Beginners questions--any assistance appreciated
Greetings,
I'm attempting to evaluate Calendar Server for a small company of under 50 people (but we have expansion plans). What I don't see anywhere in the documentation is how to do a minimalist installation of just the components needed to get CS working. We don't need Messaging, we have a perfectly good mail server already. We also have an enterprise LDAP server. Both of these are hosted on OSX. I want to run CS on Solaris 10 sparc, because it so happens I have a spare box at the moment.
We have a plethora of client systems, basically at least one of everything--Mac, Solaris, Windows with and without Outlook, and Linux. We desperately need a corporate calendar solution and Exchange gets in here over my dead body.
Ideally, I'd like to be able to reference the users already set up in our LDAP, and we would continue to use the mail server we already have. From my initial look at the Comm Suite installer, I won't be able to use Comm Express as this choice pulls through Messaging Server for no reason that is readily apparent. I simply don't want or need it, though Express looks like it might be interesting. I gather that CS makes considerable extensions to the LDAP schema, and I'm not sure how it would work in a master/slave LDAP framework which would probably be required to do what I want. I don't really understand why I also need Delegated Administrator to manage CS's own instance of Directory Server, this seems like a bizarre change to have made since I last worked with DS 5.2. DA seems to add a lot of complexity to the overall task for not much return in my situation.
I have to say as an aside that I don't think combining all these services into one massive Suite is a forward step, and the documentation frankly is all over the place, ranging from epic vagueness on some areas, to mind-bending detail lacking context in others.
Does anyone who's done this have a simplified set of steps for getting started with this product? It looks like it's the answer to our problems, but I just can't tell at the moment. In view of my workload, I simply don't have time for a science project which this is turning into. I've noticed the Instant On stacks, but we don't intend to add X86 to our administration problem space at this stage, so I don't want to go there.
Also, can anyone point me to documentation covering how to plumb mail clients in?
I ran this problem past the local Sun office but they didn't seem to feel the problem was large enough to get interested in. I suppose this is fair enough, but it doesn't exactly evangelise the product. After all, today's minnow could be tomorrow's whale...
Naturally, it is entirely possible I've headed in the wrong direction on some or all of the issues above, so if anyone can set my feet on the right path that'd be great.
Chuck
[2887 byte] By [
Mr.Chucka] at [2007-11-27 7:42:17]
# 1
in addition to the forum, the two sites that helped me out were:o http://blogs.sun.com/factotum/o http://www.sun.com/bigadmin/hubs/comms/overview/index.jsp
# 2
All that one really needs for Calendar Server is Directory Server and the Calendar Server itself.
Something along the lines of:
Solaris 10 Update 3 11/06 full component cluster
JASS to secure the host
Install Directory Server using JCS installer
Install Directory Prep tool using JCS installer
Install Calendar Server using JCS installer
Run comm_dssetup.pl against your Sun directory server
Run csconfigurator.sh to setup the Calendar and away you go
I would imagine that you could modify and install the schema needed for the Java Communication Suite on a non-Sun LDAP server but I wouldn't bank on getting Sun support for such a beast (maybe that doesn't matter).
Also, the Calendar docs mention that the Calendar Express interface (stand-alone web interface) is deprecated (it isn't even turned on after configuration, you have to do that in ics.conf and restart Calendar Server).
Down the road I would expect it (Calendar) to be accessible only via Outlook Connector, Thunderbird Lightning, or Sun Communications Express.
DA is used for LDAP user provisioning. It is particularly important if using schema 2 with Access Manager to do single sign on with Communications Express you are supposed to use it.
I reckon one could add a user via straight LDAP so long as you get the right object classes added in. The JCS 5 schema guide would be your friend there.
Messaging Server does IMAP and POP so I don't see why one couldn't use something like Squirrelmail with it, Outlook, or Thunderbird. The main thing is getting the LDAP bits right.
Sun sales can be a little funky, it does depend on how you approach it although I agree that small today can be mighty tomorrow so it doesn't make sense to blow off a potential customer.
