5 Installing and Configuring Delegated Administrator

This chapter describes how to install and configure Oracle Communications Delegated Administrator. After you install the Delegated Administrator software you must configure Delegated Administrator to complete the installation. You use the Delegated Administrator configuration command-line utility, config-commda, to perform this initial runtime configuration.

Before installing Delegated Administrator, read these chapters:

Installation Assumptions

The instructions in this chapter assume:

  • You are deploying Delegated Administrator on a single host, or multiple hosts or Solaris zones.

  • Delegated Administrator is one functional component of your multi-host deployment.


Support for Access Manager is deprecated. For more information, see Access Manager Support Deprecation in Unified Communications Suite 7.0.6 Release Notes.

Installing Delegated Administrator

The tasks to install Delegated Administrator are as follows:

Downloading the Delegated Administrator Software

  1. Download the Delegated Administrator software from the Oracle software delivery website, located at:


  2. Copy the Delegated Administrator distribution ZIP file to a temporary directory on your Delegated Administrator hosts and extract the files.

Preparing Directory Server

You prepare your Directory Server by running the comm_dssetup.pl script against it. You can run the comm_dssetup.pl script in either interactive or silent mode. For silent mode instructions, see "Running the comm_dssetup.pl Script in Silent Mode."

Downloading the comm_dssetup.pl Script

  1. Download the comm_dssetup.pl script from the Oracle software delivery website, located at:


    You can either download the Oracle Communications Directory Server Setup (comm_dssetup.pl) file separately, or as part of the Delegated Administrator software.

  2. Copy the Directory Server Setup ZIP file to a temporary directory on your Directory Server hosts and extract the files.

Running the comm_dssetup.pl Script in Interactive Mode

  1. On the host where Directory Server is installed, log in as root or become the superuser (root).

  2. Start Directory Server, if necessary.

  3. Change to the directory where you extracted the Directory Server Setup ZIP file.

  4. Run the Installer.

    ./commpkg install

    For more information about running the Installer, see "commpkg Reference."

  5. Select Comms DSsetup and proceed with the installation.

  6. Run the comm_dssetup.pl script without any arguments then enter your choices when prompted.

    /usr/bin/perl comm_dssetup.pl

    For more information, see "comm_dssetup.pl Reference."


    You can use either LDAP Schema 2 or Schema 1.
  7. If necessary, provision users in the Directory Server.

    If Directory Server is already installed at your site, users have already been provisioned. If you have just installed Directory Server at your site, then you need to provision users. For information about provisioning users and schema, see Communications Suite Schema Reference.

Installing the Delegated Administrator Software

Choose one of the following methods to install Delegated Administrator software:


A bug in the Linux RPM for Delegated Administrator inadvertently requires the NSS packages. They are not needed by Delegated Administrator. In addition, the config-commda command assumes certain directories have already been created. If you are performing a new installation of Delegated Administrator on Linux, you must do the following:
  1. Install the RPM and override the dependency check.

    cd Linux_x86/DA/Packages
    rpm -i —-prefix /opt/sun/comms/da —-nodeps sun-commda-7.0-11.00.i386.rpm
  2. Before running config-commda, create the following directories if they do not already exist.

    mkdir -p /opt/sun/comms/da/install
    mkdir -p /var/opt/sun/install

After completing this procedure, you can run the Delegated Administrator configuration config-commda command.

Installing Delegated Administrator Software in Interactive mode

To install the Delegated Administrator software in interactive mode:

  1. Go to the directory where you extracted the Delegated Administrator files.

  2. Run the Installer.

    ./commpkg install

    For more information about running the Installer, see "commpkg Reference."

  3. Select Delegated Administrator and proceed with the installation.

About Silent Installations

The Delegated Administrator utility initial runtime configuration program automatically creates a silent installation state file (called saveState). This file contains internal information about the configuration program, and is used for running silent installs.

The silent installation saveState file is stored in the DelegatedAdmin_home/data/setup/commda-config_YYYYMMDDHHMMSS/ directory, where YYYYMMDDHHMMSS identifies the 4-digit year, month, date, hour, minute, and second of the saveState file.

For example, once you have run the config-commda program once, you can run it in silent install mode:

DelegatedAdmin_home/sbin/config-commda -nodisplay -noconsole -state fullpath/saveState

The fullpath variable is the full directory path of where the saveState file is located.

