Wednesday Oct 17, 2012

Configure Calendar Server 7 to Use the davUniqueId Attribute

Starting with Calendar Server 7 Update 3 (Patch 08) we introduce a new attribute davUniqueId in the davEntity objectclass, to use as the unique identifier. 

The reason behind this is quite simple, the LDAP operational attribute nsUniqueId  has been chosen as the default value used for the unique identifier. It was discovered that this choice has a potential serious downside. The problem with using nsUniqueId is that if the LDAP entry for a user, group, or resource is deleted and recreated in LDAP, the new entry would receive a different nsUniqueId value from the Directory Server, causing a disconnect from the existing account in the calendar database. As a result, recreated users cannot access their existing calendars.


How To Configure Calendar Server to Use the davUniqueId Attribute?

Populate the davUniqueId to the ldap users. You can create a LDIF output file only or (-x option) directly run the ldapmodify from the populate-davuniqueid shell script.

# ./populate-davuniqueid -h localhost -p 389 -D "cn=Directory Manager" -w <passwd> -b "o=red" -O -o /tmp/out.ldif

The ldapmodify might failed like below, in that case the LDAP entry already have the 'daventity' objectclass, in those cases run populate-davuniqueid script without the -O option.

# ldapmodify -x -h localhost -p 389 -D "cn=Directory Manager" -w <passwd> -c -f /tmp/out.ldif
modifying entry "uid=mparis,ou=People,o=vmdomain.tld,o=red"
ldapmodify: Type or value exists (20)

In this case the user 'mparis' already have the objectclass 'daventity', ldapmodify do not take care of this DN and just take the next DN (if you start ldapmodify with -c option otherwise it stop's completely)

dn: uid=mparis,ou=People,o=vmdomain.tld,o=red
changetype: modify
add: objectclass
objectclass: daventity
-
add: davuniqueid
davuniqueid: 01a2c501-af0411e1-809de373-18ff5c8d

Even run populate-davuniqueid without -O option or changing the outputfile to

dn: uid=mparis,ou=People,o=vmdomain.tld,o=red
changetype: modify
add: davuniqueid
davuniqueid: 01a2c501-af0411e1-809de373-18ff5c8d

The ldapmodify works fine now. The only issue I see here is you need verify which user might need the 'daventity' objectclass as well. On the other hand start without the objectclass and only add the objectclass for the users where you get 'Objectclass violation' report. That's indicate the objectclass is missing.

# ldapmodify -x -h localhost -p 389 -D "cn=Directory Manager" -w <passwd> -c -f /tmp/out.ldif
modifying entry "uid=mparis,ou=People,o=vmdomain.tld,o=red"

Now it is time to change the configuration to use the davuniquid attribute

# ./davadmin config modify -o davcore.uriinfo.permanentuniqueid -v davuniqueid

It is also needed to modfiy the search filter to use davuniqueid instead of nsuniqueid

# ./davadmin config modify -o davcore.uriinfo.subjectattributes -v "cn davstore icsstatus mail mailalternateaddress davUniqueId  owner preferredlanguageuid objectclass ismemberof uniquemember memberurl mgrprfc822mailmember"

Afterward IWC Calendar works fine and my test user able to access all his old events.


14781101 popilate-davuniqueid should handle entries with or without daventity OC better

The observed issue is now even known as official Bug

Currently, the populate-davuniqueid script can generate LDAPMOD to add to the davEntity object class and the davUniqueId attribute at the same time. This does not work well when existing LDAP entries already have the davEntity object class.

