Chapter 2
Installation Instructions
This chapter includes the following sections:
Table 2-1 summarizes the installation steps and where to find the detailed instructions for these steps.
Table 2-1 Summary of Delegated Administrator Installation Procedures
|
Installation Step
|
Where to Find Detailed Instructions
|
Install the iPlanet Messaging Server 5.0.
|
Refer to the iPlanet Messaging Server Installation Guide. Note that this step also installs the iPlanet Directory Server 4.12.
|
Configure Directory Server plug-ins.
|
See Step 2: Configure the Directory Server Plug-ins.
|
Configure Directory Server.
|
See Step 3: Configure the Directory Server.
|
Install the iPlanet Web Server, Enterprise Edition, 4.1 SP2 on the same machine as the Delegated Administrator for Messaging.
|
On the same CD as the Delegated Administrator for Messaging. See the Web Server 4.1 Installation Guide, at http://docs.iplanet.com/docs/manuals/enterprise.html#41
|
Install Delegated Administrator for Messaging.
|
See "Step 5: Install Delegated Administrator"
|
Step 1: Install the iPlanet Messaging Server 5.0 and Record Your Installation Parameters
See the iPlanet Messaging Server Installation Guide. Record you installation parameters, especially those listed in Table 1-1.
Step 2: Configure the Directory Server Plug-ins
Before you can install the Delegated Administrator, you may wish to configure two optional plug-ins. The plug-ins are automatically installed with Directory Server 4.12, but need to be activated by modifying the SLAPD configuration file. The plug-ins are described below:
Class of Service. This plug-in determines a user's specific configuration values and resource limits based on a Class of Service attribute in the user entry. For more information see the Class of Service section in Chapter 6 of the iPlanet Delegated Administrator 4.5 Deployment and Customization Guide.
Directory Entry Counts. This plug-in automatically maintains count values for organizations, groups, or users that are added to or deleted from the directory. This provides you with an up-to-date count of the number of entry types.
To Configure the Directory Server Plug-ins
Stop the Directory Server.
In each instance of Directory Server that you plan to use with Delegated Administrator, modify the following file (where <NSHOME> is the Directory Server root):
-
<NSHOME>/slapd-<host_identifier>/config/slapd.ldbm.conf
If you want to enable the Class of Service feature, uncomment the following lines by deleting the pound sign (#) at the beginning of the lines:
-
#plugin postoperation on "Class of Service" <Directory_root>/lib/cos-plugin.so cos_init o=iplanet.com
-
#plugin preoperation on "Class of Service init" <Directory_root>/lib/cos-plugin.so cos_preop_init
-
If the above two lines are missing, add them to the file without the comment characters.
If the following line exists in the file, be sure it is commented out:
-
#include "<Directory_root>/slapd-rtfm/config/counters.ldbm.conf"
Add the contents of this file: <Directory_root>/slapd-<identifier>/config/counters.ldbm.conf
Start the Directory Server.
Step 3: Configure the Directory Server
Optimizing page handling and search performance is recommended, but not required for all Delegated Administrator installations. Modifying the user entries is absolutely required if you've already provisioned your directory with users and groups. Follow the guidelines in the iPlanet Messaging Server Provisioning Guide to upgrade existing entries for use with the Delegated Administrator for Messaging.
Optimizing Page Handling and Search Performance
You can optimize Delegated Administrator page handling and search performance by modifying the Directory Server configuration. The following measures are necessary when any domain in your directory exceeds 5000 users.
Add indexes for the memberof attributes.
Reset the lookthroughlimit parameter.
Reset sizelimit parameters.
Set the All ID Threshold value appropriately.
To add appropriate indexes to your Directory:
Using Netscape Console, in the Directory Server window, select the Configuration tab and then click the Database icon.
Select the Indexes tab in the right pane.
To add the memberof attribute, click Add Attribute, and then do the following:
In the Select Attributes window, select the memberof attribute and then click OK.
In the Additional Indexes list, select the nsdadomain attribute and then check the boxes for Equality, Presence, and Substring.
Click Save.
To reset the lookthroughlimit:
Using Netscape Console, in the Directory Server window, select the Configuration tab and then select Database in the left pane.
Select the Performance tab in the right pane.
In the Look Through Limit field, enter -1.
Click Save.
To reset the sizelimit parameter:
Using Netscape Console, in the Directory Server window, select the Configuration tab and then select the root entry in the navigation tree in the left pane.
