.

• If you plan to use a Directory Server that is already deployed and provisioned with users and groups, you must modify its entries to match the Delegated Administrator objectclasses and attributes. For detailed information, see Appendix , "Using an Existing User Directory."

• If you plan to use Netscape Messaging Server, you'll need to create a postmaster group and reconfigure the server. See "Step 8: Configure Netscape Messaging Server" on page 61 for more information.

  
  

  Table 3-3    Summary of Delegated Administrator Installation Procedures  
  
  

  Installation Step	Where to Find Detailed Instructions
  Install or upgrade to iPlanet Directory Server 4.12.	In this manual, see Step 1: Install or Upgrade to iPlanet Directory Server 4.12. For detailed Directory Server installation instructions, Release and Installation Notes, available at http://home.netscape.com/eng/server/directory/4.12/
  Configure Directory Server plug-ins.	In this manual, see Step 2: Configure the Directory Server Plug-ins.
  Configure Directory Server.	In this manual, see Step 3: Configure the Directory Server.
  Install or upgrade to iPlanet Web Server 4.1.	During installation, you do not have to specify a Directory Server. For detailed installation instructions, see Web Server 4.1 Installation Guide, available at http://docs.iplanet.com/docs/manuals/enterprise.html#41
  Create a new Web Server instance.	For detailed instructions, see WebServer 4.1 Administrator's Guide, http://docs.iplanet.com/docs/manuals/enterprise.html#41
  (Optional) Install Netscape Messaging Server 4.1x.	During installation, when prompted for Directory Server information, specify your Directory Server 4.12 installation. For detailed instructions, see Messaging Server 4.1 Administrator's Guide, http://docs.iplanet.com/docs/manuals/messaging.html#nms41
  Install or upgrade to Delegated Administrator 4.5.	For detailed instructions, see Step 4: Install or Upgrade to iPlanet Web Server 4.1 of this manual.
  If using Netscape Messaging Server, create a postmaster account and modify the server configuration.	In this manual, see Step 8: Configure Netscape Messaging Server.
  (Optional) Disable Anonymous Access if necessary.	For detailed information, in this manual, see Step 9: (Optional) Disable Anonymous Access to Your User Tree.
  Access the Start Page to start using Delegated Administrator.	Delegated Administrator provides a Start Page to help you log in for the first time, and sample data that you can use to test and evaluate the program. For detailed information, in this manual, see Getting Started.

Step 1: Install or Upgrade to iPlanet Directory Server 4.12

---

If you do not have a directory server installed, you must install iPlanet Directory Server 4.12 now. If you already have a pre-4.12 directory server installed, you must upgrade to version 4.12. Follow the instructions in the Release and Installation Notes, available at http://home.netscape.com/eng/server/directory/4.12/. After you've followed the instructions in the Release and Installation Notes, return to this manual and continue with Step 2: Configure the Directory Server Plug-ins, below.

Step 2: Configure the Directory Server Plug-ins

---

Before you can install Delegated Administrator, you must configure four plug-ins that Delegated Administrator uses. The plug-ins are automatically installed for you when you install Directory Server 4.12.

Flexible Attribute Uniqueness. This plug-in enforces the uniqueness of an attribute within a subtree.

Class of Service. This plug-in determines a user's specific configuration values and resource limits based on a Class of Service attribute in the user entry.

Directory Entry Counts. This plug-in automatically maintains count values for organizations, groups, or users that are added to or deleted from the directory.

Referential Integrity Check. This plugin ensures that relationships between related entries are maintained.

To Configure the Directory Server Plug-ins

1. Stop the Directory Server.

2. In each instance of Directory Server that you plan to use with Delegated Administrator, modify the following file (where <NSHOME> is the Directory Server root):

   <NSHOME>/slapd-<host_identifier>/config/slapd.ldbm.conf

   1. Locate the line that begins with:

      plugin postoperation on "referential integrity postoperation"

   2. Add member of to the end of the line. For example (all one line):

      plugin postoperation on "referential integrity postoperation" /export2/brighton/ds412/lib/referint-plugin.so referint_postop_init 0 /export2/brighton/ds412/slapd-rtfm/logs/referint 0 member uniquemember owner seeAlso memberof

   3. If your DIT is used in a hosting environment, perform this step to disable the UID Uniqueness plug-in. When this plug-in is disabled, you can have individuals with the same uid in different organizations. If your DIT is not used in a hosting environment, skip to step 2c.