Workaround:
In the populate-davuniqueid script, change lines 282-289 as follows:

From

  print $1 > OUT
  print "changetype: modify" > OUT
  print "add: objectclass" > OUT
  print "objectclass: daventity" > OUT
  print "-" > OUT
  print "add: davuniqueid" > OUT
  print "davuniqueid: " substr($2, 13) > OUT
  print "" > OUT

to

  print $1 > OUT
  print "changetype: modify" > OUT
  print "add: objectclass" > OUT
  print "objectclass: daventity" > OUT
  print "" > OUT
  print $1 > OUT
  print "changetype: modify" > OUT
  print "add: davuniqueid" > OUT
  print "davuniqueid: " substr($2, 13) > OUT
  print "" > OUT

Wednesday Sep 12, 2012

Setup a Autoreply Only Account

For some very good reason you might would like to setup a 'autoreply' only account, without storing the incoming mail into a mailbox. If not already done, create an account via Delegated Admin Gui or commadmin Commandline Tool.


Example:

/opt/sun/comms/da/bin/commadmin user create -D admin -d vmdomain.tld -w enigma -F Mike -l 
  mparis -L Paris -W tester -E Mike.Paris@vmdomain.tld -S mail -H mars.vmdomain.tld


Setup mailDeliveryOption to autoreply mode only, so no email will be stored in the user mailbox, skip this step if you want incoming emails stored in the mailbox.

ldapmodify -D "cn=Directory Manager" -w enigma -f /tmp/modfile

[/tmp/modfile]
dn: uid=mparis,ou=People,o=vmdomain.tld,o=red
changetype: modify
replace: mailDeliveryOption
mailDeliveryOption: autoreply


Setup mailSieveRuleSource with the autoreply text and 'do-not-reply' From address. The "Thank you ..." part becomes the subject. The next string in quotes is the body part of the message. The ":hours 0" denotes that we want a reply sent for every message. Finally,  the \n is used because of the wanted newlines in the body.

ldapmodify -D "cn=Directory Manager" -w enigma -f /tmp/addfile

[/tmp/addfile]
dn: uid=mparis,ou=People,o=vmdomain.tld,o=red
changetype: modify
add: mailSieveRuleSource
mailSieveRuleSource: require "vacation"; vacation :hours 0 :reply :from "do-not-reply
  @domain.com" :subject "Thank you for contacting webpost" "Your Mail is being review
  ed.\nTo access contact information please visit : http://www.domain.com \nPlease do 
  not reply to this e-mail as it is an automated response on your mail being accessed
  .\n\nPublic Respose Unit.\n"

Monday Feb 13, 2012

COMMS Suite 7u2 on Solaris 11 in Solaris 10 branded Zone

Unfortunately it is not possible to install Communication Suite 7u2 native on Solaris 11 because the packaging system has changed in Solaris 11. Unfortunately there is no patchadd available any more. To get benefits of Solaris 11 for COMMS Suite, it is possible to install the COMMS Suite into a Solaris 10 branded Zone.

What's new in Solaris 11


Installation Notes COMMS Suite on Solaris 11 in Solaris 10 branded Zone

NOTE: Use two Network Adapter for Virtual Machine Setup, and configure the second Network Adapter to be used by the Solaris 10 branded Zone. It turns out that I can not connect to the Zone if only one Network Adapter is configured for the Virtual Machine Setup. My wild guess on this, it is a regression (or Security Rule) of the Virtual Machine, to 'allow' only one MAC address for the Virtual Machine.

Install Solaris 11


Configure Zone

root@host:~# /usr/sbin/zonecfg -z s10
s10: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:s10>  create -t SYSsolaris10
zonecfg:s10>  set zonepath=/export/s10
zonecfg:s10>  verify
zonecfg:s10>  commit
zonecfg:s10>  exit

Install Solaris 10 Zone from flash archive.
More about flash archive can be found here.

zoneadm -z s10 install -a s10u9b14ax.flar -u

Install rpc.rstatd from pkg
The rpc.rstatd is not on Solaris 11 and need to be installed from the repository.

pkg install service/network/legacy-remote-utilities

Solaris 11 Network Configuration
Use net0 for Solaris 11 and use net1 for Solaris 10 branded Zone. Furthermore I choose net0 as 'bridged' and net1 as 'nat' with static IP in the Virtual Machine setup.

