Delegated Admin GUI customization
The Delegated Admin GUI is not always very convenient in its default settings.
For a couple of short examples that annoy me while I'm installing and migrating to this server:
1) the user list is split by 10's of users per page or all users on one page, and 10 accounts per page is the default;
2) I can search for users by their email addresses (and that's often more convenient than guessing/remembering what form of the name was entered), but I always have to select that option from a dropdown list, and be careful to type in the partial address before (or between) the wildcard asterisks, etc.
Is it possible to provide some customization to the GUI - i.e. pre-selected value for "All users on one page", or perhaps better - an increased amount (100 instead of 10); preselect "Search by email" and enter two asterisks as the search field value to easily search for partial addresses (and process a double-asterisk as a single-asterisk - search for everyone - for reverse compatibility), etc?
I believe these types of customizations should be easy to do, is that somehow supported/configured.
The harder types of customizations i thought of (which may include coding) would be:
1) extend/configure the list of attributes to search for (i.e. email doesn't seem to include aliases), and
2) adding another default option - "Search by all of these attributes"
JimKlimov wrote:
The Delegated Admin GUI is not always very convenient in its default settings. A little bit of background. The Delegated Admin GUI is not designed to be the all encompassing provisioning tool and this is reflected in the lack of UI customisation guides and the limited functionality. The tool caters for the smaller organisation that wants to perform simple account/group/resource creation and deletion and also to big-ISP's that wanted a delegated administration tool for hosted domains.
Medium sized organisations e.g. Universities tend to develop their own provisioning tools (usually for financial reasons).
Larger organisations either have their own provisioning tools or make use of DA's user/account provisioning big brother :
http://www.sun.com/software/products/identity_mgr/index.xml
A customisation guide for common settings/modifications is available here:
http://docs.sun.com/app/docs/doc/819-4438/acfdl?a=view
For a couple of short examples that annoy me while I'm installing and migrating to this server:
1) the user list is split by 10's of users per page or all users on one page, and 10 accounts per page is the default;I was able to increase the limit by changing the maxRows setting in the following file and restarting the webserver instance:
/var/opt/SUNWwbsvr7/https-<hostname>/web-app/<hostname>/da/jsp/users/UserList.jsp
2) I can search for users by their email addresses (and that's often more convenient than guessing/remembering what form of the name was entered), but I always have to select that option from a dropdown list, and be careful to type in the partial address before (or between) the wildcard asterisks, etc.Try using the "advanced search" instead (at the top of the GUI near the log out/help links)
I believe these types of customizations should be easy to do, is that somehow supported/configured.You can make the customizations, the down side is that when you apply a DA patch they will be over-written. From memory they were planning on addressing this limitation at some stage but it appears to have dropped off the developers "radar".
1) extend/configure the list of attributes to search for (i.e. email doesn't seem to include aliases), and It is supposed to : RFE#6296082 - "Need to provide ability to search for email alias in delegated admin" was implemented several years ago but the search as you said doesn't seem to include mailalternateaddress/mailequivalentaddress. You will need to log a support case to get this investigated further.
2) adding another default option - "Search by all of these attributes"Refer to the advanced search.
Regards,
Shane.
Similar Messages
-
If anyone has experience with the GUI I/F, I'd like to know how long it takes to do the lookups and load an organization's user base. The tests I've run take about 104 secs for less than 2K users and seems unreasonable. Issue applies to access manager also.....
Thanks.
(Hope this is correct forum for this question)I mean, we have also this problem:
Hello,
We have the same problem.
The only way to quickly find an user is to do an
"Advanced Search" just after you log into DA.
If you load your domain by clicking on it, it's very
slow.
But the advanced search is very fast.
When you create an user it's the same problem, it
takes 5 minutes to create an user.
I think we have to wait an update because the new DA
is not finished and reliable to manage your domain.
The best way for the moment is the CLI. If you want
beautiful interface and poor performance look at
Exchange !
Michel_frRegards -
Delegated Admin- Adding user causes unhandled exceptions
Now that I've finally settled on 05q1, Im trying to create accounts using the delegated admin GUI.
I click on my domain, then on "New". I then fill out first, last name, role is Business OA, no postal address, assign no service package, change the loginId and two passwords. At this point, when I click "Next", I get a "Server Error" screen with this information:
This server has encountered an internal error which prevents it from fulfilling your request. The most likely cause is a misconfiguration. Please ask the administrator to look for messages in the server's error log.