      To disable the plugin, insert a comment character at the beginning of the following line:

      plugin preoperation on "uid uniqueness" <Directory_root>/lib/uid-plugin.so NSUniqueAttr_Init uid o=iplanet.com

   4. If you want to enable the Class of Service feature, uncomment the following lines by deleting the pound sign (#) at the beginning of the lines:

      #plugin postoperation on "Class of Service" <Directory_root>/lib/cos-plugin.so cos_init o=iplanet.com

      #plugin preoperation on "Class of Service init" <Directory_root>/lib/cos-plugin.so cos_preop_init

      If the above two lines are missing, add them to the file without the comment characters.

      Initial configuration of Class of Service Directory Server Plugins causes the error message "plugin init failed". This is normal behavior. It is simply stating that there are no Class of Service definitions in the directory at the time.

   5. If the following line exists in the file, be sure it is commented out:

      #include "<Directory_root>/slapd-rtfm/config/counters.ldbm.conf"

   6. Add the contents of this file: <Directory_root>/slapd-<identifier>/config/counters.ldbm.conf

3. Start the Directory Server.

Step 3: Configure the Directory Server

---

In this step, modify the Directory Server configuration and user entries to meet your needs. Optimizing page handling and search performance is recommended, but not required, for all Delegated Administrator installations. Modifying the user entries is absolutely required if you've already provisioned your directory with users and groups.

Optimizing Page Handling and Search Performance

You can optimize Delegated Administrator page handling and search performance by modifying the Directory Server configuration. The following measures are necessary when any organization in your directory exceeds 4000 users.

• Add indexes for the nsdadomain, memberof, and uid attributes.

• Reset the lookthroughlimit parameter.

• Reset sizelimit parameters.

• Set the All ID Threshold value appropriately.

To add appropriate indexes to your Directory:

1. Using Netscape Console, in the Directory Server window, select the Configuration tab and then click the Database icon.

2. Select the Indexes tab in the right pane.

3. To add the nsdadomain attribute, click Add Attribute, and then do the following.
   1. In the Select Attributes window, select the nsdadomain attribute and then click OK.

   2. In the Additional Indexes list, select the nsdadomain attribute and then check the boxes for Equality, Presence, and Substring.

4. To add the memberof attribute, click Add Attribute, and then do the following:
   1. In the Select Attributes window, select the memberof attribute and then click OK.

   2. In the Additional Indexes list, select the nsdadomain attribute and then check the boxes for Equality, Presence, and Substring.

5. To add a substring index for the uid attribute, in the Additional Indexes list, select the uid attribute. Then check the boxes for Equality, Presence, and Substring.

6. Click Save.

To reset the lookthroughlimit:

1. Using Netscape Console, in the Directory Server window, select the Configuration tab and then select Database in the left pane.

2. Select the Performance tab in the right pane.

3. In the Look Through Limit field, enter a number greater than the number of entries that the Directory Server will check in response to a search request.

4. Click Save.

To reset the sizelimit parameter:

1. Using Netscape Console, in the Directory Server window, select the Configuration tab and then select the root entry in the navigation tree in the left pane.

2. Select the Performance tab in the right pane.

3. In the Size Limit field, enter -1.

4. Click Save.

Setting the All IDs Threshold Value

By default, the directory server is set to an All IDs threshold of 4000. For Delegated Administrator, this value should be just higher than the number of users in your directory. For detailed information on changing this value, see the Directory Server Administrator's Guide at the following URL:

http://home.netscape.com/eng/server/directory/4.1/admin/index1.htm#1053642

Modifying an Existing User Directory

If you have already deployed Netscape Directory Server and provisioned it with users and groups, you must modify your user directory tree before going any farther with installation. If you have already deployed Netscape Directory Server, but have not installed Delegated Administrator 4.51 to work with it, follow the instructions in Appendix , "Using an Existing User Directory." After you've modified your directory tree, return to this manual and continue with Step 4 below.

Step 4: Install or Upgrade to iPlanet Web
Server 4.1

---

iPlanet Web Server 4.1 and Delegated Administrator must be installed on the same computer system. If you do not have iPlanet Web Server 4.1 installed, install it now. If you have a pre-4.1 Web Server installed, you must upgrade the server to the 4.1 version. Follow the instructions in the Web Server 4.1 Installation Guide, available at http://docs.iplanet.com/docs/manuals/enterprise.html#41. During installation, you do not have to specify a Directory Server when prompted for one.

---

Note

The system users for both Web Server and Delegated Administrator must be the same. To remedy the conflict in a Unix installation of Delegated Administrator you must change the ownership of two resource.properties files to nobody. These files are located in the Delegated Administrator Server root directory. To Make the System Users for Web Server and Delegated Administrator the Same In the directory nda/classes/netscape/nda/pagegen/, at the command line, enter: chown nobody resource.properties. In the directory nda/classes/netscape/nda/servlet/, at the command line, enter: chown nobody resource.properties.

