8 Contacts Server Post-Installation Tasks

This chapter provides instructions for Oracle Communications Contacts Server post-installation tasks.

Many Contacts Server post-installation tasks involve configuring system security. For security-related tasks, such as configuring SSL, see Contacts Server Security Guide.

Changing the User Unique Identifier

Contacts Server requires a unique identifier in the form of an LDAP attribute whose value is used to map each user account to a unique account in the database. The current default and recommended attribute, davuniqueid, prevents a potential serious issue with using nsUniqueId. If you use nsUniqueId and the LDAP entry for a user, group, or resource is deleted and recreated in LDAP, the new entry would receive a different nsUniqueId value from the Directory Server, causing a disconnect from the existing account in the contacts database. As a result, recreated users cannot access their existing contacts.

To change the unique identifier:

Run the davadmin config modify command to modify the davcore.uriinfo.permanentuniqueid configuration parameter. This parameter specifies the unique valued LDAP attribute present in the LDAP entry of all subjects (users, groups, and resources).

See the topic on command-line utilities in Contacts Server System Administrator's Guide for more information about the davadmin command.

Caution:

Changing this option after any user data is created in the database leads to data loss.

Contacts Server performs searches on the index you chose to use for davcore.uriinfo.permanentuniqueid. The installation process automatically creates the Directory Server index for davuniqueid. If you did not choose to use the default value of davuniqueid for davcore.uriinfo.permanentuniqueid, you must index the chosen attribute for presence and equality ([pres.eq]) in Directory Server. For more information about working with Directory Server indexes, refer to the Directory Server documentation.

Add the attribute to the list of LDAP attributes fetched by Contacts Server by running the davadmin config modify command to change the davcore.uriinfo.subjectattributes configuration parameter. Make sure to add on to the existing list and pass the entire value when doing the modification.

Configuring Virus Scanning

To enhance security within your installation, you can configure Contacts Server to scan attachments, such as photos, for viruses. Contacts Server virus scanning can examine attachments in a real-time mode to test and optionally reject incoming infected data. You can also choose to scan and optionally delete infected existing data on-demand.

To enable Contacts Server for virus scanning, see the topic on configuring virus scanning in Calendar Server System Administrator's Guide.

Though this documentation is written for Calendar Server, it also applies to Contacts Server. The only exception is that Contacts Server does not have an iSchedule database.

Configuring Directory VLV Browsing for Contacts Server

This section describes how to set up a Virtual List View (VLV) browsing index for Oracle Directory Server Enterprise Edition 11.1.1.5.0 using Contacts Server. Directory Server VLV browsing indexes are used by Contacts Server to enable pagination support in the Corporate Address Book from the RESTful protocol. For more information, see the topic on managing browsing indexes in Oracle Directory Server Enterprise Edition Administration Guide at:

http://docs.oracle.com/cd/E20295_01/html/821-1220/bcaug.html

Using VLV in Contacts Server

By default, Contacts Server enables the Corporate Directory feature by using the deployment's user/group LDAP pool with the following configuration parameters:

• store.corpdir.enablecorpdir=true

• store.corpdir.defaultcorpdirectoryurl=ldap://ugldap/??sub?(objectclass=*)

If necessary, tailor the objectclass to your site's needs, for example: objectclass=inetorgperson.

However, VLV is not enabled by default. To use VLV, you must perform the following steps:

• Define a browsing index and generate the browsing index in Directory Server, as described in "Creating a VLV Browsing Index."

• Use an LDAP URL syntax extension to enable the use of VLV in the Contacts Server store.corpdir.defaultcorpdirectoryurl configuration parameter.

The general LDAP URL syntax is in the form ldap://ldap_pool_name/basedn?attributes?scope?filter?extensions. The available private extensions are:

• vlv

• sort=sort_on_attribute

• displayname=friendly_display_name

The displayname extension is optional. If it is missing, then the value "Corporate Directory" is used. Thus, to enable VLV in the default corporate directory, you set the store.corpdir.defaultcorpdirectoryurl parameter as follows:

store.corpdir.defaultcorpdirectoryurl = ldap://ugldap/??sub?(objectclass=inetorgperson)?vlv,sort=cn,displayname="Default Corporate Directory"

This value enables VLV, uses cn as the sorting attribute, and causes the displayname to appear in the output of listing all public address books:

>> Request <<
GET /rest/?booktype=public HTTP/1.1
Host: siroe.com
Content-Length: 0
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==

>> Response <<
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: xxxx
{
    "restversion": "1.0",
    "baseuri": "https://siroe.com",
    "homeuri": "/rest/home/johndoe/",
    "addressbook": [{
        "uri": "/rest/directory/default/",
        "displayname": "Default Corporate Directory",
        "type": "public",
        "myrights": "r"
    }],
    "totalresults": 1
}

Creating a VLV Browsing Index

You must perform the following steps on every Directory Server instance that Contacts Server uses. Directory Server index configuration settings are not replicated.

Creating a VLV browsing index involves the following tasks:

• Defining the VLV Browsing Index

• Generating the VLV Browsing Index

Defining the VLV Browsing Index

To define the VLV browsing index:

1. The following LDAP modifications add the required Directory Server settings for the VLV index, which enables you to then create the index in "Generating the VLV Browsing Index".

