|
|
This case study demonstrates how to add Communities of Interest to the uOne system. Communities of Interest (COI) allow multiple organizations to share the same services, software and equipment while providing each organization with a separate appearance. An organization cannot access information outside its COI.
This case study makes the following assumptions:
 |
Note We follow the convention of rooting each COI with an organizational unit (ou). It is quite reasonable to have ous within ous and to have ous within COIs, but it is not permissible to have COIs within COIs. |
Before adding one or more Communities of Interest to uOne, the following tasks must be completed:
During the Netscape Directory Server initial installation, a top level organizational (o=serviceprovider) is set up along with entries specific to the directory server.
During the Gateserver initial installation via the Quick Configuration tool, the following information is set up:
We will use the following scenario:
In this case model, the Service Provider will add Communities of Interest for two new customers. Figure A-1 illustrates the organizational structure of these new customers.
|
Note When you are creating COIs, it is important to make a distinction between an Intermediate Level Node (ILN) and a COI. COIs are organizations that share the same services, software, and equipment, while each maintains their own separate appearance. ILNs are not synonymous with communities. An ILN is a node, not an organization, that lies within the directory subtree on a path between the top level node (e.g., service provider) and a COI. ILNs typically correspond to Resellers. No subscriber COS should have an ILN or top level node as its search base. |
For each ILN/COI, perform the following tasks:
Figure A-2 illustrates the organizational units that will be created for the case model COIs. The top level organizational unit (o=serviceprovider), the root organizational unit (ou=Root, o=service provider), and an initial community organizational unit (ou=corporationa, o=service provider) were created during the initial directory server installation and Quick Configuration tool execution.
Step 2 Create a new ILN organizational unit called reseller1 under o=serviceprovider.
Step 3 Create a new COI organizational unit called corporation1 under ou=reseller1, o=serviceprovider.
Step 4 Create a new COI organizational unit called smallbusiness2 under ou=reseller1, o=serviceprovider.
Step 5 Create a new COI organizational unit call consumers under ou=reseller1, o=serviceprovider.
Step 6 Create a new organizational unit called eastcoast under ou=corporationa, o=serviceprovider.
Step 7 Create a new organizational unit called westcoast under ou=corporationa, o=serviceprovider.
ILN/COI Administrators will be created to administer parts of the hierarchy (rooted at nodes) below the top level. These administrators will be members of ILN/COI Administrator groups with ACI permissions to access those parts of the hierarchy.
Figure A-3 illustrates the ILN/COI administrator groups that will be created for the case model subtree ILN/COIs.
|
Note The corporationa group is created during Quick Configuration tool execution. |
Step 2 Create a new ILN group called reseller1group under ou=reseller1, o=serviceprovider.
Step 3 Create a new COI group called corporation1group under ou=corporation1, ou=reseller1, o=serviceprovider.
Step 4 Create a new COI group called smallbusiness2group under ou=smallbusiness2, ou=reseller1, o=serviceprovider.
Step 5 Create a new COI group called consumersgroup under ou=consumers, ou=reseller1, o=serviceprovider.
The Netscape Directory Server provides controlled access to directories by using access control lists (ACLs). Directory ACLs contain access control information (ACIs) that will allow or deny read, write, search and compare permissions.
The initial install of the Netscape Directory Server creates ACIs allowing users full access to their own entries and allowing anonymous users read only access.
|
Note The corporationa ACI is created during Quick Configuration tool execution. |
Each ILN/COI that you create will need Deny and Allow ACI statements in order to provide proper access rights. COI parent nodes typically correspond to resellers.
Step 2 Establish ACIs for each ILN/COI:
|
Note Each ILN/COI requires two ACIs: one to allow full access to its subtree and another to deny all access to other subtrees. |
A Class of Service identifies specific bundles of services or various feature options available. Multiple COSs can exist within each COI based on the variety of feature packages that the COI will offer to its customer base.
Step 2 Click on COS Administration.
Step 3 Click on Add a COS.
Step 4 Add a COS using the following as an example:
Accept default values where appropriate. For more information about COS attributes, see "Administering a New Class of Service" in this manual.
Step 5 Click Submit to add this COS.
Step 6 Repeat steps 3 through 5 for each COS and each ILN/COI.
|
Note A dummy COS to be used only by the ILN administrator must be added at each ILN. For example, reseller1 needs a dummy COS. A dummy COS is also needed for the ILN Greeting Administrator and for the ILN Fax Administrator. |
Each ILN/COI requires its own Greeting Administrator and Fax Administrator accounts. The Greeting Administrator is a special mailbox that stores personal greetings and distribution list recorded names in the ILN/COI. The Fax Administrator is a special mailbox that stores faxes waiting to be printed for the ILN/COI.
|
Note ILNs will never actually use their Greeting and Fax Administrators. They are created only to allow ILN administrator creation. |
Cisco recommends that each ILN/COI's Greeting Administrator and Fax Administrator accounts have unique names for clear identification. For our example using the consumers COI, a Greeting Administrator can be named msgadminconsumers and a Fax Administrator can be named faxadminconsumers.
Step 2 Click on Global Configuration.
Step 3 To add a Greeting Administrator, click on Add an Administrator.
Step 4 Add a Greeting Administrator using the followings as an example:
Accept default values where appropriate. For more information about Greeting Administrator attributes, see "Setting Up Greeting Administrators" in this manual.
Step 5 Click Submit to add this administrator.
Step 6 To add a Fax Administrator, click on Add an Administrator.
Step 7 Add a Fax Administrator using the followings as an example:
Accept default values where appropriate. For more information about Fax Administrator attributes, see "Administering Outbound Fax" in this manual.
Step 8 Click Submit to add this administrator.
Step 9 Repeat steps 3 through 8 for each ILN/COI using the appropriate names and DNs.
Each ILN/COI requires at least one administrator. This ILN/COI Administrator will have privileges to add, change, and delete entries within the ILN/COI. Cisco recommends that each ILN/COI administrator have unique names for clear identification.
You perform the following tasks to add an ILN/COI administrator:
|
Note A COI administrator for corporationa is created during Quick Configuration tool execution. |
Despite being called administrators, ILN/COI administrators are added as subscribers.
Step 2 Click on Subscriber Administration.
Step 3 To add an ILN/COI administrator, click on Add a Subscriber.
Step 4 Add an ILN/COI administrator using the following as an example:
Accept default values where appropriate. For more information about Subscriber attributes, see "Administering Subscriber Accounts" in this manual.
Step 5 Click Submit to add this administrator as a subscriber.
Step 6 Repeat steps 3 through 5 for each ILN/COI.
Step 2 Add consumersadmin as a member under
cn=consumersgroup,ou=consumers,ou=resellers1,o=serviceprovider.
Step 3 Add each ILN/COI's administrator to the appropriate ILN/COI group.
Step 2 Add consumersadmin as a member under cn=UMSA Administrators,ou=Root,o=serviceprovider.
Step 3 Add each ILN/COI's administrator as a member under cn=UMSA Administrators, ou-Root, o=serviceprovider.
Each COI administrator will manage their own COI. Each COI administrator has privileges to add, change, and delete subscribers and COSs within their individual COI.
|
Note Do not add uOne subscribers using the umsaroot (top level administrator) or an ILN administrator. |
Refer to "Administering Subscriber Accounts" in this manual for the procedure to add subscribers.
Posted: Mon Sep 25 20:02:11 PDT 2000
Copyright 1989-2000©Cisco Systems Inc.