This chapter describes how to configure hosted domains for Oracle Communications Instant Messaging Server.
Instant Messaging Server provides support for hosted domains. In a hosted domain installation, each domain shares the same instance of Instant Messaging Server that enables multiple domains to exist on a single server. Each hosted domain has a name space that can contain unique users, groups, resources, preferences, and attributes.
Communication between hosted domains is disabled by default. To enable cross domain communication, see "Enabling Communication Between Hosted Domains."
Instant Messaging Server supports two schema versions: Schema 1 and Schema 2. This section describes the steps to set up the schema for hosted domains.
The directory structure of Schema 1 includes two trees for domain management: the organization tree and the domain component (DC) tree. For example, for domain xyz.abc.com, the tree structure is as follows:
A, dc tree: o=internet // dc tree root suffix dc=com dc=abc dc=xyz // domain node
The domain should contain the following attributes:
objectclass=inetDomain
inetDomainBaseDn=o=xyz.abc.com
dc=xyz,dc=abc, dc=com
inetDomainBaseDn is a mandatory attribute for the inetDomain object class. You should also specify the status of the inetDomainStatus attribute as active.
o=xyz.abc.com, dc=xyz,dc=abc,dc=com is the domain name of organization in the organization tree that contains the users for the domain xyz.abc.com.
To configure Instant Messaging Server for Schema 1:
Run the imconfutil command to set the necessary properties.
imconfutil set-prop -c path iim_ldap.useidentityadmin=false iim_server.usesso=0 iim.policy.modules=iim_ldap_schema1 iim.userprops.store=ldap iim_ldap.schema1.domain_config_root=value
where:
path is the full directory path to and including iim.conf.xml, for example, /opt/sun/comms/im/config/iim.conf.xml.
xml.iim_ldap.schema1.domain_config_root is the DC tree root suffix, for example, o=internet.
Schema 2 has only the DC as the config root. Schema 2 has the following tree structure:
B, Organization tree: dc=xyz,dc=abc,dc=com // Base dn for users/groups o=xyz.abc.com ou=people // Users are under this node
To configure Instant Messaging Server for Schema 2:
Run the imconfutil command to set the necessary properties.
imconfutil set-prop -c path iim_ldap.useidentityadmin=false iim_server.usesso=0 iim.policy.modules=iim_ldap_schema2 iim.userprops.store=ldap iim_ldap.schema2.domain_config_root=value
where:
path is the full directory path to and including iim.conf.xml, for example, /opt/sun/comms/im/config/iim.conf.xml.
iim_ldap.schema2.domain_config_root is the DC tree root suffix, for example, dc=red,dc=example,dc=com.
If the default value of the iim.policy.modules property is iim_ldap, the users under the non-default domain cannot be searched. Users cannot log in to Instant Messaging Server. Instant Messaging Server, in this case, does not go through the DC tree to find the value of the inetDomainBaseDn attribute. The server uses the value of the iim_ldap.searchbase attribute to search users who exist in the default domain. You can specify the default domain by using the iim_server.domainname attribute.
iim_ldap.schema2.domain_filter specifies the object class of the domain node. The default value is inetDomain.
Note:
Instant Messaging Server does not provide a tool to create these topologies.Cross domain search functionality enables users in one domain to search for users and groups in other domains. The search is enabled for contacts and conferences.
To enable Instant Messaging Server to search across domains:
Run the imconfutil command to set the necessary properties.
imconfutil set-prop -c path iim_server.discofilter.principal.any=true iim_server.discofilter.conference.any=true iim_server.discofilter.domains.any=true
where:
path is the full directory path to and including iim.conf.xml, for example, /opt/sun/comms/im/config/iim.conf.xml.
Add the following property, which loads the specified domains into the server memory upon server startup.
imconfutil set-prop -c path iim_server.default_domains=value
where:
iim_server.default_domains is the domain, or comma-separated list of domains, on the server.
When domains reside in different networks, are hosted, or are managed by different service providers, you typically use XMPP server-to-server (S2S) inter-domain federation. Instant Messaging Server's S2S federation provides ways to enable and restrict communication between domains by using blacklists and whitelists. For domains that are hosted and served by the same Instant Messaging Server, you use a different method to enable or disable communication. Communication between hosted domains is disabled by default.
To enable communication between hosted domains, set the iim_server.hosteddomains.allowcrossdomainsaccess property to true:
./imconfutil -c InstantMessaging_home/config/iim.conf.xml set-prop iim_server.hosteddomains.allowcrossdomainsaccess=true
When you enable communication between hosted domains, set the iim_server.hosteddomains.activelist property to whitelist, blacklist, or none, depending on how you want to allow communication.
To disable communication between hosted domains, set the iim_server.hosteddomains.allowcrossdomainsaccess property to false:
./imconfutil -c InstantMessaging_home/config/iim.conf.xml set-prop iim_server.hosteddomains.allowcrossdomainsaccess=false
To add whitelist domains for communication between hosted domains, use the iim_server.hosteddomains.whitelist property:
imconfutil -c InstantMessaging_home/config/iim.conf.xml set-prop iim_server.hosteddomains.activelist=whitelist iim_server.hosteddomains.whitelist=domain1,domain2
To add blacklist domains for communication between hosted domains, use the iim_server.hosteddomains.blacklist property:
imconfutil -c InstantMessaging_home/config/iim.conf.xml set-prop iim_server.hosteddomains.activelist=blacklist iim_server.hosteddomains.blacklist=domain1,domain2