Installing Delegated Administrator in Silent Mode

When you run the installer in silent mode, you are running a non-interactive session. The installation inputs are taken from the following sources:

  • A silent installation file (also known as a state file)

  • Command-line arguments

  • Default settings

You can use silent mode to install multiple instances of the same software component and configuration without having to manually run an interactive installation for each instance.

To run a silent installation:

  1. Obtain the state file by one of the following means.

    • Use a state file that was previously created from an interactive installation session. State files are created in the /var/opt/CommsInstaller/logs/ directory. The state file name is similar to silent_CommsInstaller_20070501135358. A state file is automatically created every time you run the commpkg install command.

    • Create a silent state file without actually installing the software during the interactive session by running the commpkg install --dry-run command.

  2. Copy the state file to each host and modify the file as needed.

    The state file is formatted like a property file: blank lines are ignored, comment lines begin with a number sign (#), and properties are key/value pairs separated by an equals (=) sign. Table 5-1 lists the state file options.

    Table 5-1 State File Options

    Option Description Example


    Specifies which function to perform. For a silent install, this is set to install.



    Specifies an alternate distro path.



    Specifies a boolean indicating whether to overwrite the existing installation packages.



    Specifies the installation root.



    Specifies a boolean indicating whether this is an alternate root install.



    Specifies to not upgrade operating system patches.



    Specifies to exclude shared component patches.



    A space separated list of mnemonics of the components to be installed. You can precede the mnemonic with a ~ to indicate that only the shared components for that product be installed.

    To specify Delegated Administrator:


    To view a list of mnemonic product names, run the commpkg info --listPackages command.


    This option is no longer used.



    Specifies whether to upgrade all shared components without prompting.



    The friendly name for the INSTALLROOT.



    This option is unused.


  3. Run the silent installation on each host.

    commpkg install --silent input_file

    where input_file is the path and name of the silent state file, for example /var/opt/CommsInstaller/logs/silent_CommsInstaller_20070501135358.

    For more information about the --silent option, see "install Verb Syntax."


    Command-line arguments override the values and arguments in the state file.

Upgrading Shared Components in Silent Installation

By default, shared components that require user acceptance for upgrading are not upgraded when you run a silent installation. The option to upgrade shared components in the state file is automatically disabled (the UPGRADESC option is set to No.) This is true even if you explicitly asked to upgrade shared components when you ran the interactive installation that generated the state file. That is, you ran either commpkg install --upgradeSC y or you answered ”yes” when prompted for each shared component that needed upgrading.

Disabling upgrading shared components in the silent state file is done because the other hosts on which you are propagating the installation might have different shared components installed, or different versions of the shared components. Therefore, it is safer to not upgrade the shared components by default.

You can upgrade shared components when you run a silent installation by performing either of the following actions:

  • Use the --upgradeSC y option when you run the silent installation. (The command-line argument overrides the argument in the state file.)

  • Edit the UPGRADESC=No option in the silent state file to: UPGRADESC=Yes.


If you do not upgrade shared components your installation might not work properly.

Installing Delegated Administrator on Solaris Zones

This section explains how to install Delegated Administrator on Solaris 10 Zones.

Installing on Solaris 10 Zones: Best Practices

You can install Delegated Administrator components in the global zone, whole root non-global zones, and sparse non-global zones. Follow these guidelines:

  • Treat the global zone as an ”administration zone.”

    Install shared components and OS patches in the global zone that are to be shared among all zones. However, do not install and run products from the global zone.

  • Use whole root non-global zones to run Delegated Administrator.

    Do not use the global zone or sparse zones. A whole root zone can have versions that are different from other whole root zones, thus giving it a measure of being ”self-contained.”

Be aware of the following zone aspects:

  • You can have different shared component versions in the whole root non-global zone, but it is not entirely insulated. If you do a packaging or patching operation in the global zone for a shared component, that operation is also attempted in the whole root zone. Thus, to truly have different shared component versions, use an alternate root.

  • To avoid affecting whole root zones you can attempt to never install and patch shared components in the global zone. However, it might not be realistic to never have to install or patch a shared component in the global zone. For example, Network Security Services (NSS) is a shared component, but it is part of Solaris. So to expect to never install and patch NSS in the global zone seems unrealistic, especially given it is a security component.

