Address Book Service Administration

6 Address Book Service Administration

This chapter describes how to administer the address book service in Oracle Communications Convergence provided by Convergence Server.

See "Enabling Core Services for Convergence" for information about enabling services.

The address book service can be also provided by Oracle Communications Contacts Server. See Contacts Server System Administrator's Guide for information about administering Contacts Server.

See Convergence Installation and Configuration Guide for information about configuring Convergence with Contacts Server.

Configuring Horizontal Scalability for the Personal Address Book

Convergence server enables you to scale and support large number of users. Convergence server stores the information of a user's personal address book in the User/Group LDAP. This attribute is denoted by the psRoot attribute.

The psRoot is an attribute in the user's LDAP that specifies the host of the LDAP server, the port it is listening to port, and the DN where the Address Book entries for the user are stored. The psRoot attribute is in the form ldap://ldap_host:ldap_port/DN. The value of psRoot attribute determines the DB type and DB location.

For example of how a psRoot attribute looks in a user's LDAP entry:

ldap://siroe.com:389/piPStoreOwner=jsmith,o=siroe.com,o=PiServerDb

Where:

siroe.com:389 is the host name and port number of the LDAP server. In this example, the LDAP server listens to port 389.
piPStoreOwner=jsmith,o=siroe.com,o=PiServerDb specifies the DB of the Personal Store.

Note:

The address book server does not provide any utility to distribute psRoot values for users, according to any scalability policy. Administrators need to set a specific policy suited best for the organization and use custom scripts to set the psRoot value for that policy.

Horizontal Scalability Architecture

The following are the key components of the Address Book Horizontal Scalability architecture:

Personal Store
DBMap
DB

A Personal Store stores the address book information of a user. It contains the definition of all the address books that a user has created, along with all the entries in those address books. Personal Stores are represented as URLs, which describe the directory instance in which they are located and the DN within that particular directory instance.

A DBMap is a collection of DBs of the same type.

A DB contains a collection of Personal Stores. The address book can access any number of DBs. Every DB is defined by an identifier in configuration file that defines the connection parameters for that DB. A DB of different type points to different DB locations.

The psRoot attribute can be turned on or off using the iwcadmin command-line interface by setting the ab.useuserpsroot to false. If set to false, Convergence uses the Default Server value that is set in the Convergence configuration.

Set ab.useuserpsroot to true to use the user's psRoot value. At runtime, the value of psRoot attribute is resolved to a directory instance using ldaphost and ldapport. Based on ldaphost and ldapport, the Identifier to the database will be resolved. Here Identifier is an arbitrary string that distinguishes one instance from the other.

Setting the psRoot Value Automatically

When a new user logs in, default values are set for the psRoot attribute in the user's entry. For new users, a psRoot value is constructed by using the psRoot pattern and DefaultServer defined in the default configuration. For example, when you use the default psRoot pattern, the default psRoot value is in the format:

ldap://default_server_host:port/piPStoreOwner=%U,o=%D,o=PiServerDb

where:

%U is the login ID of the user. For example, jsmith.

%D is the domain of the user. For example siroe.com.

The following example shows how to configure horizontal scalability of address book in a deployment where there are two directory servers: ds1.siroe.com.

Use following commands to enable horizontal scalability:

To configure personal address book to use directory server ds1.siroe.com:

iwcadmin -o ab.pstore.[psidentifier1].ldaphost -v ds1.siroe.com
iwcadmin -o ab.pstore.[psidentifier1].ldapport -v 389
iwcadmin -o ab.pstore.[psidentifier1].ldapbinddn -v "cn=Directory Manager"
iwcadmin -o ab.pstore.[psidentifier1].ldapbindcred -v abbbbc

To configure personal address book to use directory server ds2.siroe.com:

iwcadmin -o ab.pstore.[psidentifier2].ldaphost -v ds2.siroe.com
iwcadmin -o ab.pstore.[psidentifier2].ldapport -v 389
iwcadmin -o ab.pstore.[psidentifier2].ldapbinddn -v "cn=Directory Manager"
iwcadmin -o ab.pstore.[psidentifier2].ldapbindcred -v aaaaabbbb

To enable horizontal scalability, you must set the ab.useuserpsroot configuration parameter to true:

iwcadmin -o ab.useuserpsroot -v true

To set the default server, you must set the ab.pstore.defaultserver configuration parameter to the personal store identifier:

iwcadmin -o ab.pstore.defaultserver -v psidentifier2

Where psidentifier2 is default server. If psRoot attribute is not present, ds2.siroe.com will be used for personal address book. When a new user logs in, default values are set for the psRoot attribute in the user's entry.