The messages below show up in /opt/sun/webserver/https-imap.domain.com/logs/errors. I couldn't find any other error for ds, identity, admin server, etc. After this exception, I also have to log back in to DA. The messages are quite vague (from an administrative standpoint) so any help is appreciated!
[11/Jan/2006:10:32:02] failure (18149): for host xx.xxx.xxx.xxx trying to POST /da/wizard/WizardWindow, service-j2ee reports: Ap
plicationDispatcher[da] WEB2649: Servlet.service() for servlet jsp threw exception
javax.servlet.ServletException
at org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImpl.java:536)
at jsps.com_sun_web_ui._jsp._wizard._WizardWindow_jsp._jspService(_WizardWindow_jsp.java:559)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:107)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
at com.iplanet.ias.web.jsp.JspServlet$JspServletWrapper.service(JspServlet.java:687)
at com.iplanet.ias.web.jsp.JspServlet.serviceJspFile(JspServlet.java:459)
at com.iplanet.ias.web.jsp.JspServlet.service(JspServlet.java:375)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:772)
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:471)
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:382)
at com.iplanet.jato.view.ViewBeanBase.forward(ViewBeanBase.java:340)
at com.iplanet.jato.view.ViewBeanBase.forwardTo(ViewBeanBase.java:261)
at com.sun.web.ui.view.wizard.CCWizard.handleNextButtonRequest(CCWizard.java:730)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at com.iplanet.jato.view.command.DefaultRequestHandlingCommand.execute(DefaultRequestHandlingCommand.java:183)
at com.iplanet.jato.view.RequestHandlingViewBase.handleRequest(RequestHandlingViewBase.java:308)
at com.iplanet.jato.view.ViewBeanBase.dispatchInvocation(ViewBeanBase.java:802)
at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandlerInternal(ViewBeanBase.java:740)
at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandlerInternal(ViewBeanBase.java:760)
at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandler(ViewBeanBase.java:571)
at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:957)
at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
at com.iplanet.jato.ApplicationServletBase.doPost(ApplicationServletBase.java:473)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:807)
at com.sun.comm.da.WizardWinServlet.service(WizardWinServlet.java:111)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
at com.sun.comm.da.LoginFilter.doFilter(LoginFilter.java:128)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:213)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:280)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:212)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:209)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:161)
at com.iplanet.ias.web.WebContainer.service(WebContainer.java:580)
----- Root Cause -----
javax.servlet.jsp.JspException
at com.sun.web.ui.taglib.wizard.CCWizardTag.getWizardPageHTML(CCWizardTag.java:1577)
at com.sun.web.ui.taglib.wizard.CCWizardTag.appendPageletBodyContentHTML(CCWizardTag.java:668)
at com.sun.web.ui.taglib.wizard.CCWizardTag.appendWizardBodyHTML(CCWi
[11/Jan/2006:10:32:02] failure (18149): for host xx.xxx.xxx.xxx trying to POST /da/wizard/WizardWindow, service-j2ee reports: WE
B2798: [da] ServletContext.log(): [ERROR] Uncaught application exception
com.iplanet.jato.NavigationException: Exception encountered during forward
Root cause = [javax.servlet.jsp.JspException]
at com.iplanet.jato.view.ViewBeanBase.forward(ViewBeanBase.java:380)
at com.iplanet.jato.view.ViewBeanBase.forwardTo(ViewBeanBase.java:261)
at com.sun.web.ui.view.wizard.CCWizard.handleNextButtonRequest(CCWizard.java:730)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at com.iplanet.jato.view.command.DefaultRequestHandlingCommand.execute(DefaultRequestHandlingCommand.java:183)
at com.iplanet.jato.view.RequestHandlingViewBase.handleRequest(RequestHandlingViewBase.java:308)
at com.iplanet.jato.view.ViewBeanBase.dispatchInvocation(ViewBeanBase.java:802)
at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandlerInternal(ViewBeanBase.java:740)
at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandlerInternal(ViewBeanBase.java:760)
at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandler(ViewBeanBase.java:571)
at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:957)
at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
at com.iplanet.jato.ApplicationServletBase.doPost(ApplicationServletBase.java:473)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:807)
at com.sun.comm.da.WizardWinServlet.service(WizardWinServlet.java:111)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
