![]() |
iPlanet Delegated Administrator 4.5 Deployment and Customization Guide |
Contents
Part 1 Introduction & Deployment PlanningOverview of Delegated Administrator
Delegating Administration
Architecture
Customization
What's New in This Release
What's New in This Manual
Chapter 2 Deployment PlanningDetermining Your Delegated Administrator Needs
The Delegated Administrator DIT
Flexible DIT Options
Guidelines for Optimal Performance
Provisioning a User Directory for the First Time
Using an Existing User DIT
Upgrading an Existing Delegated Administrator Installation
Nested Containers
Options to Consider Before Installation
Customized Administrator Types
Directory Server Configuration and User Data
Implications of Customizing Delegated Administrator
Optimizing Directory Searches
Messaging Server Support
Certificate-based Authentication
Class of Service
Other Configuration Options
Part 2 Installation & Configuration
Chapter 3 Basic Installation and ConfigurationSystem Requirements
Server Requirements
Before You Begin
Supported Platforms
Software Compatibility
Web Browser Requirements
Step 1: Install or Upgrade to iPlanet Directory Server 4.12
Step 2: Configure the Directory Server Plug-ins
Step 3: Configure the Directory Server
Optimizing Page Handling and Search Performance
Step 4: Install or Upgrade to iPlanet Web Server 4.1
Modifying an Existing User Directory
Step 5: Create a Web Server Instance
Step 6: (Optional) Install or Upgrade to Netscape Messaging Server 4.1
Step 7: Install Delegated Administrator
Step 8: Configure Netscape Messaging Server
Creating a Postmaster Group
Step 9: (Optional) Disable Anonymous Access to Your User Tree
Changing the Messaging Server Configuration
To Disable Anonymous Access
Silent Installation
Changing the NDAUser Password
Saving the Cache File
Getting Started
To Use the Cache File for Installation
To Use the Start Page
Uninstalling Delegated Administrator
Using the Default Organization
Chapter 4 Enabling Optional FeaturesThe Sample LDIF Data File
Secure Sockets Layer (SSL)
To Use SSL-based LDAPS Connections
UserID Uniqueness
The UserID Uniqueness Plug-In
User Directory Failover
Setting up the Directory Servers
Password Reset Policy
Enabling User Directory Failover in Delegated Administrator
To Modify the Password Policy
Single Sign-On
To Modify the Delegated Administrator Configuration
Before You Begin
Configuring SiteMinder
Configuring the Directory Server
Configuring Delegated Administrator
Restarting the Web Server
Chapter 5 Certificate-Based AuthenticationBefore You Begin
Step 1: (Optional) Install and Configure Certificate Management System
Installing Certificate Management System
Step 2: Configure Web Server 4.1
Configuring Certificate Management System
Enabling SSL
Step 3: Issue Certificates for Delegated Administrator Users
Configuring Web Server to Work with Directory Server
Modifying the certmap.conf File
Restricting Access to Delegated Administrator Servlets
Defining a Servlet Alias
Restart the Web Server
Step 4: Configure the Directory Server
Creating a Proxy User Account
Step 5: Configure Delegated Administrator
Step 6: Restart the Web Server
Chapter 6 Class of ServiceHow CoS Works
Class of Service Definition
Setting Up CoS in Delegated Administrator
Templates
Interaction with Stored Attribute Values
Configuration and Management
Adding COS Schema
Modifying Existing User Entries
Adding CoS Templates
Part 3 User Data Management
Chapter 7 Top-level AdministratorsLogging In
Using the Start Page
The Top-level Administration Page
Using the Login Window
Using the Location Bar
Managing the Top Level
Using the Search Feature
Adding Top-level Administrators
Managing Organizations
Removing Top-Level Administrators
Adding Top-Level Help Desk Administrators
Removing Top-Level Help Desk Administrators
Creating a New Organization
Managing Groups
Creating a Suborganization