Select the Performance tab in the right pane.
In the Size Limit field, enter -1.
Click Save.
Setting the All IDs Threshold Value
By default, the directory server is set to an All IDs threshold of 4000. For Delegated Administrator, this value should be just higher than the number of users in your directory. For detailed information on changing this value, see the Managing All IDs Threshold section in Chapter 7 of the Directory Server Administrator's Guide at http://docs.iplanet.com/docs/manuals/directory/41/admin/index1.htm#1053642
Step 4: Install or Upgrade to iPlanet Web Server 4.1 SP2
iPlanet Web Server 4.1 SP2 and Delegated Administrator for Messaging must be installed on the same computer system. The Web server is on the CD at /solaris/ES
If you do not have iPlanet Web Server 4.1SP2 installed, install it now. If you have a pre-4.1 Web Server installed, you must upgrade the server to the 4.1SP2 version. Follow the instructions in the Web Server 4.1 Installation Guide, available at http://docs.iplanet.com/docs/manuals/enterprise.html#41. During installation, you do not have to specify a Directory Server when prompted for one.
|
Note
|
The iPlanet Web Server port must not be assigned to the same port as the Messenger Express (Web Mail) port, which was specified during the Messaging Server installation. Be sure to write down all parameters set during Web Server installation as these may be needed for configuration and Delegated Administrator for Messaging installation.
|
Step 5: Install Delegated Administrator
After completing the information sheet in Table 1-1, run the Delegated Administrator install program. In UNIX, become root and cd to the installation files directory on the CD at /solaris/iDA and enter ./setup. The following screens will appear during installation. We recommend that you write the entered installation values in the underscored fields of this document or in some other secure place for future reference.
Install Screen 1—Tips
-
---------------------------------------------------------
Sun-Netscape Alliance
iPlanet Delegated Administrator for Messaging Installation/Uninstallation
---------------------------------------------------------
Welcome to the iPlanet Delegated Administrator for Messaging installation program
This program will install iPlanet Server Products and the
iPlanet Console on your computer.
It is recommended that you have "root" privilege to install the software.
Tips for using the installation program:
- Press "Enter" to choose the default and go to the next screen
- Type "Control-B" to go back to the previous screen
- Type "Control-C" to cancel the installation program
- You can enter multiple items using commas to separate them.
For example: 1, 2, 3
Would you like to continue with installation? [Yes]: Yes
---------------------------------------------------------
-
Yes continues with installation. No terminates installation process.
-
* * *
Install Screen 2—License
-
---------------------------------------------------------
Sun-Netscape Alliance
iPlanet Delegated Administrator for Messaging Installation/Uninstallation
---------------------------------------------------------
BY INSTALLING THIS SOFTWARE YOU ARE CONSENTING TO BE BOUND BY
AND ARE BECOMING A PARTY TO THE AGREEMENT FOUND IN THE
LICENSE.TXT FILE. IF YOU DO NOT AGREE TO ALL OF THE TERMS
OF THIS AGREEMENT, PLEASE DO NOT INSTALL OR USE THIS SOFTWARE.
Do you agree to the license terms? [y]:
---------------------------------------------------------
-
y continues. n terminates installation.
-
* * *
Install Screen 3—Install Location
-
---------------------------------------------------------
Sun-Netscape Alliance
iPlanet Delegated Administrator for Messaging Installation/Uninstallation
---------------------------------------------------------
This program will extract the iPlanet Delegated Administrator for Messaging
application from the distribution media and install it into a directory you
specify.
Install location [/usr/netscape/nda45]:_______________________________
---------------------------------------------------------
-
This is the location of the Delegated Administrator for Messaging installation files. It can be placed anywhere in the directory. This parameter is required later for administrative purposes.
-
-
* * *
Install Screen 4—Enable Purge Command
-
---------------------------------------------------------
Sun-Netscape Alliance
iPlanet Delegated Administrator for Messaging Installation/Uninstallation
---------------------------------------------------------
If you want iPlanet Delegated Administrator for Messaging to manage a
Messaging Server, you will be asked for the Messaging Server identifier
and it's Administration Server URL.