# dladm show-vnic
LINK                OVER         SPEED  MACADDRESS        MACADDRTYPE       VID
s10/net0            net1         1000   2:8:20:16:87:a5   random            0


# dladm show-phys
LINK              MEDIA                STATE      SPEED  DUPLEX    DEVICE
net0              Ethernet             up         1000   full      e1000g0
net1              Ethernet             up         1000   full      e1000g1

# dladm show-link
LINK                CLASS     MTU    STATE    OVER
net0                phys      1500   up       --
net1                phys      1500   up       --
s10/net0            vnic      1500   up       net1

# ipadm show-if
IFNAME     CLASS    STATE    ACTIVE OVER
lo0        loopback ok       yes    --
net0       ip       ok       yes    --

# ipadm show-addr
ADDROBJ           TYPE     STATE        ADDR
lo0/v4            static   ok           127.0.0.1/8
net0/_b           dhcp     ok           129.157.155.89/24
lo0/v6            static   ok           ::1/128
net0/_a           addrconf ok           fe80::20c:29ff:fe21:1364/10


Configure second Network Adapter to used by the Solaris 10 branded Zone

dabrain@eleven:~$ dladm show-phys
LINK              MEDIA                STATE      SPEED  DUPLEX    DEVICE
net0              Ethernet             up         1000   full      e1000g0
net1              Ethernet             unknown    0      unknown   e1000g1


root@eleven:~# zonecfg -z s10
zonecfg:s10> info
zonename: s10
zonepath: /export/s10
brand: solaris10
autoboot: false
bootargs:
file-mac-profile:
pool:
limitpriv:
scheduling-class:
ip-type: exclusive
hostid:
fs-allowed:
anet:
    linkname: net0
    lower-link: auto
    allowed-address not specified
    configure-allowed-address: true
    defrouter not specified
    allowed-dhcp-cids not specified
    link-protection: mac-nospoof
mac-address: random
    auto-mac-address: 2:8:20:16:87:a5
    mac-prefix not specified
    mac-slot not specified
    vlan-id not specified
    priority not specified
    rxrings not specified
    txrings not specified
    mtu not specified
    maxbw not specified
    rxfanout not specified
zonecfg:s10> select anet linkname=net0
zonecfg:s10:anet> set lower-link=net1
zonecfg:s10:anet> info
anet:
    linkname: net0
    lower-link: net1
    allowed-address not specified
    configure-allowed-address: true
    defrouter not specified
    allowed-dhcp-cids not specified
    link-protection: mac-nospoof
mac-address: random
    auto-mac-address: 2:8:20:16:87:a5
    mac-prefix not specified
    mac-slot not specified
    vlan-id not specified
    priority not specified
    rxrings not specified
    txrings not specified
    mtu not specified
    maxbw not specified
    rxfanout not specified
zonecfg:s10:anet> end
zonecfg:s10> verify
zonecfg:s10> commit
zonecfg:s10> exit


Boot up Solaris 10 Zone

zoneadm -z s10 boot
zlogin -C -d s10



Install COMMS Suite in Solaris 10 branded Zone

Communications Suite on a Single Host is the Deployment Guide I used for my Lab System.



NOTE:
For some reason Convergence did not fully work when GlassFish server.http-service.request-processing.thread-count is on 2, as it is mention in the Deployment Guide. This might be an issue of Non-Global Zone and/or Machine under VMWare control.