Configuring Address Book to Use Different Directory Server from the User Group Server

To configure Personal Address Book to use directory server other than user group directory server, set the following configuration parameters:

ab.pstore.[identifier].ldaphost - Set this parameter to the host name of the LDAP server.
ab.pstore.[identifier].ldapport - Set this parameter to the port number on which the LDAP server listens.
ab.pstore.[identifier.ldapbinddn - Set this parameter to the LDAP bind dn value of the LDAP server.
ab.pstore.[identifier].ldapbindcred - Set this parameter to the Bind credentials of the LDAP server.

The following example shows the configuration parameter settings:

iwcadmin -o ab.pstore.[psidentifier1].ldaphost -v host.siroe.com
iwcadmin -o ab.pstore.[psidentifier1].ldapport -v 400
iwcadmin -o ab.pstore.[psidentifier1].ldapbinddn -v "cn=Directory Manager"
iwcadmin -o ab.pstore.[psidentifier1].ldapbindcred -v dmcredentials

Personal store can be configured with multiple directory servers. In this example psidentifier1 is used to identify personal store configuration for siroe.com.

If the configured directory server needs to act as the personal store's default server, then set the ab.pstore.defaultserver configuration parameter. For example:

iwcadmin -o ab.pstore.defaultserver -v psidentifier1

Configuring the Corporate Directory

To configure corporate directory to use directory server other than user group directory server, set the following configuration parameters:

ab.corpdir.[identifier].ldaphost
ab.corpdir.[identifier].ldapport
ab.corpdir.[identifier].ldapbinddn
ab.corpdir.[identifier].ldapbindcred

The following example has the configuration parameters settings:

iwcadmin -o ab.corpdir.[identifier].ldaphost -v host.siroe.com
iwcadmin -o ab.corpdir.[identifier].ldapport -v 400
iwcadmin -o ab.corpdir.[identifier].ldapbinddn -v "cn=Directory Manager"
iwcadmin -o ab.corpdir.[identifier].ldapbindcred -v xyzxyz

Where identifier identifies the corporate directory configuration for host.siroe.com. For a single corporate directory configuration, you must use default as the identifier.

See "Setting Up Multiple Corporate Directories" for information about configuring and enabling multiple corporate directories.

Enabling Address Autocomplete for the Corporate Directory

To enable autocomplete of email address for Corporate Directory, you must set the client.enablecorpabautocomplete configuration parameter to true.

iwcadmin -o client.enablecorpabautocomplete -v true

Note:

The search results will appear in the Convergence client, after the first three characters of the name or email address are typed.

Setting Up Domain-Based Configuration for Address Book

You can set up a domain based configuration for Personal Address Book and Corporate Directory.

To set up domain-based configuration for Personal Address Book, set the following parameters by using the iwcadmin command:

ab.{identifier}.psrootpattern
ab.{identifier}.pstore.defaultserver
ab.{identifier}.pstore.[domain].ldaphost
ab.{identifier}.pstore.[domain].ldapport
ab.{identifier}.pstore.[domain].ldapbinddn
ab.{identifier}.pstore.[domain].ldapbindcred

The following example shows the configuration parameter settings:

iwcadmin -o ab.{domain.com}.psrootpattern -v ldap:///piPStoreOwner=%U,o=%D,o=PiServerDb
iwcadmin -o ab.{domain.com}.pstore.defaultserver -v domainid1
iwcadmin -o ab.{domain.com}.pstore.[domainid1].ldaphost -v host.xyz.com
iwcadmin -o ab.{domain.com}.pstore.[domainid1].ldapport -v 400
iwcadmin -o ab.{domain.com}.pstore.[domainid1].ldapbinddn -v "cn=Directory Manager"
iwcadmin -o ab.{domain.com}.pstore.[domainid1].ldapbindcred -v xyzcred

Where domain.com is the domain (within curly braces).

All the configuration data for the domain domain.com is grouped in to one logical set identified by using the identifier domainid1.

The example shows the minimum set of configuration parameters that you need to set for the domain based configuration for Personal Address Book. However, you can set other configuration parameters.

To set the lookthrulimit to 2000 for Personal Address Book in domain domain.com, type the following command:

iwcadmin -o ab.{domain.com}.pstore.lookthrulimit -v 2000.

To set up domain-based configuration for Corporate Directory:

Set the following configuration parameters:
- ab.{identifier}.corpdir.[domain].urlmatch
- ab.{identifier}.corpdir.[domain].searchattr
- ab.{identifier}.corpdir.[domain].lookthrulimit
- ab.{identifier}.corpdir.[domain].ldaphost
- ab.{identifier}.corpdir.[domain].ldapport
- ab.{identifier}.corpdir.[domain].ldapbinddn
- ab.{identifier}.corpdir.[domain].ldapbindcred
For example:
```
iwcadmin -o ab.{domain.com}.corpdir.[corpdomainid1].urlmatch
-v ldap://corp-directory1
iwcadmin -o ab.{domain.com}.corpdir.[corpdomainid1].searchattr
-v entry/displayname,@uid
iwcadmin -o ab.{domain.com}.corpdir.[corpdomainid1].lookthrulimit
-v 3000
iwcadmin -o ab.{domain.com}.corpdir.[corpdomainid1].ldaphost
-v host.abc.com
iwcadmin -o ab.{domain.com}.corpdir.[corpdomainid1].ldapport
-v 389
iwcadmin -o ab.{domain.com}.corpdir.[corpdomainid1].ldapbinddn
-v "cn=Directory Manager"
iwcadmin -o ab.{domain.com}.corpdir.[corpdomainid1].ldapbindcred
-v abcabc
```
Where domain.com specifies the domain. All the configuration data for the domain domain.com is grouped in to one logical set identified by using identifier corpdomainid1.

Note:

The value for the urlmatch configuration parameter must be unique. Format for urlmatch is ldap://unique_value or ldap://host:port/DN e.g. ldap://corp-directory1 ,ldap://corporatedirectory2, ldap://somehost:390/ou=people,o=ab.org etc.

First time when user does address book operation (apart from login.wabp), corporate directory entry (under piPStoreOwner=user, o=domain, o=PiServerDb) with piRemotePiURL attribute value as urlmatch gets created. After this if urlmatch is changed, either delete such entries so that this entry gets created when first AB command is issued or update corporate directory entry for all users with new urlmatch value.
Copy dictionary-locale.xml (for example: dictionary-en.xml) from Convergence_Home/config/templates/ab/domain/defaultps to Convergence_Home/config/templates/ab/domain/domain-directory. The dictionary-locale.xml file can be updated in order to change or to customize display name and description.

Disabling the Corporate Directory in Specific Domains

In some cases, you might want to disable your corporate directory in certain domains. To do so, follow these steps:

Set both personal address book and Corporate Directory settings as described in "Setting Up Domain-Based Configuration for Address Book".

Disable the Corporate Directory for the specific domain:

iwcadmin -o ab.{domain.com}.corpdir.[default].enable" -v false

Restart the Oracle WebLogic server.

Note:

You can ignore errors or exceptions in the log files.

Changing the Default Corporate Directory Search Filter in Address Book

To change the default corporate directory search filter, set the ab.corpdir.[identifier].searchfilter configuration parameter with the search criteria you want to base your corporate directory searches on.

The following example shows the usage of search customization:

iwcadmin -o ab.corpdir.[default].searchattr -v entry/displayname,@uid,person/surname
iwcadmin -o ab.corpdir.[default].searchfilter -v '(&(&([filter])(|(objectClass=GROUPOFUNIQUENAMES)(objectClass=GROUPOFURLS) \\
(objectClass=ICSCALENDARRESOURCE)(objectClass=INETORGPERSON)))(objectClass=*))'

Where [filter] is replaced with the search generated by the ab.corpdir.[identifier].searchattr configuration option.

The example produced the following LDAP output in the corporate LDAP directory access logs when an end-user searched for "bob":

[13/Oct/2008:11:51:54 +1100] conn=686404 op=30 msgId=576 - SRCH base="o=sun.com,o=isp" scope=2
filter="(&(&(|(|(cn=bob*)(uid=bob*))(sn=bob*))(|(objectClass=GROUPOFUNIQUENAMES)(objectClass=GROUPOFURLS)
(objectClass=ICSCALENDARRESOURCE)(objectClass=INETORGPERSON)))(objectClass=*))"
attrs="objectClass createTimestamp cn uid description mail multiLineDescription modifyTimestamp"

Configuring Virtual List View for Convergence Corporate Directory

Follow these steps to configure Convergence to make use of virtual list view (VLV):

Configure Directory Server with VLV. For more information on creating and managing browsing indexes in Directory Server:
- See Configuring VLV Browsing Indexes for Directory Server.
- See Configuring VLV Indexes in Oracle Fusion Middleware Administrator's Guide for Oracle Unified Directory.
  
  Note:
  The following steps are applicable only if the Convergence Deployment is using the Convergence Address Book. When Contact Server is used as Address book service, the settings have to be changed in Contact Server. When Contact Server is configured in VLV mode, then all searches (for example, people, group, resources) use VLV.