Manage Messaging Server [No]: Yes
Specify Host Name [galaxy.siroe.com]: ______________________________
Specify Admin URL: ______________________________________________
Specify CGI Path [msg-galaxy/Tasks/operation]: _____________________
---------------------------------------------------------
-
Yes gives you access to the imadmin domain/family/group/user purge commands. You have access to the other Delegated Administrator for Messaging commands whether you answer yes or no, but the purge commands require this extra information. After answering yes, you are prompted for the following:
-
Host Name is the fully-qualified messaging server host name specified during Messaging Server installation, and should be in the Required Information Sheet for Delegated Administrator for Messaging Installation Sheet in Table 1-1
-
Admin URL is the fully qualified host name and port number of the Administration Server for the Messaging Server installation. This information was specified during Messaging Server installation and should be in the Delegated Administrator for Messaging Installation Sheet in Table 1-1. Example: http://galaxy.siroe.com:1210
-
CGI Path—use the default. Typically this is
<machine name>/Tasks/operation
-
If you answered no to the original question, you can add access to the purge commands later by adding these lines to the resource.properties file in <DelegatedAdmin_root>/nda/classes/netscape/nda/servlet/
-
MsgSvr0-name=<fully qualified host name>
MsgSvr0-adminurl=http://<fully qualified host name>:<host port>
MsgSvr0-cgipath=msg-<host name>/Tasks/operation
-
* * *
Install Screen 5—Calendar Server
-
---------------------------------------------------------
Sun-Netscape Alliance
iPlanet Delegated Administrator for Messaging Installation/Uninstallation
---------------------------------------------------------
If you want iPlanet Delegated Administrator for Messaging to manage an
iPlanet Calendar Server, enter 'Yes'.
Manage Calendar Server [No]: __________________
---------------------------------------------------------
-
Yes allows you to create Calendar User Entries on the GUI using the Delegated Administrator for Messaging GUI. Note that you also must have the iPlanet Calendar Server installed to create entries. If it is not installed, attempts to create calendar resources on the GUI will fail.
-
If you answered no to the original question, you can enable the creation of calendar user entries by modifying or entering the line NDADefaultConfiguration-calendar-support=yes in <DelegatedAdmin_root>/nda/classes/netscape/nda/servlet/resource.properties. Enter it under the line #### INSTALLER ####.
-
-
* * *
Install Screen 6—Enterprise Server
-
---------------------------------------------------------
Sun-Netscape Alliance
iPlanet Delegated Administrator for Messaging Installation/Uninstallation
---------------------------------------------------------
iPlanet Delegated Administrator for Messaging requires the configuration
directory of the Enterprise server instance. The Enterprise server must
be installed locally on this computer system, and iPlanet Delegated
Administrator for Messaging will be accessible only for this Enterprise
server instance.
Example: /home/es/https-machine/config
Specify Enterprise server config directory: ________________________
---------------------------------------------------------
-
Enter the configuration directory for the Enterprise Server (web server) instance. The configuration directory is located under the Enterprise Server root directory. Typically: <server_root_dir>/https-<machine_name>/config. This information is specified during Enterprise Server installation. See "Step 4: Install or Upgrade to iPlanet Web Server 4.1 SP2".
-
* * *
Install Screen 7—LDAP Server Host & Port
-
---------------------------------------------------------
Sun-Netscape Alliance
iPlanet Delegated Administrator for Messaging Installation/Uninstallation
---------------------------------------------------------
iPlanet Delegated Administrator for Messaging requires the use of a
LDAP-based Directory Server for the administration of server
configuration. This server is called the Configuration Directory.
Enter the non-SSL URL for the directory server:
ldap://<host>:<port>
Specify LDAP URL: ____________________________________
---------------------------------------------------------
-
This URL specifies the location of the machine and server port for the LDAP directory containing user/group data (not configuration data). This information is specified during Messaging Server installation and is in the Required Information Sheet for Delegated Administrator for Messaging Installation in Table 1-1. Example: ldap://galaxy.siroe.com:389
-
* * *
-
Install Screen 8—Directory Manager & Password
-
---------------------------------------------------------
Sun-Netscape Alliance
iPlanet Delegated Administrator for Messaging Installation/Uninstallation
---------------------------------------------------------
In order to create the suffix for iPlanet Delegated Administrator for
Messaging, enter the base DN and password of the user who can access the
Directory Server.
