Previous     Contents     Index     Next     
iPlanet Messaging Server 5.2 Administrator's Guide



Chapter 4   Configuring and Administering Multiplexor Services


This chapter describes two Multiplexors that are included with iPlanet Messaging Server: the Messaging Multiplexor (MMP) for standard mail protocols (POP, IMAP and SMTP) and the Messenger Express Multiplexor used for the Messenger Express web interface.

The following topics are covered in this chapter:



About Multiplexor Services

A Multiplexor is necessary to achieve horizontal scalability (the ability to support more users by adding more machines), because it provides a single domain name that can be used to connect indirectly to multiple mail stores. A multiplexor can also provide security benefits.

While MMP is managed separately from iPlanet Messaging Server, Messenger Express Multiplexor is built-in to the HTTP service (mshttpd) that is included with the iPlanet Message Store and Message Access installation.


Multiplexor Benefits

Message stores on heavily used messaging servers can grow quite large. Spreading user mailboxes and user connections across multiple servers can therefore improve capacity and performance. In addition, it may be more cost-effective to use several small server machines than one large, high-capacity, multiprocessor machine.

If the size of your mail-server installation requires the use of multiple message stores, your organization can benefit in several ways from using the multiplexors. The indirect connection between users and their message stores, coupled with the ease of reconfiguration of user accounts among messaging servers allows for the following benefits:

  • Simplified User Management

    Because all users connect to one server (or more, if you have separate Multiplexor machines for POP, IMAP, SMTP or web access), you can preconfigure email clients and distribute uniform login information to all users. This simplifies your administrative tasks and reduces the possibility of distributing erroneous login information.

    For especially high-load situations, you can run multiple Multiplexor servers with identical configurations and manage connections to them by DNS round robin or by using a load-balancing system.

    Because the Multiplexors use information stored in the LDAP directory to locate each user's Messaging Server, moving a user to a new server is simple for the system administrator and transparent to the user. The administrator can move a user's mailbox from one Messaging Server to another, and then update the user's entry in the LDAP directory. The user's mail address, mailbox access, and other client preferences need not change.

  • Improved Performance

    If a message store grows prohibitively large for a single machine, you can balance the load by moving some of the message store to another machine.

    You can assign different classes of users to different machines. For example, you can choose to locate premium users on a larger and more powerful machine.

    The Multiplexors perform some buffering so that slow client connections (through a modem, for example) do not slow down the Messaging Server.

  • Decreased Cost

    Because you can efficiently manage multiple Messaging Servers with a Multiplexor, you might be able to decrease overall costs by purchasing several small server machines that together cost less than one very large machine.

  • Better Scalability

    With the Multiplexors, your configuration can expand easily. You can incrementally add machines as your performance or storage-capacity needs grow, without replacing your existing investment.

  • Minimum User Downtime

    Using the Multiplexors to spread a large user base over many small store machines isolates user downtime. When an individual server fails, only its users are affected.

  • Increased Security

    You can use the server machine on which the Multiplexor is installed as a firewall machine. By routing all client connections through this machine, you can restrict access to the internal message store machines by outside computers. The Multiplexors support both unencrypted and encrypted communications with clients.



About iPlanet Messaging Multiplexor

The iPlanet Messaging Multiplexor (MMP) is a specialized messaging server that acts as a single point of connection to multiple back-end messaging servers. With Messaging Multiplexor, large-scale messaging-service providers can distribute POP and IMAP user mailboxes across many machines to increase message store capacity. All users connect to the single Multiplexor server, which redirects each connection to the appropriate messaging server.

If you provide electronic mail service to many users, you can install and configure the Messaging Multiplexor so that an entire array of messaging servers will appear to your mail users to be a single host.

The Messaging Multiplexor is provided as part of iPlanet Messaging Server. You can install the MMP at the same time you install the Messaging Server or other iPlanet servers, or you can install the MMP separately at a later time.

The MMP supports:

  • Both unencrypted and encrypted (SSL) communications with mail clients.

  • Client certificate-based authentication, described in Certificate-Based Client Authentication.

  • User pre-authentication, described in User Pre-Authentication.

  • Virtual domains that listen on different IP addresses and automatically append domain names to user IDs, described in MMP Virtual Domains.

  • Multiple installations of the MMP on different machines (one installation per machine). See the iPlanet Messaging Server Installation Guide.