Set the VLV filter and scope in the corporate directory.

iwcadmin -o ab.corpdir.[default].vlvfilter -v  "(&(&(objectclass=inetorgperson)(mail=*)(cn=*)(!(psIncludeInGAB=false)))(objectClass=*))"
iwcadmin -o ab.corpdir.[default].vlvscope -v 2
iwcadmin -o ab.corpdir.[default].vlvsearchbase -v "o=example.com,o=usergroup"
iwcadmin -o ab.corpdir.[default].vlvsortby -v "entry/displayname"

Enable the ab.corpdir.[default].vlvpaging configuration parameter to true.
```
iwcadmin -o ab.corpdir.[default].vlvpaging -v true
```

About Supported vCard Standards

Convergence supports the following vCard standards:

vCard 2.1
vCard 3.0

Convergence supports the following encoding formats for importing and exporting vCard:

UTF-8
ISO-8859-1
BIG5
EUC-CN
EUC-JP
EUC-KR
SHIFT_JIS

Changing the Locale Character Set for Importing or Exporting vCard Entries

Convergence supports the following locales by default:

English
Japanese
French
German
Spanish
Korean
Traditional Chinese
Simplified Chinese

For each locale, configuration parameters for import and export exist in the Convergence server. By default, these configuration parameters are assigned a character encoding when you install Convergence.

Table 6-1 shows the default encoding formats for locales when Convergence is installed. The table also lists the configuration parameters that are assigned for storing the import and export preference for the locale.

Table 6-1 Supported Default vCard Locales

Locale	Encoding	Import Parameter	Export Parameter
English	UTF-8	ab.import.vcard.misc.en	ab.export.vcard.misc.en
Japanese	UTF_8	ab.import.vcard.misc.ja	ab.export.vcard.misc.ja
French	UTF-8	ab.import.vcard.misc.fr	ab.export.vcard.misc.fr
German	UTF-8	ab.import.vcard.misc.de	ab.export.vcard.misc.de
Korean	UTF-8	ab.import.vcard.misc.ko	ab.export.vcard.misc.ko
Traditional Chinese	UTF-8	ab.import.vcard.misc.zh-tw	ab.export.vcard.misc.zh-tw
Simplified Chinese	UTF-8	ab.import.vcard.misc.zh-cn	ab.export.vcard.misc.zh-cn

In the previous table, the character encoding for English is set to UTF-8. This setting means that when you import or export vCard contacts to or from the Convergence client, the vCard entries are imported or exported in the UTF-8 format character set. In this case, UTF-8 is the default setting for English users.

To enable the Convergence client to import or export vCard entries to other character sets, set the address book vCard configuration parameter in the Convergence server.

Type the iwcadmin command to set the import and export character set preferences for the configuration parameters of the locale. This command enables you to change the character set encoding for importing or exporting vCard entries.

To change the character encoding for the Japanese user vCard from UTF-8 to Shift_JIS for example, set the corresponding configuration parameters for import and export.

To set the character encoding to import vCard entries for the Japanese locale, type the following command:

iwcadmin -o ab.import.vcard.misc.ja -v Shift_JIS

To set the character encoding to export vCard entries for the Japanese locale, type the following command:

iwcadmin -o ab.export.vcard.misc.ja -v Shift_JIS

The vCard entries are imported or exported in the Shift_JIS encoding character set.

Note:

You must set the same character set encoding for both import and export for a locale.

Enabling Contact Export and Import with Photo in vCard

vCard 3.0 enables users to include photos in their contacts. By default, Convergence does not import or export photos of your contacts. If you want photos to be imported or exported, you must enable the ab.exportphoto and ab.importphoto configuration parameters.

To enable exporting of contacts with photo in Vcard 3.0 format, type the following command:

iwcadmin -o ab.exportphoto -v true

To import contacts with photo in Vcard 3.0 format, type the following command:

iwcadmin -o ab.importphoto -v true

Hiding Administrator Accounts in the Default Domain Corporate Directory

When looking in the Corporate Directory of the default domain all the administrative accounts are being displayed. These can be hidden by using psIncludeInGAB attribute in the ldap server. The default value of this attribute is true.

If you want to hide users in the Corporate Directory, set in a first step the psIncludeInGAB attribute to false for these users. Next, the corporate directory search filter needs to exclude these users with their psIncludeInGAB attribute set to false. For example:

iwcadmin -o ab.corpdir.[default].searchfilter  -v
'(&([filter])(!(psIncludeInGAB=false)))'

About Personal Address Book Contacts Deleted by the End User

If a contact has been deleted by the end user, Convergence determines what do to with that information based on how you set the ab.pstore.deleteperm configuration parameter. If you set the parameter to true, the contact is deleted from the user's personal address book entries on Directory Server. If, however, you set ab.ps.deleteperm to false, the following attribute/value pair is added to the deleted contact in Directory Server:

delete: true

The contact no longer appears in Convergence as if it were permanently deleted from the Directory Server.

This task can be particularly useful when you are synchronizing deleted contact entries in Microsoft Outlook and Convergence when using Connector for Microsoft Outlook.

Enhancing Corporate Directory Search Using VLV Indexing

Virtual List View (VLV) index, also known as browsing index, is similar to indexes or views in a database. Create the VLV indexes to reduce the time taken to search the LDAP entries. If a Directory Server deployment contains several LDAP entries, then searching the entries takes considerably more time. Directory Server enables you to create indexes that reduce the search time.