[#|2012-02-08T15:08:31.293+0100|INFO|sun-appserver2.1.1|org.apache.catalina.session.ManagerBase|
 _ThreadID=19;_ThreadName=RMI TCP Connection(26)-127.0.0.1;|PWC2785: Cannot serialize session attribute
 WizardPageModel_1651029014 for session d4ae7931196f8463f24bb0bda2b7
java.io.NotSerializableException: com.iplanet.jato.view.html.OptionList
    at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1164)
    at java.io.ObjectOutputStream.writeArray(ObjectOutputStream.java:1346)

Set thread-count to 1

./asadmin set server.http-service.request-processing.thread-count=1


NOTE:
JISS needs a running LDAP Server, when LDAP is not under SMF control we need to disable JISS or enable SMF for LDAP Server.

svc:/application/jiss-indexSvc:default (JISS Index Service)
 State: maintenance since Thu Feb 09 13:28:55 2012
Reason: Start method failed repeatedly, last exited with status 1.
   See: http://sun.com/msg/SMF-8000-KS
   See: /var/svc/log/application-jiss-indexSvc:default.log
Impact: 1 dependent service is not running:
        svc:/application/jiss-jmqconsumer:default

svc:/application/jiss-searchSvc:default (JISS search service)
 State: maintenance since Thu Feb 09 13:28:55 2012
Reason: Start method failed repeatedly, last exited with status 1.
   See: http://sun.com/msg/SMF-8000-KS
   See: /var/svc/log/application-jiss-searchSvc:default.log
Impact: This service is not running.


bash-3.00# svcadm disable /application/jiss-indexSvc:default
bash-3.00# svcadm disable /application/jiss-searchSvc:default

Enable SMF for LDAP Server check Directory Server Configuration and Administration Guide

# dsadm stop /export/home/ds/instances/your-instance
# dsadm enable-service -T SMF /export/home/ds/instances/your-instance
# dsadm start /export/home/ds/instances/your-instance


Overall the COMMS Suite is running fine in the Solaris 10 branded Zone, which did not really surprise me. On the other hand the COMMS Suite performance is better as an 'old' native Solaris 10 installation, most likely caused by the use of ZFS.

If you want to check latest Solaris technology but still need Solaris 10 packaging System then installing your Software in a Solaris 10 branded zone might be the answer.


Wednesday Aug 03, 2011

MySQL database size does not change after deleting event on CalDAV Server

Did you noticed that the MySQL database size will not change if you delete event on CalDAV Server?

The InnoDB shared tablespace file will automatically increase but it will never decrease. If you really need to decrease the size of the DB then manually administration is needed.

See following resources for further detailed information:

http://forums.mysql.com/read.php?35,121880,121886#msg-121886
http://dev.mysql.com/doc/refman/5.1/en/innodb-data-log-reconfiguration.html

Monday Jun 27, 2011

Setup Convergence Address Book DisplayName Lookup

At Convergence Address Book the default lookup for 'Display Name' is the LDAP attribute 'cn', which leads into confusion if you start to setup 'displayName' LDAP attributes for your users.

LDAP User Entry with diaplyName attribute:

LDAP User Entry


This behavior can be controlled by the configuration file xlate-inetorgperson.xml. Change the default value of XPATH abperson\entry\displayname from 'cn' to 'displayName'.

<convergence_deploy_location>/config/templates/ab/corp-dir/xlate-inetorgperson.xml

Note:

In case the user has no 'displayName' attribute in LDAP you might noticed '...' at the user entry, if found via 'mail' attribute.


Monday May 31, 2010

Random Glassfish Tuning Debugging Notes

From my point of view it is hard to find information about Glassfish Tuning and Debbuging as there are so much and around. Therefor I'll try to put notes and resources together on this Topic.


How can I configure Glassfish to use a 64-bit JVM?

If you need to break the 2GB or 4GB heap (depending on your OS/JVM) maximum barrier for your GlassFish-powered application, you can move to a 64-bit JVM.  The following applies to the Glassfish "developer" and "cluster" profiles.

To do so :

  • make sure you have a 64-bit JVM properly installed
  • adjust the AS_JAVA variable in GLASSFISH_HOME/config/asenv.conf (applies to an entire install, not to a specific domain or instance)
  • replace the -client or -server option with -d64 in the domain jvm-options (use the Admin tool or asadmin create-jvm-options rather than editing domain.xml).       