Sort of the tone of this blog post from blogs.sun.com:
http://blogs.sun.com/presoguy/entry/35_000_evangelists_wanted
# 3
Thanks for the replies, I'll have another swing at it!Chuck
# 4
One additional question though, Nate...correct me if I'm wrong but what I'll end up with here is an LDAP 'silo' belonging to CS and with its modified schema. According to the doc, if I use LDAP schema 2 I _must_ use Delegated Admin (or the command line, which seems very, very ugly) to manage it.
But I don't know enough about this to know whether I need schema 2 or not, and what limitations or gotchas there might be if I don't. And, if I don't use it, what are the LDAP management options then? For instance, is it possible to populate it with a replica of our corporate LDAP?
I had no trouble with replication in DS 5.2 (and the interface was quite nice at that). Mind you I've never tried it with openldap, which is what apple uses AFAIK, but it's reasonably well behaved to all accounts and this should be possible.
# 5
I think that what you are saying is correct unless you were willing to convert the JCS schema over to OpenLDAP.
There are really a couple of decisions that you will have to make:
1. Try to integrate LDAP servers or not?
I don't see why one couldn't use native OpenLDAP with JCS but it would take some work to sort out the schema files.
Something like install DSEE, run comm_dssetup.pl, capture schema files added, convert to OpenLDAP schema type, and then install Calendar to point at your OpenLDAP server.
I'm not sure about replication from DSEE to OpenLDAP or vice versa...never tried it.
I have been working on getting all of the JCS pieces installed and working together lately as our organization is moving from OpenLDAP/Courier IMAP/qmail-LDAP/Calendar 5.1.1/DS 5.2 to JCS 5.
We have had OpenLDAP for the email side of the world and Sun DS 5.2 for the Calendar.
At the time we implemented this system (back in the day) we didn't choose to go the other way - qmail-ldap schema to Sun DS - so we used a work around.
We use some Perl CGI scripts as an IT/ help desk interface for adding users, changing passwords, etc.
The scripts basically touch the Calendar LDAP and the OpenLDAP server where they need it and it gives the illusion of one LDAP system.
A workaround of sorts that has worked very well for us.
One thing that is of note is that Calendar Server 6.3 uses virtual domains so my LDAP suffix for schema 2 worked something like this:
o=gov (initial install of DSEE, comm_dssetup.pl, etc)
o=foobar.com,o=gov (after installing Calendar)
The Calendar configurator setup the o=foobar.com part of o=gov.
This would make it potentially difficult to integrate into an existing LDAP directory installation in terms of replication (assuming such a setup is possible).
2. What schema to use?
This link describes the schema choices:
http://docs.sun.com/app/docs/doc/819-4439/6n6jehs0o?a=view
This one talks about the provisioning tools:
http://docs.sun.com/app/docs/doc/819-4439/6n6jehs0r?a=viewrovisio
Both come from the JCS 5 Deployment Planning Guide which you may want to download (819-4439.pdf)
Look for 'Understanding Calendar Server Schema Choices'
3. How to provision users - Delegated Administrator or not?
I haven't had a chance yet to figure out if one could model a user for Calendar access and do the same thing in say PHP with Schema 2.
The next post will show some LDIFs for JCS where one builds up a user. In theory some PHP fu would be able to do the same without using Delegated Administrator.
I believe Delegated Administrator is really an LDAP wrapper that talks to Directory Server in such a way that the single sign-on stuff works with schema 2.
4. How to present Calendar GUI to users?
By default Communications Express hooks to the Calendar - you login to CE and you have Calendar GUI right there. A few simple config options and voila you have webmail and calendar access in the same GUI with single sign-on which is pretty slick.
It does require some JCS pieces to work:
Sun DSEE with JCS schema loaded
Calendar Server
Messaging Server
Web Server
Delegated Administrator
Communications Express
If you didn't want/need the webmail part you would drop Messaging Server.
The 'old' Calendar GUI (http://docs.sun.com/app/docs/doc/819-4432/6n6j7s817?a=view) is not enabled by default which means that it is very likely that Sun's future direction is schema 2/Communications Express/Access Manager.