---

Step 5: Create a Web Server Instance

---

For best results, you should create a new instance of Web Server to work with Delegated Administrator. Follow the instructions in the Web Server 4.1 Administrator's Guide, available at http://docs.iplanet.com/docs/manuals/enterprise.html#41.

Step 6: (Optional) Install or Upgrade to Netscape Messaging Server 4.1

---

If you don't have Messaging Server installed, installing it now will save you a step later as you install Delegated Administrator. If you have a pre-4.1 Messaging Server already installed, you must update it to version 4.1 before installing Delegated Administrator. See the Messaging Server 4.1 Installation Guide, available at http://docs.iplanet.com/docs/manuals/messaging.html#nms41 for detailed information.

Step 7: Install Delegated Administrator

---

Before you can install Delegated Administrator, you must install Directory Server and Web Server, and resolve related server issues. See Before You Begin.

To install Delegated Administrator:

1. Run the Delegated Administrator install program.
   • In Unix, in the Delegated Administrator root, enter ./setup.

   • In Windows NT, in the Delegated Administrator directory, double-click the self-extracting icon.

2. When prompted, enter the following:

   Would you like to continue with setup? Enter Yes.

   Do you agree to the license terms? Enter Yes.

   Install location: Enter the path to the directory where Delegated Administrator will be installed.

   Select one of the following options:

   • No Messaging Server Support
     Select this option if you do not intend to use Delegated Administrator with a messaging server.

   • Support for Netscape Messaging Server
     Select this option if you intend to use Delegated Administrator with Netscape Messaging Server 4.1x.

   If you selected "No Messaging Server Support" above, skip to Specify Enterprise Server configuration directory.

   If you selected "Support for Netscape Messaging Server, Delegated Administrator prompts you for the following:

   • Manage Messaging Server? This step is optional. If you intend to use Delegated Administrator with either Netscape Messaging Server 4.1, the setup program can store the appropriate Administration Server URL for future reference. Enter Yes.

   • Specify Host Name: Enter the fully qualified host name the Administration Server that manages the Messaging Server.

     Example: miriam.mcom.com. If you don't know this information at the time of installation, you can enter it later. See To Configure Delegated Administrator to Work with Messaging Server.

   • Specify Admin URL: Enter the fully qualified host name and port number of the Administration Server that manages the Messaging Server.

     Example: http://miriam.mcom.com:400. If you don't know this information at the time of installation, you can enter it later. See To Configure Delegated Administrator to Work with Messaging Server

   Specify Enterprise Server configuration directory: Enter the path to the directory that contains the file magnus.conf.

   Specify LDAP URL: Enter the URL to the instance of Directory Server you're using with Delegated Administrator. Use the following form:

   ldap://<host_name>:<port_number>

   Example: ldap://siroe.mcom.com:8000

   Specify Directory Manager: Enter the DN of the user with Directory Manager privileges on the configuration directory.

   Password: Enter the Directory Manager password you used when you installed the Directory Server.
   

   ---

   Note	In this next part of the installation program, you are asked twice to specify a suffix: one for user data, and one for configuration data.

   ---

   
   

   Specify Suffix: Enter a base suffix using the form o=<your_suffix>.

   Delegated Administrator requires a suffix to store its user data. Examples: o=ISP or dc=ISP, dc=com

   All organizations, groups, and user to be managed by Delegated Administrator will be created under this base suffix.

   • If you specify a suffix in an existing Delegated Administrator 4.5 user tree, no new user information will be written into that tree at this time. The installation program will continue.

   • If you specify a suffix in a pre-4.5 Delegated Administrator user tree, or in an existing DIT, the installation program will not allow you to continue. You'll be asked to update your directory entries to include Delegated Administrator 4.5 objectclasses and attributes. For more information, see "Using an Existing Directory Tree." This document will be available at the location where you downloaded Delegated Administrator.

   Specify Suffix: Delegated Administrator requires a suffix to store its configuration data. Enter a base suffix using the form o=<your_suffix>

   Examples: o=ISP or dc=ISP, dc=com

   Delegated Administrator automatically creates a new base suffix for you containing the following default directory entries and their respective ACIs:

   • One Top-level Administrators group

   • One Top-level Help Desk Administrators group

   • One Organization named Siroe

   • One users group named Group 1

   • Six user accounts

3. When prompted, press Enter to continue and exit the installation program.

   Figure 3-1 illustrates the base suffix that Delegated Administrator creates at installation. In the figure, the user Chris Bolton is a member of the Service Administrators group and can create new administrators and new organizations.