Creating the VLV Index in the Directory Server

To enable VLV indexes in the directory server, you must set the following parameters:

base DN
filter
sort order
scope of the index

If multiple back-end user/group Directory Servers are configured for a system, you will need to create indexes for each user/group Directory Server instance. For more information, see Indexing Directory Data and Managing Directory Data in Oracle Fusion Middleware Administering Oracle Unified Directory.

Generating Indexes

Generate the indexes for the settings to take effect. Perform the following steps during a scheduled change window to restart Directory Server.

Follow these steps to create VLV indexing in OUD. For more information, see Creating a New VLV Index in Oracle Fusion Middleware Administering Oracle Unified Directory.

Change the directory to the Directory Server Instance location. For example,
```
cd /opt/oracle/Oracle/Middleware/asinst_1/bin
```

Use dsconfig to create a new VLV index:

dsconfig -h ldap_host -p ldap_adminport -D "cn=directory manager" -j pwd-file -n \
  create-local-db-vlv-index \
  --element-name backend --index-name name --set sort-order:attributes \
--set scope:scope --set base-dn:baseDN --set filter:filter

where:

index-name specifies a unique index name, which cannot be altered after the VLV index is created.

sort-order specifies the names of the attributes by which the entries are sorted and their order of precedence, from highest to lowest.
scope specifies the LDAP scope of the query being indexed and can be one of base-object, single-level, subordinate-subtree, or whole-subtree.
base-dn specifies the base DN used in the search query being indexed.
filter specifies the LDAP filter used in the query being indexed and can be any valid LDAP filter.

Note:

To know the value for element name, use the command:

./dsconfig -h ldap_host -p ldap_adminport -D "cn=Directory Manager" -j pwd-file -X -n list-workflow-elements

For example,

./dsconfig -h ldap_host -p 4444 -D "cn=Directory Manager" -j <pwd_file_location>  -X -n list-workflow-elements
Workflow Element    : Type               : enabled
--------------------:--------------------:--------
adminRoot           : ldif-local-backend : true
userRoot            : db-local-backend   : true
virtualAcis         : db-local-backend   : true
we-ucs-comms-config : db-local-backend   : true
we-ucs-mlusers      : db-local-backend   : true
we-ucs-PiServerDb   : db-local-backend   : true

./dsconfig -D "cn=directory manager" -j <pwd_file_location> -n create-local-db-vlv-index --element-name userRoot            
 --index-name vlvtest --set sort-order:"cn" --set scope:whole-subtree --set base-dn:o=usergroup
--set filter:"(&(mail=*)(cn=*))"

Check the index was created by listing the existing VLV indexes:

dsconfig -h ldap_host -p ldap_adminport -D "cn=directory manager" -j pwd-file -n \
  list-local-db-vlv-indexes \
  --element-name backend

For example,

./dsconfig -h ldap_hostname -p 4444 -D "cn=Directory Manager" -j /tmp/ds_pass -X -n list-local-db-vlv-indexes --element-name userRoot
Local DB VLV Index : Type    : base-dn : scope         : filter            : sort-order
-------------------:---------:---------:---------------:-------------------:-----------
vlvtest            : generic : o=dav   : whole-subtree : (&(mail=*)(cn=*)) : cn

. Display the index properties to verify your changes:

dsconfig -h ldap_host -p ldap_adminport -D "cn=directory manager" -j pwd-file -n \
  get-local-db-vlv-index-prop \
  --element-name backend --index-name name

For example,

./dsconfig -h ldap_host  -p 4444 -D "cn=directory manager" -j /tmp/ds_pass -n get-local-db-vlv-index-prop --element-name userRoot  --index-name vlvtest
Property   : Value(s)
base-dn    : o=dav
filter     : (&(mail=*)(cn=*))
name       : vlvtest
scope      : whole-subtree
sort-order : cn

Rebuild the index. You can either stop the server, rebuild the index, and restart the server:
```
stop-ds
$ rebuild-index --baseDN baseDN --index vlv.name
start-ds
```
Or, rebuild the index online by running the rebuild-index command as a task:
```
rebuild-index -h localhost -p 4444 -D "cn=Directory manager" -j pwd-file -X \
  --baseDN baseDN --index vlv.name
```

The following is a sample VLV search using ldapsearch command:

./ldapsearch -p 1389 -D "cn=Directory Manager" -w  ldap_password -b o=usergroup --searchScope sub --sortOrder cn --virtualListView "0:0:0:0" "(objectclass=*)"

Configuring Convergence

Note:

The following steps are applicable only if the Convergence Deployment is using the Convergence Address Book. When Contact Server is used as Address book service, the VLV settings should be changed in the Contact Server.

