This chapter describes how to provision Oracle Communications Instant Messaging Server users.
Instant Messaging Server does not provide bulk user provisioning tools. You must use a directory bulk provisioning tool for provisioning multiple Instant Messaging Server end users. By default, Instant Messaging Server does not provide specific commands to add, modify, or delete Instant Messaging Server end users. However, you can customize Instant Messaging Server to enable users to add themselves to the directory.
Because Instant Messaging Server users reside in LDAP, you cannot prevent them from using Instant Messaging Server. The only way to prevent end users from using Instant Messaging Server is to delete them from the directory or inactivate their user accounts in the directory. Keep in mind that doing this also prevents the user from binding to the directory.
The administrator can manage Instant Messaging Server end users by using the Instant Messaging Server Administrator Access Control mechanism. For more information, see the topic on controlling privileges in Instant Messaging Server Security Guide.
You can customize Instant Messaging Server to allow new user registration. When a user registers, Instant Messaging Server uses the information provided during registration to perform an ldapadd operation to create a user entry in the directory.
To configure Instant Messaging Server to allow new user registration you must add the configuration properties listed in Table 5-1.
Table 5-1 Instant Messaging Server New User Registration Configuration Properties
| Property | Description |
|---|---|
|
iim.register.enable |
If true, the server allows new Instant Messaging Server end users to register themselves (add themselves to the directory). |
|
iim_ldap.register.basedn |
If self-registration is enabled, the value of this property is the DN of the location in the LDAP directory in which person entries are stored. For example: ou=people,dc=siroe,dc=com. |
|
iim_ldap.register.domain |
The domain to which new users will be added. For example, directory.siroe.com. |
To configure Instant Messaging Server to allow new user registration using iim_ldap (iim.policy.modules = iim_ldap):
Use the imconfutil command to add the configuration properties and appropriate values as described in "Configuration Properties".
For example:
imconfutil set-prop -c InstantMessaging_home/config/iim.conf.xml iim.register.enable=true iim_ldap.register.basedn="ou=people,o=india.sun.com,dc=india,dc=sun,dc=com" iim_ldap.register.domain=india.sun.com
Refresh the server configuration by using the imadmin command.
imadmin refresh server
To configure Instant Messaging Server to allow new user registration using policy module schema 1 or schema 2 (iim.policy.modules = iim_ldap_schema1 or iim.policy.modules = iim_ldap_schema2):
Use the imconfutil command to add the configuration properties and appropriate values as described in "Configuration Properties".
For example:
imconfutil set-prop -c InstantMessaging_home/config/iim.conf.xml iim.register.enable=true
Refresh the server configuration by using the imadmin command.
imadmin refresh server
By default Instant Messaging Server stores user properties in LDAP. You must run the imadmin assign_services command to add required object classes to user entries in the directory. These object classes are used by Instant Messaging Server to store user properties in user entries.
Caution:
Some user attributes may contain confidential information. Ensure that your directory access control is set up to prevent unauthorized access by non-privileged users. Refer to your directory documentation for more information.To store Instant Messaging Server user properties in LDAP:
Ensure that the iim.policy.modules configuration property has a value of iim_ldap, and that the iim.userprops.store configuration property has a value of ldap.
For example:
imconfutil -c InstantMessaging_home/config/iim.conf.xml get-prop|grep iim.policy.modules
imconfutil -c InstantMessaging_home/config/iim.conf.xml get-prop|grep iim.userprops.store
If the values are not set, use the imconfutil command to set them.
Run imadmin assign_services:
imadmin assign_services
The imadmin command checks the value of the iim.policy.modules property.
Enter the Bind DN and password you want imadmin to use to bind to the directory.
The Bind DN should have sufficient credentials to modify the directory schema, for example the Directory Manager DN.
Enter the Base DN under which user entries are stored.
Next, imadmin adds sunIMUser, and sunPresenceUser object classes to the user entries in the organization you specified.