  • Multiple instances of Multiplexor on a server machine, described in Multiple Messaging Multiplexor Instances. Multiple instances can be used for alternate configurations such as SSL or the listen port that cannot be handled through virtual domains.

  • Enhanced LDAP searching.

  • POP before SMTP service for legacy POP clients. For more information, see "Enabling POP Before SMTP".


How the Messaging Multiplexor Works

The iPlanet MMP is a multithreaded server that facilitates distributing mail users across multiple server machines. The MMP handles incoming client connections destined for other server machines (the machines on which user mailboxes reside). Clients connect to the MMP itself, which determines the correct server for the users, connects to that server, and then passes data between the client and server. This capability allows Internet service providers and other large installations to spread message stores across multiple machines (to increase capacity) while providing the appearance of a single mail host for users (to increase efficiency) and for external clients (to increase security).

Figure 4-1 shows how servers and clients relate to each other in an MMP installation.

Figure 4-1    Clients and Servers in an MMP Installation

All POP, IMAP, and SMTP clients work with the Messaging Multiplexor. The MMP accepts connections, performs LDAP directory lookups, and routes the connections appropriately. As is typical with other mail server installations, each user is assigned a specific address and mailbox on a specific Messaging Server. However, all connections are routed through the MMP.

In more detail, these are the steps involved in establishing a user connection:

  1. A user's client connects to the MMP, which accepts preliminary authentication information (user name).

  2. The MMP queries the Directory Server to determine which Messaging Server contains that user's mailbox.

  3. The MMP connects to the proper Messaging Server, replays authentication, then acts as a pass-through pipe for the duration of the connection.


Encryption (SSL) Option

The iPlanet Messaging Multiplexor supports both unencrypted and encrypted (SSL) communications between the Messaging Server(s) and their mail clients.

When SSL is enabled, the MMP IMAP and SMTP services support STARTTLS and the MMP can also be configured to listen on additional ports for SSL IMAP, POP, and SMTP connections.

To enable SSL encryption for your IMAP, POP, and SMTP services, edit the ImapProxyAService.cfg, PopProxyAService.cfg, and SmtpProxyAService.cfg files, respectively. You must also edit the default:ServiceList option in the AService.cfg file to include the list of all IMAP, POP, and SMTP server ports regardless of whether or not they are secure.

By default, SSL is not enabled since the SSL configuration parameters are commented out. To enable SSL, you must install an SSL server certificate. Then, you should uncomment and set the SSL parameters. For a list of the SSL parameters, see the Messaging Server Reference Manual.


Certificate-Based Client Authentication

The MMP can use a certificate mapping file (certmap) to match a client's certificate to the correct user in the Users/Groups Directory Server.

In order to use certificate-based client authentication, you must also enable SSL encryption as described in Encryption (SSL) Option.

You also have to configure a store administrator. You can use the mail administrator, but it is recommended that you create a unique user ID, such as mmpstore for this purpose so that you can set permissions as needed.

Note that the MMP does not support certmap plug-ins. Instead, the MMP accepts enhanced DNComps and FilterComps property value entries in the certmap.conf file. These enhanced format entries use the form:

mapname:DNComps FROMATTR=TOATTR
mapname:FilterComps FROMATTR=TOATTR

So that a FROMATTR value in a certificate's subjectDN can be used to form an LDAP query with the TOATTR=value element. For example, a certificate with a subjectDN of "cn=Pilar Lorca, ou=pilar o=siroe.com" could be mapped to an LDAP query of "(uid=pilar)" with the line:

mapname:FilterComps ou=uid

To enable certificate-based authentication for your IMAP service:

  1. Decide on the user ID you intend to use as store administrator.

    While you can use the mail administrator for this purpose, it is recommended that you create a unique user ID for store administrator (for example, mmpstore).

  2. Make sure that SSL encryption is (or will be) enabled as described in Encryption (SSL) Option.

  3. Configure the MMP to use certificate-based client authentication by specifying the location of the certmap.conf file in your configuration files.

  4. Install at least one trusted CA certificate, as described in "To Install Certificates of Trusted CAs".


User Pre-Authentication

The MMP provides you with the option of pre-authenticating users by binding to the directory as the incoming user and logging the result.

Note Enabling user pre-authentication will reduce server performance


The log entries are in the format:

date time (sid 0xhex) user name pre-authenticated - client IP address, server IP address

Where date is in the format yyyymmdd, time is in UTC (Standard Coordinated Universal Time, also known as GMT (Greenwich Mean Time)) in the format hhmmss, hex is the session identifier (sid) represented as a hexidecimal number, the user name includes the virtual domain (if any), and the IP address is in dot-quad format.