You need to configure Convergence to use the indexes after generating the indexes for Directory Server. Using the iwcadmin command, set the following Convergence parameters:

ab.corpdir.[default].vlvfilter
ab.corpdir.[default].vlvscope
ab.corpdir.[default].vlvpaging
ab.corpdir.[default].vlvsortby
ab.corpdir.[default].vlvsearchbase
ab.corpdir.[default].vlvsortby

For example:

iwcadmin -u admin_user_id -o ab.corpdir.[default].vlvfilter -v "(&(mail=*)(cn=*))"
iwcadmin -o ab.corpdir.[default].vlvscope -v 2
iwcadmin -o ab.corpdir.[default].vlvpaging -v true
iwcadmin -o ab.corpdir.[default].vlvsortby -v "entry/displayname,person/surname,email,person/givenname"
iwcadmin -o ab.corpdir.[default].vlvsearchbase -v "o=isp"

The value for ab.corpdir.[default].vlvfilter is (&(mail=*)(cn=*)). This value should exactly match with the value provided in the Directory Server settings and the match should be a string match. It cannot even be (&(cn=*)(mail=*)) because interchanging the mail and cn attributes causes a mismatch with the settings in the Directory Server.

The default corporate directory is used in the previous commands. The same set of commands apply to the nondefault corporate address book ab.corpdir.[identifier].vlvscope or the domain based corporate address book ab.{identifier}.corpdir.[domain].vlvscope.

The purpose of the parameter vlvsortby is that in case the server does not receive any sortby attribute from the client, the search results are sorted by the value set for this parameter. This applies only when VLV is setup.

You must restart the application after making any configuration changes in Convergence.

When you search a Corporate Address Book, you will see a drop down list in the Convergence client interface with the following search attributes:

Display name
Email
First name
Last name

You must have VLV indexes set up for these attributes to work. If VLV is not set, the default search is done by Display name.

Note:

Convergence can be configured to enable address book service using both Convergence (WABP) and Contacts (NAB) servers and it is called co-existence mode. In this mode of configuration some users may be using WABP and others might have been migrated to NAB. You need to set the nab.nabuserattr parameter to an LDAP attribute used in the user entry to indicate that the user has been migrated to NAB. The default value of this attribute is nabStore (defined as part of nabUser ObjectClass). If this attribute is not present in user LDAP entry then it indicates that you are a WABP user and not a NAB user.

iwcadmin -o nab.nabuserattr -v user_attribute

See "Convergence Properties Reference" for information on nab.nabuserattr.

Verifying the VLV Settings

To verify VLV settings:

For the VLV search to be active when you search the corporate directory, the following four entities sent by the Convergence server should match with the values in Directory Server:
- Search base
- Search scope
- VLV filter
- Sort attribute
Convergence only supports cn.
Log in to Convergence and type a search command in the corporate directory to check corresponding log files. Two cases with corresponding log files are shown:
```
ldapsearch -D "cn=Directory Manager" -w password -b dc=example,dc=com -x -S cn -G "0:3:name1" "(|(mail=*)(cn=*))" sn cn
```

Performing a VLV search using ldapsearch command (with syntax explained)

$ ./ldapsearch -p 1389 -D "cn=Directory Manager" -w  <password> -b o=usergroup --searchScope sub --sortOrder cn 
--virtualListView "0:0:0:0" "(objectclass=*)"--virtualListView 'beforeCount:afterCount:offset:contentCount'

where:

offset specifies the index of the target entry.
contentCount specifies the estimated total number of results (or zero if it is not known), or beforeCount:afterCount:assertionValue (where the entry should be the first entry whose primary sort value is greater than or equal to the provided assertionValue). In either case, beforeCount is the number of entries to return before the target value and afterCount is the number of entries to return after the target value.

./ldapsearch -h ldap_host -p ldap_port -D "cn=directory manager" -j /tmp/ds_pass -b o=example.com,o=usergroup -S cn -G "0:1:cal" '(&(&(objectclass=inetorgperson)(mail=*)(cn=*)(!(psIncludeInGAB=false)))(objectClass=*))' debugsearchindex
dn: cn=debugsearch
debugsearchindex: vlv=[INDEX:vlv.vlv_in_sun_com_cn][COUNT:4] final=[COUNT:2]

# VLV Target Offset:  4
# VLV Content Count:  1740



#./ldapsearch -p 1389 -D "cn=Directory Manager" -j /tmp/ds_pass  -b o=usergroup --searchScope sub --sortOrder cn --virtualListView "0:0:0:0" "(objectclass=*)"
dn: cn=andromeda,ou=People,o=example.com,o=usergroup
davUniqueId: dd9ca981-a45611e1-8093d2ed-c263972e
mail: andromeda@example.com
cn: andromeda
objectClass: icsCalendarResource
objectClass: daventity
objectClass: top
objectClass: inetResource
uid: andromeda
icsCalendar: andromeda@example.com,o=example.com,o=usergroup

# VLV Target Offset:  1
# VLV Content Count:  2094

The example below uses the Virtual List View Control options to specify the following:

Before = 0 specifies that 0 entries before the target should be displayed.
After = 2 specifies that 2 entries after the target should be displayed.
Index=1 specifies that the offset of the target entry within the result set should be returned.
Count=0 specifies that target entry at the index position should be returned, which is the first entry.