NOTE:
http://forums.java.net/jive/thread.jspa?messageID=288897

It worked after doing below steps:

  • Reinstalled 1.6.0_07 64 bit jdk.
  • added -d64 to asadmin script
  • added <jvm-options>-d64</jvm-options> to domain.xml
  • Changed <jvm-options>-client</jvm-options> to <jvm-options>-server</jvm-options>



Glassfish "hangs"?

[Thanks to oleksiys but I've to correct some minor issues on this Topic.]

When you found that Glassfish is not responsive - please take a snapshot of threads dump:

Find the pid of the Glassfish process:

/usr/ucb/ps -auxwww | grep java | grep <install instance of glassfish>

Force threads dump to be written to the jvm.log file:

kill -3 <pid>

Please collect 3-5 sets of the above data during the hang.

Locate jvm.log file (usually it could be found in the instance log directory):  GF/domains/domain1/logs/jvm.log

You can check the jvm.log file and make sure listed threads are not blocked inside your (web) application classes.

If not - report the problem on glassfish users mailing list or forum, providing as detailed info/observations on the usecase as possible.

Glassfish - Grizzly Notes
http://blogs.sun.com/oleksiys/


Grizzly Option    


-Dcom.sun.enterprise.web.connector.grizzly.enableSnoop=true

[#|2010-05-18T14:45:15.361+0200|INFO|sun-appserver2.1|javax.enterprise.system.container.web|_ThreadID=31;
_ThreadName=httpSSLWorkerThread-80-3;|SocketChannel headersjava.nio.channels.SocketChannel
[connected local=/192.168.250.27:80 remote=/192.168.250.1:56290] are: === MimeHeaders ===
host = funky.vmdomain.tld
user-agent = Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3
accept = text/html,application/xhtml+xml,application/xml;q=0.9,\*/\*;q=0.8
accept-language = en-us,en;q=0.5
accept-encoding = gzip,deflate
accept-charset = ISO-8859-1,utf-8;q=0.7,\*;q=0.7
keep-alive = 115
connection = keep-alive
content-type = text/xml; charset=UTF-8
referer = http://funky.vmdomain.tld/iwc_static/layout/main.html?lang=de&13.01_012515&
content-length = 120
cookie = JSESSIONID=b72180d3f69020df575f8262eed2; form:tree-hi=form:tree:configurations:configuration1:jvmSettings;
         iwc-auth=lang=de:token=RPOcwbWCyk:path=/iwc
pragma = no-cache
cache-control = no-cache
|#]



-Dcom.sun.enterprise.web.connector.grizzly.displayConfiguration=true     

Grizzly 1.0.33-b running on SunOS-5.10 under JDK version: 1.6.0_16-Sun Microsystems Inc.
         port: 1080
         maxThreads: 5
         ByteBuffer size: 8192
         useDirectByteBuffer: 8192
         maxKeepAliveRequests: 256
         keepAliveTimeoutInSeconds: 30
         Static File Cache enabled: false
         Pipeline : com.sun.jbi.httpsoapbc.embedded.LinkedListThrottlePipeline
         Round Robin Selector Algorithm enabled: false
         Round Robin Selector pool size: 0
         Asynchronous Request Processing enabled: true|#]


Further Resources

Tuning the Java Heap
http://docs.sun.com/app/docs/doc/820-4343/abeii?l=en

Glassfish Tuning - HTTP Thread Pool
http://blogs.sun.com/binublog/entry/monitoring_in_glassfish

Measuring HTTP Listener Service Time With BTrace
http://blogs.sun.com/binublog/entry/measure_http_listener_service_time

IWC Performance Tuning
http://wikis.sun.com/display/CommSuite/Convergence+Performance+Tuning


Tuesday Apr 06, 2010

Use particular .msg file on different Mailstore

If you need to use a .msg file for testing purpose in a different user mailbox, even from totally different mailstore / domain / user, then this blog will describe how to do it.