MMP Virtual Domains

An MMP virtual domain is a set of configuration settings associated with a server IP address. The primary use of this feature is to provide different default domains for each server IP address.

A user can authenticate to MMP with either a short-form userID or a fully qualified userID in the form user@domain. When a short-form userID is supplied, the MMP will append the DefaultDomain setting, if specified. Consequently, a site which supports multiple hosted domains can permit the use of short-form userIDs simply by associating a server IP address and MMP virtual domain with each hosted domain.

The recommended method for locating the user subtree for a given hosted domain is via the inetDomainBaseDN attribute in the LDAP domain tree entry for that domain. The MMP's LdapUrl setting is not suitable for this purpose since the back-end mail store servers will also need to look up the user in LDAP and do not support virtual domains.

To enable virtual domains, edit the ImapProxyAService.cfg, PopProxyAService.cfg, or SmtpProxyAService.cfg file(s) in the instance directory such that the VirtualDomainFile setting specifies the full path to the virtual domain mapping file.

Each entry of a virtual domain file has the following syntax:

vdmap name IPaddr
name:parameter value

Where name is simply used to associate the IP address with the configuration parameters and can be any name you choose to use, IPaddr is in dot-quad format, and parameter and value pairs configure the virtual domain. When set, virtual domain configuration parameter values override global configuration parameter values.

Listed below are the configuration parameters you can specify for a virtual domain:

AuthCacheSize and AuthCacheSizeTTL
AuthService
BindDN and BindPass
CertMap
ClientLookup
CRAMs
DefaultDomain
DomainDelim
HostedDomains
LdapCacheSize and LdapCacheTTL
LdapURL
MailHostAttrs
PreAuth
ReplayFormat
StoreAdmin and StoreAdminPass
SearchFormat
TCPAccess
TCPAccessAttr

Note Unless the LdapURL is correctly set, the BindDN, BindPass, LdapCacheSize and LdapCacheTTL settings will be ignored.


For detailed descriptions of these configuration parameters, see the iPlanet Messaging Server Reference Manual.


Multiple Messaging Multiplexor Instances

You can install multiple instances of the MMP on a single server. Each of these instances will run as a separate process and can have different configuration files. Multiple instances are necessary when you need different settings for different server IP addresses or ports, and those settings are ones that cannot be changed by a virtual domain. The SSL server certificate is an example of such a setting.

You can configure a single instance of the MMP to support both POP, IMAP, and SMTP protocols (as shown in Figure 4-1), or you can create separate MMP instances for each protocol, as shown in Figure 4-2. By splitting messaging services across different machines, you can tune the resources on each computer for maximum performance.

Figure 4-2    Separate MMP Instances for Each Protocol

For instructions on creating multiple instances of the MMP, see the iPlanet Messaging Server Installation Guide.


About SMTP Proxy

The MMP includes an SMTP proxy which is disabled by default. Most sites do not need the SMTP proxy because Internet Mail standards already provide an adequate mechanism for horizontal scalability of SMTP (DNS MX records).

The SMTP proxy is useful for the security features it provides. First, the SMTP proxy is integrated with the POP proxy to implement the POP before SMTP authorization facility required by some legacy POP clients. For more information, see "Enabling POP Before SMTP".

In addition, an investment in SSL acceleration hardware can be maximized by using the SMTP proxy. See "How to Optimize SSL Performance Using the SMTP Proxy".


Configuring Messaging Multiplexor

To configure the Messaging Multiplexor, you must manually edit the configuration parameters in the Messaging Multiplexor configuration files listed in Table 4-1.

Table 4-1    Messaging Multiplexor Configuration Files 

File

Description

PopProxyAService.cfg  

Configuration file specifying configuration variables used for POP services.  

PopProxyAService-def.cfg  

POP services configuration template. If the PopProxyAService.cfg file does not exist, the PopProxyAService-def.cfg template is copied to create a new PopProxyAService.cfg file.  

ImapProxyAService.cfg  

Configuration file specifying configuration variables used for IMAP services.  

ImapProxyAService-def.cfg  

IMAP services configuration template. If the ImapProxyAService.cfg file does not exist, the ImapProxyAService-def.cfg template is copied to create a new ImapProxyAService.cfg file.  

