The Logger MBean configures both logging and debugging tools. The logging tool logs CDAT application activity. The debugging mechanism produces messages useful for debugging. This is the same logging and debugging mechanism used by the SESM portal applications. See the "Logger MBean" section for more information.

ManagementConsole MBean

The ManagementConsole MBean configures the management console port for CDAT, including valid user names and passwords for accessing the console. See the "Configuring the ManagementConsole MBean" section for more information.

MainServlet MBean

The MainServlet MBean configures the list of links in the CDAT main window. The SESM installation program configures initial links. Use this MBean to change those links or add new ones. The initial links configured by the installation program link to:

Management consoles for all of the installed SESM applications, which can include NWSP, CDAT, RDP, and captive portal.
LDAP directory management logon page

Figure 3-2 shows the CDAT main window with the above-mentioned links. Table 6-2 describes the attributes in the MainServlet MBean.

Table 6-1: CDAT Application—MainServlet MBean

Attribute Name Explanation

Attribute Name	Explanation
links	Specifies the links to display on the CDAT main window, such as the links to the logon pages that provide access to: LDAP directory maintenance Remote management of SESM applications. Each application has a separate link to a logon page that allows access to an AgentView for that application. The links attribute is an array. For each link, provide the following information: label—The static text that appears on the CDAT window to identify the link. For example, the installed file uses Manage NWSP to identify the remote management function for NWSP: URI—The HTTP address that points to the target page. To point to the management console for an SESM application, use that application's host name and management console port. For example: `http://server1:8180/` The SESM startup scripts set the management port to application.port + 100. For example, if you installed NWSP using the default port value 8080, its management port is: `8080 + 100 = 8180` Similarly, if you installed CDAT using the default port value 8081, the startup script sets its management port to: `8081 + 100 = 8181` linkText—The active text that the user clicks to go to the URI. For example, the installed file uses the text AgentView as the active text for the link to the NWSP management console.

links

Specifies the links to display on the CDAT main window, such as the links to the logon pages that provide access to:

LDAP directory maintenance
Remote management of SESM applications. Each application has a separate link to a logon page that allows access to an AgentView for that application.

The links attribute is an array. For each link, provide the following information:

label—The static text that appears on the CDAT window to identify the link. For example, the installed file uses Manage NWSP to identify the remote management function for NWSP:
URI—The HTTP address that points to the target page. To point to the management console for an SESM application, use that application's host name and management console port. For example:

http://server1:8180/

: The SESM startup scripts set the management port to application.port + 100. For example, if you installed NWSP using the default port value 8080, its management port is:

8080 + 100 = 8180

: Similarly, if you installed CDAT using the default port value 8081, the startup script sets its management port to:

8081 + 100 = 8181

linkText—The active text that the user clicks to go to the URI. For example, the installed file uses the text AgentView as the active text for the link to the NWSP management console.

CDAT MBean

The CDAT MBean configures resource attributes for an LDAP directory management session in CDAT. Table 6-2 describes the attributes in the CDAT MBean.

Table 6-2: CDAT Application—CDAT MBean

Attribute Name	Explanation
naming	The component in distinguished name (dn) that your LDAP directory uses to allow access to the directory. cn—NDS, for example, uses common name cn. uid—iPlanet, for example, uses unique identifier (uid).
sessionTimeout	The maximum period of inactivity allowed after logging into a CDAT directory management session. When this time period elapses with no activity, CDAT logs the user out. Values are in seconds. A negative value prevents the user from ever being logged out. Changes to this attribute value take effect for subsequent logins. Default: 600
maxVariables	The maximum number of page/page instance variables allowed for each CDAT directory management session. This number affects how many pages can be visited before their state is lost, although it is not a one-to-one mapping. If many StateTimedOut errors are occurring, increase this number. Default: 40
queryMaxResults	The maximum number of results to return from any one query to the LDAP directory. Changes to this attribute value take immediate effect. A value of zero removes any limits. Default: 500
queryTimeout	The timeout (in milliseconds) for queries to the LDAP directory. Changes to this attribute value take immediate effect. A value of zero is an infinite timeout value. Default: 0

Adding a New Application to the CDAT Main Window

To add a new application to the CDAT main window, add an entry for it in the links attribute in the CDAT MainServlet MBean.

The links attribute must include information for each SESM application that you want to manage from CDAT. For example, if you deploy multiple instances of NWSP, each instance must be configured in the links attribute.

Configuring CDAT Login Values

This section describes how to configure the login values for the CDAT management functions:

Login Values for SESM Agent Views

On the CDAT main window, the links for managing SESM applications point to each application's management console port. When you initially go to a management console port, you are prompted to log on.

The logon values are configured in the AuthInfo attribute in the Management Console MBean in each application's MBean configuration file. See the "Configuring the ManagementConsole MBean" section for more information, including the default user name and password values in the installed files.

You can configure different user IDs and passwords for each application's Agent View or use the same values for all applications.

Login Values for LDAP Directory Management

On the CDAT main window, the link for managing the LDAP directory points to the CDAT directory manager login window.

Before any administrator can log into the CDAT Directory Manager function, some initial RBAC rules and roles must be loaded into the directory. Load these top level objects by loading the sample RBAC data files that are installed with the Security Policy Engine (SPE). See the Cisco Distributed Administration Tool Guide for information about loading sample data and the authentication values to use to log into the CDAT Directory Manager function for the first time.

You can also use your own data generating tool to load sample data.

The sample data is located in the following directory:

dess-auth

schema

Note The sample data uses common name (cn) as a component of distinguished name (dn). If your LDAP directory uses unique identifier (uid) rather than common name to allow access to the directory, you must edit the sample data files before loading them. See the Release Notes for Cisco Subscriber Edge Services Manager Release 3.1(5) for instructions about loading sample data.

Table of Contents