Adding Organization Administrators
Removing Organization Administrators
Adding Organization Help Desk Administrators
Removing Organization Help Desk Administrators
Deleting an Organization
Creating a New Group
Managing User Accounts
Creating a Subgroup
Adding a User to a Group
Adding Group Administrators
Removing Group Administrators
Removing a User from a Group
Deleting a Group
Creating a New User Account
Mail Lists
Deleting a User Account
Mail List Owners
My Account
Moderated Mail Lists
Managing Mail Lists
Top-level and Organization Administrators' Mail Lists
Help Desk Administrator's Mail Lists
Group and User Account Administrators' Mail Lists
To Modify Information in Your Own User Account
Modifying Configuration Information
Chapter 8 Top-level Help Desk AdministratorsLogging In
Using the Start Page
The Top-level Help Desk Administration Page
Using the Login Window
Using the Search Feature
Changing a User's Password
To Change a User's Password
My Account
To Modify Information in Your Own User Account
Mail Lists
Mail List Owners
Moderated Mail Lists
Chapter 9 Organization AdministratorsLogging In
Using the Start Page
The Organization Administration Page
Using the Login Window
Using the Location Bar
Managing Organizations
Using the Search Feature
Exceeding the Search Results Size Limit
Creating a New Organization
Managing Groups
Limiting the Number of Objects in an Organization
Creating a Suborganization
Adding Organization Administrators
Removing Organization Administrators
Adding Organization Help Desk Administrators
Removing Organization Help Desk Administrators
Deleting an Organization
Creating a New Group
Managing User Accounts
Limiting the Number of Objects in an Group
Creating a Subgroup
Adding a User to a Group
Adding Group Administrators
Removing Group Administrators
Removing a User from a Group
Deleting a Group
Creating a New User Account
My Account
Deleting a User Account
To Modify Information in Your Own User Account
Modifying Configuration Information
Mail Lists
Mail List Owners
Moderated Mail Lists
Managing Mail Lists
Organization Administrators' Mail Lists
Help Desk Administrators' Mail Lists
Group and User Account Administrators
Chapter 10 Organization Help Desk AdministratorsLogging In
Using the Start Page
The Organization Help Desk Administration Page
Using the Login Window
Using the Search Feature
Changing a User's Password
To Change a User's Password
My Account
To Modify Information in Your Own User Account
Mail Lists
Mail List Owners
Moderated Mail Lists
Chapter 11 Group AdministratorsLogging In
Using the Start Page
My Groups and The Group Administration Page
Using the Login Window
Using the Location Bar
Managing Groups
Using the Search Feature
Exceeding the Search Results Size Limit
Creating a New Group
Managing User Accounts
Limiting the Number of Objects in an Group
Creating a Subgroup
Adding a User to a Group
Adding Group Administrators
Removing Group Administrators
Removing a User from a Group
Deleting a Group
Limited Access to Higher-level Administrators
My Account
Creating a New User Account
Deleting a User Account
To Modify Information in Your Own User Account
Mail Lists
Mail List Owners
Moderated Mail Lists
Managing Mail Lists
Chapter 12 End Users as AdministratorsLogging In
To View Basic Information
Modifying User Account Information
To View Class of Services
To Change Your Password
Mail Lists
To Modify Personal Information
Mail Delivery Options
Setting Vacation Auto-Responder Rules
Mail List Owners
Moderated Mail Lists
Managing Mail Lists
Part 4 Customizing Delegated Administrator
Chapter 13 Customizing the User InterfaceHTML Templates
How the Templates Work
Configuration Data
Creating Templates for a New Organization
Datatype Identifiers
NDAGetPage Servlet
Matchtype Identifiers
Macros
Supported Directives
Determining the Appropriate Template
Customizing the Display of Search Results
Setting Macro Values