Another option would be something like Thunderbird with the Lightning plugin which speaks WCAP to the Calendar Server (Outlook like setup) or even Outlook with the Outlook Connector.
# 6
This is what I get when I add a user via Delegated Administrator (no Calendar service yet)
dn: uid=keith.morris,ou=People,o=cityofprescott.net,o=gov
departmentNumber: Sales
telephoneNumber: 928.123.4567
title: Sales Monkey
street: 123 Main Street
uid: keith.morris
userPassword: {SSHA}zR
preferredLanguage: en
postalCode: 86303
givenName: Keith
l: Prescott
sn: Morris
cn: Keith Morris
facsimileTelephoneNumber: 928.123.5678
preferredLocale: en
st: Arizona
iplanet-am-modifiable-by: cn=Top-level Admin Role,o=gov
objectClass: top
objectClass: iplanet-am-managed-person
objectClass: iplanet-am-user-service
objectClass: inetadmin
objectClass: organizationalperson
objectClass: sunimuser
objectClass: person
objectClass: sunamauthaccountlockout
objectClass: inetuser
objectClass: sunpresenceuser
objectClass: iplanetpreferences
objectClass: ipuser
objectClass: inetorgperson
inetUserStatus: Active
And when I enable Calendar services via:
commadmin user modify -D admin -l keith.morris -S cal -T America/Phoenix
we add the following:
objectClass: icscalendaruser
icsStatus: Active
icsCalendar: keith.morris@cityofprescott.net
icsFirstDay: 2
icsTimezone: America/Phoenix
mail: keith.morris@cityofprescott.net
This user would be ready to login to the Calendar GUI at this point in time.
I went ahead and created a template (using Softerra LDAP Administrator) of a user in this state (ready to use the Calendar) and created a new user without using Delegated Administrator and the user worked fine as far as seeing the Calendar in Communications Express.
# 7
Thanks Nate--informative as usual.
I figure nothing gets me out of reading the doco thoroughly so that's what I've been doing for the last couple of days. It seems to me that the quickest path to where I want to go--which is a rough and ready show installation--is use schema 1, standalone, and use csuser and the other old school utilities to make changes. This is the least amount of stuff to install and manage.
After that all I need to do is get it working with at least Thunderbird and life s good. I note in the doco that you can't use the outlook connector unless you install Messaging Server as well. Is this true or misdirection? Coz there's no way were migrating to MS, we've got an existing investment in Apple mail server that owes us at least three more trouble-free years.
However if true it would give me an excuse to urge the outlook monkeys to ditch it and go mozilla instead.
Chuck
PS is docs.sun.com a waste of space or what? Unusably slow most of the time these days...
# 8
Hi,
You actually require UWC as this is where the Outlook personal address-book information is stored - the limitation isn't necessarily the imap server itself. In theory you could point it elsewhere (to a non-sun IMAP server) - I say in theory as I haven't tested this myself. So if you have the calendar server, you can install UWC on a some box somewhere (to serve the address-book stuff) and point the outlook connector at the apple IMAP server.
Bare in mind that this obviously won't be a supported configuration, so if you do run into problems you could do with having a sun IMAP server installed just to verify whether this is the limitation - but it's probably worth playing around with.
Regards,
Shane.
# 9
Well, it's installed along as I indicated above. The server processes are all running and there is something listening on port 80...but!
I think I'm having a serious attack of the stupids--how do I connect a calendar client to it? I tried caldav and ics with sunbird, no good, and when I used a browser got the message
Calendar Express is disabled, please contact your administrator.
Now, I'm certain I've seen somewhere that people have run sunbird or lightning with SJS CS, but I just can't see how.
Apart from the Outlook Connector, there doesn't seem to be one piece of documentation on this subject!
sigh...
Chuck
# 10
PS I have added a calendar user--me--and a calendar--test, and enabled it. Obviously missed something, just not sure what.chuck
# 11
Hi,
A large number of Sun staffers use the lightning plugin for Thunderbird (we use sun calendar internally).