at com.sun.comm.da.LoginFilter.doFilter(LoginFilter.java:128)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:213)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:280)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:212)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:209)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:161)
at com.iplanet.ias.web.WebContainer.service(WebContainer.java:580)
Root cause:
javax.servlet.jsp.JspException
at com.sun.web.ui.taglib.wizard.CCWizardTag.getWizardPageHTML(CCWizardTag.java:1577)
at com.sun.web.ui.taglib.wizard.CCWizardTag.appendPageletBodyContentHTML(CCWizardTag.java:668)
at com.sun.web.ui.taglib.wizard.CCWizardTag.appendWizardBodyHTML(CCWizardTag.java:658)
at com.sun.web.ui.taglib.wizard.CCWizardTag.getHTMLStringInternal(CCWizardTag.java:469)
at com.sun.web.ui.taglib.common.CCTagBase.doEndTag(CCTagBase.java:114)
at jsps.com_sun_web_ui._jsp._wizard._WizardWindow_jsp._jspService(_WizardWindow_jsp.java:260)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:107)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
at com.iplanet.ias.web.jsp.JspServlet$JspServletWrapper.service(JspServlet.java:687)
at com.iplanet.ias.web.jsp.JspServlet.serviceJspFile(JspServlet.java:459)
at com.iplanet.ias.web.jsp.JspServlet.service(JspServlet.java:375)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:772)
at org.apache.catalina.cor
[11/Jan/2006:10:32:02] failure (18149): for host xx.xxx.xxx.xxx trying to POST /da/wizard/WizardWindow, service-j2ee reports: St
andardWrapperValve[WizardWinServlet]: WEB2792: Servlet.service() for servlet WizardWinServlet threw exception
javax.servlet.ServletException: Uncaught exception
at com.iplanet.jato.ApplicationServletBase.onUncaughtException(ApplicationServletBase.java:1415)
at com.sun.comm.da.WizardWinServlet.onUncaughtException(WizardWinServlet.java:98)
at com.iplanet.jato.ApplicationServletBase.fireUncaughtException(ApplicationServletBase.java:1164)
at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:639)
at com.iplanet.jato.ApplicationServletBase.doPost(ApplicationServletBase.java:473)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:807)
at com.sun.comm.da.WizardWinServlet.service(WizardWinServlet.java:111)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
at com.sun.comm.da.LoginFilter.doFilter(LoginFilter.java:128)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:213)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:280)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:212)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:209)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:161)
at com.iplanet.ias.web.WebContainer.service(WebContainer.java:580)
----- Root Cause -----
com.iplanet.jato.NavigationException: Exception encountered during forward
Root cause = [javax.servlet.jsp.JspException]
at com.iplanet.jato.view.ViewBeanBase.forward(ViewBeanBase.java:380)
at com.iplanet.jato.view.ViewBeanBase.forwardTo(ViewBeanBase.java:261)
at com.sun.web.ui.view.wizard.CCWizard.handleNextButtonRequest(CCWizard.java:730)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at com.iplanet.jato.view.command.DefaultRequestHandlingCommand.execute(DefaultRequestHandlingCommand.java:183)
at com.iplanet.jato.view.RequestHandlingViewBase.handleRequest(RequestHandlingViewBase.java:308)
at com.iplanet.jato.view.ViewBeanBase.dispatchInvocation(ViewBeanBase.java:802)
at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandlerInternal(ViewBeanBase.java:740)
at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandlerInternal(ViewBeanBase.java:760)
at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandler(ViewBeanBase.java:571)
at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:957)
at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
at com.iplanet.jato.ApplicationServletBase.doPost(ApplicationServletBase.java:473)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:807)
at com.sun.comm.da.WizardWinServlet.service(WizardWinServlet.java:111)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
at com.sun.comm.da.LoginFilter.doFilter(LoginFilter.java:128)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.Might it have something to do with having not assigned service package? I read in the 05Q4 notes that in 05Q1, a service package had to be defined. I just tried to allocate some service packages to the domain and I get the same "Server Error" page when I click "Next" on the page where I choose how many service packages to allocate (i.e. the screen right before the "Summary" page)
At least the errors are a little more informative in the webserver error log (sample below)
I chose 3 service packages and attempted to allocate 50 each, No anonymous logins for calendar server and put in a calendar server hostname. All other fields were left to default.