AService.cfg  

Configuration file specifying which services to start and a few options shared by both POP and IMAP services.  

AService-def.cfg  

Configuration template specifying which services to start and a few options shared by both POP and IMAP services. If the AService.cfg file does not exist, the AService-def.cfg template is copied to create a new AService.cfg file.  

AService.rc  

Script used to start, stop, restart, and reload the MMP.

To enable automatic startup of the MMP after reboot, the AService.rc script can be copied to /etc/init.d and symbolically linked to the appropriate /etc/rc?.d directories. For more information about initialization and termination scripts, refer to the man page on init.d.  

SmtpProxyAService.cfg  

Optional configuration file specifying configuration variables used for SMTP Proxy services. Required if you enable POP before SMTP; useful for maximizing support for SSL hardware even if POP before SMTP is not enabled. For more information on POP before SMTP, see "Enabling POP Before SMTP".  

SmtpProxyAService-def.cfg  

Configuration template specifying configuration variables used for SMTP Proxy services. If the SmtpProxyAService.cfg file does not exist, the SmtpProxyAService-def.cfg template is copied to create a new SmtpProxyAService.cfg file.  

The Messaging Multiplexor configuration files are stored in the server_root/mmp-hostname directory, where server_root is the directory where you installed the Messaging Server and mmp-hostname is the subdirectory named after the MMP instance. For example, if you installed the MMP on a machine named tarpit and accepted the default installation location, the configuration files would be located in /usr/iplanet/server5/mmp-tarpit.

As an example, the LogDir and LogLevel parameters can be found in all configuration files. In ImapProxyAService.cfg, they are used to specify logging parameters for IMAP-related events; similarly, these parameters in PopProxyAService.cfg are used to configure logging parameters for POP-related events. In SmtpProxyAService.cfg, they are used to specify logging for SMTP Proxy-related events.

In AService.cfg, however, LogDir and LogLevel are used for logging MMP-wide failures, such as the failure to start a POP, IMAP, or SMTP service.

Note When the MMP is installed or upgraded, the configuration template files will be overwritten.


For a complete description of all MMP configuration parameters, see the iPlanet Messaging Server Reference Manual.


To Start Messaging Multiplexor


UNIX Systems

To start an instance of the Messaging Multiplexor in a UNIX system, run the AService.rc script in the server_root/mmp-hostname directory as follows:

./AService.rc [options]

Optional parameters for the AService.rc script are described in Table 4-2.

Table 4-2    Optional Parameters for the AService.rc Script

Option

Description

start  

Start the MMP (even if one is already running).  

stop  

Stop the most recently started MMP.  

restart  

Stop the most recently started MMP, then start an MMP.  

reload  

Causes an MMP that is already running to reload its configuration without disrupting any active connections.  


Windows NT Systems

To start an instance of the Messaging Multiplexor in a Windows NT, go to Services in the Windows NT Control Panel and click on "Start." You can also click on "Stop" to stop the MMP. The service options are described below in Table 4-3.

Table 4-3    Windows NT MMP Service Options

Option

Description

start  

At the Control Panel, start the MMP (even if one is already running), or, at the command line run the command AService.exe start  

stop  

At the Control Panel, stop the most recently started MMP, or, at the command line run the command AService.exe stop  

restart  

To restart on Windows NT, stop the most recently started MMP and then start an MMP.  

reload  

To reload the MMP, go to the mmp-instance directory and at the command line run the command AService.exe refresh  


A Sample Topology

The fictional Siroe Corporation has two Messaging Multiplexors on separate machines, each supporting several Messaging Servers. POP and IMAP user mailboxes are split across the Messaging Server machines, with each server dedicated exclusively to POP or exclusively to IMAP (You can restrict client access to POP services alone by removing the ImapProxyAService entry from the ServiceList setting; likewise, you can restrict client access to IMAP services alone by removing the PopProxyAService entry from the ServiceList setting.). Each Messaging Multiplexor also supports only POP or only IMAP. The LDAP directory service is on a separate, dedicated machine.

This topology is illustrated below in Figure 4-3.

Figure 4-3    Multiple MMPs Supporting Multiple Messaging Servers


IMAP Configuration Example

The IMAP Messaging Multiplexor in Figure 4-3 is installed on sandpit, a machine with two processors. This Messaging Multiplexor is listening to the standard port for IMAP connections (143). Messaging Multiplexor communicates with the LDAP server on the host phonebook for user mailbox information, and it routes the connection to the appropriate IMAP server. It overrides the IMAP capability string, provides a virtual domain file, and supports SSL communications.