Figure 3-1    Delegated Administrator automatically creates a base suffix with default data you can use to get started.

Step 8: Configure Netscape Messaging Server

---

Messaging Server will not recognize the Delegated Administrator base suffix until you create a postmaster group and change the Messaging Server configuration.

Creating a Postmaster Group

Create a postmaster group in the base suffix you specified when you installed Delegated Administrator. In Netscape Console, when you click the Users and Groups tab, the current base suffix is displayed. If the Delegated Administrator base suffix is not displayed, you must change to the appropriate directory. To change to the Delegated Administrator Directory, click Directory.

To create a postmaster group:

1. In Netscape Console, in the Users and Groups tab, use the drop-down list in the lower-right corner to choose New Group. Then click Create.

2. In the Select Organizational Unit window, choose Base DN, and then click OK.

3. In the Create Group window, in the Group Name field enter Postmaster.

4. Click the Account tab, and then click the Mail Account checkbox until a checkmark is displayed. After a moment, the Mail tab is added to the window.

5. Click the Mail tab. Enter a primary email address using the form postmaster@<your_host>.<your_domain>.

6. Click OK.

Changing the Messaging Server Configuration

Once you change the configuration, Messaging Server will recognize the mail accounts for any users you create.

To Configure Messaging Server to Work with Delegated Administrator

1. In Netscape Console, open the Messaging Server window.

2. In the Messaging Server window, click the Configuration tab, and in the navigation tree click Services.

3. Click the LDAP tab. In the section "LDAP connection for user lookup," select "Use messaging server specific directory settings." Verify the following Directory Server information, and modify the Base DN:

   Host name: Displays the name of the computer where the Directory Server is installed.

   Port number: Displays the port number for the Directory Server.

   Base DN: Enter the base suffix you used when you installed Delegated Administrator. Example: o=ISP

   Bind DN: Displays the Distinguished Name (DN) for the user who has appropriate permissions to make changes to the configuration directory.

4. Click Change Password, and then change the password for the Bind DN.

5. Click Save. In the Restart Services window, click to select "Restart all services now."

6. Click Restart.

To Configure Delegated Administrator to Work with Messaging Server

You need to perform this step only if you did not specify the Messaging Server URL when you ran the installation program for Delegated Administrator.

1. In the Delegated Administrator root, locate the following file:

   ...nda/classes/netscape/nda/servlet/resource.properties

2. Modify the following line to include the fully qualified host name the of Administration Server that manages the Messaging Server:

   MsgSvr0-name=<server_identifier>

   Example: MsgSvr0-name=miriam.mcom.com

3. Modify the following line to include the fully qualified host name and port number of instance of Administration Server that manages the Messaging Server:

   MsgSvr0-adminurl=http://<host_name>:<port_number>

   Example: http://miriam.mcom.com:400.

Step 9: (Optional) Disable Anonymous Access to Your User Tree

---

By default, Delegated Administrator uses a special Access Control Instruction (ACI) for anonymous access. Anonymous access allows any user to search all user entries in the directory. Many applications that use Directory Server data cannot work without anonymous access.

However, Delegated Administrator customers who provide internet service to multiple companies may want to disable anonymous access. When you disable anonymous access, for example, users in organization A can search the user directory and never see users in organization B; users in organization B will never see the users in organization A.

You can disable anonymous access by running a script provided for you in the <DelegatedAdmin_root>/nda/ldif directory. The script removes the ACI which allows anonymous access.

Figure 3-2    By default, anonymous access is enabled and users in organization A can see users in organization B.

To Disable Anonymous Access

1. If you've installed Delegated Administrator using the default base suffix (o=ISP), skip to Step 3.

2. In the file <DelegatedAdmin_root>/nda/ldif,change the base suffix o=ISP to your base suffix as appropriate.

3. In the Directory Server, in <NSHOME>/shared/bin, execute ldapmodify with the anon.ldif file.

   For example, you can enter:

   ldapmodify -h <host> -p <port> -D "cn=directory manager" -w <password> -f <DelegatedAdmin_root>/nda/ldif/anon.ldif

Changing the NDAUser Password

Delegated Administrator uses the NDAUser entry under ou=config for resolving uids at login. You can change the password for this user as an added security measure.