[12/Jan/2006:15:14:13] failure (18149): for host 63.241.196.147 trying to POST /da/wizard/WizardWindow, service-j2ee reports: Ap
plicationDispatcher[da] WEB2649: Servlet.service() for servlet jsp threw exception
javax.servlet.ServletException: String index out of range: -15
at org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImpl.java:536)
at jsps.com_sun_web_ui._jsp._wizard._WizardWindow_jsp._jspService(_WizardWindow_jsp.java:559)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:107)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
at com.iplanet.ias.web.jsp.JspServlet$JspServletWrapper.service(JspServlet.java:687)
at com.iplanet.ias.web.jsp.JspServlet.serviceJspFile(JspServlet.java:459)
at com.iplanet.ias.web.jsp.JspServlet.service(JspServlet.java:375)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:772)
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:471)
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:382)
at com.iplanet.jato.view.ViewBeanBase.forward(ViewBeanBase.java:340)
at com.iplanet.jato.view.ViewBeanBase.forwardTo(ViewBeanBase.java:261)
at com.sun.web.ui.view.wizard.CCWizard.handleNextButtonRequest(CCWizard.java:730)
at sun.reflect.GeneratedMethodAccessor37.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at com.iplanet.jato.view.command.DefaultRequestHandlingCommand.execute(DefaultRequestHandlingCommand.java:183)
at com.iplanet.jato.view.RequestHandlingViewBase.handleRequest(RequestHandlingViewBase.java:308)
at com.iplanet.jato.view.ViewBeanBase.dispatchInvocation(ViewBeanBase.java:802)
at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandlerInternal(ViewBeanBase.java:740)
at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandlerInternal(ViewBeanBase.java:760)
at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandler(ViewBeanBase.java:571)
at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:957)
at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
at com.iplanet.jato.ApplicationServletBase.doPost(ApplicationServletBase.java:473)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:807) -
Delegated Admin Customization problem
Delegated Administrator 7.0-0.00
I'm trying to disable the ability to change the Mail & Message Quota when assigning an additional service package using Delegated Admin
OrganizationAdminRole.WizardWindow.Wizard.WizardPage11.MailQuotaValue=NONEDITABLE
When I enable that it won't let me past that screen keeps kicking me back.
When I disable it lets me past the screen.
This is all my cusomizations so you can duplicate it.
OrganizationAdminRole.UserProperties.MailQuotaValue=NONEDITABLE
OrganizationAdminRole.UserProperties.MailMsgQuotaValue=NONEDITABLE
OrganizationAdminRole.WizardWindow.Wizard.WizardPage11.MailQuotaValue=NONEDITABLE
OrganizationAdminRole.WizardWindow.Wizard.WizardPage11.MailMsgQuotaValue=NONEDITABLE
OrganizationAdminRole.WizardWindow.Wizard.WizardPage12.CalendarHostValue=NONEDITABLE
OrganizationAdminRole.WizardWindow.Wizard.WizardPage31.MailHostValue=NONEDITABLE
OrganizationAdminRole.WizardWindow.Wizard.WizardPage31.MailQuotaValue=NONEDITABLE
OrganizationAdminRole.WizardWindow.Wizard.WizardPage31.MailMsgQuotaValue=NONEDITABLE
OrganizationAdminRole.tabs.orgproperties=INVISIBLE
I've confirmed it on 2 servers.
Bug? Or my config?Mark_Wal wrote:
When I enable that it won't let me past that screen keeps kicking me back.
When I disable it lets me past the screen.
This is all my cusomizations so you can duplicate it.
OrganizationAdminRole.WizardWindow.Wizard.WizardPage11.MailQuotaValue=NONEDITABLE
OrganizationAdminRole.WizardWindow.Wizard.WizardPage11.MailMsgQuotaValue=NONEDITABLEI could reproduce the problem behaviour with just the above settings enabled.
Bug? Or my config?I've logged a new bug :
bug #6861629 - "DA7: Setting mail quota values as noneditable in assign service package causes mail step to loop"
Please escalate via Sun Support for a fix.
Regards,
Shane. -
Delegated Admin and non-flat user/group structures
Hello, I am trying to build a directory structure with several containers under an organization used to store different portions of userdata and group data (i.e. not only ou=people and ou=group, but also a few ou's like them). Server software is from OUCS 7u2 release. Users in "other" containers are populated into LDAP (ODSEE 11) by replication, filling in all the same attributes as a freshly DA-created account has.
The Delegated Admin interface and other parts of the software accept this and work okay with this setup, displaying user information, allowing logins and so on - except for attempts to edit user accounts in the alternate containers in the DA (i.e. add/remove service packages, change quotas, etc.). First I've verified that this is not an LDAP problem - I can use both command-line ldapmodify and an LDAPBrowser GUI to edit the entries with no hiccups.
I tracked that when trying to save account information for accounts in non-standard containers, the DA still tries to use a hard-coded path (i.e. uid=USERNAME,ou=people,o=DOMAINNAME,dc=DOMAIN,dc=NAME) despite the fact that the user account is (and DA displayed it from) uid=USERNAME,ou=morePeople,o=DOMAINNAME,dc=DOMAIN,dc=NAME.