  • Although it is not a recommended best practice, you can use Delegated Administrator in sparse non-global zones. Shared components cannot be installed into the default root because many of them install into the read-only shared file system (/usr). Thus, you must run the installer in the global zone to install shared components into the default root. Prepend your selection with ~ in the global zone to install only the dependencies (that is, shared components). You do not have to install in the global zone first before installing in the sparse zone. The installer enables you to continue even when you do not install all the dependencies. However, upgrading the shared components in the global zone affects the sparse non-global zones, thus requiring downtime for all affected zones simultaneously.

Installing into a Non-Global Whole Root Zone

The non-global whole root zone scenario is the equivalent of installing Delegated Administrator on a single box with no zones. Simply install Delegated Administrator as described in "Installing Delegated Administrator."


Any operations performed in the global zone (such as installations, uninstallations, and patching) affect the whole root zones.

Installing into a Non-Global Sparse Root Zone

Although it is not a recommended best practice, you can use Delegated Administrator in a non-global sparse root zone. To install Delegated Administrator in a non-global sparse root zone, you first must install or upgrade the applicable operating system patches and shared components in the global zone. You are unable to do so in the sparse root zone, because the /usr directory (where the shared components reside) is a read-only directory in the sparse root zone.

  1. Follow the pre-installation requirements as described in "Delegated Administrator Pre-Installation Tasks."

  2. Verify that you are about to install the shared components and operating system patches in the global zone and not the sparse root zone. To verify you are in the global zone, run zonename. The output should be global.

  3. Run the installer in the global zone and only install or upgrade the operating system patches and the Shared Components. Do not install Delegated Administrator components in the global zone. To do this, add a ~ (tilde) to the component number you want to install in the sparse zone.

    For example, if you plan to install Delegated Administrator in the sparse zone, you select ~1 during the global zone installation. The installer knows to only install dependencies and not the product itself.

  4. Once you have installed the shared components and operating system patches, install Delegated Administrator components in the sparse root zone as described in "Installing Delegated Administrator."

Configuring Delegated Administrator

After you install the Delegated Administrator software by using the installer, you must configure Delegated Administrator to complete the installation. You use the Delegated Administrator configuration command-line utility, config-commda, to perform this initial runtime configuration.

The Delegated Administrator configuration program (config-commda) creates a new configuration with your specific requirements. This initial runtime configuration program performs minimal configuration.

After you run the program, complete the initial configuration by following the steps described in "Delegated Administrator Post-Installation Tasks."

You can further customize your Delegated Administrator configuration by performing the tasks described in Customizing Delegated Administrator in Delegated Administrator System Administrator's Guide.

You might need to perform additional configuration, as described in Delegated Administrator System Administrator's Guide.


Support for Access Manager is deprecated. For more information, see Access Manager Support Deprecation in Unified Communications Suite Release Notes.

This section includes information on the following topics:

Upgrading from a Previous Release of Delegated Administrator

If you are configuring Delegated Administrator for the first time, you can skip this section and go directly to the section, "Choosing Which Components to Configure."

If you are upgrading to this release of Delegated Administrator from an earlier release, and you have customized your configuration, you might have to take steps to preserve your customizations.

For instructions on how to upgrade Delegated Administrator from a previous version, see "Upgrading Delegated Administrator."

To learn how to preserve your customized configuration, see "Preserving Customized Data When You Upgrade Delegated Administrator."

Choosing Which Components to Configure

The third panel in the configuration program asks which Delegated Administrator components you want to configure:

  • Delegated Administrator Utility (client): The command-line interface invoked with commadmin.

  • Delegated Administrator Console: The Delegated Administrator graphical user interface (GUI).

  • Delegated Administrator Server: The Delegated Administrator server components required to run the Delegated Administrator utility and console.

The configuration program displays different panels depending on which components you select.

The following steps summarize the configuration choices. Each summary step links you to a section that walks you through the actual configuration panels.

Summary of Configuration Choices

The following shows the configuration choices you have when you run the configuration program.

  1. Starting the Configuration

    Enter the information requested in these panels to begin the configuration.

  2. Configuring the Delegated Administrator utility

    These panels follow directly after the Selected Components to Configure panel. They ask for information used to configure the Delegated Administrator utility. You can either use the command line utility or the GUI console to configure Delegated Administrator.

    • The standard approach is to configure the Delegated Administrator utility with the other two components, the server and console, on the same machine.

      You must configure the Delegated Administrator utility or the GUI console to configure Delegated Administrator.

    • You can also configure the Delegated Administrator utility and console on a separate machine. On the machine on which you configure the utility and console, you would select only those components on the Selected Components to Configure panel.