Thus, the server returns the first entry plus two entries after the target sorted in ascending order by the givenName attribute.

./ldapsearch -p 1389 -D "cn=Directory Manager" -j /tmp/ds_pass -b o=usergroup --searchScope sub --sortOrder cn --virtualListView "0:2:1:0" "(objectclass=*)" cn
dn: cn=andromeda,ou=People,o=example.com,o=usergroup
cn: andromeda

dn: uid=anilsri,ou=People,o=example.com,o=usergroup
cn: anilsri

dn: cn=applgroup,ou=Groups,o=example.com,o=usergroup
cn: dav-interest
cn: applgroup

# VLV Target Offset:  1
# VLV Content Count:  2094

When Convergence uses Contact Server as Address book

Make the Contact Server log level to FINEST.

/opt/sun/comms/nabserver/sbin/davadmin config modify -o log.dav.errors.loglevel  -v FINEST
/opt/sun/comms/nabserver/sbin/davadmin config modify -u admin -o store.corpdir.defaultcorpdirectoryurl -v "ldap://ugldap/??sub?(&(mail=*)(cn=*))?vlv"
/opt/sun/comms/nabserver/sbin/davadmin config modify -u admin -o store.corpdir.enablecorpdir -v true

Restart the Contact Server.
You can verify the VLV indexing by searching for an entry in the corporate address book from IWC. The following logs are verified in Contact Server error log file while searching the user in corporate address book.

Logs from commands.0 file

FINER   [2023-02-27T14:19:13.141+0000] <...AclChecker.checkAllPrivilegesRecur> no more privileges to process - grant
FINE    [2023-02-27T14:19:13.141+0000] <...CorpDirectoryManager.searchSubNodes> VLV Lookup - Total Matching 1,373 Index Position 0
FINE    [2023-02-27T14:19:13.142+0000] <...BaseOperation.postprocess> ----- Search end. Processing time=0.323 secs. NbEvaluatedNodes=101,NbMatchingNodes=100

Logs from errors.0 file

FINER   [2023-02-28T09:41:30.708+0000] <...AclChecker.checkAllPrivileges> Checking [READ] against /davserver/rest/directory/default/uid%3Dcaltest1084%2Cou%3DPeople%2Co%3Dsun.com%2Co%3Ddav for subject u:c4df2182-422a11dd-8002d2ed-c263972er2@sun.com:otherownercal$estroom5@sun.com
FINER   [2023-02-28T09:41:30.708+0000] <...AclChecker.checkAllPrivilegesRecur> Acl for /davserver/rest/directory/default/uid%3Dcaltest1084%2Cou%3DPeople%2Co%3Dsun.com%2Co%3Ddav: V1;g^p:authenticated^r
FINER   [2023-02-28T09:41:30.708+0000] <...AclChecker.checkAllPrivilegesRecur> Privilege READ granted by g^p:authenticated^r
FINER   [2023-02-28T09:41:30.708+0000] <...AclChecker.checkAllPrivilegesRecur> no more privileges to process - grant
FINER   [2023-02-28T09:41:30.709+0000] <...AclChecker.checkAllPrivileges> Checking [READ] against /davserver/rest/directory/default/uid%3Dcaltest1085%2Cou%3DPeople%2Co%3Dsun.com%2Co%3Ddav for subject u:c4df2182-422a11dd-8002d2ed-c263972er2@sun.com:otherownercal$estroom5@sun.com
FINER   [2023-02-28T09:41:30.709+0000] <...AclChecker.checkAllPrivilegesRecur> Acl for /davserver/rest/directory/default/uid%3Dcaltest1085%2Cou%3DPeople%2Co%3Dsun.com%2Co%3Ddav: V1;g^p:authenticated^r
FINER   [2023-02-28T09:41:30.709+0000] <...AclChecker.checkAllPrivilegesRecur> Privilege READ granted by g^p:authenticated^r
FINER   [2023-02-28T09:41:30.709+0000] <...AclChecker.checkAllPrivilegesRecur> no more privileges to process - grant
FINER   [2023-02-28T09:41:30.709+0000] <...AclChecker.checkAllPrivileges> Checking [READ] against /davserver/rest/directory/default/uid%3Dcaltest1086%2Cou%3DPeople%2Co%3Dsun.com%2Co%3Ddav for subject u:c4df2182-422a11dd-8002d2ed-c263972er2@sun.com:otherownercal$estroom5@sun.com
FINER   [2023-02-28T09:41:30.709+0000] <...AclChecker.checkAllPrivilegesRecur> Acl for /davserver/rest/directory/default/uid%3Dcaltest1086%2Cou%3DPeople%2Co%3Dsun.com%2Co%3Ddav: V1;g^p:authenticated^r
FINER   [2023-02-28T09:41:30.709+0000] <...AclChecker.checkAllPrivilegesRecur> Privilege READ granted by g^p:authenticated^r
FINER   [2023-02-28T09:41:30.709+0000] <...AclChecker.checkAllPrivilegesRecur> no more privileges to process - grant
FINE    [2023-02-28T09:41:30.710+0000] <...CorpDirectoryManager.searchSubNodes> VLV Lookup - Total Matching 1,433 Index Position 0
FINE    [2023-02-28T09:41:30.711+0000] <...BaseOperation.postprocess> ----- Search end. Processing time=0.18 secs. NbEvaluatedNodes=101,NbMatchingNodes=100
FINE    [2023-02-28T09:41:30.711+0000] <...DavServerServlet.service> [RES] [200]    Command execution time: 0.184 secs
FINE    [2023-02-28T09:45:53.998+0000] <...LDAPSingleHostPool.getConnection> got connection from getConnection() for pool Pool number:0. Host=cHostname