Possibly, this "hardcoding" stems from DA configuration in WEB-INF/classes/sun/comm/cli/server/servlet/serverconfig.properties which does list components of the LDAP structure:
# Ldap configuration.
# List of ldap hosts. Form is <ldaphost>:<portnumber>. (Default port = 389)
# add additional hosts with ldaphost-<consecutive number>
# Schema type is either "1" or "2".
# Reconnect interval is in seconds
# Group and people container is dn from organization dn (e.g ou=people)
ldaphost-1=oucsldap01:389
ldaphost-2=oucsldap02:389
ldaphost-suffix=dc=DOMAIN,dc=NAME
ldaphost-dcsuffix=dc=DOMAIN,dc=NAME
ldaphost-maxcount=50
ldaphost-schematype=2
ldaphost-reconnectinterval=60
ldaphost-peoplecontainer=ou=People
ldaphost-groupcontainer=ou=Groups
ldaphost-orgadminrole=cn=Organization Admin Role
While the organization root dn is not explicit here (and shouldn't be), the default people container is... I might guess a coding error logic like this: indeed, the "ou=People" container should be used by default when creating a user via DA; as a likely error, it might also be used when editing existing users - instead of their existing full DN/parent DN.
Questions:
1) Does anyone have a working configuration with several user/group containers within an organization like this? Would you care to share details and workarounds, if were needed?
2) I think that possibly the "shared domain/organization hosting" mode might help here - at least it is expected to have several LDAP trees with their delegated administrators performing as a single e-mail domain. Before I go and reconfigure everything, I'd love to hear if there are any success stories with this route? Is it a proper solution (or THE solution) for such config?
Thanks,
//Jim KlimovI wanted to follow up that reconfiguring the directory structure according to shared domain hosting, with branches for ISW-synchronized accounts as one of the sub-organizations which share the domain, and manually created OUCS-only accounts being in another sub-organization. This works for both messaging components and the DA, as long as UIDs are in ou=People in their organization. Somewhat unfortunately, ISW config seems to allow only one DSEE target branch and puts groups (CN) there as well. Well, for our needs to edit user attributes and service packages via DA, this suffices. Sometimes there are hiccups (Can not save changes), but they are intermittent and harder to trace debug; usually go away with restart of the DA web container. The DSEE LDAP instances are configured with plugins to enforce uid uniqueness across the organization and uniqueness of values of messaging email address attributes (mail, mailAlternateAddress, mailEqiuvalentAddress) to avoid mixups between user accounts in different branches.
Also, we had a problem with Calendar server after migrating the LDAP entries: since our deployment used the nsUniqueID for calendar user identification, relocation of entries (the way we did it) generated new values for new entries and users got new empty caledar databases. On this POC this was not a major problem, and newer OUCS releases with a davUniqueID attribute should specifically be immune to this problem. However, for others trodding this path I can suggest that they export the LDAP database into LDIF including the unique IDs, recreate the suffixes as needed (the ISW target organization in DSEE should be a separate LDAP database suffix), change the LDIF entry pathnames, and import the LDIF anew. This would wipe old LDAP data and should add old nsUniqueIDs to relocated entries (unlike recreation via ldapadd or relocation via ldapmodrdn).
We have also hit a problem with DA refusing to render the list of accounts (returning 0 or 25 empty entries in a table). The LDAP logs showed that on the LDAP side all is ok, and expected amount of replies was located. Pattern searches often produced the proper table with a subset of users in DA. Ultimately, we linked the problem to ISW binary base64-encoded attributes (dspswuserlink et al; some of those values also garbaged output of commadmin queries in a terminal) and created an LDAP ACI which forbade our DA-admin user to read,search,compare these attributes. This solved the problem for us. I wonder if a more generic solution is possible, so as to apply this ACI not to an explicitly named admin user but to any users with DA admin privileges (by group or role? which string, to cover them all in advance)? Or, perhaps, nobody except the ISW user account should see these ISW attributes?
Hope this report helps others who would try to pioneer this path of messaging integration
//Jim Klimov -
Delegated Admin reports strange number of users
I recently noted that our Delegated Admin (Delegated Administrator 6.4-2.05, B2008-04-29) Organizations page
(the one which lists the hosted domains and particularly their "Number of Users") lists this number plain wrong.
For many organizations it is reported as 0 or 1, for one there's a blank line, and only one seemingly has 39 users.