      In this case, you must run the configuration program again on the machine where you configure the server.

  3. Configuring the Delegated Administrator Console

    These panels follow the panels that configure the utility.

    You can choose whether or not to configure the Delegated Administrator console.

    • If you configure the Delegated Administrator console and server on the same machine, you would select both the console and the server in Select Components to Configure panel.

    • You also can configure the Delegated Administrator console and server on different machines. On the machine on which you configure the console, you would select only the console on the Select Components to Configure panel. The utility is selected by default; be sure it remains selected. In this case, you must run the configuration program again on the machine on which you configure the server.

    • If you have not configured the server when using the command line utility, then a dialogue box cautions that you must configure the Delegated Administrator Server on another machine. The server must be configured to enable the Delegated Administrator utility and console to work. If you are using the GUI to configure, then no warning will be displayed. If you configure the console and server on different machines, the utility is configured on both machines. To select a component, enter the number (1,2, or 3) or 0 to deselect it. The configuration program displays different panels depending on which Web container you select for the console. You can deploy to one of the following Web containers:

      • Oracle iPlanet Web Server 6.x [WEB]

      • Oracle iPlanet Web Server 7.x [WEB7]

      • Sun Java System Application Server 7.x [APP7]

      • Sun Java System Application Server 8.x or higher[APP8]

    If you are configuring the Delegated Administrator server and console on one machine, you will go through these instructions twice (once for the server, once for the console).

  4. Configuring the Delegated Administrator Server

    These panels follow the panels that configure the console.

    You can choose whether or not to configure the Delegated Administrator server on a given machine.

    If you do not choose to configure the server on a given machine, the configuration program warns you that you must configure it on another machine. The server component is required for running the utility and console.

    All other considerations for deploying the server are the same as those for the console (as described in "Configuring the Delegated Administrator Console").

    You can select Access Mode of either Direct LDAP or Access Manager.


    The Delegated Administrator server uses the same Web container as Access Manager. The configuration program asks for Web container information after it asks for the Access Manager base directory. This is applicable only if you have chosen Access Manager Access Mode.
  5. Completing the Configuration

    Enter the information requested in these panels to complete the configuration.

Running the Configuration Program

The steps described in this section walk you through configuring Delegated Administrator.


DelegatedAdmin_home is /opt/sun/comms/da by default on all platforms; use this value unless you chose a different path during installation..

To run the configuration program, log in as (or become) root and go to the DelegatedAdmin_home/sbin directory. Then enter the config-commda command.

Once you run the config-commda command, the configuration program starts.

The sections that follow lead you through the configuration panels.

Starting the Configuration

You must enter the information requested in the first configuration-program panels.

To start the configuration:

  1. Welcome

    The first panel in the configuration program is a welcome page. Click Next to continue or Cancel to exit.

  2. Select directory to store configuration and data files

    Select the directory where you want to store the Delegated Administrator configuration and data files. The default configuration directory is /var/DelegatedAdmin_home. This directory should be separate from the DelegatedAdmin_home directory, (which is /opt/sun/comms/da by default).

    Enter the name of the directory, or keep the default and click Next to continue.

    If the directory does not exist, a dialog appears asking if you want to create the directory or select a new directory. Click Create Directory to create the directory or click New to enter a new directory.

    If the directory exists, a dialog appears asking you to choose a new directory or to upgrade the existing installation. Click Choose New to choose a new directory or click Upgrade to upgrade the existing installation.

    A dialog appears indicating that the components are being loaded. This may take a few minutes.

  3. Select components to configure

    Select the component or components you want to configure on the Components panel.

    • Delegated Administrator Utility (client): The command-line interface invoked with commadmin. This component is required and is selected by default. It cannot be deselected.

    • Delegated Administrator Console: The Delegated Administrator graphical user interface (GUI).

    • Delegated Administrator Server: The Delegated Administrator server components required to run commadmin or the Delegated Administrator console.

      Click Next to continue, Back to return to the previous panel, or Cancel to exit.

      For more information about how to choose components, see "Choosing Which Components to Configure."

      If you choose not to configure the Delegated Administrator server, a dialog box cautions you that you must configure the Delegated Administrator Server on another machine. The server must be configured to enable the Delegated Administrator utility and console to work.

Configuring the Delegated Administrator Utility

You must configure the Delegated Administrator utility on all machines on which you install a Delegated Administrator component (server or console).