This is its ImapProxyAService.cfg configuration file:

default:LdapUrl             ldap://phonebook/o=Siroe.com
default:LogDir              /usr/iplanet/server5/mmp-sandpit/log
default:LogLevel            5
default:BindDN              "cn=Directory Manager"
default:BindPass            secret
default:BacksidePort        143
default:Timeout             1800
default:Capability          "IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS CHILDREN LANGUAGE XSENDER X-NETSCAPE XSERVERINFO AUTH=PLAIN"
default:SearchFormat        (uid=%s)
default:SSLEnable           yes
default:SSLPorts            993
default:SSLSecmodFile       /usr/iplanet/server5/mmp-sandpit/secmod.db
default:SSLCertFile         /usr/iplanet/server5/mmp-sandpit/cert7.db
default:SSLKeyFile          /usr/iplanet/server5/mmp-sandpit/key3.db
default:SSLKeyPasswdFile    ""
default:SSLCipherSpecs      all
default:SSLCertNicknames    Siroe.com Server-Cert
default:SSLCacheDir         /usr/iplanet/server5/mmp-sandpit
default:SSLBacksidePort     993
default:VirtualDomainFile   /usr/iplanet/server5/mmp-sandpit/vdmap.cfg
default:VirtualDomainDelim  @
default:ServerDownAlert     "your IMAP server appears to be temporarily out of service"
default:MailHostAttrs       mailHost
default:PreAuth             no
default:CRAMs               no
default:AuthCacheSize       10000
default:AuthCacheTTL        900
default:AuthService         no
default:AuthServiceTTL      0
default:BGMax               10000
default:BGPenalty           2
default:BGMaxBadness        60
default:BGDecay             900
default:BGLinear            no
default:BGExcluded          /usr/iplanet/server5/mmp-sandpit/bgexcl.cfg
default:ConnLimits          0.0.0.0|0.0.0.0:20
default:LdapCacheSize       10000
default:LdapCacheTTL        900
default:HostedDomains       yes
default:DefaultDomain       Siroe.com


POP Configuration Example

The POP Messaging Multiplexor example in Figure 4-3 is installed on tarpit, a machine with four processors. This Messaging Multiplexor is listening to the standard port for POP connections (110). Messaging Multiplexor communicates with the LDAP server on the host phonebook for user mailbox information, and it routes the connection to the appropriate POP server. It also provides a spoof message file.

This is its PopProxyAService.cfg configuration file:

default:LdapUrl             ldap://phonebook/o=Siroe.com
default:LogDir              /usr/iplanet/server5/mmp-tarpit/log
default:LogLevel            5
default:BindDN              "cn=Directory Manager"
default:BindPass            password
default:BacksidePort        110
default:Timeout             1800
default:Capability          "IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS CHILDREN LANGUAGE XSENDER X-NETSCAPE XSERVERINFO AUTH=PLAIN"
default:SearchFormat        (uid=%s)
default:SSLEnable           no
default:VirtualDomainFile   /usr/iplanet/server5/mmp-tarpit/vdmap.cfg
default:VirtualDomainDelim  @
default:MailHostAttrs       mailHost
default:PreAuth             no
default:CRAMs               no
default:AuthCacheSize       10000
default:AuthCacheTTL        900
default:AuthService         no
default:AuthServiceTTL      0
default:BGMax               10000
default:BGPenalty           2
default:BGMaxBadness        60
default:BGDecay             900
default:BGLinear            no
default:BGExcluded          /usr/iplanet/server5/mmp-tarpit/bgexcl.cfg
default:ConnLimits          0.0.0.0|0.0.0.0:20
default:LdapCacheSize       10000
default:LdapCacheTTL        900
default:HostedDomains       yes
default:DefaultDomain       Siroe.com



About Messenger Express Multiplexor


The iPlanet Messenger Express Multiplexor is a specialized server that acts as a single point of connection to the HTTP access service. Messenger Express is the client interface to the iPlanet Messaging Server HTTP service. All users connect to the single messaging proxy server, which directs them to their appropriate mailbox. As a result, an entire array of messaging servers will appear to your mail users to be a single host.

While the iPlanet Messaging Multiplexor (MMP) connects to POP and IMAP servers, the Messenger Express Multiplexor connects to an HTTP server. In other words, the Messenger Express Multiplexor is to Messenger Express as MMP is to POP and IMAP.