Searching a Datatype
Sorting on Multiple Attributes
Customizing HTML Templates
To Change the Banner or Logo on the Login Page
Adding a Field to an HTML Template
Adding a JPEG Image to a Template
Changing an Error Message
Changing Search Criteria
Chapter 14 Customizing Configuration in the DirectoryDefault Configuration Information
cn=mainconf
Customizing Configuration Information
cn=servletsconf
cn=opconf
cn=macrosconf
Customizing the Default Configuration
Configuration Management Utilities
Customizing Configuration for an Organization
The domain.map File
The Lookup Algorithm
Using the Configuration Management Tab
Using Directory Server Console and Command-Line Utilities
Chapter 15 Extending ServletsiPlanet Delegated Administrator 4.5 Servlets
Servlet Architecture
Accessing the Session Object
What You Can Customize
Methods and Keys
Accessing the TaskData Object
Constructor and Fields
Extending Authentication and Logout Servlets
What Extending NDAServlet Involves
Extending Task Servlets
Creating a Java Source File
What Extending a Task Servlet Involves
Compiling and Packaging Your Java Classes
Creating a Java Source File
Compiling Your Source Files
Modifying Properties Files
Packaging and Copying Your Classes
Restarting the Web Server
Part 5 Appendixes
Appendix A Using an Existing User DirectoryModifying Your User Directory
Step 1: Create a Top-level Administrator
Configuring Delegated Administrator for Other Tree Structures
Step 2: Modify user entries.
Step 3: Modify Organization Entries.
Step 4: Create Start and Login Pages for Each Organization.
Step 5: Modify the Root Entry.
Step 6: Create Group Containers.
Step 7: Add New Administrator Groups.
Step 8: Update the Containers for People.
Step 9: Create Non-Administrator Groups.
Step 10: Initialize the Object Counters.
The Delegated Administrator Directory Information Tree (DIT)
Defining Object Types
Appendix B Upgrading from Delegated Administrator Version 4.11Changes from Version 4.11 to Version 4.5
Modifying the User Directory
Step 1: Modify Entries at the Top Level
Add New Objectclasses and Attributes
Step 2: Modify Entries at the Organization Level
Step 1: Modify the Top-level Entry
Importing New Configuration Information
Step 2: Modify Each Organization Entry
Step 3: Modify the NDAUser Entry
Step 4: Modify Administrator Group Entries
Step 5: Modify OrgUnit Entries
Step 6: Modify Department or Group Entries
Step 7: Modify User Entries
To Import Configuration Changes
Changing Container Names
Step 1: Change the Version 4.11 Container Names
Initializing the Object Counters
Step 2: Change the Version 4.5 Container Names
To Initialize the Object Counters
Appendix C Delegated Administrator SchemaLDAP Overview
How LDAP Works
Delegated Administrator Object Classes
Object Classes
Attributes
Object Identifiers (OIDs)
inetAdmin
Delegated Administrator Attributes
nsManagedDept
nsManagedDeptAdminGroup
nsManagedDomain
nsManagedFamilyGroup
nsManagedISP
nsManagedMailList
nsManagedOrgUnit
nsManagedPerson
nsUniquenessDomain
adminRole
memberof
nsdaCapability
nsDADomain
nsdaModifiableBy
nsDefaultMaxDeptSize
nsMaxDepts
nsMaxDomains
nsMaxMailLists
nsNumUsers
nsMaxUsers
nsNumDepts
nsNumDomains
nsNumMailLists
nsSearchFilter
owner
Appendix D Delegated Administrator Access Control Instructions (ACIs)Overview of Delegated Administrator ACIs
Index
How Group Administrator ACIs Work
ACIs for Adding a User to a Group
ACI Implementation and Scalability Issues
Limited Access to Higher-level Administrators
ACIs for Modifying Own Entries
Managing Subgroups
Top-level Administrators
Delegated Admininstrator ACIs Explained
Organization Administrators
Top-level ACIs
Tips on Customizing Delegated Administrator ACIs
Organization-level ACIs
Index Next
Copyright © 2000 Sun Microsystems, Inc. Some preexisting portions Copyright © 2000 Netscape Communications Corp. All rights reserved.
Last Updated May 24, 2001