To Configure the Delegated Administrator Utility:

  1. DA Server host name and port number

    Enter the DA server host name and port number. If you are installing the Delegated Administrator server component, you must install it on the same host as Access Manager.

    Click Next to continue, Back to return to the previous panel, or Cancel to exit.

  2. Default domain

    Enter the default domain for the Top-Level Administrator. This is the domain used when a domain is not explicitly specified by the -n option when executing the commadmin command-line command. This is also known as the default organization. If the domain specified does not exist in the directory, it will be created.

    Click Next to continue, Back to return to the previous panel, or Cancel to exit.

  3. Default SSL port for client

    Enter the default SSL port that the Delegated Administrator utility uses.

    Click Next to continue, Back to return to the previous panel, or Cancel to exit.

Configuring the Delegated Administrator Console

The configuration program now displays the following panel:

Select a Web Container for Delegated Administrator

Select the Web container on which you will deploy the Delegated Administrator console. You can configure Delegated Administrator on

  • Oracle iPlanet Web Server 6.x [WEB]

  • Oracle iPlanet Web Server 7.x [WEB7]

  • Sun Java System Application Server 7.x [APP7]

  • Sun Java System Application Server 8.x or higher[APP8]

Click Next to continue, Back to return to the previous panel, or Cancel to exit.

This panel and the panels that follow gather information about the Web container for the Delegated Administrator console. Follow the instructions in the appropriate section:

You can deploy the Delegated Administrator console and server on two different Web containers, on two different instances of the Web container, or on the same Web container.

If you chose to configure both the Delegated Administrator console and Delegated Administrator server in Panel 3, a second series of panels will ask for Web container information for the server.

Thus, you will see the Web container configuration panels twice. Follow the appropriate instructions for deploying each of the Delegated Administrator components.

When you complete the Web container configuration panels, take one of the following actions:

Configuring Web Server 6.x

If you are deploying the Delegated Administrator server or console on Web Server 6.x, follow the steps described in this section.

To Configure Web Server 6.x:

  1. Web Server 6.x Configuration Details

    The panel text tells you if you are providing Web Server 6.x configuration information for the Delegated Administrator server or console.

    • Enter the Web Server 6.x root directory. You can browse to select the directory.

    • Enter the Web Server 6.x instance identifier. This can be specified by a host.domain name such as west.sesta.com.

    • Enter the virtual server identifier. This can be specified by a https-host.domain name such as https-west.sesta.com.

      For more information about the Web Server 6.x instance identifier and virtual server identifier, see the Web Server documentation.

      Files for the Web Server 6.x instance are stored in the https-host.domain directory under the Web Server 6.x installation directory, for example /opt/SUNWwbsvr/https-west.sesta.com.

    • Enter the HTTP port number that the specified virtual server listens to.

      Click Next to continue, Back to return to the previous panel, or Cancel to exit.

      The configuration program checks if the values you specified are valid. If a directory or identifier is invalid or does not exist, a dialog box tells you to choose a new value.

      Next, the configuration program checks if a Web Server 6.x instance connection is alive. If not, a dialog box warns you that the configuration program could not connect to the specified instance and your configuration may not be completed. You can accept the specified values or choose new Web Server 6.x configuration values.

  2. Default Domain Separator

    This panel appears only if you are configuring the Delegated Administrator console. The domain separator is needed to configure the console; this information is not related to the Web container.

    Enter the default domain separator to be used for authentication when the user logs on. For example: @.

Configuring Web Server 7.x

If you are deploying the Delegated Administrator Server or console on Web Server 7.x, follow the steps described in this section.

To configure Web Server 7.x:

  1. Web Server 7.x Configuration Details

    The panel text tells you if you are providing Web Server 7.x configuration information for the Delegated Administrator server or console.

    • Enter the Web Server 7.x server root directory. The Web Server software files are installed in this directory. You can browse to select the directory. The default value is /opt/SUNWwbsvr7.

    • Enter the Web Server 7.x configuration root directory. The Web Server configuration files are installed in this directory. You can browse to select the directory. The default value is /var/opt/SUNWwbsvr7.

    • Enter the Web Server 7.x instance identifier. This can be specified by a host.domain name such as west.sesta.com.

    • Enter the virtual server identifier. This can be specified by a host.domain name such as west.sesta.com.

      For more information about the Web Server 7.x instance identifier and virtual server identifier, see the Web Server documentation.