The latest public build is at:
ttp://releases.mozilla.org/pub/mozilla.org/calendar/lightning/releases/0.5rc2/l ightning-wcap/
(the WCAP one is the one you need.. WCAP is the calendar access protocol for SUN which is publicly documented if you wanted to write your own tools to access the data).
The plugin developers (Sun people mainly) also have a calendar blog:
http://weblogs.mozillazine.org/calendar/
And more instructions available at:
http://wiki.mozilla.org/Calendar:WCAP_Guide
With regards to calendar express, it is as you noted disabled by default. WCAP connections can access it though, only web-browsers are denied.
You can get access to the interface by editing the following option to the ics.conf file (add it if it doesn't already exist):
service.http.ui.enable = "yes"
Then restart calendar.
Regards,
Shane.
p.s. our calendar doesn't speak caldav... yet.
# 12
Found this: http://weblogs.mozillazine.org/calendar/2007/05/05_rc_1_has_landed.htmlInstructions there. I post this for anyone thinking of going down this road--it works.We will need to make a new calendar era -- PM -- Post Microsoft...
# 13
I have been using a Google search of docs.sun.com. Found the URL in a blog at blogs.sun.com I believe: http://www.google.com/coop/cse?cx=008276993630416602221:ez6u3ogtzio&safe=onMuch faster than using the search at docs.sun.com
# 14
Sorry, you are dealing with a bit of a messaging nuffy here. Is UWC part of comm suite 5, or does it come from somewhere else? I'm not familiar with the acronym.
# 15
Hi,
> Sorry, you are dealing with a bit of a messaging
> nuffy here. Is UWC part of comm suite 5, or does it
> come from somewhere else? I'm not familiar with the
> acronym.
UWC is the old name for CE (communication express) which is the single web-interface to email/calendar & addressbook. ME (messenger express) is the old & deprecated email/addressbook interface and CE (calendar express) is the old & deprecated calendarinterface which you can access if you set the parameter I mentioned a post or two ago.
We still refer to it as UWC since that is the package name so if you want to check your UWC/CE patch level you run (showrev -p | grep uwc) -- well thats on a Solaris system at least.
So yes, this software is still very much supplied with comm-suite-5.
Regards,
Shane.
# 16
Doh...communications express. Obvious really...Since I don't want messaging server, this is going to get interesting for our outlook users...
# 17
> Doh...communications express.
>
> Obvious really...
>
> Since I don't want messaging server, this is going to
> get interesting for our outlook users...
...or not. As I suspected, if you only want the calendar bit you don't need to install MS and can tell the installer it's on a remote machine. Then do nothing about it in config-uwc.
I've been fighting installer programs like this for 20 years...business as usual :-)
Anyway, the webserver is running now and I can see if I can set up the outlook connector.
# 18
More issues, this time with installing the UWC application into SUNWwbsvr7.
I'm getting this stack trace. It looks like something is missing--anyone know what?
****
Running /bin/sh -c /opt/SUNWuwc/sbin/config-wbsvr7x password
/opt/SUNWwbsvr7/bin/wadm list-webapps --user=admin --password-file=/var/opt/SUNWwbsvr7/.wadm_pwd --ssl=false --host=dev450.lendtech.com.au --port=8800 --config=dev450.lendtech.c
om.au --vs=dev450.lendtech.com.au | grep /uwc
/opt/SUNWwbsvr7/bin/wadm add-webapp --user=admin --password-file=/var/opt/SUNWwbsvr7/.wadm_pwd --ssl=false --host=dev450.lendtech.com.au --port=8800 --config=dev450.lendtech.com.
au --vs=dev450.lendtech.com.au --uri=/uwc --file-on-server=true /var/opt/SUNWuwc
ERROR: Failed deploying the application....