First of all you need to know the location of the destination user mailbox. Therefor use the hashdir command line tool.

bash-3.00# /opt/sun/comms/messaging64/bin/hashdir mparis
e3/a2/


The location of the mailbox then should look like this (on default installation)

bash-3.00# pwd
/var/opt/sun/comms/messaging64/store/partition/primary/=user/e3/a2/=mparis/00

Now copy the .msg file to the destination user mailbox

cp /tmp/1234.msg .

Take care that the file gets the right permissions

chown mailsrv:mail 1234.msg

Finally you need to run reconstruct on the destination user mailbox

/opt/sun/comms/messaging64/bin/reconstruct -f -r user/mparis


Now you able to access the user Mailbox and access the Message for further testings / debugging.

Wednesday Dec 02, 2009

COMMS Delegated Admin Password Reset

If you need to reset the Delegated Admin Password for COMMS you need to take care about Messaging Server and Convergence as well.


Setup a new password for the Delegated Admin user ( dn: uid=admin,ou=People,o=domain.tld,o=isp ), I prefer to do such LDAP tasks with the Apache Directory Studio.



Now you able to login in into Delegated Administrator and perform tasks like add/modify/delete user or domains. But if you login as user into Convergence you will get the following error message.


At this point you need to configure Messaging Server and Convergence with the new password, as they still use the old password for the admin user you will run into this issue. 


Setup Messaging Server admin password, could be done with the configutil command at /opt/sun/comms/messaging64/sbin

./configutil -o local.service.proxy.adminpass -v newpassword

As well you need to configure Convergence with the new admin password with iwcadmin command at /opt/sun/comms/iwc/sbin

./iwcadmin -u admin -w iwcadminpass -o mail.proxyadminpwd -v newpassword 

Restart Messaging Server and the Web Container where Convergence is deployed usually at Glassfish Application Server.


Last but not least you need to update the last saveState file with the new password, otherwise you run in trouble next time you install a Convergence Patch, as the post patch script will use the password value from the saveState file.

java -cp /var/opt/sun/comms/iwc/WEB-INF/lib/iwc-shared-util.jar com.sun.comms.shared.util.EncryptInstallPasswd newpassword
akeofnpoyuklukaxatexhorhnrjcnffjbeq

Use the output from the above command and modify the last saveState file, for example it is located at /opt/sun/comms/iwc/install/Iwc-config_20091001150607

Modify

iwc.webMailAdminUserID = admin
iwc.webMailAdminPass = 
akeofnpoyuklukaxatexhorhnrjcnffjbeq

Friday Nov 27, 2009

Glassfish Key Management

number9 has a very detailed blog about adding existing SSL keypairs to Java keystores

Friday Nov 13, 2009

COMMS7 Installation Experience on RHEL5

For some reason you might would like to install Comms7 on RedHat Enterprise Linux. I gave it a try on RHEL5. Please find below my experience. As always; your miles may vary.

RedHat preparations

Network DHCP

After installation my RHEL5 used dhcp for the network config, but I would like to disable dhcp and assign a static IP Address, which can be done by editing:

/etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0
BOOTPROTO=static
BROADCAST=XXX.XXX.XXX.255
IPADDR=XXX.XXX.XXX.XXX
NETMASK=255.255.255.0
NETWORK=XXX.XXX.XXX.0
ONBOOT=yes

Afterward restart the network service with:

# service network restart

Disable SELinux

I didn't know SELinux in detail, and I'm not yet would like to get knowledge about this security stuff. Nevertheless I run in trouble already with start of the LDAP Directory Server.

SELinux is preventing ns-slapd from loading /opt/sun/directory/ds6/lib/libsh.so which requires text relocation.