      Files for the Web Server 7.x instance are stored in the https-host.domain directory under the Web Server 7.x configuration directory, for example /var/opt/SUNWwbsvr7/https-west.sesta.com.

    • Enter the HTTP port number that the specified virtual server listens to. For example: 80.

      Click Next to continue, Back to return to the previous panel, or Cancel to exit.

      The configuration program checks if the values you specified are valid. If a directory or identifier is invalid or does not exist, a dialog box tells you to choose a new value.

      Next, the configuration program checks if a Web Server 7.x instance connection is alive. If not, a dialog box warns you that the configuration program could not connect to the specified instance and your configuration may not be completed. You can accept the specified values or choose new Web Server 7.x configuration values.

  2. Web Server 7.x: Administration Instance Details

    • Enter the Administration Server port number. For example: 8800.

    • Enter the Administration Server administrator user ID. For example: admin.

    • Enter the administrator user password.

      If you are using a secure Administration Server instance, check the Secure Administration Server Instance box. If you are not, leave the box unchecked.

      Click Next to continue, Back to return to the previous panel, or Cancel to exit.

  3. Default Domain Separator

    This panel appears only if you are configuring the Delegated Administrator console. The domain separator is needed to configure the console; this information is not related to the Web container.

    Enter the default domain separator to be used for authentication when the user logs on. For example: @.

    If you are configuring the Delegated Administrator console, take one of the following actions:

Configuring Application Server 7.x

If you are deploying the Delegated Administrator server or console on Application Server 7.x, follow the steps described in this section.

To configure Application Server 7.x:

  1. Application Server 7.x Configuration Details

    The panel text tells you if you are providing Application Server 7.x configuration information for the Delegated Administrator server or console.

    Enter the Application Server installation directory. By default, this directory is /opt/SUNWappserver7.Enter the Application Server domain directory. By default, this directory is /var/opt/SUNWappserver7/domains/domain1.

    Enter the Application Server document root directory. By default, this directory is /var/opt/SUNWappserver7/domains/domain1/server1/docroot.

    You can browse to select any of these directories.

    Enter the Application Server instance name. For example: server1.

    Enter the Application Server virtual server identifier. For example: server1.

    Enter the Application Server instance HTTP port number.

    Click Next to continue, Back to return to the previous panel, or Cancel to exit.

    The configuration program checks if the directories you specified are valid. If a directory is invalid or does not exist, a dialog box tells you to choose a new directory.

    Next, the configuration program checks if an Application Server instance connection is alive. If not, a dialog box warns you that the configuration program could not connect to the specified instance and your configuration may not be completed. You can accept the specified values or select new Application Server configuration values.

  2. Application Server 7.x: Administration Instance Details

    Enter the Administration Server port number. For example: 4848.

    Enter the Administration Server administrator user ID. For example: admin.

    Enter the administrator user password.

    If you are using a secure Administration Server instance, check the Secure Administration Server Instance box. If you are not, leave the box unchecked.

    Click Next to continue, Back to return to the previous panel, or Cancel to exit.

  3. Default Domain Separator

    This panel appears only if you are configuring the Delegated Administrator console. The domain separator is needed to configure the console; this information is not related to the Web container.

    Enter the default domain separator to be used for authentication when the user logs on. For example: @.

  4. If you are configuring the Delegated Administrator console, take one of the following actions:

  5. If you are configuring the Delegated Administrator server:

    Go on to, "Configuring the Delegated Administrator Server."

Configuring Application Server 8.x or Higher

If you are deploying the Delegated Administrator server or console on Application Server 8.x or higher, follow the steps described in this section.

To configure Application Server 8.x or higher:

  1. Application Server 8.x or higher Configuration Details

    The panel text tells you if you are providing Application Server 8.x or higher configuration information for the Delegated Administrator server or console.

    Enter the Application Server installation directory. By default, this directory is /opt/SUNWappserver/appserver.

    Enter the Application Server domain directory. By default, this directory is /var/opt/SUNWappserver/domains/domain1.

    Enter the Application Server document root directory. By default, this directory is /var/opt/SUNWappserver/domains/domain1/docroot.

    You can browse to select any of these directories.

    Enter the Application Server target name. For example: server.

    Enter the Application Server virtual server identifier. For example: server.


    If you are running the config-commda program to upgrade Delegated Administrator, and you also have upgraded Application Server from version 7 to version 8.x, specify the following values for the Application Server target name and virtual server identifier:
    • Target name: server1

    • Virtual server identifier: server1

      You must specify these values because the asupgrade command migrates the Application Server 7 server1 instance into the Application Server 8.x or higher server1 target running under a nodeagent. However, asupgrade changes the value of the virtual server from server1 in Application Server 7 to server in Application Server 8.x or higher.

