1/18
Contents
Title and Copyright Information
Preface
Audience
Related Documents
Documentation Accessibility
Document Revision History
1
Delegated Administrator Overview
Introduction to Delegated Administrator
Delegated Administrator LDAP Attributes
Configuration Choices for LDAP Directory Access, Schema, and Access Manager
Direct LDAP Access to the Directory
Directory Access Through Access Manager (Legacy Mode)
LDAP Directory Access, Schema, and Access Manager Configuration Summary
Scenarios for Provisioning Users
One-Tier Hierarchy
Two-Tier Hierarchy
Three-Tier Hierarchy
Administrator Roles and the Directory Hierarchy
Directory Structure Supporting a One-Tier Hierarchy
One-Tier Hierarchy: Default Organization Under the Root Suffix
One-Tier Hierarchy: Default Organization at the Root Suffix
Top-Level Administrator
Service Provider Administrator Role
Organization Administrator Role
Directory Structure Supporting a Two-Tier Hierarchy
For Former Users of iPlanet Delegated Administrator
2
Service Provider Administrator and Service Provider Organizations
Service Provider Administrator
Service Provider Administrator Role
Assigning the SPA Role to a User
Organizations Managed by the Service Provider Administrator
Provider Organization
Full Organization
Shared Organization
Creating a Provider Organization and Service Provider Administrator
Entries Created by the Template
Nodes in the Sample Installed Custom Service-Provider Template
Information Needed to Create Organizations and SPA
Parameters Defining the Provider and Subordinate Organization
Parameters Defining the SPA
Steps for Creating a Provider Organization and Service Provider Administrator
Modifying Custom Service-Provider Template
da.provider.skeleton.ldif File (Relevant Sections)
Creating Shared and Full Subordinate Organizations
Sample Service-Provider Organization Data
Logical Hierarchy and the Directory Information Tree
Sample Organization Data: Directory Information Tree View
Nodes in the Sample Directory Information Tree
User DNs in the Sample Directory Information Tree
3
Service Packages
What Is A Service Package?
Service Bundles
Packages Defined for Particular LDAP Objects
Assigning Service Packages to Groups
Sample Service Packages Provided by Delegated Administrator
Service-Package Tasks
Guidelines for Assigning Service Packages
Creating Your Own Service Packages
Limitations in Viewing an Extended Service Package
Example Service Package Assigned to an LDAP Entry
4
Removing Users, Groups, and Services from a Domain
Overview of Removing Users and Services from a Domain
To Remove Users, Groups, and Calendar Resources from a Domain
To Remove Services from a Domain
To Permanently Remove an Entire Domain
5
Setting Calendar Server Advanced Rights
Setting Calendar-Service Advanced Rights in the Delegated Administrator Console
Relationship Between the Organization-Level Settings and Application-Level Default Settings
6
Improving Delegated Administrator Performance
Speeding Up Display of Users, Groups, and Organizations
Displaying the User Page More Quickly
Displaying the Group Page More Quickly
Displaying the Organization Page More Quickly
Increase JVM Heap Size
Increasing the Web Server 6.
x
JVM Heap Size
Increasing the Web Server 7.