Like MMP, the Messenger Express Multiplexor supports:

  • Both unencrypted and encrypted (SSL) communication with mail clients

    For more information on configuring SSL, refer to Security and Access Control in Chapter 12.

  • Hosted Domains

    For more information, refer to the iPlanet Messaging Server Provisioning Guide.

Unlike MMP, the Messenger Express Multiplexor is built into the mshttpd service, and consequently uses the same logging and configuration mechanisms.


How Messenger Express Multiplexor Works

The Messenger Express Multiplexor is made up of a proxy messaging server that acts as a Multiplexor; it allows you to connect to the HTTP service of iPlanet Messaging Server (Messenger Express). The Messenger Express Multiplexor facilitates distributing mailboxes across multiple server machines. Clients connect to the Multiplexor when logging onto iPlanet Messenger Express, which determines the correct server for the users, connects to that server, and then passes data between the client and server. This capability allows large installations to spread message stores across multiple machines (to increase capacity) while providing the appearance of a single mail host for users (to increase efficiency) and for external clients (to increase security). Figure 4-4 describes where the Messenger Express Multiplexor resides in an iPlanet Messaging Server installation.

Figure 4-4    Overview of iPlanet Messenger Express Multiplexor

The Messenger Express Multiplexor interfaces between iPlanet Messenger Express client and iPlanet Messaging Servers by accepting connections and routing them appropriately. As is typical with other mail server installations, each user is assigned a specific address and mailbox on a specific messaging server. However, all HTTP connections are routed through the Messenger Express Multiplexor.

In more detail, these are the steps involved when establishing a user connection:

  1. A user's client connects to the Messenger Express Multiplexor, which accepts preliminary authentication information.

  2. The Messenger Express Multiplexor queries Directory Server to determine which messaging server contains the user's mailbox.

  3. The Messenger Express Multiplexor connects to the associated Messaging Server, replays authentication, then acts as a pass-through pipe for the duration of the session.


To Set Up the Messenger Express Multiplexor

This section will describe the steps you should follow to set up and configure your Messenger Express Multiplexor. Topics that are covered include:


Install Messaging Server on Proxy Machine

The first step is to install Messaging Server on the proxy machine that will become the Messenger Express Multiplexor. For specific installation instructions, see the iPlanet Messaging Server Installation Guide.

Be sure to configure the Messaging Server to a users and groups directory server that points to the back-end messaging servers. This directory server will be used to authenticate users to Messenging Server through the Messenger Express Multiplexor.


To Configure Multiplexor Parameters

After you complete the Messaging Server installation on the proxy machine, configure the Messenger Express Multiplexor parameters:

  1. Gather the needed back-end Messaging Server information.

    Run the configutil command in the directory of your back-end messaging servers to determine the values of the parameters that are later described in this section. The configuration of the proxy machine (where the Multiplexor will be enabled) must match the back-end messaging servers to ensure successful setup.

  2. Set the configuration parameters for the Messenger Express Multiplexor.

    Run the configutil command in directory server_root/bin/msg-instance/configutil of your proxy machine messaging server to set the configuration values. Note that these values should match the values of the back-end messaging servers.

    For a detailed explanation on running the configutil command, see the iPlanet Messaging Server Reference Manual.

The following sections describe the configutil parameters needed to set up the Messenger Express Multiplexor:


LDAP Parameters
You will need to make sure that the Directory Server parameters are correctly specified prior to enabling the Messenger Express Multiplexor. To determine your LDAP parameters, run the following command in the appropriate back-end Messaging Server instance directory:

  • configutil -o local.ugldaphost

    This parameter displays the users and groups LDAP Directory Server that the back-end messaging servers use. Make sure that ldaphost is set to the same value (or a replicated LDAP server containing the same data) that the back-end messaging servers use.