    Enter the Application Server target HTTP port number.

    Click Next to continue, Back to return to the previous panel, or Cancel to exit.

    The configuration program checks if the directories you specified are valid. If a directory is invalid or does not exist, a dialog box tells you to choose a new directory.

    Next, the configuration program checks if an Application Server target connection is alive. If not, a dialog box warns you that the configuration program could not connect to the specified target and your configuration may not be completed. You can accept the specified values or select new Application Server configuration values.


    If you are deploying the Delegated Administrator server or console on Application Server 9.x, please note that the default installation directories are different from those for Application Server 8.x as follow:

    Enter the Application Server installation directory. By default, this directory is /opt/SUNWappserver.

    Enter the Application Server domain directory. By default, this directory is /opt/SUNWappserver/domains/domain1.

    Enter the Application Server document root directory. By default, this directory is /opt/SUNWappserver/domains/domain1/docroot.

  2. Application Server 8.x or higher: Administration Instance Details

    Enter the Administration Server port number. For example: 4849.

    Enter the Administration Server administration user ID. For example: admin.

    Enter the administrator user password.

    If you are using a secure Administration Server instance, check the Secure Administration Server Instance box. If you are not, leave the box unchecked.

    Click Next to continue, Back to return to the previous panel, or Cancel to exit.

  3. Default Domain Separator

    This panel appears only if you are configuring the Delegated Administrator console. The domain separator is needed to configure the console; this information is not related to the Web container.

    Enter the default domain separator to be used for authentication when the user logs on. For example: @.

  4. If you are configuring the Delegated Administrator console, take one of the following actions:

Configuring the Delegated Administrator Server

If you chose to configure the Delegated Administrator server, the configuration program displays the following panels.

To configure Delegated Administrator Server:

  1. Select the Access Mode from the following options:

    • Direct LDAP: If you select Direct LDAP, you must choose the web container for the server.

    • Access Manager base directory

      Enter the Access Manager Base Directory. The default directory is /opt/SUNWam.

      Click Next to continue, Back to return to the previous panel, or Cancel to exit.

      The configuration program checks if a valid Access Manager base directory is specified. If not, a dialog box is displayed indicating that an existing Access Manager base directory must be selected.

  2. Next, a Web container Configuration Details panel is displayed.

    If you chose to configure the console and server, this is the second time a Web container Configuration Details panel appears.

    The Delegated Administrator server is deployed to the same Web container as Access Manager. (You cannot choose a Web container for the Delegated Administrator server.)

    Follow the instructions in the appropriate section:

  3. Directory (LDAP) Server

    This panel asks for information about connecting to the LDAP Directory Server for the user/group suffix.

    Enter the User and Group Directory Server LDAP URL (LdapURL), Directory Manager (Bind As), and password in the text boxes.

    The Directory Manager has overall administrator privileges on the Directory Server and all Sun Java System servers that make use of the Directory Server (for example, Delegated Administrator) and has full administration access to all entries in the Directory Server. The default and recommended Distinguished Name (DN) is cn=Directory Manager.

    Click Next to continue, Back to return to the previous panel, or Cancel to exit.

  4. DA Server Internal LDAP

    Enter the username and the password for DA Server Internal LDAP. The username is hardcoded and cannot be changed. The default username is daAdmin.

  5. Access Manager Top-Level Administrator

    Enter the username and password for the Access Manager Top-Level Administrator. The user ID and password are created when Access Manager is installed. The value, amadmin, is hard-coded in AM.

    Click Next to continue, Back to return to the previous panel, or Cancel to exit.

  6. Access Manager internal LDAP authentication password

    Enter the password for the Access Manager Internal LDAP authentication user.

    The authentication user name is hard-coded as amldapuser. It is created by the Access Manager installer and is the Bind DN user for the LDAP service.

    Click Next to continue, Back to return to the previous panel, or Cancel to exit.

  7. Organization Distinguished Name (DN)

    Enter the Organization DN for the default domain. For example, if your organization DN is o=siroe.com, all the users in that organization will be placed under the LDAP DN o=siroe.com, o=usergroup, where o=usergroup is your root suffix.

    By default, the configuration program adds the default domain under the root suffix in the LDAP directory.