The following commands will allow this access:

chcon -t textrel_shlib_t '/opt/sun/directory/ds6/lib/libsh.so'
chcon -t textrel_shlib_t '/opt/sun/directory/ds6/lib/libfe.so'
chcon -t textrel_shlib_t '/opt/sun/directory/ds6/lib/libslapd.so.1'
chcon -t textrel_shlib_t '/opt/sun/directory/ds6/lib/pwdstorage-plugin.so'

But even after the commands mention above the LDAP Directory Server wasn't able to run correctly.

Long wording short story - Disable SELinux!

/etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.

SELINUX=disabled

Note: You should read more about SELinux by Kerry Thompson.

COMMS7

Get the software here

I installed COMM7 without Access Manager. Because of this I even don't need the WebServer to deploy the Access Manager into it.

The instruction at our wiki for single host installation.

Glassfish and JAVA 1.6 (32Bit / 64Bit)

Even on Linux you should use Java 1.6 but annoying is the fact that you need the 32Bit version for the installation even on a 64Bit OS Linux. This one is known as Bug 6820045, the Bug mention Glassfish only but it is the same for Convergence as well.

Synopsis: Glassfish cannot be installed on Linux 64 version

If you are installing Sun GlassFish Enterprise Server on a 64–bit machine (running a 64–bit operating system), use a 32–bit JDK to install Sun GlassFish Enterprise Server on your 64–bit machine. You will need to use the following command:

./distribution_filename —javahome path to 32–bit JDK location

After installation, download the 64–bit JDK from java.sun.com. Edit the value of the AS_JAVA variable in the asenv.conf file to point to the 64–bit JDK installation, so that Sun GlassFish Enterprise Server uses the 64–bit JDK.

The rest of the installation and configuration went through very well. Finally I create a start script for COMMS7 Suite.

#!/bin/bash

echo "\*\*\* Start Directory Server \*\*\*"
/opt/sun/directory/ds6/bin/dsadm start /var/opt/sun/directory/dsins1/
echo "\*\*\* Start Messaging Server \*\*\*"
/opt/sun/comms/messaging/sbin/start-msg
echo "\*\*\* Start Calendar Server \*\*\*"
/opt/sun/comms/calendar/calendar/sbin/start-cal
echo "\*\*\* Start Glassfish Application Server \*\*\*"
/opt/sun/appserver/bin/asadmin start-domain domain1
echo "\*\*\*Start Instant Messaging \*\*\*"
/opt/sun/comms/im/sbin/imadmin start


Thursday Oct 29, 2009

Deploy URI of COMMS7 Application

During the installation of Comms7 you need to enter the URI path for the deploy of Applications like DA (Delegated Admin), IWC (Convergence), DAV (Caldav), etc.

If you plan to have several Applications deployed in the same instance never ever choose / for any of the Application, this will result in non working other Application. So the Application which is deployed in / is the only one working left.

If you already at this stage that you choose / for one of the Application this even isn't a great issue. Just stop the Application Server and edit the domain.xml config file of Application Server, the file is in /appserver-root-dir/domains/domains1/config directory, setup the context-root similar as below.

    
web-module  ...  context-root="/commcli"   ... name="commcli"     
web-module  ...  context-root="/da"        ... name="Delegated_Administrator"     
web-module  ...  context-root="/davserver" ... name="davserver" 
web-module  ...  context-root="/im"        ... name="im"     
web-module  ...  context-root="/iwc"       ... name="Convergence" 
  

Afterwards start the Application Server. You should now see the default index.html when you access the root URI of the Glassfish Application Server


Note:

If you would like to avoid your users seeing the Glassfish index.html by accessing the / you might would like to change the index.html of Glassfish with something that forward your users to one of the deployed Application, most likely IWC. For this kind of forwarding you 'just' need a single line in the /appserver-root-dir/domains/domain1/docroot/index.html

<meta http-equiv="refresh" content="1;url=http://yourserver.domain.tld/iwc">
  

Tuesday Oct 06, 2009

COMMS7 Installation Experience

My personal experience of COMMS7 installation and configuration. 