Exception in thread "main" java.lang.NoClassDefFoundError: javax/management/remote/message/MBeanServerResponseMessage
at com.sun.enterprise.admin.jmx.remote.MBeanServerConnectionFactory.getRemoteMBean ServerConnection(MBeanServerConnectionFactory.java:64)
at com.sun.enterprise.admin.jmx.remote.UrlConnector.connect(UrlConnector.java:171)
at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:24 8)
at com.sun.enterprise.admin.jmx.remote.SunOneHttpJmxConnectorFactory.connect(SunOn eHttpJmxConnectorFactory.java:78)
at com.sun.web.admin.cli.commands.WSCommand.getMBeanServerConnection(WSCommand.jav a:985)
at com.sun.web.admin.cli.commands.GenericCommand.runCommand(GenericCommand.java:45 )
at com.sun.enterprise.cli.framework.CLIMain.invokeCommand(CLIMain.java:156)
at com.sun.web.admin.cli.shelladapter.WSadminShell.invokeFramework(WSadminShell.ja va:288)
at com.sun.web.admin.cli.shelladapter.WSadminShell.main(WSadminShell.java:93)
Exception in thread "main" java.lang.NoClassDefFoundError: javax/management/remote/message/MBeanServerResponseMessage
at com.sun.enterprise.admin.jmx.remote.MBeanServerConnectionFactory.getRemoteMBean ServerConnection(MBeanServerConnectionFactory.java:64)
at com.sun.enterprise.admin.jmx.remote.UrlConnector.connect(UrlConnector.java:171)
at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:24 8)
at com.sun.enterprise.admin.jmx.remote.SunOneHttpJmxConnectorFactory.connect(SunOn eHttpJmxConnectorFactory.java:78)
at com.sun.web.admin.cli.commands.WSCommand.getMBeanServerConnection(WSCommand.jav a:985)
at com.sun.web.admin.cli.commands.DeployCommand.runCommand(DeployCommand.java:74)
at com.sun.enterprise.cli.framework.CLIMain.invokeCommand(CLIMain.java:156)
at com.sun.web.admin.cli.shelladapter.WSadminShell.invokeFramework(WSadminShell.ja va:288)
at com.sun.web.admin.cli.shelladapter.WSadminShell.main(WSadminShell.java:93)
# 19
What I couldn't do with the CLI, I did through web server 7 admin GUI, so UWC is now deployed and working, and I've plumbed the outlook connector into it.
While I can trace the activity when I add entries using outlook contacts, I don't see the 20 users I've already added to calendar's LDAP store. Should they be appearing the corporate directory, or contacts, or does the address book need to be populated separately?
The steps aren't very clear, unless you are migrating from ME, which I'm not. So I'm not at all sure how UWC's notion of the address book gets populated.
Chuck
PS if this message more or less appears twice, it's because the first attempt looked like it got eaten by firefox...:-)
cm
# 20
Hi,
The corporate LDAP and the personal addressbook are two separate non-linked entities (although they may both _exist_ in LDAP).
Calendar user's may not appear if they haven't been provisioned correctly (e.g. have email addresses and what not). They should be appearing in the corporate directory.
When you log into UWC can you see the 'addressbook' tab? If so when you search for a user in the corporate addressbook, do you get any results?
Regards,
Shane.
# 21
I've cracked this one too. You can point an outlook LDAP directory at the users set up for calendar, by creating a new directory resource in outlook:
--host is your calendar ldap server
--cn=Directory Manager and the password that goes with it
--search base is o=your.toplevel.domain,o=usergroup
(this is for schema 1)
Now I can search names and email addys in mail composition and calendar, which is all I wanted. With this I have a solution for the outlook monkeys.
There are obvious refinements still to make, enable SSO and somehow download user info from our main LDAP on apple into SJS CS for a single point of admin, but we could go live with this now without too much pain.
Now to see what the lusers think...
Thanks for everyone who has taken the trouble to read this and respond, it's been a tough week and this product is pretty intricate. However, it can be done and I encourage anyone who's been thinking about exploring SJS CS to have a go. I will be happy to assist if I can.
TODO for me is get the apple ical people sorted out as well. Our SOE here is one of everything...
chuck
# 22
Unified Web Client - i.e. Webmail, Calendar, and Personal Address Book access aka Communications Express