x
JVM Heap Size
Increasing the Application Server JVM Heap Size
Application Server Documentation
Raise Directory Server Indexing Threshold
7
Consolidating ACIs for Directory Server Performance
Introduction
Consolidating and Removing ACIs
replacement.acis.ldif File
Steps for Replacing ACIs
Before You Begin
Replacing ACIs
Eliminating Dynamic Organization ACIs
Analysis of the Existing ACIs
Root Suffix
Access Manager
Top-level Help Desk Admin Role
Top-level Policy Admin Role
AM Self
AM Anonymous
AM Deny Write Access
AM Container Admin Role
Organization Help Desk
AM Organization Admin Role
AM Miscellaneous
Messaging Server
Analysis of How ACIs Are Consolidated
Original Anonymous Access Rights
Consolidated Anonymous Access Rights
Original Self ACIs
Consolidated Self ACIs
Original Messaging Server ACIs
Consolidated Messaging Server ACIs
Original Organization Admin ACIs
Consolidated Organization Admin ACIs
List of Unused ACIs to be Discarded
Suffix
Top-level Help Desk Admin Role
Top-level Policy Admin Role
Access Manager Anonymous
Access Manager Deny Write Access
Access Manager Container Admin Role
Organization Help Desk
Access Manager Miscellaneous
8
Customizing Delegated Administrator
Customizing the Delegated Administrator Console
How Customization Works
Customization Tasks
Creating a Customization File
Editing the daconfig.properties file
Creating a Java Class for the Custom Attributes
Customization File Details
Guidelines for Creating a Customization File
XML Elements Used in a Customization File
Sample Customization File
Configuring the Preferred Mail Host Using the Server-Wide Default
Syntax and Values for Security.properties File Properties
Adding Plug-ins for Delegated Administrator
Enabling the Plug-Ins
Additional Flat File Required for MailHostStorePlugin
Adding a Custom Object Class When You Create an LDAP Object
Customizing the User Log-In
How the User Log-In Value Is Set
Adding a User Log-In Value
Requiring Service Packages for Users
Adding a Calendar Time Zone in Access Manager Mode
Adding a Time Zone in Delegated Administrator
Displaying and Administering the Time Zone in the Delegated Administrator Console
Changing the Default Time Zone in Delegated Administrator
Adding a Calendar Time Zone in Direct LDAP Mode
Adding Support for the Local Language in Delegated Administrator
Deploying a Customized Configuration File
Original (Standard) Locations of the Configuration Files
Deployed Locations of the Configuration Files
Deployed Location of Delegated Administrator Server File (resource.properties)
Deployed Location of Delegated Administrator Console Configuration Files
Configuration File Deploy Scripts
9
Troubleshooting Delegated Administrator
Troubleshooting Problems
Troubleshooting the Command-Line Utilities
Delegated Administrator Console Log
Delegated Administrator Server Log
Web Container Server Logs
Directory Server and Access Manager Logs
10
Support For Additional Values of mailuserstatus
A
Service Package Details
Service Attributes Provided by the Sample Templates
Mail Service Attributes
Instant Messaging Service Attributes
Contacts Service Attributes
Sample Class-of-Service Templates
User Mail Sample Templates
User Calendar Sample Template
User IM Sample Template
User Contacts Sample Template
User Mail and Calendar Sample Templates
User Mail and IM Sample Template
User Calendar and IM Sample Template
User Mail and Contacts Sample Template
User Calendar and Contacts Sample Template
User Mail, Calendar, and IM Sample Template
User Mail, Calendar, IM, and Contacts Sample Templates
Group Mail Sample Templates
Group Calendar Sample Template
Group Mail and Calendar Sample Templates
Class-of-Service Definitions
Mail Service for Users
Calendar Service for Users
Instant Messaging Service for Users
Contacts Service for Users
Mail and Calendar Service for Users
Mail and IM Service for Users
Mail and Contacts Service for Users
Calendar and IM Service for Users
Calendar and Contacts Service for Users
Mail, Calendar, and IM Service for Users
Mail, Calendar, IM, and Contacts Service for Users
Mail Service for Groups
Calendar Service for Groups
Mail and Calendar Service for Groups
Location of Class-of-Service Definitions and Packages
Viewing the Service Packages in LDAP
B
Attribute Values
Attribute Values
C
Calendar Time Zones
About Calendar Time Zones
D
Delegated Administrator Files and Directories
Configuration and Data Files
Legacy Directory Conventions
Delegated Administrator Utility
Location
Contents
Delegated Administrator Console
Configuration Files
Log File
Delegated Administrator Server
"resource" Configuration File
"Server" configuration file (DA 7 only)
Log File
Delegated Administrator Configuration (config-commda)
Log File
State File
Patch Log Directory
E
Delegated Administrator Reference
commadmin admin add
commadmin admin remove
commadmin admin search
commadmin Command Definition
commadmin debug log
commadmin domain create
commadmin domain delete
commadmin domain modify
commadmin domain purge
commadmin domain search
commadmin group create
commadmin group delete
commadmin group modify
commadmin group search
commadmin resource create
commadmin resource delete
commadmin resource modify
commadmin resource search
commadmin user create
commadmin user delete
commadmin user modify
commadmin user search
Permission to Run Commands
Scripting on this page enhances content navigation, but does not change the content in any way.