To change the password for the NDAUser:

1. Go to the directory where the file resource.properties is stored:

   <DelegatedAdmin_root>/nda/classes/netscape/nda/servlet/

2. In the file resource.properties, change the password for the following entry:

   NDABasicAuth-uidrespw=auth

   Be sure that only authorized personnel have access to this password!

3. Use ldapmodify to change the password for the NDAUser entry. In the directory <DirectoryServer_root>/shared/bin, enter the following:

   ldapmodify -h <host_name> -p <port_number> -D "cn=directory manager" -w <password>

4. At the prompt, enter the following:

   dn: uid=NDAUser, ou=config, o=<base_suffix>

   changetype: modify

   replace: userpassword

   userpassword: <newpassword>

5. To complete the command:
   • On Unix, enter <Ctrl-D>.

   • On Windows NT, enter <Ctrl-Z>.

6. Restart Web Server.

Silent Installation

---

If you plan to install more than one instance of Delegated Administrator, you can save a cache file that contains all of the parameters you specify during the first installation. Then, after you've installed Delegated Administrator once, you can use the cache file to quickly install additional Delegated Administrator instances. All of your responses to the installation prompts are recorded in the cache file. When you use a cache file in a new installation you are not asked any questions. Instead, all of the cache file responses are automatically applied as the new installation parameters. This type of installation is known as silent installation.

Saving the Cache File

To save the cache file, you must run the installation program with the -k command line option.

Examples:

Windows NT. Choose Run, and then enter setup -k.

DOS command line. Enter setup -k.

Unix. Enter setup -k.

The cache file from an installation is saved with the name install.inf in the server-root/setup directory. For example, if you installed the server into /home/deladmin, the cache file for that installation is: /home/deladmin/setup/install.inf.

To Use the Cache File for Installation

1. Copy the install.inf cache file to the installation directory that you are using for the new installation.

2. Review and edit the install.inf cache file as necessary.

   You will probably want to change some of the parameters and specifications in the cache file. For example, the host name for this installation will likely be different than the host name recorded in the cache file. Remember that the parameters listed in the cache file will be automatically applied to this installation.

3. Run setup with the -s -f filename options. The filename is the full path identifying the cache file you wish to use. For example:

   setup -s -f /home/deladmin/setup/install.inf

   When you use a cache file in this way, no new cache file is created from this installation. If you have many similar server configurations to set up, you can place the configuration file plus the server installation package on each machine. You execute the setup program on each machine; it then extracts all information it needs from the configuration file as it performs the installation.

Getting Started

---

The Start Page was designed to provide all the information you need to quickly begin using Delegated Administrator with the sample organization Siroe. You can access the Start Page at any time by pointing a web browser to http://<host:webserver_port>/nda/start.htm.

You can use the Start Page to log in as any level of administrator named in the page. The user ID and password you use to log in determines your administrator role and determines which branches of the directory you have access to.

To Use the Start Page

1. In a browser, enter the URL for the Delegated Administrator host using the form http://<host:webserver_port>/nda/start.htm.

2. Click Login.

3. In the Delegated Administrator Login window, using the information on the Start Page, enter an administrator's system user ID and password. For example, to log in as the Service Administrator, Chris Bolton, you would enter the following:

   User ID. chris

   Password. bolton

4. Click Login.

Delegated Administrator displays the administration page that is appropriate for the User ID you entered.

Using the Default Organization

You can use the default organization, Siroe, to perform the first few administration tasks, and then reconfigure it to meet your own requirements. For example, you can log in with the user ID chris and create as many organizations and administrators as you need. You can continue to use the default data and administration pages for learning or testing purposes. Once you've put your own directory structure in place, you can edit the default organization and group name, and delete the original six users from the directory.

If you've created a new organization at the same level as Siroe in the Delegated Administrator user tree, you'll have to create a new start.htm page and a new login.htm page for that organization. For more information, see the "Customizing Delegated Administrator." It will be available at the location where you downloaded the application.

Uninstalling Delegated Administrator

---

You can remove Delegated Administrator from your computer system. Both Directory Server and Web Server should be installed and running when you uninstall Delegated Administrator.When you run the Uninstall program, the following occurs:

• All Delegated Administrator binaries are removed.

• The web server configuration reverts to the way it was before Delegated Administrator was installed.

• The web server is restarted.

• All Delegated Administrator files that were generated after initial installation remain on your computer system.

• All data that was added to the directory when Delegated Administrator was installed, and any data that was added subsequently, remains in the directory.

To uninstall Delegated Administrator, run the Uninstall program:

• In Unix, enter ./uninstall

• In Windows NT, in the Delegated Administrator root, double-click the Uninstall icon.