Get the Software here

I followed the instruction at our wiki for single host installation.

Java 1.6 Version

First of all take care that you get Java 1.6, even it is already installed or get the Java 6 JDK. As per default Glassfish (Application Server) and the WebServer are still using Java 1.5 out-of-the-box, but at least the IM and CalDAV Server are needed Java 1.6 for deploy of the Server Applications.

IM (Instant Messaging Server)

Beside of the current Release Notes the supported Web Container is the Glassfish (Application Server). But you even able to deploy the IM Application in the WebServer (as mention on our the wiki).  I've not yet observed any issues as I even deploy IM in the WebServer.

Glassfish (Application Server)

The bundled Application Server Glassfish is a bit outdated, you better get the latest version, but you even can install the latest version after installing and configuration of Comms Suite 7. The patch installation, which is a binary will ask you if you would like to upgrade the older version (current Solaris-x86 version is 128648-13).

Setup Java 1.6 in /opt/sun/appserver/config/asenv.conf - AS_JAVA = "/path/to/java1.6"

Calendar Server 7 (CalDAV Server)

Don't ask me why, but the deploy of the CalDAV Application did not work from the init-config in my case. Therefor I manually deploy the CalDAV Application afterwards which works fine.

/opt/sun/comms/davserver/sbin/config-appsvr deploy <AS-admin-password>

For some unknown reason the needed JDBC resource are also missing, maybe because the init-config wasn't able to deploy the CalDAV Application. Taking a look into the davserver log files was mention the missing resource.

/opt/sun/comms/davserver/logs/calendar.0 
 
SEVERE  [2009-10-02T16:09:18.617+0200] <...JdbcBackend.getDataSource> Cannot lookup DataSource: javax.naming.NameNotFoundException: defaultbackend not found
SEVERE  [2009-10-02T16:09:18.619+0200] <...DavServer.loadBackend> failed to instantiate or create backend com.sun.comms.davserver.backends.BackendException: Cannot get DataSource: javax.naming.NameNotFoundException: defaultbackend not found(OPERATION_NOT_SUPPORTED) 

So I've to create the missing resource, with asadmin.

% asadmin create-jdbc-connection-pool -p 4848 --user admin --datasourceclassname com.mysql.jdbc.jdbc2.optional.MysqlDataSource --restype javax.sql.DataSource --property "DatabaseName=caldav:serverName=localhost:user=caldav:password=passwd:portNumber=3306:networkProtocol=jdbc:characterEncoding=UTF-8" caldavPool
% asadmin create-jdbc-resource -p 4848 --user admin --connectionpoolid caldavPool jdbc/defaultbackend

NOTE: Take care you choose the right user and hostname, in my case 'caldav' and 'localhost'. This is the user and host which is allowed to connect to the MySQL Backend. You might would like to crosscheck your setting on the MySQL Backend.

mysql> SELECT user, host FROM mysql.user WHERE user='caldav';
+--------+-----------+
| user   | host      |
+--------+-----------+
| caldav | localhost |
+--------+-----------+
  

iCal Config

If you try to add an iCal Account for a CalDAV user then you need to take care to use the email address and NOT the uid of the CalDAV user for the Server path in iCal, it has to look like this

/davserver/dav/principals/Tom.Berlin@vmdomain.tld/

You even can access the CalDAV via your Browser but here the URL need's the uid and NOT the email, this is a bit confusing, the URL has to look like this;

http://funky.vmdomain.tld/davserver/browse/h/vmdomain.tld/tberlin/calendar/


Calendar Server 6 and Calendar Server 7 Coexistent

Unfortunately I'm not finished yet with this part completely, anyway the setup is mention at our wiki as well. More to comment on this soon.

Other useful Tools for Comms Suite

Apache Directory Studio -  LDAP browser/editor.

Sequel Pro - MySQL browser/editor (MacOS)


About

Andreas Breuer - TSC Engineer - writes about his life in support.

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today