    If you want to create the default domain at the root suffix (not underneath it), delete the organization name from the DN that appears in the Organization Distinguished Name (DN) text box.

    For example, if your organization DN is o=siroe.com and your root suffix is o=usergroup, delete "o=siroe.com" from the DN in the text box; leave only o=usergroup.

    If you choose to create the default domain at the root suffix, and if you later decide to use hosted domains, it can be difficult to migrate to the hosted-domain configuration. The config-commda program displays the following warning:

    ”The Organization DN you chose is the User/Group Suffix. Although this is a valid choice, if you ever decide to use hosted domains, there will be difficult migration issues. If you do wish to use hosted domains, then specify a DN one level below the User/Group suffix.”

    For more information, see Directory Structure Supporting a One-Tiered Hierarchy in Delegated Administrator System Administrator's Guide.

    Click Next to continue, Back to return to the previous panel, or Cancel to exit.

  8. Top-Level Administrator for the default organization

    Enter the user ID and password for the Top-Level Administrator that is to be created in the default domain (organization).

    A Confirm Password field asks you to enter the password a second time.

    Click Next to continue, Back to return to the previous panel, or Cancel to exit.

  9. Service Package and Organization Samples

    You can choose to add sample service packages and sample organizations to your LDAP directory.

    Load sample service packages: Select this option if you want to use or modify sample service package templates to create your own Class-of-Service packages.

    Load sample organizations: Select this option if you want your LDAP directory tree to contain sample provider organization nodes and subordinate organization nodes.

  10. You can select

    • Both the sample service packages and the sample organizations

    • Only one of these

    • Neither option

    Preferred Mailhost for Sample: Enter the name of the machine on which Messaging Server is installed. For example: mymachine.siroe.com

    If you chose to load the sample organizations into your LDAP directory, you must enter a preferred mail host name for these samples.

    For information about service packages and organizations, see Delegated Administrator Overview in Delegated Administrator System Administrator's Guide.

    After you run the configuration program, you must modify the service package templates to create your own Class-of-service packages. For information about this post-configuration task, see "Creating Service Packages."

Completing the Configuration

Take the steps described in this section to finish running the configuration program.

To complete the configuration:

  1. Ready the Configure

    The verification panel displays the items that will be configured.

    Click Configure Now to begin the configuration, Back to return to any previous panel to change information, or Cancel to exit.

  2. Task Sequence

    A sequence of tasks being performed is displayed on the Task Sequence Panel. This is when the actual configuration takes place.

    When the panel displays All Tasks Passed you can click Next to continue or Cancel stop the tasks from being performed and exit.

    A dialog box appears reminding you to restart the Web container in order for configuration changes to take effect.

  3. Installation Summary

    The Installation Summary panel displays the product installed and a Details button that displays more information about this configuration.

    A log file for the config-commda program is created in the DelegatedAdmin_home/install directory. The name of the log file is commda-config_YYYYMMDDHHMMSS.log, where YYYYMMDDHHMMSS identifies the 4-digit year, month, date, hour, minute, and second of the configuration.

Click Close to complete the configuration.

Restarting the Web Container

After you complete the Delegated Administrator configuration, you must restart the Web container to which Delegated Administrator is deployed.

Configuration Files Deployed by the config-commda Program

Using the information you provided in the panels, the config-commda program deploys the following configuration files for the three Delegated Administrator components:

  • Delegated Administrator utility: cli-usrprefs.properties

    Location: DelegatedAdmin_home/data/config

  • Delegated Administrator Server: resource.properties

  • Delegated Administrator console:

    • daconfig.properties

    • Resources.properties

    • Security.properties

    • logger.properties

(The logger.properties file specifies the location of log files and whether or not logging is enabled. It is a configuration file, not a log file.)

The config-commda deploys the configuration files to the application repository of the Web container where you deployed Delegated Administrator. For a list of the deployed locations of the files, see Customizing Delegated Administrator in Delegated Administrator System Administrator's Guide.

For information about the properties contained in the configuration files and how to edit these properties to customize your configuration, see Customizing Delegated Administrator in Delegated Administrator System Administrator's Guide.

Log Files Deployed by the config-commda Program

The Delegated Administrator console creates a runtime log [file:]

Default log file name: da.log

Default location: DelegatedAdmin_home/log

For more information about this and other Delegated Administrator log files, see Troubleshooting Delegated Administrator in Delegated Administrator System Administrator's Guide.