  • configutil -o local.ugldapbinddn
    configutil -o local.ugldapbindcred

    These parameters display the DN and password of the users and groups Directory Server administrator. Both ldapbinddn and ldapbindcred must be the same as in your back-end messaging servers specifications.


dcroot
You will need to make sure that the dcroot is correctly specified. To determine your dcroot, run the following command in the appropriate messaging server instance directory:

configutil -o service.dcroot


Default Domain
You will need to make sure that the messaging server default domain (defaultdomain) is correctly indicated. To determine your messaging server default domain, run the following configutil command in the appropriate messaging server instance directory:

configutil -o service.defaultdomain


Login Separator
Make sure that the login separator (loginseparator) is consistent with the login separator used by the back-end messaging server. To determine your messaging server login separator, run the configutil command in the appropriate back-end messaging server instance directory:

configutil -o service.loginseparator


Enable Messenger Express Multiplexor

Once you set the configuration parameters, you can enable the Messenger Express Multiplexor on the proxy machine. To do so, run the following configutil command in the directory server_root/bin/msg-instance/configutil of the messaging server instance on the proxy machine:

configutil -o local.service.http.proxy -v 1

where 1 enables the Messenger Express Multiplexor (default 0).

When a non-local user (users whose mail host is not on the server where they log in) logs in and the value of local.service.http.proxy is 0, the user will be directed to his host, and the user will see the host name change; therefore, the Multiplexor is not enabled.

If the value of local.service.http.proxy is set to 1, the Multiplexor is enabled, the host name does not change, and the entire array of messaging servers will appear to be a single host to your non-local mail users.

For local users (users whose mail host is the server where they log in), the server will use the local message store regardless of the local.service.http.proxy parameter value. It is possible to have both proxy and local users coexisting on the same messaging server.

For more information on the configutil command, see the iPlanet Messaging Server Reference Manual.


Testing Your Setup

In this section, you will learn how to test your Messenger Express Multiplexor setup and to look for messages in the log files. It is assumed that you have configured and enabled the Messenger Express Multiplexor.


Access Messenger Express Client

Prior to testing your installation, you should already be familiar with the Messenger Express product. In addition, you should already have a test account that you have previously created.

To test your Messenger Express Multiplexor proxy, follow these steps:

  1. Through the Messenger Express Multiplexor, connect to Messenger Express by typing in the brower location:

    http://msgserver_name in the browser location.

    For example:

    http://budgie.sesta.com

  2. Using a test account that you previously created, log in to Messenger Express.

  3. You should be able to successfully log in and access messages from the back-end messaging servers.

  4. If the messaging server name changes once you log in through Messenger Express, make sure local.service.http.proxy is set to 1 and that you have restarted the messaging proxy server. The Messenger Express Multiplexor should provide the appearance of a single mail host to your users.


Error Messages

If you receive an error message when you enter the user id, password, and click Connect, you should review the HTTP log file of the proxy machine. To view the error messages, go to the server_root/msg-instance/log/http/ directory. In most cases, the error message will contain sufficient information to diagnose the problem. In those instances where there is not sufficient information to diagnose the problem, contact iPlanet Customer Support.


Administering Your Messenger Express Multiplexor

This section describes the basic administration capabilities of the Messenger Express Multiplexor.


Configure and Administer SSL

To configure and administer SSL (otherwise known as Secure Sockets Layer) for your Messenger Express Multiplexor, refer to "To Enable SSL and Selecting Ciphers".


Multiple Proxy Server Setup

To set up multiple Messenger Express Multiplexors that are addressed by a single name, you can use a session-aware load balancing device. With this device, all requests can be routed from any given client to a unique server.


Managing Different Versions of Messaging Server and Messenger Express Multiplexor

If you use different versions of iPlanet Messaging Server for the Messenger Express Multiplexor and the back-end mail hosts, you need to update the Messenger Express static files to ensure compatibility between the servers.

The static files which make up the Messenger Express interface are served directly from the Messenger Express Multiplexor, not user's mail host. The Multiplexor finds these files in the server_root/msg-instance/html directory.

To update these files in order to ensure compatibility between servers, replace the entire contents (which consist of these static files that make up the Messenger Express interface) of the directory server_root/msg-instance/html in the newer version of Messaging Server with the entire contents of the same directory in the older version of Messaging Server.

For example, if the back-end messaging servers use iPlanet Messaging Server 5.1 and you have installed iPlanet Messaging Server 5.2 as the Messenger Express Multiplexor, you need to replace the entire contents of the directory server_root/msg-instance/html of the Messenger Express Multiplexor with the contents of the same directory from the iPlanet Messaging Server 5.1 back-end server. When you eventually upgrade iPlanet Messaging Server 5.1 to iPlanet Messaging Server 5.2, you can update these static files in directory server_root/msg-instance/html for the Messenger Express Multiplexor server as well.


Previous     Contents     Index     Next     
Copyright © 2002 Sun Microsystems, Inc. All rights reserved.

Last Updated February 27, 2002