   /opt/sun/dsee7/dsrk/bin/ldapmodify -h directory_server_hostname -p directory_server_port -D "cn=Directory Manager"
   dn: cn=Browsing organization,cn=database_backend,cn=ldbm database,cn=plugins,cn=config
   changetype: add
   objectClass: top
   objectClass: vlvSearch
   cn: Browsing organization
   vlvbase: organization_base
   vlvscope: 2
   vlvfilter: vlv_search_filter
   aci: (targetattr="*")(version 3.0; acl "VLV for Anonymous";
    allow (read,search,compare) userdn="ldap:///anyone";)
   
   dn: cn=Sort by vlv_sort_attribute,cn=Browsing organization,cn=database_backend,cn=ldbm database,cn=plugins,cn=config
   changetype: add
   objectClass: top
   objectClass: vlvIndex
   cn: Sort by vlv_sort_attribute
   vlvSort: vlv_sort_attribute
   

2. To determine the database_backend setting, to refer to the ds_instance_path/config/dse.ldif file and search for nsslapd-suffix: user_group_base. The following example shows the database_backend as isp for the user_group_base of o=isp.

   dn: cn=isp,cn=ldbm database,cn=plugins,cn=config
   objectClass: top
   objectClass: extensibleObject
   objectClass: nsBackendInstance
   cn: isp
   creatorsName: cn=directory manager
   modifiersName: cn=directory manager
   entrydn: cn=isp,cn=ldbm database,cn=plugins,cn=config
   numSubordinates: 4
   nsslapd-suffix: o=isp
   nsslapd-cachesize: -1
   nsslapd-cachememsize: 10485760
   nsslapd-readonly: off
   nsslapd-require-index: off
   nsslapd-directory: /var/opt/SUNWdsee/dsins1/db/isp
   

3. The following ldapmodify command uses the preceding value for database_backend:

   /opt/sun/dsee7/dsrk/bin/ldapmodify -h directory.siroe.com -p 389 -D "cn=Directory Manager"
   dn: cn=Browsing siroe.com,cn=isp,cn=ldbm database,cn=plugins,cn=config
   changetype: add
   objectClass: top
   objectClass: vlvSearch
   cn: Browsing siroe.com
   vlvbase: o=siroe.com,o=isp
   vlvscope: 2
   vlvfilter: (objectclass=inetorgperson)
   aci: (targetattr="*")(version 3.0; acl "VLV for Anonymous";
    allow (read,search,compare) userdn="ldap:///anyone";)
   
   dn: cn=Sort by cn,cn=Browsing siroe.com,cn=isp,cn=ldbm database,cn=plugins,cn=config
   changetype: add
   objectClass: top
   objectClass: vlvIndex
   cn: Sort by cn
   vlvSort: cn
   

Generating the VLV Browsing Index

To propagate the VLV index with data, you must first stop the Directory Server.

1. Change to the ds_install/bin directory and stop the Directory Service.

   cd /opt/sun/dsee7/bin
   dsadm stop ds_instance_path
   

2. Generate the index.

   dsadm reindex -l -t "Sort by vlv_sort_attribute" ds_instance_path "organization_base"
   

3. Start the service.

   dsadm start ds_instance_path
   

The following commands show how to generate a VLV index using the preceding example settings:

cd /opt/sun/dsee7/bin
dsadm stop /var/opt/sun/dsee7/dsins1/
dsadm reindex -l -t "Sort by cn" /var/opt/sun/dsee7/dsins1/ "o=siroe.com,o=isp"
dsadm start /var/opt/sun/dsee7/dsins1/

Verifying the VLV Index

To verify that the VLV index is created and in use, run the ldapsearch command. Because Contacts Server uses an internal administrative user to proxy as a regular user, the following example does the same.

/opt/sun/dsee7/dsrk/bin/ldapsearch -h directory.siroe.com -p 389 -D \
"uid=nab-admin-contactsserver.siroe.com-20140314084929Z,ou=People,o=siroe.com, \
o=isp" -Y "dn:uid=johndoe,ou=People,o=siroe.com,o=isp" -w - -b o=siroe.com,o=isp \
-G 0:4:1:0 -S cn -x "(objectclass=inetorgperson)" dn cn

Log entries similar to the following appear in the Directory Server access log for the preceding search, indicating that the VLV is set up properly.

[26/Mar/2014:08:11:53 +0000] conn=14037 op=1 msgId=2 - SRCH base="o=siroe.com,o=isp" scope=2 filter="(objectClass=inetorgperson)" attrs="dn cn"
[26/Mar/2014:08:11:53 +0000] conn=14037 op=1 msgId=2 -  SORT cn
[26/Mar/2014:08:11:53 +0000] conn=14037 op=1 msgId=2 -  VLV 0:4:0:0 1:212689 (0)
[26/Mar/2014:08:11:53 +0000] conn=14037 op=1 msgId=2 - RESULT err=0 tag=101 nentries=5 etime=0

Configuring Directory Server Telephone Indexes for Contacts Server

This section describes how to set up indexes for Oracle Directory Server Enterprise Edition using Contacts Server for the following telephone attributes:

• telephoneNumber

• facsimileTelephoneNumber

• homePhone

• mobile

• pager

By default, the comm_dssetup script only creates an index on telephoneNumber.

Creating the Telephone Indexes for Contacts Server

You must perform the following steps on every Directory Server instance that Contacts Server uses. Directory Server index configuration settings are not replicated.

1. Copy the index-odsee.sh script from the ContactsServer_home/sbin directory to the Directory Server host.

2. On the Directory Server host, change to the directory in which you copied the script.

3. Run the index-odsee.sh script.

   index-odsee.sh -B dsbinpath -D binddn -j passwdfile -h dshost -p dsport -s suffix
   

   where:

   -B dsbinpath: Specifies the path to the Directory Server binary location

   -D binddn: Specifies the bind dn

   -j passwdfile: Reads the bind password from a file for simple authentication

   -h dshost: Specifies the Directory Server host name

   -p dsport: Specifies the Directory Server port number

   -s suffix: Specifies the directory suffix where indexes are to be created