4 Administering Instant Messaging Server End Users

This chapter describes how to provision Oracle Communications Instant Messaging Server users.

Overview of Administering Instant Messaging Server End Users

Instant Messaging Server does not provide bulk user provisioning tools. You need to use a directory bulk provisioning tool for provisioning multiple Instant Messaging Server end users. By default, Instant Messaging Server does not provide specific commands to add, modify, or delete Instant Messaging Server end users. However, you can customize Instant Messaging Server to enable users to add themselves to the directory.

Because Instant Messaging Server users reside in LDAP, you cannot prevent an end user from using Instant Messenger. The only way to prevent end users from using Instant Messaging Server is to delete them from the directory or inactivate their user accounts in the directory. Keep in mind that doing this also prevents the user from binding to the directory.

The administrator can manage Instant Messaging Server end users by using the Instant Messaging Server Administrator Access Control mechanism. For more information, see the topic on controlling privileges in Instant Messaging Server Security Guide.

Registering New Instant Messaging Server Users

You can customize Instant Messenger to allow new user registration. When a user registers, Instant Messaging Server uses the information provided during registration to perform an ldapadd operation to create a user entry in the directory.

Configuring Instant Messaging Server to Enable New User Registration

To configure Instant Messaging Server to allow new user registration you must add the configuration properties listed in Table 4-1.

Table 4-1 Instant Messaging Server New User Registration Configuration Parameters

Parameter	Description
iim.register.enable	If true, the server allows new Instant Messaging Server end users to register themselves (add themselves to the directory) by using Instant Messenger.
iim_ldap.register.basedn	If self-registration is enabled, the value of this parameter is the DN of the location in the LDAP directory in which person entries are stored. For example: ou=people,dc=siroe,dc=com.
iim_ldap.register.domain	The domain to which new users will be added. For example, directory.siroe.com.

To Allow New User Registration Using Policy Module iim_ldap

To configure Instant Messaging Server to allow new user registration using iim_ldap (iim.policy.modules = iim_ldap):

Use the imconfutil command to add the configuration properties and appropriate values as described in "Configuration Properties".

For example:

imconfutil set-prop -c /opt/sun/comms/im/config/iim.conf.xml iim.register.enable=true iim_ldap.register.basedn="ou=people,o=india.sun.com,dc=india,dc=sun,dc=com" iim_ldap.register.domain=india.sun.com

Refresh the server configuration by using the imadmin command.
```
imadmin refresh server
```

To Allow New User Registration Using Policy Module schema1 or schema2

To configure Instant Messaging Server to allow new user registration using policy module schema 1 or schema 2 (iim.policy.modules = iim_ldap_schema1 or iim.policy.modules = iim_ldap_schema2):

Use the imconfutil command to add the configuration properties and appropriate values as described in "Configuration Properties".

For example:
```
imconfutil set-prop -c /opt/sun/comms/im/config/iim.conf.xml iim.register.enable=true
```
Refresh the server configuration by using the imadmin command.
```
imadmin refresh server
```

Storing Instant Messaging Server User Properties in LDAP

By default Instant Messaging Server stores user properties in LDAP. You need to run the imadmin assign_services command to add required object classes to user entries in the directory. These object classes are used by Instant Messaging Server to store user properties in user entries.

Caution:

Some user attributes may contain confidential information. Ensure that your directory access control is set up to prevent unauthorized access by non-privileged users. Refer to your directory documentation for more information.

To Store Instant Messaging Server User Properties in LDAP

Ensure that the iim.policy.modules configuration property has a value of iim_ldap, and that the iim.userprops.store configuration property has a value of ldap.

For example:
```
imconfutil -c /opt/sun/comms/im/config/iim.conf.xml get-prop|grep iim.policy.modules
```
```
imconfutil -c /opt/sun/comms/im/config/iim.conf.xml get-prop|grep iim.userprops.store
```
If the values are not set, use the imconfutil command to set them.
Run imadmin assign_services:
```
imadmin assign_services
```
The imadmin command checks the value of the iim.policy.modules property.
Enter the Bind DN and password you want imadmin to use to bind to the directory.

The Bind DN should have sufficient credentials to modify the directory schema, for example the Directory Manager DN.
Enter the Base DN under which user entries are stored.

Next, imadmin adds sunIMUser, and sunPresenceUser object classes to the user entries in the organization you specified.