When I click on organizations however, I see their full lists of users (I believe, ones which have a non-empty mail
attribute set in LDAP) and there are tens in most orgs and over a hundred accounts in the larger org.
What is wrong? Does DA's Organization-List page use some other means of counting the users than the individual
Organization's page?JimKlimov wrote:
In fact, while importing our old server, I did initialize most domains' users via
ldapclient queries as discussed on-list in mid-2008. Nobody said that there
are other static values outside of a user's account data :)The sunnumusers: attribute is commonly overlooked -- primarily because it is for admin-interface purposes only and doesn't impact on the operation of user accounts.
Is it possible to replace this value of sunnumusers by a dynamic search (or
counter), either in the GUI code or perhaps in the LDAP attribute?No. Any such dynamic search would have an adverse performance impact on the DA interface for large environments.
What is the logically correct value, the count of users with mail attribute set?If you want the sunnumusers: to match the number of users displayed when you click on the organisation in the "Organizations" tab then you would count the users which matched the following search for the domain:
""(&(uid=*)(&(objectClass=inetuser)(|(inetUserStatus=active)(inetUserStatus=inactive))))""
Regards,
Shane. -
Delegated Admin and Class of Service
Hi
we have configured
Messaging Server
Calendar server
Instant Messaging Server
and Portal Server
We would like use delegated admin for user provisioning.
We are able to modify default Class of Service templates to suit our needs for Messaging and Calendaring.
We would also like to provide Portal desktop and Instant messaging access thru' delegated admin.
Help us to configure these class of services either using directory console or any other method
Thanks
Sabarkbunca wrote:
Recently we deleted about 3K users using: commadmin domain purge, and while
it appears to have successfully deleted the users -- ldapsearch doesn't yield any
output. The lower number of users is NOT reflected in the field "Number of Users"
on the Delegated Admin page. It still shows the same number of users >11K we
"had" prior to the deletion process.
Any ideas to explain this discrepancy?The number of users displayed in the DA GUI is recorded in the "sunNumUsers" attribute associated with the domain e.g.
dn: o=aus.sun.com,dc=aus,dc=sun,dc=com
sunNumUsers: 11
This is to avoid having to do an ldapsearch across the domain to get a count. You can manually update this attribute to get the number back-in-sync.
The commadmin domain purge should have updated this value -- I couldn't find any pre-existing bugs to explain why it didn't happen in your case. I suggest you log a support case to get this looked into further.
You may also want to check your directory audit logs to see if an attempt was made to update this attribute but failed for some reason.
Regards,
Shane. -
Delegated Admin and Number of Users
Recently we deleted about 3K users using: commadmin domain purge, and while
it appears to have successfully deleted the users -- ldapsearch doesn't yield any
output. The lower number of users is NOT reflected in the field "Number of Users"
on the Delegated Admin page. It still shows the same number of users >11K we
"had" prior to the deletion process.
Any ideas to explain this discrepancy?
-- Bobrkbunca wrote:
Recently we deleted about 3K users using: commadmin domain purge, and while
it appears to have successfully deleted the users -- ldapsearch doesn't yield any
output. The lower number of users is NOT reflected in the field "Number of Users"
on the Delegated Admin page. It still shows the same number of users >11K we
"had" prior to the deletion process.
Any ideas to explain this discrepancy?The number of users displayed in the DA GUI is recorded in the "sunNumUsers" attribute associated with the domain e.g.
dn: o=aus.sun.com,dc=aus,dc=sun,dc=com
sunNumUsers: 11
This is to avoid having to do an ldapsearch across the domain to get a count. You can manually update this attribute to get the number back-in-sync.
The commadmin domain purge should have updated this value -- I couldn't find any pre-existing bugs to explain why it didn't happen in your case. I suggest you log a support case to get this looked into further.
You may also want to check your directory audit logs to see if an attempt was made to update this attribute but failed for some reason.
Regards,
Shane. -
IPlanet Delegated Admin .... Comm Express
Hi,
I am trying to checkout the SJMS 2005Q1...
The classical iMS 5.2 used to have web based Delegated Admin....
This would let me keep a DA admin for each domain...and each domain would easily access the DA page from web.
in SJMS ....i.e. Comm express DA....this is a GUI...
how can I give access to the DA over internet??
What are the improvements of this new DA vs the old.
Cheers
msg_adminHi,
I am trying to checkout the SJMS 2005Q1...