Logs when Convergence is using the default Convergence Address Book

ADDRESS_BOOK: DEBUG from com.sun.comms.client.ab.wabp.cmd.SearchEntryHandler  Thread [ACTIVE] ExecuteThread: '12' for queue: 'weblogic.kernel.Default (self-tuning)' at 2023-02-28 05:49:42,303 - Processing command: search_entry.wabp
ADDRESS_BOOK: DEBUG from com.sun.comms.client.ab.wabp.cmd.SearchEntryHandler  Thread [ACTIVE] ExecuteThread: '12' for queue: 'weblogic.kernel.Default (self-tuning)' at 2023-02-28 05:49:42,305 - Searching with: bookid: e146978b7be21300 filter: entry/displayname=caluser* sortby: +entry/displayname
ADDRESS_BOOK: DEBUG from com.sun.comms.client.ab.wabp.cmd.SearchEntryHandler  Thread [ACTIVE] ExecuteThread: '12' for queue: 'weblogic.kernel.Default (self-tuning)' at 2023-02-28 05:49:42,305 - Searching with entries per page: 100
ADDRESS_BOOK: DEBUG from com.sun.comms.client.ab.coresrv.CorePersonalStore  Thread [ACTIVE] ExecuteThread: '12' for queue: 'weblogic.kernel.Default (self-tuning)' at 2023-02-28 05:49:42,305 - psearchBook: bookEntryID=e146978b7be21300, filter=entry/displayname=caluser*, sortBy=+entry/displayname, entryType=[abperson],entriesPerPage=100
ADDRESS_BOOK: DEBUG from com.sun.comms.client.ab.coresrv.DBHandler  Thread [ACTIVE] ExecuteThread: '12' for queue: 'weblogic.kernel.Default (self-tuning)' at 2023-02-28 05:49:42,305 - Match found: ldap://corpdirectory
ADDRESS_BOOK: DEBUG from com.sun.comms.client.ab.ldapplug.iLdapDb  Thread [ACTIVE] ExecuteThread: '12' for queue: 'weblogic.kernel.Default (self-tuning)' at 2023-02-28 05:49:42,306 - Performing VLV search:true
ADDRESS_BOOK: DEBUG from com.sun.comms.client.ab.coresrv.CorePersonalStore  Thread [ACTIVE] ExecuteThread: '12' for queue: 'weblogic.kernel.Default (self-tuning)' at 2023-02-28 05:49:42,306 - psearchBook: new searchID=1
ADDRESS_BOOK: DEBUG from com.sun.comms.client.ab.coresrv.CorePersonalStore  Thread [ACTIVE] ExecuteThread: '12' for queue: 'weblogic.kernel.Default (self-tuning)' at 2023-02-28 05:49:42,364 - getResult: searchID=1firstentry=1
ADDRESS_BOOK: DEBUG from com.sun.comms.client.ab.ldapplug.iLdapSearch  Thread [ACTIVE] ExecuteThread: '12' for queue: 'weblogic.kernel.Default (self-tuning)' at 2023-02-28 05:49:42,365 - LDAPSearchConstraints {LDAPConstraints {time limit 0, referrals true, hop limit 5, bind_proc null, rebind_proc com.sun.comms.shared.ldap.LDAPRebindImpl@5f9e800c, server controls {SortCtrl: isCritical=true {SortKey: key=cn reverse=false}} {VirtListCtrl: isCritical=true beforeCount=0 afterCount=99 listIndex=-1 listSize=0}} size limit 3000, server time limit 0, aliases 0, batch size 1, max backlog 100, referralErrors 0}