Specify Directory Manager [cn=Directory Manager]: ________________
Password: [from above]_________________________________________
---------------------------------------------------------
-
Enter the base DN and password of the Directory Manager (specified during the Messaging Server installation). These values are required because the Delegated Administrator for Messaging needs to create configuration entries in the LDAP directory. This information is in the Required Information Sheet for Delegated Administrator for Messaging Installation in Table 1-1.
-
* * *
Install Screen 9—Class of Service Plug-ins
-
---------------------------------------------------------
Sun-Netscape Alliance
iPlanet Delegated Administrator for Messaging Installation/Uninstallation
---------------------------------------------------------
The Directory Server that iDA uses does not have the Class of Services plugins
installed. You can continue the iDA installation now, but you need to install
the plugins later for iDA to work properly.
Continue iDA installation? [No]: Yes
---------------------------------------------------------
-
If the Class of Service plug-in hasn't been installed, this warning message appears. You can continue installation and install the plug-in at any time. See "Step 2: Configure the Directory Server Plug-ins."
-
* * *
Install Screen 10—User Data Suffix
-
---------------------------------------------------------
Sun-Netscape Alliance
iPlanet Delegated Administrator for Messaging Installation/Uninstallation
---------------------------------------------------------
iPlanet Delegated Administrator for Messaging requires a suffix to store
it's user data. If this base suffix does not exist the Installation
program will attempt to create it.
Example: o=isp
Exmaple: dc=isp, dc=com
Specify Suffix: ________________________________________
---------------------------------------------------------
-
Enter the root of the organization tree specified during the directory portion of the Messaging Server installation. It is the root under which the user data is to be stored. This information is in the Required Information Sheet for Delegated Administrator for Messaging Installation in Table 1-1.
-
* * *
Install Screen 11—DC Suffix
-
---------------------------------------------------------
Sun-Netscape Alliance
iPlanet Delegated Administrator for Messaging Installation/Uninstallation
---------------------------------------------------------
This suffix is already present in the directory.
Continue without installing iDA information in the directory? [No]: Yes
Specify DC Suffix [o=internet]:_____________________________
---------------------------------------------------------
For the first request, answer Yes. This parameter is for a standalone non-iMS installation. Sample data will not be installed.
The second request is for the DC tree root that the system uses to locate domain information. This parameter is by default o=internet. Unless this parameter was reconfigured in the Messaging System, use the default.
-
* * *
Install Screen 12—Configuration Suffix
-
---------------------------------------------------------
Sun-Netscape Alliance
iPlanet Delegated Administrator for Messaging Installation/Uninstallation
---------------------------------------------------------
iPlanet Delegated Administrator for Messaging requires a suffix to store
it's configuration data. If this base suffix does not exist the
Installation program will attempt to create it.
Example: o=isp
Exmaple: dc=isp, dc=com
Specify Suffix [o=siroe.com]:
---------------------------------------------------------
-
Use the same suffix as user data. See "Install Screen 10—User Data Suffix".
-
* * *
Install Screen 13—URL
-
---------------------------------------------------------
Sun-Netscape Alliance
iPlanet Delegated Administrator for Messaging Installation/Uninstallation
---------------------------------------------------------
Extracting Netscape core components...
Extracting iPlanet Delegated Administrator for Messaging...
Restarting Enterprise Server
Connecting netscape browser to http://galaxy.siroe.com:2001/nda/start.htm
Press Return to continue...
---------------------------------------------------------
-
Remember the URL listed (example http://galaxy.siroe.com:2001/nda/login.htm) as you will need this to log in to the Delegated Administrator for Messaging. If you forget the port number, you can find it in <server_root_dir>/https-<machine_name>/config/magnus.conf
Using the Delegated Administrator
Access the Delegated Administrator for Messaging Login Page by pointing a web browser to http://<host:webserver_port>/nda/login.htm.
You can use the Login Page to log in as any level of administrator named in the page. The user ID and password you use to log in determines your administrator role and determines which branches of the directory to which you have access.
To start Delegated Administrator from the Start Page:
In a browser, enter the URL for the Delegated Administrator host using the form http://<host:webserver_port>/nda/login.htm.
Click Login.
In the Delegated Administrator Login window, using the information on the Start Page, enter an administrator's system user ID and password. For example, to log in as serviceadmin, you would enter the following:
-
User ID: serviceadmin@<default domain>.com
-
Password: password
Click Login.
-
Delegated Administrator displays the administration page that is appropriate for the User ID you entered.
-