The classical iMS 5.2 used to have web based
Delegated Admin....We called it, iPlanet Delegated Admin
This would let me keep a DA admin for each
domain...and each domain would easily access the DA
page from web.
in SJMS ....i.e. Comm express DA....this is a GUI...
how can I give access to the DA over internet??Provide access to the DA port through your firewall.
>
What are the improvements of this new DA vs the old.It's a little more limited, actually....
The real "improvement" is that it works with Schema 2. If you decide to run your new server under Schema 1 configuration, you can continue to use the old iDA.\
>
Cheers
msg_admin -
Continuing delegated admin issues
Folks,
I have install nda on our production machine. When I try to login as ServiceAdmin (which is the mail admin in ldap) it says invalid credentials.
I have more problems with delegated admin -- I am starting to hate it....The command line is your friend. Learn it, use it, love it. :-)
Seriously, for account creation/deletion, I've written scripts for doing that. Much easier than the GUI. Besides, the GUI doesn't delete PAB entries (last I checked). I also have a script for setting a user's password.
I do have one question: Why doesn't the iDA allow me to modify a user's mail filter? I can do other stuff, but not that.
Roger S. -
Can't login to Delegated Admin after redeploy
I originally had Delegated Admin 6.4 running on port 80 in Webserver 7u3 along with AM, and UWC. I needed to move DA off of port 80 so I created another Webserver instance on port 81 and then uninstalled and reinstalled Delegated Admin against the new instance. In the configurator I specified port 80 where it asked about Access Manager and port 81 where it asked to deploy DA. Now I cannot login to DA. It keeps telling me: "Invalid login ID or password, please try again". The ID and password are correct. No LDAP traffic is being generated during the attempted login. I turned on DA logging and this is what I get:
Aug 23, 2008 4:43:39 PM com.sun.comm.da.security.DALoginManager login
INFO: Login failed, login id [admin]
com.sun.comm.jdapi.DAException: Moved Temporarily: Moved Temporarily
at com.sun.comm.jdapi.DAConnection.liveAuth(DAConnection.java:88)
at com.sun.comm.jdapi.DAConnection.authenticate(DAConnection.java:130)
at com.sun.comm.da.security.DALoginManager.login(DALoginManager.java:209)
at com.sun.comm.da.view.LoginViewBean.handleLoginButtonRequest(LoginViewBean.java:212)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at com.iplanet.jato.view.command.DefaultRequestHandlingCommand.execute(DefaultRequestHandlingCommand.java:183)
at com.iplanet.jato.view.RequestHandlingViewBase.handleRequest(RequestHandlingViewBase.java:308)
at com.iplanet.jato.view.ViewBeanBase.dispatchInvocation(ViewBeanBase.java:802)
at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandlerInternal(ViewBeanBase.java:740)
at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandler(ViewBeanBase.java:571)
at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:957)
at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
at com.iplanet.jato.ApplicationServletBase.doPost(ApplicationServletBase.java:473)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:816)
at com.sun.comm.da.DAServlet.service(DAServlet.java:152)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:917)
at org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:398)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185)
at com.sun.comm.da.LoginFilter.doFilter(LoginFilter.java:133)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:217)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:255)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:188)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:586)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:556)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:187)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:586)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:556)
at com.sun.webserver.connector.nsapi.NSAPIProcessor.service(NSAPIProcessor.java:160)
Here is a sample of what I get when I run commadmin:
./commadmin -v search domain o=xyz.com
[Debug]: DBG:Object = search ; task = domain
[Debug]: default domain from Properties: xyz.com
[Debug]: IShost from Properties: webmail.xyz.com
[Debug]: ISPort from Properties: 80
Enter login ID: admin
Enter login password:
[Debug]: Contacting : http://webmail.xyz.com:80/commcli/auth
[Debug]: To servlet: domain=xyz.com&username=admin&password=xxxxxxxx&charsetenc=UTF-8
[Debug]: Http Error recvd: Moved Temporarily
Moved Temporarily: Moved Temporarily
Invalid value for Identity server host name: webmail.xyz.com
Invalid value for Identity server port: 80
Enter Identity server port[80]:
Any ideas?sheger77 wrote:
I originally had Delegated Admin 6.4 running on port 80 in Webserver 7u3 along with AM, and UWC. I needed to move DA off of port 80 so I created another Webserver instance on port 81 and then uninstalled and reinstalled Delegated Admin against the new instance. In the configurator I specified port 80 where it asked about Access Manager and port 81 where it asked to deploy DA.As per the administration guide, Delegated Administrator server needs to be installed in the same web-container/instance as Access Manager.
http://docs.sun.com/app/docs/doc/819-4438/acfck?a=view
"The Delegated Administrator server uses the same Web container as Access Manager. The configuration program asks for Web container information after it asks for the Access Manager base directory."
[Debug]: IShost from Properties: webmail.xyz.com
[Debug]: ISPort from Properties: 80The commadmin client is trying to contact the DA server which is supposed to be installed in the same Web container as Access Manager
(hence the use of IShost/ISPort):
[Debug]: Contacting : http://webmail.xyz.com:80/commcli/auth
[Debug]: To servlet: domain=xyz.com&username=admin&password=xxxxxxxx&charsetenc=UTF-8
[Debug]: Http Error recvd: Moved TemporarilyCan't contact DA server so attempt fails.
Regards,
Shane. -
From schema 1 to schema 2 migration delegated admin problem
I want migrate from schema 1 to schema 2 the messaging server 6.2 ( jes 2005q1).
I have install access manager and delegated admin.
With the commdirmig I migrate the domain and schema , the messaging work correctly.
I have a problem with the delegated admin web interface.
The delegated don't view my domain. If I add the sundelegatedorganization objectclass I can view my domain on delegated admin but I can view user and group.
Any Idea?
TIA
Bye GiovanniThere are two very different products called "deletaged admin". The old iPlanet Delegated Admin (iDA) only works with Schema 1. The current Delegated Admin, that comes with JES3 only works with Schema 2.
If you're using the old iDA that worked with schema 1, it won't work with schema 2. You have to install the new DA for that.
It doesn't work with groups/lists, only with users and domains. -
While installing IMS on p4, the delegated admin, MTA and IWS6.0 could not be started
I am installing IMS 5.1 NT version on a p4 machine and my MTA services are not starting, i searched for the IMTA.conf file but that was not found. Also the IWS 6.0 that was installed additionally for the upgraded JVM is not getting started , and the delegated admin through the browser could not be accessed
I am installing IMS 5.1 NT version on a p4 machine and my MTA services are not starting, i searched for the IMTA.conf file but that was not found. Also the IWS 6.0 that was installed additionally for the upgraded JVM is not getting started , and the delegated admin through the browser could not be accessed
-
ACS 4.2.1 - after fresh install - admin GUI comes up blank
Greetings:
ACS server: Windows server 2003R2 (VM)
Browser: IE 8
Installed ACS 4.2 (0.124)
Immediately installed ACS 4.2.1 patch 15 on top
Restarted server to kick services
All service started except CSAdmin - which sucessfully started manually
Admin GUI opens to a blank page.
Any ideas?
Thanks.hi,
Please trust the site in the browser. Also please ensure java is latest on the machine.
Hope this helps.
Regards,
Anisha
P.S.: please mark this thread as answered if you feel your query is resolved. Do rate helpful posts. -
I am running Iplanet messaging server 5.2 and am having problems loging into the delegated administrator. When I try to log in as ServiceAdmin I immediately get a screen telling me that the session has timed out and to re-authenticate.
Any ideas what is wrong?Unknown. Not nearly enough data to guess.
Please examine your LDAP access logs, and comment.
You should be looking for BIND commands for "NDAdmin". This is the first step in logging into Delegated Admin. If this fails, no user will be able to use DA.
Do you have password expiration set up in DS? did you remove this account? Change the pw?
Maybe you are looking for
-
Output Module (Bridge CC) not working on Mac
As suggested here http://helpx.adobe.com/bridge/kb/install-output-module-bridge-cc.html I downloaded and tried to install the Bridge CC Output Module. I could not find the "Bridge CC Extensions" folder only "Bridge CC" I can see the output name insid
-
Trace not showing Global container variable at mapping test time.
Hi Folks , I have a scenario file to Proxy scenario. At mapping time I am doing a lookup inside a UDF using JCO connections. Lookup is taking 2 fields(ex X an dY) as input and coming up with couple of fields in output. Output fileds I am storing in g
-
Imac display dims. can brighten in system preferences or with keyboard, but then randomly dims again
We have an iMac where I work that was purchased this last summer (2012). We bought a bunch, but this is the only one that has this issue. The main user of the computer says that the screen randomly dims while he is using it. It won't dim is he is
-
How do i get my internet to work without wifi?
I have a all net flat but cant go into my internet without the wifi
-
PO stock transport order - item change - field Customer in tab shipping
Dear all, because of an existing modification it is necessary that I have to update the field customer at shipping tab of an stock transport order item when item's storage location was changed within TAC ME22N or ME21N. Unfortunately SAP has not impl